Web proxy for Mastodon that puts public profiles behind an auth layer

Go to file

Izalia Mae 1bc181a76c remove uneccessary routes and update readme		2020-01-13 20:29:05 -05:00
paws	remove uneccessary routes and update readme	2020-01-13 20:29:05 -05:00
.gitignore	setup basic functionality	2020-01-13 08:10:48 -05:00
LICENSE	Initial commit	2019-12-17 07:22:51 -05:00
README.md	remove uneccessary routes and update readme	2020-01-13 20:29:05 -05:00
reload.cfg	setup basic functionality	2020-01-13 08:10:48 -05:00
requirements.txt	remove uneccessary routes and update readme	2020-01-13 20:29:05 -05:00
server.py	iunno	2020-01-13 04:59:27 -05:00

README.md

Protection Against Web Scrapers (PAWS)

Web proxy for Mastodon that puts public profiles behind an auth layer.

How it works

PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated. If authenticated fetches on mastodon are disabled, PAWS will check signatures instead

Note: Still very much a WIP. Currently it's just simple http auth, but I plan on adding the ability to login via oauth

Installation

Python 3.6.0+ (3.8.0 recommended)

python3 -m pip install -r requirements.txt --user

Configuration

data/production.env:

# Path to mastodon instance. Defaults to current working dir
MASTOPATH=/home/mastodon/glitch-soc

# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
PAWS_HOST=127.0.0.1
PAWS_PORT=3001

# These will be phased out
PAWS_USER=admin
PAWS_PASS=password

Caddy

Append this to caddy's mastodon config:

rewrite {
	if_op and
	if {path} starts_with /users
	if {path} not_ends_with inbox
	to {path} /auth/{path}
}

rewrite {
	if_op or
	if {path} starts_with /@
	if {path} starts_with /authorize
	to {path} /auth/{path}
}

proxy /auth localhost:3001 {
	without /auth
	transparent
}

Nginx

Coming soon. Convert caddy's config to nginx format if you know how for now