software-station/README.md

# Software Station

A software distribution platform for assets built and hosted on Gitea. Built with Go and Svelte 5.

## Features

- **Gitea Integration**: Fetches releases, assets, and metadata from Gitea repositories.
- **Download Proxy**: Handles downloads with HTTP Range support for resuming and SHA256 checksum verification.
- **Client-Side Verification**: Optional WASM-powered SHA256 verification directly in the browser.
- **Bot & Abuse Prevention**:
  - Filters requests using User-Agent blocklists.
  - Fingerprints requests (IP, UA, TLS) to prevent rate-limit evasion.
  - Uses hashed IDs for download links.
  - SSRF protection for proxy requests.
- **Throttling**: Tiered download speed limits and global API rate limiting.
- **RSS Feed**: XML feed for tracking new software releases.
- **i18n**: Support for English, German, Italian, and Russian.

## Upcoming

- S3, SFTP, WebDAV for software assets.
- Gitea Packages support (containers, npm, etc.).
- ISOs support (Linux distributions) 
- Automatic Torrent generation and seeding for software assets.
- Software dependencies page and licenses information.
- SBOM and SPDX viewer.
- CDN support
- GPG signatures verification
- OSV integration for vulnerability scanning.
- Container scanning 
- Authentication for certain software/containers
- Admin panel
- Infisical support for secrets management.
- Sqlite for database
- Webhook support to force refresh of specific software/containers or add a new software/container.
- Reticulum Network Stack support
- GPG, SBOM client-side verification via WASM.

## Getting Started

### Prerequisites

- Go 1.25+
- Node.js & pnpm (for frontend)
- A Gitea instance

### Configuration

1. **Software List**: Create a `software.txt` file in the root directory. Add your Gitea repositories in `Owner/Repo` format:
   ```text
   Quad4-Software/software-station
   Another-Owner/Project-B
   ```

2. **Bot Blocklist**: Create a `ua-blocklist.txt` to add URLs of User-Agent blocklists (one per line). These will be fetched and cached automatically.

3. **Environment Variables**:
   - `GITEA_TOKEN`: Your Gitea personal access token (optional, required for private repos).
   - `NODE_ENV`: Set to `production` for production builds.

### Installation

1. **Build the Frontend**:
   ```bash
   cd frontend
   pnpm install
   pnpm build
   cd ..
   ```

2. **Build and Run the Backend**:
   ```bash
   go build -o software-station .
   ./software-station -t YOUR_TOKEN -s https://your-gitea-instance.com -ua-blocklist ua-blocklist.txt
   ```

### Docker (Recommended)

Run Software Station using Docker Compose:

```bash
# Set your Gitea token in the environment
export GITEA_TOKEN=your_token_here

# Build and start the container
docker compose up -d
```

## Customization

### Adding Locales
To add a new language:
1. Create a JSON file in `frontend/src/lib/i18n/locales/` (e.g., `fr.json`).
2. Register the locale in `frontend/src/lib/i18n/index.ts`.

### Changing Security Rules
Modify `internal/security/constants.go` or `ua-blocklist.txt` to adjust:
- `ForbiddenPatterns`: Block specific URL patterns.
- `BotUserAgents`: Block specific scrapers or bots (static list).
- `ua-blocklist.txt`: External lists for dynamic bot blocking.
- `DefaultDownloadLimit`: Adjust the global download speed limit.

### UI Themes
The frontend uses Tailwind CSS. You can customize the look and feel in `frontend/tailwind.config.js` and `frontend/src/app.css`.

## Development

Run the backend and frontend separately for a better development experience:

```bash
# Backend (with live reload using Air or just go run)
go run main.go

# Frontend (Vite dev server)
cd frontend
pnpm dev
```

## Testing

We maintain a high test coverage (>60%). Run the test suite:

```bash
go test -v -coverpkg=./... ./...
```

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

Copyright (c) 2025 [Quad4](https://quad4.io). All rights reserved.