Merge pull request 'chore(deps): update dependency postcss to v8.4.47' (#57) from renovate/postcss-8.x-lockfile into master

Reviewed-on: mCaptcha/website#57

.woodpecker.yml

@@ -1,13 +1,15 @@
-pipeline:
+steps:
   build:
-    image: python
+    image: realaravinth/nvm-node16-insecure
+    environment:
+      - NVM_DIR="$HOME/.nvm"
     when:
-      event: [ push, pull_request, tag, deployment ]
+      event: [push, pull_request, tag, deployment]
       branch: master
     commands:
-    - curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &&\
-    - apt update && apt-get -y --no-install-recommends install nodejs tar gpg curl wget
-    - make env
-    - make
-    - make ci-deploy
-    secrets: [ FORGEJO_WRITE_DEPLOY_KEY, LIBREPAGES_DEPLOY_SECRET ]
+      - apt-get update
+      - apt update && apt-get -y --no-install-recommends install curl tar gnupg curl wget git build-essential
+      - npm install yarn
+      - make env
+      - make ci-deploy
+    secrets: [FORGEJO_WRITE_DEPLOY_KEY, LIBREPAGES_DEPLOY_SECRET]

config/_default/menus.toml

@@ -1,20 +1,20 @@
 [[docs]]
-  name = "Introduction"
+  name = "Webmasters"
   weight = 510
-  identifier = "Introduction"
-  url = "/docs/introduction/"
+  identifier = "Webmasters"
+  url = "/docs/webmasters/"
 
 [[docs]]
-  name = "Terminology"
+  name = "User Manual"
   weight = 520
-  identifier = "Terminology"
-  url = "/docs/terminology/"
+  identifier = "user-manual"
+  url = "/docs/user-manual/"
 
 [[docs]]
-  name = "Self-Hosted"
+  name = "Self-Hosting"
   weight = 530
-  identifier = "Self-Hosted"
-  url = "/docs/self-hosted/"
+  identifier = "Self-Hosting"
+  url = "/docs/self-hosting/"
 
 [[docs]]
   name = "API"
@@ -51,10 +51,9 @@
   name = "Contact"
   url = "/contact/"
   weight = 40
-
 [[main]]
   name = "Docs"
-  url = "/docs/introduction/installing-captcha/"
+  url = "/docs/webmasters/installing-captcha/"
   weight = 500
 
 

config/_default/params.toml

@@ -7,7 +7,7 @@ title = "mCaptcha"
 titleSeparator = "-"
 titleAddition = "mCaptcha"
 description = "mCaptcha - PoW based DoS protection"
-docsRepo = "https://github.com/mCaptcha/website"
+docsRepo = "https://git.batsense.net/mCaptcha/website"
 editPage = true
 
 ## Open Graph + Twitter Cards

content/about/index.md

@@ -12,11 +12,10 @@ attackers a run for their money. And we do all of this without tracking
 your users. Oh and did I mention our UX is great?
 
 At mCaptcha, we believe in digital freedom and privacy and so we built
-an proof-of-work based CAPTCHA system that doesn’t track. Seriously, no
+a proof-of-work based CAPTCHA system that doesn’t track. Seriously, no
 tracking. But that isn’t the killer feature, our system doesn’t require
 the user to pick cars or ID sidewalks — our system does it’s
-thing(usually at the click of a button) and gets out of the way. Our
-Philosophy
+thing(usually at the click of a button) and gets out of the way.
 
 ## Philosophy
 

content/blog/07-22-monthly-report/index.md

@@ -69,7 +69,7 @@ mCaptcha docs over the months have become inconsistent and incorrect. I
 cleaned up some of the mess and added [a
 tutorial](/docs/introduction/installing-captcha/) to help folks install
 mCaptcha on their website. The docs also gets [a
-glossary](/docs/terminology/access-token/), which contain explanations
+glossary](/docs/webmasters/terminology/), which contain explanations
 to mCaptcha jargon.
 
 ## New releases: glue libraries

content/blog/10-20-mcaptcha-net/index.md

@@ -0,0 +1,73 @@
+---
+title: "Introducing mCaptcha net"
+description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
+date: 2023-10-19
+lastmod: 2023-10-19
+draft: false
+weight: 50
+images: ["icon.png"]
+contributors: ["Aravinth Manivannan"]
+---
+
+mCaptcha uses a Proof-of-Work (PoW) based algorithm to offer
+Denial-of-Service protection, because of [its excellent accessibility
+characteristics](https://www.w3.org/TR/turingtest/#proof-of-work). PoW
+within mCaptcha is configuration --- webmasters can configure
+[difficulty factors](/docs/terminology/difficulty-factor) for their
+installations, which determines waiting time for visitors. But PoW can
+become inaccessible if webmasters choose a very high difficulty factor.
+So they have to maintain a balance which imposes sufficient load on DDoS
+attackers while also being accessible to common folk.
+
+{{< alert icon="⭐" text=" mCaptcha installation: integration of the mCaptcha widget to a service." >}}
+
+To help webmasters correctly configure difficult factors, we are
+building a feedback loop which would gather performance statistics from
+voluntary mCaptcha installations and make them available to other
+mCaptcha installations. The performance statistics can be used by all
+mCaptcha instances to automatically optimize an installation. We are
+calling this the mCaptcha net.
+
+## Participation is optional
+
+Participation in the mCaptcha net is disabled by default and is
+optional as it has privacy implications: it will reveal the
+existence of an mCaptcha instance.
+
+The admins of mCaptcha instances can choose to upload truly anonymous
+PoW performance statistics to a number of [mCaptcha/survey](https://git.batsense.net/mCaptcha/survey) instances.
+The data uploaded is public and so is accessible to all mCaptcha
+instances.
+
+We also offer opt-in controls at installation level:
+
+{{% img src="installation-level-opt-in.png" alt="A screenshot of the 'add sitekey' form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." caption="Add sitekey form on the mCaptcha dashboard with a checkbox for anonymously publishing performance statistics. It is not checked by default." %}}
+
+## Ensuring anonymity
+
+mCaptcha doesn't fingerprint its users. Performance parameters include:
+
+1. Time taken to generate PoW
+2. The difficulty factor for which the PoW was computed
+3. Type of client library used.
+
+```json
+"time":14,
+"difficulty_factor":50000,
+"worker_type":"wasm"
+```
+
+This doesn't include the usual fingerprinting parameters like
+User-Agent, cookies, and IP address. Additionally, we use pseudo IDs
+at both mCaptcha/mCaptcha and mCaptcha/survey to avoid exposing installations.
+
+{{% img src="working-rpc.png" alt="A screenshot of a tmux window with logs of mCaptcha/mCaptcha and mCapctha/survey showing both of them talking to eachother" caption="mCaptcha/mCaptcha uploading performance statistics to a mCaptcha/survey instance" %}}
+
+## Status
+
+We now have performance statistics uploads to mCaptcha/survey instances
+working. Pull request [mCaptcha/mCaptcha#92](https://github.com/mCaptcha/mCaptcha/pull/92)
+added abilities to mCaptcha to upload statistics to mCaptcha/survey instances and
+[mCaptcha/survey#40](https://git.batsense.net/mCaptcha/survey/pulls/17) enable survey to process the uploaded data. We will soon build a
+self-tuning algorithm within mCaptcha to use this data and optimize
+installations automatically.

