# Software Station A software distribution platform for assets built and hosted on Gitea. Built with Go and Svelte 5. ## Features - **Gitea Integration**: Fetches releases, assets, and metadata from Gitea repositories. - **Download Proxy**: Handles downloads with HTTP Range support for resuming and SHA256 checksum verification. - **Client-Side Verification**: Optional WASM-powered SHA256 verification directly in the browser. - **Bot & Abuse Prevention**: - Filters requests using User-Agent blocklists. - Fingerprints requests (IP, UA, TLS) to prevent rate-limit evasion. - Uses hashed IDs for download links. - SSRF protection for proxy requests. - **Throttling**: Tiered download speed limits and global API rate limiting. - **RSS Feed**: XML feed for tracking new software releases. - **i18n**: Support for English, German, Italian, and Russian. - **Documentation**: Support for documentation for software station and each software project in `.svx` and `.md` files. - **Software Caching**: Caches popular assets to reduce load on the asset servers and improve download speed. ## Upcoming - Admin panel. - Authentication for certain software and containers. - Automatic torrent generation and seeding for software assets. - CDN support. - Container scanning. - ClamAV and MobySF. - Gitea Packages support (containers, npm, etc.). - GPG and SBOM client-side verification via WASM. - Infisical support for secrets management. - ISOs support (Linux distributions). - OSV integration for vulnerability scanning. - Reticulum Network Stack support. - S3, SFTP, and WebDAV support for software assets. - SBOM and SPDX viewer. - Software dependencies page and license information. - Sqlite database support. - Webhook support to force refresh or add specific software/containers. ## Getting Started ### Prerequisites - Go 1.25+ - Node.js & pnpm (for frontend) - A Gitea instance ### Configuration 1. **Software List**: Create a `software.txt` file in the root directory. Add your Gitea repositories in `Owner/Repo` format: ```text Quad4-Software/software-station Another-Owner/Project-B ``` 2. **Bot Blocklist**: Create a `ua-blocklist.txt` to add URLs of User-Agent blocklists (one per line). These will be fetched and cached automatically. 3. **Environment Variables**: - `GITEA_TOKEN`: Your Gitea personal access token (optional, required for private repos). - `NODE_ENV`: Set to `production` for production builds. ### Installation We use [Taskfile](https://taskfile.dev/) to manage the project. 1. **Build Everything (WASM, Frontend, Backend)**: ```bash go-task all ``` 2. **Run the Application**: ```bash go-task run ``` ### Docker (Recommended) Run Software Station using Docker Compose: ```bash # Set your Gitea token in the environment export GITEA_TOKEN=your_token_here # Build and start the container docker compose up -d ``` ## Customization ### Adding Locales To add a new language: 1. Create a JSON file in `frontend/src/lib/i18n/locales/` (e.g., `fr.json`). 2. Register the locale in `frontend/src/lib/i18n/index.ts`. ### Changing Security Rules Modify `internal/security/constants.go` or `ua-blocklist.txt` to adjust: - `ForbiddenPatterns`: Block specific URL patterns. - `BotUserAgents`: Block specific scrapers or bots (static list). - `ua-blocklist.txt`: External lists for dynamic bot blocking. - `DefaultDownloadLimit`: Adjust the global download speed limit. ### UI Themes The frontend uses Tailwind CSS. You can customize the look and feel in `frontend/tailwind.config.js` and `frontend/src/app.css`. ## Development Run the backend and frontend simultaneously with live reload (uses parallel tasks): ```bash go-task dev ``` ## Testing Run the full test suite (including WASM tests): ```bash go-task test ``` ## License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. Copyright (c) 2025 [Quad4](https://quad4.io). All rights reserved.