WIP: Add rules argument

2023-11-06 14:50:33 +01:00
18 changed files with 121 additions and 444 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
--- a/.github/workflows/release-binaries.yaml
+++ b/.github/workflows/release-binaries.yaml
@@ -37,4 +37,4 @@ jobs:
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-#          GORELEASER_GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+          GORELEASER_GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -33,10 +33,10 @@ changelog:
 #brews:
 #  -
 #    repository:
-#      owner: everywall
+#      owner: kubero-dev
 #      name: homebrew-ladder
 #      token: "{{ .Env.GORELEASER_GITHUB_TOKEN }}"
-#    homepage: "https://www.everyladder.dev"
-#    description: "Manage your everyladder applications modify every website"
+#    homepage: "https://www.kubero.dev"
+#    description: "Manage your kubero applications with the CLI"
 #    test: |
-#      system "#{bin}/everyladder", "--version"
+#      system "#{bin}/kubero", "--version"
--- a/README.md
+++ b/README.md
@@ -3,8 +3,6 @@
 </p>

 <h1 align="center">Ladder</h1>
-<div><img alt="License" src="https://img.shields.io/github/license/everywall/ladder"> <img alt="go.mod Go version " src="https://img.shields.io/github/go-mod/go-version/everywall/ladder"> <img alt="GitHub tag (with filter)" src="https://img.shields.io/github/v/tag/everywall/ladder"> <img alt="GitHub (Pre-)Release Date" src="https://img.shields.io/github/release-date-pre/everywall/ladder"> <img alt="GitHub Downloads all releases" src="https://img.shields.io/github/downloads/everywall/ladder/total"> <img alt="GitHub Build Status (with event)" src="https://img.shields.io/github/actions/workflow/status/everywall/ladder/release-binaries.yaml"></div>
-

 *Ladder is a web proxy to help bypass paywalls.* This is a selfhosted version of [1ft.io](https://1ft.io) and [12ft.io](https://12ft.io). It is inspired by [13ft](https://github.com/wasi-master/13ft).

@@ -23,11 +21,11 @@ Freedom of information is an essential pillar of democracy and informed decision
 - [x] Fetch RAW HTML
 - [x] Custom User Agent
 - [x] Custom X-Forwarded-For IP
- [x] [Docker container](https://github.com/everywall/ladder/pkgs/container/ladder) (amd64, arm64)
+- [x] [Docker container](https://github.com/kubero-dev/ladder/pkgs/container/ladder) (amd64, arm64)
 - [x] Linux binary
 - [x] Mac OS binary
 - [x] Windows binary (untested)
- [x] Removes most of the ads (unexpected side effect ¯\\\_(ツ)_/¯ )
+- [x] Removes most of the ads (unexpected side effect ¯\_(ツ)_/¯ )
 - [x] Basic Auth
 - [x] Disable logs
 - [x] No Tracking
@@ -38,7 +36,7 @@ Freedom of information is an essential pillar of democracy and informed decision
 - [ ] Fetch from Google Cache if not available

 ### Limitations
-Certain sites may display missing images or encounter formatting issues. This can be attributed to the site's reliance on JavaScript or CSS for image and resource loading, which presents a limitation when accessed through this proxy. If you prefer a full experience, please consider buying a subscription for the site.
+Certain sites may display missing images or encounter formatting issues. This can be attributed to the site's reliance on JavaScript or CSS for image and resource loading, which presents a limitation when accessed through this proxy. If you prefer a full experience, please concider buying a subscription for the site.

 Some sites do not expose their content to search engines, which means that the proxy cannot access the content. A future version will try to fetch the content from Google Cache.

@@ -47,24 +45,21 @@ Some sites do not expose their content to search engines, which means that the p
 > **Warning:** If your instance will be publicly accessible, make sure to enable Basic Auth. This will prevent unauthorized users from using your proxy. If you do not enable Basic Auth, anyone can use your proxy to browse nasty/illegal stuff. And you will be responsible for it.