content/blog/testing-on-screenreaders.md

@@ -0,0 +1,34 @@
+---
+title: "Testing on screenreaders"
+description: "A network of mCaptcha instances sharing PoW stats to make mCaptcha more efficient and accessible"
+date: 2024-02-10
+lastmod: 2024-02-12
+draft: false
+weight: 50
+images: ["icon.png"]
+contributors: ["Aravinth Manivannan"]
+---
+
+[HAN University of Applied Sciences](www.han.nl) kindly did an
+accessibility test of the mCaptcha widget and the showcase site, which
+features a real world integration of mCaptcha in a third-party service.
+The report motived us to make screen reader testing an integral part of
+the release process.
+
+Here are the results:
+
+## Android in-built screen reader on Fennec
+
+<iframe title="Testing mCaptcha on Android screenreader with Fennec browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/e9579d73-b19e-4051-9337-8432fc15c3b3" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
+
+## NVDA on Microsoft Windows and Mozilla Firefox
+
+<iframe title="Testing mCaptcha on NVDA screen reader on MS Windows with Mozilla Firefox browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/cf534270-8089-4aad-95b3-543c467a6a12" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
+
+## macOS in-built screen reader on Google Chrome
+
+<iframe title="Testing mCaptcha on macOS in-built screen reader and Google Chrome browser" width="560" height="315" src="https://peertube.batsense.net/videos/embed/45be4f8c-1978-4650-b9f1-972cfead8420" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>
+
+## iOS in-built screen reader on Safari
+
+<iframe title="Testing mCaptcha on iOS screenreader with Safari" width="560" height="315" src="https://peertube.batsense.net/videos/embed/ac9722a4-3dce-4c40-bb0c-7bc8d721c3db" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups"></iframe>

content/docs/self-hosted/bare-metal.md

@@ -1,130 +0,0 @@
----
-title: "Deploy bare metal"
-description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
-lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
-date: 2021-07-21 14:49
-lastmod: 2021-07-21 14:49
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Self-Hosted"
-weight: 532
-toc: true
----
-
-### 2. Configure
-
-mcaptcha is highly configurable.
-
-Configuration is applied/merged in the following order:
-
-1. path to configuration file passed in via `MCAPTCHA_CONFIG`
-2. `./config/default.toml`
-3. `/etc/mcaptcha/config.toml`
-4. environment variables.
-
-
-
-### 1. Install postgres if you don't have it already.
-For Debian based distributions:
-```bash
-sudo apt install postgres
-```
-
-### 2. Create new user for running `mcaptcha`
-
-```bash
-$ sudo useradd -b /srv -m -s /usr/bin/zsh mcaptcha
-```
-
-### 3. Create new user in Postgres
-
-```bash
-$ sudo -iu postgres # switch to `postgres` user
-$ psql
-postgres=#  CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote`;
-$  createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
-```
-
-### 4. Install and load [`mCaptcha/cache`](https://github.com/mCaptcha/cache) module:
-
-See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
-details.
-
-### 4. Build `mcaptcha`
-
-To build `mcaptcha`, you need the following dependencies:
-
-1. rust
-2. node(`v14.16.0`)
-3. yarn(JavaScript package manager)
-4. make
-
-## How to build
-
-1. Install Cargo using [rustup](https://rustup.rs/) with:
-
-```bash
-$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-```
-
-2. Install node(`v14.16.0`)
-
-3. Install yarn(JavaScript package manager)
-
-4. Build with make:
-
-```bash
-$ make dev-env && \
-	make release
-```
-
-### 5. Install package:
-
-```bash
-$ sudo cp ./target/release/mcaptcha /usr/bin/ && \
-	mkdir sudo /etc/mcaptcha && \
-	sudo cp config/default.toml /etc/mcaptcha/config.toml
-```
-
-### 6. Systemd service configuration:
-
-1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
-
-```systemd
-[Unit]
-Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
-
-[Service]
-Type=simple
-User=mcaptcha
-ExecStart=/usr/bin/mcaptcha
-Restart=on-failure
-RestartSec=1
-SuccessExitStatus=3 4
-RestartForceExitStatus=3 4
-SystemCallArchitectures=native
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-Environment="RUST_LOG=info"
-
-[Unit]
-After=sound.target
-Wants=network-online.target
-Wants=network-online.target
-Requires=postgresql.service
-After=syslog.target
-
-[Install]
-WantedBy=multi-user.target
-```
-
-2. Enable service:
-
-```bash
-$ sudo systemctl daemon-reload && \
-	sudo systemctl enable mcaptcha && \ # Auto startup during boot
-	sudo systemctl start mcaptcha
-``
-```

