73 lines
1.7 KiB
Markdown
73 lines
1.7 KiB
Markdown
# Protection Against Web Scrapers (PAWS)
|
|
|
|
Web proxy for Mastodon that puts public profiles behind an auth layer.
|
|
|
|
## How it works
|
|
|
|
PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated. If authenticated fetches on mastodon are disabled, PAWS will check signatures instead
|
|
|
|
Note: Still very much a WIP. Currently it's just simple http auth, but I plan on adding the ability to login via oauth
|
|
|
|
## Installation
|
|
|
|
Python 3.6.0+ (3.8.0 recommended)
|
|
|
|
`python3 -m pip install -r requirements.txt --user`
|
|
|
|
## Configuration
|
|
|
|
data/production.env:
|
|
|
|
```
|
|
# Path to mastodon instance. Defaults to current working dir
|
|
MASTOPATH=/home/mastodon/glitch-soc
|
|
|
|
# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
|
|
PAWS_HOST=127.0.0.1
|
|
PAWS_PORT=3001
|
|
|
|
# These will be phased out
|
|
PAWS_USER=admin
|
|
PAWS_PASS=password
|
|
```
|
|
|
|
### Caddy
|
|
|
|
Append this to caddy's mastodon config:
|
|
|
|
```
|
|
rewrite {
|
|
if_op and
|
|
if {path} starts_with /users
|
|
if {path} not_ends_with inbox
|
|
to {path} /auth/{path}
|
|
}
|
|
|
|
rewrite {
|
|
if_op or
|
|
if {path} starts_with /@
|
|
if {path} starts_with /paws
|
|
to {path} /auth/{path}
|
|
}
|
|
|
|
proxy /auth localhost:3001 {
|
|
without /auth
|
|
transparent
|
|
}
|
|
```
|
|
|
|
### Nginx
|
|
|
|
Coming soon. Convert caddy's config to nginx format if you know how for now
|
|
|
|
### Mastodon
|
|
|
|
While it isn't necessary, I highly recommend turning on authorized fetches (v3.0+) to let PAWS pass json requests directly through to mastodon. Also upgrade to at least v3.0 to be able to properly interact with other instances that have auth fetches turned on.
|
|
|
|
.env.production:
|
|
|
|
```
|
|
AUTHORIZED_FETCH=true
|
|
```
|
|
|