make it work

为项目增加了一个后台页面, 用于显示IP代理的使用情况统计.

主要包括:
- 新增 `backend` 目录, 包含 `index.html` 和 `script.js` 文件, 用于展示统计数据.
- 在 `main.go` 中增加了 `setBackendRoute` 函数, 用于提供后台页面的路由.
- 将后台页面路由设置为 `/admin`.

注意: 当前代码存在编译错误, 因为无法确定 `ipfilter.NewIPFilter` 的正确返回类型. 错误信息为 `undefined: ipfilter.IPFilter`. 提交此代码是为了让用户能够检查问题.

.github/workflows/build-dev.yml

@@ -46,7 +46,7 @@ jobs:
         goarch: [amd64, arm64]
     env:
       OUTPUT_BINARY: ghproxy
-      GO_VERSION: 1.24
+      GO_VERSION: 1.25
 
     steps:
       - uses: actions/checkout@v4

.github/workflows/build.yml

@@ -47,7 +47,7 @@ jobs:
         goarch: [amd64, arm64]
     env:
       OUTPUT_BINARY: ghproxy
-      GO_VERSION: 1.24
+      GO_VERSION: 1.25
 
     steps:
       - uses: actions/checkout@v3

.gitignore

@@ -1,5 +1,6 @@
 demo
 demo.toml
+demo.wanf
 *.log
 *.bak
 list.json

CHANGELOG.md

@@ -1,5 +1,53 @@
 # 更新日志
 
+4.3.3 - 2025-09-10
+---
+- CHANGE: 增强对[wanf](https://github.com/WJQSERVER/wanf)的支持
+- CHANGE: 更新包括Touka框架在内的各个依赖版本
+
+4.3.2 - 2025-08-20
+---
+- FIX: 修正`cfg.Pages.StaticDir`为空时的处置
+
+4.3.1 - 2025-08-13
+---
+- CHANGE: 更新至[Go 1.25](https://tip.golang.org/doc/go1.25)
+
+4.3.0 - 2025-08-11
+---
+- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
+- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
+- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
+
+4.3.0-rc.0 - 2025-08-11
+---
+- PRE-RELEASE: v4.3.0-rc.0是v4.3.0发布版本,请勿在生产环境中使用;
+- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
+- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
+- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
+
+4.2.7 - 2025-08-04
+---
+- CHANGE: 在OCI镜像(docker)代理部分增加特殊处理, 保证可用性 参看[#159](https://github.com/WJQSERVER-STUDIO/ghproxy/issues/159)
+- CHANGE: 更新Touka框架, 同步解决部分日志过多问题
+
+4.2.6 - 2025-08-01
+---
+- CHANGE: 修正匹配器
+
+4.2.5 - 2025-07-31
+---
+- CHANGE: 进一步完善匹配器, 兼容更多情况
+
+4.2.4 - 2025-07-29
+---
+- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
+
+4.2.4-rc.0 - 2025-07-29
+---
+- PRE-RELEASE: v4.2.4-rc.0是v4.2.4预发布版本,请勿在生产环境中使用;
+- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
+
 4.2.3 - 2025-07-27
 ---
 - CHANGE: 改进错误页面加载器, 避免在选择`external`模式时错误页面渲染回退到json输出

DEV-VERSION

@@ -1 +1 @@
-4.2.3-rc.0
+4.3.0-rc.0

VERSION

@@ -1 +1 @@
-4.2.3
+4.3.3

api/api.go

@@ -3,6 +3,7 @@ package api
 import (
 	"ghproxy/config"
 	"ghproxy/middleware/nocache"
+	"ghproxy/stats"
 
 	"github.com/infinite-iroha/touka"
 )
@@ -46,9 +47,17 @@ func InitHandleRouter(cfg *config.Config, r *touka.Engine, version string) {
 		apiRouter.GET("/oci_proxy/status", func(c *touka.Context) {
 			ociProxyStatusHandler(cfg, c)
 		})
+		apiRouter.GET("/stats", func(c *touka.Context) {
+			StatsHandler(c)
+		})
 	}
 }
 
+func StatsHandler(c *touka.Context) {
+	c.SetHeader("Content-Type", "application/json")
+	c.JSON(200, stats.GetStats())
+}
+
 func SizeLimitHandler(cfg *config.Config, c *touka.Context) {
 	sizeLimit := cfg.Server.SizeLimit
 	c.SetHeader("Content-Type", "application/json")

backend/index.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="zh">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>后台统计</title>
+    <link rel="stylesheet" href="/bootstrap.min.css">
+</head>
+<body>
+    <div class="container mt-5">
+        <h1>IP 代理使用情况统计</h1>
+        <table class="table table-striped table-bordered mt-4">
+            <thead>
+                <tr>
+                    <th>IP 地址</th>
+                    <th>调用次数</th>
+                    <th>总流量 (bytes)</th>
+                    <th>最后调用时间</th>
+                </tr>
+            </thead>
+            <tbody id="stats-table-body">
+                <!-- 数据将由 script.js 动态填充 -->
+            </tbody>
+        </table>
+    </div>
+    <script src="script.js"></script>
+</body>
+</html>

backend/script.js

@@ -0,0 +1,36 @@
+document.addEventListener('DOMContentLoaded', function() {
+    fetch('/api/stats')
+        .then(response => response.json())
+        .then(data => {
+            const tableBody = document.getElementById('stats-table-body');
+            tableBody.innerHTML = ''; // 清空现有内容
+
+            for (const ip in data) {
+                const stats = data[ip];
+                const row = document.createElement('tr');
+
+                const ipCell = document.createElement('td');
+                ipCell.textContent = stats.ip;
+                row.appendChild(ipCell);
+
+                const callCountCell = document.createElement('td');
+                callCountCell.textContent = stats.call_count;
+                row.appendChild(callCountCell);
+
+                const transferredCell = document.createElement('td');
+                transferredCell.textContent = stats.total_transferred;
+                row.appendChild(transferredCell);
+
+                const lastCalledCell = document.createElement('td');
+                lastCalledCell.textContent = new Date(stats.last_called).toLocaleString();
+                row.appendChild(lastCalledCell);
+
+                tableBody.appendChild(row);
+            }
+        })
+        .catch(error => {
+            console.error('获取统计数据时出错:', error);
+            const tableBody = document.getElementById('stats-table-body');
+            tableBody.innerHTML = '<tr><td colspan="4" class="text-center">加载统计数据失败</td></tr>';
+        });
+});

config/config.go

@@ -1,25 +1,31 @@
 package config
 
 import (
+	"fmt"
 	"os"
+	"path/filepath"
+	"strings"
 
 	"github.com/BurntSushi/toml"
+
+	"github.com/WJQSERVER/wanf"
 )
 
