1.3.1

1.3.0
24w09b
2024-10-06 19:19:54 +08:00 · 2024-10-06 04:32:55 +08:00 · 2024-10-06 04:01:53 +08:00 · 2024-10-06 03:36:59 +08:00 · 2024-10-06 01:54:47 +08:00 · 2024-10-06 01:49:57 +08:00
17 changed files with 155 additions and 86 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,41 @@
 # 更新日志

+v1.3.1
+---
+- CHANGE: 优化代码结构,提升性能
+- CHANGE: 剃刀计划,减少多余日志输出
+- CHANGE: 调整缓存参数
+
+24w10a
+---
+- CHANGE: 优化代码结构,提升性能
+- CHANGE: 剃刀计划,减少多余日志输出
+- CHANGE: 调整缓存参数
+
+v1.3.0
+---
+- CHANGE: 优化代码结构,提升性能
+- CHANGE: 优化黑名单功能,提升稳定性
+- CHANGE: 剃刀计划,减少多余日志输出
+- ADD： 新增auth子模块blacklist.go,支持黑名单功能
+- ADD: 新增blacklist.json文件,用于配置黑名单
+- CHANGE: config.yaml文件格式修改,使其具备更好的可读性
+- WARNING: 此版本为大版本更新,配置文件重构,此版本不再向前兼容,请注意备份文件并重新部署
+
+24w09b
+---
+- CHANGE: 优化代码结构,提升性能
+- CHANGE: 修正配置,提升稳定性
+- WARNING: 此版本配置文件重构,此版本不再向前兼容,请注意备份文件并重新部署
+
+24w09a
+---
+- CHANGE: 优化代码结构,提升性能
+- CHANGE: 优化黑名单功能,提升稳定性
+- CHANGE&ADD: 新增auth子模块blacklist.go
+- CHANGE: 黑名单转为使用json文件存储,便于程序处理
+- WARNING: 此版本配置文件重构,此版本不再向前兼容,请注意备份文件并重新部署
+
 24w08b
 ---
 - CHANGE: 优化代码结构,提升性能
@@ -8,7 +44,7 @@
 - CHANGE: 大幅度修改Config包,使其更加模块化
 - CHANGE: 与Config包同步修改config.yaml文件(不向前兼容)
 - CHANGE: 修改config.yaml文件的格式,使其具备更好的可读性
- WARNING: 由于config.yaml文件修改,此版本不再向前兼容,请注意备份文件并重新部署
+- WARNING: 此版本配置文件重构,此版本不再向前兼容,请注意备份文件并重新部署

 v1.2.0
 ---
--- a/2
+++ b/2
@@ -1 +1 @@
-24w08b
+24w10a
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@
 - 支持Docker部署
 - 支持速率限制
 - 支持用户鉴权
+- 支持自定义黑名单
 - 符合[RFC 7234](https://httpwg.org/specs/rfc7234.html)的HTTP Cache
 - 使用Caddy作为Web Server
 - 基于[WJQSERVER-STUDIO/golang-temp](https://github.com/WJQSERVER-STUDIO/golang-temp)模板构建,具有标准化的日志记录与构建流程
@@ -62,7 +63,7 @@ docker run -p 7210:80 -v ./ghproxy/log/run:/data/ghproxy/log -v ./ghproxy/log/ca
 本项目采用config.yaml作为外部配置,默认配置如下
 使用Docker部署时,慎重修改config.yaml,以免造成不必要的麻烦

-```
+```yaml
 # 核心配置
 server:
  port: 8080  # 监听端口(小白请勿修改)
@@ -72,7 +73,7 @@ server:
 # 日志配置
 logger:
  logfilepath: "/data/ghproxy/log/ghproxy.log"  # 日志文件路径（小白请勿修改）
-  maxlogsize: 25 # MB
+  maxlogsize: 5 # MB

 # CORS 配置
 cors:
@@ -86,13 +87,27 @@ auth:
 # 黑名单配置
 blacklist:
  enabled: true
-  blacklistfile: "/data/ghproxy/config/blacklist.yaml"
+  blacklistfile: "/data/ghproxy/config/blacklist.json"

 ```

+### 黑名单配置
+
+黑名单配置位于config/blacklist.json,格式如下:
+
+```json
+{
+    "blacklist": [
+      "test/test1",
+      "example/repo2",
+      "another/repo3"
+    ]
+  }
+```  
+
 ### Caddy反代配置

-```
+```Caddyfile
 example.com {
    reverse_proxy {
        to 127.0.0.1:7210
@@ -112,9 +127,8 @@ example.com {
 - [x] 允许更多参数通过config结构传入
 - [x] 改进程序效率
 - [x] 用户鉴权
- [ ] 仓库黑名单
+- [x] 仓库黑名单

 ### DEV

 - [x] Docker Pull 代理
- [x] 仓库黑名单
--- a/2
+++ b/2
@@ -1 +1 @@
-1.2.0
+1.3.1
