Compare commits
2 Commits
feat/backe
...
4.1.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
3812b029cf | ||
|
|
8ea741aec8 |
4
.github/workflows/build-dev.yml
vendored
4
.github/workflows/build-dev.yml
vendored
@@ -46,7 +46,7 @@ jobs:
|
||||
goarch: [amd64, arm64]
|
||||
env:
|
||||
OUTPUT_BINARY: ghproxy
|
||||
GO_VERSION: 1.25
|
||||
GO_VERSION: 1.24
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
@@ -73,7 +73,7 @@ jobs:
|
||||
GOOS: ${{ matrix.goos }}
|
||||
GOARCH: ${{ matrix.goarch }}
|
||||
run: |
|
||||
CGO_ENABLED=0 go build -ldflags "-X main.version=${{ env.VERSION }} -X main.dev=true" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} .
|
||||
CGO_ENABLED=0 go build -ldflags "-X main.version=${{ env.VERSION }} -X main.dev=true" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go
|
||||
- name: 打包
|
||||
run: |
|
||||
mkdir ghproxyd
|
||||
|
||||
4
.github/workflows/build.yml
vendored
4
.github/workflows/build.yml
vendored
@@ -47,7 +47,7 @@ jobs:
|
||||
goarch: [amd64, arm64]
|
||||
env:
|
||||
OUTPUT_BINARY: ghproxy
|
||||
GO_VERSION: 1.25
|
||||
GO_VERSION: 1.24
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
@@ -74,7 +74,7 @@ jobs:
|
||||
GOOS: ${{ matrix.goos }}
|
||||
GOARCH: ${{ matrix.goarch }}
|
||||
run: |
|
||||
CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} .
|
||||
CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go
|
||||
- name: 打包
|
||||
run: |
|
||||
mkdir ghproxyd
|
||||
|
||||
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,10 +1,8 @@
|
||||
demo
|
||||
demo.toml
|
||||
demo.wanf
|
||||
*.log
|
||||
*.bak
|
||||
list.json
|
||||
iplist.json
|
||||
repos
|
||||
pages
|
||||
*_test
|
||||
147
CHANGELOG.md
147
CHANGELOG.md
@@ -1,152 +1,5 @@
|
||||
# 更新日志
|
||||
|
||||
4.3.3 - 2025-09-10
|
||||
---
|
||||
- CHANGE: 增强对[wanf](https://github.com/WJQSERVER/wanf)的支持
|
||||
- CHANGE: 更新包括Touka框架在内的各个依赖版本
|
||||
|
||||
4.3.2 - 2025-08-20
|
||||
---
|
||||
- FIX: 修正`cfg.Pages.StaticDir`为空时的处置
|
||||
|
||||
4.3.1 - 2025-08-13
|
||||
---
|
||||
- CHANGE: 更新至[Go 1.25](https://tip.golang.org/doc/go1.25)
|
||||
|
||||
4.3.0 - 2025-08-11
|
||||
---
|
||||
- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
|
||||
- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
|
||||
- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
|
||||
|
||||
4.3.0-rc.0 - 2025-08-11
|
||||
---
|
||||
- PRE-RELEASE: v4.3.0-rc.0是v4.3.0发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 为OCI镜像(Docker)代理带来自动library附加功能
|
||||
- CHANGE(refactor): 改进OCI镜像(Docker)代理路径组成流程
|
||||
- ADD: 新增[WANF](https://github.com/WJQSERVER/wanf)配置文件格式支持
|
||||
|
||||
4.2.7 - 2025-08-04
|
||||
---
|
||||
- CHANGE: 在OCI镜像(docker)代理部分增加特殊处理, 保证可用性 参看[#159](https://github.com/WJQSERVER-STUDIO/ghproxy/issues/159)
|
||||
- CHANGE: 更新Touka框架, 同步解决部分日志过多问题
|
||||
|
||||
4.2.6 - 2025-08-01
|
||||
---
|
||||
- CHANGE: 修正匹配器
|
||||
|
||||
4.2.5 - 2025-07-31
|
||||
---
|
||||
- CHANGE: 进一步完善匹配器, 兼容更多情况
|
||||
|
||||
4.2.4 - 2025-07-29
|
||||
---
|
||||
- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
|
||||
|
||||
4.2.4-rc.0 - 2025-07-29
|
||||
---
|
||||
- PRE-RELEASE: v4.2.4-rc.0是v4.2.4预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 改进匹配器, 防止匹配不应匹配的内容
|
||||
|
||||
4.2.3 - 2025-07-27
|
||||
---
|
||||
- CHANGE: 改进错误页面加载器, 避免在选择`external`模式时错误页面渲染回退到json输出
|
||||
- CHANGE: 完善OCI(Docker)镜像代理默认target逻辑
|
||||
|
||||
4.2.3-rc.0 - 2025-07-27
|
||||
---
|
||||
- PRE-RELEASE: v4.2.3-rc.0是v4.2.3预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 改进错误页面加载器, 避免在选择`external`模式时错误页面渲染回退到json输出
|
||||
- CHANGE: 完善OCI(Docker)镜像代理默认target逻辑
|
||||
|
||||
4.2.2 - 2025-07-25
|
||||
---
|
||||
- CHANGE: 重构OCI镜像代理部分, 完善对`ghcr`,`gcr`,`k8s.gcr`等上游源特殊处理的适配
|
||||
|
||||
4.2.2-rc.0 - 2025-07-25
|
||||
---
|
||||
- PRE-RELEASE: v4.2.2-rc.0是v4.2.2预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 重构OCI镜像代理部分, 完善对`ghcr`,`gcr`,`k8s.gcr`等上游源特殊处理的适配
|
||||
|
||||
4.2.1 - 2025-07-25
|
||||
---
|
||||
- CHANGE: 更新主题样式, 新增`free`主题, `design`与`hub`主题样式更新
|
||||
|
||||
4.2.0 - 2025-07-22
|
||||
---
|
||||
- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
|
||||
- CHANGE: 进一步推进`json/v2`支持
|
||||
|
||||
4.2.0-rc.0 - 2025-07-22
|
||||
---
|
||||
- PRE-RELEASE: v4.2.0-rc.0是v4.2.0预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
|
||||
- CHANGE: 深化json/v2改革, 预备go1.25 json/v2
|
||||
|
||||
4.1.7 - 2025-07-20
|
||||
---
|
||||
- CHANGE: 更新相关依赖
|
||||
- CHANGE: 改进代码结构, 完善处理
|
||||
|
||||
4.1.7-rc.0 - 2025-07-20
|
||||
---
|
||||
- PRE-RELEASE: v4.1.7-rc.0是v4.1.7预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 更新相关依赖
|
||||
- CHANGE: 改进代码结构, 完善处理
|
||||
|
||||
4.1.6 - 2025-07-07
|
||||
---
|
||||
- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
|
||||
- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
|
||||
|
||||
4.1.6-rc.0 - 2025-07-07
|
||||
---
|
||||
- PRE-RELEASE: v4.1.6-rc.0是v4.1.6预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
|
||||
- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
|
||||
|
||||
4.1.5 - 2025-07-03
|
||||
---
|
||||
- CHANGE: 更新`httpc`依赖以修正一些问题
|
||||
|
||||
4.1.5-rc.0 - 2025-07-03
|
||||
---
|
||||
- PRE-RELEASE: v4.1.5-rc.0是v4.1.5预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 更新`httpc`依赖以修正一些问题
|
||||
|
||||
4.1.4 - 2025-06-30
|
||||
---
|
||||
- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
|
||||
- CHANGE: 更新`json/v2`版本
|
||||
|
||||
4.1.4-rc.0 - 2025-06-30
|
||||
---
|
||||
- PRE-RELEASE: v4.1.4-rc.0是v4.1.4预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
|
||||
- CHANGE: 更新`json/v2`版本
|
||||
|
||||
4.1.3 - 2025-06-25
|
||||
---
|
||||
- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
|
||||
|
||||
4.1.3-rc.0 - 2025-06-25
|
||||
---
|
||||
- PRE-RELEASE: 此版本是v4.1.3预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
|
||||
|
||||
4.1.2 - 2025-06-18
|
||||
---
|
||||
- CHANGE: 更新`design`主题, 更新默认配置生成
|
||||
|
||||
4.1.2-rc.0 - 2025-06-18
|
||||
---
|
||||
- PRE-RELEASE: 此版本是v4.1.2预发布版本,请勿在生产环境中使用;
|
||||
- CHANGE: 更新`design`主题, 更新默认配置生成
|
||||
|
||||
4.1.1 - 2025-06-18
|
||||
---
|
||||
- CHANGE: 更新touka框架到v0.2.6, 解决MidwareX的一些状态问题
|
||||
|
||||
4.1.0 - 2025-06-17
|
||||
---
|
||||
- ADD: 加入基于`basic auth`的docker鉴权支持
|
||||
|
||||
@@ -1 +1 @@
|
||||
4.3.0-rc.0
|
||||
4.1.0-rc.0
|
||||
|
||||
17
README.md
17
README.md
@@ -6,7 +6,7 @@
|
||||
|
||||
[](https://goreportcard.com/report/github.com/WJQSERVER-STUDIO/ghproxy)
|
||||
|
||||
一个基于Go的高性能Github资源代理程序, 同时支持Docker镜像代理与脚本嵌套加速等多种功能
|
||||
GHProxy是一个基于Go的支持代理Github仓库资源和API的项目, 同时支持Docker镜像代理与脚本嵌套加速等多种功能
|
||||
|
||||
## 项目说明
|
||||
|
||||
@@ -32,11 +32,9 @@
|
||||
|
||||
[TG讨论群组](https://t.me/ghproxy_go)
|
||||
|
||||
[GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
|
||||
|
||||
[相关文章](https://blog.wjqserver.com/categories/my-program/)
|
||||
|
||||
代理相关推广: [Thordata](https://www.thordata.com/?ls=github&lk=WJQserver),市面上最具性价比的代理服务商,便宜好用,来自全球195个国家城市的6000万IP,轮换住宅/原生ISP/无限量仅从$0.65/GB 起,新用户$1=5GB .联系客户可获得免费测试.
|
||||
[GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
|
||||
|
||||
### 使用示例
|
||||
|
||||
@@ -97,11 +95,16 @@ wget -O install-dev.sh https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghprox
|
||||
|
||||
参看[GHProxy-Frontend](https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend)
|
||||
|
||||
## 文档
|
||||
## 项目简史
|
||||
|
||||
* [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
|
||||
本项目旨在于构建一个高效且功能多样的GHProxy
|
||||
|
||||
* [](https://deepwiki.com/WJQSERVER-STUDIO/ghproxy) 可供参考, AI生成存在幻觉, 不完全可靠, 请注意辨别
|
||||
- v4.0.0 迁移到[Touka框架](https://github.com/infinite-iroha/touka)
|
||||
- v3.0.0 迁移到HertZ框架, 进一步提升效率
|
||||
- v2.4.1 对路径匹配进行优化
|
||||
- v2.0.0 对`proxy`核心模块进行了重构,大幅优化内存占用
|
||||
- v1.0.0 迁移至本仓库,并再次重构内容实现
|
||||
- v0.2.0 重构项目实现
|
||||
|
||||
## LICENSE
|
||||
|
||||
|
||||
@@ -3,7 +3,6 @@ package api
|
||||
import (
|
||||
"ghproxy/config"
|
||||
"ghproxy/middleware/nocache"
|
||||
"ghproxy/stats"
|
||||
|
||||
"github.com/infinite-iroha/touka"
|
||||
)
|
||||
@@ -47,17 +46,9 @@ func InitHandleRouter(cfg *config.Config, r *touka.Engine, version string) {
|
||||
apiRouter.GET("/oci_proxy/status", func(c *touka.Context) {
|
||||
ociProxyStatusHandler(cfg, c)
|
||||
})
|
||||
apiRouter.GET("/stats", func(c *touka.Context) {
|
||||
StatsHandler(c)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func StatsHandler(c *touka.Context) {
|
||||
c.SetHeader("Content-Type", "application/json")
|
||||
c.JSON(200, stats.GetStats())
|
||||
}
|
||||
|
||||
func SizeLimitHandler(cfg *config.Config, c *touka.Context) {
|
||||
sizeLimit := cfg.Server.SizeLimit
|
||||
c.SetHeader("Content-Type", "application/json")
|
||||
|
||||
@@ -7,7 +7,7 @@ import (
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/go-json-experiment/json"
|
||||
"encoding/json"
|
||||
)
|
||||
|
||||
type Blacklist struct {
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"ghproxy/config"
|
||||
"os"
|
||||
|
||||
"github.com/go-json-experiment/json"
|
||||
"github.com/go-json-experiment/json/jsontext"
|
||||
)
|
||||
|
||||
func ReadIPFilterList(cfg *config.Config) (whitelist []string, blacklist []string, err error) {
|
||||
if cfg.IPFilter.IPFilterFile == "" {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
// 检查文件是否存在, 不存在则创建空json
|
||||
if _, err := os.Stat(cfg.IPFilter.IPFilterFile); os.IsNotExist(err) {
|
||||
if err := CreateEmptyIPFilterFile(cfg.IPFilter.IPFilterFile); err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to create empty IP filter file: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(cfg.IPFilter.IPFilterFile)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to read IP filter file: %w", err)
|
||||
}
|
||||
|
||||
var ipFilterData struct {
|
||||
AllowList []string `json:"allow"`
|
||||
BlockList []string `json:"block"`
|
||||
}
|
||||
if err := json.Unmarshal(data, &ipFilterData); err != nil {
|
||||
return nil, nil, fmt.Errorf("invalid IP filter file format: %w", err)
|
||||
}
|
||||
|
||||
return ipFilterData.AllowList, ipFilterData.BlockList, nil
|
||||
}
|
||||
|
||||
// 创建空列表json
|
||||
func CreateEmptyIPFilterFile(filePath string) error {
|
||||
emptyData := struct {
|
||||
AllowList []string `json:"allow"`
|
||||
BlockList []string `json:"block"`
|
||||
}{
|
||||
AllowList: []string{},
|
||||
BlockList: []string{},
|
||||
}
|
||||
|
||||
jsonData, err := json.Marshal(emptyData, jsontext.Multiline(true), jsontext.WithIndent(" "))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal empty IP filter data: %w", err)
|
||||
}
|
||||
|
||||
err = os.WriteFile(filePath, jsonData, 0644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write empty IP filter file: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -1,13 +1,12 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"ghproxy/config"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/go-json-experiment/json"
|
||||
)
|
||||
|
||||
// Whitelist 用于存储白名单信息
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="zh">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>后台统计</title>
|
||||
<link rel="stylesheet" href="/bootstrap.min.css">
|
||||
</head>
|
||||
<body>
|
||||
<div class="container mt-5">
|
||||
<h1>IP 代理使用情况统计</h1>
|
||||
<table class="table table-striped table-bordered mt-4">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>IP 地址</th>
|
||||
<th>调用次数</th>
|
||||
<th>总流量 (bytes)</th>
|
||||
<th>最后调用时间</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody id="stats-table-body">
|
||||
<!-- 数据将由 script.js 动态填充 -->
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<script src="script.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,36 +0,0 @@
|
||||
document.addEventListener('DOMContentLoaded', function() {
|
||||
fetch('/api/stats')
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
const tableBody = document.getElementById('stats-table-body');
|
||||
tableBody.innerHTML = ''; // 清空现有内容
|
||||
|
||||
for (const ip in data) {
|
||||
const stats = data[ip];
|
||||
const row = document.createElement('tr');
|
||||
|
||||
const ipCell = document.createElement('td');
|
||||
ipCell.textContent = stats.ip;
|
||||
row.appendChild(ipCell);
|
||||
|
||||
const callCountCell = document.createElement('td');
|
||||
callCountCell.textContent = stats.call_count;
|
||||
row.appendChild(callCountCell);
|
||||
|
||||
const transferredCell = document.createElement('td');
|
||||