 ### Binary
-1) Download binary [here](https://github.com/everywall/ladder/releases/latest)
+1) Download binary [here](https://github.com/kubero-dev/ladder/releases/latest)
 2) Unpack and run the binary `./ladder`
 3) Open Browser (Default: http://localhost:8080)

 ### Docker
 ```bash
-docker run -p 8080:8080 -d --name ladder ghcr.io/everywall/ladder:latest
+docker run -p 8080:8080 -d --name ladder ghcr.io/kubero-dev/ladder:latest
 ```

 ### Docker Compose
 ```bash
-curl https://raw.githubusercontent.com/everywall/ladder/main/docker-compose.yaml --output docker-compose.yaml
+curl https://raw.githubusercontent.com/kubero-dev/ladder/main/docker-compose.yaml --output docker-compose.yaml
 docker-compose up -d
 ```

-### Helm
-See [README.md](/helm-chart/README.md) in helm-chart sub-directory for more information.
-
 ## Usage

 ### Browser
@@ -75,11 +70,6 @@ See [README.md](/helm-chart/README.md) in helm-chart sub-directory for more info
 Or direct by appending the URL to the end of the proxy URL:
 http://localhost:8080/https://www.example.com

-Or create a bookmark with the following URL:
-```javascript
-javascript:window.location.href="http://localhost:8080/"+location.href
-```
-
 ### API
 ```bash
 curl -X GET "http://localhost:8080/api/https://www.example.com"
@@ -106,7 +96,7 @@ http://localhost:8080/ruleset
 | `LOG_URLS` | Log fetched URL's | `true` |
 | `DISABLE_FORM` | Disables URL Form Frontpage | `false` |
 | `FORM_PATH` | Path to custom Form HTML | `` |
-| `RULESET` | URL to a ruleset file | `https://raw.githubusercontent.com/everywall/ladder/main/ruleset.yaml` or `/path/to/my/rules.yaml` |
+| `RULESET` | URL to a ruleset file | `https://raw.githubusercontent.com/kubero-dev/ladder/main/ruleset.yaml` or `/path/to/my/rules.yaml` or `default` |
 | `EXPOSE_RULESET` | Make your Ruleset available to other ladders | `true` |
 | `ALLOWED_DOMAINS` | Comma separated list of allowed domains. Empty = no limitations | `` |
 | `ALLOWED_DOMAINS_RULESET` | Allow Domains from Ruleset. false = no limitations | `false` |
@@ -120,22 +110,13 @@ It is possible to apply custom rules to modify the response. This can be used to
 See in [ruleset.yaml](ruleset.yaml) for an example.

 ```yaml
- domain: example.com          # Inbcludes all subdomains
-  domains:                     # Additional domains to apply the rule
-    - www.example.de
-    - www.beispiel.de
-  headers:
-    x-forwarded-for: none      # override X-Forwarded-For header or delete with none
-    referer: none              # override Referer header or delete with none
-    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
-    content-security-policy: script-src 'self'; # override response header
-    cookie: privacy=1
+- domain: www.example.com
  regexRules:
    - match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
      replace: <script $1 script="/https://www.example.com/$3"
  injections:
    - position: head # Position where to inject the code
-      append: |      # possible keys: append, prepend, replace
+      append: | 
        <script>
          window.localStorage.clear();
          console.log("test");
@@ -144,7 +125,7 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
 - domain: www.anotherdomain.com # Domain where the rule applies
  paths:                        # Paths where the rule applies
    - /article
-  googleCache: false            # Use Google Cache to fetch the content
+  googleCache: false            # Search also in Google Cache
  regexRules:                   # Regex rules to apply
    - match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
      replace: <script $1 script="/https://www.example.com/$3"
@@ -155,4 +136,4 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
    - position: .left-content article # Position where to inject the code into DOM
      prepend: | 
        <h2>Suptitle</h2>
-```
+```
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -7,6 +7,7 @@ import (
 	"ladder/handlers"
 	"log"
 	"os"
+	"strconv"
 	"strings"

 	"github.com/akamensky/argparse"
@@ -22,32 +23,37 @@ func main() {

 	parser := argparse.NewParser("ladder", "Every Wall needs a Ladder")

