Quad4-Software/software-station
2
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases 1 Wiki Activity
Files
d3da3fe02e424017a45c817d5ef4cb710f587c51
software-station/README.md
Sudo-Ivan 0dfbacce37
All checks were successful
CI / build (push) Successful in 1m0s
Details
renovate / renovate (push) Successful in 1m6s
Details
Update README and frontend files for improved clarity and functionality 
- Added a note in the README about using Taskfile for project management.
- Removed the crossOrigin attribute from the WebAssembly fetch request in verifier.ts for security compliance.
- Refactored the wasm_exec.js file for consistency in string usage and improved readability.
- Cleaned up whitespace in the SRI generation script to enhance code clarity.
2025-12-27 22:37:27 -06:00

128 lines
3.9 KiB
Markdown
Raw Blame History

# Software Station
A software distribution platform for assets built and hosted on Gitea. Built with Go and Svelte 5.
## Features
- **Gitea Integration**: Fetches releases, assets, and metadata from Gitea repositories.
- **Download Proxy**: Handles downloads with HTTP Range support for resuming and SHA256 checksum verification.
- **Client-Side Verification**: Optional WASM-powered SHA256 verification directly in the browser.
- **Bot & Abuse Prevention**:
- Filters requests using User-Agent blocklists.
- Fingerprints requests (IP, UA, TLS) to prevent rate-limit evasion.
- Uses hashed IDs for download links.
- SSRF protection for proxy requests.
- **Throttling**: Tiered download speed limits and global API rate limiting.
- **RSS Feed**: XML feed for tracking new software releases.
- **i18n**: Support for English, German, Italian, and Russian.
- **Documentation**: Support for documentation for software station and each software project in `.svx` and `.md` files.
- **Software Caching**: Caches popular assets to reduce load on the asset servers and improve download speed.
## Upcoming
- Admin panel.
- Authentication for certain software and containers.
- Automatic torrent generation and seeding for software assets.
- CDN support.
- Container scanning.
- ClamAV and MobySF.
- Gitea Packages support (containers, npm, etc.).
- GPG and SBOM client-side verification via WASM.
- Infisical support for secrets management.
- ISOs support (Linux distributions).
- OSV integration for vulnerability scanning.
- Reticulum Network Stack support.
- S3, SFTP, and WebDAV support for software assets.
- SBOM and SPDX viewer.
- Software dependencies page and license information.
- Sqlite database support.
- Webhook support to force refresh or add specific software/containers.
## Getting Started
### Prerequisites
- Go 1.25+
- Node.js & pnpm (for frontend)
- A Gitea instance
### Configuration
1. **Software List**: Create a `software.txt` file in the root directory. Add your Gitea repositories in `Owner/Repo` format:
```text
Quad4-Software/software-station
Another-Owner/Project-B
```
2. **Bot Blocklist**: Create a `ua-blocklist.txt` to add URLs of User-Agent blocklists (one per line). These will be fetched and cached automatically.
3. **Environment Variables**:
- `GITEA_TOKEN`: Your Gitea personal access token (optional, required for private repos).
- `NODE_ENV`: Set to `production` for production builds.
### Installation
We use [Taskfile](https://taskfile.dev/) to manage the project.
1. **Build Everything (WASM, Frontend, Backend)**:
```bash
go-task all
```
2. **Run the Application**:
```bash
go-task run
```
### Docker (Recommended)
Run Software Station using Docker Compose:
```bash
# Set your Gitea token in the environment
export GITEA_TOKEN=your_token_here
# Build and start the container
docker compose up -d
```
## Customization
### Adding Locales
To add a new language:
1. Create a JSON file in `frontend/src/lib/i18n/locales/` (e.g., `fr.json`).
2. Register the locale in `frontend/src/lib/i18n/index.ts`.
### Changing Security Rules
Modify `internal/security/constants.go` or `ua-blocklist.txt` to adjust:
- `ForbiddenPatterns`: Block specific URL patterns.
- `BotUserAgents`: Block specific scrapers or bots (static list).
- `ua-blocklist.txt`: External lists for dynamic bot blocking.
- `DefaultDownloadLimit`: Adjust the global download speed limit.
### UI Themes
The frontend uses Tailwind CSS. You can customize the look and feel in `frontend/tailwind.config.js` and `frontend/src/app.css`.
## Development
Run the backend and frontend simultaneously with live reload (uses parallel tasks):
```bash
go-task dev
```
## Testing
Run the full test suite (including WASM tests):
```bash
go-task test
```
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
Copyright (c) 2025 [Quad4](https://quad4.io). All rights reserved.
Reference in New Issue View Git Blame Copy Permalink