Merge pull request #143 from WJQSERVER-STUDIO/dev

4.2.0

.github/workflows/build.yml

@@ -144,4 +144,4 @@ jobs:
             ${{ env.IMAGE_NAME }}:v4
             ${{ env.IMAGE_NAME }}:latest
             wjqserver/ghproxy-touka:latest
-            wjqserver/ghproxy-touka:${{ env.VERSION }}
+            wjqserver/ghproxy-touka:${{ env.VERSION }}

.gitignore

@@ -3,6 +3,7 @@ demo.toml
 *.log
 *.bak
 list.json
+iplist.json
 repos
 pages
 *_test

CHANGELOG.md

@@ -1,5 +1,108 @@
 # 更新日志
 
+4.2.0 - 2025-07-22
+---
+- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
+- CHANGE: 进一步推进`json/v2`支持
+
+4.2.0-rc.0 - 2025-07-22
+---
+- PRE-RELEASE: v4.2.0-rc.0是v4.2.0预发布版本,请勿在生产环境中使用;
+- CHANGE: 支持根据IP(CDIR)进行白名单与屏蔽
+- CHANGE: 深化json/v2改革, 预备go1.25 json/v2
+
+4.1.7 - 2025-07-20
+---
+- CHANGE: 更新相关依赖
+- CHANGE: 改进代码结构, 完善处理
+
+4.1.7-rc.0 - 2025-07-20
+---
+- PRE-RELEASE: v4.1.7-rc.0是v4.1.7预发布版本,请勿在生产环境中使用;
+- CHANGE: 更新相关依赖
+- CHANGE: 改进代码结构, 完善处理
+
+4.1.6 - 2025-07-07
+---
+- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
+- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
+
+4.1.6-rc.0 - 2025-07-07
+---
+- PRE-RELEASE: v4.1.6-rc.0是v4.1.6预发布版本,请勿在生产环境中使用;
+- CHANGE: 更新[Touka框架](https://github.com/infinite-iroha/touka)版本到`v0.2.9`, 提升`io`相关方式的性能并降低分配
+- CHANGE: 更新[Touka HTTPC](https://github.com/WJQSERVER-STUDIO/httpc)版本到`v0.8.0`, 使用`json/v2`的同时, 提升`io`相关操作性能并降低分配, 优化`debug`模式下打印输出性能
+
+4.1.5 - 2025-07-03
+---
+- CHANGE: 更新`httpc`依赖以修正一些问题
+
+4.1.5-rc.0 - 2025-07-03
+---
+- PRE-RELEASE: v4.1.5-rc.0是v4.1.5预发布版本,请勿在生产环境中使用;
+- CHANGE: 更新`httpc`依赖以修正一些问题
+
+4.1.4 - 2025-06-30
+---
+- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
+- CHANGE: 更新`json/v2`版本
+
+4.1.4-rc.0 - 2025-06-30
+---
+- PRE-RELEASE: v4.1.4-rc.0是v4.1.4预发布版本,请勿在生产环境中使用;
+- CHANGE: 使用`touka`框架的内建httpc统一管理, 同时对httpc相关初始化进行改进
+- CHANGE: 更新`json/v2`版本
+
+4.1.3 - 2025-06-25
+---
+- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
+
+4.1.3-rc.0 - 2025-06-25
+---
+- PRE-RELEASE: 此版本是v4.1.3预发布版本,请勿在生产环境中使用;
+- CHANGE: 更新`touka`版本, 使用新的方式配置slash重定向功能
+
+4.1.2 - 2025-06-18
+---
+- CHANGE: 更新`design`主题, 更新默认配置生成
+
+4.1.2-rc.0 - 2025-06-18
+---
+- PRE-RELEASE: 此版本是v4.1.2预发布版本,请勿在生产环境中使用;
+- CHANGE: 更新`design`主题, 更新默认配置生成
+
+4.1.1 - 2025-06-18
+---
+- CHANGE: 更新touka框架到v0.2.6, 解决MidwareX的一些状态问题
+
+4.1.0 - 2025-06-17
+---
+- ADD: 加入基于`basic auth`的docker鉴权支持
+
+4.1.0-rc.0 - 2025-06-17
+---
+- PRE-RELEASE: 此版本是v4.1.0预发布版本,请勿在生产环境中使用;
+- ADD: 加入基于`basic auth`的docker鉴权支持
+
+4.1.0-beta.0 - 2025-06-17
+---
+- BETA-TEST: 此版本是v4.1.0的测试版本,请勿在生产环境中使用;
+- ADD: 加入基于`basic auth`的docker鉴权支持
+
+4.0.0 - 2025-06-16
+---
+- CHANGE: 移交到Touka框架
+- REMOVE: 移除req rate limit的total方式
+- CHANGE: 使用[reco](https://github.com/fenthope/reco)日志库, 异步使能
+- FIX: 更换HTTP框架以解决v3可能存在的内存分配与回收问题
+
+4.0.0-rc.0 - 2025-06-16
+---
+- PRE-RELEASE: 此版本是v4.0.0预发布版本,请勿在生产环境中使用;
+- CHANGE: 移交到Touka框架
+- REMOVE: 移除req rate limit的total方式
+- CHANGE: 使用[reco](https://github.com/fenthope/reco)日志库, 异步使能
+
 4.0.0-beta.0 - 2025-06-15
 ---
 - BETA-TEST: 此版本是v4.0.0的测试版本,请勿在生产环境中使用;