content/docs/self-hosted/dependencies.md

@@ -1,101 +0,0 @@
----
-title: "Database and cache"
-description: "mCaptcha server requires dependencies like a Postgres
-database and a Redis cache"
-lead: "mCaptcha server requires dependencies like a Postgres
-database and a Redis cache"
-date: 2021-07-21 14:49
-lastmod: 2021-07-21 14:49
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Self-Hosted"
-weight: 534
-toc: true
----
-
-## Notes
-
-### Database
-
-- Database migrations are baked into the server binary so don't worry
-about them.
-
-- When compiling from source, unset database configuration(comment out
-database configuration/ `unset` relevant environment variables).
-`mCaptcha` uses [`sqlx`](https://crates.io/crates/sqlx) database client
-library which checks SQL queries at compile time. So if you are starting
-with a fresh database without migrations applied, compilation will fail.
-
-### Redis
-
-- Redis is an optional dependency. Currently, the non-Redis configuration
-doesn't persist CAPTCHA heat. So if there's a systems failure, CAPTCHA
-heat will be reset and visitor count will start from 0. For small
-installations, this should post a problem as heat is short lived and is
-reset anyways at cool down period.
-
-- mCaptcha uses a custom Redis module called
-[cache](https://github.com/mCaptcha/cache) to overcome some of Redis'
-limitations.
-
-
-## Instructions
-
-Once again, there are two ways to go about this:
-
-1. Docker
-2. Bare metal
-
-### Docker
-
-### Database
-
-Download and run Postgres
-
-```bash
-docker create --name mcaptcha-postgres \
-  -e POSTGRES_PASSWORD=<database-password> \
-  -p 5432:5432 \
-  postgres && docker start mcaptcha-postgres
-```
-
-### Redis
-
-```bash
-docker create --name mcaptcha-cache \
-  -p 6379:6379 \
-  mcaptcha/cache && docker start mcaptcha-cache
-```
-
-See [mCaptcha/cache](https://github.com/mCaptcha/cache) for more
-details.
-
-### 1. Install Postgres if you don't have it already.
-
-For Debian based distributions:
-
-```bash
-sudo apt install postgres
-```
-
-### 2. Create new user for running `mCaptcha`
-
-```bash
-$ sudo useradd -b /srv -m -s /usr/bin/bash mcaptcha
-```
-
-### 3. Create new user in Postgres
-
-```bash
-$ sudo -iu postgres # switch to `postgres` user
-$ psql
-postgres=#  CREATE USER mcaptcha WITH PASSWORD 'my super long password and yes you need single quote';
-$  createdb -O mcaptcha mcaptcha # create db 'mcaptcha' with 'mcaptcha' as owner
-```
-
-### 4. Install [`mCaptcha/cache`](https://github.com/mCaptcha/cache)
-
-See [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more
-details.

content/docs/self-hosting/_index.md

@@ -1,5 +1,5 @@
 ---
-title : "Self-Hosted"
+title : "Self-Hosting"
 description: "Instructions to self-host mCaptcha"
 lead: ""
 date: 2021-07-21 15:44

content/docs/self-hosting/ansible.md

@@ -0,0 +1,50 @@
+---
+title: "Using Ansible"
+description: "Deploy mCaptcha software using Ansible playbooks"
+lead: "Deploy mCaptcha software using Ansible playbooks"
+date: 2023-12-03 15:14
+lastmod: 2023-12-09 03:09
+draft: false
+images: []
+menu:
+  docs:
+    parent: "Self-Hosting"
+weight: 533
+toc: true
+---
+
+Ansible playbooks to install mCaptcha are available [here](https://git.batsense.net/mCaptcha/iac).
+
+## Instructions
+
+### Installation
+
+1. Clone the repository:
+
+```bash
+git clone https://git.batsense.net/mCaptcha/iac && cd iac
+```
+
+2. Create inventory file. You should have SSH access to the remote
+   machine, and the user must have `sudo` privileges. Example inventory
+   file:
+
+   ```ini
+   [mcaptcha_hosts]
+   "mcaptcha_hosts"
+   <node name> ansible_host=<node IP> ansible_user=<remote username>
+   ```
+
+   It is important that the group name be `mcaptcha_hosts`.
+
+3. Configure installation by editing [ansible/vars/mcaptcha/vars.yml](https://git.batsense.net/mCaptcha/iac/src/branch/master/ansible/vars/mcaptcha/vars.yml). Most parameters have defaults, and the required parameters are annotated.
+4. Run playbook:
+
+```bash
+	ansible-playbook -i path/to/inventory-file -f 10 ./ansible/mcaptcha.yml
+```
+
+### Update
+
+1. Pull changes from Git repository
+2. Rerun playbook