+// Config 结构体定义了整个应用程序的配置
 type Config struct {
-	Server    ServerConfig    `toml:"server"`
-	Httpc     HttpcConfig     `toml:"httpc"`
-	GitClone  GitCloneConfig  `toml:"gitclone"`
-	Shell     ShellConfig     `toml:"shell"`
-	Pages     PagesConfig     `toml:"pages"`
-	Log       LogConfig       `toml:"log"`
-	Auth      AuthConfig      `toml:"auth"`
-	Blacklist BlacklistConfig `toml:"blacklist"`
-	Whitelist WhitelistConfig `toml:"whitelist"`
-	IPFilter  IPFilterConfig  `toml:"ipFilter"`
-	RateLimit RateLimitConfig `toml:"rateLimit"`
-	Outbound  OutboundConfig  `toml:"outbound"`
-	Docker    DockerConfig    `toml:"docker"`
+	Server    ServerConfig    `toml:"server" wanf:"server"`
+	Httpc     HttpcConfig     `toml:"httpc" wanf:"httpc"`
+	GitClone  GitCloneConfig  `toml:"gitclone" wanf:"gitclone"`
+	Shell     ShellConfig     `toml:"shell" wanf:"shell"`
+	Pages     PagesConfig     `toml:"pages" wanf:"pages"`
+	Log       LogConfig       `toml:"log" wanf:"log"`
+	Auth      AuthConfig      `toml:"auth" wanf:"auth"`
+	Blacklist BlacklistConfig `toml:"blacklist" wanf:"blacklist"`
+	Whitelist WhitelistConfig `toml:"whitelist" wanf:"whitelist"`
+	IPFilter  IPFilterConfig  `toml:"ipFilter" wanf:"ipFilter"`
+	RateLimit RateLimitConfig `toml:"rateLimit" wanf:"rateLimit"`
+	Outbound  OutboundConfig  `toml:"outbound" wanf:"outbound"`
+	Docker    DockerConfig    `toml:"docker" wanf:"docker"`
 }
 
 /*
@@ -32,13 +38,14 @@ cors = "*" # "*"/"" -> "*" ; "nil" -> "" ;
 debug = false
 */
 
+// ServerConfig 定义服务器相关的配置
 type ServerConfig struct {
-	Port      int    `toml:"port"`
-	Host      string `toml:"host"`
-	SizeLimit int    `toml:"sizeLimit"`
-	MemLimit  int64  `toml:"memLimit"`
-	Cors      string `toml:"cors"`
-	Debug     bool   `toml:"debug"`
+	Port      int    `toml:"port" wanf:"port"`
+	Host      string `toml:"host" wanf:"host"`
+	SizeLimit int    `toml:"sizeLimit" wanf:"sizeLimit"`
+	MemLimit  int64  `toml:"memLimit" wanf:"memLimit"`
+	Cors      string `toml:"cors" wanf:"cors"`
+	Debug     bool   `toml:"debug" wanf:"debug"`
 }
 
 /*
@@ -49,12 +56,13 @@ maxIdleConnsPerHost = 60 # only for advanced mode
 maxConnsPerHost = 0 # only for advanced mode
 useCustomRawHeaders = false
 */
+// HttpcConfig 定义 HTTP 客户端相关的配置
 type HttpcConfig struct {
-	Mode                string `toml:"mode"`
-	MaxIdleConns        int    `toml:"maxIdleConns"`
-	MaxIdleConnsPerHost int    `toml:"maxIdleConnsPerHost"`
-	MaxConnsPerHost     int    `toml:"maxConnsPerHost"`
-	UseCustomRawHeaders bool   `toml:"useCustomRawHeaders"`
+	Mode                string `toml:"mode" wanf:"mode"`
+	MaxIdleConns        int    `toml:"maxIdleConns" wanf:"maxIdleConns"`
+	MaxIdleConnsPerHost int    `toml:"maxIdleConnsPerHost" wanf:"maxIdleConnsPerHost"`
+	MaxConnsPerHost     int    `toml:"maxConnsPerHost" wanf:"maxConnsPerHost"`
+	UseCustomRawHeaders bool   `toml:"useCustomRawHeaders" wanf:"useCustomRawHeaders"`
 }
 
 /*
@@ -64,11 +72,12 @@ smartGitAddr = "http://127.0.0.1:8080"
 //cacheTimeout = 10
 ForceH2C = true
 */
+// GitCloneConfig 定义 Git 克隆相关的配置
 type GitCloneConfig struct {
-	Mode         string `toml:"mode"`
-	SmartGitAddr string `toml:"smartGitAddr"`
+	Mode         string `toml:"mode" wanf:"mode"`
+	SmartGitAddr string `toml:"smartGitAddr" wanf:"smartGitAddr"`
 	//CacheTimeout int    `toml:"cacheTimeout"`
-	ForceH2C bool `toml:"ForceH2C"`
+	ForceH2C bool `toml:"ForceH2C" wanf:"ForceH2C"`
 }
 
 /*
@@ -76,9 +85,10 @@ type GitCloneConfig struct {
 editor = true
 rewriteAPI = false
 */
+// ShellConfig 定义 Shell 相关的配置
 type ShellConfig struct {
-	Editor     bool `toml:"editor"`
-	RewriteAPI bool `toml:"rewriteAPI"`
+	Editor     bool `toml:"editor" wanf:"editor"`
+	RewriteAPI bool `toml:"rewriteAPI" wanf:"rewriteAPI"`
 }
 
 /*
@@ -87,16 +97,18 @@ mode = "internal" # "internal" or "external"
 theme = "bootstrap" # "bootstrap" or "nebula"
 staticDir = "/data/www"
 */
+// PagesConfig 定义静态页面相关的配置
 type PagesConfig struct {
-	Mode      string `toml:"mode"`
-	Theme     string `toml:"theme"`
-	StaticDir string `toml:"staticDir"`
+	Mode      string `toml:"mode" wanf:"mode"`
+	Theme     string `toml:"theme" wanf:"theme"`
+	StaticDir string `toml:"staticDir" wanf:"staticDir"`
 }
 
+// LogConfig 定义日志相关的配置
 type LogConfig struct {
-	LogFilePath string `toml:"logFilePath"`
-	MaxLogSize  int64  `toml:"maxLogSize"`
-	Level       string `toml:"level"`
+	LogFilePath string `toml:"logFilePath" wanf:"logFilePath"`
+	MaxLogSize  int64  `toml:"maxLogSize" wanf:"maxLogSize"`
+	Level       string `toml:"level" wanf:"level"`
 }
 
 /*
@@ -109,31 +121,35 @@ passThrough = false
 ForceAllowApi = false
 ForceAllowApiPassList = false
 */
+// AuthConfig 定义认证相关的配置
 type AuthConfig struct {
-	Enabled               bool   `toml:"enabled"`
-	Method                string `toml:"method"`
-	Key                   string `toml:"key"`
-	Token                 string `toml:"token"`
-	PassThrough           bool   `toml:"passThrough"`
-	ForceAllowApi         bool   `toml:"ForceAllowApi"`
-	ForceAllowApiPassList bool   `toml:"ForceAllowApiPassList"`
+	Enabled               bool   `toml:"enabled" wanf:"enabled"`
+	Method                string `toml:"method" wanf:"method"`
+	Key                   string `toml:"key" wanf:"key"`
+	Token                 string `toml:"token" wanf:"token"`
+	PassThrough           bool   `toml:"passThrough" wanf:"passThrough"`
+	ForceAllowApi         bool   `toml:"ForceAllowApi" wanf:"ForceAllowApi"`
+	ForceAllowApiPassList bool   `toml:"ForceAllowApiPassList" wanf:"ForceAllowApiPassList"`
 }
 