DEV-VERSION

@@ -1 +1 @@
-4.0.0-beta.0
+4.2.0-rc.0

README.md

@@ -6,7 +6,7 @@
 ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/WJQSERVER-STUDIO/ghproxy)
 [![Go Report Card](https://goreportcard.com/badge/github.com/WJQSERVER-STUDIO/ghproxy)](https://goreportcard.com/report/github.com/WJQSERVER-STUDIO/ghproxy)
 
-GHProxy是一个基于Go的支持代理Github仓库资源和API的项目, 同时支持Docker镜像代理与脚本嵌套加速等多种功能
+一个基于Go的高性能Github资源代理程序, 同时支持Docker镜像代理与脚本嵌套加速等多种功能
 
 ## 项目说明
 
@@ -32,9 +32,11 @@ GHProxy是一个基于Go的支持代理Github仓库资源和API的项目, 同时
 
 [TG讨论群组](https://t.me/ghproxy_go)
 
+[GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
+
 [相关文章](https://blog.wjqserver.com/categories/my-program/)
 
-[GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
+代理相关推广: [Thordata](https://www.thordata.com/?ls=github&lk=WJQserver)，市面上最具性价比的代理服务商，便宜好用，来自全球195个国家城市的6000万IP，轮换住宅/原生ISP/无限量仅从$0.65/GB 起，新用户$1=5GB .联系客户可获得免费测试.
 
 ### 使用示例
 
@@ -95,16 +97,11 @@ wget -O install-dev.sh https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghprox
 
 参看[GHProxy-Frontend](https://github.com/WJQSERVER-STUDIO/GHProxy-Frontend)
 
-## 项目简史
+## 文档
 
-本项目旨在于构建一个高效且功能多样的GHProxy
+*   [GHProxy项目文档](https://wjqserver-docs.pages.dev/docs/ghproxy/) 感谢 [@redbunnys](https://github.com/redbunnys)的维护
 
-- v4.0.0 迁移到[Touka框架](https://github.com/infinite-iroha/touka)
-- v3.0.0 迁移到HertZ框架, 进一步提升效率
-- v2.4.1 对路径匹配进行优化
-- v2.0.0 对`proxy`核心模块进行了重构,大幅优化内存占用
-- v1.0.0 迁移至本仓库,并再次重构内容实现
-- v0.2.0 重构项目实现
+*   [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/WJQSERVER-STUDIO/ghproxy) 可供参考, AI生成存在幻觉, 不完全可靠, 请注意辨别
 
 ## LICENSE
 

VERSION

@@ -1 +1 @@
-4.0.0
+4.2.0

auth/blacklist.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"sync"
 
-	"encoding/json"
+	"github.com/go-json-experiment/json"
 )
 
 type Blacklist struct {

auth/ipfilter.go

@@ -0,0 +1,60 @@
+package auth
+
+import (
+	"fmt"
+	"ghproxy/config"
+	"os"
+
+	"github.com/go-json-experiment/json"
+	"github.com/go-json-experiment/json/jsontext"
+)
+
+func ReadIPFilterList(cfg *config.Config) (whitelist []string, blacklist []string, err error) {
+	if cfg.IPFilter.IPFilterFile == "" {
+		return nil, nil, nil
+	}
+
+	// 检查文件是否存在, 不存在则创建空json
+	if _, err := os.Stat(cfg.IPFilter.IPFilterFile); os.IsNotExist(err) {
+		if err := CreateEmptyIPFilterFile(cfg.IPFilter.IPFilterFile); err != nil {
+			return nil, nil, fmt.Errorf("failed to create empty IP filter file: %w", err)
+		}
+	}
+
+	data, err := os.ReadFile(cfg.IPFilter.IPFilterFile)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to read IP filter file: %w", err)
+	}
+
+	var ipFilterData struct {
+		AllowList []string `json:"allow"`
+		BlockList []string `json:"block"`
+	}
+	if err := json.Unmarshal(data, &ipFilterData); err != nil {
+		return nil, nil, fmt.Errorf("invalid IP filter file format: %w", err)
+	}
+
+	return ipFilterData.AllowList, ipFilterData.BlockList, nil
+}
+
+// 创建空列表json
+func CreateEmptyIPFilterFile(filePath string) error {
+	emptyData := struct {
+		AllowList []string `json:"allow"`
+		BlockList []string `json:"block"`
+	}{
+		AllowList: []string{},
+		BlockList: []string{},
+	}
+
+	jsonData, err := json.Marshal(emptyData, jsontext.Multiline(true), jsontext.WithIndent("  "))
+	if err != nil {
+		return fmt.Errorf("failed to marshal empty IP filter data: %w", err)
+	}
+
+	err = os.WriteFile(filePath, jsonData, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to write empty IP filter file: %w", err)
+	}
+	return nil
+}

auth/whitelist.go

@@ -1,12 +1,13 @@
 package auth
 
 import (
-	"encoding/json"
 	"fmt"
 	"ghproxy/config"
 	"os"
 	"strings"
 	"sync"
+
+	"github.com/go-json-experiment/json"
 )
 