content/docs/self-hosting/bare-metal.md

@@ -0,0 +1,180 @@
+---
+title: "Deploy bare metal"
+description: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
+lead: "Bare metal deployment is tedious, most of this will be automated with a script in the future."
+date: 2021-07-21 14:49
+lastmod: 2021-07-21 14:49
+draft: false
+images: []
+menu:
+  docs:
+    parent: "Self-Hosting"
+weight: 532
+toc: true
+---
+
+## 1. Install Database
+
+The following databases are supported:
+
+1. Postgres
+2. MariaDB
+
+Please install the database of your choice. Then:
+
+1. Create new database user for mCaptcha
+2. Create new database for mCaptcha
+
+mCaptcha binary has migrations baked-in and is applied on start up. The
+choice of database is described using the [scheme](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL#scheme) of the database URL. For
+instance:
+
+1. Postgres: `postgres://mcaptcha:password@localhost:5432/mcaptcha`
+2. Mariadb: `mysql://mcaptcha:password@localhost:3306/mcaptcha`
+
+## 2. Optionally, install mCaptcha/cache
+
+We recommend this for larger instances. For single-user instances or for
+instances that protect personal websites, we recommend using the
+internal cache system. To do so, please comment out the
+[`redis`](https://github.com/mCaptcha/mCaptcha/blob/d4967626ee59504b32b0f85e409b4e3444ddc4f0/config/default.toml#L54) section of the configuration file.
+
+Please see [`mCaptcha/cache`](https://github.com/mCaptcha/cache) for more details.
+
+## 3. Install mCaptcha
+
+### 3.1 Install from source
+
+To build `mcaptcha`, you need the following dependencies:
+
+1. rust
+2. node(`v20`)
+3. yarn(JavaScript package manager)
+4. make
+
+With all dependencies installed, run:
+
+```
+make dev-env && make release
+```
+
+And the following commands to install the compiled binary:
+
+```
+sudo cp ./target/release/mcaptcha /usr/bin/ && \
+	mkdir sudo /etc/mcaptcha && \
+	sudo cp config/default.toml /etc/mcaptcha/config.toml
+```
+
+### 3.2 Install pre-compiled binary
+
+#### i. Download assets
+
+```
+wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.asc
+wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
+wget https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
+```
+
+### ii Verify checksum
+
+```
+sha256sum -c mcaptcha-master-linux-amd64.tar.gz.sha256
+```
+
+### iii Verify GPG signature
+
+All mcaptcha binaries are signed with [our GPG
+key](https://keyserver.ubuntu.com/pks/lookup?search=73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73&fingerprint=on&op=index).
+Please verify signatures to verify authenticity.
+
+```
+gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
+gpg --verify mcaptcha-master-linux-amd64.tar.gz.asc
+```
+
+### iv. Install
+
+```
+tar -xvzf mcaptcha-master-linux-amd64.tar.gz \
+  && sudo cp mcaptcha-master-linux-amd64/mcaptcha /usr/local/bin \
+  && sudo mkdir /etc/mcaptcha \
+  && sudo cp mcaptcha-master-linux-amd64/config.toml /etc/mcaptcha/
+```
+
+### 4. Configuration
+
+mCaptcha is highly configurable.
+
+Configuration is applied/merged in the following order:
+
+1. path to configuration file passed in via `MCAPTCHA_CONFIG`
+2. `./config/default.toml`
+3. `/etc/mcaptcha/config.toml`
+4. environment variables. Please see
+   [here](https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIGURATION.md) for a full list of environment variables.
+
+### 5. Systemd service configuration:
+
+1. Copy the following to `/etc/systemd/system/mcaptcha.service`:
+
+```
+[Unit]
+Description=mCaptcha: a CAPTCHA system that gives attackers a run for their money
+
+[Service]
+Type=simple
+User=mcaptcha
+ExecStart=/usr/bin/mcaptcha
+Restart=on-failure
+RestartSec=1
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+Environment="RUST_LOG=info"
+
+[Unit]
+After=sound.target
+Wants=network-online.target
+Wants=network-online.target
+Requires=postgresql.service
+After=syslog.target
+
+[Install]
+WantedBy=multi-user.target
+```
+
+2. Enable service:
+
+```
+sudo systemctl daemon-reload && \
+	sudo systemctl enable mcaptcha && \ # Auto startup during boot
+	sudo systemctl start mcaptcha
+```
+
+### 6. Install and configure Nginx
+
+mCaptcha doesn't implement SSL yet. Please use a reverse proxy like
+Nginx to add SSL to your deployment. Here's an example virtual host
+configuration for Nginx:
+
+```
+server {
+  server_name <your mcaptcha hostname>;
+	listen 80;
+	listen [::]:80;
+
+	location / {
+		proxy_pass http://127.0.0.1:<mcaptcha_port>;
+		proxy_set_header Host $host;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+	}
+
+}
+```

content/docs/self-hosting/docker.md

@@ -7,8 +7,8 @@ draft: false
 images: []
 menu:
   docs:
-    parent: "Self-Hosted"
-weight: 533
+    parent: "Self-Hosting"
+weight: 534
 toc: true
 ---
 
@@ -33,7 +33,7 @@ for configurable options.
 
 If you have already have a Postgres instance running, then:
 
-```bash
+```
 docker run -p <host-machine-port>:<port-in-configuration-file> \
 	--add-host=database:<database-ip-addrss> \
 	-e RUST_LOG=debug \
@@ -42,18 +42,26 @@ docker run -p <host-machine-port>:<port-in-configuration-file> \
 ```
 
 If you don't have a Postgres instance running, you can either install
-one using a package manager or launch one with docker. A [docker-compose
-configuration]('../docker-compose.yml) is available that will launch both
-a database instance mcaptcha instance.
+one using a package manager or launch one with docker.
 
 ## With docker-compose
 
-1. Follow steps above to build docker image.
+1. Download docker-compose file and the configuration file:
 
-2. Set database password [docker-compose configuration]('../docker-compose.yml).
+```
+wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/.env.docker-compose
+wget https://raw.githubusercontent.com/mCaptcha/mCaptcha/master/docker-compose.yml
+```
 
-3. Launch network
+2. Configure deployment using `.env.docker-compose` environment variable
+   file
 
-```bash
+3. Launch containers:
+
+```
 docker-compose up -d
 ```
+
+4. Configure SSL using reverse proxy: mCaptcha doesn't support SSL at
+   the moment, so please use a reverse proxy to secure your instance. A
+   reference nginx virtual host configuration file is available [here](../bare-metal/#6-install-and-configure-nginx).

content/docs/self-hosting/getting-started.md

@@ -8,7 +8,7 @@ draft: false
 images: []
 menu:
   docs:
-    parent: "Self-Hosted"
+    parent: "Self-Hosting"
 weight: 531
 toc: true
 ---
@@ -19,3 +19,4 @@ There are two main ways to self-host mCaptcha:
 
 1. [Bare metal](./bare-metal)
 2. [With Docker](./docker)
+2. [With Ansible](./ansible)

content/docs/terminology/_index.md

@@ -1,9 +0,0 @@
----
-title : "Terminology"
-description: "Information about terminology used in mCaptcha, some of which unique to the project"
-lead: ""
-date: 2022-07-27T08:48:45+00:00
-lastmod: 2020-07-27T08:48:45+00:00
-draft: false
-images: []
----

content/docs/terminology/access-token.md

@@ -1,37 +0,0 @@
----
-title: "Access token"
-description: "mCaptcha implements leaky bucket algorithm to measure
-current traffic levels. Cooldown period specifies the leak or the time
-after which a visitor addition is decremented."
-lead: ""
-date: 2022-07-22
-lastmod: 2022-07-22 20:17
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Terminology"
-weight: 521
-toc: true
----
-
-When a visitor solves the CAPTCHA and sends their solution to an
-mCaptcha instance, the solution will be verified for correctness. If the
-solution is correct, mCaptcha will return a single use access token.
-
-This access token should be attached to the visitor's requited to the
-protected service and the protected service should validity of the
-access token with the mCaptcha instance and only allow access to
-protected resource if the access token is valid.
-
-## Validate access token:
-
-```bash
-curl --location --request POST 'https://mcaptcha.example.net/api/v1/pow/siteverify' \
-  --header 'Content-Type: application/json' \
-  --data-raw '{
-    "token": "replace this with the access token presented by visitor",
-    "key": "replace this with the sitekey associated with the CAPTCHA"
-    "secret": "replace this with mCaptcha account secret, available in settings"
-  }'
-```