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -12,7 +12,6 @@ var logw = logger.Logw
 func AuthHandler(c *gin.Context, cfg *config.Config) bool {
 	// 如果身份验证未启用，直接返回 true
 	if !cfg.Auth.Enabled {
-		logw("auth PASSED")
 		return true
 	}

@@ -31,19 +30,6 @@ func AuthHandler(c *gin.Context, cfg *config.Config) bool {
 		logw("auth FAILED: invalid auth_token: %s", authToken)
 	}

+	logw("auth SUCCESS: %t", isValid)
 	return isValid
 }
-
-func IsBlacklisted(username, repo string, blacklist map[string][]string, enabled bool) bool {
-	if !enabled {
-		return false
-	}
-	if repos, ok := blacklist[username]; ok {
-		for _, blacklistedRepo := range repos {
-			if blacklistedRepo == repo {
-				return true
-			}
-		}
-	}
-	return false
-}
--- a/auth/blacklist.go
+++ b/auth/blacklist.go
@@ -0,0 +1,45 @@
+package auth
+
+import (
+	"encoding/json"
+	"ghproxy/config"
+	"os"
+)
+
+type Config struct {
+	Blacklist []string `json:"blacklist"`
+}
+
+var (
+	cfg           *config.Config
+	blacklistfile = "/data/ghproxy/config/blacklist.json"
+	blacklist     *Config
+)
+
+func LoadBlacklist(cfg *config.Config) {
+	blacklistfile = cfg.Blacklist.BlacklistFile
+	blacklist = &Config{}
+
+	data, err := os.ReadFile(blacklistfile)
+	if err != nil {
+		logw("Failed to read blacklist file: %v", err)
+	}
+
+	err = json.Unmarshal(data, blacklist)
+	if err != nil {
+		logw("Failed to unmarshal blacklist JSON: %v", err)
+	}
+}
+
+func CheckBlacklist(fullrepo string) bool {
+	return forRangeCheck(blacklist.Blacklist, fullrepo)
+}
+
+func forRangeCheck(blist []string, fullrepo string) bool {
+	for _, blocked := range blist {
+		if blocked == fullrepo {
+			return true
+		}
+	}
+	return false
+}
--- a/caddyfile/dev/Caddyfile
+++ b/caddyfile/dev/Caddyfile
@@ -72,7 +72,7 @@
        import header_realip
    }
    import log ghproxy
-    import cache 0s 600s
+    import cache 0s 300s
    import error_page  
    import encode
    import rate_limit 60 
@@ -84,7 +84,7 @@
    route /favicon.ico {
        root /data/www
        file_server
-        import cache 60s 24h
+        import cache 0s 24h
    }
    handle_errors {
        @redirects `{err.status_code} in [301, 302, 307]`
--- a/caddyfile/release/Caddyfile
+++ b/caddyfile/release/Caddyfile
@@ -60,12 +60,6 @@
 	header_up X-Forwarded-Proto {http.request.header.CF-Visitor}
 }

-(buffer) {
-    flush_interval 2000s
-	buffer_responses
-	max_buffer_size 256k
-}
-
 (rate_limit) {
    route /* {
        rate_limit {remote.ip} {args[0]}r/m 10000 429
@@ -78,7 +72,7 @@
        import header_realip
    }
    import log ghproxy
-    import cache 0s 600s
+    import cache 0s 300s
    import error_page  
    import encode
    route /* {
@@ -92,7 +86,7 @@
    route /favicon.ico {