transferredCell.textContent = stats.total_transferred;
|
||||
row.appendChild(transferredCell);
|
||||
|
||||
const lastCalledCell = document.createElement('td');
|
||||
lastCalledCell.textContent = new Date(stats.last_called).toLocaleString();
|
||||
row.appendChild(lastCalledCell);
|
||||
|
||||
tableBody.appendChild(row);
|
||||
}
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('获取统计数据时出错:', error);
|
||||
const tableBody = document.getElementById('stats-table-body');
|
||||
tableBody.innerHTML = '<tr><td colspan="4" class="text-center">加载统计数据失败</td></tr>';
|
||||
});
|
||||
});
|
||||
231
config/config.go
231
config/config.go
@@ -1,31 +1,24 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
|
||||
"github.com/WJQSERVER/wanf"
|
||||
)
|
||||
|
||||
// Config 结构体定义了整个应用程序的配置
|
||||
type Config struct {
|
||||
Server ServerConfig `toml:"server" wanf:"server"`
|
||||
Httpc HttpcConfig `toml:"httpc" wanf:"httpc"`
|
||||
GitClone GitCloneConfig `toml:"gitclone" wanf:"gitclone"`
|
||||
Shell ShellConfig `toml:"shell" wanf:"shell"`
|
||||
Pages PagesConfig `toml:"pages" wanf:"pages"`
|
||||
Log LogConfig `toml:"log" wanf:"log"`
|
||||
Auth AuthConfig `toml:"auth" wanf:"auth"`
|
||||
Blacklist BlacklistConfig `toml:"blacklist" wanf:"blacklist"`
|
||||
Whitelist WhitelistConfig `toml:"whitelist" wanf:"whitelist"`
|
||||
IPFilter IPFilterConfig `toml:"ipFilter" wanf:"ipFilter"`
|
||||
RateLimit RateLimitConfig `toml:"rateLimit" wanf:"rateLimit"`
|
||||
Outbound OutboundConfig `toml:"outbound" wanf:"outbound"`
|
||||
Docker DockerConfig `toml:"docker" wanf:"docker"`
|
||||
Server ServerConfig
|
||||
Httpc HttpcConfig
|
||||
GitClone GitCloneConfig
|
||||
Shell ShellConfig
|
||||
Pages PagesConfig
|
||||
Log LogConfig
|
||||
Auth AuthConfig
|
||||
Blacklist BlacklistConfig
|
||||
Whitelist WhitelistConfig
|
||||
RateLimit RateLimitConfig
|
||||
Outbound OutboundConfig
|
||||
Docker DockerConfig
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -38,14 +31,13 @@ cors = "*" # "*"/"" -> "*" ; "nil" -> "" ;
|
||||
debug = false
|
||||
*/
|
||||
|
||||
// ServerConfig 定义服务器相关的配置
|
||||
type ServerConfig struct {
|
||||
Port int `toml:"port" wanf:"port"`
|
||||
Host string `toml:"host" wanf:"host"`
|
||||
SizeLimit int `toml:"sizeLimit" wanf:"sizeLimit"`
|
||||
MemLimit int64 `toml:"memLimit" wanf:"memLimit"`
|
||||
Cors string `toml:"cors" wanf:"cors"`
|
||||
Debug bool `toml:"debug" wanf:"debug"`
|
||||
Port int `toml:"port"`
|
||||
Host string `toml:"host"`
|
||||
SizeLimit int `toml:"sizeLimit"`
|
||||
MemLimit int64 `toml:"memLimit"`
|
||||
Cors string `toml:"cors"`
|
||||
Debug bool `toml:"debug"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -56,28 +48,24 @@ maxIdleConnsPerHost = 60 # only for advanced mode
|
||||
maxConnsPerHost = 0 # only for advanced mode
|
||||
useCustomRawHeaders = false
|
||||
*/
|
||||
// HttpcConfig 定义 HTTP 客户端相关的配置
|
||||
type HttpcConfig struct {
|
||||
Mode string `toml:"mode" wanf:"mode"`
|
||||
MaxIdleConns int `toml:"maxIdleConns" wanf:"maxIdleConns"`
|
||||
MaxIdleConnsPerHost int `toml:"maxIdleConnsPerHost" wanf:"maxIdleConnsPerHost"`
|
||||
MaxConnsPerHost int `toml:"maxConnsPerHost" wanf:"maxConnsPerHost"`
|
||||
UseCustomRawHeaders bool `toml:"useCustomRawHeaders" wanf:"useCustomRawHeaders"`
|
||||
Mode string `toml:"mode"`
|
||||
MaxIdleConns int `toml:"maxIdleConns"`
|
||||
MaxIdleConnsPerHost int `toml:"maxIdleConnsPerHost"`
|
||||
MaxConnsPerHost int `toml:"maxConnsPerHost"`
|
||||
UseCustomRawHeaders bool `toml:"useCustomRawHeaders"`
|
||||
}
|
||||
|
||||
/*
|
||||
[gitclone]
|
||||
mode = "bypass" # bypass / cache
|
||||
smartGitAddr = "http://127.0.0.1:8080"
|
||||
//cacheTimeout = 10
|
||||
ForceH2C = true
|
||||
*/
|
||||
// GitCloneConfig 定义 Git 克隆相关的配置
|
||||
type GitCloneConfig struct {
|
||||
Mode string `toml:"mode" wanf:"mode"`
|
||||
SmartGitAddr string `toml:"smartGitAddr" wanf:"smartGitAddr"`
|
||||
//CacheTimeout int `toml:"cacheTimeout"`
|
||||
ForceH2C bool `toml:"ForceH2C" wanf:"ForceH2C"`
|
||||
Mode string `toml:"mode"`
|
||||
SmartGitAddr string `toml:"smartGitAddr"`
|
||||
ForceH2C bool `toml:"ForceH2C"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -85,10 +73,9 @@ type GitCloneConfig struct {
|
||||
editor = true
|
||||
rewriteAPI = false
|
||||
*/
|
||||
// ShellConfig 定义 Shell 相关的配置
|
||||
type ShellConfig struct {
|
||||
Editor bool `toml:"editor" wanf:"editor"`
|
||||
RewriteAPI bool `toml:"rewriteAPI" wanf:"rewriteAPI"`
|
||||
Editor bool `toml:"editor"`
|
||||
RewriteAPI bool `toml:"rewriteAPI"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -97,18 +84,16 @@ mode = "internal" # "internal" or "external"
|
||||
theme = "bootstrap" # "bootstrap" or "nebula"
|
||||
staticDir = "/data/www"
|
||||
*/
|
||||
// PagesConfig 定义静态页面相关的配置
|
||||
type PagesConfig struct {
|
||||
Mode string `toml:"mode" wanf:"mode"`
|
||||
Theme string `toml:"theme" wanf:"theme"`
|
||||
StaticDir string `toml:"staticDir" wanf:"staticDir"`
|
||||
Mode string `toml:"mode"`
|
||||
Theme string `toml:"theme"`
|
||||
StaticDir string `toml:"staticDir"`
|
||||
}
|
||||
|
||||
// LogConfig 定义日志相关的配置
|
||||
type LogConfig struct {
|
||||
LogFilePath string `toml:"logFilePath" wanf:"logFilePath"`
|
||||
MaxLogSize int64 `toml:"maxLogSize" wanf:"maxLogSize"`
|
||||
Level string `toml:"level" wanf:"level"`
|
||||
LogFilePath string `toml:"logFilePath"`
|
||||
MaxLogSize int64 `toml:"maxLogSize"`
|
||||
Level string `toml:"level"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -121,35 +106,24 @@ passThrough = false
|
||||
ForceAllowApi = false
|
||||
ForceAllowApiPassList = false
|
||||
*/
|
||||
// AuthConfig 定义认证相关的配置
|
||||
type AuthConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
Method string `toml:"method" wanf:"method"`
|
||||
Key string `toml:"key" wanf:"key"`
|
||||
Token string `toml:"token" wanf:"token"`
|
||||
PassThrough bool `toml:"passThrough" wanf:"passThrough"`
|
||||
ForceAllowApi bool `toml:"ForceAllowApi" wanf:"ForceAllowApi"`
|
||||
ForceAllowApiPassList bool `toml:"ForceAllowApiPassList" wanf:"ForceAllowApiPassList"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
Method string `toml:"method"`
|
||||
Key string `toml:"key"`
|
||||
Token string `toml:"token"`
|
||||
PassThrough bool `toml:"passThrough"`
|
||||
ForceAllowApi bool `toml:"ForceAllowApi"`
|
||||
ForceAllowApiPassList bool `toml:"ForceAllowApiPassList"`
|
||||
}
|
||||
|
||||
// BlacklistConfig 定义黑名单相关的配置
|
||||
type BlacklistConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
BlacklistFile string `toml:"blacklistFile" wanf:"blacklistFile"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
BlacklistFile string `toml:"blacklistFile"`
|
||||
}
|
||||
|
||||
// WhitelistConfig 定义白名单相关的配置
|
||||
type WhitelistConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
WhitelistFile string `toml:"whitelistFile" wanf:"whitelistFile"`
|
||||
}
|
||||
|
||||
// IPFilterConfig 定义 IP 过滤相关的配置
|
||||
type IPFilterConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
EnableAllowList bool `toml:"enableAllowList" wanf:"enableAllowList"`
|
||||
EnableBlockList bool `toml:"enableBlockList" wanf:"enableBlockList"`
|
||||
IPFilterFile string `toml:"ipFilterFile" wanf:"ipFilterFile"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
WhitelistFile string `toml:"whitelistFile"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -166,21 +140,19 @@ burst = 10
|
||||
singleBurst = "10mbps"
|
||||
*/
|
||||
|
||||
// RateLimitConfig 定义限速相关的配置
|
||||
type RateLimitConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
RatePerMinute int `toml:"ratePerMinute" wanf:"ratePerMinute"`
|
||||
Burst int `toml:"burst" wanf:"burst"`
|
||||
BandwidthLimit BandwidthLimitConfig `toml:"bandwidthLimit" wanf:"bandwidthLimit"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
RatePerMinute int `toml:"ratePerMinute"`
|
||||
Burst int `toml:"burst"`
|
||||
BandwidthLimit BandwidthLimitConfig
|
||||
}
|
||||
|
||||
// BandwidthLimitConfig 定义带宽限制相关的配置
|
||||
type BandwidthLimitConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
TotalLimit string `toml:"totalLimit" wanf:"totalLimit"`
|
||||
TotalBurst string `toml:"totalBurst" wanf:"totalBurst"`
|
||||
SingleLimit string `toml:"singleLimit" wanf:"singleLimit"`
|
||||
SingleBurst string `toml:"singleBurst" wanf:"singleBurst"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
TotalLimit string `toml:"totalLimit"`
|
||||
TotalBurst string `toml:"totalBurst"`
|
||||
SingleLimit string `toml:"singleLimit"`
|
||||
SingleBurst string `toml:"singleBurst"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -188,10 +160,9 @@ type BandwidthLimitConfig struct {
|
||||
enabled = false
|
||||
url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
|
||||
*/
|
||||
// OutboundConfig 定义出站代理相关的配置
|
||||
type OutboundConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
Url string `toml:"url" wanf:"url"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
Url string `toml:"url"`
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -203,19 +174,16 @@ auth = false
|
||||
user1 = "testpass"
|
||||
test = "test123"
|
||||
*/
|
||||
// DockerConfig 定义 Docker 相关的配置
|
||||
type DockerConfig struct {
|
||||
Enabled bool `toml:"enabled" wanf:"enabled"`
|
||||
Target string `toml:"target" wanf:"target"`
|
||||
Auth bool `toml:"auth" wanf:"auth"`
|
||||
Credentials map[string]string `toml:"credentials" wanf:"credentials"`
|
||||
AuthPassThrough bool `toml:"authPassThrough" wanf:"authPassThrough"`
|
||||
Enabled bool `toml:"enabled"`
|
||||
Target string `toml:"target"`
|
||||
Auth bool `toml:"auth"`
|
||||
Credentials map[string]string `toml:"credentials"`
|
||||
}
|
||||
|
||||
// LoadConfig 从配置文件加载配置
|
||||
// LoadConfig 从 TOML 配置文件加载配置
|
||||
func LoadConfig(filePath string) (*Config, error) {
|
||||
exist, filePath2read := FileExists(filePath)
|
||||
if !exist {
|
||||
if !FileExists(filePath) {
|
||||
// 楔入配置文件
|
||||
err := DefaultConfig().WriteConfig(filePath)
|
||||
if err != nil {
|
||||
@@ -223,22 +191,15 @@ func LoadConfig(filePath string) (*Config, error) {
|
||||
}
|
||||
return DefaultConfig(), nil
|
||||
}
|
||||
var config Config
|
||||
ext := filepath.Ext(filePath2read)
|
||||
if ext == ".wanf" {
|
||||
if err := wanf.DecodeFile(filePath2read, &config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &config, nil
|
||||
}
|
||||
|
||||
if _, err := toml.DecodeFile(filePath2read, &config); err != nil {
|
||||
var config Config
|
||||
if _, err := toml.DecodeFile(filePath, &config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &config, nil
|
||||
}
|
||||
|
||||
// WriteConfig 写入配置文件
|
||||
// 写入配置文件
|
||||
func (c *Config) WriteConfig(filePath string) error {
|
||||
file, err := os.Create(filePath)
|
||||
if err != nil {
|
||||
@@ -246,54 +207,17 @@ func (c *Config) WriteConfig(filePath string) error {
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
ext := filepath.Ext(filePath)
|
||||
if ext == ".wanf" {
|
||||
err := wanf.NewStreamEncoder(file).Encode(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
encoder := toml.NewEncoder(file)
|
||||
return encoder.Encode(c)
|
||||
}
|
||||
|
||||
// FileExists 检测文件是否存在
|
||||
func FileExists(filename string) (bool, string) {
|
||||
// 检测文件是否存在
|
||||
func FileExists(filename string) bool {
|
||||
_, err := os.Stat(filename)
|
||||
if err == nil {
|
||||
return true, filename
|
||||
}
|
||||
if os.IsNotExist(err) {
|
||||
// 获取文件名(不包含路径)
|
||||
base := filepath.Base(filename)
|
||||
dir := filepath.Dir(filename)
|
||||
|
||||
// 获取扩展名
|
||||
fileNameBody := strings.TrimSuffix(base, filepath.Ext(base))
|
||||
|
||||
// 重新组合路径, 扩展名改为.wanf, 确认是否存在
|
||||
wanfFilename := filepath.Join(dir, fileNameBody+".wanf")
|
||||
|
||||
_, err = os.Stat(wanfFilename)
|
||||
if err == nil {
|
||||
// .wanf 文件存在
|
||||
fmt.Printf("\n Found .wanf file: %s\n", wanfFilename)
|
||||
return true, wanfFilename
|
||||
} else if os.IsNotExist(err) {
|
||||
// .wanf 文件不存在
|
||||
return false, ""
|
||||
} else {
|
||||
// 其他错误
|
||||
return false, ""
|
||||
}
|
||||
} else {
|
||||
return false, filename
|
||||
}
|
||||
return !os.IsNotExist(err)
|
||||
}
|
||||
|
||||
// DefaultConfig 返回默认配置结构体
|
||||
// 默认配置结构体
|
||||
func DefaultConfig() *Config {
|
||||
return &Config{
|
||||
Server: ServerConfig{
|
||||
@@ -321,7 +245,7 @@ func DefaultConfig() *Config {
|
||||
},
|
||||
