ouyang/ghproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ouyang:4.0.0-rc.0
Branches Tags
ouyang:main ouyang:dependabot/go_modules/golang.org/x/net-0.47.0 ouyang:dependabot/go_modules/github.com/WJQSERVER/wanf-0.0.2 ouyang:dependabot/go_modules/github.com/infinite-iroha/touka-0.4.0 ouyang:dependabot/go_modules/golang.org/x/time-0.14.0 ouyang:dev ouyang:feat/backend-page ouyang:v4 ouyang:v3 ouyang:v2
ouyang:4.3.4 ouyang:4.3.5-rc.0 ouyang:4.3.3 ouyang:4.3.2 ouyang:4.3.1 ouyang:4.3.0 ouyang:4.3.0-rc.0 ouyang:4.2.7 ouyang:4.2.6 ouyang:4.2.5 ouyang:4.2.4 ouyang:4.2.3 ouyang:4.2.4-rc.0 ouyang:4.2.2 ouyang:4.2.3-rc.0 ouyang:4.2.2-rc.0 ouyang:4.2.1 ouyang:4.2.0 ouyang:4.1.7 ouyang:4.2.0-rc.0 ouyang:4.1.7-rc.0 ouyang:4.1.6 ouyang:4.1.6-rc.0 ouyang:4.1.5 ouyang:4.1.5-rc.0 ouyang:4.1.4 ouyang:4.1.3 ouyang:4.1.4-rc.0 ouyang:4.1.2 ouyang:4.1.3-rc.0 ouyang:4.1.2-rc.0 ouyang:4.1.1 ouyang:4.1.0 ouyang:4.1.0-rc.0 ouyang:4.0.0 ouyang:4.1.0-beta.0 ouyang:4.0.0-beta.0 ouyang:4.0.0-rc.0 ouyang:3.5.6 ouyang:25w48a ouyang:3.5.5 ouyang:25w48b ouyang:25w48c ouyang:3.5.4 ouyang:25w47a ouyang:25w46c ouyang:25w46b ouyang:3.5.3 ouyang:25w46a ouyang:3.5.2 ouyang:3.5.1 ouyang:25w45a ouyang:3.5.0 ouyang:3.4.3 ouyang:25w44a ouyang:3.4.2 ouyang:25w43a ouyang:25w42a ouyang:3.4.1 ouyang:25w41b ouyang:25w41a ouyang:3.4.0 ouyang:3.3.3 ouyang:25w40a ouyang:25w40b ouyang:25w39a ouyang:3.3.2 ouyang:25w38a ouyang:3.3.1 ouyang:3.3.0 ouyang:25w37a ouyang:25w36d ouyang:25w36c ouyang:25w36b ouyang:25w36a ouyang:3.2.4 ouyang:25w35a ouyang:3.2.3 ouyang:25w34a ouyang:25w34b ouyang:3.2.2 ouyang:25w33a ouyang:3.2.1 ouyang:25w33b ouyang:25w33t-1 ouyang:3.2.0 ouyang:25w32a ouyang:25w31t-2 ouyang:25w31t-1 ouyang:25w31a ouyang:3.1.0 ouyang:25w30b ouyang:25w30c ouyang:3.0.3 ouyang:25w30a ouyang:25w30d ouyang:25w30e ouyang:25w29b ouyang:3.0.2 ouyang:25w29t-1 ouyang:25w29a ouyang:25w28a ouyang:25w28b ouyang:25w28t-1 ouyang:25w28t-2 ouyang:3.0.1 ouyang:3.0.0 ouyang:25w27a ouyang:25w26a ouyang:2.6.3 ouyang:25w25a ouyang:2.6.2 ouyang:e3.0.7 ouyang:e3.0.5 ouyang:e3.0.6 ouyang:2.6.1 ouyang:2.6.0 ouyang:e3.0.3 ouyang:e3.0.3rc1 ouyang:e3.0.3rc2 ouyang:25w24a ouyang:25w23t-1 ouyang:25w23a ouyang:25w22a ouyang:25w21e ouyang:25w21a ouyang:25w21c ouyang:25w21d ouyang:25w21b ouyang:25w20a ouyang:25w20b ouyang:2.5.0 ouyang:25w19a ouyang:2.4.2 ouyang:25w18a ouyang:2.4.1 ouyang:25w17a ouyang:2.4.0 ouyang:25w16b ouyang:25w16a ouyang:25w16d ouyang:2.3.1 ouyang:25w16c ouyang:25w15a ouyang:2.3.0 ouyang:2.2.0 ouyang:25w14a ouyang:25w14t-1 ouyang:25w14t-2 ouyang:25w14b ouyang:25w13a ouyang:25w13b ouyang:2.1.0 ouyang:25w12b ouyang:25w12d ouyang:25w12a ouyang:25w12c ouyang:2.0.7 ouyang:2.0.6 ouyang:25w11a ouyang:25w10t-1 ouyang:2.0.5 ouyang:25w10b ouyang:25w10a ouyang:2.0.4 ouyang:25w09a ouyang:25w09b ouyang:25w09t-1 ouyang:2.0.3 ouyang:25w08b ouyang:25w08a ouyang:2.0.2 ouyang:25w07a ouyang:25w07b ouyang:25w06b ouyang:25w06a ouyang:2.0.1 ouyang:25w05a ouyang:2.0.0 ouyang:1.8.3 ouyang:25w04c ouyang:25w04b ouyang:25w04a ouyang:1.8.2 ouyang:25w03a ouyang:1.8.1 ouyang:25w02a ouyang:1.8.0 ouyang:25w01e ouyang:25w01d ouyang:25w01c ouyang:25w01b ouyang:25w01a ouyang:24w29a ouyang:1.7.9 ouyang:24w28b ouyang:24w28a ouyang:1.7.8 ouyang:24w27e ouyang:24w27d ouyang:24w27c ouyang:24w27b ouyang:24w27a ouyang:1.7.7 ouyang:24w26a ouyang:1.7.6 ouyang:24w25b ouyang:24w25a ouyang:1.7.5 ouyang:24w24c ouyang:24w24b ouyang:24w24a ouyang:1.7.4 ouyang:24w23a ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:24w22b ouyang:24w22a ouyang:1.7.0 ouyang:24w21d ouyang:24w21c ouyang:24w21b ouyang:24w21a ouyang:1.6.2 ouyang:24w20b ouyang:24w20a ouyang:1.6.1 ouyang:24w19d ouyang:24w19c ouyang:24w19b ouyang:24w19a ouyang:1.6.0 ouyang:24w18f ouyang:24w18e ouyang:24w18d ouyang:24w18c ouyang:24w18b ouyang:24w18a ouyang:1.5.2 ouyang:24w17b ouyang:24w17a ouyang:1.5.1 ouyang:24w16a ouyang:1.5.0 ouyang:24w15d ouyang:24w15c ouyang:24w15b ouyang:24w15a ouyang:1.4.3 ouyang:24w14a ouyang:1.4.2 ouyang:24w13c ouyang:24w13b ouyang:24w13a ouyang:1.4.1 ouyang:24w12c ouyang:24w12b ouyang:24w12a ouyang:1.4.0 ouyang:24w11b ouyang:24w11a ouyang:1.3.1 ouyang:24w10a ouyang:1.3.0 ouyang:24w09b ouyang:24w09a ouyang:24w08b ouyang:1.2.0 ouyang:24w08a ouyang:1.1.1 ouyang:24w07b ouyang:24w07a ouyang:1.1.0 ouyang:24w06b ouyang:1.0.0 ouyang:24w06a
...
compare: ouyang:dependabot/go_modules/github.com/infinite-iroha/touka-0.4.0
Branches Tags
ouyang:dependabot/go_modules/golang.org/x/net-0.47.0 ouyang:dependabot/go_modules/github.com/WJQSERVER/wanf-0.0.2 ouyang:dependabot/go_modules/github.com/infinite-iroha/touka-0.4.0 ouyang:main ouyang:dependabot/go_modules/golang.org/x/time-0.14.0 ouyang:dev ouyang:feat/backend-page ouyang:v4 ouyang:v3 ouyang:v2
ouyang:4.3.4 ouyang:4.3.5-rc.0 ouyang:4.3.3 ouyang:4.3.2 ouyang:4.3.1 ouyang:4.3.0 ouyang:4.3.0-rc.0 ouyang:4.2.7 ouyang:4.2.6 ouyang:4.2.5 ouyang:4.2.4 ouyang:4.2.3 ouyang:4.2.4-rc.0 ouyang:4.2.2 ouyang:4.2.3-rc.0 ouyang:4.2.2-rc.0 ouyang:4.2.1 ouyang:4.2.0 ouyang:4.1.7 ouyang:4.2.0-rc.0 ouyang:4.1.7-rc.0 ouyang:4.1.6 ouyang:4.1.6-rc.0 ouyang:4.1.5 ouyang:4.1.5-rc.0 ouyang:4.1.4 ouyang:4.1.3 ouyang:4.1.4-rc.0 ouyang:4.1.2 ouyang:4.1.3-rc.0 ouyang:4.1.2-rc.0 ouyang:4.1.1 ouyang:4.1.0 ouyang:4.1.0-rc.0 ouyang:4.0.0 ouyang:4.1.0-beta.0 ouyang:4.0.0-beta.0 ouyang:4.0.0-rc.0 ouyang:3.5.6 ouyang:25w48a ouyang:3.5.5 ouyang:25w48b ouyang:25w48c ouyang:3.5.4 ouyang:25w47a ouyang:25w46c ouyang:25w46b ouyang:3.5.3 ouyang:25w46a ouyang:3.5.2 ouyang:3.5.1 ouyang:25w45a ouyang:3.5.0 ouyang:3.4.3 ouyang:25w44a ouyang:3.4.2 ouyang:25w43a ouyang:25w42a ouyang:3.4.1 ouyang:25w41b ouyang:25w41a ouyang:3.4.0 ouyang:3.3.3 ouyang:25w40a ouyang:25w40b ouyang:25w39a ouyang:3.3.2 ouyang:25w38a ouyang:3.3.1 ouyang:3.3.0 ouyang:25w37a ouyang:25w36d ouyang:25w36c ouyang:25w36b ouyang:25w36a ouyang:3.2.4 ouyang:25w35a ouyang:3.2.3 ouyang:25w34a ouyang:25w34b ouyang:3.2.2 ouyang:25w33a ouyang:3.2.1 ouyang:25w33b ouyang:25w33t-1 ouyang:3.2.0 ouyang:25w32a ouyang:25w31t-2 ouyang:25w31t-1 ouyang:25w31a ouyang:3.1.0 ouyang:25w30b ouyang:25w30c ouyang:3.0.3 ouyang:25w30a ouyang:25w30d ouyang:25w30e ouyang:25w29b ouyang:3.0.2 ouyang:25w29t-1 ouyang:25w29a ouyang:25w28a ouyang:25w28b ouyang:25w28t-1 ouyang:25w28t-2 ouyang:3.0.1 ouyang:3.0.0 ouyang:25w27a ouyang:25w26a ouyang:2.6.3 ouyang:25w25a ouyang:2.6.2 ouyang:e3.0.7 ouyang:e3.0.5 ouyang:e3.0.6 ouyang:2.6.1 ouyang:2.6.0 ouyang:e3.0.3 ouyang:e3.0.3rc1 ouyang:e3.0.3rc2 ouyang:25w24a ouyang:25w23t-1 ouyang:25w23a ouyang:25w22a ouyang:25w21e ouyang:25w21a ouyang:25w21c ouyang:25w21d ouyang:25w21b ouyang:25w20a ouyang:25w20b ouyang:2.5.0 ouyang:25w19a ouyang:2.4.2 ouyang:25w18a ouyang:2.4.1 ouyang:25w17a ouyang:2.4.0 ouyang:25w16b ouyang:25w16a ouyang:25w16d ouyang:2.3.1 ouyang:25w16c ouyang:25w15a ouyang:2.3.0 ouyang:2.2.0 ouyang:25w14a ouyang:25w14t-1 ouyang:25w14t-2 ouyang:25w14b ouyang:25w13a ouyang:25w13b ouyang:2.1.0 ouyang:25w12b ouyang:25w12d ouyang:25w12a ouyang:25w12c ouyang:2.0.7 ouyang:2.0.6 ouyang:25w11a ouyang:25w10t-1 ouyang:2.0.5 ouyang:25w10b ouyang:25w10a ouyang:2.0.4 ouyang:25w09a ouyang:25w09b ouyang:25w09t-1 ouyang:2.0.3 ouyang:25w08b ouyang:25w08a ouyang:2.0.2 ouyang:25w07a ouyang:25w07b ouyang:25w06b ouyang:25w06a ouyang:2.0.1 ouyang:25w05a ouyang:2.0.0 ouyang:1.8.3 ouyang:25w04c ouyang:25w04b ouyang:25w04a ouyang:1.8.2 ouyang:25w03a ouyang:1.8.1 ouyang:25w02a ouyang:1.8.0 ouyang:25w01e ouyang:25w01d ouyang:25w01c ouyang:25w01b ouyang:25w01a ouyang:24w29a ouyang:1.7.9 ouyang:24w28b ouyang:24w28a ouyang:1.7.8 ouyang:24w27e ouyang:24w27d ouyang:24w27c ouyang:24w27b ouyang:24w27a ouyang:1.7.7 ouyang:24w26a ouyang:1.7.6 ouyang:24w25b ouyang:24w25a ouyang:1.7.5 ouyang:24w24c ouyang:24w24b ouyang:24w24a ouyang:1.7.4 ouyang:24w23a ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:24w22b ouyang:24w22a ouyang:1.7.0 ouyang:24w21d ouyang:24w21c ouyang:24w21b ouyang:24w21a ouyang:1.6.2 ouyang:24w20b ouyang:24w20a ouyang:1.6.1 ouyang:24w19d ouyang:24w19c ouyang:24w19b ouyang:24w19a ouyang:1.6.0 ouyang:24w18f ouyang:24w18e ouyang:24w18d ouyang:24w18c ouyang:24w18b ouyang:24w18a ouyang:1.5.2 ouyang:24w17b ouyang:24w17a ouyang:1.5.1 ouyang:24w16a ouyang:1.5.0 ouyang:24w15d ouyang:24w15c ouyang:24w15b ouyang:24w15a ouyang:1.4.3 ouyang:24w14a ouyang:1.4.2 ouyang:24w13c ouyang:24w13b ouyang:24w13a ouyang:1.4.1 ouyang:24w12c ouyang:24w12b ouyang:24w12a ouyang:1.4.0 ouyang:24w11b ouyang:24w11a ouyang:1.3.1 ouyang:24w10a ouyang:1.3.0 ouyang:24w09b ouyang:24w09a ouyang:24w08b ouyang:1.2.0 ouyang:24w08a ouyang:1.1.1 ouyang:24w07b ouyang:24w07a ouyang:1.1.0 ouyang:24w06b ouyang:1.0.0 ouyang:24w06a

88 Commits
4.0.0-rc.0 ... dependabot

Author SHA1 Message Date
dependabot[bot]
c3f26c63c6 Bump github.com/infinite-iroha/touka from 0.3.7 to 0.4.0 
Bumps [github.com/infinite-iroha/touka](https://github.com/infinite-iroha/touka) from 0.3.7 to 0.4.0.
- [Commits](https://github.com/infinite-iroha/touka/compare/v0.3.7...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/infinite-iroha/touka
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 04:24:54 +00:00
wjqserver
32baca85db remove 2025-10-12 15:46:36 +08:00
WJQSERVER
0135fd2ce0 Merge pull request #169 from WJQSERVER-STUDIO/dev 
4.3.4
 2025-09-14 07:44:58 +08:00
wjqserver
ba33d5743f 4.3.4 2025-09-14 07:44:46 +08:00
wjqserver
bd9f590b0a 4.3.4 2025-09-14 07:31:41 +08:00
WJQSERVER
93cabc900a Merge pull request #168 from WJQSERVER-STUDIO/dev 
4.3.3(No.168(いろは))
 2025-09-10 03:37:14 +08:00
wjqserver
e3f84f4c17 fix retrun, change to false 2025-09-10 03:36:15 +08:00
wjqserver
4a7ad2ec75 4.3.3 2025-09-10 03:21:14 +08:00
WJQSERVER
efb63927e9 Merge pull request #164 from WJQSERVER-STUDIO/dev 
4.3.2
 2025-08-20 15:56:39 +08:00
wjqserver
a285777217 4.3.2 2025-08-20 15:53:09 +08:00
wjqserver
44cc5d5677 fix if cfg.Pages.StaticDir is "" issue 2025-08-20 15:48:00 +08:00
WJQSERVER
7972931280 Merge pull request #163 from WJQSERVER-STUDIO/dev 
4.3.1
 2025-08-13 20:55:19 +08:00
wjqserver
74a22be16c 4.3.1 2025-08-13 20:54:33 +08:00
WJQSERVER
905a88a86d Merge pull request #162 from WJQSERVER-STUDIO/dev 
4.3.0
 2025-08-11 18:40:11 +08:00
wjqserver
972a37b497 4.3.0 2025-08-11 18:39:24 +08:00
wjqserver
5fc6f7ab6f remove dev log 2025-08-11 18:35:36 +08:00
wjqserver
d389a61f09 4.3.0 2025-08-11 18:28:03 +08:00
WJQSERVER
abecddc8bf Merge pull request #160 from WJQSERVER-STUDIO/dev 
4.2.7
 2025-08-04 12:17:18 +08:00
wjqserver
8dca51b897 4.2.7 2025-08-04 12:12:32 +08:00
WJQSERVER
e027ec0080 Merge pull request #157 from WJQSERVER-STUDIO/dev 
fix matcher(4.2.6)
 2025-08-01 08:43:06 +08:00
wjqserver
97ee25b65d fix matcher(4.2.6) 2025-08-01 08:42:40 +08:00
WJQSERVER
b0388e6abc Merge pull request #156 from WJQSERVER-STUDIO/dev 
4.2.5
 2025-07-31 20:01:31 +08:00
wjqserver
208ce8a4f9 4.2.5 2025-07-31 20:01:03 +08:00
WJQSERVER
4b3f8e1018 Merge pull request #155 from WJQSERVER-STUDIO/dev 
remove test
 2025-07-29 23:45:49 +08:00
wjqserver
44f28e593a remove test 2025-07-29 23:45:26 +08:00
WJQSERVER
078e556584 Merge pull request #154 from WJQSERVER-STUDIO/dev 
4.2.4
 2025-07-29 23:42:33 +08:00
wjqserver
d7d3e1ca65 4.2.4 2025-07-29 23:42:19 +08:00
wjqserver
0c04bb1355 fix typo & update test workflow 2025-07-29 23:40:48 +08:00
wjqserver
d232d1cf12 refine matcher: will not match releases page 2025-07-29 23:27:42 +08:00
WJQSERVER
3841bab164 Merge pull request #149 from WJQSERVER-STUDIO/dev 
4.2.3
 2025-07-27 15:46:42 +08:00
wjqserver
4df21fd258 4.2.3 2025-07-27 15:46:30 +08:00
wjqserver
08bae46742 4.2.3-rc.0 2025-07-27 15:35:18 +08:00
wjqserver
a9b3f6b972 refine oci image proxy default target 2025-07-27 15:33:03 +08:00
wjqserver
afa2115b0d update err page loader 2025-07-27 15:08:57 +08:00
WJQSERVER
c6325fed3f Merge pull request #148 from WJQSERVER-STUDIO/dev 
4.2.2
 2025-07-25 18:23:06 +08:00
wjqserver
e06e292b1f update body close && weakcache 2025-07-25 18:12:08 +08:00
wjqserver
90c6dd3d79 update body close 1 2025-07-25 17:54:44 +08:00
wjqserver
596e409889 4.2.2 2025-07-25 17:16:26 +08:00
wjqserver
31c26b00fb fix retry body 2025-07-25 17:07:25 +08:00
wjqserver
8689738f4f 4.2.2-rc.0 2025-07-25 16:39:37 +08:00
wjqserver
387545ab78 refactor: oci image proxy 2025-07-25 16:37:20 +08:00
WJQSERVER
f89fc53046 Merge pull request #146 from WJQSERVER-STUDIO/dev 
4.2.1
 2025-07-25 16:31:09 +08:00
wjqserver
98fdd61673 4.2.1 2025-07-25 14:18:21 +08:00
WJQSERVER
3f802a0ed3 update deps 2025-07-24 16:37:41 +00:00
WJQSERVER
88d84d0703 Merge pull request #143 from WJQSERVER-STUDIO/dev 
4.2.0
 2025-07-22 17:32:27 +08:00
wjqserver
33bb588c36 fix typo 2025-07-22 17:29:38 +08:00
wjqserver
cc4b04ede2 4.2.0 2025-07-22 17:23:33 +08:00
wjqserver
3abe4419d6 add Thordata ads 2025-07-22 16:38:24 +08:00
wjqserver
d2d9ad1db7 4.2.0-rc.0 2025-07-22 16:37:59 +08:00
WJQSERVER
80f52dda3c Merge pull request #141 from WJQSERVER-STUDIO/dev 
4.1.7
 2025-07-20 22:34:43 +08:00
wjqserver
95dd34a456 4.1.7 2025-07-20 22:29:27 +08:00
wjqserver
1f3a036267 4.1.7-rc.0 2025-07-20 22:13:05 +08:00
WJQSERVER
799a4895e5 Merge pull request #140 from WJQSERVER-STUDIO/dev 
update deps
 2025-07-07 15:45:41 +08:00
wjqserver
b033079553 update deps 2025-07-07 15:44:38 +08:00
WJQSERVER
a391895e7f Merge pull request #139 from WJQSERVER-STUDIO/dev 
4.1.6
 2025-07-07 15:35:30 +08:00
WJQSERVER
7e153d2b51 Update CHANGELOG.md 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-07-07 15:32:58 +08:00
WJQSERVER
90eca70eb1 Update CHANGELOG.md 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-07-07 15:31:39 +08:00
wjqserver
c19a0e9af9 4.1.6 2025-07-07 15:28:16 +08:00
wjqserver
4ee7f56ec5 update deps optimize performance 2025-07-06 18:19:36 +08:00
里見 灯花
4e469a4896 Merge pull request #138 from WJQSERVER-STUDIO/dev 
4.1.5
 2025-07-03 11:42:00 +08:00
wjqserver
00513f689d fix changelog 2025-07-03 11:41:40 +08:00
wjqserver
ad4d55bc39 4.1.5 2025-07-03 11:37:21 +08:00
WJQSERVER
7adab36c68 Merge pull request #136 from WJQSERVER-STUDIO/dev 
4.1.4
 2025-06-30 15:37:46 +08:00
wjqserver
4ea5a875fe 4.1.4 2025-06-30 15:27:17 +08:00
wjqserver
904a800eea use touka uni httpc 2025-06-30 15:26:48 +08:00
WJQSERVER
f0902c1da3 Merge pull request #135 from WJQSERVER-STUDIO/dev 
4.1.3
 2025-06-25 17:59:16 +08:00
wjqserver
781e175721 4.1.3 2025-06-25 17:53:35 +08:00
wjqserver
79692965a6 refix changelog 2025-06-18 17:22:58 +08:00
wjqserver
ff5f77edc9 fix changelog 2025-06-18 17:22:41 +08:00
WJQSERVER
402308d620 Merge pull request #134 from WJQSERVER-STUDIO/dev 2025-06-18 17:21:17 +08:00
wjqserver
d4237f0463 4.1.2-rc.0 2025-06-18 10:35:08 +08:00
wjqserver
eb3bf16e06 update design theme 2025-06-18 10:35:01 +08:00
WJQSERVER
b701a89b98 Merge pull request #133 from WJQSERVER-STUDIO/dev 
4.1.1
 2025-06-18 09:06:11 +08:00
wjqserver
933aeee518 4.1.1 2025-06-18 09:05:45 +08:00
WJQSERVER
3812b029cf Merge pull request #131 from WJQSERVER-STUDIO/dev 
4.1.0
 2025-06-17 17:05:42 +08:00
wjqserver
e629b5db47 4.1.0 2025-06-17 17:04:34 +08:00
wjqserver
e5bc171f25 4.1.0-rc.0 2025-06-17 16:43:51 +08:00
wjqserver
6eae638256 remove dev codes 2025-06-17 15:07:31 +08:00
wjqserver
3e03f47ef7 update deps rebuild 4.1.0-beta.0 2025-06-17 14:47:23 +08:00
wjqserver
eb113b4191 add docker login basic auth support 2025-06-17 14:45:14 +08:00
里見 灯花
8ea741aec8 Merge pull request #130 from WJQSERVER-STUDIO/dev 
remove HertZ, Touka ready (v4)
 2025-06-16 09:44:31 +08:00
WJQSERVER
37488db087 Merge branch 'main' into dev 2025-06-16 09:27:12 +08:00
wjqserver
5b253998ce update changelog 2025-06-16 09:26:05 +08:00
wjqserver
92432121e5 4.0.0-rc.0 & 4.0.0 ready 2025-06-16 09:19:34 +08:00
WJQSERVER
37fd1383ee Merge pull request #129 from WJQSERVER-STUDIO/v4 
4.0.0-beta.0
 2025-06-16 08:59:33 +08:00
wjqserver
ceda8220fd fix resp header setting 2025-06-16 08:50:05 +08:00
wjqserver
1636bf1548 update auth init 2025-06-16 08:45:47 +08:00
wjqserver
a4d324a361 4.0.0-beta.0 2025-06-16 08:28:02 +08:00
43 changed files with 1482 additions and 1989 deletions
Expand all files Collapse all files

4
.github/workflows/build-dev.yml vendored
View File

@@ -46,7 +46,7 @@ jobs:
goarch: [amd64, arm64] goarch: [amd64, arm64]
env: env:
OUTPUT_BINARY: ghproxy OUTPUT_BINARY: ghproxy
GO_VERSION: 1.24 GO_VERSION: 1.25
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -73,7 +73,7 @@ jobs:
GOOS: ${{ matrix.goos }} GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }} GOARCH: ${{ matrix.goarch }}
run: | run: |
CGO_ENABLED=0 go build -ldflags "-X main.version=${{ env.VERSION }} -X main.dev=true" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go CGO_ENABLED=0 go build -ldflags "-X main.version=${{ env.VERSION }} -X main.dev=true" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} .
- name: 打包 - name: 打包
run: | run: |
mkdir ghproxyd mkdir ghproxyd

7
.github/workflows/build.yml vendored
View File

@@ -47,7 +47,7 @@ jobs:
goarch: [amd64, arm64] goarch: [amd64, arm64]
env: env:
OUTPUT_BINARY: ghproxy OUTPUT_BINARY: ghproxy
GO_VERSION: 1.24 GO_VERSION: 1.25
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@@ -74,7 +74,7 @@ jobs:
GOOS: ${{ matrix.goos }} GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }} GOARCH: ${{ matrix.goarch }}
run: | run: |
CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} .