-	portEnv := os.Getenv("PORT")
+	p := os.Getenv("PORT")
 	if os.Getenv("PORT") == "" {
-		portEnv = "8080"
+		p = "8080"
 	}
 	port := parser.String("p", "port", &argparse.Options{
 		Required: false,
-		Default:  portEnv,
+		Default:  p,
 		Help:     "Port the webserver will listen on"})

+	pf, _ := strconv.ParseBool(os.Getenv("PREFORK"))
 	prefork := parser.Flag("P", "prefork", &argparse.Options{
 		Required: false,
+		Default:  pf,
 		Help:     "This will spawn multiple processes listening"})

+	r := os.Getenv("RULESET")
+	ruleset := parser.String("r", "ruleset", &argparse.Options{
+		Required: false,
+		Default:  r,
+		Help:     "Path or URL to your ruleset"})
+
+	handlers.LoadRules(*ruleset)
+
 	err := parser.Parse(os.Args)
 	if err != nil {
 		fmt.Print(parser.Usage(err))
 	}

-	if os.Getenv("PREFORK") == "true" {
-		*prefork = true
-	}
-
 	app := fiber.New(
 		fiber.Config{
 			Prefork: *prefork,
-			GETOnly: true,
 		},
 	)

--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,19 +1,14 @@
 version: '3'
 services:
  ladder:
-    image: ghcr.io/everywall/ladder:latest
+    image: ghcr.io/kubero-dev/ladder:latest
    container_name: ladder
-    #build: .
+    build: .
    #restart: always
    #command: sh -c ./ladder
    environment:
      - PORT=8080
-      - RULESET=/app/ruleset.yaml
-      #- ALLOWED_DOMAINS_RULESET=false
-      #- EXPOSE_RULESET=true
-      #- PREFORK=false
-      #- DISABLE_FORM=fase
-      #- FORM_PATH=/app/form.html
+      #- PREFORK=true
      #- X_FORWARDED_FOR=66.249.66.1
      #- USER_AGENT=Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
      #- USERPASS=foo:bar
@@ -21,6 +16,11 @@ services:
      #- GODEBUG=netdns=go
    ports:
      - "8080:8080"
-    volumes:
-      - ./ruleset.yaml:/app/ruleset.yaml
-      - ./handlers/form.html:/app/form.html
+    deploy:
+      resources:
+        limits:
+          cpus: "0.50"
+          memory: 512M
+        reservations:
+          cpus: "0.25"
+          memory: 128M
--- a/handlers/api.go
+++ b/handlers/api.go
@@ -27,8 +27,7 @@ func Api(c *fiber.Ctx) error {
 		Version: version,
 		Body:    body,
 	}
-
-	response.Request.Headers = make([]any, 0, len(req.Header))
+	response.Request.Headers = make([]interface{}, 0)
 	for k, v := range req.Header {
 		response.Request.Headers = append(response.Request.Headers, map[string]string{
 			"key":   k,
@@ -36,7 +35,7 @@ func Api(c *fiber.Ctx) error {
 		})
 	}

-	response.Response.Headers = make([]any, 0, len(resp.Header))
+	response.Response.Headers = make([]interface{}, 0)
 	for k, v := range resp.Header {
 		response.Response.Headers = append(response.Response.Headers, map[string]string{
 			"key":   k,
--- a/handlers/form.html
+++ b/handlers/form.html
@@ -36,7 +36,7 @@
    </style>
 </head>
 <body>
-    <a href="https://github.com/everywall/ladder">
+    <a href="https://github.com/kubero-dev/ladder">
        <div class="github-corner" aria-label="View source on GitHub">
            <svg
                xmlns:svg="http://www.w3.org/2000/svg"
--- a/handlers/proxy.go
+++ b/handlers/proxy.go
@@ -17,8 +17,11 @@ import (

 var UserAgent = getenv("USER_AGENT", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)")
 var ForwardedFor = getenv("X_FORWARDED_FOR", "66.249.66.1")
-var rulesSet = loadRules()
+var rulesSet RuleSet
+
+// var rulesSet = loadRules()
 var allowedDomains = strings.Split(os.Getenv("ALLOWED_DOMAINS"), ",")
+var Aaaa = "aaaa"

 func ProxySite(c *fiber.Ctx) error {
 	// Get the url from the URL
@@ -33,8 +36,6 @@ func ProxySite(c *fiber.Ctx) error {
 	}

 	c.Set("Content-Type", resp.Header.Get("Content-Type"))
-	c.Set("Content-Security-Policy", resp.Header.Get("Content-Security-Policy"))
-
 	return c.SendString(body)
 }