+// BlacklistConfig 定义黑名单相关的配置
 type BlacklistConfig struct {
-	Enabled       bool   `toml:"enabled"`
-	BlacklistFile string `toml:"blacklistFile"`
+	Enabled       bool   `toml:"enabled" wanf:"enabled"`
+	BlacklistFile string `toml:"blacklistFile" wanf:"blacklistFile"`
 }
 
+// WhitelistConfig 定义白名单相关的配置
 type WhitelistConfig struct {
-	Enabled       bool   `toml:"enabled"`
-	WhitelistFile string `toml:"whitelistFile"`
+	Enabled       bool   `toml:"enabled" wanf:"enabled"`
+	WhitelistFile string `toml:"whitelistFile" wanf:"whitelistFile"`
 }
 
+// IPFilterConfig 定义 IP 过滤相关的配置
 type IPFilterConfig struct {
-	Enabled         bool   `toml:"enabled"`
-	EnableAllowList bool   `toml:"enableAllowList"`
-	EnableBlockList bool   `toml:"enableBlockList"`
-	IPFilterFile    string `toml:"ipFilterFile"`
+	Enabled         bool   `toml:"enabled" wanf:"enabled"`
+	EnableAllowList bool   `toml:"enableAllowList" wanf:"enableAllowList"`
+	EnableBlockList bool   `toml:"enableBlockList" wanf:"enableBlockList"`
+	IPFilterFile    string `toml:"ipFilterFile" wanf:"ipFilterFile"`
 }
 
 /*
@@ -150,19 +166,21 @@ burst = 10
 	singleBurst = "10mbps"
 */
 
+// RateLimitConfig 定义限速相关的配置
 type RateLimitConfig struct {
-	Enabled        bool `toml:"enabled"`
-	RatePerMinute  int  `toml:"ratePerMinute"`
-	Burst          int  `toml:"burst"`
-	BandwidthLimit BandwidthLimitConfig
+	Enabled        bool                 `toml:"enabled" wanf:"enabled"`
+	RatePerMinute  int                  `toml:"ratePerMinute" wanf:"ratePerMinute"`
+	Burst          int                  `toml:"burst" wanf:"burst"`
+	BandwidthLimit BandwidthLimitConfig `toml:"bandwidthLimit" wanf:"bandwidthLimit"`
 }
 
+// BandwidthLimitConfig 定义带宽限制相关的配置
 type BandwidthLimitConfig struct {
-	Enabled     bool   `toml:"enabled"`
-	TotalLimit  string `toml:"totalLimit"`
-	TotalBurst  string `toml:"totalBurst"`
-	SingleLimit string `toml:"singleLimit"`
-	SingleBurst string `toml:"singleBurst"`
+	Enabled     bool   `toml:"enabled" wanf:"enabled"`
+	TotalLimit  string `toml:"totalLimit" wanf:"totalLimit"`
+	TotalBurst  string `toml:"totalBurst" wanf:"totalBurst"`
+	SingleLimit string `toml:"singleLimit" wanf:"singleLimit"`
+	SingleBurst string `toml:"singleBurst" wanf:"singleBurst"`
 }
 
 /*
@@ -170,9 +188,10 @@ type BandwidthLimitConfig struct {
 enabled = false
 url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
 */
+// OutboundConfig 定义出站代理相关的配置
 type OutboundConfig struct {
-	Enabled bool   `toml:"enabled"`
-	Url     string `toml:"url"`
+	Enabled bool   `toml:"enabled" wanf:"enabled"`
+	Url     string `toml:"url" wanf:"url"`
 }
 
 /*
@@ -184,17 +203,19 @@ auth = false
 user1 = "testpass"
 test = "test123"
 */
+// DockerConfig 定义 Docker 相关的配置
 type DockerConfig struct {
-	Enabled         bool              `toml:"enabled"`
-	Target          string            `toml:"target"`
-	Auth            bool              `toml:"auth"`
-	Credentials     map[string]string `toml:"credentials"`
-	AuthPassThrough bool              `toml:"authPassThrough"`
+	Enabled         bool              `toml:"enabled" wanf:"enabled"`
+	Target          string            `toml:"target" wanf:"target"`
+	Auth            bool              `toml:"auth" wanf:"auth"`
+	Credentials     map[string]string `toml:"credentials" wanf:"credentials"`
+	AuthPassThrough bool              `toml:"authPassThrough" wanf:"authPassThrough"`
 }
 
-// LoadConfig 从 TOML 配置文件加载配置
+// LoadConfig 从配置文件加载配置
 func LoadConfig(filePath string) (*Config, error) {
-	if !FileExists(filePath) {
+	exist, filePath2read := FileExists(filePath)
+	if !exist {
 		// 楔入配置文件
 		err := DefaultConfig().WriteConfig(filePath)
 		if err != nil {
@@ -202,15 +223,22 @@ func LoadConfig(filePath string) (*Config, error) {
 		}
 		return DefaultConfig(), nil
 	}
-
 	var config Config
-	if _, err := toml.DecodeFile(filePath, &config); err != nil {
+	ext := filepath.Ext(filePath2read)
+	if ext == ".wanf" {
+		if err := wanf.DecodeFile(filePath2read, &config); err != nil {
+			return nil, err
+		}
+		return &config, nil
+	}
+
+	if _, err := toml.DecodeFile(filePath2read, &config); err != nil {
 		return nil, err
 	}
 	return &config, nil
 }
 
-// 写入配置文件
+// WriteConfig 写入配置文件
 func (c *Config) WriteConfig(filePath string) error {
 	file, err := os.Create(filePath)
 	if err != nil {
@@ -218,17 +246,54 @@ func (c *Config) WriteConfig(filePath string) error {
 	}
 	defer file.Close()
 
+	ext := filepath.Ext(filePath)
+	if ext == ".wanf" {
+		err := wanf.NewStreamEncoder(file).Encode(c)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
 	encoder := toml.NewEncoder(file)
 	return encoder.Encode(c)
 }
 
-// 检测文件是否存在
-func FileExists(filename string) bool {
+// FileExists 检测文件是否存在
+func FileExists(filename string) (bool, string) {
 	_, err := os.Stat(filename)
-	return !os.IsNotExist(err)
+	if err == nil {
+		return true, filename
+	}
+	if os.IsNotExist(err) {
+		// 获取文件名（不包含路径）
+		base := filepath.Base(filename)
+		dir := filepath.Dir(filename)
+
+		// 获取扩展名
+		fileNameBody := strings.TrimSuffix(base, filepath.Ext(base))
+
+		// 重新组合路径, 扩展名改为.wanf, 确认是否存在
+		wanfFilename := filepath.Join(dir, fileNameBody+".wanf")
+
+		_, err = os.Stat(wanfFilename)
+		if err == nil {
+			// .wanf 文件存在
+			fmt.Printf("\n Found .wanf file: %s\n", wanfFilename)
+			return true, wanfFilename
+		} else if os.IsNotExist(err) {
+			// .wanf 文件不存在
+			return false, ""
+		} else {
+			// 其他错误
+			return false, ""
+		}
+	} else {
+		return false, filename
+	}
 }
 