- name: 打包 - name: 打包
run: | run: |
mkdir ghproxyd mkdir ghproxyd
@@ -141,4 +141,7 @@ jobs:
push: true push: true
tags: | tags: |
${{ env.IMAGE_NAME }}:${{ env.VERSION }} ${{ env.IMAGE_NAME }}:${{ env.VERSION }}
${{ env.IMAGE_NAME }}:v4
${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:latest
wjqserver/ghproxy-touka:latest
wjqserver/ghproxy-touka:${{ env.VERSION }}

2
.gitignore vendored
View File

@@ -1,8 +1,10 @@
demo demo
demo.toml demo.toml
demo.wanf
*.log *.log
*.bak *.bak
list.json list.json
iplist.json
repos repos
pages pages
*_test *_test

186
CHANGELOG.md
View File

@@ -1,5 +1,191 @@
# 更新日志 # 更新日志
4.3.4 - 2025-09-14
---
- CHANGE: 改进嵌套加速实现, 增强稳定性
4.3.3 - 2025-09-10
---
- CHANGE: 增强对[wanf](https://github.com/WJQSERVER/wanf)的支持
- CHANGE: 更新包括Touka框架在内的各个依赖版本
4.3.2 - 2025-08-20
---
- FIX: 修正`cfg.Pages.StaticDir`为空时的处置
4.3.1 - 2025-08-13
---
- CHANGE: 更新至[Go 1.25](https://tip.golang.org/doc/go1.25)
4.3.0 - 2025-08-11
---
- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
4.3.0-rc.0 - 2025-08-11
---
- PRE-RELEASE: v4.3.0-rc.0是v4.3.0发布版本,请勿在生产环境中使用;
- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
4.2.7 - 2025-08-04
---
- CHANGE: 在OCI镜像(docker)代理部分增加特殊处理, 保证可用性 参看[#159](https://github.com/WJQSERVER-STUDIO/ghproxy/issues/159)
- CHANGE: 更新Touka框架, 同步解决部分日志过多问题
4.2.6 - 2025-08-01
---
- CHANGE: 修正匹配器
4.2.5 - 2025-07-31
---
- CHANGE: 进一步完善匹配器, 兼容更多情况
4.2.4 - 2025-07-29
---
- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
4.2.4-rc.0 - 2025-07-29
---
- PRE-RELEASE: v4.2.4-rc.0是v4.2.4预发布版本,请勿在生产环境中使用;
- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
4.2.3 - 2025-07-27
---
- CHANGE: 改进错误页面加载器, 避免在选择`external`模式时错误页面渲染回退到json输出
- CHANGE: 完善OCI(Docker)镜像代理默认target逻辑
4.2.3-rc.0 - 2025-07-27
---
- PRE-RELEASE: v4.2.3-rc.0是v4.2.3预发布版本,请勿在生产环境中使用;
- CHANGE: 改进错误页面加载器, 避免在选择`external`模式时错误页面渲染回退到json输出
- CHANGE: 完善OCI(Docker)镜像代理默认target逻辑
4.2.2 - 2025-07-25
---
- CHANGE: 重构OCI镜像代理部分, 完善对`ghcr`,`gcr`,`k8s.gcr`等上游源特殊处理的适配
4.2.2-rc.0 - 2025-07-25
---
- PRE-RELEASE: v4.2.2-rc.0是v4.2.2预发布版本,请勿在生产环境中使用;
- CHANGE: 重构OCI镜像代理部分, 完善对`ghcr`,`gcr`,`k8s.gcr`等上游源特殊处理的适配
4.2.1 - 2025-07-25
---
- CHANGE: 更新主题样式, 新增`free`主题, `design``hub`主题样式更新
4.2.0 - 2025-07-22
---
- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
- CHANGE: 进一步推进`json/v2`支持
4.2.0-rc.0 - 2025-07-22
---
- PRE-RELEASE: v4.2.0-rc.0是v4.2.0预发布版本,请勿在生产环境中使用;
- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
- CHANGE: 深化json/v2改革, 预备go1.25 json/v2
4.1.7 - 2025-07-20
---
- CHANGE: 更新相关依赖
- CHANGE: 改进代码结构, 完善处理
4.1.7-rc.0 - 2025-07-20
---
- PRE-RELEASE: v4.1.7-rc.0是v4.1.7预发布版本,请勿在生产环境中使用;
- CHANGE: 更新相关依赖
- CHANGE: 改进代码结构, 完善处理
4.1.6 - 2025-07-07
---
- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
4.1.6-rc.0 - 2025-07-07
---
- PRE-RELEASE: v4.1.6-rc.0是v4.1.6预发布版本,请勿在生产环境中使用;
- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
4.1.5 - 2025-07-03
---
- CHANGE: 更新`httpc`依赖以修正一些问题
4.1.5-rc.0 - 2025-07-03
---
- PRE-RELEASE: v4.1.5-rc.0是v4.1.5预发布版本,请勿在生产环境中使用;
- CHANGE: 更新`httpc`依赖以修正一些问题
4.1.4 - 2025-06-30
---
- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
- CHANGE: 更新`json/v2`版本
4.1.4-rc.0 - 2025-06-30
---
- PRE-RELEASE: v4.1.4-rc.0是v4.1.4预发布版本,请勿在生产环境中使用;
- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
- CHANGE: 更新`json/v2`版本
4.1.3 - 2025-06-25
---
- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
4.1.3-rc.0 - 2025-06-25
---
- PRE-RELEASE: 此版本是v4.1.3预发布版本,请勿在生产环境中使用;
- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
4.1.2 - 2025-06-18
---
- CHANGE: 更新`design`主题, 更新默认配置生成
4.1.2-rc.0 - 2025-06-18
---
- PRE-RELEASE: 此版本是v4.1.2预发布版本,请勿在生产环境中使用;
- CHANGE: 更新`design`主题, 更新默认配置生成
4.1.1 - 2025-06-18
---
- CHANGE: 更新touka框架到v0.2.6, 解决MidwareX的一些状态问题
4.1.0 - 2025-06-17
---
- ADD: 加入基于`basic auth`的docker鉴权支持
4.1.0-rc.0 - 2025-06-17
---
- PRE-RELEASE: 此版本是v4.1.0预发布版本,请勿在生产环境中使用;
- ADD: 加入基于`basic auth`的docker鉴权支持
4.1.0-beta.0 - 2025-06-17
---
- BETA-TEST: 此版本是v4.1.0的测试版本,请勿在生产环境中使用;
- ADD: 加入基于`basic auth`的docker鉴权支持
4.0.0 - 2025-06-16
---
- CHANGE: 移交到Touka框架
- REMOVE: 移除req rate limit的total方式
- CHANGE: 使用[reco](https://github.com/fenthope/reco)日志库, 异步使能
- FIX: 更换HTTP框架以解决v3可能存在的内存分配与回收问题
4.0.0-rc.0 - 2025-06-16
---
- PRE-RELEASE: 此版本是v4.0.0预发布版本,请勿在生产环境中使用;
- CHANGE: 移交到Touka框架
- REMOVE: 移除req rate limit的total方式
- CHANGE: 使用[reco](https://github.com/fenthope/reco)日志库, 异步使能
4.0.0-beta.0 - 2025-06-15
---
- BETA-TEST: 此版本是v4.0.0的测试版本,请勿在生产环境中使用;
- CHANGE: 移交到Touka框架
- REMOVE: 移除req rate limit的total方式
- CHANGE: 使用[reco](https://github.com/fenthope/reco)日志库, 异步使能
3.5.6 - 2025-06-15 3.5.6 - 2025-06-15
--- ---
- FIX: 修正blob重写的生成问题 - FIX: 修正blob重写的生成问题

2
DEV-VERSION
View File

@@ -1 +1 @@
25w48c 4.3.0-rc.0

26
README.md
View File

@@ -6,16 +6,15 @@
![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/WJQSERVER-STUDIO/ghproxy) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/WJQSERVER-STUDIO/ghproxy)
[![Go Report Card](https://goreportcard.com/badge/github.com/WJQSERVER-STUDIO/ghproxy)](https://goreportcard.com/report/github.com/WJQSERVER-STUDIO/ghproxy) [![Go Report Card](https://goreportcard.com/badge/github.com/WJQSERVER-STUDIO/ghproxy)](https://goreportcard.com/report/github.com/WJQSERVER-STUDIO/ghproxy)
一个基于Go的高性能Github资源代理程序, 同时支持Docker镜像代理与脚本嵌套加速等多种功能
支持 Git clone、raw、releases的 Github 加速项目, 支持自托管的同时带来卓越的性能与极低的资源占用(Golang和HertZ带来的优势), 同时支持多种额外功能
## 项目说明 ## 项目说明
### 项目特点 ### 项目特点
-**基于 Go 语言实现,跨平台的同时提供高并发性能** -**基于 Go 语言实现,跨平台的同时提供高并发性能**
- 🌐 **使用字节旗下的 [HertZ](https://github.com/cloudwego/hertz) 作为 Web 框架** - 🌐 **使用自有[Touka框架](https://github.com/infinite-iroha/touka)作为 HTTP服务端框架**
- 📡 **使用 [Touka-HTTPC](https://github.com/satomitouka/touka-httpc) 作为 HTTP 客户端** - 📡 **使用 [Touka-HTTPC](https://github.com/WJQSERVER-STUDIO/httpc) 作为 HTTP 客户端**
- 📥 **支持 Git clone、raw、releases 等文件拉取** - 📥 **支持 Git clone、raw、releases 等文件拉取**
- 🐳 **支持反代Docker, GHCR等镜像仓库** - 🐳 **支持反代Docker, GHCR等镜像仓库**
- 🎨 **支持多个前端主题** - 🎨 **支持多个前端主题**
@@ -33,10 +32,10 @@
[TG讨论群组](https://t.me/ghproxy_go) [TG讨论群组](https://t.me/ghproxy_go)
[相关文章](https://blog.wjqserver.com/categories/my-program/)
[GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护 [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
[相关文章](https://blog.wjqserver.com/categories/my-program/)
### 使用示例 ### 使用示例
```bash ```bash
@@ -96,16 +95,11 @@ wget -O install-dev.sh https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghprox
参看[GHProxy-Frontend](https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend) 参看[GHProxy-Frontend](https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend)
## 项目简史 ## 文档
**本项目是[WJQSERVER-STUDIO/ghproxy-go](https://github.com/WJQSERVER-STUDIO/ghproxy-go)的重构版本,实现了原项目原定功能的同时,进一步优化了性能** * [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
关于此项目的详细开发过程,请参看Commit记录与[CHANGELOG.md](https://github.com/WJQSERVER-STUDIO/ghproxy/blob/main/CHANGELOG.md)
- v3.0.0 迁移到HertZ框架, 进一步提升效率 * [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/WJQSERVER-STUDIO/ghproxy) 可供参考, AI生成存在幻觉, 不完全可靠, 请注意辨别
- v2.4.1 对路径匹配进行优化
- v2.0.0 对`proxy`核心模块进行了重构,大幅优化内存占用
- v1.0.0 迁移至本仓库,并再次重构内容实现
- v0.2.0 重构项目实现
## LICENSE ## LICENSE
@@ -121,10 +115,6 @@ v3.5.2开始, 本项目使用 [WJQserver Studio License 2.1](https://wjqserver-s
如果您觉得本项目对您有帮助,欢迎赞助支持,您的赞助将用于Demo服务器开支及开发者时间成本支出,感谢您的支持! 如果您觉得本项目对您有帮助,欢迎赞助支持,您的赞助将用于Demo服务器开支及开发者时间成本支出,感谢您的支持!
为爱发电,开源不易
爱发电: https://afdian.com/a/wjqserver
USDT(TRC20): `TNfSYG6F2vkiibd6J6mhhHNWDgWgNdF5hN` USDT(TRC20): `TNfSYG6F2vkiibd6J6mhhHNWDgWgNdF5hN`
### 捐赠列表 ### 捐赠列表

17
SECURITY.MD
View File

@@ -6,10 +6,13 @@
| 版本 | 是否支持 | | 版本 | 是否支持 |
| --- | --- | | --- | --- |
| v3.x.x | :white_check_mark: 当前最新版本序列 | | v4.x.x | :white_check_mark: 当前最新版本序列 |
| v3.x.x | :x: 这些版本已结束生命周期,不受支持 |
| v2.x.x | :x: 这些版本已结束生命周期,不受支持 | | v2.x.x | :x: 这些版本已结束生命周期,不受支持 |
| v1.x.x | :x: 这些版本已结束生命周期,不受支持 | | v1.x.x | :x: 这些版本已结束生命周期,不受支持 |
| 25w*a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 | | *-rc.x | :warning: 此为PRE-RELEASE预发布版本,用于测试问题 |
| *-beta.x | :warning: 此为Beta测试版本,用于开发与测试,可能存在未知的问题 |
| 25w*a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 生命周期已完全结束 |
| 24w*a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 生命周期已完全结束 | | 24w*a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 生命周期已完全结束 |
| v0.x.x | :x: 这些版本不再受支持 | | v0.x.x | :x: 这些版本不再受支持 |
@@ -17,9 +20,15 @@
本项目为开源项目,开发者不对使用本项目造成的任何损失或问题承担责任。用户需自行评估并承担使用本项目的风险。 本项目为开源项目,开发者不对使用本项目造成的任何损失或问题承担责任。用户需自行评估并承担使用本项目的风险。
使用本项目,请遵循 **[WSL 2.0 (WJQSERVER-STUDIO LICENSE 2.0)](https://wjqserver-studio.github.io/LICENSE/LICENSE.html)** 协议。 使用本项目,请遵循 **[WSL 2.1 (WJQSERVER-STUDIO LICENSE 2.1)](https://wjqserver-studio.github.io/LICENSE/LICENSE.html)** 协议 或 [Mozilla Public License Version 2.0](https://mozilla.org/MPL/2.0/)
本项目所有文件均受到 WSL 2.0 (WJQSERVER-STUDIO LICENSE 2.0) 协议保护,任何人不得在任何情况下以非 WSL 2.0 (WJQSERVER-STUDIO LICENSE 2.0) 协议内规定的方式使用,复制,修改,编译,发布,分发,再许可,或者出售本项目的任何部分。 #### 选择WSL 2.1时
本项目所有文件均受到 WSL 2.1 (WJQSERVER-STUDIO LICENSE 2.1) 协议保护,任何人不得在任何情况下以非 WSL 2.1 (WJQSERVER-STUDIO LICENSE 2.1) 协议内规定的方式使用,复制,修改,编译,发布,分发,再许可,或者出售本项目的任何部分。
#### 选择MPL 2.0时
本项目内文件除特别版权标注声明外, 均受到 [Mozilla Public License Version 2.0](https://mozilla.org/MPL/2.0/) 授权保护, 具体条款参看 [Mozilla Public License Version 2.0](https://mozilla.org/MPL/2.0/)
## 报告漏洞 ## 报告漏洞

2
VERSION
View File

@@ -1 +1 @@
3.5.6 4.3.4

108
api/api.go
View File

@@ -1,95 +1,85 @@
package api package api
import ( import (
"context"
"ghproxy/config" "ghproxy/config"
"ghproxy/middleware/nocache" "ghproxy/middleware/nocache"
"github.com/WJQSERVER-STUDIO/logger" "github.com/infinite-iroha/touka"
"github.com/cloudwego/hertz/pkg/app"
"github.com/cloudwego/hertz/pkg/app/server"
) )
var ( func InitHandleRouter(cfg *config.Config, r *touka.Engine, version string) {
logw = logger.Logw
logDump = logger.LogDump
logDebug = logger.LogDebug
logInfo = logger.LogInfo
logWarning = logger.LogWarning
logError = logger.LogError
)
func InitHandleRouter(cfg *config.Config, r *server.Hertz, version string) {
apiRouter := r.Group("/api", nocache.NoCacheMiddleware()) apiRouter := r.Group("/api", nocache.NoCacheMiddleware())
{ {
apiRouter.GET("/size_limit", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/size_limit", func(c *touka.Context) {
SizeLimitHandler(cfg, c, ctx) SizeLimitHandler(cfg, c)
}) })
apiRouter.GET("/whitelist/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/whitelist/status", func(c *touka.Context) {
WhiteListStatusHandler(cfg, c, ctx) WhiteListStatusHandler(cfg, c)
}) })
apiRouter.GET("/blacklist/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/blacklist/status", func(c *touka.Context) {
BlackListStatusHandler(cfg, c, ctx) BlackListStatusHandler(cfg, c)
}) })
apiRouter.GET("/cors/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/cors/status", func(c *touka.Context) {
CorsStatusHandler(cfg, c, ctx) CorsStatusHandler(cfg, c)
}) })
apiRouter.GET("/healthcheck", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/healthcheck", func(c *touka.Context) {
HealthcheckHandler(c, ctx) HealthcheckHandler(c)
}) })
apiRouter.GET("/version", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/ok", func(c *touka.Context) {
VersionHandler(c, ctx, version) HealthcheckHandler(c)
}) })
apiRouter.GET("/rate_limit/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/version", func(c *touka.Context) {
RateLimitStatusHandler(cfg, c, ctx) VersionHandler(c, version)
}) })
apiRouter.GET("/rate_limit/limit", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/rate_limit/status", func(c *touka.Context) {
RateLimitLimitHandler(cfg, c, ctx) RateLimitStatusHandler(cfg, c)
}) })
apiRouter.GET("/smartgit/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/rate_limit/limit", func(c *touka.Context) {
SmartGitStatusHandler(cfg, c, ctx) RateLimitLimitHandler(cfg, c)
}) })
apiRouter.GET("/shell_nest/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/smartgit/status", func(c *touka.Context) {
shellNestStatusHandler(cfg, c, ctx) SmartGitStatusHandler(cfg, c)
}) })
apiRouter.GET("/oci_proxy/status", func(ctx context.Context, c *app.RequestContext) { apiRouter.GET("/shell_nest/status", func(c *touka.Context) {
ociProxyStatusHandler(cfg, c, ctx) shellNestStatusHandler(cfg, c)
})
apiRouter.GET("/oci_proxy/status", func(c *touka.Context) {
ociProxyStatusHandler(cfg, c)
}) })
} }
logInfo("API router Init success")
} }
func SizeLimitHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func SizeLimitHandler(cfg *config.Config, c *touka.Context) {
sizeLimit := cfg.Server.SizeLimit sizeLimit := cfg.Server.SizeLimit
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"MaxResponseBodySize": sizeLimit, "MaxResponseBodySize": sizeLimit,
})) }))
} }
func WhiteListStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func WhiteListStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"Whitelist": cfg.Whitelist.Enabled, "Whitelist": cfg.Whitelist.Enabled,
})) }))
} }
func BlackListStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func BlackListStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"Blacklist": cfg.Blacklist.Enabled, "Blacklist": cfg.Blacklist.Enabled,
})) }))
} }
func CorsStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func CorsStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"Cors": cfg.Server.Cors, "Cors": cfg.Server.Cors,
})) }))
} }
func HealthcheckHandler(c *app.RequestContext, ctx context.Context) { func HealthcheckHandler(c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"Status": "OK", "Status": "OK",
"Repo": "WJQSERVER-STUDIO/GHProxy", "Repo": "WJQSERVER-STUDIO/GHProxy",
@@ -97,8 +87,8 @@ func HealthcheckHandler(c *app.RequestContext, ctx context.Context) {
})) }))
} }
func VersionHandler(c *app.RequestContext, ctx context.Context, version string) { func VersionHandler(c *touka.Context, version string) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"Version": version, "Version": version,
"Repo": "WJQSERVER-STUDIO/GHProxy", "Repo": "WJQSERVER-STUDIO/GHProxy",
@@ -106,36 +96,36 @@ func VersionHandler(c *app.RequestContext, ctx context.Context, version string)
})) }))
} }
func RateLimitStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func RateLimitStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"RateLimit": cfg.RateLimit.Enabled, "RateLimit": cfg.RateLimit.Enabled,
})) }))
} }
func RateLimitLimitHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func RateLimitLimitHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"RatePerMinute": cfg.RateLimit.RatePerMinute, "RatePerMinute": cfg.RateLimit.RatePerMinute,
})) }))
} }
func SmartGitStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func SmartGitStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"enabled": cfg.GitClone.Mode == "cache", "enabled": cfg.GitClone.Mode == "cache",
})) }))
} }
func shellNestStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func shellNestStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"enabled": cfg.Shell.Editor, "enabled": cfg.Shell.Editor,
})) }))
} }
func ociProxyStatusHandler(cfg *config.Config, c *app.RequestContext, ctx context.Context) { func ociProxyStatusHandler(cfg *config.Config, c *touka.Context) {
c.Response.Header.Set("Content-Type", "application/json") c.SetHeader("Content-Type", "application/json")
c.JSON(200, (map[string]interface{}{ c.JSON(200, (map[string]interface{}{
"enabled": cfg.Docker.Enabled, "enabled": cfg.Docker.Enabled,
"target": cfg.Docker.Target, "target": cfg.Docker.Target,

9
auth/auth-header.go
View File

@@ -4,22 +4,21 @@ import (
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func AuthHeaderHandler(c *app.RequestContext, cfg *config.Config) (isValid bool, err error) { func AuthHeaderHandler(c *touka.Context, cfg *config.Config) (isValid bool, err error) {
if !cfg.Auth.Enabled { if !cfg.Auth.Enabled {
return true, nil return true, nil
} }
// 获取"GH-Auth"的值 // 获取"GH-Auth"的值
var authToken string var authToken string
if cfg.Auth.Key != "" { if cfg.Auth.Key != "" {
authToken = string(c.GetHeader(cfg.Auth.Key)) authToken = string(c.Request.Header.Get(cfg.Auth.Key))
} else { } else {
authToken = string(c.GetHeader("GH-Auth")) authToken = string(c.Request.Header.Get("GH-Auth"))
} }
logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
if authToken == "" { if authToken == "" {
return false, fmt.Errorf("Auth token not found") return false, fmt.Errorf("Auth token not found")
} }

6
auth/auth-parameters.go
View File

@@ -4,10 +4,10 @@ import (
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func AuthParametersHandler(c *app.RequestContext, cfg *config.Config) (isValid bool, err error) { func AuthParametersHandler(c *touka.Context, cfg *config.Config) (isValid bool, err error) {
if !cfg.Auth.Enabled { if !cfg.Auth.Enabled {
return true, nil return true, nil
} }
@@ -19,8 +19,6 @@ func AuthParametersHandler(c *app.RequestContext, cfg *config.Config) (isValid b
authToken = c.Query("auth_token") authToken = c.Query("auth_token")
} }
logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
if authToken == "" { if authToken == "" {
return false, fmt.Errorf("Auth token not found") return false, fmt.Errorf("Auth token not found")
} }

28
auth/auth.go
View File

@@ -4,38 +4,26 @@ import (
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
"github.com/WJQSERVER-STUDIO/logger" "github.com/infinite-iroha/touka"
"github.com/cloudwego/hertz/pkg/app"
) )
var ( func ListInit(cfg *config.Config) error {
logw = logger.Logw
logDump = logger.LogDump
logDebug = logger.LogDebug
logInfo = logger.LogInfo
logWarning = logger.LogWarning
logError = logger.LogError
)
func Init(cfg *config.Config) {
if cfg.Blacklist.Enabled { if cfg.Blacklist.Enabled {
err := InitBlacklist(cfg) err := InitBlacklist(cfg)
if err != nil { if err != nil {
logError(err.Error()) return err
return
} }
} }
if cfg.Whitelist.Enabled { if cfg.Whitelist.Enabled {
err := InitWhitelist(cfg) err := InitWhitelist(cfg)
if err != nil { if err != nil {
logError(err.Error()) return err
return
} }
} }
logDebug("Auth Init") return nil
} }
func AuthHandler(c *app.RequestContext, cfg *config.Config) (isValid bool, err error) { func AuthHandler(c *touka.Context, cfg *config.Config) (isValid bool, err error) {
if cfg.Auth.Method == "parameters" { if cfg.Auth.Method == "parameters" {
isValid, err = AuthParametersHandler(c, cfg) isValid, err = AuthParametersHandler(c, cfg)
return isValid, err return isValid, err
@@ -43,10 +31,10 @@ func AuthHandler(c *app.RequestContext, cfg *config.Config) (isValid bool, err e
isValid, err = AuthHeaderHandler(c, cfg) isValid, err = AuthHeaderHandler(c, cfg)
return isValid, err return isValid, err
} else if cfg.Auth.Method == "" { } else if cfg.Auth.Method == "" {
logError("Auth method not set") c.Errorf("Auth method not set")
return true, nil return true, nil
} else { } else {
logError("Auth method not supported %s", cfg.Auth.Method) c.Errorf("Auth method not supported %s", cfg.Auth.Method)
return false, fmt.Errorf("%s", fmt.Sprintf("Auth method %s not supported", cfg.Auth.Method)) return false, fmt.Errorf("%s", fmt.Sprintf("Auth method %s not supported", cfg.Auth.Method))
} }
} }

2
auth/blacklist.go
View File

@@ -7,7 +7,7 @@ import (
"strings" "strings"
"sync" "sync"
json "github.com/bytedance/sonic" "github.com/go-json-experiment/json"
) )
type Blacklist struct { type Blacklist struct {

60
auth/ipfilter.go Normal file
View File

@@ -0,0 +1,60 @@
package auth
import (
"fmt"
"ghproxy/config"
"os"
"github.com/go-json-experiment/json"
"github.com/go-json-experiment/json/jsontext"
)
func ReadIPFilterList(cfg *config.Config) (whitelist []string, blacklist []string, err error) {
if cfg.IPFilter.IPFilterFile == "" {
return nil, nil, nil
}
// 检查文件是否存在, 不存在则创建空json
if _, err := os.Stat(cfg.IPFilter.IPFilterFile); os.IsNotExist(err) {
if err := CreateEmptyIPFilterFile(cfg.IPFilter.IPFilterFile); err != nil {
return nil, nil, fmt.Errorf("failed to create empty IP filter file: %w", err)
}
}
data, err := os.ReadFile(cfg.IPFilter.IPFilterFile)
if err != nil {
return nil, nil, fmt.Errorf("failed to read IP filter file: %w", err)
}
var ipFilterData struct {
AllowList []string `json:"allow"`
BlockList []string `json:"block"`
}
if err := json.Unmarshal(data, &ipFilterData); err != nil {
return nil, nil, fmt.Errorf("invalid IP filter file format: %w", err)
}
return ipFilterData.AllowList, ipFilterData.BlockList, nil
}
// 创建空列表json
func CreateEmptyIPFilterFile(filePath string) error {
emptyData := struct {
AllowList []string `json:"allow"`
BlockList []string `json:"block"`
}{
AllowList: []string{},
BlockList: []string{},
}
jsonData, err := json.Marshal(emptyData, jsontext.Multiline(true), jsontext.WithIndent(" "))
if err != nil {
return fmt.Errorf("failed to marshal empty IP filter data: %w", err)
}
err = os.WriteFile(filePath, jsonData, 0644)
if err != nil {
return fmt.Errorf("failed to write empty IP filter file: %w", err)
}
return nil
}

2
auth/whitelist.go
View File

@@ -7,7 +7,7 @@ import (
"strings" "strings"
"sync" "sync"
json "github.com/bytedance/sonic" "github.com/go-json-experiment/json"
) )
// Whitelist 用于存储白名单信息 // Whitelist 用于存储白名单信息

264
config/config.go
View File

@@ -1,50 +1,51 @@
package config package config
import ( import (
"fmt"
"os" "os"
"path/filepath"
"strings"