@@ -58,49 +59,17 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
 		return "", nil, nil, fmt.Errorf("domain not allowed. %s not in %s", u.Host, allowedDomains)
 	}

-	if os.Getenv("LOG_URLS") == "true" {
+	if os.Getenv("DEBUG	") == "true" {
 		log.Println(u.String() + urlQuery)
 	}

-	rule := fetchRule(u.Host, u.Path)
-
-	if rule.GoogleCache {
-		u, err = url.Parse("https://webcache.googleusercontent.com/search?q=cache:" + u.String())
-		if err != nil {
-			return "", nil, nil, err
-		}
-	}
-
 	// Fetch the site
 	client := &http.Client{}
 	req, _ := http.NewRequest("GET", u.String()+urlQuery, nil)
-
-	if rule.Headers.UserAgent != "" {
-		req.Header.Set("User-Agent", rule.Headers.UserAgent)
-	} else {
-		req.Header.Set("User-Agent", UserAgent)
-	}
-
-	if rule.Headers.XForwardedFor != "" {
-		if rule.Headers.XForwardedFor != "none" {
-			req.Header.Set("X-Forwarded-For", rule.Headers.XForwardedFor)
-		}
-	} else {
-		req.Header.Set("X-Forwarded-For", ForwardedFor)
-	}
-
-	if rule.Headers.Referer != "" {
-		if rule.Headers.Referer != "none" {
-			req.Header.Set("Referer", rule.Headers.Referer)
-		}
-	} else {
-		req.Header.Set("Referer", u.String())
-	}
-
-	if rule.Headers.Cookie != "" {
-		req.Header.Set("Cookie", rule.Headers.Cookie)
-	}
-
+	req.Header.Set("User-Agent", UserAgent)
+	req.Header.Set("X-Forwarded-For", ForwardedFor)
+	req.Header.Set("Referer", u.String())
+	req.Header.Set("Host", u.Host)
 	resp, err := client.Do(req)

 	if err != nil {
@@ -113,16 +82,11 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
 		return "", nil, nil, err
 	}

-	if rule.Headers.CSP != "" {
-		resp.Header.Set("Content-Security-Policy", rule.Headers.CSP)
-	}
-
-	log.Print("rule", rule)
-	body := rewriteHtml(bodyB, u, rule)
+	body := rewriteHtml(bodyB, u)
 	return body, req, resp, nil
 }

-func rewriteHtml(bodyB []byte, u *url.URL, rule Rule) string {
+func rewriteHtml(bodyB []byte, u *url.URL) string {
 	// Rewrite the HTML
 	body := string(bodyB)

@@ -143,7 +107,7 @@ func rewriteHtml(bodyB []byte, u *url.URL, rule Rule) string {
 	body = strings.ReplaceAll(body, "href=\"https://"+u.Host, "href=\"/https://"+u.Host+"/")

 	if os.Getenv("RULESET") != "" {
-		body = applyRules(body, rule)
+		body = applyRules(u.Host, u.Path, body)
 	}
 	return body
 }
@@ -156,13 +120,18 @@ func getenv(key, fallback string) string {
 	return value
 }

-func loadRules() RuleSet {
-	rulesUrl := os.Getenv("RULESET")
+func LoadRules(rulesUrl string) RuleSet {
+	//rulesUrl := os.Getenv("RULESET")
 	if rulesUrl == "" {
 		RulesList := RuleSet{}
 		return RulesList
 	}
-	log.Println("Loading rules")
+
+	if rulesUrl == "default" {
+		rulesUrl = "https://raw.githubusercontent.com/kubero-dev/ladder/main/ruleset.yaml"
+	}
+
+	log.Println("Loading rules: " + rulesUrl)

 	var ruleSet RuleSet
 	if strings.HasPrefix(rulesUrl, "http") {
@@ -194,75 +163,75 @@ func loadRules() RuleSet {
 		yaml.Unmarshal(yamlFile, &ruleSet)
 	}