content/docs/terminology/cooldown-period.md

@@ -1,30 +0,0 @@
----
-title: "Cooldown Period"
-description: "mCaptcha implements leaky bucket algorithm to measure
-current traffic levels. Cooldown period specifies the leak or the time
-after which a visitor addition is decremented."
-lead: ""
-date: 2022-07-22
-lastmod: 2022-07-22 20:17
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Terminology"
-weight: 522
-toc: true
----
-
-mCaptcha implements leaky bucket algorithm to measure
-current traffic levels. Cooldown period specifies the leak or the time
-after which a visitor addition is decremented.
-
-For instance, if initial traffic level is 0 and a user visits one
-second later, the traffic level will be incremented to 1. Now, if the
-cooldown period is set to 30 seconds, the traffic level will be
-decremented after 30 seconds. So after 30 seconds, the traffic level will
-go from 1 to 0.
-
-## Easy Mode: Default cooldown
-
-When configuring mCaptcha in [easy Mode](/docs/introduction/configuring-difficulty-factor/#easy-option), the default cooldown period is set to 30 seconds.

content/docs/terminology/difficulty-factor/index.md

@@ -1,23 +0,0 @@
----
-title: "Difficulty Factor"
-description: "Difficulty factor determines the time it takes to solve a CAPTCHA, there are two modes to setting difficulty factor: advance and easy, this page documents both modes."
-lead: ""
-date: 2022-07-22
-lastmod: 2022-07-22 20:17
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Terminology"
-weight: 523
-toc: true
----
-
-Difficulty factor determines the time it takes to solve a CAPTCHA. The
-higher the difficulty factor, the longer it will take to generate a
-proof of work for it to solve the CAPTCHA.
-
-mCaptcha's proof of work based mechanism makes it highly accessible to
-people with special needs but it is important to choose the difficulty factor
-with care as very high difficulty factors will make the CAPTCHA
-inaccessible to users on slow devices.

content/docs/terminology/visitor-threshold.md

@@ -1,49 +0,0 @@
----
-title: "Visitor Threshold"
-description: "Visitor threshold is used to split traffic into levels. If
-the traffic level supersceedes the configured threshold, then mCaptcha will
-increase difficulty factor based on the configuration provided."
-lead: ""
-date: 2022-07-22
-lastmod: 2022-07-22 20:17
-draft: false
-images: []
-menu:
-  docs:
-    parent: "Terminology"
-weight: 525
-toc: true
----
-
-mCaptcha's variable difficulty factor mechanism requires a website's traffic
-statistics be split into levels, so that it can deploy the right
-difficulty factor for each level.
-
-Visitor threshold is used to traffic into levels and mCaptcha accepts a
-difficulty configuration for each of these levels. When current traffic
-exceeds a difficulty factor, mCaptcha will increase the difficulty
-factor to the next configured level.
-
-For instance, consider the configuration given below:
-
-- Cool down period: 30 seconds
-
-| Level | Difficulty Factor | Visitor Threshold |
-| ----- | ----------------- | ----------------- |
-| 1     | 5,000             | 2,000             |
-| 2     | 50,000            | 5,000             |
-| 3     | 500,000           | 10,000            |
-| 4     | 5,000,000         | 15,000            |
-
-If the website sees 2,000 requests in a 30 second window, level 1
-difficulty factor(5,000) will be deployed. If the traffic increases to
-5,000 requests in a 30 second window, then difficulty factor will be
-upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
-seconds will result in difficulty factor being upgraded to 500,000 and
-5,000,000 respectively.
-
-Visitor threshold is how mCaptcha determines which difficulty factor
-level to deploy. mCaptcha uses leaky bucket algorithm to keep the
-visitor threshold constantly updated within the configured cool down
-period. So, at any given moment the, the current visitor level will be
-the amount of traffic that was served in the cool down period specified.

content/docs/user-manual/_index.md

@@ -0,0 +1,9 @@
+---
+title : "User Manual"
+description: "Introduction to mCaptcha for users"
+lead: ""
+date: 2023-10-27T08:48:45+00:00
+lastmod: 2023-10-27T08:48:45+00:00
+draft: false
+images: []
+---