 // Whitelist 用于存储白名单信息

config/config.go

@@ -7,18 +7,19 @@ import (
 )
 
 type Config struct {
-	Server    ServerConfig
-	Httpc     HttpcConfig
-	GitClone  GitCloneConfig
-	Shell     ShellConfig
-	Pages     PagesConfig
-	Log       LogConfig
-	Auth      AuthConfig
-	Blacklist BlacklistConfig
-	Whitelist WhitelistConfig
-	RateLimit RateLimitConfig
-	Outbound  OutboundConfig
-	Docker    DockerConfig
+	Server    ServerConfig    `toml:"server"`
+	Httpc     HttpcConfig     `toml:"httpc"`
+	GitClone  GitCloneConfig  `toml:"gitclone"`
+	Shell     ShellConfig     `toml:"shell"`
+	Pages     PagesConfig     `toml:"pages"`
+	Log       LogConfig       `toml:"log"`
+	Auth      AuthConfig      `toml:"auth"`
+	Blacklist BlacklistConfig `toml:"blacklist"`
+	Whitelist WhitelistConfig `toml:"whitelist"`
+	IPFilter  IPFilterConfig  `toml:"ipFilter"`
+	RateLimit RateLimitConfig `toml:"rateLimit"`
+	Outbound  OutboundConfig  `toml:"outbound"`
+	Docker    DockerConfig    `toml:"docker"`
 }
 
 /*
@@ -60,12 +61,14 @@ type HttpcConfig struct {
 [gitclone]
 mode = "bypass" # bypass / cache
 smartGitAddr = "http://127.0.0.1:8080"
+//cacheTimeout = 10
 ForceH2C = true
 */
 type GitCloneConfig struct {
 	Mode         string `toml:"mode"`
 	SmartGitAddr string `toml:"smartGitAddr"`
-	ForceH2C     bool   `toml:"ForceH2C"`
+	//CacheTimeout int    `toml:"cacheTimeout"`
+	ForceH2C bool `toml:"ForceH2C"`
 }
 
 /*
@@ -126,6 +129,13 @@ type WhitelistConfig struct {
 	WhitelistFile string `toml:"whitelistFile"`
 }
 
+type IPFilterConfig struct {
+	Enabled         bool   `toml:"enabled"`
+	EnableAllowList bool   `toml:"enableAllowList"`
+	EnableBlockList bool   `toml:"enableBlockList"`
+	IPFilterFile    string `toml:"ipFilterFile"`
+}
+
 /*
 [rateLimit]
 enabled = false
@@ -169,10 +179,17 @@ type OutboundConfig struct {
 [docker]
 enabled = false
 target = "ghcr" # ghcr/dockerhub
+auth = false
+[docker.credentials]
+user1 = "testpass"
+test = "test123"
 */
 type DockerConfig struct {
-	Enabled bool   `toml:"enabled"`
-	Target  string `toml:"target"`
+	Enabled         bool              `toml:"enabled"`
+	Target          string            `toml:"target"`
+	Auth            bool              `toml:"auth"`
+	Credentials     map[string]string `toml:"credentials"`
+	AuthPassThrough bool              `toml:"authPassThrough"`
 }
 
 // LoadConfig 从 TOML 配置文件加载配置
@@ -239,7 +256,7 @@ func DefaultConfig() *Config {
 		},
 		Pages: PagesConfig{
 			Mode:      "internal",
-			Theme:     "bootstrap",
+			Theme:     "hub",
 			StaticDir: "/data/www",
 		},
 		Log: LogConfig{
@@ -264,9 +281,14 @@ func DefaultConfig() *Config {
 			Enabled:       false,
 			WhitelistFile: "/data/ghproxy/config/whitelist.json",
 		},
+		IPFilter: IPFilterConfig{
+			Enabled:         false,
+			IPFilterFile:    "/data/ghproxy/config/ipfilter.json",
+			EnableAllowList: false,
+			EnableBlockList: false,
+		},
 		RateLimit: RateLimitConfig{
-			Enabled: false,
-			//RateMethod:    "total",
+			Enabled:       false,
 			RatePerMinute: 100,
 			Burst:         10,
 			BandwidthLimit: BandwidthLimitConfig{
@@ -283,7 +305,11 @@ func DefaultConfig() *Config {
 		},
 		Docker: DockerConfig{
 			Enabled: false,
-			Target:  "ghcr",
+			Target:  "dockerhub",
+			Auth:    false,
+			Credentials: map[string]string{
+				"testpass": "test123",
+			},
 		},
 	}
 }

config/config.toml

@@ -49,6 +49,12 @@ enabled = false
 enabled = false
 whitelistFile = "/data/ghproxy/config/whitelist.json"
 
