Powxy Overview: A reverse proxy protecting upstream services with SHA-256 proof-of-work. A demo at [git.runxiyu.org] with occasional outages.

• Goal: Discourage scraping by making it costly for clients. Useful for protecting Git forges.
• Browser Support: JS and WASM users' browsers solve automatically; others need external programs (C or Python).
• Easy to Deploy/Maintain: Minimal implementation with no Go, JavaScript, or WebAssembly solver dependencies (except Clang and LLD). All config via command-line flags.

Mechanism:

• Client sends request. Proxy hashes client info to generate identifier. Checks for HMAC in cookie. Forwards if match and HMAC valid.
• If not, presents challenge to find nonce making SHA-256 hash start with certain zero bits. Client solves and submits through HTML form.
• JavaScript automates without user interaction (requires WebAssembly). Non-JavaScript clients solve externally.

To-do List:

• Fully audit cryptography.
• Allow Git clients and RSS readers.
• Handle POST requests with invalid powxy cookie.
• Work with duplex connections like Git's Smart HTTP.
• Improve time rounding.
• Choose better proof-of-work algorithm.
• Fix Safari on iOS and iPadOS issues.
• Support Unix domain sockets.

Build:

• Need Go, Clang, and LLD.
• git clone ssh://forge.lindenii.runxiyu.org/powxy/:/repos/powxy/
• cd powxy
• make

Usage:

• Various command-line flags like -difficulty, -idle-timeout, etc. for configuration.

Contribute:

• Create contrib/ branch and push to [repo on home forge] via SSH.
• Pushes to other namespaces or existing contribution branches are rejected. Merge request opened and maintainers notified via IRC.