Pages: PagesConfig{
|
||||
Mode: "internal",
|
||||
Theme: "hub",
|
||||
Theme: "bootstrap",
|
||||
StaticDir: "/data/www",
|
||||
},
|
||||
Log: LogConfig{
|
||||
@@ -346,14 +270,9 @@ func DefaultConfig() *Config {
|
||||
Enabled: false,
|
||||
WhitelistFile: "/data/ghproxy/config/whitelist.json",
|
||||
},
|
||||
IPFilter: IPFilterConfig{
|
||||
Enabled: false,
|
||||
IPFilterFile: "/data/ghproxy/config/ipfilter.json",
|
||||
EnableAllowList: false,
|
||||
EnableBlockList: false,
|
||||
},
|
||||
RateLimit: RateLimitConfig{
|
||||
Enabled: false,
|
||||
Enabled: false,
|
||||
//RateMethod: "total",
|
||||
RatePerMinute: 100,
|
||||
Burst: 10,
|
||||
BandwidthLimit: BandwidthLimitConfig{
|
||||
@@ -370,11 +289,7 @@ func DefaultConfig() *Config {
|
||||
},
|
||||
Docker: DockerConfig{
|
||||
Enabled: false,
|
||||
Target: "dockerhub",
|
||||
Auth: false,
|
||||
Credentials: map[string]string{
|
||||
"testpass": "test123",
|
||||
},
|
||||
Target: "ghcr",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,10 +25,10 @@ rewriteAPI = false
|
||||
[pages]
|
||||
mode = "internal" # "internal" or "external"
|
||||
theme = "bootstrap" # "bootstrap" or "nebula"
|
||||
staticDir = "pages"
|
||||
staticDir = "/data/www"
|
||||
|
||||
[log]
|
||||
logFilePath = "ghproxy.log"
|
||||
logFilePath = "/data/ghproxy/log/ghproxy.log"
|
||||
maxLogSize = 5 # MB
|
||||
level = "info" # debug, info, warn, error, none
|
||||
|
||||
@@ -42,18 +42,12 @@ ForceAllowApi = false
|
||||
ForceAllowApiPassList = false
|
||||
|
||||
[blacklist]
|
||||
blacklistFile = "blacklist.json"
|
||||
blacklistFile = "/data/ghproxy/config/blacklist.json"
|
||||
enabled = false
|
||||
|
||||
[whitelist]
|
||||
enabled = false
|
||||
whitelistFile = "whitelist.json"
|
||||
|
||||
[ipFilter]
|
||||
enabled = false
|
||||
enableAllowList = false
|
||||
enableBlockList = false
|
||||
ipFilterFile = "ipfilter.json"
|
||||
whitelistFile = "/data/ghproxy/config/whitelist.json"
|
||||
|
||||
[rateLimit]
|
||||
enabled = false
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
{
|
||||
"allow": [
|
||||
"127.0.0.1",
|
||||
"192.168.1.0/24",
|
||||
"::1"
|
||||
],
|
||||
"block": [
|
||||
"10.0.0.0/8",
|
||||
"192.168.1.0/24"
|
||||
]
|
||||
}
|
||||
24
go.mod
24
go.mod
@@ -1,27 +1,27 @@
|
||||
module ghproxy
|
||||
|
||||
go 1.25.1
|
||||
go 1.24.4
|
||||
|
||||
require (
|
||||
github.com/BurntSushi/toml v1.5.0
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.8.2
|
||||
golang.org/x/net v0.44.0
|
||||
golang.org/x/time v0.13.0
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.7.0
|
||||
golang.org/x/net v0.41.0
|
||||
golang.org/x/time v0.12.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2
|
||||
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2
|
||||
github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee
|
||||
github.com/fenthope/bauth v0.0.1
|
||||
github.com/fenthope/ikumi v0.0.2
|
||||
github.com/fenthope/ipfilter v0.0.1
|
||||
github.com/fenthope/reco v0.0.4
|
||||
github.com/fenthope/record v0.0.4
|
||||
github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b
|
||||
github.com/fenthope/reco v0.0.3
|
||||
github.com/fenthope/record v0.0.3
|
||||
github.com/hashicorp/golang-lru/v2 v2.0.7
|
||||
github.com/infinite-iroha/touka v0.3.8
|
||||
github.com/infinite-iroha/touka v0.2.5
|
||||
github.com/wjqserver/modembed v0.0.1
|
||||
)
|
||||
|
||||
require github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
require (
|
||||
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 // indirect
|
||||
github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8 // indirect
|
||||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
)
|
||||
|
||||
36
go.sum
36
go.sum
@@ -1,34 +1,30 @@
|
||||
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
|
||||
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2 h1:AiIHXP21LpK7pFfqUlUstgQEWzjbekZgxOuvVwiMfyM=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/iox v0.0.2/go.mod h1:mCLqYU32bTmEE6dpj37MKKiZgz70Jh/xyK9vVbq6pok=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 h1:JLtFd00AdFg/TP+dtvIzLkdHwKUGPOAijN1sMtEYoFg=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4/go.mod h1:FZ6XE+4TKy4MOfX1xWKe6Rwsg0ucYFCdNh1KLvyKTfc=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 h1:8bBkKk6E2Zr+I5szL7gyc5f0DK8N9agIJCpM1Cqw2NE=
|
||||
github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2/go.mod h1:yPX8xuZH+py7eLJwOYj3VVI/4/Yuy5+x8Mhq8qezcPg=
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.8.2 h1:PFPLodV0QAfGEP6915J57vIqoKu9cGuuiXG/7C9TNUk=
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.8.2/go.mod h1:8WhHVRO+olDFBSvL5PC/bdMkb6U3vRdPJ4p4pnguV5Y=
|
||||
github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee h1:tJ31DNBn6UhWkk8fiikAQWqULODM+yBcGAEar1tzdZc=
|
||||
github.com/WJQSERVER/wanf v0.0.0-20250810023226-e51d9d0737ee/go.mod h1:q2Pyg+G+s1acMWxrbI4CwS/Yk76/BzLREEdZ8iFwUNE=
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.7.0 h1:iHhqlxppJBjlmvsIjvLZKRbWXqSdbeSGGofjHGmqGJc=
|
||||
github.com/WJQSERVER-STUDIO/httpc v0.7.0/go.mod h1:M7KNUZjjhCkzzcg9lBPs9YfkImI+7vqjAyjdA19+joE=
|
||||
github.com/fenthope/bauth v0.0.1 h1:+4UIQshGx3mYD4L3f2S4MLZOi5PWU7fU5GK3wsZvwzE=
|
||||
github.com/fenthope/bauth v0.0.1/go.mod h1:1fveTpgfR1p+WXQ8MXm9BfBCeNYi55j23jxCOGOvBSA=
|
||||
github.com/fenthope/ikumi v0.0.2 h1:5oaSTf/Msp7M2O3o/X20omKWEQbFhX4KV0CVF21oCdk=
|
||||
github.com/fenthope/ikumi v0.0.2/go.mod h1:IYbxzOGndZv/yRrbVMyV6dxh06X2wXCbfxrTRM1IruU=
|
||||
github.com/fenthope/ipfilter v0.0.1 h1:HrYAyixCMvsDAz36GRyFfyCNtrgYwzrhMcY0XV7fGcM=
|
||||
github.com/fenthope/ipfilter v0.0.1/go.mod h1:QfY0GrpG0D82HROgdH4c9eog4js42ghLIfl/iM4MvvY=
|
||||
github.com/fenthope/reco v0.0.4 h1:yo2g3aWwdoMpaZWZX4SdZOW7mCK82RQIU/YI8ZUQThM=
|
||||
github.com/fenthope/reco v0.0.4/go.mod h1:eMyS8HpdMVdJ/2WJt6Cvt8P1EH9Igzj5lSJrgc+0jeg=
|
||||
github.com/fenthope/record v0.0.4 h1:/1JHNCxiXGLL/qCh4LEGaAvhj4CcKsb6siTxjLmjdO4=
|
||||
github.com/fenthope/record v0.0.4/go.mod h1:G0a6KCiCDyX2SsC3nfzSN651fJKxH482AyJvzlnvAJU=
|
||||
github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b h1:6Q4zRHXS/YLOl9Ng1b1OOOBWMidAQZR3Gel0UKPC/KU=
|
||||
github.com/go-json-experiment/json v0.0.0-20250813233538-9b1f9ea2e11b/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
|
||||
github.com/fenthope/reco v0.0.3 h1:RmnQ0D9a8PWtwOODawitTe4BztTnS9wYwrDbipISNq4=
|
||||
github.com/fenthope/reco v0.0.3/go.mod h1:mDkGLHte5udWTIcjQTxrABRcf56SSdxBOCLgrRDwI/Y=
|
||||
github.com/fenthope/record v0.0.3 h1:v5urgs5LAkLMlljAT/MjW8fWuRHXPnAraTem5ui7rm4=
|
||||
github.com/fenthope/record v0.0.3/go.mod h1:KFEkSc4TDZ3QIhP/wglD32uYVA6X1OUcripiao1DEE4=
|
||||
github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8 h1:o8UqXPI6SVwQt04RGsqKp3qqmbOfTNMqDrWsc4O47kk=
|
||||
github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
|
||||
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
|
||||
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
|
||||
github.com/infinite-iroha/touka v0.3.8 h1:BK7+hwk5s5SpRFjFKIPe5CzZNzjP36kLHkM/HX6SU38=
|
||||
github.com/infinite-iroha/touka v0.3.8/go.mod h1:uwkF1gTrNEgQ4P/Gwtk6WLbERehq3lzB8x1FMedyrfE=
|
||||
github.com/infinite-iroha/touka v0.2.5 h1:x7lcKk0MIHGrPb9TMmgC+nG57G4SeFGflwrta2Lz3jo=
|
||||
github.com/infinite-iroha/touka v0.2.5/go.mod h1:2MBPtsM+5ClIZ/E1mPEKx1Rb+KIndTwZlIa2CwRPV7A=
|
||||
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
|
||||
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
|
||||
github.com/wjqserver/modembed v0.0.1 h1:8ZDz7t9M5DLrUFlYgBUUmrMzxWsZPmHvOazkr/T2jEs=
|
||||
github.com/wjqserver/modembed v0.0.1/go.mod h1:sYbQJMAjSBsdYQrUsuHY380XXE1CuRh8g9yyCztTXOQ=
|
||||
golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
|
||||
golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
|
||||
golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
|
||||
golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
|
||||
golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
|
||||
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
|
||||
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
|
||||
|
||||
236
main.go
236
main.go
@@ -8,7 +8,6 @@ import (
|
||||
"net/http"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"ghproxy/api"
|
||||
@@ -16,13 +15,11 @@ import (
|
||||
"ghproxy/config"
|
||||
"ghproxy/proxy"
|
||||
|
||||
"github.com/WJQSERVER-STUDIO/httpc"
|
||||
"github.com/fenthope/bauth"
|
||||
|
||||
"ghproxy/weakcache"
|
||||
|
||||
"github.com/fenthope/ikumi"
|
||||
"github.com/fenthope/ipfilter"
|
||||
"github.com/fenthope/reco"
|
||||
"github.com/fenthope/record"
|
||||
"github.com/infinite-iroha/touka"
|
||||
@@ -36,7 +33,7 @@ var (
|
||||
cfg *config.Config
|
||||
r *touka.Engine
|
||||
configfile = "/data/ghproxy/config/config.toml"
|
||||
httpClient *httpc.Client
|
||||
hertZfile *os.File
|
||||
cfgfile string
|
||||
version string
|
||||
runMode string
|
||||
@@ -47,8 +44,6 @@ var (
|
||||
var (
|
||||
//go:embed pages/*
|
||||
pagesFS embed.FS
|
||||
//go:embed backend/*
|
||||
backendFS embed.FS
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -56,21 +51,12 @@ var (
|
||||
)
|
||||
|
||||
var (
|
||||
// supportedThemes 定义了所有支持的主题, 用于验证配置和动态加载
|
||||
supportedThemes = map[string]struct{}{
|
||||
"bootstrap": {},
|
||||
"nebula": {},
|
||||
"design": {},
|
||||
"metro": {},
|
||||
"classic": {},
|
||||
"mino": {},
|
||||
"hub": {},
|
||||
"free": {},
|
||||
}
|
||||
)
|
||||
|
||||
var (
|
||||
logger *reco.Logger
|
||||
logger *reco.Logger
|
||||
logDump = logger.Debugf
|
||||
logDebug = logger.Debugf
|
||||
logInfo = logger.Infof
|
||||
logWarning = logger.Warnf
|
||||
logError = logger.Errorf
|
||||
)
|
||||
|
||||
func readFlag() {
|
||||
@@ -123,7 +109,7 @@ func loadConfig() {
|
||||
cfg, err = config.LoadConfig(cfgfile)
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to load config: %v\n", err)
|
||||
// 如果配置文件加载失败, 也显示帮助信息并退出
|
||||
// 如果配置文件加载失败,也显示帮助信息并退出
|
||||
flag.Usage()
|
||||
os.Exit(1)
|
||||
}
|
||||
@@ -162,7 +148,7 @@ func setupLogger(cfg *config.Config) {
|
||||
func setMemLimit(cfg *config.Config) {
|
||||
if cfg.Server.MemLimit > 0 {
|
||||
debug.SetMemoryLimit((cfg.Server.MemLimit) * 1024 * 1024)
|
||||
logger.Infof("Set Memory Limit to %d MB", cfg.Server.MemLimit)
|
||||
logInfo("Set Memory Limit to %d MB", cfg.Server.MemLimit)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -179,84 +165,81 @@ func setupApi(cfg *config.Config, r *touka.Engine, version string) {
|
||||
}
|
||||
|
||||
func InitReq(cfg *config.Config) {
|
||||
var err error
|
||||
httpClient, err = proxy.InitReq(cfg)
|
||||
err := proxy.InitReq(cfg)
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to initialize request: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// initializeErrorPages 初始化嵌入的错误页面资源
|
||||
// 无论页面模式(internal/external)如何, 都应执行此操作, 以确保统一的错误页面处理
|
||||
func initializeErrorPages() {
|
||||
pageFS := modembed.NewModTimeFS(pagesFS, time.Now())
|
||||
if err := proxy.InitErrPagesFS(pageFS); err != nil {
|
||||
// 这是一个警告而不是致命错误, 因为即使没有自定义错误页面, 服务器也能运行
|
||||
logger.Warnf("failed to initialize embedded error pages: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// loadEmbeddedPages 使用 map 替代 switch, 动态加载嵌入式页面和资源文件系统
|
||||
// loadEmbeddedPages 加载嵌入式页面资源
|
||||
func loadEmbeddedPages(cfg *config.Config) (fs.FS, fs.FS, error) {
|
||||
pageFS := modembed.NewModTimeFS(pagesFS, time.Now())
|
||||
theme := cfg.Pages.Theme
|
||||
|
||||
// 检查主题是否受支持, 如果不支持则使用默认主题
|
||||
if _, ok := supportedThemes[theme]; !ok {
|
||||
logger.Warnf("Invalid Pages Theme: %s, using default theme 'design'", theme)
|
||||
theme = "design" // 默认主题
|
||||
var pages fs.FS
|
||||
var err error
|
||||
switch cfg.Pages.Theme {
|
||||
case "bootstrap":
|
||||
pages, err = fs.Sub(pageFS, "pages/bootstrap")
|
||||
case "nebula":
|
||||
pages, err = fs.Sub(pageFS, "pages/nebula")
|
||||
case "design":
|
||||
pages, err = fs.Sub(pageFS, "pages/design")
|
||||
case "metro":
|
||||
pages, err = fs.Sub(pageFS, "pages/metro")
|
||||
case "classic":
|
||||
pages, err = fs.Sub(pageFS, "pages/classic")
|
||||
case "mino":
|
||||
pages, err = fs.Sub(pageFS, "pages/mino")
|
||||
case "hub":
|
||||
pages, err = fs.Sub(pageFS, "pages/hub")
|
||||
default:
|
||||
pages, err = fs.Sub(pageFS, "pages/design") // 默认主题
|
||||
logWarning("Invalid Pages Theme: %s, using default theme 'design'", cfg.Pages.Theme)