-// 默认配置结构体
+// DefaultConfig 返回默认配置结构体
 func DefaultConfig() *Config {
 	return &Config{
 		Server: ServerConfig{

config/config.toml

@@ -25,10 +25,10 @@ rewriteAPI = false
 [pages]
 mode = "internal" # "internal" or "external"
 theme = "bootstrap" # "bootstrap" or "nebula"
-staticDir = "/data/www" 
+staticDir = "pages"
 
 [log]
-logFilePath = "/data/ghproxy/log/ghproxy.log" 
+logFilePath = "ghproxy.log"
 maxLogSize = 5 # MB
 level = "info" # debug, info, warn, error, none
 
@@ -42,18 +42,18 @@ ForceAllowApi = false
 ForceAllowApiPassList = false
 
 [blacklist]
-blacklistFile = "/data/ghproxy/config/blacklist.json"
+blacklistFile = "blacklist.json"
 enabled = false
 
 [whitelist]
 enabled = false
-whitelistFile = "/data/ghproxy/config/whitelist.json"
+whitelistFile = "whitelist.json"
 
 [ipFilter]
 enabled = false
 enableAllowList = false
 enableBlockList = false
-ipFilterFile = "/data/ghproxy/config/ipfilter.json"
+ipFilterFile = "ipfilter.json"
 
 [rateLimit]
 enabled = false

go.mod

@@ -1,29 +1,27 @@
 module ghproxy
 
-go 1.24.5
+go 1.25.1
 
 require (
 	github.com/BurntSushi/toml v1.5.0
-	github.com/WJQSERVER-STUDIO/httpc v0.8.1
-	golang.org/x/net v0.42.0
-	golang.org/x/time v0.12.0
+	github.com/WJQSERVER-STUDIO/httpc v0.8.2
+	golang.org/x/net v0.44.0
+	golang.org/x/time v0.13.0
 )
 
 require (
 	github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2
 	github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2
+	github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee
 	github.com/fenthope/bauth v0.0.1
 	github.com/fenthope/ikumi v0.0.2
 	github.com/fenthope/ipfilter v0.0.1
-	github.com/fenthope/reco v0.0.3
-	github.com/fenthope/record v0.0.3
-	github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d
+	github.com/fenthope/reco v0.0.4
+	github.com/fenthope/record v0.0.4
+	github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b
 	github.com/hashicorp/golang-lru/v2 v2.0.7
-	github.com/infinite-iroha/touka v0.3.3
+	github.com/infinite-iroha/touka v0.3.8
 	github.com/wjqserver/modembed v0.0.1
 )
 
-require (
-	github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6 // indirect
-	github.com/valyala/bytebufferpool v1.0.0 // indirect
-)
+require github.com/valyala/bytebufferpool v1.0.0 // indirect

go.sum

@@ -1,34 +1,34 @@
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
-github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6 h1:/50VJYXd6jcu+p5BnEBDyiX0nAyGxas1W3DCnrYMxMY=
-github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6/go.mod h1:FZ6XE+4TKy4MOfX1xWKe6Rwsg0ucYFCdNh1KLvyKTfc=
 github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2 h1:AiIHXP21LpK7pFfqUlUstgQEWzjbekZgxOuvVwiMfyM=
 github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2/go.mod h1:mCLqYU32bTmEE6dpj37MKKiZgz70Jh/xyK9vVbq6pok=
 github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 h1:8bBkKk6E2Zr+I5szL7gyc5f0DK8N9agIJCpM1Cqw2NE=
 github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2/go.mod h1:yPX8xuZH+py7eLJwOYj3VVI/4/Yuy5+x8Mhq8qezcPg=
-github.com/WJQSERVER-STUDIO/httpc v0.8.1 h1:/eG8aYKL3WfQILIRbG+cbzQjPkNHEPTqfGUdQS5rtI4=
-github.com/WJQSERVER-STUDIO/httpc v0.8.1/go.mod h1:mxXBf2hqbQGNHkVy/7wfU7Xi2s09MyZpbY2hyR+4uD4=
+github.com/WJQSERVER-STUDIO/httpc v0.8.2 h1:PFPLodV0QAfGEP6915J57vIqoKu9cGuuiXG/7C9TNUk=
+github.com/WJQSERVER-STUDIO/httpc v0.8.2/go.mod h1:8WhHVRO+olDFBSvL5PC/bdMkb6U3vRdPJ4p4pnguV5Y=
+github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee h1:tJ31DNBn6UhWkk8fiikAQWqULODM+yBcGAEar1tzdZc=
+github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee/go.mod h1:q2Pyg+G+s1acMWxrbI4CwS/Yk76/BzLREEdZ8iFwUNE=
 github.com/fenthope/bauth v0.0.1 h1:+4UIQshGx3mYD4L3f2S4MLZOi5PWU7fU5GK3wsZvwzE=
 github.com/fenthope/bauth v0.0.1/go.mod h1:1fveTpgfR1p+WXQ8MXm9BfBCeNYi55j23jxCOGOvBSA=
 github.com/fenthope/ikumi v0.0.2 h1:5oaSTf/Msp7M2O3o/X20omKWEQbFhX4KV0CVF21oCdk=
 github.com/fenthope/ikumi v0.0.2/go.mod h1:IYbxzOGndZv/yRrbVMyV6dxh06X2wXCbfxrTRM1IruU=
 github.com/fenthope/ipfilter v0.0.1 h1:HrYAyixCMvsDAz36GRyFfyCNtrgYwzrhMcY0XV7fGcM=
 github.com/fenthope/ipfilter v0.0.1/go.mod h1:QfY0GrpG0D82HROgdH4c9eog4js42ghLIfl/iM4MvvY=
-github.com/fenthope/reco v0.0.3 h1:RmnQ0D9a8PWtwOODawitTe4BztTnS9wYwrDbipISNq4=
-github.com/fenthope/reco v0.0.3/go.mod h1:mDkGLHte5udWTIcjQTxrABRcf56SSdxBOCLgrRDwI/Y=
-github.com/fenthope/record v0.0.3 h1:v5urgs5LAkLMlljAT/MjW8fWuRHXPnAraTem5ui7rm4=
-github.com/fenthope/record v0.0.3/go.mod h1:KFEkSc4TDZ3QIhP/wglD32uYVA6X1OUcripiao1DEE4=
-github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d h1:+d6m5Bjvv0/RJct1VcOw2P5bvBOGjENmxORJYnSYDow=
-github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
+github.com/fenthope/reco v0.0.4 h1:yo2g3aWwdoMpaZWZX4SdZOW7mCK82RQIU/YI8ZUQThM=
+github.com/fenthope/reco v0.0.4/go.mod h1:eMyS8HpdMVdJ/2WJt6Cvt8P1EH9Igzj5lSJrgc+0jeg=
+github.com/fenthope/record v0.0.4 h1:/1JHNCxiXGLL/qCh4LEGaAvhj4CcKsb6siTxjLmjdO4=
+github.com/fenthope/record v0.0.4/go.mod h1:G0a6KCiCDyX2SsC3nfzSN651fJKxH482AyJvzlnvAJU=
+github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b h1:6Q4zRHXS/YLOl9Ng1b1OOOBWMidAQZR3Gel0UKPC/KU=
+github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
-github.com/infinite-iroha/touka v0.3.3 h1:6Vy36bYjtbGKaBNiZBRcTne9Lcx8QTE6rpHqyMb3oiA=
-github.com/infinite-iroha/touka v0.3.3/go.mod h1:9Y/MWlvlBL/8cqA+2ZUsnBr4h3f7yo3nOxsegIcBduw=
+github.com/infinite-iroha/touka v0.3.8 h1:BK7+hwk5s5SpRFjFKIPe5CzZNzjP36kLHkM/HX6SU38=
+github.com/infinite-iroha/touka v0.3.8/go.mod h1:uwkF1gTrNEgQ4P/Gwtk6WLbERehq3lzB8x1FMedyrfE=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/wjqserver/modembed v0.0.1 h1:8ZDz7t9M5DLrUFlYgBUUmrMzxWsZPmHvOazkr/T2jEs=
 github.com/wjqserver/modembed v0.0.1/go.mod h1:sYbQJMAjSBsdYQrUsuHY380XXE1CuRh8g9yyCztTXOQ=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
+golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=