-	domains := []string{}
 	for _, rule := range ruleSet {
-
-		domains = append(domains, rule.Domain)
-		domains = append(domains, rule.Domains...)
+		//log.Println("Loaded rules for", rule.Domain)
 		if os.Getenv("ALLOWED_DOMAINS_RULESET") == "true" {
-			allowedDomains = append(allowedDomains, domains...)
+			allowedDomains = append(allowedDomains, rule.Domain)
 		}
 	}

-	log.Println("Loaded ", len(ruleSet), " rules for", len(domains), "Domains")
+	log.Println("Loaded rules for", len(ruleSet), "Domains")
 	return ruleSet
 }

-func fetchRule(domain string, path string) Rule {
-	if len(rulesSet) == 0 {
-		return Rule{}
-	}
-	rule := Rule{}
-	for _, rule := range rulesSet {
-		domains := rule.Domains
-		if rule.Domain != "" {
-			domains = append(domains, rule.Domain)
-		}
-		for _, ruleDomain := range domains {
-			if ruleDomain == domain || strings.HasSuffix(domain, ruleDomain) {
-				if len(rule.Paths) > 0 && !StringInSlice(path, rule.Paths) {
-					continue
-				}
-				// return first match
-				return rule
-			}
-		}
-	}
-	return rule
-}
-
-func applyRules(body string, rule Rule) string {
+func applyRules(domain string, path string, body string) string {
 	if len(rulesSet) == 0 {
 		return body
 	}

-	for _, regexRule := range rule.RegexRules {
-		re := regexp.MustCompile(regexRule.Match)
-		body = re.ReplaceAllString(body, regexRule.Replace)
-	}
-	for _, injection := range rule.Injections {
-		doc, err := goquery.NewDocumentFromReader(strings.NewReader(body))
-		if err != nil {
-			log.Fatal(err)
+	for _, rule := range rulesSet {
+		if rule.Domain != domain {
+			continue
 		}
-		if injection.Replace != "" {
-			doc.Find(injection.Position).ReplaceWithHtml(injection.Replace)
+		if len(rule.Paths) > 0 && !StringInSlice(path, rule.Paths) {
+			continue
 		}
-		if injection.Append != "" {
-			doc.Find(injection.Position).AppendHtml(injection.Append)
+		for _, regexRule := range rule.RegexRules {
+			re := regexp.MustCompile(regexRule.Match)
+			body = re.ReplaceAllString(body, regexRule.Replace)
 		}
-		if injection.Prepend != "" {
-			doc.Find(injection.Position).PrependHtml(injection.Prepend)
-		}
-		body, err = doc.Html()
-		if err != nil {
-			log.Fatal(err)
+		for _, injection := range rule.Injections {
+			doc, err := goquery.NewDocumentFromReader(strings.NewReader(body))
+			if err != nil {
+				log.Fatal(err)
+			}
+			if injection.Replace != "" {
+				doc.Find(injection.Position).ReplaceWithHtml(injection.Replace)
+			}
+			if injection.Append != "" {
+				doc.Find(injection.Position).AppendHtml(injection.Append)
+			}
+			if injection.Prepend != "" {
+				doc.Find(injection.Position).PrependHtml(injection.Prepend)
+			}
+			body, err = doc.Html()
+			if err != nil {
+				log.Fatal(err)
+			}
 		}
 	}

 	return body
 }

+type Rule struct {
+	Match   string `yaml:"match"`
+	Replace string `yaml:"replace"`
+}
+
+type RuleSet []struct {
+	Domain      string   `yaml:"domain"`
+	Paths       []string `yaml:"paths,omitempty"`
+	GoogleCache bool     `yaml:"googleCache,omitempty"`
+	RegexRules  []Rule   `yaml:"regexRules"`
+	Injections  []struct {
+		Position string `yaml:"position"`
+		Append   string `yaml:"append"`
+		Prepend  string `yaml:"prepend"`
+		Replace  string `yaml:"replace"`
+	} `yaml:"injections"`
+}
+
 func StringInSlice(s string, list []string) bool {
 	for _, x := range list {
 		if strings.HasPrefix(s, x) {
--- a/handlers/proxy.test.go
+++ b/handlers/proxy.test.go
@@ -51,7 +51,7 @@ func TestRewriteHtml(t *testing.T) {
 		</html>
 	`