"github.com/BurntSushi/toml" "github.com/BurntSushi/toml"
"github.com/WJQSERVER/wanf"
) )
// Config 结构体定义了整个应用程序的配置
type Config struct { type Config struct {
Server ServerConfig Server ServerConfig `toml:"server" wanf:"server"`
Httpc HttpcConfig Httpc HttpcConfig `toml:"httpc" wanf:"httpc"`
GitClone GitCloneConfig GitClone GitCloneConfig `toml:"gitclone" wanf:"gitclone"`
Shell ShellConfig Shell ShellConfig `toml:"shell" wanf:"shell"`
Pages PagesConfig Pages PagesConfig `toml:"pages" wanf:"pages"`
Log LogConfig Log LogConfig `toml:"log" wanf:"log"`
Auth AuthConfig Auth AuthConfig `toml:"auth" wanf:"auth"`
Blacklist BlacklistConfig Blacklist BlacklistConfig `toml:"blacklist" wanf:"blacklist"`
Whitelist WhitelistConfig Whitelist WhitelistConfig `toml:"whitelist" wanf:"whitelist"`
RateLimit RateLimitConfig IPFilter IPFilterConfig `toml:"ipFilter" wanf:"ipFilter"`
Outbound OutboundConfig RateLimit RateLimitConfig `toml:"rateLimit" wanf:"rateLimit"`
Docker DockerConfig Outbound OutboundConfig `toml:"outbound" wanf:"outbound"`
Docker DockerConfig `toml:"docker" wanf:"docker"`
} }
/* /*
[server] [server]
host = "0.0.0.0" host = "0.0.0.0"
port = 8080 port = 8080
netlib = "netpoll" # "netpoll" / "std" "standard" "net/http" "net"
goPoolSize = 1024
sizeLimit = 125 # MB sizeLimit = 125 # MB
memLimit = 0 # MB memLimit = 0 # MB
H2C = true
cors = "*" # "*"/"" -> "*" ; "nil" -> "" ; cors = "*" # "*"/"" -> "*" ; "nil" -> "" ;
debug = false debug = false
*/ */
// ServerConfig 定义服务器相关的配置
type ServerConfig struct { type ServerConfig struct {
Port int `toml:"port"` Port int `toml:"port" wanf:"port"`
Host string `toml:"host"` Host string `toml:"host" wanf:"host"`
NetLib string `toml:"netlib"` SizeLimit int `toml:"sizeLimit" wanf:"sizeLimit"`
SenseClientDisconnection bool `toml:"senseClientDisconnection"` MemLimit int64 `toml:"memLimit" wanf:"memLimit"`
GoPoolSize int `toml:"goPoolSize"` Cors string `toml:"cors" wanf:"cors"`
SizeLimit int `toml:"sizeLimit"` Debug bool `toml:"debug" wanf:"debug"`
MemLimit int64 `toml:"memLimit"`
H2C bool `toml:"H2C"`
Cors string `toml:"cors"`
Debug bool `toml:"debug"`
} }
/* /*
@@ -55,24 +56,28 @@ maxIdleConnsPerHost = 60 # only for advanced mode
maxConnsPerHost = 0 # only for advanced mode maxConnsPerHost = 0 # only for advanced mode
useCustomRawHeaders = false useCustomRawHeaders = false
*/ */
// HttpcConfig 定义 HTTP 客户端相关的配置
type HttpcConfig struct { type HttpcConfig struct {
Mode string `toml:"mode"` Mode string `toml:"mode" wanf:"mode"`
MaxIdleConns int `toml:"maxIdleConns"` MaxIdleConns int `toml:"maxIdleConns" wanf:"maxIdleConns"`
MaxIdleConnsPerHost int `toml:"maxIdleConnsPerHost"` MaxIdleConnsPerHost int `toml:"maxIdleConnsPerHost" wanf:"maxIdleConnsPerHost"`
MaxConnsPerHost int `toml:"maxConnsPerHost"` MaxConnsPerHost int `toml:"maxConnsPerHost" wanf:"maxConnsPerHost"`
UseCustomRawHeaders bool `toml:"useCustomRawHeaders"` UseCustomRawHeaders bool `toml:"useCustomRawHeaders" wanf:"useCustomRawHeaders"`
} }
/* /*
[gitclone] [gitclone]
mode = "bypass" # bypass / cache mode = "bypass" # bypass / cache
smartGitAddr = "http://127.0.0.1:8080" smartGitAddr = "http://127.0.0.1:8080"
//cacheTimeout = 10
ForceH2C = true ForceH2C = true
*/ */
// GitCloneConfig 定义 Git 克隆相关的配置
type GitCloneConfig struct { type GitCloneConfig struct {
Mode string `toml:"mode"` Mode string `toml:"mode" wanf:"mode"`
SmartGitAddr string `toml:"smartGitAddr"` SmartGitAddr string `toml:"smartGitAddr" wanf:"smartGitAddr"`
ForceH2C bool `toml:"ForceH2C"` //CacheTimeout int `toml:"cacheTimeout"`
ForceH2C bool `toml:"ForceH2C" wanf:"ForceH2C"`
} }
/* /*
@@ -80,9 +85,10 @@ type GitCloneConfig struct {
editor = true editor = true
rewriteAPI = false rewriteAPI = false
*/ */
// ShellConfig 定义 Shell 相关的配置
type ShellConfig struct { type ShellConfig struct {
Editor bool `toml:"editor"` Editor bool `toml:"editor" wanf:"editor"`
RewriteAPI bool `toml:"rewriteAPI"` RewriteAPI bool `toml:"rewriteAPI" wanf:"rewriteAPI"`
} }
/* /*
@@ -91,18 +97,18 @@ mode = "internal" # "internal" or "external"
theme = "bootstrap" # "bootstrap" or "nebula" theme = "bootstrap" # "bootstrap" or "nebula"
staticDir = "/data/www" staticDir = "/data/www"
*/ */
// PagesConfig 定义静态页面相关的配置
type PagesConfig struct { type PagesConfig struct {
Mode string `toml:"mode"` Mode string `toml:"mode" wanf:"mode"`
Theme string `toml:"theme"` Theme string `toml:"theme" wanf:"theme"`
StaticDir string `toml:"staticDir"` StaticDir string `toml:"staticDir" wanf:"staticDir"`
} }
// LogConfig 定义日志相关的配置
type LogConfig struct { type LogConfig struct {
LogFilePath string `toml:"logFilePath"` LogFilePath string `toml:"logFilePath" wanf:"logFilePath"`
MaxLogSize int `toml:"maxLogSize"` MaxLogSize int64 `toml:"maxLogSize" wanf:"maxLogSize"`
Level string `toml:"level"` Level string `toml:"level" wanf:"level"`
Async bool `toml:"async"`
HertZLogPath string `toml:"hertzLogPath"`
} }
/* /*
@@ -115,30 +121,40 @@ passThrough = false
ForceAllowApi = false ForceAllowApi = false
ForceAllowApiPassList = false ForceAllowApiPassList = false
*/ */
// AuthConfig 定义认证相关的配置
type AuthConfig struct { type AuthConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
Method string `toml:"method"` Method string `toml:"method" wanf:"method"`
Key string `toml:"key"` Key string `toml:"key" wanf:"key"`
Token string `toml:"token"` Token string `toml:"token" wanf:"token"`
PassThrough bool `toml:"passThrough"` PassThrough bool `toml:"passThrough" wanf:"passThrough"`
ForceAllowApi bool `toml:"ForceAllowApi"` ForceAllowApi bool `toml:"ForceAllowApi" wanf:"ForceAllowApi"`
ForceAllowApiPassList bool `toml:"ForceAllowApiPassList"` ForceAllowApiPassList bool `toml:"ForceAllowApiPassList" wanf:"ForceAllowApiPassList"`
} }
// BlacklistConfig 定义黑名单相关的配置
type BlacklistConfig struct { type BlacklistConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
BlacklistFile string `toml:"blacklistFile"` BlacklistFile string `toml:"blacklistFile" wanf:"blacklistFile"`
} }
// WhitelistConfig 定义白名单相关的配置
type WhitelistConfig struct { type WhitelistConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
WhitelistFile string `toml:"whitelistFile"` WhitelistFile string `toml:"whitelistFile" wanf:"whitelistFile"`
}
// IPFilterConfig 定义 IP 过滤相关的配置
type IPFilterConfig struct {
Enabled bool `toml:"enabled" wanf:"enabled"`
EnableAllowList bool `toml:"enableAllowList" wanf:"enableAllowList"`
EnableBlockList bool `toml:"enableBlockList" wanf:"enableBlockList"`
IPFilterFile string `toml:"ipFilterFile" wanf:"ipFilterFile"`
} }
/* /*
[rateLimit] [rateLimit]
enabled = false enabled = false
rateMethod = "total" # "total" or "ip"
ratePerMinute = 100 ratePerMinute = 100
burst = 10 burst = 10
@@ -150,20 +166,21 @@ burst = 10
singleBurst = "10mbps" singleBurst = "10mbps"
*/ */
// RateLimitConfig 定义限速相关的配置
type RateLimitConfig struct { type RateLimitConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
RateMethod string `toml:"rateMethod"` RatePerMinute int `toml:"ratePerMinute" wanf:"ratePerMinute"`
RatePerMinute int `toml:"ratePerMinute"` Burst int `toml:"burst" wanf:"burst"`
Burst int `toml:"burst"` BandwidthLimit BandwidthLimitConfig `toml:"bandwidthLimit" wanf:"bandwidthLimit"`
BandwidthLimit BandwidthLimitConfig
} }
// BandwidthLimitConfig 定义带宽限制相关的配置
type BandwidthLimitConfig struct { type BandwidthLimitConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
TotalLimit string `toml:"totalLimit"` TotalLimit string `toml:"totalLimit" wanf:"totalLimit"`
TotalBurst string `toml:"totalBurst"` TotalBurst string `toml:"totalBurst" wanf:"totalBurst"`
SingleLimit string `toml:"singleLimit"` SingleLimit string `toml:"singleLimit" wanf:"singleLimit"`
SingleBurst string `toml:"singleBurst"` SingleBurst string `toml:"singleBurst" wanf:"singleBurst"`
} }
/* /*
@@ -171,24 +188,34 @@ type BandwidthLimitConfig struct {
enabled = false enabled = false
url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890" url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
*/ */
// OutboundConfig 定义出站代理相关的配置
type OutboundConfig struct { type OutboundConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
Url string `toml:"url"` Url string `toml:"url" wanf:"url"`
} }
/* /*
[docker] [docker]
enabled = false enabled = false
target = "ghcr" # ghcr/dockerhub target = "ghcr" # ghcr/dockerhub
auth = false
[docker.credentials]
user1 = "testpass"
test = "test123"
*/ */
// DockerConfig 定义 Docker 相关的配置
type DockerConfig struct { type DockerConfig struct {
Enabled bool `toml:"enabled"` Enabled bool `toml:"enabled" wanf:"enabled"`
Target string `toml:"target"` Target string `toml:"target" wanf:"target"`
Auth bool `toml:"auth" wanf:"auth"`
Credentials map[string]string `toml:"credentials" wanf:"credentials"`
AuthPassThrough bool `toml:"authPassThrough" wanf:"authPassThrough"`
} }
// LoadConfig 从 TOML 配置文件加载配置 // LoadConfig 从配置文件加载配置
func LoadConfig(filePath string) (*Config, error) { func LoadConfig(filePath string) (*Config, error) {
if !FileExists(filePath) { exist, filePath2read := FileExists(filePath)
if !exist {
// 楔入配置文件 // 楔入配置文件
err := DefaultConfig().WriteConfig(filePath) err := DefaultConfig().WriteConfig(filePath)
if err != nil { if err != nil {
@@ -196,15 +223,22 @@ func LoadConfig(filePath string) (*Config, error) {
} }
return DefaultConfig(), nil return DefaultConfig(), nil
} }
var config Config var config Config
if _, err := toml.DecodeFile(filePath, &config); err != nil { ext := filepath.Ext(filePath2read)
if ext == ".wanf" {
if err := wanf.DecodeFile(filePath2read, &config); err != nil {
return nil, err
}
return &config, nil
}
if _, err := toml.DecodeFile(filePath2read, &config); err != nil {
return nil, err return nil, err
} }
return &config, nil return &config, nil
} }
// 写入配置文件 // WriteConfig 写入配置文件
func (c *Config) WriteConfig(filePath string) error { func (c *Config) WriteConfig(filePath string) error {
file, err := os.Create(filePath) file, err := os.Create(filePath)
if err != nil { if err != nil {
@@ -212,29 +246,63 @@ func (c *Config) WriteConfig(filePath string) error {
} }
defer file.Close() defer file.Close()
ext := filepath.Ext(filePath)
if ext == ".wanf" {
err := wanf.NewStreamEncoder(file).Encode(c)
if err != nil {
return err
}
return nil
}
encoder := toml.NewEncoder(file) encoder := toml.NewEncoder(file)
return encoder.Encode(c) return encoder.Encode(c)
} }
// 检测文件是否存在 // FileExists 检测文件是否存在
func FileExists(filename string) bool { func FileExists(filename string) (bool, string) {
_, err := os.Stat(filename) _, err := os.Stat(filename)
return !os.IsNotExist(err) if err == nil {
return true, filename
}
if os.IsNotExist(err) {
// 获取文件名(不包含路径)
base := filepath.Base(filename)
dir := filepath.Dir(filename)
// 获取扩展名
fileNameBody := strings.TrimSuffix(base, filepath.Ext(base))
// 重新组合路径, 扩展名改为.wanf, 确认是否存在
wanfFilename := filepath.Join(dir, fileNameBody+".wanf")
_, err = os.Stat(wanfFilename)
if err == nil {
// .wanf 文件存在
fmt.Printf("\n Found .wanf file: %s\n", wanfFilename)
return true, wanfFilename
} else if os.IsNotExist(err) {
// .wanf 文件不存在
return false, ""
} else {
// 其他错误
return false, ""
}
} else {
return false, filename
}
} }
// 默认配置结构体 // DefaultConfig 返回默认配置结构体
func DefaultConfig() *Config { func DefaultConfig() *Config {
return &Config{ return &Config{
Server: ServerConfig{ Server: ServerConfig{
Port: 8080, Port: 8080,
Host: "0.0.0.0", Host: "0.0.0.0",
NetLib: "netpoll", SizeLimit: 125,
GoPoolSize: 1024, MemLimit: 0,
SizeLimit: 125, Cors: "*",
MemLimit: 0, Debug: false,
H2C: true,
Cors: "*",
Debug: false,
}, },
Httpc: HttpcConfig{ Httpc: HttpcConfig{
Mode: "auto", Mode: "auto",
@@ -253,14 +321,13 @@ func DefaultConfig() *Config {
}, },
Pages: PagesConfig{ Pages: PagesConfig{
Mode: "internal", Mode: "internal",
Theme: "bootstrap", Theme: "hub",
StaticDir: "/data/www", StaticDir: "/data/www",
}, },
Log: LogConfig{ Log: LogConfig{
LogFilePath: "/data/ghproxy/log/ghproxy.log", LogFilePath: "/data/ghproxy/log/ghproxy.log",
MaxLogSize: 10, MaxLogSize: 10,
Level: "info", Level: "info",
HertZLogPath: "/data/ghproxy/log/hertz.log",
}, },
Auth: AuthConfig{ Auth: AuthConfig{
Enabled: false, Enabled: false,
@@ -279,9 +346,14 @@ func DefaultConfig() *Config {
Enabled: false, Enabled: false,
WhitelistFile: "/data/ghproxy/config/whitelist.json", WhitelistFile: "/data/ghproxy/config/whitelist.json",
}, },
IPFilter: IPFilterConfig{
Enabled: false,
IPFilterFile: "/data/ghproxy/config/ipfilter.json",
EnableAllowList: false,
EnableBlockList: false,
},
RateLimit: RateLimitConfig{ RateLimit: RateLimitConfig{
Enabled: false, Enabled: false,
RateMethod: "total",
RatePerMinute: 100, RatePerMinute: 100,
Burst: 10, Burst: 10,
BandwidthLimit: BandwidthLimitConfig{ BandwidthLimit: BandwidthLimitConfig{
@@ -298,7 +370,11 @@ func DefaultConfig() *Config {
}, },
Docker: DockerConfig{ Docker: DockerConfig{
Enabled: false, Enabled: false,
Target: "ghcr", Target: "dockerhub",
Auth: false,
Credentials: map[string]string{
"testpass": "test123",
},
}, },
} }
} }

21
config/config.toml
View File

@@ -1,12 +1,8 @@
[server] [server]
host = "0.0.0.0" host = "0.0.0.0"
port = 8080 port = 8080
netlib = "netpoll" # "netpoll" / "std" "standard" "net/http" "net"
senseClientDisconnection = false
goPoolSize = 1024
sizeLimit = 125 # MB sizeLimit = 125 # MB
memLimit = 0 # MB memLimit = 0 # MB
H2C = true
cors = "*" # "*"/"" -> "*" ; "nil" -> "" ; cors = "*" # "*"/"" -> "*" ; "nil" -> "" ;
debug = false debug = false
@@ -34,9 +30,7 @@ staticDir = "/data/www"
[log] [log]
logFilePath = "/data/ghproxy/log/ghproxy.log" logFilePath = "/data/ghproxy/log/ghproxy.log"
maxLogSize = 5 # MB maxLogSize = 5 # MB
level = "info" # dump, debug, info, warn, error, none level = "info" # debug, info, warn, error, none
async = false
hertzLogPath = "/data/ghproxy/log/hertz.log"
[auth] [auth]
method = "parameters" # "header" or "parameters" method = "parameters" # "header" or "parameters"
@@ -55,9 +49,14 @@ enabled = false
enabled = false enabled = false
whitelistFile = "/data/ghproxy/config/whitelist.json" whitelistFile = "/data/ghproxy/config/whitelist.json"
[ipFilter]
enabled = false
enableAllowList = false
enableBlockList = false
ipFilterFile = "/data/ghproxy/config/ipfilter.json"
[rateLimit] [rateLimit]
enabled = false enabled = false
rateMethod = "total" # "ip" or "total"
ratePerMinute = 180 ratePerMinute = 180
burst = 5 burst = 5
@@ -74,4 +73,8 @@ url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
[docker] [docker]
enabled = false enabled = false
target = "ghcr" # ghcr/dockerhub target = "dockerhub" # ghcr/dockerhub/ custom
auth = false
[docker.credentials]
user1 = "testpass"
test = "test123"

11
config/ipfilter.json Normal file
View File

@@ -0,0 +1,11 @@
{
"allow": [
"127.0.0.1",
"192.168.1.0/24",
"::1"
],
"block": [
"10.0.0.0/8",
"192.168.1.0/24"
]
}

398
docs/config.md
View File

@@ -1,398 +0,0 @@
# ghproxy 用户配置文档
> 弃用, 请转到 [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/)
`ghproxy` 的配置主要通过修改 `config` 目录下的 `config.toml``blacklist.json``whitelist.json` 文件来实现。本文档将详细介绍这些配置文件的作用以及用户可以自定义的配置选项。
## `config.toml` - 主配置文件
`config.toml``ghproxy` 的主配置文件,采用 TOML 格式。您可以通过修改此文件来定制 `ghproxy` 的各项功能例如服务器端口、连接设置、Git 克隆模式、日志级别、认证方式、黑白名单以及限速策略等。
以下是 `config.toml` 文件的详细配置项说明:
```toml name=config/config.toml
[server]
host = "0.0.0.0"
port = 8080
netlib = "netpoll" # "netpoll" / "std" "standard" "net/http" "net"
sizeLimit = 125 # MB
memLimit = 0 # MB
H2C = true
cors = "*" # "*"/"" -> "*" ; "nil" -> "" ;
debug = false
[httpc]
mode = "auto" # "auto" or "advanced"
maxIdleConns = 100 # only for advanced mode
maxIdleConnsPerHost = 60 # only for advanced mode
maxConnsPerHost = 0 # only for advanced mode
useCustomRawHeaders = false
[gitclone]
mode = "bypass" # bypass / cache
smartGitAddr = "http://127.0.0.1:8080"
ForceH2C = false
[shell]
editor = false
rewriteAPI = false
[pages]
mode = "internal" # "internal" or "external"
theme = "bootstrap" # "bootstrap" or "nebula"
staticDir = "/data/www"
[log]
logFilePath = "/data/ghproxy/log/ghproxy.log"
maxLogSize = 5 # MB
level = "info" # dump, debug, info, warn, error, none
hertzLogPath = "/data/ghproxy/log/hertz.log"
[auth]
method = "parameters" # "header" or "parameters"
token = "token"
key = ""
enabled = false
passThrough = false
ForceAllowApi = false
[blacklist]
blacklistFile = "/data/ghproxy/config/blacklist.json"
enabled = false
[whitelist]
enabled = false
whitelistFile = "/data/ghproxy/config/whitelist.json"
[rateLimit]
enabled = false
rateMethod = "total" # "ip" or "total"
ratePerMinute = 180
burst = 5
[rateLimit.bandwidthLimit]
enabled = false
totalLimit = "100mbps"
totalBurst = "100mbps"
singleLimit = "10mbps"
singleBurst = "10mbps"
[outbound]
enabled = false
url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
[docker]
enabled = false
target = "ghcr" # ghcr/dockerhub or "xx.example.com"
```
### 配置项详细说明
* **`[server]` - 服务器配置**
* `host`: 监听地址。
* 类型: 字符串 (`string`)
* 默认值: `"0.0.0.0"` (监听所有)
* 说明: 设置 `ghproxy` 监听的网络地址。通常设置为 `"0.0.0.0"` 以监听所有可用的网络接口。
* `port`: 监听端口。
* 类型: 整数 (`int`)
* 默认值: `8080`
* 说明: 设置 `ghproxy` 监听的端口号。
* `netlib`: 底层网络库。
* 类型: 字符串 (`string`)
* 默认值: `""` (HertZ默认处置)
* 说明: `"std"` `"standard"` `"net/http"` `"net"` 均会被设置为go标准库`net/http`, 设置为`"netpoll"`或`""`会由`HertZ`默认逻辑处理
* `sizeLimit`: 请求体大小限制。
* 类型: 整数 (`int`)
* 默认值: `125` (MB)
* 说明: 限制允许接收的请求体最大大小,单位为 MB。用于防止过大的请求导致服务压力过大。
* `memLimit`: `runtime`内存限制
* 类型: 整数 (`int64`)
* 默认值: `0` (不传入)
* 说明: 给`runtime`的指标, 让gc行为更高效
* `H2C`: 是否启用 H2C (HTTP/2 Cleartext) 传输。
* 类型: 布尔值 (`bool`)
* 默认值: `true` (启用)
* 说明: 启用后,允许客户端使用 HTTP/2 协议进行无加密传输,提升性能。
* `cors`: CORS (跨域资源共享) 设置。
* 类型: 字符串 (`string`)
* 默认值: `"*"` (允许所有来源)
* 可选值:
* `""` 或`"*"`: 允许所有来源跨域访问。
* `"nil"`: 禁用 CORS。
* 具体的域名: 例如 `"https://example.com"`,只允许来自指定域名的跨域请求。
* 说明: 配置 CORS 策略,用于控制哪些域名可以跨域访问 `ghproxy` 服务。
* `debug`: 是否启用调试模式。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 会输出更详细的日志信息,用于开发和调试。
* **`[httpc]` - HTTP 客户端配置**
* `mode`: HTTP 客户端模式。
* 类型: 字符串 (`string`)
* 默认值: `"auto"` (自动模式)
* 可选值:
* `"auto"`: 自动模式,使用默认的 HTTP 客户端配置,适用于大多数场景。
* `"advanced"`: 高级模式,允许自定义连接池参数,可以更精细地控制 HTTP 客户端的行为。
* 说明: 选择 HTTP 客户端的运行模式。
* `maxIdleConns`: 最大空闲连接数 (仅在高级模式下生效)。
* 类型: 整数 (`int`)
* 默认值: `100`
* 说明: 设置 HTTP 客户端连接池中保持的最大空闲连接数。
* `maxIdleConnsPerHost`: 每个主机最大空闲连接数 (仅在高级模式下生效)。
* 类型: 整数 (`int`)
* 默认值: `60`
* 说明: 设置 HTTP 客户端连接池中,每个主机允许保持的最大空闲连接数。
* `maxConnsPerHost`: 每个主机最大连接数 (仅在高级模式下生效)。
* 类型: 整数 (`int`)
* 默认值: `0` (不限制)
* 说明: 设置 HTTP 客户端连接池中,每个主机允许建立的最大连接数。设置为 `0` 表示不限制。
* `useCustomRawHeaders`: 使用预定义header避免github waf对应zh-CN的封锁
* 类型: 布尔值(`bool`)
* 默认值: `false`(停用)
* 说明: 启用后, 拉取raw文件会使用程序预定义的固定headers, 而不是原先的复制行为
* **`[gitclone]` - Git 克隆配置**
* `mode`: Git 克隆模式。
* 类型: 字符串 (`string`)
* 默认值: `"bypass"` (绕过模式)
* 可选值:
* `"bypass"`: 绕过模式,直接克隆 GitHub 仓库,不使用任何缓存加速。
* `"cache"`: 缓存模式,使用智能 Git 服务加速克隆,需要配置 `smartGitAddr`。
* 说明: 选择 Git 克隆的模式。
* `smartGitAddr`: 智能 Git 服务地址 (仅在缓存模式下生效)。
* 类型: 字符串 (`string`)
* 默认值: `"http://127.0.0.1:8080"`
* 说明: 当 `mode` 设置为 `"cache"` 时,需要配置智能 Git 服务的地址,用于加速 Git 克隆。
* `ForceH2C`: 是否强制使用 H2C 连接到智能 Git 服务。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (不强制)
* 说明: 如果智能 Git 服务支持 H2C可以设置为 `true` 以强制使用 H2C 连接,提升性能。
* **`[shell]` - Shell 嵌套加速功能配置**
* `editor`: 是否启用编辑(嵌套加速)功能。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后, 会修改`.sh`文件内容以实现嵌套加速
* `rewriteAPI`: 是否重写 API 地址。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 会重写脚本内的Github API地址。
* **`[pages]` - Pages 服务配置**
* `mode`: Pages 服务模式。
* 类型: 字符串 (`string`)
* 默认值: `"internal"` (内置 Pages 服务)
* 可选值:
* `"internal"`: 使用 `ghproxy` 内置的 Pages 服务。
* `"external"`: 使用外部 Pages 位置。
* 说明: 选择 Pages 服务的运行模式。
* `theme`: Pages 主题。
* 类型: 字符串 (`string`)
* 默认值: `"bootstrap"`
* 可选值: 参看[GHProxy项目前端仓库](https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend)
* 说明: 设置内置 Pages 服务使用的主题。
* `staticDir`: 静态文件目录。
* 类型: 字符串 (`string`)
* 默认值: `"/data/www"`
* 说明: 指定外置 Pages 服务使用的静态文件目录。
* **`[log]` - 日志配置**
* `logFilePath`: 日志文件路径。
* 类型: 字符串 (`string`)
* 默认值: `"/data/ghproxy/log/ghproxy.log"`
* 说明: 设置 `ghproxy` 日志文件的存储路径。
* `maxLogSize`: 最大日志文件大小。
* 类型: 整数 (`int`)
* 默认值: `5` (MB)
* 说明: 设置单个日志文件的最大大小,单位为 MB。当日志文件大小超过此限制时会进行日志轮转。
* `level`: 日志级别。
* 类型: 字符串 (`string`)
* 默认值: `"info"`
* 可选值: `"dump"`, `"debug"`, `"info"`, `"warn"`, `"error"`, `"none"`
* 说明: 设置日志输出的级别。级别越高,输出的日志信息越少。
* `"dump"`: 输出所有日志,包括最详细的调试信息。
* `"debug"`: 输出调试信息、信息、警告和错误日志。
* `"info"`: 输出信息、警告和错误日志。
* `"warn"`: 输出警告和错误日志。
* `"error"`: 仅输出错误日志。
* `"none"`: 禁用所有日志输出。
* `hertzLogPath`: `HertZ`日志文件路径。
* 类型: 字符串 (`string`)
* 默认值: `"/data/ghproxy/log/hertz.log"`
* 说明: 设置 `HertZ` 日志文件的存储路径。
* **`[auth]` - 认证配置**
* `enabled`: 是否启用认证。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,需要提供正确的认证信息才能访问 `ghproxy` 服务。
* `method`: 认证方法。
* 类型: 字符串 (`string`)
* 默认值: `"parameters"` (URL 参数)
* 可选值: `"header"` 或 `"parameters"`
* `"header"`: 通过请求头 `GH-Auth` 或自定义请求头 (通过 `key` 配置) 传递认证 Token。
* `"parameters"`: 通过 URL 参数 `auth_token` 或自定义 URL 参数名 (通过 `Key` 配置) 传递认证 Token。
* 说明: 选择认证信息传递的方式。
* `key`: 自定义认证 Key。
* 类型: 字符串 (`string`)
* 默认值: `""` (空字符串,使用默认的 `GH-Auth` 请求头或 `auth_token` URL 参数名)
* 说明: 可以自定义认证时使用的请求头名称或 URL 参数名。如果为空,则使用默认的 `GH-Auth` 请求头或 `auth_token` URL 参数名。
* `token`: 认证 Token。
* 类型: 字符串 (`string`)
* 默认值: `"token"`
* 说明: 设置认证时需要提供的 Token 值。
