NotAShelf/watchdog
1
0
Fork 0
mirror of https://github.com/NotAShelf/watchdog.git synced 2026-04-15 14:54:00 +00:00
Code Issues Projects Releases Packages Wiki Activity
81 commits 1 branch 1 tag 318 KiB
Commit graph

18 commits

Author SHA1 Message Date
NotAShelf
5fc6ef592f
 		api/handler: document request ID size 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ia4c92c2e7f3a4d68252a41cf9bc5c9c86a6a6964
 2026-03-10 13:19:44 +03:00
NotAShelf
98611ca452
 		api/handler: fix X-Real-IP header validation 
When trusted proxy headers are enabled, the code accepted `X-Real-IP`
without validating it. The attacker could simply set `X-Real-IP` to an
arbitrary and that IP would be recorded as is. We validate the IP format
and ensure it's not from a trusted proxy, and add test cases.


Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ic1e761ea623a69371a28ad15d465d6c66a6a6964
 2026-03-10 10:40:03 +03:00
NotAShelf
ffa2af62be
 		api/handler: check if each IP in X-Forwarded-For is *not* in trusted networks before accepting 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Id54c1584650fcee64de70d1f99e542c16a6a6964
 2026-03-10 08:56:03 +03:00
NotAShelf
d1181d38f0
 		watchdog: add log sanitization and request tracking 
Stuff to prevent possible log injection attacks via weird characters,
now sanitized with `strconv` stuff.

- X-Request-ID is now traced in ingestion handler
- ValidateWithMap renamed to Validate (xd)
- Some new tests :D

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I286ec399a5c4a407f0cc117472c079446a6a6964
 2026-03-10 08:43:53 +03:00
NotAShelf
4189d14d65
 		api/event: remove legacy validate function; use domain map 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I9a68733cf16b09ef6381161452bda1e56a6a6964
 2026-03-10 08:43:52 +03:00
NotAShelf
02c4f11619
 		api/handler: O(n) linear scan -> O(1) map lookup 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ic2080f59be1eea905e8ca95e90e34d4d6a6a6964
 2026-03-10 08:43:51 +03:00
NotAShelf
0f38a062e9
 		various: reduce file I/O & pre-parse CIDRs 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I288c299d35fdc833c802e22682f14b8e6a6a6964
 2026-03-10 08:43:33 +03:00
NotAShelf
6977a501b1
 		internal: better device classification via UA parsing 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I6c78f1eebe71ef4cf037ebbda2caaeb36a6a6964
 2026-03-02 22:38:26 +03:00
NotAShelf
4e0b8f0d0a
 		interal/api: replace liner array scan with hashmap lookup in domain validation 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iac969e7dc6e4ca3f93410fccac1995636a6a6964
 2026-03-02 22:38:22 +03:00
NotAShelf
f988174145
 		watchdog: migrate to Cobra and Viper for config management; search /etc for configs 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I65dbf466cb030dccc7025585d6282bd26a6a6964
 2026-03-02 22:38:18 +03:00
NotAShelf
bf8390a916
 		chore: format with golines 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I11a2f3273abf08c8cf02e0c335e26d826a6a6964
 2026-03-02 22:38:14 +03:00
NotAShelf
18fe1a8234
 		internal/api: better multi-sites support; validate events against allowed domains 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iff1ced4966b4d42cfd6dfefb0cfd97696a6a6964
 2026-03-02 22:38:11 +03:00
NotAShelf
da1fab4257
 		internal: fix the tests broken by hardening 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: If95a5258a393542564f68b3a1ebc7ff66a6a6964
 2026-03-02 22:38:07 +03:00
NotAShelf
7e1ef845e8
 		internal/api: resolve IPv6 handling; prevent XFF spoofing & add rate limiting 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ibe415a133bbc8bd533a21ed1ccd44cf36a6a6964
 2026-03-02 22:38:05 +03:00
NotAShelf
8187608b38
 		internal/api: centralize constants; improve validation & santize errors 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I3c3e4acb12a5a965bfaba950bf9aa5776a6a6964
 2026-03-02 22:38:04 +03:00
NotAShelf
993e47e603
 		internal/aggregate: add HyperLogLog unique visitor tracking 
Extracts IP from X-Forwarded-For/X-Real-IP/RemoteAddr. Only active
when `config.Site.SaltRotation` is set.

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ieef93b81e9894fc2e9e129451bf2dfdf6a6a6964
 2026-03-02 22:37:58 +03:00
NotAShelf
e0ec475a81
 		internal/api: ingestion handler; wire normalization pipeline 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I1890a039b874fcc76ac4a545c2901d4e6a6a6964
 2026-03-02 22:37:55 +03:00
NotAShelf
c5109ace92
 		internal/api: add event model with validation 
Supports both pageview and custom event types

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iaf48291cd952865ea9ec21361ae33c746a6a6964
 2026-03-02 22:37:54 +03:00