Skip to content

tnuser3/i-dont-like-api-abuse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
compiler/microsoft.botsay
compiler/microsoft.botsay
 
 
docs
docs
 
 
site
site
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

i-dont-like-api-abuse

Anti-abuse pipeline: cryptographically random bytecode VM, ChaCha-encrypted WASM delivery, entropy validation, and JWT-backed challenge verification.

Quick start

npm run build    # Compiler → copy assets → build site
npm run dev      # Compiler → copy assets → dev server
npm run start    # Production site (after build)

Requirements

  • Node 18+
  • .NET 10 SDK
  • Clang with wasm32 target
  • Redis (for challenge verification)
  • CHALLENGE_VERIFY_SECRET env var (min 32 chars)
  • REDIS_URL (optional, defaults to redis://localhost:6379)

Project layout

├── compiler/microsoft.botsay/   C# bytecode generator + WASM compiler
├── site/                       Next.js app + VM lib
├── docs/                       Architecture and API docs
└── package.json                Root scripts

Documentation

  • Architecture — Pipeline overview and data flow

  • API Endpoints — All endpoints, flows, and line-by-line process

  • Site — APIs, pages, and configuration

  • Challenge encryption — ECDH, HKDF, ChaCha20-Poly1305

  • VM — Bytecode VM, operations, vm_run, run() vs encode()

  • Entropy — Fingerprint derivation, cross-reference, behaviour analysis

  • Fingerprint — FingerprintJS, HMAC verification, device linking, component assessment

  • Compiler — BytecodeGen, CWasmInjector, WASM build pipeline

Pull Request Policy

We welcome pull requests

Contributions are encouraged! If you have ideas for improvements, bug fixes, or new features, please open an issue to discuss first, then submit a pull request.

Maintainers & contributors

I'm currently the only maintainer of this project. I would love to have others interested in contributing regularly—if you're passionate about anti-abuse systems, VM design, or this stack, reach out and let's chat about how you can get more involved.

AI-generated code

AI-assisted code is fine. However, we won't accept AI slop—code that hasn't been thoroughly reviewed, understood, and debugged. Please run through your changes, test them, and make sure you can explain what the code does and why it belongs here.

Developer Message

This project is a recreation of an old concept i had that created a list of operations and a vm runs these operations to prevent api abuse. The concept i had is currently implamented in https://qyzar.eu this one is a tad bit diffrent with stronger encryption and more encoding types. The docs where made by AI and im not bothering to check them so if you dont understand create an issue or message me directly if you can find me. TLDR: docs are made by ai and this is a recreation of the anti api abuse system on my website https://qyzar.eu

About

This repository uses next js to show a POW of a self hosted anti api abuse mitigator. it combines wasm, anti bot, and encryption technology to detect, challenge, and stop attackers.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages