Add bot protection

geminiportal/app.py

@@ -1,8 +1,9 @@
 import logging
+import uuid
 from datetime import datetime
 from urllib.parse import quote
 
-from quart import Quart, Response, g, render_template, request
+from quart import Quart, Response, g, render_template, request, url_for
 from quart.logging import default_handler
 from werkzeug.wrappers.response import Response as WerkzeugResponse
 
@@ -38,6 +39,9 @@ async def handle_proxy_error(e):
 @app.context_processor
 def inject_context():
     kwargs = {}
+
+    kwargs["trap_url"] = url_for("trap", token=uuid.uuid4().hex)
+
     if "response" in g:
         kwargs["response"] = g.response
         if hasattr(g.response, "tls_cert"):
@@ -82,6 +86,11 @@ async def changes() -> Response:
     return Response(content)
 
 
+@app.route("/trap/<token>", endpoint="trap")
+async def trap(token: str) -> Response | WerkzeugResponse:
+    return Response("Your IP Address has been banned 🧑‍⚖️.", status=404)
+
+
 @app.route("/")
 async def home() -> Response | WerkzeugResponse:
     g.address = request.args.get("url")

geminiportal/templates/base.html

@@ -1,27 +1,29 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    {% block favicon %}<link rel="icon" href="/static/favicon.ico">{% endblock %}
-    <link rel="apple-touch-icon" href="/static/apple-touch-icon.png">
-    <link rel="stylesheet" href="/static/site.css">
-    <meta name="apple-mobile-web-app-title" content="Gemini">
-    <title>{% block title %}SmolNet Portal{% endblock %}</title>
-    {% block extrahead %}{% endblock %}
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  {% block favicon %}
+    <link rel="icon" href="/static/favicon.ico">{% endblock %}
+  <link rel="apple-touch-icon" href="/static/apple-touch-icon.png">
+  <link rel="stylesheet" href="/static/site.css">
+  <meta name="apple-mobile-web-app-title" content="Gemini">
+  <title>{% block title %}SmolNet Portal{% endblock %}</title>
+  {% block extrahead %}{% endblock %}
 </head>
 <body>
 <div class="header">
-    <a class="title" href="/">SMOLNET PORTAL</a>
-    <span class="navbar">
+  <a class="title" href="/">SMOLNET PORTAL</a>
+  <span class="navbar">
       <a class="header-item" href="/">home</a>
       <a class="header-item" href="/about">about</a>
       <a class="header-item" href="/changes">changes</a>
     </span>
-    <hr>
+  <hr>
 </div>
 <div class="body">
-{% block body %}{% endblock %}
+  {% block body %}{% endblock %}
 </div>
+<a href="{{ trap_url }}" style="display: none">Attention Bots: Click here to ban your IP address for 24 hours!</a>
 </body>
 </html>