|
||||
}
|
||||
|
||||
// 从嵌入式文件系统中获取主题子目录
|
||||
themePath := fmt.Sprintf("pages/%s", theme)
|
||||
pages, err := fs.Sub(pageFS, themePath)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to load embedded theme '%s': %w", theme, err)
|
||||
return nil, nil, fmt.Errorf("failed to load embedded pages: %w", err)
|
||||
}
|
||||
|
||||
// 加载共享资源文件
|
||||
assets, err := fs.Sub(pageFS, "pages/assets")
|
||||
// 初始化errPagesFs
|
||||
errPagesInitErr := proxy.InitErrPagesFS(pageFS)
|
||||
if errPagesInitErr != nil {
|
||||
logWarning("errPagesInitErr: %s", errPagesInitErr)
|
||||
}
|
||||
|
||||
var assets fs.FS
|
||||
assets, err = fs.Sub(pageFS, "pages/assets")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to load embedded assets: %w", err)
|
||||
}
|
||||
|
||||
return pages, assets, nil
|
||||
}
|
||||
|
||||
// setupPages 设置页面路由, 增强了错误处理
|
||||
// setupPages 设置页面路由
|
||||
func setupPages(cfg *config.Config, r *touka.Engine) {
|
||||
switch cfg.Pages.Mode {
|
||||
case "internal":
|
||||
err := setInternalRoute(cfg, r)
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to set up internal pages, server cannot start: %s", err)
|
||||
fmt.Printf("Failed to set up internal pages, server cannot start: %s", err)
|
||||
os.Exit(1)
|
||||
logError("Failed when processing internal pages: %s", err)
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
case "external":
|
||||
if cfg.Pages.StaticDir == "" {
|
||||
logger.Errorf("Pages Mode is 'external' but StaticDir is empty. Using embedded pages instead.")
|
||||
err := setInternalRoute(cfg, r)
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to load embedded pages: %s", err)
|
||||
fmt.Printf("Failed to load embedded pages: %s", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
} else {
|
||||
extPageFS := os.DirFS(cfg.Pages.StaticDir)
|
||||
r.SetUnMatchFS(http.FS(extPageFS))
|
||||
}
|
||||
r.SetUnMatchFS(http.Dir(cfg.Pages.StaticDir))
|
||||
|
||||
default:
|
||||
// 处理无效的Pages Mode
|
||||
logger.Warnf("Invalid Pages Mode: %s, using default embedded theme", cfg.Pages.Mode)
|
||||
logWarning("Invalid Pages Mode: %s, using default embedded theme", cfg.Pages.Mode)
|
||||
|
||||
err := setInternalRoute(cfg, r)
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to set up internal pages, server cannot start: %s", err)
|
||||
fmt.Printf("Failed to set up internal pages, server cannot start: %s", err)
|
||||
os.Exit(1)
|
||||
logError("Failed when processing internal pages: %s", err)
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -278,9 +261,11 @@ func viaHeader() func(c *touka.Context) {
|
||||
}
|
||||
|
||||
func setInternalRoute(cfg *config.Config, r *touka.Engine) error {
|
||||
|
||||
// 加载嵌入式资源
|
||||
pages, assets, err := loadEmbeddedPages(cfg)
|
||||
if err != nil {
|
||||
logError("Failed when processing pages: %s", err)
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -298,13 +283,13 @@ func init() {
|
||||
readFlag()
|
||||
flag.Parse()
|
||||
|
||||
// 如果设置了 -h, 则显示帮助信息并退出
|
||||
// 如果设置了 -h,则显示帮助信息并退出
|
||||
if showHelp {
|
||||
flag.Usage()
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
// 如果设置了 -v, 则显示版本号并退出
|
||||
// 如果设置了 -v,则显示版本号并退出
|
||||
if showVersion {
|
||||
fmt.Printf("GHProxy Version: %s \n", version)
|
||||
os.Exit(0)
|
||||
@@ -313,7 +298,6 @@ func init() {
|
||||
loadConfig()
|
||||
if cfg != nil { // 在setupLogger前添加空值检查
|
||||
setupLogger(cfg)
|
||||
initializeErrorPages()
|
||||
InitReq(cfg)
|
||||
setMemLimit(cfg)
|
||||
loadlist(cfg)
|
||||
@@ -328,7 +312,7 @@ func init() {
|
||||
}
|
||||
|
||||
if cfg.Server.Debug {
|
||||
version = "Dev" // 如果是Debug模式, 版本设置为"Dev"
|
||||
version = "Dev" // 如果是Debug模式,版本设置为"Dev"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -344,7 +328,6 @@ func main() {
|
||||
}
|
||||
|
||||
r := touka.Default()
|
||||
var err error
|
||||
r.SetProtocols(&touka.ProtocolsConfig{
|
||||
Http1: true,
|
||||
Http2_Cleartext: true,
|
||||
@@ -352,8 +335,6 @@ func main() {
|
||||
|
||||
r.Use(touka.Recovery()) // Recovery中间件
|
||||
r.SetLogger(logger)
|
||||
r.SetErrorHandler(proxy.UnifiedToukaErrorHandler)
|
||||
r.SetHTTPClient(httpClient)
|
||||
r.Use(record.Middleware()) // log中间件
|
||||
r.Use(viaHeader())
|
||||
/*
|
||||
@@ -381,68 +362,13 @@ func main() {
|
||||
Burst: cfg.RateLimit.Burst,
|
||||
}))
|
||||
}
|
||||
|
||||
if cfg.IPFilter.Enabled {
|
||||
var ipAllowList, ipBlockList []string
|
||||
ipAllowList, ipBlockList, err = auth.ReadIPFilterList(cfg)
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to read IP filter list: %v\n", err)
|
||||
logger.Errorf("Failed to read IP filter list: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
ipBlockFilter, err := ipfilter.NewIPFilter(ipfilter.IPFilterConfig{
|
||||
EnableAllowList: cfg.IPFilter.EnableAllowList,
|
||||
EnableBlockList: cfg.IPFilter.EnableBlockList,
|
||||
AllowList: ipAllowList,
|
||||
BlockList: ipBlockList,
|
||||
})
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to initialize IP filter: %v\n", err)
|
||||
logger.Errorf("Failed to initialize IP filter: %v", err)
|
||||
os.Exit(1)
|
||||
} else {
|
||||
r.Use(ipBlockFilter)
|
||||
}
|
||||
}
|
||||
setupApi(cfg, r, version)
|
||||
setupPages(cfg, r)
|
||||
setBackendRoute(r)
|
||||
r.SetRedirectTrailingSlash(false)
|
||||
r.RedirectTrailingSlash = false
|
||||
|
||||
r.GET("/github.com/:user/:repo/releases/*filepath", func(c *touka.Context) {
|
||||
// 规范化路径: 移除前导斜杠, 简化后续处理
|
||||
filepath := c.Param("filepath")
|
||||
if len(filepath) > 0 && filepath[0] == '/' {
|
||||
filepath = filepath[1:]
|
||||
}
|
||||
|
||||
isValidDownload := false
|
||||
|
||||
// 检查两种合法的下载链接格式
|
||||
// 情况 A: "download/..."
|
||||
if strings.HasPrefix(filepath, "download/") {
|
||||
isValidDownload = true
|
||||
} else {
|
||||
// 情况 B: ":tag/download/..."
|
||||
slashIndex := strings.IndexByte(filepath, '/')
|
||||
// 确保 tag 部分存在 (slashIndex > 0)
|
||||
if slashIndex > 0 {
|
||||
pathAfterTag := filepath[slashIndex+1:]
|
||||
if strings.HasPrefix(pathAfterTag, "download/") {
|
||||
isValidDownload = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 根据匹配结果执行最终操作
|
||||
if isValidDownload {
|
||||
c.Set("matcher", "releases")
|
||||
proxy.RoutingHandler(cfg)(c)
|
||||
} else {
|
||||
// 任何不符合下载链接格式的 'releases' 路径都被视为浏览页面并拒绝
|
||||
proxy.ErrorPage(c, proxy.NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed"))
|
||||
return
|
||||
}
|
||||
c.Set("matcher", "releases")
|
||||
proxy.RoutingHandler(cfg)(c)
|
||||
})
|
||||
|
||||
r.GET("/github.com/:user/:repo/archive/*filepath", func(c *touka.Context) {
|
||||
@@ -488,18 +414,32 @@ func main() {
|
||||
proxy.RoutingHandler(cfg)(c)
|
||||
})
|
||||
|
||||
r.ANY("/v2/*path",
|
||||
r.UseIf(cfg.Docker.Auth, func() touka.HandlerFunc {
|
||||
return bauth.BasicAuthForStatic(cfg.Docker.Credentials, "GHProxy Docker Proxy")
|
||||
}),
|
||||
proxy.OciWithImageRouting(cfg),
|
||||
)
|
||||
r.GET("/v2/", r.UseIf(cfg.Docker.Auth, bauth.BasicAuthForStatic(cfg.Docker.Credentials, "GHProxy Docker Proxy")), func(c *touka.Context) {
|
||||
emptyJSON := "{}"
|
||||
c.Header("Content-Type", "application/json")
|
||||
c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
|
||||
|
||||
c.Header("Docker-Distribution-API-Version", "registry/2.0")
|
||||
|
||||
c.Status(200)
|
||||
c.Writer.Write([]byte(emptyJSON))
|
||||
})
|
||||
|
||||
r.GET("/v2", func(c *touka.Context) {
|
||||
// 重定向到 /v2/
|
||||
c.Redirect(http.StatusMovedPermanently, "/v2/")
|
||||
})
|
||||
|
||||
r.ANY("/v2/:target/:user/:repo/*filepath", func(c *touka.Context) {
|
||||
proxy.GhcrWithImageRouting(cfg)(c)
|
||||
})
|
||||
|
||||
/*
|
||||
r.Any("/v2/:target/*filepath", func( c *touka.Context) {
|
||||
proxy.GhcrRouting(cfg)(c)
|
||||
})
|
||||
*/
|
||||
|
||||
r.NoRoute(func(c *touka.Context) {
|
||||
proxy.NoRouteHandler(cfg)(c)
|
||||
})
|
||||
@@ -521,23 +461,11 @@ func main() {
|
||||
defer logger.Close()
|
||||
|
||||
addr := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
|
||||
err = r.RunShutdown(addr)
|
||||
err := r.RunShutdown(addr)
|
||||
if err != nil {
|
||||
logger.Errorf("Server Run Error: %v", err)
|
||||
logError("Server Run Error: %v", err)
|
||||
fmt.Printf("Server Run Error: %v\n", err)
|
||||
}
|
||||
|
||||
fmt.Println("Program Exit")
|
||||
}
|
||||
|
||||
func setBackendRoute(r *touka.Engine) {
|
||||
|
||||
backend, err := fs.Sub(backendFS, "backend")
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to load embedded backend pages: %s", err)
|
||||
fmt.Printf("Failed to load embedded backend pages: %s", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
r.StaticFS("/backend", http.FS(backend))
|
||||
}
|
||||
|
||||
@@ -4,7 +4,6 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
"ghproxy/config"
|
||||
"ghproxy/stats"
|
||||
"io"
|
||||
"net/http"
|
||||
"strconv"
|
||||
@@ -125,11 +124,7 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
|
||||
bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
|
||||
}
|
||||
|
||||
countingReader := NewCountingReader(bodyReader)
|
||||
defer countingReader.Close()
|
||||
defer func() {
|
||||
stats.Record(c.ClientIP(), countingReader.BytesRead())
|
||||
}()
|
||||
defer bodyReader.Close()
|
||||
|
||||
if MatcherShell(u) && matchString(matcher) && cfg.Shell.Editor {
|
||||
// 判断body是不是gzip
|
||||
@@ -143,7 +138,7 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
|
||||
|
||||
var reader io.Reader
|
||||
|
||||
reader, _, err = processLinks(countingReader, compress, c.Request.Host, cfg, c)
|
||||
reader, _, err = processLinks(bodyReader, compress, c.Request.Host, cfg, c)
|
||||
c.WriteStream(reader)
|
||||
if err != nil {
|
||||
c.Errorf("%s %s %s %s %s Failed to copy response body: %v", c.ClientIP(), c.Request.Method, u, c.UserAgent(), c.Request.Proto, err)
|
||||
@@ -154,10 +149,10 @@ func ChunkedProxyRequest(ctx context.Context, c *touka.Context, u string, cfg *c
|
||||
|
||||
if contentLength != "" {
|
||||
c.SetHeader("Content-Length", contentLength)
|
||||
c.WriteStream(countingReader)
|
||||
c.WriteStream(bodyReader)
|
||||
return
|
||||
}
|
||||
c.WriteStream(countingReader)
|
||||
c.WriteStream(bodyReader)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
433
proxy/docker.go
433
proxy/docker.go
@@ -1,21 +1,20 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/infinite-iroha/touka"
|
||||
|
||||
"ghproxy/config"
|
||||
"ghproxy/weakcache"
|
||||
"io"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/WJQSERVER-STUDIO/go-utils/iox"
|
||||
"github.com/WJQSERVER-STUDIO/go-utils/limitreader"
|
||||
"github.com/go-json-experiment/json"
|
||||
"github.com/infinite-iroha/touka"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -23,186 +22,85 @@ var (
|
||||
ghcrTarget = "ghcr.io"
|
||||
)
|
||||
|
||||
// cache 用于存储认证令牌, 避免重复获取
|
||||
var cache *weakcache.Cache[string]
|
||||
|
||||
// imageInfo 结构体用于存储镜像的相关信息
|
||||
type imageInfo struct {
|
||||
User string
|
||||
Repo string
|
||||
Image string
|
||||
}
|
||||
|
||||
// InitWeakCache 初始化弱引用缓存
|
||||
func InitWeakCache() *weakcache.Cache[string] {
|
||||
// 使用默认过期时间和容量为100创建一个新的弱引用缓存
|
||||
cache = weakcache.NewCache[string](weakcache.DefaultExpiration, 100)
|
||||
return cache
|
||||
}
|
||||
|
||||
var (
|
||||
authEndpoint = "/"
|
||||
passTypeMap = map[string]struct{}{
|
||||
"manifests": {},
|
||||
"blobs": {},
|
||||
"tags": {},
|
||||
"index": {},
|
||||
}
|
||||
)
|
||||
|
||||
// 处理路径各种情况
|
||||
func OciWithImageRouting(cfg *config.Config) touka.HandlerFunc {
|
||||
func GhcrWithImageRouting(cfg *config.Config) touka.HandlerFunc {
|
||||
return func(c *touka.Context) {
|
||||
if !cfg.Docker.Enabled {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(403, "Docker proxy is not enabled"))
|
||||
return
|
||||
}
|
||||
var (
|
||||
p1 string
|
||||
p2 string
|
||||
p3 string
|
||||
p4 string
|
||||
target string
|
||||
user string
|
||||
repo string
|
||||
extpath string
|
||||
p1IsTarget bool
|
||||
ignorep3 bool
|
||||
imageNameForAuth string
|
||||
finalreqUrl string
|
||||
iInfo *imageInfo
|
||||
)
|
||||
ociPath := c.Param("path")
|
||||
if ociPath == authEndpoint {
|
||||
emptyJSON := "{}"
|
||||
c.Header("Content-Type", "application/json")
|
||||
c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
|
||||
|
||||
c.Header("Docker-Distribution-API-Version", "registry/2.0")
|
||||
charToFind := '.'