* `passThrough`: 是否认证参数透穿到Github。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (不允许)
* 说明: 如果设置为 `true`相关参数会被透穿到Github。
* `ForceAllowApi`: 是否强制允许 API 访问。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (不强制允许)
* 说明: 如果设置为 `true`,则强制允许对 GitHub API 的访问,即使未启用认证或认证失败。
* **`[blacklist]` - 黑名单配置**
* `enabled`: 是否启用黑名单。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 将根据 `blacklist.json` 文件中的规则阻止对特定用户或仓库的访问。
* `blacklistFile`: 黑名单文件路径。
* 类型: 字符串 (`string`)
* 默认值: `"/data/ghproxy/config/blacklist.json"`
* 说明: 指定黑名单配置文件的路径。
* **`[whitelist]` - 白名单配置**
* `enabled`: 是否启用白名单。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 将只允许访问 `whitelist.json` 文件中规则指定的用户或仓库。白名单的优先级高于黑名单。
* `whitelistFile`: 白名单文件路径。
* 类型: 字符串 (`string`)
* 默认值: `"/data/ghproxy/config/whitelist.json"`
* 说明: 指定白名单配置文件的路径。
* **`[rateLimit]` - 限速配置**
* `enabled`: 是否启用限速。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 将根据配置的策略限制请求速率,防止服务被滥用。
* `rateMethod`: 限速方法。
* 类型: 字符串 (`string`)
* 默认值: `"total"` (全局限速)
* 可选值: `"ip"` 或 `"total"`
* `"ip"`: 基于客户端 IP 地址进行限速,每个 IP 地址都有独立的速率限制。
* `"total"`: 全局限速,所有客户端共享同一个速率限制。
* 说明: 选择限速的策略。
* `ratePerMinute`: 每分钟允许的请求数。
* 类型: 整数 (`int`)
* 默认值: `180`
* 说明: 设置每分钟允许通过的最大请求数。
* `burst`: 突发请求数。
* 类型: 整数 (`int`)
* 默认值: `5`
* 说明: 允许在短时间内超过 `ratePerMinute` 的突发请求数。
* **`[rateLimit.bandwidthLimit]` 带宽速率限制**
* `enabled`: 是否启用带宽速率限制。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 将根据配置的策略限制带宽使用,防止服务被滥用。
* `totalLimit`: 全局带宽限制。
* 类型: 字符串 (`string`)
* 默认值: `"100mbps"`
* 说明: 设置全局最大带宽使用量。支持的单位有 "kbps", "mbps", "gbps"。
* `totalBurst`: 全局突发带宽。
* 类型: 字符串 (`string`)
* 默认值: `"100mbps"`
* 说明: 设置全局突发带宽使用量。支持的单位有 "kbps", "mbps", "gbps"。
* `singleLimit`: 单个连接带宽限制。
* 类型: 字符串 (`string`)
* 默认值: `"10mbps"`
* 说明: 设置单个连接的最大带宽使用量。支持的单位有 "kbps", "mbps", "gbps"。
* `singleBurst`: 单个连接突发带宽。
* 类型: 字符串 (`string`)
* 默认值: `"10mbps"`
* 说明: 设置单个连接的突发带宽使用量。支持的单位有 "kbps", "mbps", "gbps"。
* **`[outbound]` - 出站代理配置**
* `enabled`: 是否启用出站代理。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 启用后,`ghproxy` 将通过配置的代理服务器转发所有出站请求。
* `url`: 出站代理 URL。
* 类型: 字符串 (`string`)
* 默认值: `"socks5://127.0.0.1:1080"`
* 支持协议: `socks5://` 和 `http://`
* 说明: 设置出站代理服务器的 URL。支持 SOCKS5 和 HTTP 代理协议。
* **`[docker]` - Docker 镜像代理配置**
* `enabled`: 是否启用 Docker 镜像代理功能。
* 类型: 布尔值 (`bool`)
* 默认值: `false` (禁用)
* 说明: 当设置为 `true` 时,`ghproxy` 将尝试代理 Docker 镜像的下载请求,以加速从 GitHub Container Registry (GHCR) 或 Docker Hub 下载镜像。
* `target`: 代理的目标 Docker 注册表。
* 类型: 字符串 (`string`)
* 默认值: `"ghcr"` (代理 GHCR)
* 可选值: `"ghcr"` 或 `"dockerhub"`
* 说明: 指定要代理的 Docker 注册表。
* `"ghcr"`: 代理 GitHub Container Registry (ghcr.io)。
* `"dockerhub"`: 代理 Docker Hub (docker.io)。
* 自定义, 支持传入自定义target, 例如`"docker.example.com"`
## `blacklist.json` - 黑名单配置
`blacklist.json` 文件用于配置黑名单规则,阻止对特定用户或仓库的访问。
```json name=config/blacklist.json
{
"blacklist": [
"eviluser",
"spamuser/bad-repo",
"malwareuser/*"
]
}
```
### 黑名单规则说明
* `blacklist`: 一个 JSON 数组,包含黑名单规则,每条规则为一个字符串。
* **用户名**: 例如 `"eviluser"`,阻止所有名为 `eviluser` 的用户的访问。
* **仓库名**: 例如 `"spamuser/bad-repo"`,阻止访问 `spamuser` 用户下的 `bad-repo` 仓库。
* **通配符**: 例如 `"malwareuser/*"`,使用 `*` 通配符,阻止访问 `malwareuser` 用户下的所有仓库。
* **缩略写法**: 例如 `"example"`, 等同于 `"example/*"` 允许访问 `example` 用户下的所有仓库。
## `whitelist.json` - 白名单配置
`whitelist.json` 文件用于配置白名单规则,只允许访问白名单中指定的用户或仓库。白名单的优先级高于黑名单,如果一个请求同时匹配黑名单和白名单,则白名单生效,请求将被允许。
```json name=config/whitelist.json
{
"whitelist": [
"white/list",
"white/test1",
"example/*",
"example"
]
}
```
### 白名单规则说明
* `whitelist`: 一个 JSON 数组,包含白名单规则,每条规则为一个字符串。
* **仓库名**: 例如 `"white/list"`,允许访问 `white` 用户下的 `list` 仓库。
* **仓库名**: 例如 `"white/test1"`,允许访问 `white` 用户下的 `test1` 仓库。
* **通配符**: 例如 `"example/*"`,使用 `*` 通配符,允许访问 `example` 用户下的所有仓库。
* **缩略写法**: 例如 `"example"`, 等同于 `"example/*"` 允许访问 `example` 用户下的所有仓库。
---

26
docs/flag.md
View File

@@ -1,26 +0,0 @@
# Flag
> 弃用, 请转到 [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/)
GHProxy接受以下flag传入
```bash
root@root:/data/ghproxy$ ghproxy -h
-c string
config file path (default "/data/ghproxy/config/config.toml")
-cfg value
exit
-h show help message and exit
-v show version and exit
```
- `-c`
类型: `string`
默认值: `/data/ghproxy/config/config.toml`
示例: `ghproxy -c /data/ghproxy/demo.toml`
- `-cfg`
已弃用, 被`-c`替代
- `-h`
显示帮助信息
- `-v`
显示版本号

19
docs/menu.md
View File

@@ -1,19 +0,0 @@
## GHProxy 文档
> 弃用, 请转到 [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/)
### 配置文件
https://github.com/WJQSERVER-STUDIO/ghproxy/blob/main/docs/config.md
### Flag
https://github.com/WJQSERVER-STUDIO/ghproxy/blob/main/docs/flag.md
### 部署
参看 https://blog.wjqserver.com/post/ghproxy-deploy-with-smart-git/
### 前端
https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend

47
go.mod
View File

@@ -1,46 +1,27 @@
module ghproxy module ghproxy
go 1.24.3 go 1.25.1
require ( require (
github.com/BurntSushi/toml v1.5.0 github.com/BurntSushi/toml v1.5.0
github.com/WJQSERVER-STUDIO/httpc v0.7.0 github.com/WJQSERVER-STUDIO/httpc v0.8.2
github.com/WJQSERVER-STUDIO/logger v1.8.0 golang.org/x/net v0.46.0
github.com/cloudwego/hertz v0.10.1-0.20250611091639-3dde619f5598 golang.org/x/time v0.13.0
github.com/hertz-contrib/http2 v0.1.8
golang.org/x/net v0.41.0
golang.org/x/time v0.12.0
) )
require ( require (
github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2
github.com/bytedance/sonic v1.13.3 github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee
github.com/fenthope/bauth v0.0.1
github.com/fenthope/ikumi v0.0.2
github.com/fenthope/ipfilter v0.0.1
github.com/fenthope/reco v0.0.4
github.com/fenthope/record v0.0.4
github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3
github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/infinite-iroha/touka v0.4.0
github.com/wjqserver/modembed v0.0.1 github.com/wjqserver/modembed v0.0.1
) )
require ( require github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 // indirect
github.com/WJQSERVER-STUDIO/go-utils/log v0.0.3 // indirect
github.com/bytedance/gopkg v0.1.2 // indirect
github.com/bytedance/sonic/loader v0.2.4 // indirect
github.com/cloudwego/base64x v0.1.5 // indirect
github.com/cloudwego/gopkg v0.1.4 // indirect
github.com/cloudwego/netpoll v0.7.0 // indirect
github.com/fsnotify/fsnotify v1.9.0 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/klauspost/cpuid/v2 v2.2.10 // indirect
github.com/nyaruka/phonenumbers v1.6.3 // indirect
github.com/tidwall/gjson v1.18.0 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
golang.org/x/arch v0.18.0 // indirect
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
golang.org/x/sys v0.33.0 // indirect
golang.org/x/text v0.26.0 // indirect
google.golang.org/protobuf v1.36.6 // indirect
)
replace github.com/nyaruka/phonenumbers => github.com/nyaruka/phonenumbers v1.6.1 // 1.6.3 has reflect leaking

166
go.sum
View File

@@ -1,152 +1,34 @@
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 h1:JLtFd00AdFg/TP+dtvIzLkdHwKUGPOAijN1sMtEYoFg= github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2 h1:AiIHXP21LpK7pFfqUlUstgQEWzjbekZgxOuvVwiMfyM=
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4/go.mod h1:FZ6XE+4TKy4MOfX1xWKe6Rwsg0ucYFCdNh1KLvyKTfc= github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2/go.mod h1:mCLqYU32bTmEE6dpj37MKKiZgz70Jh/xyK9vVbq6pok=
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 h1:8bBkKk6E2Zr+I5szL7gyc5f0DK8N9agIJCpM1Cqw2NE= github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 h1:8bBkKk6E2Zr+I5szL7gyc5f0DK8N9agIJCpM1Cqw2NE=
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2/go.mod h1:yPX8xuZH+py7eLJwOYj3VVI/4/Yuy5+x8Mhq8qezcPg= github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2/go.mod h1:yPX8xuZH+py7eLJwOYj3VVI/4/Yuy5+x8Mhq8qezcPg=
github.com/WJQSERVER-STUDIO/go-utils/log v0.0.3 h1:t6nyLhmo9pSfVHm1Wu1WyLsTpXFSjSpQtVKqEDpiZ5Q= github.com/WJQSERVER-STUDIO/httpc v0.8.2 h1:PFPLodV0QAfGEP6915J57vIqoKu9cGuuiXG/7C9TNUk=
github.com/WJQSERVER-STUDIO/go-utils/log v0.0.3/go.mod h1:j9Q+xnwpOfve7/uJnZ2izRQw6NNoXjvJHz7vUQAaLZE= github.com/WJQSERVER-STUDIO/httpc v0.8.2/go.mod h1:8WhHVRO+olDFBSvL5PC/bdMkb6U3vRdPJ4p4pnguV5Y=
github.com/WJQSERVER-STUDIO/httpc v0.7.0 h1:iHhqlxppJBjlmvsIjvLZKRbWXqSdbeSGGofjHGmqGJc= github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee h1:tJ31DNBn6UhWkk8fiikAQWqULODM+yBcGAEar1tzdZc=
github.com/WJQSERVER-STUDIO/httpc v0.7.0/go.mod h1:M7KNUZjjhCkzzcg9lBPs9YfkImI+7vqjAyjdA19+joE= github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee/go.mod h1:q2Pyg+G+s1acMWxrbI4CwS/Yk76/BzLREEdZ8iFwUNE=
github.com/WJQSERVER-STUDIO/logger v1.8.0 h1:AQ3Qe2kxiqpuOoDlRzseGP6u4LAaJc+ng4l8P+CK7Co= github.com/fenthope/bauth v0.0.1 h1:+4UIQshGx3mYD4L3f2S4MLZOi5PWU7fU5GK3wsZvwzE=
github.com/WJQSERVER-STUDIO/logger v1.8.0/go.mod h1:yzXPtot0OvR1gzx4+rlFrv/sccUpz0gIXVBwUx3H7fM= github.com/fenthope/bauth v0.0.1/go.mod h1:1fveTpgfR1p+WXQ8MXm9BfBCeNYi55j23jxCOGOvBSA=
github.com/bytedance/gopkg v0.1.1/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM= github.com/fenthope/ikumi v0.0.2 h1:5oaSTf/Msp7M2O3o/X20omKWEQbFhX4KV0CVF21oCdk=
github.com/bytedance/gopkg v0.1.2 h1:8o2feYuxknDpN+O7kPwvSXfMEKfYvJYiA2K7aonoMEQ= github.com/fenthope/ikumi v0.0.2/go.mod h1:IYbxzOGndZv/yRrbVMyV6dxh06X2wXCbfxrTRM1IruU=
github.com/bytedance/gopkg v0.1.2/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM= github.com/fenthope/ipfilter v0.0.1 h1:HrYAyixCMvsDAz36GRyFfyCNtrgYwzrhMcY0XV7fGcM=
github.com/bytedance/mockey v1.2.12 h1:aeszOmGw8CPX8CRx1DZ/Glzb1yXvhjDh6jdFBNZjsU4= github.com/fenthope/ipfilter v0.0.1/go.mod h1:QfY0GrpG0D82HROgdH4c9eog4js42ghLIfl/iM4MvvY=
github.com/bytedance/mockey v1.2.12/go.mod h1:3ZA4MQasmqC87Tw0w7Ygdy7eHIc2xgpZ8Pona5rsYIk= github.com/fenthope/reco v0.0.4 h1:yo2g3aWwdoMpaZWZX4SdZOW7mCK82RQIU/YI8ZUQThM=
github.com/bytedance/sonic v1.13.3 h1:MS8gmaH16Gtirygw7jV91pDCN33NyMrPbN7qiYhEsF0= github.com/fenthope/reco v0.0.4/go.mod h1:eMyS8HpdMVdJ/2WJt6Cvt8P1EH9Igzj5lSJrgc+0jeg=
github.com/bytedance/sonic v1.13.3/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4= github.com/fenthope/record v0.0.4 h1:/1JHNCxiXGLL/qCh4LEGaAvhj4CcKsb6siTxjLmjdO4=
github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= github.com/fenthope/record v0.0.4/go.mod h1:G0a6KCiCDyX2SsC3nfzSN651fJKxH482AyJvzlnvAJU=
github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY= github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3 h1:02WINGfSX5w0Mn+F28UyRoSt9uvMhKguwWMlOAh6U/0=
github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI= github.com/go-json-experiment/json v0.0.0-20250910080747-cc2cfa0554c3/go.mod h1:uNVvRXArCGbZ508SxYYTC5v1JWoz2voff5pm25jU1Ok=
github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
github.com/cloudwego/gopkg v0.1.4 h1:EoQiCG4sTonTPHxOGE0VlQs+sQR+Hsi2uN0qqwu8O50=
github.com/cloudwego/gopkg v0.1.4/go.mod h1:FQuXsRWRsSqJLsMVd5SYzp8/Z1y5gXKnVvRrWUOsCMI=
github.com/cloudwego/hertz v0.10.1-0.20250611091639-3dde619f5598 h1:8tVol3hNJS7+7f7yQIkP57tZMzUV3fOhn6pQ7t4R06k=
github.com/cloudwego/hertz v0.10.1-0.20250611091639-3dde619f5598/go.mod h1:lRBohmcDkGx5TLK6QKFGdzJ6n3IXqGueHsOiXcYgXA4=
github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
github.com/cloudwego/netpoll v0.7.0 h1:bDrxQaNfijRI1zyGgXHQoE/nYegL0nr+ijO1Norelc4=
github.com/cloudwego/netpoll v0.7.0/go.mod h1:PI+YrmyS7cIr0+SD4seJz3Eo3ckkXdu2ZVKBLhURLNU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hertz-contrib/http2 v0.1.8 h1:kjfCGkUxJZHgfPsnRjx1FLJBG55KvtvSQD214guBQLw= github.com/infinite-iroha/touka v0.4.0 h1:CeHCwSkhVCWVo19q3TVwibEf4Uw4j86wz4/tt7JSLjg=
github.com/hertz-contrib/http2 v0.1.8/go.mod h1:m42hrl8fiTwE4p8c7JdRUZpkePEthvV89q3elL2GeD0= github.com/infinite-iroha/touka v0.4.0/go.mod h1:JERrP+RZEmwwzAAGGQSG1anYzeWEc6nyiSYYGsielAE=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/nyaruka/phonenumbers v1.6.1 h1:XAJcTdYow16VrVKfglznMpJZz8KMJoMjx/91sX+K940=
github.com/nyaruka/phonenumbers v1.6.1/go.mod h1:7gjs+Lchqm49adhAKB5cdcng5ZXgt6x7Jgvi0ZorUtU=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/wjqserver/modembed v0.0.1 h1:8ZDz7t9M5DLrUFlYgBUUmrMzxWsZPmHvOazkr/T2jEs= github.com/wjqserver/modembed v0.0.1 h1:8ZDz7t9M5DLrUFlYgBUUmrMzxWsZPmHvOazkr/T2jEs=
github.com/wjqserver/modembed v0.0.1/go.mod h1:sYbQJMAjSBsdYQrUsuHY380XXE1CuRh8g9yyCztTXOQ= github.com/wjqserver/modembed v0.0.1/go.mod h1:sYbQJMAjSBsdYQrUsuHY380XXE1CuRh8g9yyCztTXOQ=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
golang.org/x/arch v0.18.0 h1:WN9poc33zL4AzGxqf8VtpKUnGvMi8O9lhNyBMF/85qc= golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
golang.org/x/arch v0.18.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk= golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 h1:bsqhLWFR6G6xiQcb+JoGqdKdRU6WzPWmK8E0jxTjzo4=
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

561
main.go
View File

@@ -1,7 +1,6 @@
package main package main
import ( import (
"context"
"embed" "embed"
"flag" "flag"
"fmt" "fmt"
@@ -9,40 +8,38 @@ import (
"net/http" "net/http"
"os" "os"
"runtime/debug" "runtime/debug"
"strings"
"time" "time"
"ghproxy/api" "ghproxy/api"
"ghproxy/auth" "ghproxy/auth"
"ghproxy/config" "ghproxy/config"
"ghproxy/middleware/loggin"
"ghproxy/proxy" "ghproxy/proxy"
"ghproxy/rate"
"github.com/WJQSERVER-STUDIO/httpc"
"github.com/fenthope/bauth"
"ghproxy/weakcache" "ghproxy/weakcache"
"github.com/WJQSERVER-STUDIO/logger" "github.com/fenthope/ikumi"
"github.com/hertz-contrib/http2/factory" "github.com/fenthope/ipfilter"
"github.com/fenthope/reco"
"github.com/fenthope/record"
"github.com/infinite-iroha/touka"
"github.com/wjqserver/modembed" "github.com/wjqserver/modembed"
"golang.org/x/time/rate"
"github.com/cloudwego/hertz/pkg/app"
"github.com/cloudwego/hertz/pkg/app/middlewares/server/recovery"
"github.com/cloudwego/hertz/pkg/app/server"
"github.com/cloudwego/hertz/pkg/common/adaptor"
"github.com/cloudwego/hertz/pkg/common/hlog"
"github.com/cloudwego/hertz/pkg/network/standard"
_ "net/http/pprof" _ "net/http/pprof"
) )
var ( var (
cfg *config.Config cfg *config.Config
r *server.Hertz r *touka.Engine
configfile = "/data/ghproxy/config/config.toml" configfile = "/data/ghproxy/config/config.toml"
hertZfile *os.File httpClient *httpc.Client
cfgfile string cfgfile string
version string version string
runMode string runMode string
limiter *rate.RateLimiter
iplimiter *rate.IPRateLimiter
showVersion bool showVersion bool
showHelp bool showHelp bool
) )
@@ -57,12 +54,21 @@ var (
) )
var ( var (
logw = logger.Logw // supportedThemes 定义了所有支持的主题, 用于验证配置和动态加载
logDump = logger.LogDump supportedThemes = map[string]struct{}{
logDebug = logger.LogDebug "bootstrap": {},
logInfo = logger.LogInfo "nebula": {},
logWarning = logger.LogWarning "design": {},
logError = logger.LogError "metro": {},
"classic": {},
"mino": {},
"hub": {},
"free": {},
}
)
var (
logger *reco.Logger
) )
func readFlag() { func readFlag() {
@@ -115,7 +121,7 @@ func loadConfig() {
cfg, err = config.LoadConfig(cfgfile) cfg, err = config.LoadConfig(cfgfile)
if err != nil { if err != nil {
fmt.Printf("Failed to load config: %v\n", err) fmt.Printf("Failed to load config: %v\n", err)
// 如果配置文件加载失败也显示帮助信息并退出 // 如果配置文件加载失败, 也显示帮助信息并退出
flag.Usage() flag.Usage()
os.Exit(1) os.Exit(1)
} }
@@ -127,238 +133,162 @@ func loadConfig() {
func setupLogger(cfg *config.Config) { func setupLogger(cfg *config.Config) {
var err error var err error
if cfg.Log.Level == "" {
err = logger.Init(cfg.Log.LogFilePath, cfg.Log.MaxLogSize) cfg.Log.Level = "info"
}
recoLevel := reco.ParseLevel(cfg.Log.Level)
logger, err = reco.New(reco.Config{
Level: recoLevel,
Mode: reco.ModeText,
FilePath: cfg.Log.LogFilePath,
MaxFileSizeMB: cfg.Log.MaxLogSize,
EnableRotation: true,
Async: true,
})
if err != nil { if err != nil {
fmt.Printf("Failed to initialize logger: %v\n", err) fmt.Printf("Failed to initialize logger: %v\n", err)
os.Exit(1) os.Exit(1)
} }
err = logger.SetLogLevel(cfg.Log.Level) logger.SetLevel(recoLevel)
if err != nil {
fmt.Printf("Logger Level Error: %v\n", err)
os.Exit(1)
}
logger.SetAsync(cfg.Log.Async)
fmt.Printf("Log Level: %s\n", cfg.Log.Level) fmt.Printf("Log Level: %s\n", cfg.Log.Level)
logDebug("Config File Path: ", cfgfile) logger.Debugf("Config File Path: %s", cfgfile)
logDebug("Loaded config: %v\n", cfg) logger.Debugf("Loaded config: %v", cfg)
logInfo("Logger Initialized Successfully") logger.Infof("Logger Initialized Successfully")
}
func setupHertZLogger(cfg *config.Config) {
var err error
if cfg.Log.HertZLogPath != "" {
hertZfile, err = os.OpenFile(cfg.Log.HertZLogPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
if err != nil {
hlog.SetOutput(os.Stdout)
logWarning("Failed to open hertz log file: %v", err)
} else {
hlog.SetOutput(hertZfile)
}
hlog.SetLevel(hlog.LevelInfo)
}
} }
func setMemLimit(cfg *config.Config) { func setMemLimit(cfg *config.Config) {
if cfg.Server.MemLimit > 0 { if cfg.Server.MemLimit > 0 {
debug.SetMemoryLimit((cfg.Server.MemLimit) * 1024 * 1024) debug.SetMemoryLimit((cfg.Server.MemLimit) * 1024 * 1024)
logInfo("Set Memory Limit to %d MB", cfg.Server.MemLimit) logger.Infof("Set Memory Limit to %d MB", cfg.Server.MemLimit)
} }
} }
func loadlist(cfg *config.Config) { func loadlist(cfg *config.Config) {
auth.Init(cfg) err := auth.ListInit(cfg)
if err != nil {
logger.Errorf("Failed to initialize list: %v", err)
}
} }
func setupApi(cfg *config.Config, r *server.Hertz, version string) { func setupApi(cfg *config.Config, r *touka.Engine, version string) {
api.InitHandleRouter(cfg, r, version) api.InitHandleRouter(cfg, r, version)
} }
func setupRateLimit(cfg *config.Config) {
if cfg.RateLimit.Enabled {
if cfg.RateLimit.RateMethod == "ip" {
iplimiter = rate.NewIPRateLimiter(cfg.RateLimit.RatePerMinute, cfg.RateLimit.Burst, 1*time.Minute)
} else if cfg.RateLimit.RateMethod == "total" {
limiter = rate.New(cfg.RateLimit.RatePerMinute, cfg.RateLimit.Burst, 1*time.Minute)
} else {
logError("Invalid RateLimit Method: %s", cfg.RateLimit.RateMethod)
}
}
}
func InitReq(cfg *config.Config) { func InitReq(cfg *config.Config) {
err := proxy.InitReq(cfg) var err error
httpClient, err = proxy.InitReq(cfg)
if err != nil { if err != nil {
fmt.Printf("Failed to initialize request: %v\n", err) fmt.Printf("Failed to initialize request: %v\n", err)
os.Exit(1) os.Exit(1)
} }
} }
// loadEmbeddedPages 加载嵌入式页面资源 // initializeErrorPages 初始化嵌入的错误页面资源
// 无论页面模式(internal/external)如何, 都应执行此操作, 以确保统一的错误页面处理
func initializeErrorPages() {
pageFS := modembed.NewModTimeFS(pagesFS, time.Now())
if err := proxy.InitErrPagesFS(pageFS); err != nil {
// 这是一个警告而不是致命错误, 因为即使没有自定义错误页面, 服务器也能运行
logger.Warnf("failed to initialize embedded error pages: %v", err)
}
}
// loadEmbeddedPages 使用 map 替代 switch, 动态加载嵌入式页面和资源文件系统
func loadEmbeddedPages(cfg *config.Config) (fs.FS, fs.FS, error) { func loadEmbeddedPages(cfg *config.Config) (fs.FS, fs.FS, error) {
pageFS := modembed.NewModTimeFS(pagesFS, time.Now()) pageFS := modembed.NewModTimeFS(pagesFS, time.Now())
var pages fs.FS theme := cfg.Pages.Theme
var err error
switch cfg.Pages.Theme { // 检查主题是否受支持, 如果不支持则使用默认主题
case "bootstrap": if _, ok := supportedThemes[theme]; !ok {
pages, err = fs.Sub(pageFS, "pages/bootstrap") logger.Warnf("Invalid Pages Theme: %s, using default theme 'design'", theme)
case "nebula": theme = "design" // 默认主题
pages, err = fs.Sub(pageFS, "pages/nebula")
case "design":
pages, err = fs.Sub(pageFS, "pages/design")
case "metro":
pages, err = fs.Sub(pageFS, "pages/metro")
case "classic":
pages, err = fs.Sub(pageFS, "pages/classic")
case "mino":
pages, err = fs.Sub(pageFS, "pages/mino")
case "hub":
pages, err = fs.Sub(pageFS, "pages/hub")
default:
pages, err = fs.Sub(pageFS, "pages/design") // 默认主题
logWarning("Invalid Pages Theme: %s, using default theme 'design'", cfg.Pages.Theme)
} }
// 从嵌入式文件系统中获取主题子目录
themePath := fmt.Sprintf("pages/%s", theme)
pages, err := fs.Sub(pageFS, themePath)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("failed to load embedded pages: %w", err) return nil, nil, fmt.Errorf("failed to load embedded theme '%s': %w", theme, err)
} }
// 初始化errPagesFs // 加载共享资源文件
errPagesInitErr := proxy.InitErrPagesFS(pageFS) assets, err := fs.Sub(pageFS, "pages/assets")
if errPagesInitErr != nil {
logWarning("errPagesInitErr: %s", errPagesInitErr)
}
var assets fs.FS
assets, err = fs.Sub(pageFS, "pages/assets")
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("failed to load embedded assets: %w", err) return nil, nil, fmt.Errorf("failed to load embedded assets: %w", err)
} }
return pages, assets, nil return pages, assets, nil
} }
// setupPages 设置页面路由 // setupPages 设置页面路由, 增强了错误处理
func setupPages(cfg *config.Config, r *server.Hertz) { func setupPages(cfg *config.Config, r *touka.Engine) {
switch cfg.Pages.Mode { switch cfg.Pages.Mode {
case "internal": case "internal":
err := setInternalRoute(cfg, r) err := setInternalRoute(cfg, r)
if err != nil { if err != nil {
logError("Failed when processing internal pages: %s", err) logger.Errorf("Failed to set up internal pages, server cannot start: %s", err)
fmt.Println(err.Error()) fmt.Printf("Failed to set up internal pages, server cannot start: %s", err)
return os.Exit(1)
} }
case "external": case "external":
// 设置外部资源路径 if cfg.Pages.StaticDir == "" {
indexPagePath := fmt.Sprintf("%s/index.html", cfg.Pages.StaticDir) logger.Errorf("Pages Mode is 'external' but StaticDir is empty. Using embedded pages instead.")
