Merge pull request varkaria#8 from ledlamp/development

Merge branch 'main' into development

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

ext/nginx.conf

@@ -2,35 +2,34 @@
 # You won't have to edit much of it other than domain name, and/or port if you change it.
 
 server {
-    listen 80;
-    # listen [::]:80; # Include this if you want IPv6 support! You wont usually need this but it's cool though.
-    # listen 443 ssl; # Include this if you want SSL support! You wont usually need this if you plan on proxying through CF.
-    # listen [::]:443; # Include this if you want IPv6 support! You wont usually need this but it's cool though.
+	listen 80;
+	# listen [::]:80; # Include this if you want IPv6 support! You wont usually need this but it's cool though.
+	# listen 443 ssl; # Include this if you want SSL support! You wont usually need this if you plan on proxying through CF.
+	# listen [::]:443; # Include this if you want IPv6 support! You wont usually need this but it's cool though. 
 
-    # The domain or URL you want this to run guweb off of.
-    server_name web.example.com;
+	# The domain or URL you want this to run guweb off of.
+	server_name web.example.com;
 
-    # NOTE: You'll want to change these to your own SSL certificate if any. You wont usually need this if you plan on proxying through CF.
-    # ssl_certificate     /etc/letsencrypt/live/varkaria.cyou/fullchain.pem;
-    # ssl_certificate_key /etc/letsencrypt/live/varkaria.cyou/privkey.pem;
+	# NOTE: You'll want to change these to your own SSL certificate if any. You wont usually need this if you plan on proxying through CF.
+	# ssl_certificate     /etc/letsencrypt/live/varkaria.cyou/fullchain.pem;
+	# ssl_certificate_key /etc/letsencrypt/live/varkaria.cyou/privkey.pem;
 
-    # This is where all the magic happens.
-    location / {
+	# gulag
+	location ~^/(?:web|api|users|ss|d|p|beatmaps|beatmapsets|community) {
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Real-IP  $remote_addr;
+		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header Host $http_host;
 		proxy_redirect off;
+		proxy_pass http://gulag;
+	}
 
-        # 8000 IS CURRENTLY THE DEFAULT ASSIGNED PORT WHEN RUNNING IN HYPERCORN (hypercorn main.py).
-		proxy_pass http://127.0.0.1:8000;
-    }
-
-   # This is make for gulag api
-    location /api {
+	# gulag-web
+	location / {
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Real-IP  $remote_addr;
+		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header Host $http_host;
 		proxy_redirect off;
-		proxy_pass http://gulag;
-    }
+		# 8000 IS CURRENTLY THE DEFAULT ASSIGNED PORT WHEN RUNNING IN HYPERCORN (hypercorn main.py).
+		proxy_pass http://127.0.0.1:8000;
+	}
 }

main.py

@@ -73,4 +73,5 @@ async def page_not_found(e):
     return (await render_template('404.html'), 404)
 
 os.chdir(os.path.dirname(os.path.realpath(__file__)))
-app.run(debug=glob.config.debug) # blocking call
+if __name__ == '__main__':
+    app.run(debug=glob.config.debug) # blocking call