-	actual := rewriteHtml(bodyB, u, Rule{})
+	actual := rewriteHtml(bodyB, u)
 	assert.Equal(t, expected, actual)
 }

--- a/handlers/types.go
+++ b/handlers/types.go
@@ -1,29 +0,0 @@
-package handlers
-
-type Regex struct {
-	Match   string `yaml:"match"`
-	Replace string `yaml:"replace"`
-}
-
-type RuleSet []Rule
-
-type Rule struct {
-	Domain  string   `yaml:"domain,omitempty"`
-	Domains []string `yaml:"domains,omitempty"`
-	Paths   []string `yaml:"paths,omitempty"`
-	Headers struct {
-		UserAgent     string `yaml:"user-agent,omitempty"`
-		XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
-		Referer       string `yaml:"referer,omitempty"`
-		Cookie        string `yaml:"cookie,omitempty"`
-		CSP           string `yaml:"content-security-policy,omitempty"`
-	} `yaml:"headers,omitempty"`
-	GoogleCache bool    `yaml:"googleCache,omitempty"`
-	RegexRules  []Regex `yaml:"regexRules"`
-	Injections  []struct {
-		Position string `yaml:"position"`
-		Append   string `yaml:"append"`
-		Prepend  string `yaml:"prepend"`
-		Replace  string `yaml:"replace"`
-	} `yaml:"injections"`
-}
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: ladder
-description: A helm chart to deploy everywall/ladder 
-type: application
-version: "1.0"
-appVersion: "v0.0.11"
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -1,27 +0,0 @@
-# Helm Chart for deployment of Ladder
-This folder contains a basic helm chart deployment for the ladder app.  
-
-# Deployment pre-reqs
-## Values
-Edit the values to your own preferences, with the only minimum requirement being `ingress.HOST` (line 19) being updated to your intended domain name.  
-
-Other variables in `values.yaml` can be updated as to your preferences, with details on each variable being listed in the main [README.md](/README.md) in the root of this repo.  
-
-## Defaults in K8s
-No ingress default has been specified. 
-You can set this manually by adding an annotation to the ingress.yaml - if needed.  
-For example, to use Traefik - 
-```yaml
-metadata:
-  name: ladder-ingress
-  annotations:
-    kubernetes.io/ingress.class: traefik
-```
-
-## Helm Install
-`helm install <name> <location> -n <namespace-name> --create-namespace`  
-`helm install ladder .\ladder\ -n ladder --create-namespace`  
-
-## Helm Upgrade
-`helm upgrade <name> <location> -n <namespace-name>`  
-`helm upgrade ladder .\ladder\ -n ladder`  
--- a/helm-chart/templates/deployment.yaml
+++ b/helm-chart/templates/deployment.yaml
@@ -1,55 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: ladder
-  name: ladder
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: ladder
-  template:
-    metadata:
-      labels:
-        app: ladder
-    spec:
-      containers:
-      - image: "{{ .Values.image.RELEASE }}"
-        imagePullPolicy: Always
-        name: ladder
-        resources:
-          limits:
-            cpu: 250m
-            memory: 128Mi
-          requests:
-            cpu: 250m
-            memory: 128Mi
-        env:
-          - name: PORT
-            value: "{{ .Values.env.PORT }}"
-          - name: PREFORK
-            value: "{{ .Values.env.PREFORK }}"
-          - name: USER_AGENT
-            value: "{{ .Values.env.USER_AGENT }}"
-          - name: X_FORWARDED_FOR
-            value: "{{ .Values.env.X_FORWARDED_FOR }}"
-          - name: USERPASS
-            value: "{{ .Values.env.USERPASS }}"
-          - name: LOG_URLS
-            value: "{{ .Values.env.LOG_URLS }}"
-          - name: DISABLE_FORM
-            value: "{{ .Values.env.DISABLE_FORM }}"
-          - name: FORM_PATH
-            value: "{{ .Values.env.FORM_PATH }}"
-          - name: RULESET
-            value: "{{ .Values.env.RULESET }}"
-          - name: EXPOSE_RULESET