faviconPath := fmt.Sprintf("%s/favicon.ico", cfg.Pages.StaticDir) err := setInternalRoute(cfg, r)
javascriptsPath := fmt.Sprintf("%s/script.js", cfg.Pages.StaticDir) if err != nil {
stylesheetsPath := fmt.Sprintf("%s/style.css", cfg.Pages.StaticDir) logger.Errorf("Failed to load embedded pages: %s", err)
bootstrapPath := fmt.Sprintf("%s/bootstrap.min.css", cfg.Pages.StaticDir) fmt.Printf("Failed to load embedded pages: %s", err)
bootstrapBundlePath := fmt.Sprintf("%s/bootstrap.bundle.min.js", cfg.Pages.StaticDir) os.Exit(1)
}
// 设置外部资源路由 } else {
r.StaticFile("/", indexPagePath) extPageFS := os.DirFS(cfg.Pages.StaticDir)
r.StaticFile("/favicon.ico", faviconPath) r.SetUnMatchFS(http.FS(extPageFS))
r.StaticFile("/script.js", javascriptsPath) }
r.StaticFile("/style.css", stylesheetsPath)
r.StaticFile("/bootstrap.min.css", bootstrapPath)
r.StaticFile("/bootstrap.bundle.min.js", bootstrapBundlePath)
default: default:
// 处理无效的Pages Mode // 处理无效的Pages Mode
logWarning("Invalid Pages Mode: %s, using default embedded theme", cfg.Pages.Mode) logger.Warnf("Invalid Pages Mode: %s, using default embedded theme", cfg.Pages.Mode)
err := setInternalRoute(cfg, r) err := setInternalRoute(cfg, r)
if err != nil { if err != nil {
logError("Failed when processing internal pages: %s", err) logger.Errorf("Failed to set up internal pages, server cannot start: %s", err)
fmt.Println(err.Error()) fmt.Printf("Failed to set up internal pages, server cannot start: %s", err)
return os.Exit(1)
} }
} }
} }
func pageCacheHeader() func(ctx context.Context, c *app.RequestContext) { var viaString string = "WJQSERVER-STUDIO/GHProxy"
return func(ctx context.Context, c *app.RequestContext) {
c.Header("Cache-Control", "public, max-age=3600, must-revalidate") func pageCacheHeader() func(c *touka.Context) {
return func(c *touka.Context) {
c.AddHeader("Cache-Control", "public, max-age=3600, must-revalidate")
c.Next()
} }
} }
func setInternalRoute(cfg *config.Config, r *server.Hertz) error { func viaHeader() func(c *touka.Context) {
return func(c *touka.Context) {
protoVersion := fmt.Sprintf("%d.%d", c.Request.ProtoMajor, c.Request.ProtoMinor)
c.AddHeader("Via", protoVersion+" "+viaString)
c.Next()
}
}
func setInternalRoute(cfg *config.Config, r *touka.Engine) error {
// 加载嵌入式资源 // 加载嵌入式资源
pages, assets, err := loadEmbeddedPages(cfg) pages, assets, err := loadEmbeddedPages(cfg)
if err != nil { if err != nil {
logError("Failed when processing pages: %s", err)
return err return err
} }
/*
// 设置嵌入式资源路由 r.HandleFunc([]string{"GET"}, "/favicon.ico", pageCacheHeader(), touka.FileServer(http.FS(assets)))
r.GET("/", func(ctx context.Context, c *app.RequestContext) { r.HandleFunc([]string{"GET"}, "/", pageCacheHeader(), touka.FileServer(http.FS(pages)))
staticServer := http.FileServer(http.FS(pages)) r.HandleFunc([]string{"GET"}, "/script.js", pageCacheHeader(), touka.FileServer(http.FS(pages)))
req, err := adaptor.GetCompatRequest(&c.Request) r.HandleFunc([]string{"GET"}, "/style.css", pageCacheHeader(), touka.FileServer(http.FS(pages)))
if err != nil { r.HandleFunc([]string{"GET"}, "/bootstrap.min.css", pageCacheHeader(), touka.FileServer(http.FS(assets)))
logError("%s", err) r.HandleFunc([]string{"GET"}, "/bootstrap.bundle.min.js", pageCacheHeader(), touka.FileServer(http.FS(assets)))
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
r.GET("/favicon.ico", func(ctx context.Context, c *app.RequestContext) {
staticServer := http.FileServer(http.FS(assets))
req, err := adaptor.GetCompatRequest(&c.Request)
if err != nil {
logError("%s", err)
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
r.GET("/script.js", func(ctx context.Context, c *app.RequestContext) {
staticServer := http.FileServer(http.FS(pages))
req, err := adaptor.GetCompatRequest(&c.Request)
if err != nil {
logError("%s", err)
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
r.GET("/style.css", func(ctx context.Context, c *app.RequestContext) {
staticServer := http.FileServer(http.FS(pages))
req, err := adaptor.GetCompatRequest(&c.Request)
if err != nil {
logError("%s", err)
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
r.GET("/bootstrap.min.css", func(ctx context.Context, c *app.RequestContext) {
staticServer := http.FileServer(http.FS(assets))
req, err := adaptor.GetCompatRequest(&c.Request)
if err != nil {
logError("%s", err)
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
r.GET("/bootstrap.bundle.min.js", func(ctx context.Context, c *app.RequestContext) {
staticServer := http.FileServer(http.FS(assets))
req, err := adaptor.GetCompatRequest(&c.Request)
if err != nil {
logError("%s", err)
return
}
staticServer.ServeHTTP(adaptor.GetCompatResponseWriter(&c.Response), req)
})
*/
r.GET("/", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(pages))))
r.GET("/favicon.ico", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(assets))))
r.GET("/script.js", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(pages))))
r.GET("/style.css", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(pages))))
r.GET("/bootstrap.min.css", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(assets))))
r.GET("/bootstrap.bundle.min.js", pageCacheHeader(), adaptor.HertzHandler(http.FileServer(http.FS(assets))))
return nil return nil
} }
@@ -366,13 +296,13 @@ func init() {
readFlag() readFlag()
flag.Parse() flag.Parse()
// 如果设置了 -h则显示帮助信息并退出 // 如果设置了 -h, 则显示帮助信息并退出
if showHelp { if showHelp {
flag.Usage() flag.Usage()
os.Exit(0) os.Exit(0)
} }
// 如果设置了 -v则显示版本号并退出 // 如果设置了 -v, 则显示版本号并退出
if showVersion { if showVersion {
fmt.Printf("GHProxy Version: %s \n", version) fmt.Printf("GHProxy Version: %s \n", version)
os.Exit(0) os.Exit(0)
@@ -381,11 +311,10 @@ func init() {
loadConfig() loadConfig()
if cfg != nil { // 在setupLogger前添加空值检查 if cfg != nil { // 在setupLogger前添加空值检查
setupLogger(cfg) setupLogger(cfg)
setupHertZLogger(cfg) initializeErrorPages()
InitReq(cfg) InitReq(cfg)
setMemLimit(cfg) setMemLimit(cfg)
loadlist(cfg) loadlist(cfg)
setupRateLimit(cfg)
if cfg.Docker.Enabled { if cfg.Docker.Enabled {
wcache = proxy.InitWeakCache() wcache = proxy.InitWeakCache()
} }
@@ -397,161 +326,184 @@ func init() {
} }
if cfg.Server.Debug { if cfg.Server.Debug {
version = "Dev" // 如果是Debug模式版本设置为"Dev" version = "Dev" // 如果是Debug模式, 版本设置为"Dev"
} }
} }
} }
var viaString string = "WJQSERVER-STUDIO/GHProxy"
func viaHeader() app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) {
protoVersion := "1.1"
c.Header("Via", protoVersion+" "+viaString)
c.Next(ctx)
}
}
func main() { func main() {
if showVersion || showHelp { if showVersion || showHelp {
return return
} }
logDebug("Run Mode: %s Netlib: %s", runMode, cfg.Server.NetLib)
if cfg == nil { if cfg == nil {
fmt.Println("Config not loaded, exiting.") fmt.Println("Config not loaded, exiting.")
return return
} }
addr := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port) r := touka.Default()
if cfg.Server.NetLib == "std" || cfg.Server.NetLib == "standard" || cfg.Server.NetLib == "net" || cfg.Server.NetLib == "net/http" { r.SetProtocols(&touka.ProtocolsConfig{
if cfg.Server.H2C { Http1: true,
r = server.New( Http2_Cleartext: true,
server.WithH2C(true), })
server.WithHostPorts(addr),
server.WithTransport(standard.NewTransporter), r.Use(touka.Recovery()) // Recovery中间件
server.WithStreamBody(true), r.SetLogger(logger)
server.WithIdleTimeout(30*time.Second), r.SetErrorHandler(proxy.UnifiedToukaErrorHandler)
) r.SetHTTPClient(httpClient)
r.AddProtocol("h2", factory.NewServerFactory()) r.Use(record.Middleware()) // log中间件
} else { r.Use(viaHeader())
r = server.New( /*
server.WithHostPorts(addr), r.Use(compress.Compression(compress.CompressOptions{
server.WithTransport(standard.NewTransporter), Algorithms: map[string]compress.AlgorithmConfig{
server.WithStreamBody(true), compress.EncodingGzip: {
server.WithIdleTimeout(30*time.Second), Level: gzip.BestCompression, // Gzip最高压缩比
) PoolEnabled: true, // 启用Gzip压缩器的对象池
} },
} else if cfg.Server.NetLib == "netpoll" || cfg.Server.NetLib == "" { compress.EncodingDeflate: {
if cfg.Server.H2C { Level: flate.DefaultCompression, // Deflate默认压缩比
r = server.New( PoolEnabled: false, // Deflate不启用对象池
server.WithH2C(true), },
server.WithHostPorts(addr), compress.EncodingZstd: {
server.WithSenseClientDisconnection(cfg.Server.SenseClientDisconnection), Level: int(zstd.SpeedBestCompression), // Zstandard最佳压缩比
server.WithStreamBody(true), PoolEnabled: true, // 启用Zstandard压缩器的对象池
server.WithIdleTimeout(30*time.Second), },
) },
r.AddProtocol("h2", factory.NewServerFactory()) }))
} else { */
r = server.New(
server.WithHostPorts(addr), if cfg.RateLimit.Enabled {
server.WithSenseClientDisconnection(cfg.Server.SenseClientDisconnection), r.Use(ikumi.TokenRateLimit(ikumi.TokenRateLimiterOptions{
server.WithStreamBody(true), Limit: rate.Limit(cfg.RateLimit.RatePerMinute),
server.WithIdleTimeout(30*time.Second), Burst: cfg.RateLimit.Burst,
) }))
}
} else {
logError("Invalid NetLib: %s", cfg.Server.NetLib)
fmt.Printf("Invalid NetLib: %s\n", cfg.Server.NetLib)
os.Exit(1)
} }
/* if cfg.IPFilter.Enabled {
if cfg.Server.GoPoolSize > 0 { var err error
gopool.SetCap(int32(cfg.Server.GoPoolSize)) ipAllowList, ipBlockList, err := auth.ReadIPFilterList(cfg)
} else { if err != nil {
gopool.SetCap(1024) fmt.Printf("Failed to read IP filter list: %v\n", err)
logger.Errorf("Failed to read IP filter list: %v", err)
os.Exit(1)
} }
*/ ipBlockFilter, err := ipfilter.NewIPFilter(ipfilter.IPFilterConfig{
EnableAllowList: cfg.IPFilter.EnableAllowList,
r.Use(recovery.Recovery()) // Recovery中间件 EnableBlockList: cfg.IPFilter.EnableBlockList,
r.Use(loggin.Middleware()) // log中间件 AllowList: ipAllowList,
r.Use(viaHeader()) BlockList: ipBlockList,
})
if err != nil {
fmt.Printf("Failed to initialize IP filter: %v\n", err)
logger.Errorf("Failed to initialize IP filter: %v", err)
os.Exit(1)
} else {
r.Use(ipBlockFilter)
}
}
setupApi(cfg, r, version) setupApi(cfg, r, version)
setupPages(cfg, r) setupPages(cfg, r)
r.SetRedirectTrailingSlash(false)
r.GET("/github.com/:user/:repo/releases/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/releases/*filepath", func(c *touka.Context) {
c.Set("matcher", "releases") // 规范化路径: 移除前导斜杠, 简化后续处理
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) filepath := c.Param("filepath")
if len(filepath) > 0 && filepath[0] == '/' {
filepath = filepath[1:]
}
isValidDownload := false
// 检查两种合法的下载链接格式
// 情况 A: "download/..."
if strings.HasPrefix(filepath, "download/") {
isValidDownload = true
} else {
// 情况 B: ":tag/download/..."
slashIndex := strings.IndexByte(filepath, '/')
// 确保 tag 部分存在 (slashIndex > 0)
if slashIndex > 0 {
pathAfterTag := filepath[slashIndex+1:]
if strings.HasPrefix(pathAfterTag, "download/") {
isValidDownload = true
}
}
}
// 根据匹配结果执行最终操作
if isValidDownload {
c.Set("matcher", "releases")
proxy.RoutingHandler(cfg)(c)
} else {
// 任何不符合下载链接格式的 'releases' 路径都被视为浏览页面并拒绝
proxy.ErrorPage(c, proxy.NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed"))
return
}
}) })
r.GET("/github.com/:user/:repo/archive/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/archive/*filepath", func(c *touka.Context) {
c.Set("matcher", "releases") c.Set("matcher", "releases")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/github.com/:user/:repo/blob/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/blob/*filepath", func(c *touka.Context) {
c.Set("matcher", "blob") c.Set("matcher", "blob")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/github.com/:user/:repo/raw/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/raw/*filepath", func(c *touka.Context) {
c.Set("matcher", "raw") c.Set("matcher", "raw")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/github.com/:user/:repo/info/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/info/*filepath", func(c *touka.Context) {
c.Set("matcher", "clone") c.Set("matcher", "clone")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/github.com/:user/:repo/git-upload-pack", func(ctx context.Context, c *app.RequestContext) { r.GET("/github.com/:user/:repo/git-upload-pack", func(c *touka.Context) {
c.Set("matcher", "clone") c.Set("matcher", "clone")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
})
r.POST("/github.com/:user/:repo/git-upload-pack", func(c *touka.Context) {
c.Set("matcher", "clone")
proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/raw.githubusercontent.com/:user/:repo/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/raw.githubusercontent.com/:user/:repo/*filepath", func(c *touka.Context) {
c.Set("matcher", "raw") c.Set("matcher", "raw")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/gist.githubusercontent.com/:user/*filepath", func(ctx context.Context, c *app.RequestContext) { r.GET("/gist.githubusercontent.com/:user/*filepath", func(c *touka.Context) {
c.Set("matcher", "gist") c.Set("matcher", "gist")
proxy.NoRouteHandler(cfg, limiter, iplimiter)(ctx, c) proxy.NoRouteHandler(cfg)(c)
}) })
r.Any("/api.github.com/repos/:user/:repo/*filepath", func(ctx context.Context, c *app.RequestContext) { r.ANY("/api.github.com/repos/:user/:repo/*filepath", func(c *touka.Context) {
c.Set("matcher", "api") c.Set("matcher", "api")
proxy.RoutingHandler(cfg, limiter, iplimiter)(ctx, c) proxy.RoutingHandler(cfg)(c)
}) })
r.GET("/v2/", func(ctx context.Context, c *app.RequestContext) { r.ANY("/v2/*path",
emptyJSON := "{}" r.UseIf(cfg.Docker.Auth, func() touka.HandlerFunc {
c.Header("Content-Type", "application/json") return bauth.BasicAuthForStatic(cfg.Docker.Credentials, "GHProxy Docker Proxy")
c.Header("Content-Length", fmt.Sprint(len(emptyJSON))) }),
proxy.OciWithImageRouting(cfg),
)
c.Header("Docker-Distribution-API-Version", "registry/2.0") r.GET("/v2", func(c *touka.Context) {
// 重定向到 /v2/
c.Status(200) c.Redirect(http.StatusMovedPermanently, "/v2/")
c.Write([]byte(emptyJSON))
}) })
r.Any("/v2/:target/:user/:repo/*filepath", func(ctx context.Context, c *app.RequestContext) { r.NoRoute(func(c *touka.Context) {
proxy.GhcrWithImageRouting(cfg)(ctx, c) proxy.NoRouteHandler(cfg)(c)
})
/*
r.Any("/v2/:target/*filepath", func(ctx context.Context, c *app.RequestContext) {
proxy.GhcrRouting(cfg)(ctx, c)
})
*/
r.NoRoute(func(ctx context.Context, c *app.RequestContext) {
proxy.NoRouteHandler(cfg, limiter, iplimiter)(ctx, c)
}) })
fmt.Printf("GHProxy Version: %s\n", version) fmt.Printf("GHProxy Version: %s\n", version)
fmt.Printf("A Go Based High-Performance Github Proxy \n") fmt.Printf("A Go Based High-Performance Github Proxy \n")
fmt.Printf("Made by WJQSERVER-STUDIO\n") fmt.Printf("Made by WJQSERVER-STUDIO\n")
fmt.Printf("Power by Touka\n")
if cfg.Server.Debug { if cfg.Server.Debug {
go func() { go func() {
@@ -563,16 +515,13 @@ func main() {
} }
defer logger.Close() defer logger.Close()
defer func() {
if hertZfile != nil {
err := hertZfile.Close()
if err != nil {
logError("Failed to close hertz log file: %v", err)
}
}
}()
r.Spin() addr := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
err := r.RunShutdown(addr)
if err != nil {
logger.Errorf("Server Run Error: %v", err)
fmt.Printf("Server Run Error: %v\n", err)
}
fmt.Println("Program Exit") fmt.Println("Program Exit")
} }

32
middleware/loggin/loggin.go
View File

@@ -1,32 +0,0 @@
package loggin
import (
"context"
"time"
"github.com/WJQSERVER-STUDIO/logger"
"github.com/cloudwego/hertz/pkg/app"
)
var (
logw = logger.Logw
logDump = logger.LogDump
logDebug = logger.LogDebug
logInfo = logger.LogInfo
logWarning = logger.LogWarning
logError = logger.LogError
)
// 日志中间件
func Middleware() app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) {
startTime := time.Now()
c.Next(ctx)
endTime := time.Now()
timingResults := endTime.Sub(startTime)
logInfo("%s %s %s %s %s %d %v ", c.ClientIP(), c.Method(), c.Request.Header.GetProtocol(), string(c.Path()), c.Request.Header.UserAgent(), c.Response.StatusCode(), timingResults)
}
}

16
middleware/nocache/nocache.go
View File

@@ -1,17 +1,15 @@
package nocache package nocache
import ( import (
"context" "github.com/infinite-iroha/touka"
"github.com/cloudwego/hertz/pkg/app"
) )
func NoCacheMiddleware() app.HandlerFunc { func NoCacheMiddleware() touka.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) { return func(c *touka.Context) {
// 设置禁止缓存的响应头 // 设置禁止缓存的响应头
c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate") c.SetHeader("Cache-Control", "no-store, no-cache, must-revalidate")
c.Response.Header.Set("Pragma", "no-cache") c.SetHeader("Pragma", "no-cache")
c.Response.Header.Set("Expires", "0") c.SetHeader("Expires", "0")
c.Next(ctx) // 继续处理请求 c.Next() // 继续处理请求
} }
} }

2
proxy/authparse.go
View File

@@ -34,7 +34,7 @@ func parseBearerWWWAuthenticateHeader(headerValue string) (*BearerAuthParams, er
trimmedPair := strings.TrimSpace(pair) trimmedPair := strings.TrimSpace(pair)
keyValue := strings.SplitN(trimmedPair, "=", 2) keyValue := strings.SplitN(trimmedPair, "=", 2)
if len(keyValue) != 2 { if len(keyValue) != 2 {
logWarning("Skipping malformed parameter '%s' in Www-Authenticate header: %s", pair, headerValue) //logWarning("Skipping malformed parameter '%s' in Www-Authenticate header: %s", pair, headerValue)
continue continue
} }
key := strings.TrimSpace(keyValue[0]) key := strings.TrimSpace(keyValue[0])

9
proxy/authpass.go
View File

@@ -4,20 +4,19 @@ import (
"ghproxy/config" "ghproxy/config"
"net/http" "net/http"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func AuthPassThrough(c *app.RequestContext, cfg *config.Config, req *http.Request) { func AuthPassThrough(c *touka.Context, cfg *config.Config, req *http.Request) {
if cfg.Auth.PassThrough { if cfg.Auth.PassThrough {
token := c.Query("token") token := c.Query("token")
if token != "" { if token != "" {
logDebug("%s %s %s %s %s Auth-PassThrough: token %s", c.ClientIP(), c.Method(), string(c.Path()), c.UserAgent(), c.Request.Header.GetProtocol(), token)
switch cfg.Auth.Method { switch cfg.Auth.Method {
case "parameters": case "parameters":
if !cfg.Auth.Enabled { if !cfg.Auth.Enabled {
req.Header.Set("Authorization", "token "+token) req.Header.Set("Authorization", "token "+token)
} else { } else {
logWarning("%s %s %s %s %s Auth-Error: Conflict Auth Method", c.ClientIP(), c.Method(), string(c.Path()), c.UserAgent(), c.Request.Header.GetProtocol()) c.Warnf("%s %s %s %s %s Auth-Error: Conflict Auth Method", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto)
ErrorPage(c, NewErrorWithStatusLookup(500, "Conflict Auth Method")) ErrorPage(c, NewErrorWithStatusLookup(500, "Conflict Auth Method"))
return return
} }
@@ -26,7 +25,7 @@ func AuthPassThrough(c *app.RequestContext, cfg *config.Config, req *http.Reques
req.Header.Set("Authorization", "token "+token) req.Header.Set("Authorization", "token "+token)
} }
default: default:
logWarning("%s %s %s %s %s Invalid Auth Method / Auth Method is not be set", c.ClientIP(), c.Method(), string(c.Path()), c.UserAgent(), c.Request.Header.GetProtocol()) c.Warnf("%s %s %s %s %s Invalid Auth Method / Auth Method is not be set", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto)
ErrorPage(c, NewErrorWithStatusLookup(500, "Invalid Auth Method / Auth Method is not be set")) ErrorPage(c, NewErrorWithStatusLookup(500, "Invalid Auth Method / Auth Method is not be set"))
return return
} }

6
proxy/bandwidth.go
View File

@@ -15,7 +15,6 @@ var (
func UnDefiendRateStringErrHandle(err error) error { func UnDefiendRateStringErrHandle(err error) error {
if errors.Is(err, &limitreader.UnDefiendRateStringErr{}) { if errors.Is(err, &limitreader.UnDefiendRateStringErr{}) {
logWarning("UnDefiendRateStringErr: %s", err)
return nil return nil
} }
return err return err
@@ -28,18 +27,15 @@ func SetGlobalRateLimit(cfg *config.Config) error {
var totalBurst rate.Limit var totalBurst rate.Limit
totalLimit, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.TotalLimit) totalLimit, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.TotalLimit)
if UnDefiendRateStringErrHandle(err) != nil { if UnDefiendRateStringErrHandle(err) != nil {
logError("Failed to parse total bandwidth limit: %v", err)
return err return err
} }
totalBurst, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.TotalBurst) totalBurst, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.TotalBurst)
if UnDefiendRateStringErrHandle(err) != nil { if UnDefiendRateStringErrHandle(err) != nil {
logError("Failed to parse total bandwidth burst: %v", err)
return err return err
} }
limitreader.SetGlobalRateLimit(totalLimit, int(totalBurst)) limitreader.SetGlobalRateLimit(totalLimit, int(totalBurst))
err = SetBandwidthLimit(cfg) err = SetBandwidthLimit(cfg)
if UnDefiendRateStringErrHandle(err) != nil { if UnDefiendRateStringErrHandle(err) != nil {
logError("Failed to set bandwidth limit: %v", err)
return err return err
} }
} else { } else {
@@ -52,12 +48,10 @@ func SetBandwidthLimit(cfg *config.Config) error {
var err error var err error
bandwidthLimit, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.SingleLimit) bandwidthLimit, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.SingleLimit)
if UnDefiendRateStringErrHandle(err) != nil { if UnDefiendRateStringErrHandle(err) != nil {
logError("Failed to parse bandwidth limit: %v", err)
return err return err
} }
bandwidthBurst, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.SingleBurst) bandwidthBurst, err = limitreader.ParseRate(cfg.RateLimit.BandwidthLimit.SingleBurst)
if UnDefiendRateStringErrHandle(err) != nil { if UnDefiendRateStringErrHandle(err) != nil {
logError("Failed to parse bandwidth burst: %v", err)
return err return err
} }
return nil return nil

70
proxy/chunkreq.go
View File

@@ -9,10 +9,10 @@ import (
"strconv" "strconv"
"github.com/WJQSERVER-STUDIO/go-utils/limitreader" "github.com/WJQSERVER-STUDIO/go-utils/limitreader"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, cfg *config.Config, matcher string) { func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *config.Config, matcher string) {
var ( var (
req *http.Request req *http.Request
@@ -23,18 +23,16 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
go func() { go func() {
<-ctx.Done() <-ctx.Done()
if resp != nil && resp.Body != nil { if resp != nil && resp.Body != nil {
err := resp.Body.Close() resp.Body.Close()
if err != nil { }
logError("Failed to close response body: %v", err) if req != nil && req.Body != nil {
} req.Body.Close()
} }
c.Abort()
}() }()
rb := client.NewRequestBuilder(string(c.Request.Method()), u) rb := client.NewRequestBuilder(c.Request.Method, u)
rb.NoDefaultHeaders() rb.NoDefaultHeaders()
//rb.SetBody(bytes.NewBuffer(c.Request.Body())) rb.SetBody(c.Request.Body)
rb.SetBody(c.RequestBodyStream())
rb.WithContext(ctx) rb.WithContext(ctx)
req, err = rb.Build() req, err = rb.Build()
@@ -60,19 +58,21 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
// 处理302情况 // 处理302情况
if resp.StatusCode == 302 || resp.StatusCode == 301 { if resp.StatusCode == 302 || resp.StatusCode == 301 {
//c.Debugf("resp header %s", resp.Header)
finalURL := resp.Header.Get("Location") finalURL := resp.Header.Get("Location")
if finalURL != "" { if finalURL != "" {
err = resp.Body.Close() err = resp.Body.Close()
if err != nil { if err != nil {
logError("Failed to close response body: %v", err) c.Errorf("Failed to close response body: %v", err)
} }
c.Request.Header.Del("Referer") c.Infof("Internal Redirecting to %s", finalURL)
logInfo("Internal Redirecting to %s", finalURL)
ChunkedProxyRequest(ctx, c, finalURL, cfg, matcher) ChunkedProxyRequest(ctx, c, finalURL, cfg, matcher)
return return
} }
} }
// 处理响应体大小限制
var ( var (
bodySize int bodySize int
contentLength string contentLength string
@@ -84,28 +84,25 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
var err error var err error
bodySize, err = strconv.Atoi(contentLength) bodySize, err = strconv.Atoi(contentLength)
if err != nil { if err != nil {
logWarning("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Method(), c.Path(), c.UserAgent(), c.Request.Header.GetProtocol(), err) c.Warnf("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, err)
bodySize = -1 bodySize = -1
} }
if err == nil && bodySize > sizelimit { if err == nil && bodySize > sizelimit {
finalURL := resp.Request.URL.String() finalURL := resp.Request.URL.String()
err = resp.Body.Close() err = resp.Body.Close()
if err != nil { if err != nil {
logError("Failed to close response body: %v", err) c.Errorf("Failed to close response body: %v", err)
} }
c.Redirect(301, []byte(finalURL)) c.Redirect(301, finalURL)