content/docs/user-manual/cli.md

@@ -0,0 +1,151 @@
+---
+title: "CLI tool"
+description: "Instructions to install mCaptcha CLI"
+lead: ""
+date: 2023-10-27T08:48:45+00:00
+lastmod: 2023-10-27T08:48:45+00:00
+draft: false
+menu:
+  docs:
+    parent: "user-manual"
+---
+
+A CLI tool exists to compute mCaptcha challenges. It can be installed
+from multiple sources:
+
+## Install
+
+### crates.io
+
+The CLI tool is available on, [crates.io](https://crates.io), the Rust
+language's package registry. Rust language toolchain is required to
+install from crates.io, please see [rustup.rs](https://rustup.rs) for
+Instructions to install it.
+
+```bash
+cargo install mcaptcha-cli
+```
+
+### Pre-compiled binaries
+
+Nightly builds and stable releases are regularly published to
+[dl.mcaptcha.org](https://dl.mcaptcha.org/mcaptcha/cli) for a variety of
+CPU architectures and operating systems.
+
+1. Download binary, checksum and GPG signature files
+
+```bash
+wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz
+wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz.asc
+wget https://dl.mcaptcha.org/mcaptcha/cli/{VERSION}/{FILENAME}.tar.gz.sha256
+```
+
+2. Verify checksum
+
+```bash
+sha256sum -c {FILENAME}.tar.gz.sha256
+```
+
+3. Download mCaptcha's GPG release keys and verify GPG signature
+
+```bash
+gpg --keyserver keyserver.ubuntu.com --recv 73DAC973A9ADBB9ADCB5CDC4595A08135BA9FF73
+gpg --verify {FILENAME}.tar.gz.asc
+```
+
+4. Install Binary
+
+```bash
+tar -xvzf {FILENAME}.tar.gz && sudo cp {FILENAME}/mcaptcha-cli /usr/local/bin
+```
+
+### Build from source
+
+1. Install Rust tool chain
+   Please see [here](https://rustup.rs) for instructions.
+2. Download source code
+
+```bash
+git clone https://git.batsense.net/mCaptcha/cli
+```
+
+3. Compile and install
+
+```bash
+cargo build --release && sudp cp ./target/release/mcaptcha-cli
+/usr/local/bin
+```
+
+## Pass mCaptcha challenge
+
+The CLI tool requires details about the challenge to work on it. The
+tool can be used in three different modes compute challenge:
+
+1. Protected Page: Compute mCaptcha challenge for the CAPTCHA at a
+   protected page
+2. Widget URL: Compute PoW for captcha at widget URL
+3. (Developer mode) Offline: Computes PoW over given CAPTCHA parameters
+
+### From protected page URL
+
+The most convenient mode: copy the URL of the webpage which has the
+mCaptcha widget (example: showcase.mcaptcha.org) and run the CLI tool
+with it to get an authorization code:
+Compute challenge using the URL
+
+```bash
+03:39 atm@lab cli ±|feat-parse-webpage ✗|→ mcaptcha-cli protected-page https://showcase.mcaptcha.org/
+Authorization token: eRAZJiMrW58uDYA1s64Tmwq1u30HutuF
+```
+
+### Widget URL
+
+If you have the widget URL (will be in format https://mcaptcha.example.org/widget?sitekey=randomstring), it can be used to solve challenge as well:
+
+```bash
+Compute PoW by fetching parameters from  CAPTCHA URL
+
+Usage: mcaptcha-cli online --url <URL>
+
+Options:
+  -u, --url <URL>  URL of the CAPTCHA. Example:  https://example.org/widget?sitekey=foo
+  -h, --help       Print help
+```
+
+Example usage:
+
+```bash
+13:32 atm@lab cli ±|online ✗|→ mcaptcha-cli online -u https://demo.mcaptcha.org/widget?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23
+Authorization token: 3xleN26OctBuVu3X4t6CYyUjErhaxQvz
+```
+
+### [Developer mode] Offline
+
+Useful while debugging mCaptcha configurations, works on raw challenge
+parameters.
+
+Help menu:
+
+```bash
+Compute PoW with offline parameters
+
+Usage: mcaptcha-cli offline --salt <SALT> --phrase <PHRASE> --difficulty-factor <DIFFICULTY_FACTOR>
+
+Options:
+  -s, --salt <SALT>                            Salt with which PoW should be computed
+  -p, --phrase <PHRASE>                        Phrase over which PoW should be computed
+  -d, --difficulty-factor <DIFFICULTY_FACTOR>  Difficulty Factor
+  -h, --help                                   Print help
+```
+
+Example usage:
+
+```bash
+13:28 atm@lab cli ±|online|→ mcaptcha-cli offline -s $(rand 32) -p $(rand 32) -d 50000
+difficulty: 50000
+nonce: 90507
+original phrase: f351f333d44b2c6b5bf7f033b065bbb8fb5e9dd153bd402e43ed04425f5a3859
+result: 340276562956196291522979356090220150471
+```
+
+Where rand is [this](https://github.com/realaravinth/dotfiles/blob/6fc6c87cc912e17488a35c0d3327ecf393221270/scripts/rand#L20) script.

content/docs/user-manual/how-to-mcaptcha-without-js.md

@@ -0,0 +1,22 @@
+---
+title: "Use mCaptcha without JavaScript"
+description: "Instructions to solve mCaptcha with JavaScript disabled"
+lead: ""
+date: 2023-10-27T08:48:45+00:00
+lastmod: 2023-10-27T08:48:45+00:00
+draft: false
+menu:
+  docs:
+    parent : "user-manual"
+---
+
+To use mCaptcha without JavaScript:
+
+
+1. Install mCaptcha CLI too. Please see [here](./cli) for instructions.
+2. Copy the URL of the protected page
+3. Run mCaptcha CLI with that URL:
+  ```bash
+  mcapthca-cli protected-page <URL>
+  ```
+4. Copy authorization code and paste it in the form

content/docs/webmasters/_index.md

@@ -1,6 +1,6 @@
 ---
-title : "Introduction"
-description: "Introduction to mCaptcha."
+title : "Webmasters"
+description: "Introduction to mCaptcha for webmasters"
 lead: ""
 date: 2020-10-06T08:48:45+00:00
 lastmod: 2020-10-06T08:48:45+00:00

content/docs/webmasters/configuring-difficulty-factor/index.md

@@ -10,7 +10,7 @@ draft: false
 images: []
 menu:
   docs:
-    parent: "Introduction"
+    parent: "Webmasters"
 weight: 512
 toc: true
 ---

content/docs/webmasters/faq/index.md

@@ -1,23 +1,20 @@
 ---
-title: "Site key"
-description: "Site key is the unique identifier associated with a CAPTCHA created on mCaptcha"
+title: "Webmasters FAQ"
+description: "Frequently asked questions related to using mCaptcha as a webmaster"
 lead: ""
-date: 2022-07-22
-lastmod: 2022-07-22 20:17
+date: 2022-07-27T08:48:45+00:00
+lastmod: 2020-07-27T08:48:45+00:00
 draft: false
-images: []
 menu:
   docs:
-    parent: "Terminology"
-weight: 524
-toc: true
+    parent: "Webmasters"
 ---
 
-Site key is a unique identifier associated with CAPTCHA configurations
-created on mCaptcha. It is required to integrate a CAPTCHA with your
-website.
+### Easy Mode: Default cooldown period
 
-## How to get site key?
+When configuring mCaptcha in [easy mode](/docs/webmasters/configuring-difficulty-factor/#easy-option), the default cooldown period is set to 30 seconds.
+
+## How to get site key from dashboard?
 