-            value: "{{ .Values.env.EXPOSE_RULESET }}"
-          - name: ALLOWED_DOMAINS
-            value: "{{ .Values.env.ALLOWED_DOMAINS }}"
-          - name: ALLOWED_DOMAINS_RULESET
-            value: "{{ .Values.env.ALLOWED_DOMAINS_RULESET }}"
-      restartPolicy: Always
-      terminationGracePeriodSeconds: 30
--- a/helm-chart/templates/ingress.yaml
+++ b/helm-chart/templates/ingress.yaml
@@ -1,17 +0,0 @@
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ladder-ingress
-spec:
-  rules:
-  - host: "{{ .Values.ingress.HOST }}"
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: ladder-service
-            port:
-              number: {{ .Values.ingress.PORT }}
--- a/helm-chart/templates/service.yaml
+++ b/helm-chart/templates/service.yaml
@@ -1,14 +0,0 @@
---
-kind: Service
-apiVersion: v1
-metadata:
-  name: ladder-service
-spec:
-  type: ClusterIP
-  selector:
-    app: ladder
-  ports:
-  - name: http
-    port: {{ .Values.ingress.PORT }}
-    protocol: TCP
-    targetPort: {{ .Values.env.PORT }}
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -1,20 +0,0 @@
-image:
-  RELEASE: ghcr.io/everywall/ladder:latest
-  
-env:
-  PORT: 8080
-  PREFORK: "false"
-  USER_AGENT: "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
-  X_FORWARDED_FOR:
-  USERPASS: ""
-  LOG_URLS: "true"
-  DISABLE_FORM: "false"
-  FORM_PATH: ""
-  RULESET: "https://raw.githubusercontent.com/everywall/ladder/main/ruleset.yaml"
-  EXPOSE_RULESET: "true"
-  ALLOWED_DOMAINS: ""
-  ALLOWED_DOMAINS_RULESET: "false"
-
-ingress:
-  HOST: "ladder.domain.com"
-  PORT: 80
--- a/ruleset.yaml
+++ b/ruleset.yaml
@@ -1,32 +1,24 @@
- domain: example.com
-  domains: 
-  - www.beispiel.de
-  googleCache: true
-  headers:
-    x-forwarded-for: none
-    referer: none
-    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
-    cookie: privacy=1
+- domain: www.example.com
  regexRules:
    - match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
      replace: <script $1 script="/https://www.example.com/$3"
  injections:
    - position: head # Position where to inject the code
-      append: |
+      append: | 
        <script>
          window.localStorage.clear();
          console.log("test");
          alert("Hello!");
        </script>
    - position: h1
-      replace: |
+      replace: | 
        <h1>An example with a ladder ;-)</h1>
 - domain: www.americanbanker.com
-  paths:
+  paths: 
    - /news
  injections:
    - position: head
-      append: |
+      append: | 
        <script>
          document.addEventListener("DOMContentLoaded", () => {
            const inlineGate = document.querySelector('.inline-gate');
@@ -38,7 +30,7 @@
          });
        </script>
 - domain: www.nzz.ch
-  paths:
+  paths: 
    - /international
    - /sport
    - /wirtschaft
@@ -54,112 +46,10 @@
    - /finanze
  injections:
    - position: head
-      append: |
+      append: | 
        <script>
          document.addEventListener("DOMContentLoaded", () => {
            const paywall = document.querySelector('.dynamic-regwall');
            removeDOMElement(paywall)
          });
-        </script>
- domains: 
-  - www.architecturaldigest.com
-  - www.bonappetit.com
-  - www.cntraveler.com
-  - www.epicurious.com
-  - www.gq.com
-  - www.newyorker.com
-  - www.vanityfair.com
-  - www.vogue.com
-  - www.wired.com
-  injections:
-    - position: head
-      append: |
-        <script>
-          document.addEventListener("DOMContentLoaded", () => {
-            const banners = document.querySelectorAll('.paywall-bar, div[class^="MessageBannerWrapper-"');
-            banners.forEach(el => { el.remove(); });
-          });
-        </script>
- domains: 
-  - www.nytimes.com
-  - www.time.com