+[ipFilter]
+enabled = false
+enableAllowList = false
+enableBlockList = false
+ipFilterFile = "/data/ghproxy/config/ipfilter.json"
+
 [rateLimit]
 enabled = false
 ratePerMinute = 180
@@ -67,4 +73,8 @@ url = "socks5://127.0.0.1:1080" # "http://127.0.0.1:7890"
 
 [docker]
 enabled = false
-target = "dockerhub" # ghcr/dockerhub/ custom
+target = "dockerhub" # ghcr/dockerhub/ custom
+auth = false
+[docker.credentials]
+user1 = "testpass"
+test = "test123"

config/ipfilter.json

@@ -0,0 +1,11 @@
+{
+  "allow": [
+    "127.0.0.1",
+    "192.168.1.0/24",
+    "::1"
+  ],
+  "block": [
+    "10.0.0.0/8",
+    "192.168.1.0/24"
+  ]
+}

go.mod

@@ -1,26 +1,28 @@
 module ghproxy
 
-go 1.24.4
+go 1.24.5
 
 require (
 	github.com/BurntSushi/toml v1.5.0
-	github.com/WJQSERVER-STUDIO/httpc v0.7.0
-	golang.org/x/net v0.41.0
+	github.com/WJQSERVER-STUDIO/httpc v0.8.1
+	golang.org/x/net v0.42.0
 	golang.org/x/time v0.12.0
 )
 
 require (
 	github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2
+	github.com/fenthope/bauth v0.0.1
 	github.com/fenthope/ikumi v0.0.2
+	github.com/fenthope/ipfilter v0.0.1
 	github.com/fenthope/reco v0.0.3
 	github.com/fenthope/record v0.0.3
+	github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d
 	github.com/hashicorp/golang-lru/v2 v2.0.7
-	github.com/infinite-iroha/touka v0.2.4
+	github.com/infinite-iroha/touka v0.3.1
 	github.com/wjqserver/modembed v0.0.1
 )
 
 require (
-	github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 // indirect
-	github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8 // indirect
+	github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 )

go.sum

@@ -1,28 +1,32 @@
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
-github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4 h1:JLtFd00AdFg/TP+dtvIzLkdHwKUGPOAijN1sMtEYoFg=
-github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.4/go.mod h1:FZ6XE+4TKy4MOfX1xWKe6Rwsg0ucYFCdNh1KLvyKTfc=
+github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6 h1:/50VJYXd6jcu+p5BnEBDyiX0nAyGxas1W3DCnrYMxMY=
+github.com/WJQSERVER-STUDIO/go-utils/copyb v0.0.6/go.mod h1:FZ6XE+4TKy4MOfX1xWKe6Rwsg0ucYFCdNh1KLvyKTfc=
 github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2 h1:8bBkKk6E2Zr+I5szL7gyc5f0DK8N9agIJCpM1Cqw2NE=
 github.com/WJQSERVER-STUDIO/go-utils/limitreader v0.0.2/go.mod h1:yPX8xuZH+py7eLJwOYj3VVI/4/Yuy5+x8Mhq8qezcPg=
-github.com/WJQSERVER-STUDIO/httpc v0.7.0 h1:iHhqlxppJBjlmvsIjvLZKRbWXqSdbeSGGofjHGmqGJc=
-github.com/WJQSERVER-STUDIO/httpc v0.7.0/go.mod h1:M7KNUZjjhCkzzcg9lBPs9YfkImI+7vqjAyjdA19+joE=
+github.com/WJQSERVER-STUDIO/httpc v0.8.1 h1:/eG8aYKL3WfQILIRbG+cbzQjPkNHEPTqfGUdQS5rtI4=
+github.com/WJQSERVER-STUDIO/httpc v0.8.1/go.mod h1:mxXBf2hqbQGNHkVy/7wfU7Xi2s09MyZpbY2hyR+4uD4=
+github.com/fenthope/bauth v0.0.1 h1:+4UIQshGx3mYD4L3f2S4MLZOi5PWU7fU5GK3wsZvwzE=
+github.com/fenthope/bauth v0.0.1/go.mod h1:1fveTpgfR1p+WXQ8MXm9BfBCeNYi55j23jxCOGOvBSA=
 github.com/fenthope/ikumi v0.0.2 h1:5oaSTf/Msp7M2O3o/X20omKWEQbFhX4KV0CVF21oCdk=
 github.com/fenthope/ikumi v0.0.2/go.mod h1:IYbxzOGndZv/yRrbVMyV6dxh06X2wXCbfxrTRM1IruU=
+github.com/fenthope/ipfilter v0.0.1 h1:HrYAyixCMvsDAz36GRyFfyCNtrgYwzrhMcY0XV7fGcM=
+github.com/fenthope/ipfilter v0.0.1/go.mod h1:QfY0GrpG0D82HROgdH4c9eog4js42ghLIfl/iM4MvvY=
 github.com/fenthope/reco v0.0.3 h1:RmnQ0D9a8PWtwOODawitTe4BztTnS9wYwrDbipISNq4=
 github.com/fenthope/reco v0.0.3/go.mod h1:mDkGLHte5udWTIcjQTxrABRcf56SSdxBOCLgrRDwI/Y=
 github.com/fenthope/record v0.0.3 h1:v5urgs5LAkLMlljAT/MjW8fWuRHXPnAraTem5ui7rm4=
 github.com/fenthope/record v0.0.3/go.mod h1:KFEkSc4TDZ3QIhP/wglD32uYVA6X1OUcripiao1DEE4=
-github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8 h1:o8UqXPI6SVwQt04RGsqKp3qqmbOfTNMqDrWsc4O47kk=
-github.com/go-json-experiment/json v0.0.0-20250517221953-25912455fbc8/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
+github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d h1:+d6m5Bjvv0/RJct1VcOw2P5bvBOGjENmxORJYnSYDow=
+github.com/go-json-experiment/json v0.0.0-20250714165856-be8212f5270d/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
-github.com/infinite-iroha/touka v0.2.4 h1:P1nmQYv4VEiTIahCw356VcFvpTFB9i11c31LeLh6WbM=
-github.com/infinite-iroha/touka v0.2.4/go.mod h1:2MBPtsM+5ClIZ/E1mPEKx1Rb+KIndTwZlIa2CwRPV7A=
+github.com/infinite-iroha/touka v0.3.1 h1:djR9hg5MbVpT1dIz2GWo4MZ/kx3l6bJ4nrpzpvdi3uk=
+github.com/infinite-iroha/touka v0.3.1/go.mod h1:pHOYHE4AKoQ1KikHF9JYKIJ4he8um1MzgcddscjCeyg=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/wjqserver/modembed v0.0.1 h1:8ZDz7t9M5DLrUFlYgBUUmrMzxWsZPmHvOazkr/T2jEs=
 github.com/wjqserver/modembed v0.0.1/go.mod h1:sYbQJMAjSBsdYQrUsuHY380XXE1CuRh8g9yyCztTXOQ=
-golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
-golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=

main.go

@@ -15,9 +15,13 @@ import (
 	"ghproxy/config"
 	"ghproxy/proxy"
 
+	"github.com/WJQSERVER-STUDIO/httpc"
+	"github.com/fenthope/bauth"
+
 	"ghproxy/weakcache"
 
 	"github.com/fenthope/ikumi"
+	"github.com/fenthope/ipfilter"
 	"github.com/fenthope/reco"
 	"github.com/fenthope/record"
 	"github.com/infinite-iroha/touka"
@@ -31,7 +35,7 @@ var (
 	cfg         *config.Config
 	r           *touka.Engine
 	configfile  = "/data/ghproxy/config/config.toml"
-	hertZfile   *os.File
+	httpClient  *httpc.Client
 	cfgfile     string
 	version     string
 	runMode     string
@@ -163,7 +167,8 @@ func setupApi(cfg *config.Config, r *touka.Engine, version string) {
 }
 
 func InitReq(cfg *config.Config) {
-	err := proxy.InitReq(cfg)
+	var err error
+	httpClient, err = proxy.InitReq(cfg)
 	if err != nil {
 		fmt.Printf("Failed to initialize request: %v\n", err)
 		os.Exit(1)
@@ -333,6 +338,8 @@ func main() {
 
 	r.Use(touka.Recovery()) // Recovery中间件
 	r.SetLogger(logger)
+	r.SetErrorHandler(proxy.UnifiedToukaErrorHandler)
+	r.SetHTTPClient(httpClient)
 	r.Use(record.Middleware()) // log中间件
 	r.Use(viaHeader())
 	/*
@@ -360,8 +367,32 @@ func main() {
 			Burst: cfg.RateLimit.Burst,
 		}))
 	}
+
+	if cfg.IPFilter.Enabled {
+		var err error
+		ipAllowList, ipBlockList, err := auth.ReadIPFilterList(cfg)
+		if err != nil {
+			fmt.Printf("Failed to read IP filter list: %v\n", err)
+			logger.Errorf("Failed to read IP filter list: %v", err)
+			os.Exit(1)
+		}
+		ipBlockFilter, err := ipfilter.NewIPFilter(ipfilter.IPFilterConfig{
+			EnableAllowList: cfg.IPFilter.EnableAllowList,
+			EnableBlockList: cfg.IPFilter.EnableBlockList,
+			AllowList:       ipAllowList,
+			BlockList:       ipBlockList,
+		})
+		if err != nil {
+			fmt.Printf("Failed to initialize IP filter: %v\n", err)
+			logger.Errorf("Failed to initialize IP filter: %v", err)
+			os.Exit(1)
+		} else {
+			r.Use(ipBlockFilter)
+		}
+	}
 	setupApi(cfg, r, version)
 	setupPages(cfg, r)
+	r.SetRedirectTrailingSlash(false)
 
 	r.GET("/github.com/:user/:repo/releases/*filepath", func(c *touka.Context) {
 		c.Set("matcher", "releases")
@@ -411,27 +442,31 @@ func main() {
 		proxy.RoutingHandler(cfg)(c)
 	})
 
