Protection Against Web Scrapers (PAWS)

Web proxy for Mastodon that puts public profiles behind an auth layer.

How it works

PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated. If authenticated fetches on mastodon are disabled, PAWS will check signatures instead

Note: Still very much a WIP. Currently it's just simple http auth, but I plan on adding the ability to login via oauth

Installation

Python 3.6.0+ (3.8.0 recommended)

python3 -m pip install -r requirements.txt --user

Configuration

data/production.env:

# Path to mastodon instance. Defaults to current working dir
MASTOPATH=/home/mastodon/glitch-soc

# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
PAWS_HOST=127.0.0.1
PAWS_PORT=3001

# These will be phased out
PAWS_USER=admin
PAWS_PASS=password

Caddy

Append this to caddy's mastodon config:

rewrite {
	if_op and
	if {path} starts_with /users
	if {path} not_ends_with inbox
	to {path} /auth/{path}
}

rewrite {
	if_op or
	if {path} starts_with /@
	if {path} starts_with /paws
	to {path} /auth/{path}
}

proxy /auth localhost:3001 {
	without /auth
	transparent
}

Nginx

Coming soon. Convert caddy's config to nginx format if you know how for now

Mastodon

While it isn't necessary, I highly recommend turning on authorized fetches (v3.0+) to let PAWS pass json requests directly through to mastodon. Also upgrade to at least v3.0 to be able to properly interact with other instances that have auth fetches turned on.

.env.production:

AUTHORIZED_FETCH=true