        root /data/www
        file_server
-        import cache 60s 24h
+        import cache 0s 24h
    }
 }

--- a/config/blacklist.json
+++ b/config/blacklist.json
@@ -0,0 +1,8 @@
+{
+    "blacklist": [
+      "test/test1",
+      "example/repo2",
+      "another/repo3"
+    ]
+  }
+  
--- a/config/blacklist.yaml
+++ b/config/blacklist.yaml
@@ -1,9 +0,0 @@
-blacklist:
-  username1:
-    - repo1
-    - repo2
-  username2:
-    - repo3
-    - repo4
-  username3:
-    - repo5
--- a/config/config.go
+++ b/config/config.go
@@ -33,10 +33,6 @@ type Config struct {
 	} `yaml:"blacklist"`
 }

-type Blacklist struct {
-	Blacklist map[string][]string `yaml:"blacklist"`
-}
-
 // LoadConfig 从 YAML 配置文件加载配置
 func LoadConfig(filePath string) (*Config, error) {
 	var config Config
@@ -46,15 +42,6 @@ func LoadConfig(filePath string) (*Config, error) {
 	return &config, nil
 }

-// LoadBlacklistConfig 从 YAML 配置文件加载黑名单配置
-func LoadBlacklistConfig(filePath string) (*Blacklist, error) {
-	var config Blacklist
-	if err := loadYAML(filePath, &config); err != nil {
-		return nil, err
-	}
-	return &config, nil
-}
-
 // LoadyamlConfig 从 YAML 配置文件加载配置
 func loadYAML(filePath string, out interface{}) error {
 	data, err := os.ReadFile(filePath)
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -7,7 +7,7 @@ server:
 # Logging Configuration
 logger:
  logfilepath: "/data/ghproxy/log/ghproxy.log"
-  maxlogsize: 25 # MB
+  maxlogsize: 5 # MB

 # CORS Configuration
 cors:
@@ -21,4 +21,4 @@ auth:
 # Blacklist Configuration
 blacklist:
  enabled: true
-  blacklistfile: "/data/ghproxy/config/blacklist.yaml"
+  blacklistfile: "/data/ghproxy/config/blacklist.json"
--- a/docker/dockerfile/dev/Dockerfile
+++ b/docker/dockerfile/dev/Dockerfile
@@ -13,7 +13,7 @@ RUN wget -O /data/caddy/Caddyfile https://raw.githubusercontent.com/${USER}/${RE
 RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/DEV-VERSION) && \
    wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}
 RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml
-RUN wget -O /data/${APPLICATION}/blacklist.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.yaml
+RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json
 RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/init.sh
 RUN chmod +x /data/${APPLICATION}/${APPLICATION}
 RUN chmod +x /usr/local/bin/init.sh
--- a/docker/dockerfile/release/Dockerfile
+++ b/docker/dockerfile/release/Dockerfile
@@ -13,6 +13,7 @@ RUN wget -O /data/caddy/Caddyfile https://raw.githubusercontent.com/${USER}/${RE
 RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/VERSION) && \
    wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}
 RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml
+RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json
 RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/init.sh
 RUN chmod +x /data/${APPLICATION}/${APPLICATION}
 RUN chmod +x /usr/local/bin/init.sh
--- a/init.sh
+++ b/init.sh
@@ -6,6 +6,10 @@ if [ ! -f /data/caddy/config/Caddyfile ]; then
    cp /data/caddy/Caddyfile /data/caddy/config/Caddyfile
 fi

+if [ ! -f /data/${APPLICATON}/config/blacklist.json ]; then
+    cp /data/${APPLICATON}/blacklist.json /data/${APPLICATON}/config/blacklist.json
+fi
+
 if [ ! -f /data/${APPLICATON}/config/config.yaml ]; then
    cp /data/${APPLICATON}/config.yaml /data/${APPLICATON}/config/config.yaml
 fi
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"regexp"

+	"ghproxy/auth"
 	"ghproxy/config"
 	"ghproxy/logger"
 	"ghproxy/proxy"
@@ -16,7 +17,6 @@ import (

 var (
 	cfg        *config.Config
-	blacklist  *config.Blacklist
 	logw       = logger.Logw
 	router     *gin.Engine
 	configfile = "/data/ghproxy/config/config.yaml"
@@ -42,15 +42,6 @@ func loadConfig() {
 	fmt.Printf("Loaded config: %v\n", cfg)
 }

-func loadBlacklistConfig() {
-	// 初始化黑名单配置
-	blacklist, err := config.LoadBlacklistConfig("/data/ghproxy/config/blacklist.yaml")
-	if err != nil {
-		log.Fatalf("Failed to load blacklist: %v", err)
-	}
-	logw("Loaded blacklist: %v", blacklist)
-}
-
 func setupLogger() {
 	// 初始化日志模块
 	var err error
@@ -62,10 +53,14 @@ func setupLogger() {
 	logw("Init Completed")
 }

+func LoadBlacklist(cfg *config.Config) {
+	auth.LoadBlacklist(cfg)
+}
+
 func init() {
 	loadConfig()
 	setupLogger()
-	loadBlacklistConfig()
+	LoadBlacklist(cfg)

 	// 设置 Gin 模式
 	gin.SetMode(gin.ReleaseMode)
@@ -87,7 +82,7 @@ func init() {

 	// 未匹配路由处理
 	router.NoRoute(func(c *gin.Context) {
-		proxy.NoRouteHandler(cfg, blacklist)(c)
+		proxy.NoRouteHandler(cfg)(c)
 	})
 }

--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -18,8 +18,6 @@ import (
 )

 var logw = logger.Logw
-var cfg *config.Config
-var blacklist *config.Blacklist

 var exps = []*regexp.Regexp{
 	regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:releases|archive)/.*`),
@@ -29,29 +27,40 @@ var exps = []*regexp.Regexp{
 	regexp.MustCompile(`^(?:https?://)?gist\.github\.com/([^/]+)/.+?/.+`),
 }

-func NoRouteHandler(cfg *config.Config, blacklist *config.Blacklist) gin.HandlerFunc {
+func NoRouteHandler(cfg *config.Config) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		rawPath := strings.TrimPrefix(c.Request.URL.RequestURI(), "/")
 		re := regexp.MustCompile(`^(http:|https:)?/?/?(.*)`)
 		matches := re.FindStringSubmatch(rawPath)

+		if len(matches) < 3 {
+			logw("Invalid URL: %s", rawPath)
+			c.String(http.StatusForbidden, "Invalid URL.")