-	r.GET("/v2/", func(c *touka.Context) {
-		emptyJSON := "{}"
-		c.Header("Content-Type", "application/json")
-		c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
+	r.GET("/v2/",
+		r.UseIf(cfg.Docker.Auth, func() touka.HandlerFunc {
+			return bauth.BasicAuthForStatic(cfg.Docker.Credentials, "GHProxy Docker Proxy")
+		}),
+		func(c *touka.Context) {
+			emptyJSON := "{}"
+			c.Header("Content-Type", "application/json")
+			c.Header("Content-Length", fmt.Sprint(len(emptyJSON)))
 
-		c.Header("Docker-Distribution-API-Version", "registry/2.0")
+			c.Header("Docker-Distribution-API-Version", "registry/2.0")
 
-		c.Status(200)
-		c.Writer.Write([]byte(emptyJSON))
+			c.Status(200)
+			c.Writer.Write([]byte(emptyJSON))
+		},
+	)
+
+	r.GET("/v2", func(c *touka.Context) {
+		// 重定向到 /v2/
+		c.Redirect(http.StatusMovedPermanently, "/v2/")
 	})
 
 	r.ANY("/v2/:target/:user/:repo/*filepath", func(c *touka.Context) {
 		proxy.GhcrWithImageRouting(cfg)(c)
 	})
 
-	/*
-		r.Any("/v2/:target/*filepath", func( c *touka.Context) {
-			proxy.GhcrRouting(cfg)(c)
-		})
-	*/
-
 	r.NoRoute(func(c *touka.Context) {
 		proxy.NoRouteHandler(cfg)(c)
 	})

proxy/docker.go

@@ -48,12 +48,12 @@ func GhcrWithImageRouting(cfg *config.Config) touka.HandlerFunc {
 		target := ""
 
 		if strings.ContainsRune(reqTarget, charToFind) {
-
-			if reqTarget == "docker.io" {
+			switch reqTarget {
+			case "docker.io":
 				target = dockerhubTarget
-			} else if reqTarget == "ghcr.io" {
+			case "ghcr.io":
 				target = ghcrTarget
-			} else {
+			default:
 				target = reqTarget
 			}
 		} else {
@@ -119,6 +119,7 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 	}()
 
 	method = c.Request.Method
+	ghcrclient := c.GetHTTPC()
 
 	rb := ghcrclient.NewRequestBuilder(method, u)
 	rb.NoDefaultHeaders()
@@ -131,11 +132,6 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 		return
 	}
 
-	//c.Request.Header.VisitAll(func(key, value []byte) {
-	//	headerKey := string(key)
-	//	headerValue := string(value)
-	//	req.Header.Add(headerKey, headerValue)
-	//})
 	copyHeader(c.Request.Header, req.Header)
 
 	req.Header.Set("Host", target)
@@ -153,8 +149,9 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 		return
 	}
 
-	// 处理状态码
-	if resp.StatusCode == 401 {
+	switch resp.StatusCode {
+
+	case 401:
 		// 请求target /v2/路径
 		if string(c.GetRequestURIPath()) != "/v2/" {
 			resp.Body.Close()
@@ -180,13 +177,7 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 				HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
 				return
 			}
-			/*
-				c.Request.Header.VisitAll(func(key, value []byte) {
-					headerKey := string(key)
-					headerValue := string(value)
-					req.Header.Add(headerKey, headerValue)
-				})
-			*/
+
 			copyHeader(c.Request.Header, req.Header)
 
 			req.Header.Set("Host", target)
@@ -201,9 +192,20 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 			}
 		}
 
-	} else if resp.StatusCode == 404 { // 错误处理(404)
+	case 404: // 错误处理(404)
 		ErrorPage(c, NewErrorWithStatusLookup(404, "Page Not Found (From Github)"))
 		return
+	case 302, 301:
+		finalURL := resp.Header.Get("Location")
+		if finalURL != "" {
+			err = resp.Body.Close()
+			if err != nil {
+				c.Errorf("Failed to close response body: %v", err)
+			}
+			c.Infof("Internal Redirecting to %s", finalURL)
+			GhcrRequest(ctx, c, finalURL, image, cfg, target)
+			return
+		}
 	}
 
 	var (
@@ -233,14 +235,6 @@ func GhcrRequest(ctx context.Context, c *touka.Context, u string, image *imageIn
 		}
 	}
 
-	// 复制响应头，排除需要移除的 header
-	/*
-		for key, values := range resp.Header {
-			for _, value := range values {
-				c.Response.Header.Add(key, value)
-			}
-		}
-	*/
 	c.SetHeaders(resp.Header)
 
 	c.Status(resp.StatusCode)
@@ -267,6 +261,7 @@ func ChallengeReq(target string, image *imageInfo, ctx context.Context, c *touka
 	var resp401 *http.Response
 	var req401 *http.Request
 	var err error
+	ghcrclient := c.GetHTTPC()
 
 	rb401 := ghcrclient.NewRequestBuilder("GET", "https://"+target+"/v2/")
 	rb401.NoDefaultHeaders()

proxy/error.go

@@ -20,6 +20,19 @@ func HandleError(c *touka.Context, message string) {
 	c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, message)
 }
 