logWarning("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Method(), c.Path(), c.UserAgent(), c.Request.Header.GetProtocol(), finalURL, bodySize) c.Warnf("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, finalURL, bodySize)
return return
} }
} }
// 复制响应头,排除需要移除的 header // 复制响应头,排除需要移除的 header
for key, values := range resp.Header { c.SetHeaders(resp.Header)
if _, shouldRemove := respHeadersToRemove[key]; !shouldRemove { for key := range respHeadersToRemove {
for _, value := range values { c.DelHeader(key)
c.Header(key, value)
}
}
} }
switch cfg.Server.Cors { switch cfg.Server.Cors {
@@ -127,33 +124,30 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx) bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
} }
if MatcherShell(u) && matchString(matcher) && cfg.Shell.Editor { defer bodyReader.Close()
// 判断body是不是gzip
var compress string
if resp.Header.Get("Content-Encoding") == "gzip" {
compress = "gzip"
}
logDebug("Use Shell Editor: %s %s %s %s %s", c.ClientIP(), c.Request.Method(), u, c.Request.Header.Get("User-Agent"), c.Request.Header.GetProtocol()) if MatcherShell(u) && matchString(matcher) && cfg.Shell.Editor {
c.Header("Content-Length", "")
c.Debugf("Use Shell Editor: %s %s %s %s %s", c.ClientIP(), c.Request.Method, u, c.UserAgent(), c.Request.Proto)
c.DelHeader("Content-Length")
c.DelHeader("Content-Encoding")
var reader io.Reader var reader io.Reader
reader, _, err = processLinks(bodyReader, compress, string(c.Request.Host()), cfg) reader, _, err = processLinks(bodyReader, c.Request.Host, cfg, c)
c.SetBodyStream(reader, -1) c.WriteStream(reader)
if err != nil { if err != nil {
logError("%s %s %s %s %s Failed to copy response body: %v", c.ClientIP(), c.Request.Method(), u, c.Request.Header.Get("User-Agent"), c.Request.Header.GetProtocol(), err) c.Errorf("%s %s %s %s %s Failed to copy response body: %v", c.ClientIP(), c.Request.Method, u, c.UserAgent(), c.Request.Proto, err)
ErrorPage(c, NewErrorWithStatusLookup(500, fmt.Sprintf("Failed to copy response body: %v", err))) ErrorPage(c, NewErrorWithStatusLookup(500, fmt.Sprintf("Failed to copy response body: %v", err)))
return return
} }
} else { } else {
if contentLength != "" { if contentLength != "" {
c.SetBodyStream(bodyReader, bodySize) c.SetHeader("Content-Length", contentLength)
c.WriteStream(bodyReader)
return return
} }
c.SetBodyStream(bodyReader, -1) c.WriteStream(bodyReader)
bodyReader.Close()
} }
} }

26
proxy/dial.go
View File

@@ -7,6 +7,7 @@ package proxy
import ( import (
"ghproxy/config" "ghproxy/config"
"log"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@@ -24,7 +25,8 @@ func initTransport(cfg *config.Config, transport *http.Transport) {
// 如果代理 URL 未设置,使用环境变量中的代理配置 // 如果代理 URL 未设置,使用环境变量中的代理配置
if cfg.Outbound.Url == "" { if cfg.Outbound.Url == "" {
transport.Proxy = http.ProxyFromEnvironment transport.Proxy = http.ProxyFromEnvironment
logWarning("Outbound proxy is not set, using environment variables") //logWarning("Outbound proxy is not set, using environment variables")
log.Printf("Outbound proxy is not set, using environment variables")
return return
} }
@@ -32,7 +34,7 @@ func initTransport(cfg *config.Config, transport *http.Transport) {
proxyInfo, err := url.Parse(cfg.Outbound.Url) proxyInfo, err := url.Parse(cfg.Outbound.Url)
if err != nil { if err != nil {
// 如果解析失败,记录错误日志并使用环境变量中的代理配置 // 如果解析失败,记录错误日志并使用环境变量中的代理配置
logError("Failed to parse outbound proxy URL %v", err) log.Printf("Failed to parse outbound proxy URL %v", err)
transport.Proxy = http.ProxyFromEnvironment transport.Proxy = http.ProxyFromEnvironment
return return
} }
@@ -41,7 +43,7 @@ func initTransport(cfg *config.Config, transport *http.Transport) {
switch strings.ToLower(proxyInfo.Scheme) { switch strings.ToLower(proxyInfo.Scheme) {
case "http", "https": // 如果是 HTTP/HTTPS 代理 case "http", "https": // 如果是 HTTP/HTTPS 代理
transport.Proxy = http.ProxyURL(proxyInfo) // 设置 HTTP(S) 代理 transport.Proxy = http.ProxyURL(proxyInfo) // 设置 HTTP(S) 代理
logInfo("Using HTTP(S) proxy: %s", proxyInfo.Redacted()) log.Printf("Using HTTP(S) proxy: %s", cfg.Outbound.Url)
case "socks5": // 如果是 SOCKS5 代理 case "socks5": // 如果是 SOCKS5 代理
// 调用 newProxyDial 创建 SOCKS5 代理拨号器 // 调用 newProxyDial 创建 SOCKS5 代理拨号器
proxyDialer := newProxyDial(cfg.Outbound.Url) proxyDialer := newProxyDial(cfg.Outbound.Url)
@@ -53,11 +55,14 @@ func initTransport(cfg *config.Config, transport *http.Transport) {
} else { } else {
// 如果不支持 ContextDialer则回退到传统的 Dial 方法 // 如果不支持 ContextDialer则回退到传统的 Dial 方法
transport.Dial = proxyDialer.Dial transport.Dial = proxyDialer.Dial
logWarning("SOCKS5 dialer does not support ContextDialer, using legacy Dial") //logWarning("SOCKS5 dialer does not support ContextDialer, using legacy Dial")
log.Printf("SOCKS5 dialer does not support ContextDialer, using legacy Dial")
} }
logInfo("Using SOCKS5 proxy chain: %s", cfg.Outbound.Url) //logInfo("Using SOCKS5 proxy chain: %s", cfg.Outbound.Url)
log.Printf("Using SOCKS5 proxy chain: %s", cfg.Outbound.Url)
default: // 如果代理协议不支持 default: // 如果代理协议不支持
logError("Unsupported proxy scheme: %s", proxyInfo.Scheme) //logError("Unsupported proxy scheme: %s", proxyInfo.Scheme)
log.Printf("Unsupported proxy scheme: %s", proxyInfo.Scheme)
transport.Proxy = http.ProxyFromEnvironment // 回退到环境变量代理 transport.Proxy = http.ProxyFromEnvironment // 回退到环境变量代理
} }
} }
@@ -77,13 +82,15 @@ func newProxyDial(proxyUrls string) proxy.Dialer {
urlInfo, err := url.Parse(proxyUrl) urlInfo, err := url.Parse(proxyUrl)
if err != nil { if err != nil {
// 如果 URL 解析失败,记录错误日志并跳过 // 如果 URL 解析失败,记录错误日志并跳过
logError("Failed to parse proxy URL %q: %v", proxyUrl, err) //logError("Failed to parse proxy URL %q: %v", proxyUrl, err)
log.Printf("Failed to parse proxy URL %q: %v", proxyUrl, err)
continue continue
} }
// 检查代理协议是否为 SOCKS5 // 检查代理协议是否为 SOCKS5
if urlInfo.Scheme != "socks5" { if urlInfo.Scheme != "socks5" {
logWarning("Skipping non-SOCKS5 proxy: %s", urlInfo.Scheme) // logWarning("Skipping non-SOCKS5 proxy: %s", urlInfo.Scheme)
log.Printf("Skipping non-SOCKS5 proxy: %s", urlInfo.Scheme)
continue continue
} }
@@ -94,7 +101,8 @@ func newProxyDial(proxyUrls string) proxy.Dialer {
dialer, err := createSocksDialer(urlInfo.Host, auth, proxyDialer) dialer, err := createSocksDialer(urlInfo.Host, auth, proxyDialer)
if err != nil { if err != nil {
// 如果创建失败,记录错误日志并跳过 // 如果创建失败,记录错误日志并跳过
logError("Failed to create SOCKS5 dialer for %q: %v", proxyUrl, err) //logError("Failed to create SOCKS5 dialer for %q: %v", proxyUrl, err)
log.Printf("Failed to create SOCKS5 dialer for %q: %v", proxyUrl, err)
continue continue
} }

458
proxy/docker.go
View File

@@ -1,20 +1,21 @@
package proxy package proxy
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
json "github.com/bytedance/sonic"
"ghproxy/config"
"ghproxy/weakcache"
"io"
"net/http" "net/http"
"net/url"
"strconv" "strconv"
"strings" "strings"
"ghproxy/config"
"ghproxy/weakcache"
"github.com/WJQSERVER-STUDIO/go-utils/iox"
"github.com/WJQSERVER-STUDIO/go-utils/limitreader" "github.com/WJQSERVER-STUDIO/go-utils/limitreader"
"github.com/cloudwego/hertz/pkg/app" "github.com/go-json-experiment/json"
"github.com/infinite-iroha/touka"
) )
var ( var (
@@ -22,107 +23,206 @@ var (
ghcrTarget = "ghcr.io" ghcrTarget = "ghcr.io"
) )
// cache 用于存储认证令牌, 避免重复获取
var cache *weakcache.Cache[string] var cache *weakcache.Cache[string]
// imageInfo 结构体用于存储镜像的相关信息
type imageInfo struct { type imageInfo struct {
User string User string
Repo string Repo string
Image string Image string
} }
// InitWeakCache 初始化弱引用缓存
func InitWeakCache() *weakcache.Cache[string] { func InitWeakCache() *weakcache.Cache[string] {
// 使用默认过期时间和容量为100创建一个新的弱引用缓存
cache = weakcache.NewCache[string](weakcache.DefaultExpiration, 100) cache = weakcache.NewCache[string](weakcache.DefaultExpiration, 100)
return cache return cache
} }
func GhcrWithImageRouting(cfg *config.Config) app.HandlerFunc { var (
return func(ctx context.Context, c *app.RequestContext) { authEndpoint = "/"
passTypeMap = map[string]struct{}{
"manifests": {},
"blobs": {},
"tags": {},
"index": {},
}
)
charToFind := '.' // 处理路径各种情况
reqTarget := c.Param("target") func OciWithImageRouting(cfg *config.Config) touka.HandlerFunc {
reqImageUser := c.Param("user") return func(c *touka.Context) {
reqImageName := c.Param("repo") if !cfg.Docker.Enabled {
reqFilePath := c.Param("filepath") ErrorPage(c, NewErrorWithStatusLookup(403, "Docker proxy is not enabled"))
return
}
var (
p1 string
p2 string
p3 string
p4 string
target string
user string
repo string
extpath string
p1IsTarget bool
ignorep3 bool
imageNameForAuth string
finalreqUrl string
iInfo *imageInfo
)
ociPath := c.Param("path")
if ociPath == authEndpoint {
emptyJSON := "{}"
c.Header("Content-Type", "application/json")
c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
path := fmt.Sprintf("%s/%s/%s", reqImageUser, reqImageName, reqFilePath) c.Header("Docker-Distribution-API-Version", "registry/2.0")
target := ""
if strings.ContainsRune(reqTarget, charToFind) { c.Status(200)
c.Writer.Write([]byte(emptyJSON))
return
}
if reqTarget == "docker.io" { // 根据/分割 /:target/:user/:repo/*ext
ociPath = ociPath[1:]
i := strings.IndexByte(ociPath, '/')
if i <= 0 {
ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
return
}
p1 = ociPath[:i]
// 开始判断p1是否为target
if strings.Contains(p1, ".") || strings.Contains(p1, ":") {
p1IsTarget = true
if p1 == "docker.io" {
target = dockerhubTarget target = dockerhubTarget
} else if reqTarget == "ghcr.io" {
target = ghcrTarget
} else { } else {
target = reqTarget target = p1
} }
} else { } else {
path = string(c.Request.RequestURI()) switch cfg.Docker.Target {
reqImageUser = c.Param("target") case "ghcr":
reqImageName = c.Param("user") target = ghcrTarget
} case "dockerhub":
image := &imageInfo{ target = dockerhubTarget
User: reqImageUser, case "":
Repo: reqImageName, ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
Image: fmt.Sprintf("%s/%s", reqImageUser, reqImageName), return
default:
target = cfg.Docker.Target
}
} }
GhcrToTarget(ctx, c, cfg, target, path, image) ociPath = ociPath[i+1:]
i = strings.IndexByte(ociPath, '/')
if i <= 0 {
ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
return
}
p2 = ociPath[:i]
ociPath = ociPath[i+1:]
} // 若p2和passTypeMap匹配
if !p1IsTarget {
if _, ok := passTypeMap[p2]; ok {
ignorep3 = true
switch cfg.Docker.Target {
case "ghcr":
target = ghcrTarget
case "dockerhub":
target = dockerhubTarget
case "":
ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
return
default:
target = cfg.Docker.Target
}
user = "library"
repo = p1
extpath = "/" + p2 + "/" + ociPath
}
}
} if !ignorep3 {
i = strings.IndexByte(ociPath, '/')
func GhcrToTarget(ctx context.Context, c *app.RequestContext, cfg *config.Config, target string, path string, image *imageInfo) { if i <= 0 {
if cfg.Docker.Enabled { ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
if target != "" {
GhcrRequest(ctx, c, "https://"+target+"/v2/"+path+"?"+string(c.Request.QueryString()), image, cfg, target)
} else {
if cfg.Docker.Target == "ghcr" {
GhcrRequest(ctx, c, "https://"+ghcrTarget+string(c.Request.RequestURI()), image, cfg, ghcrTarget)
} else if cfg.Docker.Target == "dockerhub" {
GhcrRequest(ctx, c, "https://"+dockerhubTarget+string(c.Request.RequestURI()), image, cfg, dockerhubTarget)
} else if cfg.Docker.Target != "" {
// 自定义taget
GhcrRequest(ctx, c, "https://"+cfg.Docker.Target+string(c.Request.RequestURI()), image, cfg, cfg.Docker.Target)
} else {
// 配置为空
ErrorPage(c, NewErrorWithStatusLookup(403, "Docker Target is not set"))
return return
} }
p3 = ociPath[:i]
ociPath = ociPath[i+1:]
p4 = ociPath
if p1IsTarget {
if _, ok := passTypeMap[p3]; ok {
user = "library"
repo = p2
extpath = "/" + p3 + "/" + p4
} else {
user = p2
repo = p3
extpath = "/" + p4
}
} else {
switch cfg.Docker.Target {
case "ghcr":
target = ghcrTarget
case "dockerhub":
target = dockerhubTarget
case "":
ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
return
default:
target = cfg.Docker.Target
}
user = p1
repo = p2
extpath = "/" + p3 + "/" + p4
}
} }
} else { imageNameForAuth = user + "/" + repo
ErrorPage(c, NewErrorWithStatusLookup(403, "Docker is not Allowed")) finalreqUrl = "https://" + target + "/v2/" + imageNameForAuth + extpath
return if query := c.GetReqQueryString(); query != "" {
finalreqUrl += "?" + query
}
iInfo = &imageInfo{
User: user,
Repo: repo,
Image: imageNameForAuth,
}
GhcrRequest(c.Request.Context(), c, finalreqUrl, iInfo, cfg, target)
} }
} }
func GhcrRequest(ctx context.Context, c *app.RequestContext, u string, image *imageInfo, cfg *config.Config, target string) { // GhcrRequest 执行对Docker注册表的HTTP请求, 处理认证和重定向
func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageInfo, cfg *config.Config, target string) {
var ( var (
method []byte method string
req *http.Request req *http.Request
resp *http.Response resp *http.Response
err error err error
) )
go func() { method = c.Request.Method
<-ctx.Done() ghcrclient := c.GetHTTPC()
if resp != nil && resp.Body != nil { bodyByte, err := c.GetReqBodyFull()
resp.Body.Close() if err != nil {
} HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
if req != nil { return
req.Body.Close() }
}
}()
method = c.Request.Method() // 构建初始请求
rb := ghcrclient.NewRequestBuilder(method, u)
rb := ghcrclient.NewRequestBuilder(string(method), u) rb.NoDefaultHeaders() // 不使用默认头部, 以便完全控制
rb.NoDefaultHeaders() rb.SetBody(bytes.NewBuffer(bodyByte)) // 设置请求体
rb.SetBody(c.Request.BodyStream()) rb.WithContext(ctx) // 设置请求上下文
rb.WithContext(ctx)
req, err = rb.Build() req, err = rb.Build()
if err != nil { if err != nil {
@@ -130,75 +230,146 @@ func GhcrRequest(ctx context.Context, c *app.RequestContext, u string, image *im
return return
} }
c.Request.Header.VisitAll(func(key, value []byte) { // 复制客户端请求的头部到代理请求
headerKey := string(key) copyHeader(c.Request.Header, req.Header)
headerValue := string(value)
req.Header.Add(headerKey, headerValue)
})
// 确保 Accept 头部被正确设置
if acceptHeader, ok := c.Request.Header["Accept"]; ok {
req.Header["Accept"] = acceptHeader
}
// 设置 Host 头部为上游目标
req.Header.Set("Host", target) req.Header.Set("Host", target)
if image != nil {
// 尝试从缓存中获取并使用认证令牌
if image != nil && image.Image != "" {
token, exist := cache.Get(image.Image) token, exist := cache.Get(image.Image)
if exist { if exist {
logDebug("Use Cache Token: %s", token)
req.Header.Set("Authorization", "Bearer "+token) req.Header.Set("Authorization", "Bearer "+token)
} }
} }
// 发送初始请求
resp, err = ghcrclient.Do(req) resp, err = ghcrclient.Do(req)
if err != nil { if err != nil {
HandleError(c, fmt.Sprintf("Failed to send request: %v", err)) HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
return return
} }
// 处理状态码 // 处理 401 Unauthorized 或 404 Not Found 响应, 尝试重新认证并重试
if resp.StatusCode == 401 { if resp.StatusCode == 401 || resp.StatusCode == 404 {
// 请求target /v2/路径 // 对于 /v2/ 的请求不进行重试, 因为它通常用于发现认证端点
if string(c.Request.URI().Path()) != "/v2/" { shouldRetry := string(c.GetRequestURIPath()) != "/v2/"
resp.Body.Close() originalStatusCode := resp.StatusCode
if image == nil { c.Debugf("Initial request failed with status %d. Retry eligibility: %t", originalStatusCode, shouldRetry)
ErrorPage(c, NewErrorWithStatusLookup(401, "Unauthorized"))
if shouldRetry {
if image == nil || image.Image == "" {
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
ErrorPage(c, NewErrorWithStatusLookup(originalStatusCode, "Unauthorized"))
return return
} }
// 获取新的认证令牌
token := ChallengeReq(target, image, ctx, c) token := ChallengeReq(target, image, ctx, c)
// 更新kv
if token != "" { if token != "" {
logDump("Update Cache Token: %s", token) c.Debugf("Successfully obtained auth token. Retrying request.")
_ = resp.Body.Close() // 在发起重试请求前, 关闭旧的响应体
// 更新kv
c.Debugf("Update Cache Token: %s", token)
cache.Put(image.Image, token) cache.Put(image.Image, token)
}
rb := ghcrclient.NewRequestBuilder(string(method), u) // 重新构建并发送请求
rb.NoDefaultHeaders() rb_retry := ghcrclient.NewRequestBuilder(method, u)
rb.SetBody(c.Request.BodyStream()) rb_retry.NoDefaultHeaders()
rb.WithContext(ctx) rb_retry.SetBody(bytes.NewBuffer(bodyByte))
rb_retry.WithContext(ctx)
req, err = rb.Build() req_retry, err_retry := rb_retry.Build()
if err != nil { if err_retry != nil {
HandleError(c, fmt.Sprintf("Failed to create request: %v", err)) HandleError(c, fmt.Sprintf("Failed to create retry request: %v", err_retry))
return return
} }
c.Request.Header.VisitAll(func(key, value []byte) { copyHeader(c.Request.Header, req_retry.Header) // 复制原始头部
headerKey := string(key) if acceptHeader, ok := c.Request.Header["Accept"]; ok {
headerValue := string(value) req_retry.Header["Accept"] = acceptHeader
req.Header.Add(headerKey, headerValue) }
})
req.Header.Set("Host", target) req_retry.Header.Set("Host", target) // 设置 Host 头部
if token != "" { req_retry.Header.Set("Authorization", "Bearer "+token) // 使用新令牌
req.Header.Set("Authorization", "Bearer "+token)
}
resp, err = ghcrclient.Do(req) c.Debugf("Executing retry request. Method: %s, URL: %s", req_retry.Method, req_retry.URL.String())
if err != nil {
HandleError(c, fmt.Sprintf("Failed to send request: %v", err)) resp_retry, err_retry := ghcrclient.Do(req_retry)
return if err_retry != nil {
HandleError(c, fmt.Sprintf("Failed to send retry request: %v", err_retry))
return
}
c.Debugf("Retry request completed with status code: %d", resp_retry.StatusCode)
resp = resp_retry // 更新响应为重试后的响应
} else {
c.Warnf("Failed to obtain auth token. Cannot retry.")
// 获取令牌失败, 将继续处理原始的401/404响应, 其响应体仍然打开
} }
} }
}
} else if resp.StatusCode == 404 { // 错误处理(404) // 透明地处理 302 Found 或 307 Temporary Redirect 重定向
ErrorPage(c, NewErrorWithStatusLookup(404, "Page Not Found (From Github)")) if resp.StatusCode == http.StatusFound || resp.StatusCode == http.StatusTemporaryRedirect {
location := resp.Header.Get("Location")
if location == "" {
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
HandleError(c, "Redirect response missing Location header")
return
}
redirectURL, err := url.Parse(location)
if err != nil {
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
HandleError(c, fmt.Sprintf("Failed to parse redirect location: %v", err))
return
}
// 如果 Location 是相对路径, 则根据原始请求的 URL 解析为绝对路径
if !redirectURL.IsAbs() {
originalURL := resp.Request.URL
redirectURL = originalURL.ResolveReference(redirectURL)
c.Debugf("Resolved relative redirect to absolute URL: %s", redirectURL.String())
}
c.Debugf("Handling redirect. Status: %d, Final Location: %s", resp.StatusCode, redirectURL.String())
_ = resp.Body.Close() // 明确关闭重定向响应的响应体, 因为我们将发起新请求
// 创建并发送重定向请求, 通常使用 GET 方法
redirectReq, err := http.NewRequestWithContext(ctx, "GET", redirectURL.String(), nil)
if err != nil {
HandleError(c, fmt.Sprintf("Failed to create redirect request: %v", err))
return
}
redirectReq.Header.Set("User-Agent", c.Request.UserAgent()) // 复制 User-Agent
c.Debugf("Executing redirect request to: %s", redirectURL.String())
redirectResp, err := ghcrclient.Do(redirectReq)
if err != nil {
HandleError(c, fmt.Sprintf("Failed to execute redirect request to %s: %v", redirectURL.String(), err))
return
}
c.Debugf("Redirect request to %s completed with status %d", redirectURL.String(), redirectResp.StatusCode)
resp = redirectResp // 更新响应为重定向后的响应
}
// 如果最终响应是 404, 则读取响应体并返回自定义错误页面
if resp.StatusCode == 404 {
defer resp.Body.Close() // 使用defer确保在函数返回前关闭响应体
bodyBytes, err := iox.ReadAll(resp.Body)
if err != nil {
c.Warnf("Failed to read upstream 404 response body: %v", err)
} else {
c.Warnf("Upstream 404 response body: %s", string(bodyBytes))
}
ErrorPage(c, NewErrorWithStatusLookup(404, "Page Not Found (From Upstream)"))
return return
} }
@@ -208,121 +379,122 @@ func GhcrRequest(ctx context.Context, c *app.RequestContext, u string, image *im
sizelimit int sizelimit int
) )
// 获取配置中的大小限制并转换单位 (MB -> Byte)
sizelimit = cfg.Server.SizeLimit * 1024 * 1024 sizelimit = cfg.Server.SizeLimit * 1024 * 1024
contentLength = resp.Header.Get("Content-Length") contentLength = resp.Header.Get("Content-Length")
if contentLength != "" { if contentLength != "" {
var err error var err error
bodySize, err = strconv.Atoi(contentLength) bodySize, err = strconv.Atoi(contentLength)
if err != nil { if err != nil {
logWarning("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Method(), c.Path(), c.UserAgent(), c.Request.Header.GetProtocol(), err) c.Warnf("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, err)
bodySize = -1 bodySize = -1 // 无法解析则设置为 -1
} }
// 如果内容大小超出限制, 返回 301 重定向到原始上游URL
if err == nil && bodySize > sizelimit { if err == nil && bodySize > sizelimit {
finalURL := resp.Request.URL.String() finalURL := resp.Request.URL.String()
err = resp.Body.Close() _ = resp.Body.Close() // 明确关闭响应体, 因为我们将重定向而不是流式传输
if err != nil { c.Redirect(301, finalURL)
logError("Failed to close response body: %v", err) c.Warnf("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, finalURL, bodySize)
}
c.Redirect(301, []byte(finalURL))
logWarning("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Method(), c.Path(), c.UserAgent(), c.Request.Header.GetProtocol(), finalURL, bodySize)
return return
} }
} }
// 复制响应头,排除需要移除的 header // 将上游响应头部复制到客户端响应
for key, values := range resp.Header { c.SetHeaders(resp.Header)
for _, value := range values { // 设置客户端响应状态码
c.Response.Header.Add(key, value)
}
}
c.Status(resp.StatusCode) c.Status(resp.StatusCode)
// bodyReader 的所有权将转移给 SetBodyStream, 不再由此函数管理关闭
bodyReader := resp.Body bodyReader := resp.Body
// 如果启用了带宽限制, 则使用限速读取器
if cfg.RateLimit.BandwidthLimit.Enabled { if cfg.RateLimit.BandwidthLimit.Enabled {
bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx) bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
} }
// 根据 Content-Length 设置响应体流
if contentLength != "" { if contentLength != "" {
c.SetBodyStream(bodyReader, bodySize) c.SetBodyStream(bodyReader, bodySize)
return return
} }
c.SetBodyStream(bodyReader, -1) c.SetBodyStream(bodyReader, -1)
} }
// AuthToken 用于解析认证响应中的令牌
type AuthToken struct { type AuthToken struct {
Token string `json:"token"` Token string `json:"token"`
} }
func ChallengeReq(target string, image *imageInfo, ctx context.Context, c *app.RequestContext) (token string) { // ChallengeReq 执行认证挑战流程, 获取新的认证令牌
func ChallengeReq(target string, image *imageInfo, ctx context.Context, c *touka.Context) (token string) {
var resp401 *http.Response var resp401 *http.Response
var req401 *http.Request var req401 *http.Request
var err error var err error
ghcrclient := c.GetHTTPC()
// 对 /v2/ 端点发送 GET 请求以触发认证挑战
rb401 := ghcrclient.NewRequestBuilder("GET", "https://"+target+"/v2/") rb401 := ghcrclient.NewRequestBuilder("GET", "https://"+target+"/v2/")
rb401.NoDefaultHeaders() rb401.NoDefaultHeaders()
rb401.WithContext(ctx) rb401.WithContext(ctx)
rb401.AddHeader("User-Agent", "docker/28.1.1 go/go1.23.8 git-commit/01f442b kernel/6.12.25-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/28.1.1 ")
req401, err = rb401.Build() req401, err = rb401.Build()
if err != nil { if err != nil {
HandleError(c, fmt.Sprintf("Failed to create request: %v", err)) HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
return return
} }
req401.Header.Set("Host", target) req401.Header.Set("Host", target) // 设置 Host 头部
resp401, err = ghcrclient.Do(req401) resp401, err = ghcrclient.Do(req401)
if err != nil { if err != nil {
HandleError(c, fmt.Sprintf("Failed to send request: %v", err)) HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
return return
} }
defer resp401.Body.Close() defer resp401.Body.Close() // 确保响应体关闭
// 解析 Www-Authenticate 头部, 获取认证领域和参数
bearer, err := parseBearerWWWAuthenticateHeader(resp401.Header.Get("Www-Authenticate")) bearer, err := parseBearerWWWAuthenticateHeader(resp401.Header.Get("Www-Authenticate"))
if err != nil { if err != nil {
logError("Failed to parse Www-Authenticate header: %v", err) c.Errorf("Failed to parse Www-Authenticate header: %v", err)
return return
} }
// 构建认证范围 (scope), 通常是 repository:<image_name>:pull
scope := fmt.Sprintf("repository:%s:pull", image.Image) scope := fmt.Sprintf("repository:%s:pull", image.Image)
// 使用解析到的 Realm 和 Service, 以及 scope 请求认证令牌
getAuthRB := ghcrclient.NewRequestBuilder("GET", bearer.Realm). getAuthRB := ghcrclient.NewRequestBuilder("GET", bearer.Realm).
NoDefaultHeaders(). NoDefaultHeaders().
WithContext(ctx). WithContext(ctx).
AddHeader("User-Agent", "docker/28.1.1 go/go1.23.8 git-commit/01f442b kernel/6.12.25-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/28.1.1 ").
SetHeader("Host", bearer.Service). SetHeader("Host", bearer.Service).
AddQueryParam("service", bearer.Service). AddQueryParam("service", bearer.Service).
