✧✦Catherine✦✧
@hailey you might be amused to hear that i've implemented PATCH for git-pages, in a way that provides reliable atomic CAS if your backend supports it
so now you can just update a subtree if you want. no weird git trickery needed. `site-path: "/preview//${{ forge.head_ref }}` done
Hailey
@whitequark oh that's quite cool! does the patch persist until the next git push?
✧✦Catherine✦✧
@hailey basically yes; this is intended for a git-less workflows where you're using PUT and PATCH to push SSG output for e.g. your main branch and feature/PR branches directly to the site, therefore conserving a lot of git traffic (and headache)
this does create a situation where there is no single source of truth for the website (but we're _avoiding_ a repo with 500 pr/N subfolders, right?). so you might want to back it up... `curl .../git-pages/archive.tar` has got you covered :3
Hailey
@whitequark I was just thinking actually, whats your thoughts on a feature to reverse proxy on 404?
✧✦Catherine✦✧
@hailey already implemented, [fallback].proxy-to = "https://target.server"
✧✦Catherine✦✧
@hailey in principle I could have reverse proxying via _redirects (like Netlify) but giving anyone the ability to impersonate the git-pages workers seems less than wise, so I've never implemented it
JP
@whitequark @hailey Yeah the potential for that turning into phish and reflectance attack fuckery is pretty high, adds a pile of abuse burden
✧✦Catherine✦✧
@froztbyte @hailey speaking of that: Hailey do you have any particular ideas about handling abuse? currently I have two mechanisms:
- a way to freeze a domain and prevent any further modification
- an append only audit log that says who did what when (was a bit annoying to design for a cluster... i ended up using snowflake IDs for primary keys) and records state of pages at the time of audit event (which is cheap because of CAS)
✧✦Catherine✦✧
@froztbyte @hailey whenever there's an audit event, an entry gets written to a log followed by a notification being sent to an audit server that grabs it, extracts the data, and feeds it to a user-specified script which can e.g. run clamav, detect phishing, etc, and then potentially freeze a site
JP
@whitequark @hailey ah I was confused by freeze in the previous toot, then realized you meant "freeze operation" (vs something more like "change hold") - would distinguishing/disambiguating between those be useful?
given that output is pretty strongly tied to git activity I feel like most of the abuse handling scenarios that'd apply would "need" to be driven by detection automation, but is a split useful for something else?
✧✦Catherine✦✧
@froztbyte @hailey I think "change hold" is accurate: it prevents committing or deleting a manifest for the site, functionally ensuring it will remain static (heh)
JP
@whitequark @hailey (also, soz, know you didn't ask me but have had to poke at this in other contexts before so my brainmeat is primed to think about it regardless)
✧✦Catherine✦✧
@froztbyte @hailey oh I'm not experienced at this at all so any input is valuable
JP
@whitequark @hailey do you already have revert-to-previous-$x rollback type stuff covered? hypothetical attack: "dodgy commit makes it into repo somehow" (overprivileged CI or a jiatan situation or whatever it may be)
you can't necessarily wait for the commit to be undone, but you would want the post-commit published content made unavailable as soon as instructed (whether by human or other trigger)
✧✦Catherine✦✧
@froztbyte @hailey i do not have an explicit rollback function, but you could do it by composing other commands:
git-pages -audit-read <prev-id>
git-pages -update-site <site> <prev-id>-archive.tar
✧✦Catherine✦✧
@froztbyte @hailey btw check out https://mastodon.social/@whitequark/115664962746583127
JP
@whitequark @hailey single-dash word-args, I didn’t know you’re a committee of that variety of shellcrimes! :o
but yeah that looks pretty reasonable
✧✦Catherine✦✧
@froztbyte @hailey I'm just using the Go standard `flag` module... I use `pflag` in git-pages-cli that is more end user facing which avoids this problem, but git-pages is my first Go application
JP
@whitequark @hailey Nod, I figured/presumed it was that. For most such cases in the last 10y, pike’s mistake is the reason for that
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.