main.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"os"
 	"runtime/debug"
+	"strings"
 	"time"
 
 	"ghproxy/api"
@@ -46,6 +47,8 @@ var (
 var (
 	//go:embed pages/*
 	pagesFS embed.FS
+	//go:embed backend/*
+	backendFS embed.FS
 )
 
 var (
@@ -233,8 +236,18 @@ func setupPages(cfg *config.Config, r *touka.Engine) {
 		}
 
 	case "external":
-		r.SetUnMatchFS(http.Dir(cfg.Pages.StaticDir))
-
+		if cfg.Pages.StaticDir == "" {
+			logger.Errorf("Pages Mode is 'external' but StaticDir is empty. Using embedded pages instead.")
+			err := setInternalRoute(cfg, r)
+			if err != nil {
+				logger.Errorf("Failed to load embedded pages: %s", err)
+				fmt.Printf("Failed to load embedded pages: %s", err)
+				os.Exit(1)
+			}
+		} else {
+			extPageFS := os.DirFS(cfg.Pages.StaticDir)
+			r.SetUnMatchFS(http.FS(extPageFS))
+		}
 	default:
 		// 处理无效的Pages Mode
 		logger.Warnf("Invalid Pages Mode: %s, using default embedded theme", cfg.Pages.Mode)
@@ -331,6 +344,7 @@ func main() {
 	}
 
 	r := touka.Default()
+	var err error
 	r.SetProtocols(&touka.ProtocolsConfig{
 		Http1:           true,
 		Http2_Cleartext: true,
@@ -369,8 +383,8 @@ func main() {
 	}
 
 	if cfg.IPFilter.Enabled {
-		var err error
-		ipAllowList, ipBlockList, err := auth.ReadIPFilterList(cfg)
+		var ipAllowList, ipBlockList []string
+		ipAllowList, ipBlockList, err = auth.ReadIPFilterList(cfg)
 		if err != nil {
 			fmt.Printf("Failed to read IP filter list: %v\n", err)
 			logger.Errorf("Failed to read IP filter list: %v", err)
@@ -392,11 +406,43 @@ func main() {
 	}
 	setupApi(cfg, r, version)
 	setupPages(cfg, r)
+	setBackendRoute(r)
 	r.SetRedirectTrailingSlash(false)
 
 	r.GET("/github.com/:user/:repo/releases/*filepath", func(c *touka.Context) {
-		c.Set("matcher", "releases")
-		proxy.RoutingHandler(cfg)(c)
+		// 规范化路径: 移除前导斜杠, 简化后续处理
+		filepath := c.Param("filepath")
+		if len(filepath) > 0 && filepath[0] == '/' {
+			filepath = filepath[1:]
+		}
+
+		isValidDownload := false
+
+		// 检查两种合法的下载链接格式
+		// 情况 A: "download/..."
+		if strings.HasPrefix(filepath, "download/") {
+			isValidDownload = true
+		} else {
+			// 情况 B: ":tag/download/..."
+			slashIndex := strings.IndexByte(filepath, '/')
+			// 确保 tag 部分存在 (slashIndex > 0)
+			if slashIndex > 0 {
+				pathAfterTag := filepath[slashIndex+1:]
+				if strings.HasPrefix(pathAfterTag, "download/") {
+					isValidDownload = true
+				}
+			}
+		}
+
+		// 根据匹配结果执行最终操作
+		if isValidDownload {
+			c.Set("matcher", "releases")
+			proxy.RoutingHandler(cfg)(c)
+		} else {
+			// 任何不符合下载链接格式的 'releases' 路径都被视为浏览页面并拒绝
+			proxy.ErrorPage(c, proxy.NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed"))
+			return
+		}
 	})
 
 	r.GET("/github.com/:user/:repo/archive/*filepath", func(c *touka.Context) {
@@ -442,20 +488,11 @@ func main() {
 		proxy.RoutingHandler(cfg)(c)
 	})
 
-	r.GET("/v2/",
+	r.ANY("/v2/*path",
 		r.UseIf(cfg.Docker.Auth, func() touka.HandlerFunc {
 			return bauth.BasicAuthForStatic(cfg.Docker.Credentials, "GHProxy Docker Proxy")
 		}),
-		func(c *touka.Context) {
-			emptyJSON := "{}"
-			c.Header("Content-Type", "application/json")
-			c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
-
-			c.Header("Docker-Distribution-API-Version", "registry/2.0")
-
-			c.Status(200)
-			c.Writer.Write([]byte(emptyJSON))
-		},
+		proxy.OciWithImageRouting(cfg),
 	)
 
 	r.GET("/v2", func(c *touka.Context) {
@@ -463,10 +500,6 @@ func main() {
 		c.Redirect(http.StatusMovedPermanently, "/v2/")
 	})
 
-	r.ANY("/v2/:target/:user/:repo/*filepath", func(c *touka.Context) {
-		proxy.GhcrWithImageRouting(cfg)(c)
-	})
-
 	r.NoRoute(func(c *touka.Context) {
 		proxy.NoRouteHandler(cfg)(c)
 	})
@@ -488,7 +521,7 @@ func main() {
 	defer logger.Close()
 
 	addr := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
-	err := r.RunShutdown(addr)
+	err = r.RunShutdown(addr)
 	if err != nil {
 		logger.Errorf("Server Run Error: %v", err)
 		fmt.Printf("Server Run Error: %v\n", err)
@@ -496,3 +529,15 @@ func main() {
 
 	fmt.Println("Program Exit")
 }
+
+func setBackendRoute(r *touka.Engine) {
+
+	backend, err := fs.Sub(backendFS, "backend")
+	if err != nil {
+		logger.Errorf("Failed to load embedded backend pages: %s", err)
+		fmt.Printf("Failed to load embedded backend pages: %s", err)
+		os.Exit(1)
+	}
+
+	r.StaticFS("/backend", http.FS(backend))
+}

proxy/chunkreq.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"ghproxy/config"
+	"ghproxy/stats"
 	"io"
 	"net/http"
 	"strconv"
@@ -124,7 +125,11 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
 		bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
 	}
 
