README
¶
stupid web app
Features
- Easy to add new features?
- Signup, Login, Logout
- Members-only dashboard (open or close registration)
- Hit Counter
- Brute-force protection (via temporary blacklisting)
- Encrypted Cookies (gorilla/securecookie)
- Fast, Lightweight
- CSRF protection (gorilla/csrf)
- Anti-frame protection via Content-Security-Policy
- Persistent sessions across reboots (BoltDB)
- Templates! (docs)
- Reload templates from file by sending USR2 signal (
pkill -usr2 webd) - Reload config from file by sending USR1 signal (
pkill -usr1 webd)
Config (config.json)
Variables exposed in templates
SiteURL is used for content-security-policy headers
templatedata used exclusively in templates
"Meta": {
"siteurl": "http://127.0.0.1:8080",
"sitename": "Test Application",
"copyright-name": "My Company, Inc",
"templatedata": {
"arbitrary-variable-name": "value",
"var2": "string-value",
"varNum": 123,
"varNested": {
"nest": 321
}
}
},
Security variables that should be randomized, cookie-name replaced
"Security": {
"cookie-name": "cookie-name",
"csrf-key": "32-byte-long-auth-key",
"hash-key": "755d813685f17a1d3a74f984b5111840",
"block-key": "caa7040d2f00aaa548d5bab3aaa72100",
Whitelist and Blacklist are file paths to read. Whitelisted IPs will never be banned, Blacklisted IPs won't be able to do POST requests. After 3 attempts, users are temporarily banned.
If ServePublic is true, all files in ./www/public are served.
They are routed after normal pages, so file names can't collide with templated paths (such as "/login" or "/dashboard")
"whitelist": "whitelist.txt",
"blacklist": "blacklist.txt",
"servepublic": false
},
Using encrypted config.json
- encrypt it with pgp or age
age -p config.json > config.json.enc
- decrypt and pipe into webd
age -d config.json.enc | webd -conf -
Using Reverse Proxies
In the config.json, /bin/xxx will fetch https://httpbin.org/xxx
and /usr/bin/xxx will also fetch https://httpbin.org/xxx
Easy to change in config.json, to serve other applications under subdirectories.
Cookies are removed from the fetch.
Example: https://webd-example.herokuapp.com/bin/get
(note: we don't add X-Amzn-Trace-Id, thats httpbin.)
"ReverseProxy": {
"/bin/": "https://httpbin.org",
"/usr/bin/": "https://httpbin.org"
},
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
package greylist implements a basic whitelisting/blacklisting http.Handler It reads 2 files (whitelist file, blacklist file) and has option to periodically refresh the lists.
|
package greylist implements a basic whitelisting/blacklisting http.Handler It reads 2 files (whitelist file, blacklist file) and has option to periodically refresh the lists. |