-  headers:
-    ueser-agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
-    cookie: nyt-a=; nyt-gdpr=0; nyt-geo=DE; nyt-privacy=1
-    referer: https://www.google.com/ 
-  injections:
-    - position: head
-      append: |
-        <script>
-          window.localStorage.clear();
-          document.addEventListener("DOMContentLoaded", () => {
-            const banners = document.querySelectorAll('div[data-testid="inline-message"], div[id^="ad-"], div[id^="leaderboard-"], div.expanded-dock, div.pz-ad-box, div[id="top-wrapper"], div[id="bottom-wrapper"]');
-            banners.forEach(el => { el.remove(); });
-          });
-        </script>
- domains: 
-  - www.thestar.com
-  - www.niagarafallsreview.ca
-  - www.stcatharinesstandard.ca
-  - www.thepeterboroughexaminer.com
-  - www.therecord.com
-  - www.thespec.com
-  - www.wellandtribune.ca
-  injections:
-    - position: head
-      append: |
-        <script>
-          window.localStorage.clear();
-          document.addEventListener("DOMContentLoaded", () => {
-            const paywall = document.querySelectorAll('div.subscriber-offers');
-            paywall.forEach(el => { el.remove(); });
-            const subscriber_only = document.querySelectorAll('div.subscriber-only');
-            for (const elem of subscriber_only) {
-              if (elem.classList.contains('encrypted-content') && dompurify_loaded) {
-                const parser = new DOMParser();
-                const doc = parser.parseFromString('<div>' + DOMPurify.sanitize(unscramble(elem.innerText)) + '</div>', 'text/html');
-                const content_new = doc.querySelector('div');
-                elem.parentNode.replaceChild(content_new, elem);
-              }
-              elem.removeAttribute('style');
-              elem.removeAttribute('class');
-            }
-            const banners = document.querySelectorAll('div.subscription-required, div.redacted-overlay, div.subscriber-hide, div.tnt-ads-container');
-            banners.forEach(el => { el.remove(); });
-            const ads = document.querySelectorAll('div.tnt-ads-container, div[class*="adLabelWrapper"]');
-            ads.forEach(el => { el.remove(); });
-            const recommendations = document.querySelectorAll('div[id^="tncms-region-article"]');
-            recommendations.forEach(el => { el.remove(); });
-          });
-        </script>
- domain: www.usatoday.com
-  injections:
-    - position: head
-      append: |
-        <script>
-          document.addEventListener("DOMContentLoaded", () => {
-            const banners = document.querySelectorAll('div.roadblock-container, .gnt_nb, [aria-label="advertisement"], div[id="main-frame-error"]');
-            banners.forEach(el => { el.remove(); });
-          });
-        </script>
- domain: www.washingtonpost.com
-  injections:
-    - position: head
-      append: |
-        <script>
-          document.addEventListener("DOMContentLoaded", () => {
-            let paywall = document.querySelectorAll('div[data-qa$="-ad"], div[id="leaderboard-wrapper"], div[data-qa="subscribe-promo"]');
-            paywall.forEach(el => { el.remove(); });
-            const images = document.querySelectorAll('img');
-            images.forEach(image => { image.parentElement.style.filter = ''; });
-            const headimage = document.querySelectorAll('div .aspect-custom');
-            headimage.forEach(image => { image.style.filter = ''; });
-          });
-        </script>
- domain: medium.com
-  headers:
-    referer: https://t.co/x?amp=1
-    x-forwarded-for: none
-    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
-    content-security-policy: script-src 'self';
-    cookie: 
+        </script>