-	defer bodyReader.Close()
+	countingReader := NewCountingReader(bodyReader)
+	defer countingReader.Close()
+	defer func() {
+		stats.Record(c.ClientIP(), countingReader.BytesRead())
+	}()
 
 	if MatcherShell(u) && matchString(matcher) && cfg.Shell.Editor {
 		// 判断body是不是gzip
@@ -138,7 +143,7 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
 
 		var reader io.Reader
 
-		reader, _, err = processLinks(bodyReader, compress, c.Request.Host, cfg, c)
+		reader, _, err = processLinks(countingReader, compress, c.Request.Host, cfg, c)
 		c.WriteStream(reader)
 		if err != nil {
 			c.Errorf("%s %s %s %s %s Failed to copy response body: %v", c.ClientIP(), c.Request.Method, u, c.UserAgent(), c.Request.Proto, err)
@@ -149,10 +154,10 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
 
 		if contentLength != "" {
 			c.SetHeader("Content-Length", contentLength)
-			c.WriteStream(bodyReader)
+			c.WriteStream(countingReader)
 			return
 		}
-		c.WriteStream(bodyReader)
+		c.WriteStream(countingReader)
 	}
 
 }

proxy/docker.go

@@ -40,84 +40,167 @@ func InitWeakCache() *weakcache.Cache[string] {
 	return cache
 }
 
-// GhcrWithImageRouting 处理带有镜像路由的请求, 根据目标路由到不同的Docker注册表
-func GhcrWithImageRouting(cfg *config.Config) touka.HandlerFunc {
+var (
+	authEndpoint = "/"
+	passTypeMap  = map[string]struct{}{
+		"manifests": {},
+		"blobs":     {},
+		"tags":      {},
+		"index":     {},
+	}
+)
+
+// 处理路径各种情况
+func OciWithImageRouting(cfg *config.Config) touka.HandlerFunc {
 	return func(c *touka.Context) {
-		// 从 main.go 中固定的路由 "/v2/:target/:user/:repo/*filepath" 获取参数
-		reqTarget := c.Param("target")
-		reqImageUser := c.Param("user")
-		reqImageName := c.Param("repo")
-		reqFilePath := c.Param("filepath")
+		if !cfg.Docker.Enabled {
+			ErrorPage(c, NewErrorWithStatusLookup(403, "Docker proxy is not enabled"))
+			return
+		}
+		var (
+			p1               string
+			p2               string
+			p3               string
+			p4               string
+			target           string
+			user             string
+			repo             string
+			extpath          string
+			p1IsTarget       bool
+			ignorep3         bool
+			imageNameForAuth string
+			finalreqUrl      string
+			iInfo            *imageInfo
+		)
+		ociPath := c.Param("path")
+		if ociPath == authEndpoint {
+			emptyJSON := "{}"
+			c.Header("Content-Type", "application/json")
+			c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
 
-		var upstreamTarget string
-		var requestPath string
-		var imageNameForAuth string
+			c.Header("Docker-Distribution-API-Version", "registry/2.0")
 
-		// 关键逻辑: 判断 reqTarget 是真实主机名还是镜像名的一部分
-		// 依据: 真实主机名/IP通常包含'.'或':'
-		if strings.Contains(reqTarget, ".") || strings.Contains(reqTarget, ":") {
-			// 情况 A: reqTarget 是一个显式指定的主机名 (例如 "ghcr.io", "my-registry.com", "127.0.0.1:5000")
-			c.Debugf("Request target '%s' identified as an explicit hostname.", reqTarget)
-			upstreamTarget = reqTarget
-			// 上游请求的路径是主机名之后的部分
-			requestPath = fmt.Sprintf("%s/%s%s", reqImageUser, reqImageName, reqFilePath)
-			// 用于认证的镜像名是 user/repo
-			imageNameForAuth = fmt.Sprintf("%s/%s", reqImageUser, reqImageName)
+			c.Status(200)
+			c.Writer.Write([]byte(emptyJSON))
+			return
+		}
+
+		// 根据/分割 /:target/:user/:repo/*ext
+		ociPath = ociPath[1:]
+		i := strings.IndexByte(ociPath, '/')
+		if i <= 0 {
+			ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
+			return
+		}
+		p1 = ociPath[:i]
+
+		// 开始判断p1是否为target
+		if strings.Contains(p1, ".") || strings.Contains(p1, ":") {
+			p1IsTarget = true
+			if p1 == "docker.io" {
+				target = dockerhubTarget
+			} else {
+				target = p1
+			}
 		} else {
-			// 情况 B: reqTarget 是镜像名的一部分 (例如 "wjqserver", "library")
-			c.Debugf("Request target '%s' identified as part of an image name. Using default registry.", reqTarget)
-			// 使用配置文件中的默认目标
 			switch cfg.Docker.Target {
 			case "ghcr":
-				upstreamTarget = ghcrTarget
+				target = ghcrTarget
 			case "dockerhub":
-				upstreamTarget = dockerhubTarget
+				target = dockerhubTarget
 			case "":
 				ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
 				return
 			default:
-				upstreamTarget = cfg.Docker.Target
+				target = cfg.Docker.Target
 			}
-			// 必须将路由错误分割的所有部分重新组合成完整的镜像路径
-			requestPath = fmt.Sprintf("%s/%s/%s%s", reqTarget, reqImageUser, reqImageName, reqFilePath)
-			// 用于认证的镜像名是 target/user (例如 "wjqserver/ghproxy", "library/ubuntu")
-			imageNameForAuth = fmt.Sprintf("%s/%s", reqTarget, reqImageUser)
 		}
 
-		// 清理路径, 防止出现 "//"
-		requestPath = strings.TrimPrefix(requestPath, "/")
+		ociPath = ociPath[i+1:]
+		i = strings.IndexByte(ociPath, '/')
+		if i <= 0 {
+			ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
+			return
+		}
+		p2 = ociPath[:i]
+		ociPath = ociPath[i+1:]
 