AddQueryParam("scope", scope) AddQueryParam("scope", scope)
getAuthReq, err := getAuthRB.Build() getAuthReq, err := getAuthRB.Build()
if err != nil { if err != nil {
logError("Failed to create request: %v", err) c.Errorf("Failed to create request: %v", err)
return return
} }
authResp, err := ghcrclient.Do(getAuthReq) authResp, err := ghcrclient.Do(getAuthReq)
if err != nil { if err != nil {
logError("Failed to send request: %v", err) c.Errorf("Failed to send request: %v", err)
return return
} }
defer authResp.Body.Close() // 确保响应体关闭
defer authResp.Body.Close() // 读取认证响应体
bodyBytes, err := iox.ReadAll(authResp.Body)
bodyBytes, err := io.ReadAll(authResp.Body)
if err != nil { if err != nil {
logError("Failed to read auth response body: %v", err) c.Errorf("Failed to read auth response body: %v", err)
return return
} }
// 解码json // 解码 JSON 响应以获取令牌
var authToken AuthToken var authToken AuthToken
err = json.Unmarshal(bodyBytes, &authToken) err = json.Unmarshal(bodyBytes, &authToken)
if err != nil { if err != nil {
logError("Failed to decode auth response body: %v", err) c.Errorf("Failed to decode auth response body: %v", err)
return return
} }
token = authToken.Token token = authToken.Token // 提取令牌
return token return token
} }

110
proxy/error.go
View File

@@ -11,24 +11,25 @@ import (
"html/template" "html/template"
"io/fs" "io/fs"
"github.com/WJQSERVER-STUDIO/logger"
"github.com/cloudwego/hertz/pkg/app"
lru "github.com/hashicorp/golang-lru/v2" lru "github.com/hashicorp/golang-lru/v2"
"github.com/infinite-iroha/touka"
) )
// 日志模块 func HandleError(c *touka.Context, message string) {
var (
logw = logger.Logw
logDump = logger.LogDump
logDebug = logger.LogDebug
logInfo = logger.LogInfo
logWarning = logger.LogWarning
logError = logger.LogError
)
func HandleError(c *app.RequestContext, message string) {
ErrorPage(c, NewErrorWithStatusLookup(500, message)) ErrorPage(c, NewErrorWithStatusLookup(500, message))
logError("Error handled: %s", message) c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, message)
}
func UnifiedToukaErrorHandler(c *touka.Context, code int, err error) {
errMsg := ""
if err != nil {
errMsg = err.Error()
}
c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, errMsg)
constructedGHErr := NewErrorWithStatusLookup(code, errMsg)
ErrorPage(c, constructedGHErr)
} }
type GHProxyErrors struct { type GHProxyErrors struct {
@@ -76,6 +77,25 @@ var (
StatusText: "服务器内部错误", StatusText: "服务器内部错误",
HelpInfo: "服务器处理您的请求时发生错误,请稍后重试或联系管理员。", HelpInfo: "服务器处理您的请求时发生错误,请稍后重试或联系管理员。",
} }
// 502
ErrBadGateway = &GHProxyErrors{
StatusCode: 502,
StatusDesc: "Bad Gateway",
StatusText: "网关错误",
HelpInfo: "代理服务器从上游服务器接收到无效响应。",
}
ErrServiceUnavailable = &GHProxyErrors{
StatusCode: 503,
StatusDesc: "Service Unavailable",
StatusText: "服务不可用",
HelpInfo: "服务器目前无法处理请求,通常是由于服务器过载或停机维护。",
}
ErrGatewayTimeout = &GHProxyErrors{
StatusCode: 504,
StatusDesc: "Gateway Timeout",
StatusText: "网关超时",
HelpInfo: "代理服务器未能及时从上游服务器接收到响应。",
}
) )
var statusErrorMap map[int]*GHProxyErrors var statusErrorMap map[int]*GHProxyErrors
@@ -88,6 +108,9 @@ func init() {
ErrNotFound.StatusCode: ErrNotFound, ErrNotFound.StatusCode: ErrNotFound,
ErrTooManyRequests.StatusCode: ErrTooManyRequests, ErrTooManyRequests.StatusCode: ErrTooManyRequests,
ErrInternalServerError.StatusCode: ErrInternalServerError, ErrInternalServerError.StatusCode: ErrInternalServerError,
ErrBadGateway.StatusCode: ErrBadGateway,
ErrServiceUnavailable.StatusCode: ErrServiceUnavailable,
ErrGatewayTimeout.StatusCode: ErrGatewayTimeout,
} }
} }
@@ -131,18 +154,18 @@ type ErrorPageData struct {
// ToCacheKey 为 ErrorPageData 生成一个唯一的 SHA256 字符串键。 // ToCacheKey 为 ErrorPageData 生成一个唯一的 SHA256 字符串键。
// 使用 gob 序列化来确保结构体内容到字节序列的顺序一致性,然后计算哈希。 // 使用 gob 序列化来确保结构体内容到字节序列的顺序一致性,然后计算哈希。
func (d ErrorPageData) ToCacheKey() string { func (d ErrorPageData) ToCacheKey() (string, error) {
var buf bytes.Buffer var buf bytes.Buffer
enc := gob.NewEncoder(&buf) enc := gob.NewEncoder(&buf)
err := enc.Encode(d) err := enc.Encode(d)
if err != nil { if err != nil {
logError("Failed to gob encode ErrorPageData for cache key: %v", err) //logError("Failed to gob encode ErrorPageData for cache key: %v", err)
return "" return "", fmt.Errorf("failed to gob encode ErrorPageData for cache key: %w", err)
} }
hasher := sha256.New() hasher := sha256.New()
hasher.Write(buf.Bytes()) hasher.Write(buf.Bytes())
return hex.EncodeToString(hasher.Sum(nil)) return hex.EncodeToString(hasher.Sum(nil)), nil
} }
func ErrPageUnwarper(errInfo *GHProxyErrors) ErrorPageData { func ErrPageUnwarper(errInfo *GHProxyErrors) ErrorPageData {
@@ -180,11 +203,11 @@ func NewSizedLRUCache(maxBytes int64) (*SizedLRUCache, error) {
// 当内部 LRU 缓存因其自身的条目容量限制或 RemoveOldest 方法被调用而逐出条目时, // 当内部 LRU 缓存因其自身的条目容量限制或 RemoveOldest 方法被调用而逐出条目时,
// 此回调函数会被执行,从而更新 currentBytes。 // 此回调函数会被执行,从而更新 currentBytes。
var err error var err error
c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) { //c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) {
c.cache, err = lru.NewWithEvict(10000, func(key string, value []byte) {
c.mu.Lock() c.mu.Lock()
defer c.mu.Unlock() defer c.mu.Unlock()
c.currentBytes -= int64(len(value)) c.currentBytes -= int64(len(value))
logDebug("LRU evicted key: %s, size: %d, current total: %d", key, len(value), c.currentBytes)
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@@ -206,7 +229,6 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
// 如果待添加的条目本身就大于缓存的最大容量,则不进行缓存。 // 如果待添加的条目本身就大于缓存的最大容量,则不进行缓存。
if itemSize > c.maxBytes { if itemSize > c.maxBytes {
logWarning("Item key %s (size %d) larger than cache max capacity %d. Not caching.", key, itemSize, c.maxBytes)
return return
} }
@@ -214,23 +236,19 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
if oldVal, ok := c.cache.Get(key); ok { if oldVal, ok := c.cache.Get(key); ok {
c.currentBytes -= int64(len(oldVal)) c.currentBytes -= int64(len(oldVal))
c.cache.Remove(key) c.cache.Remove(key)
logDebug("Key %s exists, removed old size %d. Current total: %d", key, len(oldVal), c.currentBytes)
} }
// 主动逐出最旧的条目,直到有足够的空间容纳新条目。 // 主动逐出最旧的条目,直到有足够的空间容纳新条目。
for c.currentBytes+itemSize > c.maxBytes && c.cache.Len() > 0 { for c.currentBytes+itemSize > c.maxBytes && c.cache.Len() > 0 {
_, oldVal, existed := c.cache.RemoveOldest() _, _, existed := c.cache.RemoveOldest()
if !existed { if !existed {
logWarning("Attempted to remove oldest, but item not found.")
break break
} }
logDebug("Proactively evicted item (size %d) to free space. Current total: %d", len(oldVal), c.currentBytes)
} }
// 添加新条目到内部 LRU 缓存。 // 添加新条目到内部 LRU 缓存。
c.cache.Add(key, value) c.cache.Add(key, value)
c.currentBytes += itemSize // 手动增加新条目的大小到 currentBytes。 c.currentBytes += itemSize // 手动增加新条目的大小到 currentBytes。
logDebug("Item added: key %s, size: %d, current total: %d", key, itemSize, c.currentBytes)
} }
const maxErrorPageCacheBytes = 512 * 1024 // 错误页面缓存的最大容量512KB const maxErrorPageCacheBytes = 512 * 1024 // 错误页面缓存的最大容量512KB
@@ -242,7 +260,6 @@ func init() {
var err error var err error
errorPageCache, err = NewSizedLRUCache(maxErrorPageCacheBytes) errorPageCache, err = NewSizedLRUCache(maxErrorPageCacheBytes)
if err != nil { if err != nil {
logError("Failed to initialize error page LRU cache: %v", err)
panic(err) panic(err)
} }
} }
@@ -293,37 +310,60 @@ func htmlTemplateRender(data interface{}) ([]byte, error) {
return buf.Bytes(), nil return buf.Bytes(), nil
} }
func ErrorPage(c *app.RequestContext, errInfo *GHProxyErrors) { func ErrorPage(c *touka.Context, errInfo *GHProxyErrors) {
select {
case <-c.Request.Context().Done():
return
default:
if c.Writer.Written() {
return
}
}
// 将 errInfo 转换为 ErrorPageData 结构体 // 将 errInfo 转换为 ErrorPageData 结构体
var err error
var cacheKey string
pageDataStruct := ErrPageUnwarper(errInfo) pageDataStruct := ErrPageUnwarper(errInfo)
// 使用 ErrorPageData 生成一个唯一的 SHA256 缓存键 // 使用 ErrorPageData 生成一个唯一的 SHA256 缓存键
cacheKey := pageDataStruct.ToCacheKey() cacheKey, err = pageDataStruct.ToCacheKey()
if err != nil {
c.Warnf("Failed to generate cache key for error page: %v", err)
fallbackErrorJson(c, errInfo)
return
}
// 检查生成的缓存键是否为空,这可能表示序列化或哈希计算失败
if cacheKey == "" { if cacheKey == "" {
c.JSON(errInfo.StatusCode, map[string]string{"error": errInfo.ErrorMessage}) c.JSON(errInfo.StatusCode, map[string]string{"error": errInfo.ErrorMessage})
logWarning("Failed to generate cache key for error page: %v", errInfo) c.Warnf("Failed to generate cache key for error page: %v", errInfo)
return return
} }
var pageData []byte var pageData []byte
var err error
// 尝试从缓存中获取页面数据 // 尝试从缓存中获取页面数据
if cachedPage, found := errorPageCache.Get(cacheKey); found { if cachedPage, found := errorPageCache.Get(cacheKey); found {
pageData = cachedPage pageData = cachedPage
logDebug("Serving error page from cache (Key: %s)", cacheKey) c.Debugf("Serving error page from cache (Key: %s)", cacheKey)
} else { } else {
// 如果不在缓存中,则渲染页面 // 如果不在缓存中,则渲染页面
pageData, err = htmlTemplateRender(pageDataStruct) pageData, err = htmlTemplateRender(pageDataStruct)
if err != nil { if err != nil {
c.JSON(errInfo.StatusCode, map[string]string{"error": errInfo.ErrorMessage}) c.JSON(errInfo.StatusCode, map[string]string{"error": errInfo.ErrorMessage})
logWarning("Failed to render error page for status %d (Key: %s): %v", errInfo.StatusCode, cacheKey, err) c.Warnf("Failed to render error page for status %d (Key: %s): %v", errInfo.StatusCode, cacheKey, err)
return return
} }
// 将渲染结果存入缓存 // 将渲染结果存入缓存
errorPageCache.Add(cacheKey, pageData) errorPageCache.Add(cacheKey, pageData)
logDebug("Cached error page (Key: %s, Size: %d bytes)", cacheKey, len(pageData)) c.Debugf("Cached error page (Key: %s, Size: %d bytes)", cacheKey, len(pageData))
} }
c.Data(errInfo.StatusCode, "text/html; charset=utf-8", pageData) c.Raw(errInfo.StatusCode, "text/html; charset=utf-8", pageData)
}
func fallbackErrorJson(c *touka.Context, errInfo *GHProxyErrors) {
c.JSON(errInfo.StatusCode, map[string]string{"error": errInfo.ErrorMessage})
} }

60
proxy/gitreq.go
View File

@@ -1,7 +1,6 @@
package proxy package proxy
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
@@ -9,32 +8,20 @@ import (
"strconv" "strconv"
"github.com/WJQSERVER-STUDIO/go-utils/limitreader" "github.com/WJQSERVER-STUDIO/go-utils/limitreader"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Config, mode string) { func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config, mode string) {
var ( var (
req *http.Request
resp *http.Response resp *http.Response
err error
) )
go func() { reqBodyReader, err := c.GetReqBodyBuffer()
<-ctx.Done() if err != nil {
if resp != nil && resp.Body != nil { HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
err = resp.Body.Close() return
if err != nil { }
logError("Failed to close response body: %v", err)
}
}
}()
method := string(c.Request.Method())
reqBodyReader := bytes.NewBuffer(c.Request.Body())
//bodyReader := c.Request.BodyStream() // 不可替换为此实现
if cfg.GitClone.Mode == "cache" { if cfg.GitClone.Mode == "cache" {
userPath, repoPath, remainingPath, queryParams, err := extractParts(u) userPath, repoPath, remainingPath, queryParams, err := extractParts(u)
@@ -43,16 +30,20 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
return return
} }
// 构建新url // 构建新url
u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + "?" + queryParams.Encode() var paramStr string
if len(queryParams) > 0 {
paramStr = "?" + queryParams.Encode()
}
u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + paramStr
} }
if cfg.GitClone.Mode == "cache" { if cfg.GitClone.Mode == "cache" {
rb := gitclient.NewRequestBuilder(method, u) rb := gitclient.NewRequestBuilder(c.Request.Method, u)
rb.NoDefaultHeaders() rb.NoDefaultHeaders()
rb.SetBody(reqBodyReader) rb.SetBody(reqBodyReader)
rb.WithContext(ctx) rb.WithContext(ctx)
req, err = rb.Build() req, err := rb.Build()
if err != nil { if err != nil {
HandleError(c, fmt.Sprintf("Failed to create request: %v", err)) HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
return return
@@ -66,8 +57,9 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
HandleError(c, fmt.Sprintf("Failed to send request: %v", err)) HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
return return
} }
defer resp.Body.Close()
} else { } else {
rb := client.NewRequestBuilder(string(c.Request.Method()), u) rb := client.NewRequestBuilder(c.Request.Method, u)
rb.NoDefaultHeaders() rb.NoDefaultHeaders()
rb.SetBody(reqBodyReader) rb.SetBody(reqBodyReader)
rb.WithContext(ctx) rb.WithContext(ctx)
@@ -86,6 +78,7 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
HandleError(c, fmt.Sprintf("Failed to send request: %v", err)) HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
return return
} }
defer resp.Body.Close()
} }
contentLength := resp.Header.Get("Content-Length") contentLength := resp.Header.Get("Content-Length")
@@ -93,21 +86,17 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
size, err := strconv.Atoi(contentLength) size, err := strconv.Atoi(contentLength)
sizelimit := cfg.Server.SizeLimit * 1024 * 1024 sizelimit := cfg.Server.SizeLimit * 1024 * 1024
if err != nil { if err != nil {
logWarning("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Method(), c.Path(), c.UserAgent(), c.Request.Header.GetProtocol(), err) c.Warnf("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, err)
} }
if err == nil && size > sizelimit { if err == nil && size > sizelimit {
finalURL := []byte(resp.Request.URL.String()) finalURL := resp.Request.URL.String()
c.Redirect(http.StatusMovedPermanently, finalURL) c.Redirect(http.StatusMovedPermanently, finalURL)
logWarning("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Method(), c.Path(), c.Request.Header.Get("User-Agent"), c.Request.Header.GetProtocol(), finalURL, size) c.Warnf("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, finalURL, size)
return return
} }
} }
for key, values := range resp.Header { c.SetHeaders(resp.Header)
for _, value := range values {
c.Response.Header.Add(key, value)
}
}
headersToRemove := map[string]struct{}{ headersToRemove := map[string]struct{}{
"Content-Security-Policy": {}, "Content-Security-Policy": {},
@@ -132,9 +121,9 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
c.Status(resp.StatusCode) c.Status(resp.StatusCode)
if cfg.GitClone.Mode == "cache" { if cfg.GitClone.Mode == "cache" {
c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate") c.SetHeader("Cache-Control", "no-store, no-cache, must-revalidate")
c.Response.Header.Set("Pragma", "no-cache") c.SetHeader("Pragma", "no-cache")
c.Response.Header.Set("Expires", "0") c.SetHeader("Expires", "0")
} }
bodyReader := resp.Body bodyReader := resp.Body
@@ -144,5 +133,4 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
} }
c.SetBodyStream(bodyReader, -1) c.SetBodyStream(bodyReader, -1)
bodyReader.Close()
} }

29
proxy/handler.go
View File

@@ -1,39 +1,33 @@
package proxy package proxy
import ( import (
"context"
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
"ghproxy/rate"
"regexp" "regexp"
"strings" "strings"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
var re = regexp.MustCompile(`^(http:|https:)?/?/?(.*)`) // 匹配http://或https://开头的路径 var re = regexp.MustCompile(`^(http:|https:)?/?/?(.*)`) // 匹配http://或https://开头的路径
func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc { func NoRouteHandler(cfg *config.Config) touka.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) { return func(c *touka.Context) {
var ctx = c.Request.Context()
var shoudBreak bool var shoudBreak bool
shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
if shoudBreak {
return
}
var ( var (
rawPath string rawPath string
matches []string matches []string
) )
rawPath = strings.TrimPrefix(string(c.Request.RequestURI()), "/") // 去掉前缀/ rawPath = strings.TrimPrefix(c.GetRequestURI(), "/") // 去掉前缀/
matches = re.FindStringSubmatch(rawPath) // 匹配路径 matches = re.FindStringSubmatch(rawPath) // 匹配路径
// 匹配路径错误处理 // 匹配路径错误处理
if len(matches) < 3 { if len(matches) < 3 {
logWarning("%s %s %s %s %s Invalid URL", c.ClientIP(), c.Method(), c.Path(), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol()) c.Warnf("%s %s %s %s %s Invalid URL", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto)
ErrorPage(c, NewErrorWithStatusLookup(400, fmt.Sprintf("Invalid URL Format: %s", c.Path()))) ErrorPage(c, NewErrorWithStatusLookup(400, fmt.Sprintf("Invalid URL Format: %s", c.GetRequestURI())))
return return
} }
@@ -53,9 +47,6 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
return return
} }
logDump("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
logDump("%s", c.Request.Header.Header())
shoudBreak = listCheck(cfg, c, user, repo, rawPath) shoudBreak = listCheck(cfg, c, user, repo, rawPath)
if shoudBreak { if shoudBreak {
return return
@@ -74,8 +65,6 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
matcher = "raw" matcher = "raw"
} }
logDebug("Matched: %v", matcher)
switch matcher { switch matcher {
case "releases", "blob", "raw", "gist", "api": case "releases", "blob", "raw", "gist", "api":
ChunkedProxyRequest(ctx, c, rawPath, cfg, matcher) ChunkedProxyRequest(ctx, c, rawPath, cfg, matcher)
@@ -83,7 +72,7 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
GitReq(ctx, c, rawPath, cfg, "git") GitReq(ctx, c, rawPath, cfg, "git")
default: default:
ErrorPage(c, NewErrorWithStatusLookup(500, "Matched But Not Matched")) ErrorPage(c, NewErrorWithStatusLookup(500, "Matched But Not Matched"))
logError("Matched But Not Matched Path: %s rawPath: %s matcher: %s", c.Path(), rawPath, matcher) c.Errorf("Matched But Not Matched Path: %s rawPath: %s matcher: %s", c.GetRequestURIPath(), rawPath, matcher)
return return
} }
} }

154
proxy/httpc.go
View File

@@ -1,7 +1,6 @@
package proxy package proxy
import ( import (
"fmt"
"ghproxy/config" "ghproxy/config"
"net/http" "net/http"
"time" "time"
@@ -12,42 +11,40 @@ import (
var BufferSize int = 32 * 1024 // 32KB var BufferSize int = 32 * 1024 // 32KB
var ( var (
tr *http.Transport tr *http.Transport
gittr *http.Transport gittr *http.Transport
client *httpc.Client client *httpc.Client
gitclient *httpc.Client gitclient *httpc.Client
ghcrtr *http.Transport
ghcrclient *httpc.Client
) )
func InitReq(cfg *config.Config) error { func InitReq(cfg *config.Config) (*httpc.Client, error) {
initHTTPClient(cfg) client := initHTTPClient(cfg)
if cfg.GitClone.Mode == "cache" { if cfg.GitClone.Mode == "cache" {
initGitHTTPClient(cfg) initGitHTTPClient(cfg)
} }
initGhcrHTTPClient(cfg)
err := SetGlobalRateLimit(cfg) err := SetGlobalRateLimit(cfg)
if err != nil { if err != nil {
return err return nil, err
} }
return nil return client, nil
} }
func initHTTPClient(cfg *config.Config) { func initHTTPClient(cfg *config.Config) *httpc.Client {
var proTolcols = new(http.Protocols) var proTolcols = new(http.Protocols)
proTolcols.SetHTTP1(true) proTolcols.SetHTTP1(true)
proTolcols.SetHTTP2(true) proTolcols.SetHTTP2(true)
proTolcols.SetUnencryptedHTTP2(true) proTolcols.SetUnencryptedHTTP2(true)
if cfg.Httpc.Mode == "auto" {
switch cfg.Httpc.Mode {
case "auto", "":
tr = &http.Transport{ tr = &http.Transport{
IdleConnTimeout: 30 * time.Second, IdleConnTimeout: 30 * time.Second,
WriteBufferSize: 32 * 1024, // 32KB WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB ReadBufferSize: 32 * 1024, // 32KB
Protocols: proTolcols, Protocols: proTolcols,
} }
} else if cfg.Httpc.Mode == "advanced" { case "advanced":
tr = &http.Transport{ tr = &http.Transport{
MaxIdleConns: cfg.Httpc.MaxIdleConns, MaxIdleConns: cfg.Httpc.MaxIdleConns,
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost, MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
@@ -56,18 +53,10 @@ func initHTTPClient(cfg *config.Config) {
ReadBufferSize: 32 * 1024, // 32KB ReadBufferSize: 32 * 1024, // 32KB
Protocols: proTolcols, Protocols: proTolcols,
} }
} else { default:
// 错误的模式 panic("unknown httpc mode: " + cfg.Httpc.Mode)
logError("unknown httpc mode: %s", cfg.Httpc.Mode)
fmt.Println("unknown httpc mode: ", cfg.Httpc.Mode)
logWarning("use Auto to Run HTTP Client")
fmt.Println("use Auto to Run HTTP Client")
tr = &http.Transport{
IdleConnTimeout: 30 * time.Second,
WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB
}
} }
if cfg.Outbound.Enabled { if cfg.Outbound.Enabled {
initTransport(cfg, tr) initTransport(cfg, tr)
} }
@@ -81,18 +70,18 @@ func initHTTPClient(cfg *config.Config) {
httpc.WithTransport(tr), httpc.WithTransport(tr),
) )
} }
return client
} }
func initGitHTTPClient(cfg *config.Config) { func initGitHTTPClient(cfg *config.Config) {
switch cfg.Httpc.Mode {
if cfg.Httpc.Mode == "auto" { case "auto", "":
gittr = &http.Transport{ gittr = &http.Transport{
IdleConnTimeout: 30 * time.Second, IdleConnTimeout: 30 * time.Second,
WriteBufferSize: 32 * 1024, // 32KB WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB ReadBufferSize: 32 * 1024, // 32KB
} }
} else if cfg.Httpc.Mode == "advanced" { case "advanced":
gittr = &http.Transport{ gittr = &http.Transport{
MaxIdleConns: cfg.Httpc.MaxIdleConns, MaxIdleConns: cfg.Httpc.MaxIdleConns,
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost, MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
@@ -100,103 +89,30 @@ func initGitHTTPClient(cfg *config.Config) {
WriteBufferSize: 32 * 1024, // 32KB WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB ReadBufferSize: 32 * 1024, // 32KB
} }
} else { default:
// 错误的模式 panic("unknown httpc mode: " + cfg.Httpc.Mode)
logError("unknown httpc mode: %s", cfg.Httpc.Mode)
fmt.Println("unknown httpc mode: ", cfg.Httpc.Mode)
logWarning("use Auto to Run HTTP Client")
fmt.Println("use Auto to Run HTTP Client")
gittr = &http.Transport{
//MaxIdleConns: 160,
IdleConnTimeout: 30 * time.Second,
WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB
}
} }
if cfg.Outbound.Enabled { if cfg.Outbound.Enabled {
initTransport(cfg, gittr) initTransport(cfg, gittr)
} }
if cfg.Server.Debug && cfg.GitClone.ForceH2C {
gitclient = httpc.New(
httpc.WithTransport(gittr),
httpc.WithDumpLog(),
httpc.WithProtocols(httpc.ProtocolsConfig{
ForceH2C: true,
}),
)
} else if !cfg.Server.Debug && cfg.GitClone.ForceH2C {
gitclient = httpc.New(
httpc.WithTransport(gittr),
httpc.WithProtocols(httpc.ProtocolsConfig{
ForceH2C: true,
}),
)
} else if cfg.Server.Debug && !cfg.GitClone.ForceH2C {
gitclient = httpc.New(
httpc.WithTransport(gittr),
httpc.WithDumpLog(),
httpc.WithProtocols(httpc.ProtocolsConfig{
Http1: true,
Http2: true,
Http2_Cleartext: true,
}),
)
} else {
gitclient = httpc.New(
httpc.WithTransport(gittr),
httpc.WithProtocols(httpc.ProtocolsConfig{
Http1: true,
Http2: true,
Http2_Cleartext: true,
}),
)
}
}
func initGhcrHTTPClient(cfg *config.Config) { var opts []httpc.Option // 使用切片来收集选项
var proTolcols = new(http.Protocols) opts = append(opts, httpc.WithTransport(gittr))
proTolcols.SetHTTP1(true) var protocolsConfig httpc.ProtocolsConfig
proTolcols.SetHTTP2(true)
if cfg.Httpc.Mode == "auto" {
ghcrtr = &http.Transport{ if cfg.GitClone.ForceH2C {
IdleConnTimeout: 30 * time.Second, protocolsConfig.ForceH2C = true
WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB
Protocols: proTolcols,
}
} else if cfg.Httpc.Mode == "advanced" {
ghcrtr = &http.Transport{
MaxIdleConns: cfg.Httpc.MaxIdleConns,
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
MaxIdleConnsPerHost: cfg.Httpc.MaxIdleConnsPerHost,
WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB
Protocols: proTolcols,
}
} else { } else {
// 错误的模式 protocolsConfig.Http1 = true
logError("unknown httpc mode: %s", cfg.Httpc.Mode) protocolsConfig.Http2 = true
fmt.Println("unknown httpc mode: ", cfg.Httpc.Mode) protocolsConfig.Http2_Cleartext = true
logWarning("use Auto to Run HTTP Client")
fmt.Println("use Auto to Run HTTP Client")
ghcrtr = &http.Transport{
IdleConnTimeout: 30 * time.Second,
WriteBufferSize: 32 * 1024, // 32KB
ReadBufferSize: 32 * 1024, // 32KB
}
}
if cfg.Outbound.Enabled {
initTransport(cfg, ghcrtr)
} }
opts = append(opts, httpc.WithProtocols(protocolsConfig))
if cfg.Server.Debug { if cfg.Server.Debug {
ghcrclient = httpc.New( opts = append(opts, httpc.WithDumpLog())
httpc.WithTransport(ghcrtr),
httpc.WithDumpLog(),
)
} else {
ghcrclient = httpc.New(
httpc.WithTransport(ghcrtr),
)
} }
gitclient = httpc.New(opts...)
