24w27a

.github/workflows/build-dev.yml

@@ -17,7 +17,7 @@ jobs:
         goarch: [amd64, arm64]
     env:
       OUTPUT_BINARY: ghproxy
-      GO_VERSION: 1.23.3
+      GO_VERSION: 1.23.4
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/build.yml

@@ -17,7 +17,7 @@ jobs:
         goarch: [amd64, arm64]
     env:
       OUTPUT_BINARY: ghproxy
-      GO_VERSION: 1.23.3
+      GO_VERSION: 1.23.4
 
     steps:
       - uses: actions/checkout@v3

CHANGELOG.md

@@ -1,5 +1,30 @@
 # 更新日志
 
+24w27a
+---
+- PRE-RELEASE: 此版本做为实验性功能测试版本,请勿在生产环境中使用
+- ADD: 新增`api.github.com`反代支持, 强制性要求开启`Header Auth`功能
+
+v1.7.7
+---
+- CHANGE: 更新相关依赖库
+- CHANGE: 更新Go版本至1.23.4
+- CHANGE: 更新release及dev版本底包
+
+24w26a
+---
+- PRE-RELEASE: 此版本是v1.7.7的预发布版本,请勿在生产环境中使用
+- CHANGE: 更新相关依赖库
+- CHANGE: 更新Go版本至1.23.4
+- CHANGE: 更新release及dev版本底包
+
+v1.7.6
+---
+- RELEASE: 版本在v1.7.4及以上的用户,我们建议升级到此版本以解决于v1.7.4版本功能更新所引入的问题
+- FIX: 进一步修正 H2C相关配置逻辑问题
+- CHANGE: 对Caddy配置进行实验性修改,优化H2C配置
+- CHANGE: 更新相关依赖库
+
 24w25b
 ---
 - PRE-RELEASE: 此版本是v1.7.6的预发布版本,请勿在生产环境中使用

DEV-VERSION

@@ -1 +1 @@
-24w25b
+24w27a

README.md

@@ -81,7 +81,7 @@ wget -O install.sh https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/ma
 host = "127.0.0.1"  # 监听地址
 port = 8080  # 监听端口
 sizeLimit = 125 # 125MB
-enableH2C = true  # 是否开启H2C传输(latest和dev版本请开启)
+enableH2C = "on"  # 是否开启H2C传输(latest和dev版本请开启) on/off
 
 [pages]
 enabled = false  # 是否开启内置静态页面(Docker版本请关闭此项)

VERSION

@@ -1 +1 @@
-1.7.5
+1.7.7

caddyfile/nocache/Caddyfile

@@ -13,6 +13,9 @@
             roll_keep 10
         }            
     }
+    servers :80 {
+        protocols h1 h2c
+    }
 }
 
 

caddyfile/release/Caddyfile

@@ -13,6 +13,9 @@
             roll_keep 10
         }
     }
+    servers :80 {
+        protocols h1 h2c
+    }    
 }
 
 (log) {
@@ -68,8 +71,11 @@
 
 :80 {
     reverse_proxy {
-        to h2c://127.0.0.1:8080
+        to 127.0.0.1:8080
         import header_realip
+        transport http {
+            versions 1.1 h2c
+        }
     }
     import log ghproxy
     import cache 0s 300s

docker/dockerfile/dev/Dockerfile

@@ -1,4 +1,4 @@
-FROM wjqserver/caddy:2.9.0-rc4-alpine AS builder
+FROM wjqserver/caddy:2.9.0-rc5-alpine AS builder
 
 ARG USER=WJQSERVER-STUDIO
 ARG REPO=ghproxy
@@ -36,7 +36,7 @@ RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.co
 RUN chmod +x /data/${APPLICATION}/${APPLICATION}
 RUN chmod +x /usr/local/bin/init.sh
 
-FROM wjqserver/caddy:2.9.0-rc4-alpine
+FROM wjqserver/caddy:2.9.0-rc5-alpine
 
 RUN apk add --no-cache curl
 

docker/dockerfile/nocache/config.toml

@@ -2,7 +2,7 @@
 host = "0.0.0.0" 
 port = 80 #修改此配置会导致容器异常
 sizeLimit = 125 # MB
-enableH2C = false
+enableH2C = "off" # on / off
 
 [pages]
 enabled = true

docker/dockerfile/release/Dockerfile

@@ -1,4 +1,4 @@
-FROM wjqserver/caddy:2.9.0-rc4-alpine AS builder
+FROM wjqserver/caddy:2.9.0-rc5-alpine AS builder
 
 ARG USER=WJQSERVER-STUDIO
 ARG REPO=ghproxy
@@ -36,7 +36,7 @@ RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.co
 RUN chmod +x /data/${APPLICATION}/${APPLICATION}
 RUN chmod +x /usr/local/bin/init.sh
 
-FROM wjqserver/caddy:2.9.0-rc4-alpine
+FROM wjqserver/caddy:2.9.0-rc5-alpine
 
 RUN apk add --no-cache curl
 

go.mod

@@ -1,6 +1,6 @@
 module ghproxy
 
-go 1.23.3
+go 1.23.4
 
 require (
 	github.com/BurntSushi/toml v1.4.0
@@ -23,7 +23,7 @@ require (
 	github.com/go-playground/validator/v10 v10.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect
+	github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -46,8 +46,8 @@ require (
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.31.0 // indirect
-	golang.org/x/sync v0.9.0 // indirect
-	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/text v0.20.0 // indirect
 	golang.org/x/tools v0.27.0 // indirect
 	google.golang.org/protobuf v1.35.2 // indirect

go.sum

@@ -52,6 +52,8 @@ github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b h1:SXO0REt4iu865upYCk
 github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec=
 github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467 h1:keEZFtbLJugfE0qHn+Ge1JCE71spzkchQobDf3mzS/4=
+github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -138,12 +140,16 @@ golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
 golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
 golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=

proxy/proxy.go

@@ -31,6 +31,7 @@ var exps = []*regexp.Regexp{
 	regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:info|git-).*`),
 	regexp.MustCompile(`^(?:https?://)?raw\.github(?:usercontent|)\.com/([^/]+)/([^/]+)/.+?/.+`),
 	regexp.MustCompile(`^(?:https?://)?gist\.github(?:usercontent|)\.com/([^/]+)/.+?/.+`),
+	regexp.MustCompile(`^(?:https?://)?api\.github\.com/repos/([^/]+)/([^/]+)/.*`),
 }
 
 func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) gin.HandlerFunc {
@@ -106,6 +107,16 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
 			return
 		}
 
+		// 若匹配api.github.com/repos/用户名/仓库名/路径, 则检查是否开启HeaderAuth
+		if exps[5].MatchString(rawPath) {
+			if cfg.Auth.AuthMethod != "header" || !cfg.Auth.Enabled {
+				c.JSON(http.StatusForbidden, gin.H{"error": "HeaderAuth is not enabled."})
+				logWarning("%s %s %s %s %s HeaderAuth-Error: HeaderAuth is not enabled.", c.ClientIP(), c.Request.Method, rawPath, c.Request.Header.Get("User-Agent"), c.Request.Proto)
+				return
+			}
+		}
+
+		// 处理blob/raw路径
 		if exps[1].MatchString(rawPath) {
 			rawPath = strings.Replace(rawPath, "/blob/", "/raw/", 1)
 		}