-		// 为认证和缓存准备镜像信息
-		image := &imageInfo{
+		// 若p2和passTypeMap匹配
+		if !p1IsTarget {
+			if _, ok := passTypeMap[p2]; ok {
+				ignorep3 = true
+				switch cfg.Docker.Target {
+				case "ghcr":
+					target = ghcrTarget
+				case "dockerhub":
+					target = dockerhubTarget
+				case "":
+					ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
+					return
+				default:
+					target = cfg.Docker.Target
+				}
+				user = "library"
+				repo = p1
+				extpath = "/" + p2 + "/" + ociPath
+			}
+		}
+
+		if !ignorep3 {
+			i = strings.IndexByte(ociPath, '/')
+			if i <= 0 {
+				ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
+				return
+			}
+			p3 = ociPath[:i]
+
+			ociPath = ociPath[i+1:]
+			p4 = ociPath
+
+			if p1IsTarget {
+				if _, ok := passTypeMap[p3]; ok {
+					user = "library"
+					repo = p2
+					extpath = "/" + p3 + "/" + p4
+				} else {
+					user = p2
+					repo = p3
+					extpath = "/" + p4
+				}
+			} else {
+				switch cfg.Docker.Target {
+				case "ghcr":
+					target = ghcrTarget
+				case "dockerhub":
+					target = dockerhubTarget
+				case "":
+					ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
+					return
+				default:
+					target = cfg.Docker.Target
+				}
+				user = p1
+				repo = p2
+				extpath = "/" + p3 + "/" + p4
+			}
+		}
+
+		imageNameForAuth = user + "/" + repo
+		finalreqUrl = "https://" + target + "/v2/" + imageNameForAuth + extpath
+		if query := c.GetReqQueryString(); query != "" {
+			finalreqUrl += "?" + query
+		}
+
+		iInfo = &imageInfo{
+			User:  user,
+			Repo:  repo,
 			Image: imageNameForAuth,
 		}
 
-		// 调用 GhcrToTarget 处理实际的代理请求
-		GhcrToTarget(c, cfg, upstreamTarget, requestPath, image)
+		GhcrRequest(c.Request.Context(), c, finalreqUrl, iInfo, cfg, target)
 	}
 }
 
-// GhcrToTarget 根据配置和目标信息将请求代理到上游Docker注册表
-func GhcrToTarget(c *touka.Context, cfg *config.Config, target string, path string, image *imageInfo) {
-	// 检查Docker代理是否启用
-	if !cfg.Docker.Enabled {
-		ErrorPage(c, NewErrorWithStatusLookup(403, "Docker is not Allowed"))
-		return
-	}
-
-	var ctx = c.Request.Context()
-
-	// 构造目标URL. 这里的target和path都是由GhcrWithImageRouting正确解析得来的.
-	destUrl := "https://" + target + "/v2/" + path
-	if query := c.GetReqQueryString(); query != "" {
-		destUrl += "?" + query
-	}
-	c.Debugf("Proxying to target '%s' with path '%s'. Final URL: %s", target, path, destUrl)
-
-	// 执行实际的代理请求
-	GhcrRequest(ctx, c, destUrl, image, cfg, target)
-}
-
 // GhcrRequest 执行对Docker注册表的HTTP请求, 处理认证和重定向
 func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageInfo, cfg *config.Config, target string) {
 	var (

proxy/error.go

@@ -21,7 +21,6 @@ func HandleError(c *touka.Context, message string) {
 }
 
 func UnifiedToukaErrorHandler(c *touka.Context, code int, err error) {
-
 	errMsg := ""
 	if err != nil {
 		errMsg = err.Error()

proxy/match.go

@@ -10,11 +10,6 @@ import (
 )
 
 var (
-	githubPrefix         = "https://github.com/"
-	rawPrefix            = "https://raw.githubusercontent.com/"
-	gistPrefix           = "https://gist.github.com/"
-	gistContentPrefix    = "https://gist.githubusercontent.com/"
-	apiPrefix            = "https://api.github.com/"
 	githubPrefixLen      int
 	rawPrefixLen         int
 	gistPrefixLen        int
@@ -22,6 +17,16 @@ var (
 	apiPrefixLen         int
 )
 
+const (
+	githubPrefix            = "https://github.com/"
+	rawPrefix               = "https://raw.githubusercontent.com/"
+	gistPrefix              = "https://gist.github.com/"
+	gistContentPrefix       = "https://gist.githubusercontent.com/"
+	apiPrefix               = "https://api.github.com/"
+	ociv2Prefix             = "https://v2/"
+	releasesDownloadSnippet = "releases/download/"
+)
+
 func init() {
 	githubPrefixLen = len(githubPrefix)
 	rawPrefixLen = len(rawPrefix)
@@ -32,37 +37,70 @@ func init() {
 
 // Matcher 从原始URL路径中高效地解析并匹配代理规则.
 func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
-	if len(rawPath) < 18 {
-		return "", "", "", NewErrorWithStatusLookup(404, "path too short")
-	}
+	/*
+		if len(rawPath) < 18 {
+			return "", "", "", NewErrorWithStatusLookup(404, "path too short")
+		}
+	*/
 
 	// 匹配 "https://github.com/"
 	if strings.HasPrefix(rawPath, githubPrefix) {
-		remaining := rawPath[githubPrefixLen:]
-		i := strings.IndexByte(remaining, '/')
+		pathAfterDomain := rawPath[githubPrefixLen:]
+
+		// 解析 user
+		i := strings.IndexByte(pathAfterDomain, '/')
 		if i <= 0 {
 			return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing user")
 		}
-		user := remaining[:i]
-		remaining = remaining[i+1:]
-		i = strings.IndexByte(remaining, '/')
+		user := pathAfterDomain[:i]
+		pathAfterUser := pathAfterDomain[i+1:]
+
+		// 解析 repo
+		i = strings.IndexByte(pathAfterUser, '/')
 		if i <= 0 {
-			return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing repo")
-		}
-		repo := remaining[:i]
-		remaining = remaining[i+1:]
-		if len(remaining) == 0 {
 			return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
 		}
-		i = strings.IndexByte(remaining, '/')
-		action := remaining
-		if i != -1 {
-			action = remaining[:i]
+		repo := pathAfterUser[:i]
+		pathAfterRepo := pathAfterUser[i+1:]
+
+		if len(pathAfterRepo) == 0 {
+			return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
 		}
+
+		// 优先处理所有 "releases" 相关的下载路径
+		if strings.HasPrefix(pathAfterRepo, "releases/") {
+			// 情况 A: "releases/download/..."
+			if strings.HasPrefix(pathAfterRepo, "releases/download/") {
+				return user, repo, "releases", nil
+			}
+			// 情况 B: "releases/:tag/download/..."
+			pathAfterReleases := pathAfterRepo[len("releases/"):]
+			slashIndex := strings.IndexByte(pathAfterReleases, '/')
+			if slashIndex > 0 { // 确保tag不为空
+				pathAfterTag := pathAfterReleases[slashIndex+1:]
+				if strings.HasPrefix(pathAfterTag, "download/") {
+					return user, repo, "releases", nil
+				}
+			}
+			// 如果不满足上述下载链接的结构, 则为网页浏览路径, 予以拒绝
+			return "", "", "", NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed")
+		}
+
+		// 检查 "archive/" 路径
+		if strings.HasPrefix(pathAfterRepo, "archive/") {
+			// 根据测试用例, archive路径的matcher也应为releases
+			return user, repo, "releases", nil
+		}
+
+		// 如果不是下载路径, 则解析action并进行分类
+		i = strings.IndexByte(pathAfterRepo, '/')
+		action := pathAfterRepo
+		if i != -1 {
+			action = pathAfterRepo[:i]
+		}
+
 		var matcher string
 		switch action {
-		case "releases", "archive":
-			matcher = "releases"
 		case "blob":
 			matcher = "blob"
 		case "raw":
@@ -78,59 +116,27 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
 	// 匹配 "https://raw.githubusercontent.com/"
 	if strings.HasPrefix(rawPath, rawPrefix) {
 		remaining := rawPath[rawPrefixLen:]
-		// 这里的逻辑与 github.com 的类似, 需要提取 user, repo, branch, file...
-		// 我们只需要 user 和 repo
-		i := strings.IndexByte(remaining, '/')
-		if i <= 0 {
-			return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing user")
+		parts := strings.SplitN(remaining, "/", 3)
+		if len(parts) < 3 {
+			return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: path too short")
 		}
-		user := remaining[:i]
-		remaining = remaining[i+1:]
-		i = strings.IndexByte(remaining, '/')
-		if i <= 0 {
-			return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing repo")
-		}
-		repo := remaining[:i]
-		// raw 链接至少需要 user/repo/branch 三部分
-		remaining = remaining[i+1:]
-		if len(remaining) == 0 {
-			return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing branch/commit")
-		}
-		return user, repo, "raw", nil
+		return parts[0], parts[1], "raw", nil
 	}
 