 1. Go to "Site keys" on the side panel in the dashboard
 

content/docs/webmasters/installing-captcha/index.md

@@ -8,7 +8,7 @@ draft: false
 images: []
 menu:
   docs:
-    parent: "Introduction"
+    parent: "Webmasters"
 weight: 511
 toc: true
 ---
@@ -37,19 +37,9 @@ a new site key, click on "New Site" button in the dashboard.
 {{% img src="new-sitekey-btn.png" alt="mCaptcha dashboard with the 'new site key' button highlighted" %}}
 
 There are two options to create a new site key, easy and advanced. **We
-are going to use the easy mode in this tutorial.** If you are interested
+are going to use the [easy mode](/docs/webmasters/configuring-difficulty-factor#easy-option) in this tutorial.** If you are interested
 in learning more about the advance mode, please see [here](/docs/introduction/configuring-difficulty-factor/#advance-option).
 
-> ### [Easy Mode](/docs/introduction/configuring-difficulty-factor/#easy-option)
->
-> Easy mode asks a few basic statistics about your website and generates a
-> configuration that should work for your website. Currently, easy mode is
-> guided by assumptions on suitable difficulty factors to protect a
-> website but it will be fine-tuned as mCaptcha sees more deployment.
->
-> Configuration generated by easy mode can be tweaked later using the
-> advance mode, as you become more familiar with how mCaptcha works.
-
 Fill the form and submit it.
 
 {{% img src="new-sitekey-easy-mode-filled.png" alt="mCaptcha dashboard with the 'new site key' form in easy mode, with details filled in" %}}
@@ -80,16 +70,20 @@ to replace `Your {{paste your widget link}}` with the link obtained from
 the previous step.
 
 ```html
+<label
+  data-mcaptcha_url="{{paste your widget link here}}"
+  for="mcaptcha__token"
+  id="mcaptcha__token-label"
+>
+  mCaptcha authorization token.
+  <a
+    href="https://mcaptcha.org/docs/user-manual/how-to-mcaptcha-without-js/"
+    >Instructions</a
+  >.
+  <input type="text" name="mcaptcha__token" id="mcaptcha__token" />
+</label>
 <div id="mcaptcha__widget-container"></div>
-<script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-alpha-2/dist/index.js"></script>
-<script charset="utf-8">
-  let config = {
-    widgetLink: new URL(
-      {{paste yout widget link}}
-    ),
-  };
-  new mcaptchaGlue.default(config);
-</script>
+<script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-rc2/dist/index.js"></script>
 ```
 
 A full example is available
@@ -97,7 +91,7 @@ A full example is available
 
 ## 5. Configure backend to authenticate CAPTCHA tokens
 
-1. Get [access token](/docs/terminology/access-token) from the user's
+1. Get [authorization token](/docs/webmasters/terminology/#authorization-token) from the user's
    form submission payload. The access token will be associated with a
    parameter called `mcaptcha__token`.
 
