watchdog

mirror of https://github.com/NotAShelf/watchdog.git synced 2026-04-15 14:54:00 +00:00

Author	SHA1	Message	Date
NotAShelf	98611ca452	api/handler: fix X-Real-IP header validation When trusted proxy headers are enabled, the code accepted `X-Real-IP` without validating it. The attacker could simply set `X-Real-IP` to an arbitrary and that IP would be recorded as is. We validate the IP format and ensure it's not from a trusted proxy, and add test cases. Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ic1e761ea623a69371a28ad15d465d6c66a6a6964	2026-03-10 10:40:03 +03:00
NotAShelf	ffa2af62be	api/handler: check if each IP in X-Forwarded-For is not in trusted networks before accepting Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Id54c1584650fcee64de70d1f99e542c16a6a6964	2026-03-10 08:56:03 +03:00
NotAShelf	d1181d38f0	watchdog: add log sanitization and request tracking Stuff to prevent possible log injection attacks via weird characters, now sanitized with `strconv` stuff. - X-Request-ID is now traced in ingestion handler - ValidateWithMap renamed to Validate (xd) - Some new tests :D Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I286ec399a5c4a407f0cc117472c079446a6a6964	2026-03-10 08:43:53 +03:00
NotAShelf	02c4f11619	api/handler: `O(n)` linear scan -> `O(1)` map lookup Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ic2080f59be1eea905e8ca95e90e34d4d6a6a6964	2026-03-10 08:43:51 +03:00
NotAShelf	0f38a062e9	various: reduce file I/O & pre-parse CIDRs Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I288c299d35fdc833c802e22682f14b8e6a6a6964	2026-03-10 08:43:33 +03:00
NotAShelf	6977a501b1	internal: better device classification via UA parsing Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I6c78f1eebe71ef4cf037ebbda2caaeb36a6a6964	2026-03-02 22:38:26 +03:00
NotAShelf	4e0b8f0d0a	interal/api: replace liner array scan with hashmap lookup in domain validation Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Iac969e7dc6e4ca3f93410fccac1995636a6a6964	2026-03-02 22:38:22 +03:00
NotAShelf	f988174145	watchdog: migrate to Cobra and Viper for config management; search `/etc` for configs Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I65dbf466cb030dccc7025585d6282bd26a6a6964	2026-03-02 22:38:18 +03:00
NotAShelf	18fe1a8234	internal/api: better multi-sites support; validate events against allowed domains Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Iff1ced4966b4d42cfd6dfefb0cfd97696a6a6964	2026-03-02 22:38:11 +03:00
NotAShelf	da1fab4257	internal: fix the tests broken by hardening Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: If95a5258a393542564f68b3a1ebc7ff66a6a6964	2026-03-02 22:38:07 +03:00
NotAShelf	7e1ef845e8	internal/api: resolve IPv6 handling; prevent XFF spoofing & add rate limiting Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ibe415a133bbc8bd533a21ed1ccd44cf36a6a6964	2026-03-02 22:38:05 +03:00
NotAShelf	993e47e603	internal/aggregate: add HyperLogLog unique visitor tracking Extracts IP from X-Forwarded-For/X-Real-IP/RemoteAddr. Only active when `config.Site.SaltRotation` is set. Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ieef93b81e9894fc2e9e129451bf2dfdf6a6a6964	2026-03-02 22:37:58 +03:00
NotAShelf	e0ec475a81	internal/api: ingestion handler; wire normalization pipeline Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I1890a039b874fcc76ac4a545c2901d4e6a6a6964	2026-03-02 22:37:55 +03:00

13 commits