-	// 匹配 "https://gist.github.com/"
-	if strings.HasPrefix(rawPath, gistPrefix) {
-		remaining := rawPath[gistPrefixLen:]
-		i := strings.IndexByte(remaining, '/')
-		if i <= 0 {
-			// case: https://gist.github.com/user
-			// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的
-			if len(remaining) > 0 {
-				return remaining, "", "gist", nil
-			}
+	// 匹配 "https://gist.github.com/" 或 "https://gist.githubusercontent.com/"
+	isGist := strings.HasPrefix(rawPath, gistPrefix)
+	if isGist || strings.HasPrefix(rawPath, gistContentPrefix) {
+		var remaining string
+		if isGist {
+			remaining = rawPath[gistPrefixLen:]
+		} else {
+			remaining = rawPath[gistContentPrefixLen:]
+		}
+		parts := strings.SplitN(remaining, "/", 2)
+		if len(parts) == 0 || parts[0] == "" {
 			return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
 		}
-		// case: https://gist.github.com/user/gist_id...
-		user := remaining[:i]
-		return user, "", "gist", nil
-	}
-
-	// 匹配 "https://gist.githubusercontent.com/"
-	if strings.HasPrefix(rawPath, gistContentPrefix) {
-		remaining := rawPath[gistContentPrefixLen:]
-		i := strings.IndexByte(remaining, '/')
-		if i <= 0 {
-			// case: https://gist.githubusercontent.com/user
-			// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的
-			if len(remaining) > 0 {
-				return remaining, "", "gist", nil
-			}
-			return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
-		}
-		// case: https://gist.githubusercontent.com/user/gist_id...
-		user := remaining[:i]
-		return user, "", "gist", nil
+		return parts[0], "", "gist", nil
 	}
 
 	// 匹配 "https://api.github.com/"

proxy/matcher_test.go

@@ -33,11 +33,29 @@ func TestMatcher_Compatibility(t *testing.T) {
 		expectedErrCode int
 	}{
 		{
-			name:         "GH Releases Path",
+			name:         "GH Releases Path 1",
 			rawPath:      "https://github.com/owner/repo/releases/download/v1.0/asset.zip",
 			config:       cfgWithAuth,
 			expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
 		},
+		{
+			name:         "GH Releases Path 2",
+			rawPath:      "https://github.com/owner/repo/releases/v1.0/download/asset.zip",
+			config:       cfgWithAuth,
+			expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
+		},
+		{
+			name:        "GH Releases Path Page",
+			rawPath:     "https://github.com/owner/repo/releases",
+			config:      cfgWithAuth,
+			expectError: true, expectedErrCode: 400,
+		},
+		{
+			name:        "GH Releases Path Tag Page",
+			rawPath:     "https://github.com/owner/repo/releases/tag/v0.0.1",
+			config:      cfgWithAuth,
+			expectError: true, expectedErrCode: 400,
+		},
 		{
 			name:         "GH Archive Path",
 			rawPath:      "https://github.com/owner/repo.git/archive/main.zip",

proxy/utils.go

@@ -4,10 +4,47 @@ import (
 	"fmt"
 	"ghproxy/auth"
 	"ghproxy/config"
+	"io"
 
 	"github.com/infinite-iroha/touka"
 )
 
+// CountingReader is a reader that counts the number of bytes read.
+// CountingReader 是一个计算已读字节数的读取器.
+type CountingReader struct {
+	reader    io.Reader
+	bytesRead int64
+}
+
+// NewCountingReader creates a new CountingReader.
+// NewCountingReader 创建一个新的 CountingReader.
+func NewCountingReader(reader io.Reader) *CountingReader {
+	return &CountingReader{
+		reader: reader,
+	}
+}
+
+func (cr *CountingReader) Read(p []byte) (n int, err error) {
+	n, err = cr.reader.Read(p)
+	cr.bytesRead += int64(n)
+	return n, err
+}
+
+// BytesRead returns the number of bytes read.
+// BytesRead 返回已读字节数.
+func (cr *CountingReader) BytesRead() int64 {
+	return cr.bytesRead
+}
+
+// Close closes the underlying reader if it implements io.Closer.
+// 如果底层读取器实现了 io.Closer, 则关闭它.
+func (cr *CountingReader) Close() error {
+	if closer, ok := cr.reader.(io.Closer); ok {
+		return closer.Close()
+	}
+	return nil
+}
+
 func listCheck(cfg *config.Config, c *touka.Context, user string, repo string, rawPath string) bool {
 	if cfg.Auth.ForceAllowApi && cfg.Auth.ForceAllowApiPassList {
 		return false

stats/stats.go

@@ -0,0 +1,44 @@
+package stats
+
+import (
+	"sync"
+	"time"
+)
+
+// ProxyStats store one ip's proxy stats
+// ProxyStats 存储一个IP的代理统计信息
+type ProxyStats struct {
+	IP               string    `json:"ip"`
+	LastCalled       time.Time `json:"last_called"`
+	CallCount        int64     `json:"call_count"`
+	TotalTransferred int64     `json:"total_transferred"`
+}
+
+var (
+	statsMap = &sync.Map{}
+)
+
+// Record update a ip's proxy stats
+// Record 更新一个IP的代理统计信息
+func Record(ip string, transferred int64) {
+	s, _ := statsMap.LoadOrStore(ip, &ProxyStats{
+		IP: ip,
+	})
+
+	ps := s.(*ProxyStats)
+	ps.LastCalled = time.Now()
+	ps.CallCount++
+	ps.TotalTransferred += transferred
+	statsMap.Store(ip, ps)
+}
+
+// GetStats return all proxy stats
+// GetStats 返回所有的代理统计信息
+func GetStats() map[string]*ProxyStats {
+	data := make(map[string]*ProxyStats)
+	statsMap.Range(func(key, value interface{}) bool {
+		data[key.(string)] = value.(*ProxyStats)
+		return true
+	})
+	return data
+}