|
||||
reqTarget := c.Param("target")
|
||||
reqImageUser := c.Param("user")
|
||||
reqImageName := c.Param("repo")
|
||||
reqFilePath := c.Param("filepath")
|
||||
|
||||
c.Status(200)
|
||||
c.Writer.Write([]byte(emptyJSON))
|
||||
return
|
||||
}
|
||||
path := fmt.Sprintf("%s/%s/%s", reqImageUser, reqImageName, reqFilePath)
|
||||
target := ""
|
||||
|
||||
// 根据/分割 /:target/:user/:repo/*ext
|
||||
ociPath = ociPath[1:]
|
||||
i := strings.IndexByte(ociPath, '/')
|
||||
if i <= 0 {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
|
||||
return
|
||||
}
|
||||
p1 = ociPath[:i]
|
||||
if strings.ContainsRune(reqTarget, charToFind) {
|
||||
|
||||
// 开始判断p1是否为target
|
||||
if strings.Contains(p1, ".") || strings.Contains(p1, ":") {
|
||||
p1IsTarget = true
|
||||
if p1 == "docker.io" {
|
||||
if reqTarget == "docker.io" {
|
||||
target = dockerhubTarget
|
||||
} else if reqTarget == "ghcr.io" {
|
||||
target = ghcrTarget
|
||||
} else {
|
||||
target = p1
|
||||
target = reqTarget
|
||||
}
|
||||
} else {
|
||||
switch cfg.Docker.Target {
|
||||
case "ghcr":
|
||||
target = ghcrTarget
|
||||
case "dockerhub":
|
||||
target = dockerhubTarget
|
||||
case "":
|
||||
ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
|
||||
return
|
||||
default:
|
||||
target = cfg.Docker.Target
|
||||
}
|
||||
path = c.GetRequestURI()
|
||||
reqImageUser = c.Param("target")
|
||||
reqImageName = c.Param("user")
|
||||
}
|
||||
image := &imageInfo{
|
||||
User: reqImageUser,
|
||||
Repo: reqImageName,
|
||||
Image: fmt.Sprintf("%s/%s", reqImageUser, reqImageName),
|
||||
}
|
||||
|
||||
ociPath = ociPath[i+1:]
|
||||
i = strings.IndexByte(ociPath, '/')
|
||||
if i <= 0 {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
|
||||
return
|
||||
}
|
||||
p2 = ociPath[:i]
|
||||
ociPath = ociPath[i+1:]
|
||||
GhcrToTarget(c, cfg, target, path, image)
|
||||
|
||||
// 若p2和passTypeMap匹配
|
||||
if !p1IsTarget {
|
||||
if _, ok := passTypeMap[p2]; ok {
|
||||
ignorep3 = true
|
||||
switch cfg.Docker.Target {
|
||||
case "ghcr":
|
||||
target = ghcrTarget
|
||||
case "dockerhub":
|
||||
target = dockerhubTarget
|
||||
case "":
|
||||
ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
|
||||
return
|
||||
default:
|
||||
target = cfg.Docker.Target
|
||||
}
|
||||
user = "library"
|
||||
repo = p1
|
||||
extpath = "/" + p2 + "/" + ociPath
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !ignorep3 {
|
||||
i = strings.IndexByte(ociPath, '/')
|
||||
if i <= 0 {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(404, "Not Found"))
|
||||
return
|
||||
}
|
||||
p3 = ociPath[:i]
|
||||
}
|
||||
|
||||
ociPath = ociPath[i+1:]
|
||||
p4 = ociPath
|
||||
|
||||
if p1IsTarget {
|
||||
if _, ok := passTypeMap[p3]; ok {
|
||||
user = "library"
|
||||
repo = p2
|
||||
extpath = "/" + p3 + "/" + p4
|
||||
} else {
|
||||
user = p2
|
||||
repo = p3
|
||||
extpath = "/" + p4
|
||||
}
|
||||
func GhcrToTarget(c *touka.Context, cfg *config.Config, target string, path string, image *imageInfo) {
|
||||
if cfg.Docker.Enabled {
|
||||
var ctx = c.Request.Context()
|
||||
if target != "" {
|
||||
GhcrRequest(ctx, c, "https://"+target+"/v2/"+path+"?"+c.GetReqQueryString(), image, cfg, target)
|
||||
} else {
|
||||
if cfg.Docker.Target == "ghcr" {
|
||||
GhcrRequest(ctx, c, "https://"+ghcrTarget+c.GetRequestURI(), image, cfg, ghcrTarget)
|
||||
} else if cfg.Docker.Target == "dockerhub" {
|
||||
GhcrRequest(ctx, c, "https://"+dockerhubTarget+c.GetRequestURI(), image, cfg, dockerhubTarget)
|
||||
} else if cfg.Docker.Target != "" {
|
||||
// 自定义taget
|
||||
GhcrRequest(ctx, c, "https://"+cfg.Docker.Target+c.GetRequestURI(), image, cfg, cfg.Docker.Target)
|
||||
} else {
|
||||
switch cfg.Docker.Target {
|
||||
case "ghcr":
|
||||
target = ghcrTarget
|
||||
case "dockerhub":
|
||||
target = dockerhubTarget
|
||||
case "":
|
||||
ErrorPage(c, NewErrorWithStatusLookup(500, "Default Docker Target is not configured in config file"))
|
||||
return
|
||||
default:
|
||||
target = cfg.Docker.Target
|
||||
}
|
||||
user = p1
|
||||
repo = p2
|
||||
extpath = "/" + p3 + "/" + p4
|
||||
// 配置为空
|
||||
ErrorPage(c, NewErrorWithStatusLookup(403, "Docker Target is not set"))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
imageNameForAuth = user + "/" + repo
|
||||
finalreqUrl = "https://" + target + "/v2/" + imageNameForAuth + extpath
|
||||
if query := c.GetReqQueryString(); query != "" {
|
||||
finalreqUrl += "?" + query
|
||||
}
|
||||
|
||||
iInfo = &imageInfo{
|
||||
User: user,
|
||||
Repo: repo,
|
||||
Image: imageNameForAuth,
|
||||
}
|
||||
|
||||
GhcrRequest(c.Request.Context(), c, finalreqUrl, iInfo, cfg, target)
|
||||
} else {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(403, "Docker is not Allowed"))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// GhcrRequest 执行对Docker注册表的HTTP请求, 处理认证和重定向
|
||||
func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageInfo, cfg *config.Config, target string) {
|
||||
|
||||
var (
|
||||
method string
|
||||
req *http.Request
|
||||
@@ -210,19 +108,22 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
|
||||
err error
|
||||
)
|
||||
|
||||
method = c.Request.Method
|
||||
ghcrclient := c.GetHTTPC()
|
||||
bodyByte, err := c.GetReqBodyFull()
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
|
||||
return
|
||||
}
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
if resp != nil && resp.Body != nil {
|
||||
resp.Body.Close()
|
||||
}
|
||||
if req != nil {
|
||||
req.Body.Close()
|
||||
}
|
||||
}()
|
||||
|
||||
method = c.Request.Method
|
||||
|
||||
// 构建初始请求
|
||||
rb := ghcrclient.NewRequestBuilder(method, u)
|
||||
rb.NoDefaultHeaders() // 不使用默认头部, 以便完全控制
|
||||
rb.SetBody(bytes.NewBuffer(bodyByte)) // 设置请求体
|
||||
rb.WithContext(ctx) // 设置请求上下文
|
||||
rb.NoDefaultHeaders()
|
||||
rb.SetBody(c.Request.Body)
|
||||
rb.WithContext(ctx)
|
||||
|
||||
req, err = rb.Build()
|
||||
if err != nil {
|
||||
@@ -230,146 +131,78 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
|
||||
return
|
||||
}
|
||||
|
||||
// 复制客户端请求的头部到代理请求
|
||||
//c.Request.Header.VisitAll(func(key, value []byte) {
|
||||
// headerKey := string(key)
|
||||
// headerValue := string(value)
|
||||
// req.Header.Add(headerKey, headerValue)
|
||||
//})
|
||||
copyHeader(c.Request.Header, req.Header)
|
||||
|
||||
// 确保 Accept 头部被正确设置
|
||||
if acceptHeader, ok := c.Request.Header["Accept"]; ok {
|
||||
req.Header["Accept"] = acceptHeader
|
||||
}
|
||||
|
||||
// 设置 Host 头部为上游目标
|
||||
req.Header.Set("Host", target)
|
||||
|
||||
// 尝试从缓存中获取并使用认证令牌
|
||||
if image != nil && image.Image != "" {
|
||||
if image != nil {
|
||||
token, exist := cache.Get(image.Image)
|
||||
if exist {
|
||||
c.Debugf("Use Cache Token: %s", token)
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
}
|
||||
}
|
||||
|
||||
// 发送初始请求
|
||||
resp, err = ghcrclient.Do(req)
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
|
||||
return
|
||||
}
|
||||
|
||||
// 处理 401 Unauthorized 或 404 Not Found 响应, 尝试重新认证并重试
|
||||
if resp.StatusCode == 401 || resp.StatusCode == 404 {
|
||||
// 对于 /v2/ 的请求不进行重试, 因为它通常用于发现认证端点
|
||||
shouldRetry := string(c.GetRequestURIPath()) != "/v2/"
|
||||
originalStatusCode := resp.StatusCode
|
||||
c.Debugf("Initial request failed with status %d. Retry eligibility: %t", originalStatusCode, shouldRetry)
|
||||
|
||||
if shouldRetry {
|
||||
if image == nil || image.Image == "" {
|
||||
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
|
||||
ErrorPage(c, NewErrorWithStatusLookup(originalStatusCode, "Unauthorized"))
|
||||
// 处理状态码
|
||||
if resp.StatusCode == 401 {
|
||||
// 请求target /v2/路径
|
||||
if string(c.GetRequestURIPath()) != "/v2/" {
|
||||
resp.Body.Close()
|
||||
if image == nil {
|
||||
ErrorPage(c, NewErrorWithStatusLookup(401, "Unauthorized"))
|
||||
return
|
||||
}
|
||||
// 获取新的认证令牌
|
||||
token := ChallengeReq(target, image, ctx, c)
|
||||
|
||||
// 更新kv
|
||||
if token != "" {
|
||||
c.Debugf("Successfully obtained auth token. Retrying request.")
|
||||
_ = resp.Body.Close() // 在发起重试请求前, 关闭旧的响应体
|
||||
|
||||
// 更新kv
|
||||
c.Debugf("Update Cache Token: %s", token)
|
||||
cache.Put(image.Image, token)
|
||||
}
|
||||
|
||||
// 重新构建并发送请求
|
||||
rb_retry := ghcrclient.NewRequestBuilder(method, u)
|
||||
rb_retry.NoDefaultHeaders()
|
||||
rb_retry.SetBody(bytes.NewBuffer(bodyByte))
|
||||
rb_retry.WithContext(ctx)
|
||||
rb := ghcrclient.NewRequestBuilder(string(method), u)
|
||||
rb.NoDefaultHeaders()
|
||||
rb.SetBody(c.Request.Body)
|
||||
rb.WithContext(ctx)
|
||||
|
||||
req_retry, err_retry := rb_retry.Build()
|
||||
if err_retry != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to create retry request: %v", err_retry))
|
||||
return
|
||||
}
|
||||
req, err = rb.Build()
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
|
||||
return
|
||||
}
|
||||
/*
|
||||
c.Request.Header.VisitAll(func(key, value []byte) {
|
||||
headerKey := string(key)
|
||||
headerValue := string(value)
|
||||
req.Header.Add(headerKey, headerValue)
|
||||
})
|
||||
*/
|
||||
copyHeader(c.Request.Header, req.Header)
|
||||
|
||||
copyHeader(c.Request.Header, req_retry.Header) // 复制原始头部
|
||||
if acceptHeader, ok := c.Request.Header["Accept"]; ok {
|
||||
req_retry.Header["Accept"] = acceptHeader
|
||||
}
|
||||
req.Header.Set("Host", target)
|
||||
if token != "" {
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
}
|
||||
|
||||
req_retry.Header.Set("Host", target) // 设置 Host 头部
|
||||
req_retry.Header.Set("Authorization", "Bearer "+token) // 使用新令牌
|
||||
|
||||
c.Debugf("Executing retry request. Method: %s, URL: %s", req_retry.Method, req_retry.URL.String())
|
||||
|
||||
resp_retry, err_retry := ghcrclient.Do(req_retry)
|
||||
if err_retry != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to send retry request: %v", err_retry))
|
||||
return
|
||||
}
|
||||
c.Debugf("Retry request completed with status code: %d", resp_retry.StatusCode)
|
||||
resp = resp_retry // 更新响应为重试后的响应
|
||||
} else {
|
||||
c.Warnf("Failed to obtain auth token. Cannot retry.")