} }

252
proxy/match.go
View File

@@ -10,11 +10,6 @@ import (
) )
var ( var (
githubPrefix = "https://github.com/"
rawPrefix = "https://raw.githubusercontent.com/"
gistPrefix = "https://gist.github.com/"
gistContentPrefix = "https://gist.githubusercontent.com/"
apiPrefix = "https://api.github.com/"
githubPrefixLen int githubPrefixLen int
rawPrefixLen int rawPrefixLen int
gistPrefixLen int gistPrefixLen int
@@ -22,48 +17,90 @@ var (
apiPrefixLen int apiPrefixLen int
) )
const (
githubPrefix = "https://github.com/"
rawPrefix = "https://raw.githubusercontent.com/"
gistPrefix = "https://gist.github.com/"
gistContentPrefix = "https://gist.githubusercontent.com/"
apiPrefix = "https://api.github.com/"
ociv2Prefix = "https://v2/"
releasesDownloadSnippet = "releases/download/"
)
func init() { func init() {
githubPrefixLen = len(githubPrefix) githubPrefixLen = len(githubPrefix)
rawPrefixLen = len(rawPrefix) rawPrefixLen = len(rawPrefix)
gistPrefixLen = len(gistPrefix) gistPrefixLen = len(gistPrefix)
apiPrefixLen = len(apiPrefix)
gistContentPrefixLen = len(gistContentPrefix) gistContentPrefixLen = len(gistContentPrefix)
//log.Printf("githubPrefixLen: %d, rawPrefixLen: %d, gistPrefixLen: %d, apiPrefixLen: %d", githubPrefixLen, rawPrefixLen, gistPrefixLen, apiPrefixLen) apiPrefixLen = len(apiPrefix)
} }
// Matcher 从原始URL路径中高效地解析并匹配代理规则. // Matcher 从原始URL路径中高效地解析并匹配代理规则.
func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) { func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
if len(rawPath) < 18 { /*
return "", "", "", NewErrorWithStatusLookup(404, "path too short") if len(rawPath) < 18 {
} return "", "", "", NewErrorWithStatusLookup(404, "path too short")
}
*/
// 匹配 "https://github.com/" // 匹配 "https://github.com/"
if strings.HasPrefix(rawPath, githubPrefix) { if strings.HasPrefix(rawPath, githubPrefix) {
remaining := rawPath[githubPrefixLen:] pathAfterDomain := rawPath[githubPrefixLen:]
i := strings.IndexByte(remaining, '/')
// 解析 user
i := strings.IndexByte(pathAfterDomain, '/')
if i <= 0 { if i <= 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing user") return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing user")
} }
user := remaining[:i] user := pathAfterDomain[:i]
remaining = remaining[i+1:] pathAfterUser := pathAfterDomain[i+1:]
i = strings.IndexByte(remaining, '/')
// 解析 repo
i = strings.IndexByte(pathAfterUser, '/')
if i <= 0 { if i <= 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing repo")
}
repo := remaining[:i]
remaining = remaining[i+1:]
if len(remaining) == 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action") return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
} }
i = strings.IndexByte(remaining, '/') repo := pathAfterUser[:i]
action := remaining pathAfterRepo := pathAfterUser[i+1:]
if i != -1 {
action = remaining[:i] if len(pathAfterRepo) == 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
} }
// 优先处理所有 "releases" 相关的下载路径
if strings.HasPrefix(pathAfterRepo, "releases/") {
// 情况 A: "releases/download/..."
if strings.HasPrefix(pathAfterRepo, "releases/download/") {
return user, repo, "releases", nil
}
// 情况 B: "releases/:tag/download/..."
pathAfterReleases := pathAfterRepo[len("releases/"):]
slashIndex := strings.IndexByte(pathAfterReleases, '/')
if slashIndex > 0 { // 确保tag不为空
pathAfterTag := pathAfterReleases[slashIndex+1:]
if strings.HasPrefix(pathAfterTag, "download/") {
return user, repo, "releases", nil
}
}
// 如果不满足上述下载链接的结构, 则为网页浏览路径, 予以拒绝
return "", "", "", NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed")
}
// 检查 "archive/" 路径
if strings.HasPrefix(pathAfterRepo, "archive/") {
// 根据测试用例, archive路径的matcher也应为releases
return user, repo, "releases", nil
}
// 如果不是下载路径, 则解析action并进行分类
i = strings.IndexByte(pathAfterRepo, '/')
action := pathAfterRepo
if i != -1 {
action = pathAfterRepo[:i]
}
var matcher string var matcher string
switch action { switch action {
case "releases", "archive":
matcher = "releases"
case "blob": case "blob":
matcher = "blob" matcher = "blob"
case "raw": case "raw":
@@ -79,59 +116,27 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
// 匹配 "https://raw.githubusercontent.com/" // 匹配 "https://raw.githubusercontent.com/"
if strings.HasPrefix(rawPath, rawPrefix) { if strings.HasPrefix(rawPath, rawPrefix) {
remaining := rawPath[rawPrefixLen:] remaining := rawPath[rawPrefixLen:]
// 这里的逻辑与 github.com 的类似, 需要提取 user, repo, branch, file... parts := strings.SplitN(remaining, "/", 3)
// 我们只需要 user 和 repo if len(parts) < 3 {
i := strings.IndexByte(remaining, '/') return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: path too short")
if i <= 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing user")
} }
user := remaining[:i] return parts[0], parts[1], "raw", nil
remaining = remaining[i+1:]
i = strings.IndexByte(remaining, '/')
if i <= 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing repo")
}
repo := remaining[:i]
// raw 链接至少需要 user/repo/branch 三部分
remaining = remaining[i+1:]
if len(remaining) == 0 {
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing branch/commit")
}
return user, repo, "raw", nil
} }
// 匹配 "https://gist.github.com/" // 匹配 "https://gist.github.com/" 或 "https://gist.githubusercontent.com/"
if strings.HasPrefix(rawPath, gistPrefix) { isGist := strings.HasPrefix(rawPath, gistPrefix)
remaining := rawPath[gistPrefixLen:] if isGist || strings.HasPrefix(rawPath, gistContentPrefix) {
i := strings.IndexByte(remaining, '/') var remaining string
if i <= 0 { if isGist {
// case: https://gist.github.com/user remaining = rawPath[gistPrefixLen:]
// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的 } else {
if len(remaining) > 0 { remaining = rawPath[gistContentPrefixLen:]
return remaining, "", "gist", nil }
} parts := strings.SplitN(remaining, "/", 2)
if len(parts) == 0 || parts[0] == "" {
return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user") return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
} }
// case: https://gist.github.com/user/gist_id... return parts[0], "", "gist", nil
user := remaining[:i]
return user, "", "gist", nil
}
// 匹配 "https://gist.githubusercontent.com/"
if strings.HasPrefix(rawPath, gistContentPrefix) {
remaining := rawPath[gistContentPrefixLen:]
i := strings.IndexByte(remaining, '/')
if i <= 0 {
// case: https://gist.githubusercontent.com/user
// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的
if len(remaining) > 0 {
return remaining, "", "gist", nil
}
return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
}
// case: https://gist.githubusercontent.com/user/gist_id...
user := remaining[:i]
return user, "", "gist", nil
} }
// 匹配 "https://api.github.com/" // 匹配 "https://api.github.com/"
@@ -159,105 +164,6 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
return "", "", "", NewErrorWithStatusLookup(404, "no matcher found for the given path") return "", "", "", NewErrorWithStatusLookup(404, "no matcher found for the given path")
} }
// 原实现
/*
func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
var (
user string
repo string
matcher string
)
// 匹配 "https://github.com"开头的链接
if strings.HasPrefix(rawPath, "https://github.com") {
remainingPath := strings.TrimPrefix(rawPath, "https://github.com")
//if strings.HasPrefix(remainingPath, "/") {
// remainingPath = strings.TrimPrefix(remainingPath, "/")
//}
remainingPath = strings.TrimPrefix(remainingPath, "/")
// 预期格式/user/repo/more...
// 取出user和repo和最后部分
parts := strings.Split(remainingPath, "/")
if len(parts) <= 2 {
errMsg := "Not enough parts in path after matching 'https://github.com*'"
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
}
user = parts[0]
repo = parts[1]
// 匹配 "https://github.com"开头的链接
if len(parts) >= 3 {
switch parts[2] {
case "releases", "archive":
matcher = "releases"
case "blob":
matcher = "blob"
case "raw":
matcher = "raw"
case "info", "git-upload-pack":
matcher = "clone"
default:
errMsg := "Url Matched 'https://github.com*', but didn't match the next matcher"
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
}
}
return user, repo, matcher, nil
}
// 匹配 "https://raw"开头的链接
if strings.HasPrefix(rawPath, "https://raw") {
remainingPath := strings.TrimPrefix(rawPath, "https://")
parts := strings.Split(remainingPath, "/")
if len(parts) <= 3 {
errMsg := "URL after matched 'https://raw*' should have at least 4 parts (user/repo/branch/file)."
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
}
user = parts[1]
repo = parts[2]
matcher = "raw"
return user, repo, matcher, nil
}
// 匹配 "https://gist"开头的链接
if strings.HasPrefix(rawPath, "https://gist") {
remainingPath := strings.TrimPrefix(rawPath, "https://")
parts := strings.Split(remainingPath, "/")
if len(parts) <= 3 {
errMsg := "URL after matched 'https://gist*' should have at least 4 parts (user/gist_id)."
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
}
user = parts[1]
repo = ""
matcher = "gist"
return user, repo, matcher, nil
}
// 匹配 "https://api.github.com/"开头的链接
if strings.HasPrefix(rawPath, "https://api.github.com/") {
matcher = "api"
remainingPath := strings.TrimPrefix(rawPath, "https://api.github.com/")
parts := strings.Split(remainingPath, "/")
if parts[0] == "repos" {
user = parts[1]
repo = parts[2]
}
if parts[0] == "users" {
user = parts[1]
}
if !cfg.Auth.ForceAllowApi {
if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
//return "", "", "", ErrAuthHeaderUnavailable
errMsg := "AuthHeader Unavailable, Need to open header auth to enable api proxy"
return "", "", "", NewErrorWithStatusLookup(403, errMsg)
}
}
return user, repo, matcher, nil
}
//return "", "", "", ErrNotFound
errMsg := "Didn't match any matcher"
return "", "", "", NewErrorWithStatusLookup(404, errMsg)
}
*/
var ( var (
proxyableMatchersMap map[string]struct{} proxyableMatchersMap map[string]struct{}
initMatchersOnce sync.Once initMatchersOnce sync.Once

20
proxy/matcher_test.go
View File

@@ -33,11 +33,29 @@ func TestMatcher_Compatibility(t *testing.T) {
expectedErrCode int expectedErrCode int
}{ }{
{ {
name: "GH Releases Path", name: "GH Releases Path 1",
rawPath: "https://github.com/owner/repo/releases/download/v1.0/asset.zip", rawPath: "https://github.com/owner/repo/releases/download/v1.0/asset.zip",
config: cfgWithAuth, config: cfgWithAuth,
expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases", expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
}, },
{
name: "GH Releases Path 2",
rawPath: "https://github.com/owner/repo/releases/v1.0/download/asset.zip",
config: cfgWithAuth,
expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
},
{
name: "GH Releases Path Page",
rawPath: "https://github.com/owner/repo/releases",
config: cfgWithAuth,
expectError: true, expectedErrCode: 400,
},
{
name: "GH Releases Path Tag Page",
rawPath: "https://github.com/owner/repo/releases/tag/v0.0.1",
config: cfgWithAuth,
expectError: true, expectedErrCode: 400,
},
{ {
name: "GH Archive Path", name: "GH Archive Path",
rawPath: "https://github.com/owner/repo.git/archive/main.zip", rawPath: "https://github.com/owner/repo.git/archive/main.zip",

49
proxy/nest.go
View File

@@ -2,11 +2,12 @@ package proxy
import ( import (
"bufio" "bufio"
"compress/gzip"
"fmt" "fmt"
"ghproxy/config" "ghproxy/config"
"io" "io"
"strings" "strings"
"github.com/infinite-iroha/touka"
) )
func EditorMatcher(rawPath string, cfg *config.Config) (bool, error) { func EditorMatcher(rawPath string, cfg *config.Config) (bool, error) {
@@ -52,21 +53,19 @@ func modifyURL(url string, host string, cfg *config.Config) string {
// 去除url内的https://或http:// // 去除url内的https://或http://
matched, err := EditorMatcher(url, cfg) matched, err := EditorMatcher(url, cfg)
if err != nil { if err != nil {
logDump("Invalid URL: %s", url)
return url return url
} }
if matched { if matched {
var u = url var u = url
u = strings.TrimPrefix(u, "https://") u = strings.TrimPrefix(u, "https://")
u = strings.TrimPrefix(u, "http://") u = strings.TrimPrefix(u, "http://")
logDump("Modified URL: %s", "https://"+host+"/"+u)
return "https://" + host + "/" + u return "https://" + host + "/" + u
} }
return url return url
} }
// processLinks 处理链接,返回包含处理后数据的 io.Reader // processLinks 处理链接,返回包含处理后数据的 io.Reader
func processLinks(input io.ReadCloser, compress string, host string, cfg *config.Config) (readerOut io.Reader, written int64, err error) { func processLinks(input io.ReadCloser, host string, cfg *config.Config, c *touka.Context) (readerOut io.Reader, written int64, err error) {
pipeReader, pipeWriter := io.Pipe() // 创建 io.Pipe pipeReader, pipeWriter := io.Pipe() // 创建 io.Pipe
readerOut = pipeReader readerOut = pipeReader
@@ -75,11 +74,11 @@ func processLinks(input io.ReadCloser, compress string, host string, cfg *config
if pipeWriter != nil { // 确保 pipeWriter 关闭,即使发生错误 if pipeWriter != nil { // 确保 pipeWriter 关闭,即使发生错误
if err != nil { if err != nil {
if closeErr := pipeWriter.CloseWithError(err); closeErr != nil { // 如果有错误,传递错误给 reader if closeErr := pipeWriter.CloseWithError(err); closeErr != nil { // 如果有错误,传递错误给 reader
logError("pipeWriter close with error failed: %v, original error: %v", closeErr, err) c.Errorf("pipeWriter close with error failed: %v, original error: %v", closeErr, err)
} }
} else { } else {
if closeErr := pipeWriter.Close(); closeErr != nil { // 没有错误,正常关闭 if closeErr := pipeWriter.Close(); closeErr != nil { // 没有错误,正常关闭
logError("pipeWriter close failed: %v", closeErr) c.Errorf("pipeWriter close failed: %v", closeErr)
if err == nil { // 如果之前没有错误,记录关闭错误 if err == nil { // 如果之前没有错误,记录关闭错误
err = closeErr err = closeErr
} }
@@ -90,52 +89,23 @@ func processLinks(input io.ReadCloser, compress string, host string, cfg *config
defer func() { defer func() {
if err := input.Close(); err != nil { if err := input.Close(); err != nil {
logError("input close failed: %v", err) c.Errorf("input close failed: %v", err)
} }
}() }()
var bufReader *bufio.Reader var bufReader *bufio.Reader
if compress == "gzip" { bufReader = bufio.NewReader(input)
// 解压gzip
gzipReader, gzipErr := gzip.NewReader(input)
if gzipErr != nil {
err = fmt.Errorf("gzip解压错误: %v", gzipErr)
return // Goroutine 中使用 return 返回错误
}
defer gzipReader.Close()
bufReader = bufio.NewReader(gzipReader)
} else {
bufReader = bufio.NewReader(input)
}
var bufWriter *bufio.Writer var bufWriter *bufio.Writer
var gzipWriter *gzip.Writer
// 根据是否gzip确定 writer 的创建 bufWriter = bufio.NewWriterSize(pipeWriter, 4096) // 使用 pipeWriter
if compress == "gzip" {
gzipWriter = gzip.NewWriter(pipeWriter) // 使用 pipeWriter
bufWriter = bufio.NewWriterSize(gzipWriter, 4096) //设置缓冲区大小
} else {
bufWriter = bufio.NewWriterSize(pipeWriter, 4096) // 使用 pipeWriter
}
//确保writer关闭 //确保writer关闭
defer func() { defer func() {
var closeErr error // 局部变量用于保存defer中可能发生的错误
if gzipWriter != nil {
if closeErr = gzipWriter.Close(); closeErr != nil {
logError("gzipWriter close failed %v", closeErr)
// 如果已经存在错误,则保留。否则,记录此错误。
if err == nil {
err = closeErr
}
}
}
if flushErr := bufWriter.Flush(); flushErr != nil { if flushErr := bufWriter.Flush(); flushErr != nil {
logError("writer flush failed %v", flushErr) c.Errorf("writer flush failed %v", flushErr)
// 如果已经存在错误,则保留。否则,记录此错误。 // 如果已经存在错误,则保留。否则,记录此错误。
if err == nil { if err == nil {
err = flushErr err = flushErr
@@ -156,7 +126,6 @@ func processLinks(input io.ReadCloser, compress string, host string, cfg *config
// 替换所有匹配的 URL // 替换所有匹配的 URL
modifiedLine := urlPattern.ReplaceAllStringFunc(line, func(originalURL string) string { modifiedLine := urlPattern.ReplaceAllStringFunc(line, func(originalURL string) string {
logDump("originalURL: %s", originalURL)
return modifyURL(originalURL, host, cfg) // 假设 modifyURL 函数已定义 return modifyURL(originalURL, host, cfg) // 假设 modifyURL 函数已定义
}) })

20
proxy/reqheader.go
View File

@@ -4,7 +4,7 @@ import (
"ghproxy/config" "ghproxy/config"
"net/http" "net/http"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
var ( var (
@@ -27,6 +27,7 @@ var (
"CDN-Loop": {}, "CDN-Loop": {},
"Upgrade": {}, "Upgrade": {},
"Connection": {}, "Connection": {},
"Accept-Encoding": {},
} }
cloneHeadersToRemove = map[string]struct{}{ cloneHeadersToRemove = map[string]struct{}{
@@ -43,7 +44,7 @@ var (
var ( var (
defaultHeaders = map[string]string{ defaultHeaders = map[string]string{
"Accept": "*/*", "Accept": "*/*",
"Accept-Encoding": "gzip", "Accept-Encoding": "",
"Transfer-Encoding": "chunked", "Transfer-Encoding": "chunked",
"User-Agent": "GHProxy/1.0", "User-Agent": "GHProxy/1.0",
} }
@@ -59,28 +60,19 @@ func copyHeader(dst, src http.Header) {
} }
} }
func setRequestHeaders(c *app.RequestContext, req *http.Request, cfg *config.Config, matcher string) { func setRequestHeaders(c *touka.Context, req *http.Request, cfg *config.Config, matcher string) {
if matcher == "raw" && cfg.Httpc.UseCustomRawHeaders { if matcher == "raw" && cfg.Httpc.UseCustomRawHeaders {
// 使用预定义Header // 使用预定义Header
for key, value := range defaultHeaders { for key, value := range defaultHeaders {
req.Header.Set(key, value) req.Header.Set(key, value)
} }
} else if matcher == "clone" { } else if matcher == "clone" {
copyHeader(req.Header, c.Request.Header)
c.Request.Header.VisitAll(func(key, value []byte) {
headerKey := string(key)
headerValue := string(value)
req.Header.Set(headerKey, headerValue)
})
for key := range cloneHeadersToRemove { for key := range cloneHeadersToRemove {
req.Header.Del(key) req.Header.Del(key)
} }
} else { } else {
c.Request.Header.VisitAll(func(key, value []byte) { copyHeader(req.Header, c.Request.Header)
headerKey := string(key)
headerValue := string(value)
req.Header.Set(headerKey, headerValue)
})
for key := range reqHeadersToRemove { for key := range reqHeadersToRemove {
req.Header.Del(key) req.Header.Del(key)
} }

35
proxy/routing.go
View File

@@ -1,42 +1,38 @@
package proxy package proxy
import ( import (
"context"
"ghproxy/config" "ghproxy/config"
"ghproxy/rate"
"strings" "strings"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc { func RoutingHandler(cfg *config.Config) touka.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) { return func(c *touka.Context) {
var shoudBreak bool var shoudBreak bool
shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
if shoudBreak {
return
}
var ( var (
rawPath string rawPath string
) )
rawPath = strings.TrimPrefix(string(c.Request.RequestURI()), "/") // 去掉前缀/ rawPath = strings.TrimPrefix(c.GetRequestURI(), "/") // 去掉前缀/
var ( var (
user string user string
repo string repo string
matcher string
) )
user = c.Param("user") user = c.Param("user")
repo = c.Param("repo") repo = c.Param("repo")
matcher = c.GetString("matcher") matcher, exists := c.GetString("matcher")
if !exists {
ErrorPage(c, NewErrorWithStatusLookup(500, "Matcher Not Found in Context"))
c.Errorf("Matcher Not Found in Context Path: %s", c.GetRequestURIPath())
return
}
logDump("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) ctx := c.Request.Context()
logDump("%s", c.Request.Header.Header())
shoudBreak = listCheck(cfg, c, user, repo, rawPath) shoudBreak = listCheck(cfg, c, user, repo, rawPath)
if shoudBreak { if shoudBreak {
@@ -48,7 +44,6 @@ func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
return return
} }
// 处理blob/raw路径
// 处理blob/raw路径 // 处理blob/raw路径
if matcher == "blob" { if matcher == "blob" {
rawPath = rawPath[10:] rawPath = rawPath[10:]
@@ -60,8 +55,6 @@ func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
// 为rawpath加入https:// 头 // 为rawpath加入https:// 头
rawPath = "https://" + rawPath rawPath = "https://" + rawPath
logDebug("Matched: %v", matcher)
switch matcher { switch matcher {
case "releases", "blob", "raw", "gist", "api": case "releases", "blob", "raw", "gist", "api":
ChunkedProxyRequest(ctx, c, rawPath, cfg, matcher) ChunkedProxyRequest(ctx, c, rawPath, cfg, matcher)
@@ -69,7 +62,7 @@ func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
GitReq(ctx, c, rawPath, cfg, "git") GitReq(ctx, c, rawPath, cfg, "git")
default: default:
ErrorPage(c, NewErrorWithStatusLookup(500, "Matched But Not Matched")) ErrorPage(c, NewErrorWithStatusLookup(500, "Matched But Not Matched"))
logError("Matched But Not Matched Path: %s rawPath: %s matcher: %s", c.Path(), rawPath, matcher) c.Errorf("Matched But Not Matched Path: %s rawPath: %s matcher: %s", c.GetRequestURIPath(), rawPath, matcher)
return return
} }
} }

42
proxy/utils.go
View File

@@ -4,12 +4,11 @@ import (
"fmt" "fmt"
"ghproxy/auth" "ghproxy/auth"
"ghproxy/config" "ghproxy/config"
"ghproxy/rate"
"github.com/cloudwego/hertz/pkg/app" "github.com/infinite-iroha/touka"
) )
func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo string, rawPath string) bool { func listCheck(cfg *config.Config, c *touka.Context, user string, repo string, rawPath string) bool {
if cfg.Auth.ForceAllowApi && cfg.Auth.ForceAllowApiPassList { if cfg.Auth.ForceAllowApi && cfg.Auth.ForceAllowApiPassList {
return false return false
} }
@@ -18,7 +17,7 @@ func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo stri
whitelist := auth.CheckWhitelist(user, repo) whitelist := auth.CheckWhitelist(user, repo)
if !whitelist { if !whitelist {
ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo))) ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo)))
logInfo("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) c.Infof("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, user, repo)
return true return true
} }
} }
@@ -28,7 +27,7 @@ func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo stri
blacklist := auth.CheckBlacklist(user, repo) blacklist := auth.CheckBlacklist(user, repo)
if blacklist { if blacklist {
ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo))) ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo)))
logInfo("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) c.Infof("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, user, repo)
return true return true
} }
} }
@@ -37,13 +36,13 @@ func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo stri
} }
// 鉴权 // 鉴权
func authCheck(c *app.RequestContext, cfg *config.Config, matcher string, rawPath string) bool { func authCheck(c *touka.Context, cfg *config.Config, matcher string, rawPath string) bool {
var err error var err error
if matcher == "api" && !cfg.Auth.ForceAllowApi { if matcher == "api" && !cfg.Auth.ForceAllowApi {
if cfg.Auth.Method != "header" || !cfg.Auth.Enabled { if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
ErrorPage(c, NewErrorWithStatusLookup(403, "Github API Req without AuthHeader is Not Allowed")) ErrorPage(c, NewErrorWithStatusLookup(403, "Github API Req without AuthHeader is Not Allowed"))
logInfo("%s %s %s AuthHeader Unavailable", c.ClientIP(), c.Method(), rawPath) c.Infof("%s %s %s AuthHeader Unavailable", c.ClientIP(), c.Request.Method, rawPath)
return true return true
} }
} }
@@ -54,34 +53,7 @@ func authCheck(c *app.RequestContext, cfg *config.Config, matcher string, rawPat
authcheck, err = auth.AuthHandler(c, cfg) authcheck, err = auth.AuthHandler(c, cfg)
if !authcheck { if !authcheck {
ErrorPage(c, NewErrorWithStatusLookup(401, fmt.Sprintf("Unauthorized: %v", err))) ErrorPage(c, NewErrorWithStatusLookup(401, fmt.Sprintf("Unauthorized: %v", err)))
logInfo("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), err) c.Infof("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, err)
return true
}
}
return false
}
func rateCheck(cfg *config.Config, c *app.RequestContext, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) bool {
// 限制访问频率
if cfg.RateLimit.Enabled {
var allowed bool
switch cfg.RateLimit.RateMethod {
case "ip":
allowed = iplimiter.Allow(c.ClientIP())
case "total":
allowed = limiter.Allow()
default:
logWarning("Invalid RateLimit Method")
ErrorPage(c, NewErrorWithStatusLookup(500, "Invalid RateLimit Method"))
return true
}
if !allowed {
ErrorPage(c, NewErrorWithStatusLookup(429, fmt.Sprintf("Too Many Requests; Rate Limit is %d per minute", cfg.RateLimit.RatePerMinute)))
logInfo("%s %s %s %s %s 429-TooManyRequests", c.ClientIP(), c.Method(), c.Request.RequestURI(), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol())
return true return true
} }
} }

107
rate/rate.go
View File

@@ -1,107 +0,0 @@
package rate
import (
"sync"
"time"
"github.com/WJQSERVER-STUDIO/logger"
"golang.org/x/time/rate"
)
// 日志模块
var (
logw = logger.Logw
logDump = logger.LogDump
logDebug = logger.LogDebug
logInfo = logger.LogInfo
logWarning = logger.LogWarning
logError = logger.LogError
)
// RateLimiter 总体限流器
type RateLimiter struct {
limiter *rate.Limiter
}
// New 创建一个总体限流器
func New(limit int, burst int, duration time.Duration) *RateLimiter {
if limit <= 0 {
limit = 1
logWarning("rate limit per minute must be positive, setting to 1")
}
if burst <= 0 {
burst = 1
logWarning("rate limit burst must be positive, setting to 1")
}
rateLimit := rate.Limit(float64(limit) / duration.Seconds())
return &RateLimiter{
limiter: rate.NewLimiter(rateLimit, burst),
}
}
// Allow 检查是否允许请求通过
func (rl *RateLimiter) Allow() bool {
return rl.limiter.Allow()
}
// IPRateLimiter 基于IP的限流器
type IPRateLimiter struct {
limiters map[string]*RateLimiter // 用户级限流器 map
mu sync.RWMutex // 保护 limiters map
limit int // 每 duration 时间段内允许的请求数
burst int // 突发请求数
duration time.Duration // 限流周期
}
// NewIPRateLimiter 创建一个基于IP的限流器
func NewIPRateLimiter(ipLimit int, ipBurst int, duration time.Duration) *IPRateLimiter {
if ipLimit <= 0 {
ipLimit = 1
logWarning("IP rate limit per minute must be positive, setting to 1")
}
if ipBurst <= 0 {
ipBurst = 1
logWarning("IP rate limit burst must be positive, setting to 1")
}
logInfo("IP Rate Limiter initialized with limit: %d, burst: %d, duration: %v", ipLimit, ipBurst, duration)
return &IPRateLimiter{
limiters: make(map[string]*RateLimiter),
limit: ipLimit,
burst: ipBurst,
duration: duration,
}
}
// Allow 检查给定IP的请求是否允许通过
func (rl *IPRateLimiter) Allow(ip string) bool {
if ip == "" {
logWarning("empty ip for rate limiting")
return false
}
// 使用读锁快速查找
rl.mu.RLock()
limiter, found := rl.limiters[ip]
rl.mu.RUnlock()
if found {
return limiter.Allow()
}
// 未找到,获取写锁来创建和添加
rl.mu.Lock()
// 双重检查
limiter, found = rl.limiters[ip]
if !found {
newL := New(rl.limit, rl.burst, rl.duration)
rl.limiters[ip] = newL
limiter = newL
}
rl.mu.Unlock()
return limiter.Allow()
}