+func UnifiedToukaErrorHandler(c *touka.Context, code int, err error) {
+
+	errMsg := ""
+	if err != nil {
+		errMsg = err.Error()
+	}
+	c.Errorf("%s %s %s %s %s Error: %v", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.UserAgent(), c.Request.Proto, errMsg)
+
+	constructedGHErr := NewErrorWithStatusLookup(code, errMsg)
+
+	ErrorPage(c, constructedGHErr)
+}
+
 type GHProxyErrors struct {
 	StatusCode   int
 	StatusDesc   string
@@ -65,6 +78,25 @@ var (
 		StatusText: "服务器内部错误",
 		HelpInfo:   "服务器处理您的请求时发生错误，请稍后重试或联系管理员。",
 	}
+	// 502
+	ErrBadGateway = &GHProxyErrors{
+		StatusCode: 502,
+		StatusDesc: "Bad Gateway",
+		StatusText: "网关错误",
+		HelpInfo:   "代理服务器从上游服务器接收到无效响应。",
+	}
+	ErrServiceUnavailable = &GHProxyErrors{
+		StatusCode: 503,
+		StatusDesc: "Service Unavailable",
+		StatusText: "服务不可用",
+		HelpInfo:   "服务器目前无法处理请求，通常是由于服务器过载或停机维护。",
+	}
+	ErrGatewayTimeout = &GHProxyErrors{
+		StatusCode: 504,
+		StatusDesc: "Gateway Timeout",
+		StatusText: "网关超时",
+		HelpInfo:   "代理服务器未能及时从上游服务器接收到响应。",
+	}
 )
 
 var statusErrorMap map[int]*GHProxyErrors
@@ -77,6 +109,9 @@ func init() {
 		ErrNotFound.StatusCode:              ErrNotFound,
 		ErrTooManyRequests.StatusCode:       ErrTooManyRequests,
 		ErrInternalServerError.StatusCode:   ErrInternalServerError,
+		ErrBadGateway.StatusCode:            ErrBadGateway,
+		ErrServiceUnavailable.StatusCode:    ErrServiceUnavailable,
+		ErrGatewayTimeout.StatusCode:        ErrGatewayTimeout,
 	}
 }
 
@@ -169,11 +204,11 @@ func NewSizedLRUCache(maxBytes int64) (*SizedLRUCache, error) {
 	// 当内部 LRU 缓存因其自身的条目容量限制或 RemoveOldest 方法被调用而逐出条目时，
 	// 此回调函数会被执行，从而更新 currentBytes。
 	var err error
-	c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) {
+	//c.cache, err = lru.NewWithEvict[string, []byte](10000, func(key string, value []byte) {
+	c.cache, err = lru.NewWithEvict(10000, func(key string, value []byte) {
 		c.mu.Lock()
 		defer c.mu.Unlock()
 		c.currentBytes -= int64(len(value))
-		//logDebug("LRU evicted key: %s, size: %d, current total: %d", key, len(value), c.currentBytes)
 	})
 	if err != nil {
 		return nil, err
@@ -195,7 +230,6 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
 
 	// 如果待添加的条目本身就大于缓存的最大容量，则不进行缓存。
 	if itemSize > c.maxBytes {
-		//c.Warnf("Item key %s (size %d) larger than cache max capacity %d. Not caching.", key, itemSize, c.maxBytes)
 		return
 	}
 
@@ -203,23 +237,19 @@ func (c *SizedLRUCache) Add(key string, value []byte) {
 	if oldVal, ok := c.cache.Get(key); ok {
 		c.currentBytes -= int64(len(oldVal))
 		c.cache.Remove(key)
-		//logDebug("Key %s exists, removed old size %d. Current total: %d", key, len(oldVal), c.currentBytes)
 	}
 
 	// 主动逐出最旧的条目，直到有足够的空间容纳新条目。
 	for c.currentBytes+itemSize > c.maxBytes && c.cache.Len() > 0 {
 		_, _, existed := c.cache.RemoveOldest()
 		if !existed {
-			//c.Warnf("Attempted to remove oldest, but item not found.")
 			break
 		}
-		//logDebug("Proactively evicted item (size %d) to free space. Current total: %d", len(oldVal), c.currentBytes)
 	}
 