geminiportal/templates/changes.html

@@ -2,6 +2,15 @@
 
 {% block body %}
   <h2>Changes</h2>
+  <h3>2025-01-29</h3>
+  <p>
+    Note: I'm aware that recent activity from web crawlers has been spamming some gemini/gopher
+    servers with a large amount of traffic from this web proxy. Sorry about that! If it's causing
+    issues for you, you can block this server's IP address and/or reach out to me over email at
+    <a href="mailto:[email protected]">[email protected]</a> with details, and I'll work on mitigation. </p>
+  <ul>
+    <li>Added a hidden bot-prevention link to the bottom of the page.</li>
+  </ul>
   <h3>2023-11-13</h3>
   <ul>
     <li>Moved the response details from the top of the page to the bottom of the page.</li>
@@ -12,22 +21,27 @@ <h3>2023-11-13</h3>
   <h3>2023-10-08</h3>
   <ul>
     <li>Fixed username/password components from being stripped from links,
-      for example in <i>mailto://</i> URLs.</li>
+      for example in <i>mailto://</i> URLs.
+    </li>
   </ul>
   <h3>2023-08-13</h3>
   <ul>
     <li>Gopher menus now use icons for item types.
       The icons were borrowed from <a href="https://www.apache.org/icons/">apache's httpd</a>
-      and are licensed under public domain.</li>
+      and are licensed under public domain.
+    </li>
     <li>Fixed missing line breaks in <i>text/gemini</i> pages when using Lynx (if you use Lynx, you should
-      also set <i>COLLAPSE_BR_TAGS:FALSE</i> in your browser config to preserve blank lines).</li>
+      also set <i>COLLAPSE_BR_TAGS:FALSE</i> in your browser config to preserve blank lines).
+    </li>
     <li>Fiddling around with the site style.</li>
   </ul>
   <h3>2023-08-09</h3>
   <ul>
-    <li>Text responses that are not valid UTF-8 will now use the <a href="https://github.com/chardet/chardet">chardet</a>
+    <li>Text responses that are not valid UTF-8 will now use the <a
+      href="https://github.com/chardet/chardet">chardet</a>
       library to attempt to guess the correct character encoding. The desired file encoding can also be indicated by
-      appending <i>?charset=...</i> to the end of the URL.</li>
+      appending <i>?charset=...</i> to the end of the URL.
+    </li>
     <li>The following response types will now be displayed inside of an iframe preview window:
       <ul>
         <li><i>text/html</i></li>
@@ -44,9 +58,11 @@ <h3>2023-08-04</h3>
   </ul>
   <h3>2023-08-03</h3>
   <h4>Gopher+</h4>
-  <p>This update adds initial support for the <a href="https://github.com/gopher-protocol/gopher-plus">Gopher+ protocol</a>! 🎉</p>
+  <p>This update adds initial support for the <a href="https://github.com/gopher-protocol/gopher-plus">Gopher+
+    protocol</a>! 🎉</p>
   <ul>
-    <li>Gopher+ URLs are now fully supported, per <a href="https://datatracker.ietf.org/doc/html/rfc4266">RFC 4266</a>.</li>
+    <li>Gopher+ URLs are now fully supported, per <a href="https://datatracker.ietf.org/doc/html/rfc4266">RFC 4266</a>.
+    </li>
     <li>Gopher menus will include an [i] icon next to Gopher+ capable links.</li>
     <li>There's a new [gopher+ info] shortcut below the URL bar.</li>
     <li>Gopher+ attributes will be rendered using as <em>application/gopher+-attribute</em>.</li>
@@ -55,16 +71,19 @@ <h4>Gopher+</h4>
   <p>Here are some example URLs to try it out:</p>
   <ul>
     <li><a href="/gopher/gopher.quux.org/1%2509%2509+">gopher://gopher.quux.org/1%09%09+</a> <i>(gopher+ menu)</i></li>
-    <li><a href="/gopher/gopher.quux.org/1%2509%2509!">gopher://gopher.quux.org/1%09%09!</a> <i>(gopher+ attributes, single item)</i></li>
-    <li><a href="/gopher/gopher.quux.org/1%2509%2509$">gopher://gopher.quux.org/1%09%09$</a> <i>(gopher+ attributes, directory)</i></li>
+    <li><a href="/gopher/gopher.quux.org/1%2509%2509!">gopher://gopher.quux.org/1%09%09!</a> <i>(gopher+ attributes,
+      single item)</i></li>
+    <li><a href="/gopher/gopher.quux.org/1%2509%2509$">gopher://gopher.quux.org/1%09%09$</a> <i>(gopher+ attributes,
+      directory)</i></li>
   </ul>
   <h4>Other Changes</h4>
   <ul>
     <li>The HTML title and favicon are now set dynamically based on the proxied response.</li>
     <li>The Response Details table is new minimized by default to reduce visual clutter.</li>
     <li><i>gopher://</i> URLs will now have their path component percent-encoded. Although
       this is not required by the RFC, I have found that gopher URLs that contain special
-      characters such as spaces will confuse most URL-parsing libraries.</li>
+      characters such as spaces will confuse most URL-parsing libraries.
+    </li>
     <li>Ports 77 and 8070 are now whitelisted for proxy requests.</li>
     <li>Fixed emoji detection to work with multi-codepoint sequences.</li>
     <li>Fixed empty gopher info lines being collapsed.</li>
@@ -102,8 +121,7 @@ <h3>2023-01-18</h3>
     This release marks a major milestone and rewrite of the proxy server,
     geared towards improving performance on my poor VPC instance. Please
     let me know if you encounter any broken links or pages that were
-    previously working, and I'll do my best to fix them.
-  </p>
+    previously working, and I'll do my best to fix them. </p>
   <ul>
     <li>The proxy codebase is now hosted publicly at <a href="https://github.com/michael-lazar/gemini-portal">https://github.com/michael-lazar/gemini-portal</a>
     </li>