@@ -120,6 +114,8 @@ resp = requests.post(
 resp = resp.json()
 ```
 
+**Note**: secret (`mcaptcha_account_secret` from above) is available in Dashboard > Settings > Secret
+
 3. If access token is valid, allow access to protected resource or deny
    access.
 

content/docs/webmasters/terminology/index.md

@@ -0,0 +1,86 @@
+---
+title: "Terminology"
+description: "Information about terminology used in mCaptcha, some of which unique to the project"
+lead: ""
+date: 2022-07-27T08:48:45+00:00
+lastmod: 2020-07-27T08:48:45+00:00
+draft: false
+menu:
+  docs:
+    parent: "Webmasters"
+---
+
+## Authorization token
+
+When a visitor solves the CAPTCHA and sends their solution to an
+mCaptcha instance, the solution will be verified for correctness. If the
+solution is correct, mCaptcha will return a single use authorization token.
+
+This authorization token should be attached to the visitor's requited to the
+protected service and the protected service should validity of the
+authorization token with the mCaptcha instance and only allow authorization to
+protected resource if the authorization token is valid.
+
+## Cooldown Period
+
+mCaptcha implements leaky bucket algorithm to measure
+current traffic levels. Cooldown period specifies the leak or the time
+after which a visitor addition is decremented.
+
+For instance, if initial traffic level is 0 and a user visits one
+second later, the traffic level will be incremented to 1. Now, if the
+cooldown period is set to 30 seconds, the traffic level will be
+decremented after 30 seconds. So after 30 seconds, the traffic level will
+go from 1 to 0.
+
+## Difficulty Factor
+
+Difficulty factor determines the time it takes to solve a CAPTCHA. The
+higher the difficulty factor, the longer it will take to generate a
+proof of work for it to solve the CAPTCHA.
+
+mCaptcha's proof of work based mechanism makes it highly accessible to
+people with special needs but it is important to choose the difficulty factor
+with care as very high difficulty factors will make the CAPTCHA
+inaccessible to users on slow devices.
+
+## Sitekey
+
+Site key is a unique identifier associated with CAPTCHA configurations
+created on mCaptcha. It is required to integrate a CAPTCHA with your
+website.
+
+## Visitor Threshold
+
+mCaptcha's variable difficulty factor mechanism requires a website's traffic
+statistics be split into levels, so that it can deploy the right
+difficulty factor for each level.
+
+Visitor threshold is used to traffic into levels and mCaptcha accepts a
+difficulty configuration for each of these levels. When current traffic
+exceeds a difficulty factor, mCaptcha will increase the difficulty
+factor to the next configured level.
+
+For instance, consider the configuration given below:
+
+- Cool down period: 30 seconds
+
+| Level | Difficulty Factor | Visitor Threshold |
+| ----- | ----------------- | ----------------- |
+| 1     | 5,000             | 2,000             |
+| 2     | 50,000            | 5,000             |
+| 3     | 500,000           | 10,000            |
+| 4     | 5,000,000         | 15,000            |
+
+If the website sees 2,000 requests in a 30 second window, level 1
+difficulty factor(5,000) will be deployed. If the traffic increases to
+5,000 requests in a 30 second window, then difficulty factor will be
+upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
+seconds will result in difficulty factor being upgraded to 500,000 and
+5,000,000 respectively.
+
+Visitor threshold is how mCaptcha determines which difficulty factor
+level to deploy. mCaptcha uses leaky bucket algorithm to keep the
+visitor threshold constantly updated within the configured cool down
+period. So, at any given moment the, the current visitor level will be
+the amount of traffic that was served in the cool down period specified.

layouts/index.html

@@ -6,9 +6,9 @@
     </div>
     <div class="col-lg-9 col-xl-8 text-center">
       <p class="lead">{{ .Params.lead | safeHTML }}</p>
-      <a class="btn btn-primary btn-lg px-4 mb-2" href="https://demo.mcaptcha.org/" role="button">Try mCaptcha</a>
+      <a class="btn btn-primary btn-lg px-4 mb-2" href="https://showcase.mcaptcha.org/" role="button">Try mCaptcha</a>
       &nbsp &nbsp &nbsp
-      <a class="btn btn-primary btn-lg px-4 mb-2" href="{{ "/docs/introduction/installing-captcha/" | absURL }}" role="button">Get started</a>
+      <a class="btn btn-primary btn-lg px-4 mb-2" href="{{ "/docs/webmasters/installing-captcha/" | absURL }}" role="button">Get started</a>
       <p class="meta">Libre software <a href="https://github.com/mCaptcha">GitHub</a></p>
     </div>
   </div>

layouts/partials/main/edit-page.html

@@ -1 +1 @@
-<p class="edit-page"><a href="{{ .Site.Params.docsRepo }}/blob/master/content/{{ .File.Path }}"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2"><path d="M17 3a2.828 2.828 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5L17 3z"></path></svg>Edit this page on GitHub</a></p>
+<p class="edit-page"><a href="{{ .Site.Params.docsRepo }}/blob/master/content/{{ .File.Path }}"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2"><path d="M17 3a2.828 2.828 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5L17 3z"></path></svg>Edit this page on git.batsense.net</a></p>

package-lock.json

@@ -7,6 +7,9 @@
     "": {
       "name": "doks",
       "version": "0.1.6",
+      "dependencies": {
+        "yarn": "^1.22.19"
+      },
       "devDependencies": {
         "@babel/cli": "^7.18.9",
         "@babel/core": "^7.18.9",
@@ -8474,10 +8477,16 @@
       "optional": true
     },
     "node_modules/nanoid": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
+      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
       "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
       "bin": {
         "nanoid": "bin/nanoid.cjs"
       },
@@ -9242,9 +9251,9 @@
       "dev": true
     },
     "node_modules/picocolors": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
-      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz",
+      "integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==",
       "dev": true
     },
     "node_modules/picomatch": {
@@ -9437,9 +9446,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.21",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
-      "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+      "version": "8.4.47",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
+      "integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==",
       "dev": true,
       "funding": [
         {
@@ -9449,12 +9458,16 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "nanoid": "^3.3.4",
-        "picocolors": "^1.0.0",
-        "source-map-js": "^1.0.2"
+        "nanoid": "^3.3.7",
+        "picocolors": "^1.1.0",
+        "source-map-js": "^1.2.1"
       },
       "engines": {
         "node": "^10 || ^12 || >=14"
@@ -11325,9 +11338,9 @@
       }
     },
     "node_modules/source-map-js": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
-      "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
       "dev": true,
       "engines": {
         "node": ">=0.10.0"
@@ -14110,6 +14123,19 @@
         "node": ">=10"
       }
     },
+    "node_modules/yarn": {
+      "version": "1.22.19",
+      "resolved": "https://registry.npmjs.org/yarn/-/yarn-1.22.19.tgz",
+      "integrity": "sha512-/0V5q0WbslqnwP91tirOvldvYISzaqhClxzyUKXYxs07yUILIs5jx/k6CFe8bvKSkds5w+eiOqta39Wk3WxdcQ==",
+      "hasInstallScript": true,
+      "bin": {
+        "yarn": "bin/yarn.js",
+        "yarnpkg": "bin/yarn.js"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
     "node_modules/yauzl": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
@@ -20667,9 +20693,9 @@
       "optional": true
     },
     "nanoid": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
+      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
       "dev": true
     },
     "nanomatch": {
@@ -21286,9 +21312,9 @@
       "dev": true
     },
     "picocolors": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
-      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz",
+      "integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==",
       "dev": true
     },
     "picomatch": {
@@ -21428,14 +21454,14 @@
       "dev": true
     },
     "postcss": {
-      "version": "8.4.21",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
-      "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+      "version": "8.4.47",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
+      "integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==",
       "dev": true,
       "requires": {
-        "nanoid": "^3.3.4",
-        "picocolors": "^1.0.0",
-        "source-map-js": "^1.0.2"
+        "nanoid": "^3.3.7",
+        "picocolors": "^1.1.0",
+        "source-map-js": "^1.2.1"
       }
     },
     "postcss-cli": {
@@ -22894,9 +22920,9 @@
       "dev": true
     },
     "source-map-js": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
-      "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
       "dev": true
     },
     "source-map-resolve": {
@@ -25117,6 +25143,11 @@
       "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
       "dev": true
     },
+    "yarn": {
+      "version": "1.22.19",
+      "resolved": "https://registry.npmjs.org/yarn/-/yarn-1.22.19.tgz",
+      "integrity": "sha512-/0V5q0WbslqnwP91tirOvldvYISzaqhClxzyUKXYxs07yUILIs5jx/k6CFe8bvKSkds5w+eiOqta39Wk3WxdcQ=="
+    },
     "yauzl": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",

package.json

@@ -52,5 +52,8 @@
     "standard-version": "^9.1",
     "stylelint": "^13.11",
     "stylelint-config-standard": "^20.0"
+  },
+  "dependencies": {
+    "yarn": "^1.22.19"
   }
 }

renovate.json

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":dependencyDashboard"
+  ],
+  "labels": [
+    "renovate-bot"
+  ],
+  "prHourlyLimit": 0,
+  "timezone": "Asia/kolkata",
+  "prCreation": "immediate",
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": [
+      "renovate-bot",
+      "renovate-security",
+      "security"
+    ]
+  }
+}

scripts/hugo.sh

@@ -101,10 +101,12 @@ deploy() {
 	if [[ -z $(git ls-remote --heads origin ${1}) ]]
 	then
 		echo "[*] Creating deployment branch $1"
+    git stash
 		git checkout --orphan $1
 	else
 		echo "[*] Deployment branch $1 exists, pulling changes from remote"
 		git fetch origin $1
+    git stash
 		git switch $1
 	fi