|
||||
// 获取令牌失败, 将继续处理原始的401/404响应, 其响应体仍然打开
|
||||
resp, err = ghcrclient.Do(req)
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 透明地处理 302 Found 或 307 Temporary Redirect 重定向
|
||||
if resp.StatusCode == http.StatusFound || resp.StatusCode == http.StatusTemporaryRedirect {
|
||||
location := resp.Header.Get("Location")
|
||||
if location == "" {
|
||||
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
|
||||
HandleError(c, "Redirect response missing Location header")
|
||||
return
|
||||
}
|
||||
|
||||
redirectURL, err := url.Parse(location)
|
||||
if err != nil {
|
||||
_ = resp.Body.Close() // 终止流程, 关闭当前响应体
|
||||
HandleError(c, fmt.Sprintf("Failed to parse redirect location: %v", err))
|
||||
return
|
||||
}
|
||||
|
||||
// 如果 Location 是相对路径, 则根据原始请求的 URL 解析为绝对路径
|
||||
if !redirectURL.IsAbs() {
|
||||
originalURL := resp.Request.URL
|
||||
redirectURL = originalURL.ResolveReference(redirectURL)
|
||||
c.Debugf("Resolved relative redirect to absolute URL: %s", redirectURL.String())
|
||||
}
|
||||
|
||||
c.Debugf("Handling redirect. Status: %d, Final Location: %s", resp.StatusCode, redirectURL.String())
|
||||
_ = resp.Body.Close() // 明确关闭重定向响应的响应体, 因为我们将发起新请求
|
||||
|
||||
// 创建并发送重定向请求, 通常使用 GET 方法
|
||||
redirectReq, err := http.NewRequestWithContext(ctx, "GET", redirectURL.String(), nil)
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to create redirect request: %v", err))
|
||||
return
|
||||
}
|
||||
redirectReq.Header.Set("User-Agent", c.Request.UserAgent()) // 复制 User-Agent
|
||||
|
||||
c.Debugf("Executing redirect request to: %s", redirectURL.String())
|
||||
redirectResp, err := ghcrclient.Do(redirectReq)
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to execute redirect request to %s: %v", redirectURL.String(), err))
|
||||
return
|
||||
}
|
||||
c.Debugf("Redirect request to %s completed with status %d", redirectURL.String(), redirectResp.StatusCode)
|
||||
resp = redirectResp // 更新响应为重定向后的响应
|
||||
}
|
||||
|
||||
// 如果最终响应是 404, 则读取响应体并返回自定义错误页面
|
||||
if resp.StatusCode == 404 {
|
||||
defer resp.Body.Close() // 使用defer确保在函数返回前关闭响应体
|
||||
bodyBytes, err := iox.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
c.Warnf("Failed to read upstream 404 response body: %v", err)
|
||||
} else {
|
||||
c.Warnf("Upstream 404 response body: %s", string(bodyBytes))
|
||||
}
|
||||
ErrorPage(c, NewErrorWithStatusLookup(404, "Page Not Found (From Upstream)"))
|
||||
} else if resp.StatusCode == 404 { // 错误处理(404)
|
||||
ErrorPage(c, NewErrorWithStatusLookup(404, "Page Not Found (From Github)"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -379,7 +212,6 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
|
||||
sizelimit int
|
||||
)
|
||||
|
||||
// 获取配置中的大小限制并转换单位 (MB -> Byte)
|
||||
sizelimit = cfg.Server.SizeLimit * 1024 * 1024
|
||||
contentLength = resp.Header.Get("Content-Length")
|
||||
if contentLength != "" {
|
||||
@@ -387,82 +219,84 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
|
||||
bodySize, err = strconv.Atoi(contentLength)
|
||||
if err != nil {
|
||||
c.Warnf("%s %s %s %s %s Content-Length header is not a valid integer: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, err)
|
||||
bodySize = -1 // 无法解析则设置为 -1
|
||||
bodySize = -1
|
||||
}
|
||||
// 如果内容大小超出限制, 返回 301 重定向到原始上游URL
|
||||
if err == nil && bodySize > sizelimit {
|
||||
finalURL := resp.Request.URL.String()
|
||||
_ = resp.Body.Close() // 明确关闭响应体, 因为我们将重定向而不是流式传输
|
||||
err = resp.Body.Close()
|
||||
if err != nil {
|
||||
c.Errorf("Failed to close response body: %v", err)
|
||||
}
|
||||
c.Redirect(301, finalURL)
|
||||
c.Warnf("%s %s %s %s %s Final-URL: %s Size-Limit-Exceeded: %d", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, finalURL, bodySize)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// 将上游响应头部复制到客户端响应
|
||||
// 复制响应头,排除需要移除的 header
|
||||
/*
|
||||
for key, values := range resp.Header {
|
||||
for _, value := range values {
|
||||
c.Response.Header.Add(key, value)
|
||||
}
|
||||
}
|
||||
*/
|
||||
c.SetHeaders(resp.Header)
|
||||
// 设置客户端响应状态码
|
||||
|
||||
c.Status(resp.StatusCode)
|
||||
// bodyReader 的所有权将转移给 SetBodyStream, 不再由此函数管理关闭
|
||||
|
||||
bodyReader := resp.Body
|
||||
|
||||
// 如果启用了带宽限制, 则使用限速读取器
|
||||
if cfg.RateLimit.BandwidthLimit.Enabled {
|
||||
bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
|
||||
}
|
||||
|
||||
// 根据 Content-Length 设置响应体流
|
||||
if contentLength != "" {
|
||||
c.SetBodyStream(bodyReader, bodySize)
|
||||
return
|
||||
}
|
||||
c.SetBodyStream(bodyReader, -1)
|
||||
|
||||
}
|
||||
|
||||
// AuthToken 用于解析认证响应中的令牌
|
||||
type AuthToken struct {
|
||||
Token string `json:"token"`
|
||||
}
|
||||
|
||||
// ChallengeReq 执行认证挑战流程, 获取新的认证令牌
|
||||
func ChallengeReq(target string, image *imageInfo, ctx context.Context, c *touka.Context) (token string) {
|
||||
var resp401 *http.Response
|
||||
var req401 *http.Request
|
||||
var err error
|
||||
ghcrclient := c.GetHTTPC()
|
||||
|
||||
// 对 /v2/ 端点发送 GET 请求以触发认证挑战
|
||||
rb401 := ghcrclient.NewRequestBuilder("GET", "https://"+target+"/v2/")
|
||||
rb401.NoDefaultHeaders()
|
||||
rb401.WithContext(ctx)
|
||||
rb401.AddHeader("User-Agent", "docker/28.1.1 go/go1.23.8 git-commit/01f442b kernel/6.12.25-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/28.1.1 ")
|
||||
req401, err = rb401.Build()
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
|
||||
return
|
||||
}
|
||||
req401.Header.Set("Host", target) // 设置 Host 头部
|
||||
req401.Header.Set("Host", target)
|
||||
|
||||
resp401, err = ghcrclient.Do(req401)
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to send request: %v", err))
|
||||
return
|
||||
}
|
||||
defer resp401.Body.Close() // 确保响应体关闭
|
||||
|
||||
// 解析 Www-Authenticate 头部, 获取认证领域和参数
|
||||
defer resp401.Body.Close()
|
||||
bearer, err := parseBearerWWWAuthenticateHeader(resp401.Header.Get("Www-Authenticate"))
|
||||
if err != nil {
|
||||
c.Errorf("Failed to parse Www-Authenticate header: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
// 构建认证范围 (scope), 通常是 repository:<image_name>:pull
|
||||
scope := fmt.Sprintf("repository:%s:pull", image.Image)
|
||||
|
||||
// 使用解析到的 Realm 和 Service, 以及 scope 请求认证令牌
|
||||
getAuthRB := ghcrclient.NewRequestBuilder("GET", bearer.Realm).
|
||||
NoDefaultHeaders().
|
||||
WithContext(ctx).
|
||||
AddHeader("User-Agent", "docker/28.1.1 go/go1.23.8 git-commit/01f442b kernel/6.12.25-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/28.1.1 ").
|
||||
SetHeader("Host", bearer.Service).
|
||||
AddQueryParam("service", bearer.Service).
|
||||
AddQueryParam("scope", scope)
|
||||
@@ -478,23 +312,24 @@ func ChallengeReq(target string, image *imageInfo, ctx context.Context, c *touka
|
||||
c.Errorf("Failed to send request: %v", err)
|
||||
return
|
||||
}
|
||||
defer authResp.Body.Close() // 确保响应体关闭
|
||||
|
||||
// 读取认证响应体
|
||||
bodyBytes, err := iox.ReadAll(authResp.Body)
|
||||
defer authResp.Body.Close()
|
||||
|
||||
bodyBytes, err := io.ReadAll(authResp.Body)
|
||||
if err != nil {
|
||||
c.Errorf("Failed to read auth response body: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
// 解码 JSON 响应以获取令牌
|
||||
// 解码json
|
||||
var authToken AuthToken
|
||||
err = json.Unmarshal(bodyBytes, &authToken)
|
||||
if err != nil {
|
||||
c.Errorf("Failed to decode auth response body: %v", err)
|
||||
return
|
||||
}
|
||||
token = authToken.Token // 提取令牌
|
||||
token = authToken.Token
|
||||
|
||||
return token
|
||||
|
||||
}
|
||||
|
||||
@@ -20,18 +20,6 @@ func HandleError(c *touka.Context, message string) {
|
||||
c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, message)
|
||||
}
|
||||
|
||||
func UnifiedToukaErrorHandler(c *touka.Context, code int, err error) {
|
||||
errMsg := ""
|
||||
if err != nil {
|
||||
errMsg = err.Error()
|
||||
}
|
||||
c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, errMsg)
|
||||
|
||||
constructedGHErr := NewErrorWithStatusLookup(code, errMsg)
|
||||
|
||||
ErrorPage(c, constructedGHErr)
|
||||
}
|
||||
|
||||
type GHProxyErrors struct {
|
||||
StatusCode int
|
||||
StatusDesc string
|
||||
@@ -77,25 +65,6 @@ var (
|
||||
StatusText: "服务器内部错误",
|
||||
HelpInfo: "服务器处理您的请求时发生错误,请稍后重试或联系管理员。",
|
||||
}
|
||||
// 502
|
||||
ErrBadGateway = &GHProxyErrors{
|
||||
StatusCode: 502,
|
||||
StatusDesc: "Bad Gateway",
|
||||
StatusText: "网关错误",
|
||||
HelpInfo: "代理服务器从上游服务器接收到无效响应。",
|
||||
}
|
||||
ErrServiceUnavailable = &GHProxyErrors{
|
||||
StatusCode: 503,
|
||||
StatusDesc: "Service Unavailable",
|
||||
StatusText: "服务不可用",
|
||||
HelpInfo: "服务器目前无法处理请求,通常是由于服务器过载或停机维护。",
|
||||
}
|
||||
ErrGatewayTimeout = &GHProxyErrors{
|
||||
StatusCode: 504,
|
||||
StatusDesc: "Gateway Timeout",
|
||||
StatusText: "网关超时",
|
||||
HelpInfo: "代理服务器未能及时从上游服务器接收到响应。",
|
||||
}
|
||||
)
|
||||
|
||||
var statusErrorMap map[int]*GHProxyErrors
|
||||
@@ -108,9 +77,6 @@ func init() {
|
||||
ErrNotFound.StatusCode: ErrNotFound,
|
||||
ErrTooManyRequests.StatusCode: ErrTooManyRequests,
|
||||
ErrInternalServerError.StatusCode: ErrInternalServerError,
|
||||
ErrBadGateway.StatusCode: ErrBadGateway,
|
||||
ErrServiceUnavailable.StatusCode: ErrServiceUnavailable,
|
||||
ErrGatewayTimeout.StatusCode: ErrGatewayTimeout,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -203,11 +169,11 @@ func NewSizedLRUCache(maxBytes int64) (*SizedLRUCache, error) {
|
||||
// 当内部 LRU 缓存因其自身的条目容量限制或 RemoveOldest 方法被调用而逐出条目时,
|
||||
// 此回调函数会被执行,从而更新 currentBytes。
|
||||
var err error
|
||||
//c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) {
|
||||
c.cache, err = lru.NewWithEvict(10000, func(key string, value []byte) {
|
||||
c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) {
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
c.currentBytes -= int64(len(value))
|
||||
//logDebug("LRU evicted key: %s, size: %d, current total: %d", key, len(value), c.currentBytes)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -229,6 +195,7 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
|
||||
|
||||
// 如果待添加的条目本身就大于缓存的最大容量,则不进行缓存。
|
||||
if itemSize > c.maxBytes {
|
||||
//c.Warnf("Item key %s (size %d) larger than cache max capacity %d. Not caching.", key, itemSize, c.maxBytes)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -236,19 +203,23 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
|
||||
if oldVal, ok := c.cache.Get(key); ok {
|
||||
c.currentBytes -= int64(len(oldVal))
|
||||
c.cache.Remove(key)
|
||||
//logDebug("Key %s exists, removed old size %d. Current total: %d", key, len(oldVal), c.currentBytes)
|
||||
}
|
||||
|
||||
// 主动逐出最旧的条目,直到有足够的空间容纳新条目。
|
||||
for c.currentBytes+itemSize > c.maxBytes && c.cache.Len() > 0 {
|
||||
_, _, existed := c.cache.RemoveOldest()
|
||||
if !existed {
|
||||
//c.Warnf("Attempted to remove oldest, but item not found.")