+			return
+		}
+
 		rawPath = "https://" + matches[2]

-		// 提取用户名和仓库名，格式为 <username>/<repo>
-		pathParts := strings.Split(matches[2], "/")
-		if len(pathParts) < 2 {
+		// 提取用户名和仓库名，格式为 handle/<username>/<repo>/*
+		pathmatches := regexp.MustCompile(`^([^/]+)/([^/]+)/([^/]+)/.*`)
+		pathParts := pathmatches.FindStringSubmatch(matches[2])
+		if len(pathParts) < 4 {
 			logw("Invalid path: %s", rawPath)
 			c.String(http.StatusForbidden, "Invalid path; expected username/repo.")
 			return
 		}
-		username := pathParts[0]
-		repo := pathParts[1]
-		logw("Blacklist Check > Username: %s, Repo: %s", username, repo)

-		// 检查仓库是否在黑名单中
-		if auth.IsBlacklisted(username, repo, blacklist.Blacklist, cfg.Blacklist.Enabled) {
-			c.String(http.StatusForbidden, "Access denied: repository is blacklisted.")
-			logw("Blacklisted repository: %s/%s", username, repo)
+		username := pathParts[2]
+		repo := pathParts[3]
+		logw("Blacklist Check > Username: %s, Repo: %s", username, repo)
+		fullrepo := fmt.Sprintf("%s/%s", username, repo)
+
+		// 黑名单检查
+		blacklistpass := auth.CheckBlacklist(fullrepo)
+		if blacklistpass {
+			errMsg := fmt.Sprintf("Blacklist Blocked repo: %s", fullrepo)
+			c.JSON(http.StatusForbidden, gin.H{"error": errMsg})
+			logw(errMsg)
 			return
 		}

@@ -71,7 +80,6 @@ func NoRouteHandler(cfg *config.Config, blacklist *config.Blacklist) gin.Handler
 			return
 		}

-		logw("Request: %s %s", c.Request.Method, rawPath)
 		logw("Matches: %v", matches)

 		switch {
@@ -90,7 +98,7 @@ func NoRouteHandler(cfg *config.Config, blacklist *config.Blacklist) gin.Handler

 func ProxyRequest(c *gin.Context, u string, cfg *config.Config, mode string) {
 	method := c.Request.Method
-	logw("%s Method: %s", u, method)
+	logw("%s %s", method, u)

 	client := req.C()
Author	SHA1	Message	Date
WJQSERVER	822b6c8cea	1.3.1	2024-10-06 19:19:54 +08:00
WJQSERVER	5ac08bba56	1.3.0	2024-10-06 04:32:55 +08:00
WJQSERVER	61e741c9b3	24w09b	2024-10-06 04:01:53 +08:00
WJQSERVER	815b86c6c6	24w09a	2024-10-06 03:36:59 +08:00
WJQSERVER	999016be2b	fix	2024-10-06 01:54:47 +08:00
WJQSERVER	af6c6cfe64	fix	2024-10-06 01:49:57 +08:00
WJQSERVER	88ee8abb5c	fix	2024-10-06 01:43:24 +08:00
WJQSERVER	2d9ce57e90	fix	2024-10-06 01:40:22 +08:00
WJQSERVER	d33377087f	fix	2024-10-06 01:36:52 +08:00
WJQSERVER	c78d114767	fix	2024-10-06 01:20:34 +08:00
WJQSERVER	b87a8de3c4	fix	2024-10-06 01:03:38 +08:00
WJQSERVER	5dbf137116	fix	2024-10-06 00:26:53 +08:00
WJQSERVER	57f67278a3	test	2024-10-06 00:22:42 +08:00
WJQSERVER	b9a7f30705	fix	2024-10-05 23:53:09 +08:00
WJQSERVER	c0a9ed11e3	fix	2024-10-05 23:41:19 +08:00
WJQSERVER	eec50879e9	fix	2024-10-05 23:36:22 +08:00
WJQSERVER	862b92a1c5	fix	2024-10-05 23:27:13 +08:00
WJQSERVER	1d7780a890	fix	2024-10-05 23:21:10 +08:00
WJQSERVER	ee215eff36	fix	2024-10-05 23:15:46 +08:00
WJQSERVER	20b9c7827d	dev-fix	2024-10-05 22:53:40 +08:00
@@ -1 +1 @@
 w08b
 w10a
@@ -1 +1 @@
 .2.0
 .3.1