Add RSS feed generation and improve security features

- Implemented structured RSS feed generation using XML encoding. - Enhanced URL registration by incorporating a random salt for hash generation. - Introduced a bot blocker to the security middleware for improved bot detection. - Updated security middleware to utilize the new bot blocker and added more entropy to request fingerprinting.
2025-12-27 03:15:42 -06:00
parent f08e148b2f
commit ab3c188e91
4 changed files with 266 additions and 36 deletions
--- a/internal/security/security.go
+++ b/internal/security/security.go
@@ -90,9 +90,23 @@ func GetRequestFingerprint(r *http.Request, s *stats.Service) string {
 		ipStr = ip.String()
 	}

+	// Improve fingerprinting with more entropy
 	ua := r.Header.Get("User-Agent")
+	lang := r.Header.Get("Accept-Language")
+	enc := r.Header.Get("Accept-Encoding")
+	chUA := r.Header.Get("Sec-CH-UA")
+
 	hash := sha256.New()
-	hash.Write([]byte(ipStr + ua))
+	hash.Write([]byte(ipStr))
+	hash.Write([]byte("|"))
+	hash.Write([]byte(ua))
+	hash.Write([]byte("|"))
+	hash.Write([]byte(lang))
+	hash.Write([]byte("|"))
+	hash.Write([]byte(enc))
+	hash.Write([]byte("|"))
+	hash.Write([]byte(chUA))
+
 	fingerprint := hex.EncodeToString(hash.Sum(nil))

 	s.KnownHashes.Lock()
@@ -168,12 +182,12 @@ func GetSafeHTTPClient(timeout time.Duration) *http.Client {
 	}
 }

-func SecurityMiddleware(s *stats.Service) func(http.Handler) http.Handler {
+func SecurityMiddleware(s *stats.Service, bb *BotBlocker) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			start := time.Now()
 			path := strings.ToLower(r.URL.Path)
-			ua := strings.ToLower(r.UserAgent())
+			ua := r.UserAgent()
 			fingerprint := GetRequestFingerprint(r, s)

 			ctx := context.WithValue(r.Context(), FingerprintKey, fingerprint)
@@ -193,14 +207,12 @@ func SecurityMiddleware(s *stats.Service) func(http.Handler) http.Handler {
 				s.GlobalStats.Unlock()
 			}()

-			for _, bot := range BotUserAgents {
-				if strings.Contains(ua, bot) {
-					s.GlobalStats.Lock()
-					s.GlobalStats.BlockedRequests[fingerprint] = true
-					s.GlobalStats.Unlock()
-					http.Error(w, "Bots are not allowed", http.StatusForbidden)
-					return
-				}
+			if bb != nil && bb.IsBot(ua) {
+				s.GlobalStats.Lock()
+				s.GlobalStats.BlockedRequests[fingerprint] = true
+				s.GlobalStats.Unlock()
+				http.Error(w, "Bots are not allowed", http.StatusForbidden)
+				return
 			}

 			for _, pattern := range ForbiddenPatterns {