|
||||
break
|
||||
}
|
||||
//logDebug("Proactively evicted item (size %d) to free space. Current total: %d", len(oldVal), c.currentBytes)
|
||||
}
|
||||
|
||||
// 添加新条目到内部 LRU 缓存。
|
||||
c.cache.Add(key, value)
|
||||
c.currentBytes += itemSize // 手动增加新条目的大小到 currentBytes。
|
||||
//logDebug("Item added: key %s, size: %d, current total: %d", key, itemSize, c.currentBytes)
|
||||
}
|
||||
|
||||
const maxErrorPageCacheBytes = 512 * 1024 // 错误页面缓存的最大容量:512KB
|
||||
@@ -260,6 +231,7 @@ func init() {
|
||||
var err error
|
||||
errorPageCache, err = NewSizedLRUCache(maxErrorPageCacheBytes)
|
||||
if err != nil {
|
||||
// logError("Failed to initialize error page LRU cache: %v", err)
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
@@ -311,16 +283,6 @@ func htmlTemplateRender(data interface{}) ([]byte, error) {
|
||||
}
|
||||
|
||||
func ErrorPage(c *touka.Context, errInfo *GHProxyErrors) {
|
||||
|
||||
select {
|
||||
case <-c.Request.Context().Done():
|
||||
return
|
||||
default:
|
||||
if c.Writer.Written() {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// 将 errInfo 转换为 ErrorPageData 结构体
|
||||
var err error
|
||||
var cacheKey string
|
||||
|
||||
@@ -17,12 +17,30 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
|
||||
resp *http.Response
|
||||
)
|
||||
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
if resp != nil && resp.Body != nil {
|
||||
resp.Body.Close()
|
||||
}
|
||||
}()
|
||||
|
||||
/*
|
||||
fullBody, err := c.GetReqBodyFull()
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
|
||||
return
|
||||
}
|
||||
reqBodyReader := bytes.NewBuffer(fullBody)
|
||||
*/
|
||||
|
||||
reqBodyReader, err := c.GetReqBodyBuffer()
|
||||
if err != nil {
|
||||
HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
|
||||
return
|
||||
}
|
||||
|
||||
//bodyReader := c.Request.BodyStream() // 不可替换为此实现
|
||||
|
||||
if cfg.GitClone.Mode == "cache" {
|
||||
userPath, repoPath, remainingPath, queryParams, err := extractParts(u)
|
||||
if err != nil {
|
||||
@@ -30,11 +48,7 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
|
||||
return
|
||||
}
|
||||
// 构建新url
|
||||
var paramStr string
|
||||
if len(queryParams) > 0 {
|
||||
paramStr = "?" + queryParams.Encode()
|
||||
}
|
||||
u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + paramStr
|
||||
u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + "?" + queryParams.Encode()
|
||||
}
|
||||
|
||||
if cfg.GitClone.Mode == "cache" {
|
||||
@@ -96,6 +110,14 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
for key, values := range resp.Header {
|
||||
for _, value := range values {
|
||||
c.Response.Header.Add(key, value)
|
||||
}
|
||||
}
|
||||
*/
|
||||
//copyHeader( resp.Header)
|
||||
c.SetHeaders(resp.Header)
|
||||
|
||||
headersToRemove := map[string]struct{}{
|
||||
@@ -128,6 +150,10 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
|
||||
|
||||
bodyReader := resp.Body
|
||||
|
||||
// 读取body内容
|
||||
//bodyContent, _ := io.ReadAll(bodyReader)
|
||||
// c.Infof("%s", bodyContent)
|
||||
|
||||
if cfg.RateLimit.BandwidthLimit.Enabled {
|
||||
bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
|
||||
}
|
||||
|
||||
@@ -15,6 +15,10 @@ func NoRouteHandler(cfg *config.Config) touka.HandlerFunc {
|
||||
return func(c *touka.Context) {
|
||||
var ctx = c.Request.Context()
|
||||
var shoudBreak bool
|
||||
// shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
|
||||
// if shoudBreak {
|
||||
// return
|
||||
// }
|
||||
|
||||
var (
|
||||
rawPath string
|
||||
|
||||
130
proxy/httpc.go
130
proxy/httpc.go
@@ -1,6 +1,7 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"ghproxy/config"
|
||||
"net/http"
|
||||
"time"
|
||||
@@ -11,40 +12,42 @@ import (
|
||||
var BufferSize int = 32 * 1024 // 32KB
|
||||
|
||||
var (
|
||||
tr *http.Transport
|
||||
gittr *http.Transport
|
||||
client *httpc.Client
|
||||
gitclient *httpc.Client
|
||||
tr *http.Transport
|
||||
gittr *http.Transport
|
||||
client *httpc.Client
|
||||
gitclient *httpc.Client
|
||||
ghcrtr *http.Transport
|
||||
ghcrclient *httpc.Client
|
||||
)
|
||||
|
||||
func InitReq(cfg *config.Config) (*httpc.Client, error) {
|
||||
client := initHTTPClient(cfg)
|
||||
func InitReq(cfg *config.Config) error {
|
||||
initHTTPClient(cfg)
|
||||
if cfg.GitClone.Mode == "cache" {
|
||||
initGitHTTPClient(cfg)
|
||||
}
|
||||
initGhcrHTTPClient(cfg)
|
||||
err := SetGlobalRateLimit(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
return client, nil
|
||||
return nil
|
||||
|
||||
}
|
||||
|
||||
func initHTTPClient(cfg *config.Config) *httpc.Client {
|
||||
func initHTTPClient(cfg *config.Config) {
|
||||
var proTolcols = new(http.Protocols)
|
||||
proTolcols.SetHTTP1(true)
|
||||
proTolcols.SetHTTP2(true)
|
||||
proTolcols.SetUnencryptedHTTP2(true)
|
||||
if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
|
||||
|
||||
switch cfg.Httpc.Mode {
|
||||
case "auto", "":
|
||||
tr = &http.Transport{
|
||||
IdleConnTimeout: 30 * time.Second,
|
||||
WriteBufferSize: 32 * 1024, // 32KB
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
Protocols: proTolcols,
|
||||
}
|
||||
case "advanced":
|
||||
} else if cfg.Httpc.Mode == "advanced" {
|
||||
tr = &http.Transport{
|
||||
MaxIdleConns: cfg.Httpc.MaxIdleConns,
|
||||
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
|
||||
@@ -53,10 +56,9 @@ func initHTTPClient(cfg *config.Config) *httpc.Client {
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
Protocols: proTolcols,
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
panic("unknown httpc mode: " + cfg.Httpc.Mode)
|
||||
}
|
||||
|
||||
if cfg.Outbound.Enabled {
|
||||
initTransport(cfg, tr)
|
||||
}
|
||||
@@ -70,18 +72,18 @@ func initHTTPClient(cfg *config.Config) *httpc.Client {
|
||||
httpc.WithTransport(tr),
|
||||
)
|
||||
}
|
||||
return client
|
||||
|
||||
}
|
||||
|
||||
func initGitHTTPClient(cfg *config.Config) {
|
||||
switch cfg.Httpc.Mode {
|
||||
case "auto", "":
|
||||
|
||||
if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
|
||||
gittr = &http.Transport{
|
||||
IdleConnTimeout: 30 * time.Second,
|
||||
WriteBufferSize: 32 * 1024, // 32KB
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
}
|
||||
case "advanced":
|
||||
} else if cfg.Httpc.Mode == "advanced" {
|
||||
gittr = &http.Transport{
|
||||
MaxIdleConns: cfg.Httpc.MaxIdleConns,
|
||||
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
|
||||
@@ -89,30 +91,84 @@ func initGitHTTPClient(cfg *config.Config) {
|
||||
WriteBufferSize: 32 * 1024, // 32KB
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
panic("unknown httpc mode: " + cfg.Httpc.Mode)
|
||||
}
|
||||
|
||||
if cfg.Outbound.Enabled {
|
||||
initTransport(cfg, gittr)
|
||||
}
|
||||
|
||||
var opts []httpc.Option // 使用切片来收集选项
|
||||
opts = append(opts, httpc.WithTransport(gittr))
|
||||
var protocolsConfig httpc.ProtocolsConfig
|
||||
|
||||
if cfg.GitClone.ForceH2C {
|
||||
protocolsConfig.ForceH2C = true
|
||||
if cfg.Server.Debug && cfg.GitClone.ForceH2C {
|
||||
gitclient = httpc.New(
|
||||
httpc.WithTransport(gittr),
|
||||
httpc.WithDumpLog(),
|
||||
httpc.WithProtocols(httpc.ProtocolsConfig{
|
||||
ForceH2C: true,
|
||||
}),
|
||||
)
|
||||
} else if !cfg.Server.Debug && cfg.GitClone.ForceH2C {
|
||||
gitclient = httpc.New(
|
||||
httpc.WithTransport(gittr),
|
||||
httpc.WithProtocols(httpc.ProtocolsConfig{
|
||||
ForceH2C: true,
|
||||
}),
|
||||
)
|
||||
} else if cfg.Server.Debug && !cfg.GitClone.ForceH2C {
|
||||
gitclient = httpc.New(
|
||||
httpc.WithTransport(gittr),
|
||||
httpc.WithDumpLog(),
|
||||
httpc.WithProtocols(httpc.ProtocolsConfig{
|
||||
Http1: true,
|
||||
Http2: true,
|
||||
Http2_Cleartext: true,
|
||||
}),
|
||||
)
|
||||
} else {
|
||||
protocolsConfig.Http1 = true
|
||||
protocolsConfig.Http2 = true
|
||||
protocolsConfig.Http2_Cleartext = true
|
||||
gitclient = httpc.New(
|
||||
httpc.WithTransport(gittr),
|
||||
httpc.WithProtocols(httpc.ProtocolsConfig{
|
||||
Http1: true,
|
||||
Http2: true,
|
||||
Http2_Cleartext: true,
|
||||
}),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
func initGhcrHTTPClient(cfg *config.Config) {
|
||||
var proTolcols = new(http.Protocols)
|
||||
proTolcols.SetHTTP1(true)
|
||||
proTolcols.SetHTTP2(true)
|
||||
if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
|
||||
|
||||
ghcrtr = &http.Transport{
|
||||
IdleConnTimeout: 30 * time.Second,
|
||||
WriteBufferSize: 32 * 1024, // 32KB
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
Protocols: proTolcols,
|
||||
}
|
||||
} else if cfg.Httpc.Mode == "advanced" {
|
||||
ghcrtr = &http.Transport{
|
||||
MaxIdleConns: cfg.Httpc.MaxIdleConns,
|
||||
MaxConnsPerHost: cfg.Httpc.MaxConnsPerHost,
|
||||
MaxIdleConnsPerHost: cfg.Httpc.MaxIdleConnsPerHost,
|
||||
WriteBufferSize: 32 * 1024, // 32KB
|
||||
ReadBufferSize: 32 * 1024, // 32KB
|
||||
Protocols: proTolcols,
|
||||
}
|
||||
} else {
|
||||
panic(fmt.Sprintf("unknown httpc mode: %s", cfg.Httpc.Mode))
|
||||
}
|
||||
if cfg.Outbound.Enabled {
|
||||
initTransport(cfg, ghcrtr)
|
||||
}
|
||||
if cfg.Server.Debug {
|
||||
ghcrclient = httpc.New(
|
||||
httpc.WithTransport(ghcrtr),
|
||||
httpc.WithDumpLog(),
|
||||
)
|
||||
} else {
|
||||
ghcrclient = httpc.New(
|
||||
httpc.WithTransport(ghcrtr),
|
||||
)
|
||||
}
|
||||
opts = append(opts, httpc.WithProtocols(protocolsConfig))
|
||||
|
||||
if cfg.Server.Debug {
|
||||
opts = append(opts, httpc.WithDumpLog())
|
||||
}
|
||||
|
||||
gitclient = httpc.New(opts...)
|
||||
}
|
||||
|
||||
248
proxy/match.go
248
proxy/match.go
@@ -10,6 +10,11 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
githubPrefix = "https://github.com/"
|
||||
rawPrefix = "https://raw.githubusercontent.com/"
|
||||
gistPrefix = "https://gist.github.com/"
|
||||
gistContentPrefix = "https://gist.githubusercontent.com/"
|
||||
apiPrefix = "https://api.github.com/"
|
||||
githubPrefixLen int
|
||||
rawPrefixLen int
|
||||
gistPrefixLen int
|
||||
@@ -17,90 +22,48 @@ var (
|
||||
apiPrefixLen int
|
||||
)
|
||||
|
||||
const (
|
||||
githubPrefix = "https://github.com/"
|
||||
rawPrefix = "https://raw.githubusercontent.com/"
|
||||
gistPrefix = "https://gist.github.com/"
|
||||
gistContentPrefix = "https://gist.githubusercontent.com/"
|
||||
apiPrefix = "https://api.github.com/"
|
||||
ociv2Prefix = "https://v2/"
|
||||
releasesDownloadSnippet = "releases/download/"
|
||||
)
|
||||
|
||||
func init() {
|
||||
githubPrefixLen = len(githubPrefix)
|
||||
rawPrefixLen = len(rawPrefix)
|
||||
gistPrefixLen = len(gistPrefix)
|
||||
gistContentPrefixLen = len(gistContentPrefix)
|
||||
apiPrefixLen = len(apiPrefix)
|
||||
//log.Printf("githubPrefixLen: %d, rawPrefixLen: %d, gistPrefixLen: %d, apiPrefixLen: %d", githubPrefixLen, rawPrefixLen, gistPrefixLen, apiPrefixLen)
|
||||
}
|
||||
|
||||
// Matcher 从原始URL路径中高效地解析并匹配代理规则.
|
||||
func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
|
||||
/*
|
||||
if len(rawPath) < 18 {
|
||||
return "", "", "", NewErrorWithStatusLookup(404, "path too short")
|
||||
}
|
||||
*/
|
||||
if len(rawPath) < 18 {
|
||||
return "", "", "", NewErrorWithStatusLookup(404, "path too short")
|
||||
}
|
||||
|
||||
// 匹配 "https://github.com/"
|
||||
if strings.HasPrefix(rawPath, githubPrefix) {
|
||||
pathAfterDomain := rawPath[githubPrefixLen:]
|
||||
|
||||
// 解析 user
|
||||
i := strings.IndexByte(pathAfterDomain, '/')
|
||||
remaining := rawPath[githubPrefixLen:]
|
||||
i := strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing user")
|
||||
}
|
||||
user := pathAfterDomain[:i]
|
||||
pathAfterUser := pathAfterDomain[i+1:]
|
||||
|
||||
// 解析 repo
|
||||
i = strings.IndexByte(pathAfterUser, '/')
|
||||
user := remaining[:i]
|
||||
remaining = remaining[i+1:]
|
||||
i = strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing repo")
|
||||
}
|
||||
repo := remaining[:i]
|
||||
remaining = remaining[i+1:]
|
||||
if len(remaining) == 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
|
||||
}
|
||||
repo := pathAfterUser[:i]
|
||||
pathAfterRepo := pathAfterUser[i+1:]
|
||||
|
||||
if len(pathAfterRepo) == 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed github path: missing action")
|
||||
}
|
||||
|
||||
// 优先处理所有 "releases" 相关的下载路径
|
||||
if strings.HasPrefix(pathAfterRepo, "releases/") {
|
||||
// 情况 A: "releases/download/..."
|
||||
if strings.HasPrefix(pathAfterRepo, "releases/download/") {
|
||||
return user, repo, "releases", nil
|
||||
}
|
||||
// 情况 B: "releases/:tag/download/..."
|
||||
pathAfterReleases := pathAfterRepo[len("releases/"):]
|
||||
slashIndex := strings.IndexByte(pathAfterReleases, '/')
|
||||
if slashIndex > 0 { // 确保tag不为空
|
||||
pathAfterTag := pathAfterReleases[slashIndex+1:]
|
||||
if strings.HasPrefix(pathAfterTag, "download/") {
|
||||
return user, repo, "releases", nil
|
||||
}
|
||||
}
|
||||
// 如果不满足上述下载链接的结构, 则为网页浏览路径, 予以拒绝
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "unsupported releases page, only download links are allowed")
|
||||
}
|
||||
|
||||
// 检查 "archive/" 路径
|
||||
if strings.HasPrefix(pathAfterRepo, "archive/") {
|
||||
// 根据测试用例, archive路径的matcher也应为releases
|
||||
return user, repo, "releases", nil
|
||||
}
|
||||
|
||||
// 如果不是下载路径, 则解析action并进行分类
|
||||
i = strings.IndexByte(pathAfterRepo, '/')
|
||||
action := pathAfterRepo
|
||||
i = strings.IndexByte(remaining, '/')
|
||||
action := remaining
|
||||
if i != -1 {
|
||||
action = pathAfterRepo[:i]
|
||||
action = remaining[:i]
|
||||
}
|
||||
|
||||
var matcher string
|
||||
switch action {
|
||||
case "releases", "archive":
|
||||
matcher = "releases"
|
||||
case "blob":
|
||||
matcher = "blob"
|
||||
case "raw":
|
||||
@@ -116,27 +79,59 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
|
||||
// 匹配 "https://raw.githubusercontent.com/"
|
||||
if strings.HasPrefix(rawPath, rawPrefix) {
|
||||
remaining := rawPath[rawPrefixLen:]
|
||||
parts := strings.SplitN(remaining, "/", 3)
|
||||
if len(parts) < 3 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: path too short")
|
||||
// 这里的逻辑与 github.com 的类似, 需要提取 user, repo, branch, file...
|
||||
// 我们只需要 user 和 repo
|
||||
i := strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing user")
|
||||
}
|
||||
return parts[0], parts[1], "raw", nil
|
||||
user := remaining[:i]
|
||||
remaining = remaining[i+1:]
|
||||
i = strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing repo")
|
||||
}
|
||||
repo := remaining[:i]
|
||||
// raw 链接至少需要 user/repo/branch 三部分
|
||||
remaining = remaining[i+1:]
|
||||
if len(remaining) == 0 {
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed raw url: missing branch/commit")
|
||||
}
|
||||
return user, repo, "raw", nil
|
||||
}
|
||||
|
||||
// 匹配 "https://gist.github.com/" 或 "https://gist.githubusercontent.com/"
|
||||
isGist := strings.HasPrefix(rawPath, gistPrefix)
|
||||
if isGist || strings.HasPrefix(rawPath, gistContentPrefix) {
|
||||
var remaining string
|
||||
if isGist {
|
||||
remaining = rawPath[gistPrefixLen:]
|
||||
} else {
|
||||
remaining = rawPath[gistContentPrefixLen:]
|
||||
}
|
||||
parts := strings.SplitN(remaining, "/", 2)
|
||||
if len(parts) == 0 || parts[0] == "" {
|
||||
// 匹配 "https://gist.github.com/"
|
||||
if strings.HasPrefix(rawPath, gistPrefix) {
|
||||
remaining := rawPath[gistPrefixLen:]
|
||||
i := strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
// case: https://gist.github.com/user
|
||||
// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的
|
||||
if len(remaining) > 0 {
|
||||
return remaining, "", "gist", nil
|
||||
}
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
|
||||
}
|
||||
return parts[0], "", "gist", nil
|
||||
// case: https://gist.github.com/user/gist_id...
|
||||
user := remaining[:i]
|
||||
return user, "", "gist", nil
|
||||
}
|
||||
|
||||
// 匹配 "https://gist.githubusercontent.com/"
|
||||
if strings.HasPrefix(rawPath, gistContentPrefix) {
|
||||
remaining := rawPath[gistContentPrefixLen:]
|
||||
i := strings.IndexByte(remaining, '/')
|
||||
if i <= 0 {
|
||||
// case: https://gist.githubusercontent.com/user
|
||||
// 这种情况下, gist_id 缺失, 但我们仍然可以认为 user 是有效的
|
||||
if len(remaining) > 0 {
|
||||
return remaining, "", "gist", nil
|
||||
}
|
||||
return "", "", "", NewErrorWithStatusLookup(400, "malformed gist url: missing user")
|
||||
}
|
||||
// case: https://gist.githubusercontent.com/user/gist_id...
|
||||
user := remaining[:i]
|
||||
return user, "", "gist", nil
|
||||
}
|
||||
|
||||
// 匹配 "https://api.github.com/"
|
||||
@@ -164,6 +159,105 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
|
||||
return "", "", "", NewErrorWithStatusLookup(404, "no matcher found for the given path")
|
||||
}
|
||||
|
||||
// 原实现
|
||||
/*
|
||||
func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
|
||||
var (
|
||||
user string
|
||||
repo string
|
||||
matcher string
|
||||
)
|
||||
// 匹配 "https://github.com"开头的链接
|
||||
if strings.HasPrefix(rawPath, "https://github.com") {
|
||||
remainingPath := strings.TrimPrefix(rawPath, "https://github.com")
|
||||
|
||||
//if strings.HasPrefix(remainingPath, "/") {
|
||||
// remainingPath = strings.TrimPrefix(remainingPath, "/")
|
||||
//}
|
||||
|
||||
remainingPath = strings.TrimPrefix(remainingPath, "/")
|
||||
// 预期格式/user/repo/more...
|
||||
// 取出user和repo和最后部分
|
||||
parts := strings.Split(remainingPath, "/")
|
||||
if len(parts) <= 2 {
|
||||
errMsg := "Not enough parts in path after matching 'https://github.com*'"
|
||||
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
|
||||
}
|
||||
user = parts[0]
|
||||
repo = parts[1]
|
||||
// 匹配 "https://github.com"开头的链接
|
||||
if len(parts) >= 3 {
|
||||
switch parts[2] {
|
||||
case "releases", "archive":
|
||||
matcher = "releases"
|
||||
case "blob":
|
||||
matcher = "blob"
|
||||
case "raw":
|
||||
matcher = "raw"
|
||||
case "info", "git-upload-pack":
|
||||
matcher = "clone"
|
||||
default:
|
||||
errMsg := "Url Matched 'https://github.com*', but didn't match the next matcher"
|
||||
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
|
||||
}
|
||||
}
|
||||
return user, repo, matcher, nil
|
||||
}
|
||||
// 匹配 "https://raw"开头的链接
|
||||
if strings.HasPrefix(rawPath, "https://raw") {
|
||||
remainingPath := strings.TrimPrefix(rawPath, "https://")
|
||||
parts := strings.Split(remainingPath, "/")
|
||||
if len(parts) <= 3 {
|
||||
errMsg := "URL after matched 'https://raw*' should have at least 4 parts (user/repo/branch/file)."
|
||||
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
|
||||
}
|
||||
user = parts[1]
|
||||
repo = parts[2]
|
||||
matcher = "raw"
|
||||
|
||||
return user, repo, matcher, nil
|
||||
}
|
||||
// 匹配 "https://gist"开头的链接
|
||||
if strings.HasPrefix(rawPath, "https://gist") {
|
||||
remainingPath := strings.TrimPrefix(rawPath, "https://")
|
||||
parts := strings.Split(remainingPath, "/")
|
||||
if len(parts) <= 3 {
|
||||
errMsg := "URL after matched 'https://gist*' should have at least 4 parts (user/gist_id)."
|
||||
return "", "", "", NewErrorWithStatusLookup(400, errMsg)
|
||||
}
|
||||
user = parts[1]
|
||||
repo = ""
|
||||
matcher = "gist"
|
||||
return user, repo, matcher, nil
|
||||
}
|
||||
// 匹配 "https://api.github.com/"开头的链接
|
||||
if strings.HasPrefix(rawPath, "https://api.github.com/") {
|
||||
matcher = "api"
|
||||
remainingPath := strings.TrimPrefix(rawPath, "https://api.github.com/")
|
||||
|
||||
parts := strings.Split(remainingPath, "/")
|
||||
if parts[0] == "repos" {
|
||||
user = parts[1]
|
||||
repo = parts[2]
|
||||
}
|
||||
if parts[0] == "users" {
|
||||
user = parts[1]
|
||||
}
|
||||
if !cfg.Auth.ForceAllowApi {
|
||||
if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
|
||||
//return "", "", "", ErrAuthHeaderUnavailable
|
||||
errMsg := "AuthHeader Unavailable, Need to open header auth to enable api proxy"
|
||||
return "", "", "", NewErrorWithStatusLookup(403, errMsg)
|
||||
}
|
||||
}
|
||||
return user, repo, matcher, nil
|
||||
}
|
||||
//return "", "", "", ErrNotFound
|
||||
errMsg := "Didn't match any matcher"
|
||||
return "", "", "", NewErrorWithStatusLookup(404, errMsg)
|
||||
}
|
||||
*/
|
||||
|
||||
var (
|
||||
proxyableMatchersMap map[string]struct{}
|
||||
initMatchersOnce sync.Once
|
||||
|
||||
@@ -33,29 +33,11 @@ func TestMatcher_Compatibility(t *testing.T) {
|
||||
expectedErrCode int
|
||||
}{
|
||||
{
|
||||
name: "GH Releases Path 1",
|
||||
name: "GH Releases Path",
|
||||
rawPath: "https://github.com/owner/repo/releases/download/v1.0/asset.zip",
|
||||
config: cfgWithAuth,
|
||||
expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
|
||||
},
|
||||
{
|
||||
name: "GH Releases Path 2",
|
||||
rawPath: "https://github.com/owner/repo/releases/v1.0/download/asset.zip",
|
||||
config: cfgWithAuth,
|
||||
expectedUser: "owner", expectedRepo: "repo", expectedMatcher: "releases",
|
||||
},
|
||||
{
|
||||
name: "GH Releases Path Page",
|
||||
rawPath: "https://github.com/owner/repo/releases",
|
||||
config: cfgWithAuth,
|
||||
expectError: true, expectedErrCode: 400,
|
||||
},
|
||||
{
|
||||
name: "GH Releases Path Tag Page",
|
||||
rawPath: "https://github.com/owner/repo/releases/tag/v0.0.1",
|
||||
config: cfgWithAuth,
|
||||
expectError: true, expectedErrCode: 400,
|
||||
},
|
||||
{
|
||||
name: "GH Archive Path",
|
||||
rawPath: "https://github.com/owner/repo.git/archive/main.zip",
|
||||
|
||||
@@ -12,6 +12,11 @@ func RoutingHandler(cfg *config.Config) touka.HandlerFunc {
|
||||
|
||||
var shoudBreak bool
|
||||
|
||||
// shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
|
||||
// if shoudBreak {
|
||||
// return
|
||||
//}
|
||||
|
||||
var (
|
||||
rawPath string
|
||||
)
|
||||
|
||||
@@ -4,47 +4,10 @@ import (
|
||||
"fmt"
|
||||
"ghproxy/auth"
|
||||
"ghproxy/config"
|
||||
"io"
|
||||
|
||||
"github.com/infinite-iroha/touka"
|
||||
)
|
||||
|
||||
// CountingReader is a reader that counts the number of bytes read.
|
||||
// CountingReader 是一个计算已读字节数的读取器.
|
||||
type CountingReader struct {
|
||||
reader io.Reader
|
||||
bytesRead int64
|
||||
}
|
||||
|
||||
// NewCountingReader creates a new CountingReader.
|
||||
// NewCountingReader 创建一个新的 CountingReader.
|
||||
func NewCountingReader(reader io.Reader) *CountingReader {
|
||||
return &CountingReader{
|
||||
reader: reader,
|
||||
}
|
||||
}
|
||||
|
||||
func (cr *CountingReader) Read(p []byte) (n int, err error) {
|
||||
n, err = cr.reader.Read(p)
|
||||
cr.bytesRead += int64(n)
|
||||
return n, err
|
||||
}
|
||||
|
||||
// BytesRead returns the number of bytes read.
|
||||
// BytesRead 返回已读字节数.
|
||||
func (cr *CountingReader) BytesRead() int64 {
|
||||
return cr.bytesRead
|
||||
}
|
||||
|
||||
// Close closes the underlying reader if it implements io.Closer.
|
||||
// 如果底层读取器实现了 io.Closer, 则关闭它.
|
||||
func (cr *CountingReader) Close() error {
|
||||
if closer, ok := cr.reader.(io.Closer); ok {
|
||||
return closer.Close()
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func listCheck(cfg *config.Config, c *touka.Context, user string, repo string, rawPath string) bool {
|
||||
if cfg.Auth.ForceAllowApi && cfg.Auth.ForceAllowApiPassList {
|
||||
return false
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
package stats
|
||||
|
||||
import (
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// ProxyStats store one ip's proxy stats
|
||||
// ProxyStats 存储一个IP的代理统计信息
|
||||
type ProxyStats struct {
|
||||
IP string `json:"ip"`
|
||||
LastCalled time.Time `json:"last_called"`
|
||||
CallCount int64 `json:"call_count"`
|
||||
TotalTransferred int64 `json:"total_transferred"`
|
||||
}
|
||||
|
||||
var (
|
||||
statsMap = &sync.Map{}
|
||||
)
|
||||
|
||||
// Record update a ip's proxy stats
|
||||
// Record 更新一个IP的代理统计信息
|
||||
func Record(ip string, transferred int64) {
|
||||
s, _ := statsMap.LoadOrStore(ip, &ProxyStats{
|
||||
IP: ip,
|
||||
})
|
||||
|
||||
ps := s.(*ProxyStats)
|
||||
ps.LastCalled = time.Now()
|
||||
ps.CallCount++
|
||||
ps.TotalTransferred += transferred
|
||||
statsMap.Store(ip, ps)
|
||||
}
|
||||
|
||||
// GetStats return all proxy stats
|
||||
// GetStats 返回所有的代理统计信息
|
||||
func GetStats() map[string]*ProxyStats {
|
||||
data := make(map[string]*ProxyStats)
|
||||
statsMap.Range(func(key, value interface{}) bool {
|
||||
data[key.(string)] = value.(*ProxyStats)
|
||||
return true
|
||||
})
|
||||
return data
|
||||
}
|
||||
Reference in New Issue
Block a user