 	// 添加新条目到内部 LRU 缓存。
 	c.cache.Add(key, value)
 	c.currentBytes += itemSize // 手动增加新条目的大小到 currentBytes。
-	//logDebug("Item added: key %s, size: %d, current total: %d", key, itemSize, c.currentBytes)
 }
 
 const maxErrorPageCacheBytes = 512 * 1024 // 错误页面缓存的最大容量：512KB
@@ -231,7 +261,6 @@ func init() {
 	var err error
 	errorPageCache, err = NewSizedLRUCache(maxErrorPageCacheBytes)
 	if err != nil {
-		//	logError("Failed to initialize error page LRU cache: %v", err)
 		panic(err)
 	}
 }
@@ -283,6 +312,16 @@ func htmlTemplateRender(data interface{}) ([]byte, error) {
 }
 
 func ErrorPage(c *touka.Context, errInfo *GHProxyErrors) {
+
+	select {
+	case <-c.Request.Context().Done():
+		return
+	default:
+		if c.Writer.Written() {
+			return
+		}
+	}
+
 	// 将 errInfo 转换为 ErrorPageData 结构体
 	var err error
 	var cacheKey string

proxy/gitreq.go

@@ -17,30 +17,12 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
 		resp *http.Response
 	)
 
-	go func() {
-		<-ctx.Done()
-		if resp != nil && resp.Body != nil {
-			resp.Body.Close()
-		}
-	}()
-
-	/*
-		fullBody, err := c.GetReqBodyFull()
-		if err != nil {
-			HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
-			return
-		}
-		reqBodyReader := bytes.NewBuffer(fullBody)
-	*/
-
 	reqBodyReader, err := c.GetReqBodyBuffer()
 	if err != nil {
 		HandleError(c, fmt.Sprintf("Failed to read request body: %v", err))
 		return
 	}
 
-	//bodyReader := c.Request.BodyStream() // 不可替换为此实现
-
 	if cfg.GitClone.Mode == "cache" {
 		userPath, repoPath, remainingPath, queryParams, err := extractParts(u)
 		if err != nil {
@@ -48,7 +30,11 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
 			return
 		}
 		// 构建新url
-		u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + "?" + queryParams.Encode()
+		var paramStr string
+		if len(queryParams) > 0 {
+			paramStr = "?" + queryParams.Encode()
+		}
+		u = cfg.GitClone.SmartGitAddr + userPath + repoPath + remainingPath + paramStr
 	}
 
 	if cfg.GitClone.Mode == "cache" {
@@ -110,14 +96,6 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
 		}
 	}
 
-	/*
-		for key, values := range resp.Header {
-			for _, value := range values {
-				c.Response.Header.Add(key, value)
-			}
-		}
-	*/
-	//copyHeader( resp.Header)
 	c.SetHeaders(resp.Header)
 
 	headersToRemove := map[string]struct{}{
@@ -150,10 +128,6 @@ func GitReq(ctx context.Context, c *touka.Context, u string, cfg *config.Config,
 
 	bodyReader := resp.Body
 
-	// 读取body内容
-	//bodyContent, _ := io.ReadAll(bodyReader)
-	//	c.Infof("%s", bodyContent)
-
 	if cfg.RateLimit.BandwidthLimit.Enabled {
 		bodyReader = limitreader.NewRateLimitedReader(bodyReader, bandwidthLimit, int(bandwidthBurst), ctx)
 	}

proxy/handler.go

@@ -15,10 +15,6 @@ func NoRouteHandler(cfg *config.Config) touka.HandlerFunc {
 	return func(c *touka.Context) {
 		var ctx = c.Request.Context()
 		var shoudBreak bool
-		//	shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
-		//	if shoudBreak {
-		//		return
-		//	}
 
 		var (
 			rawPath string

proxy/httpc.go

@@ -1,7 +1,6 @@
 package proxy
 
 import (
-	"fmt"
 	"ghproxy/config"
 	"net/http"
 	"time"
@@ -12,42 +11,40 @@ import (
 var BufferSize int = 32 * 1024 // 32KB
 
 var (
-	tr         *http.Transport
-	gittr      *http.Transport
-	client     *httpc.Client
-	gitclient  *httpc.Client
-	ghcrtr     *http.Transport
-	ghcrclient *httpc.Client
+	tr        *http.Transport
+	gittr     *http.Transport
+	client    *httpc.Client
+	gitclient *httpc.Client
 )
 
-func InitReq(cfg *config.Config) error {
-	initHTTPClient(cfg)
+func InitReq(cfg *config.Config) (*httpc.Client, error) {
+	client := initHTTPClient(cfg)
 	if cfg.GitClone.Mode == "cache" {
 		initGitHTTPClient(cfg)
 	}
-	initGhcrHTTPClient(cfg)
 	err := SetGlobalRateLimit(cfg)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	return nil
+	return client, nil
 
 }
 
-func initHTTPClient(cfg *config.Config) {
+func initHTTPClient(cfg *config.Config) *httpc.Client {
 	var proTolcols = new(http.Protocols)
 	proTolcols.SetHTTP1(true)
 	proTolcols.SetHTTP2(true)
 	proTolcols.SetUnencryptedHTTP2(true)
-	if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
 
+	switch cfg.Httpc.Mode {
+	case "auto", "":
 		tr = &http.Transport{
 			IdleConnTimeout: 30 * time.Second,
 			WriteBufferSize: 32 * 1024, // 32KB
 			ReadBufferSize:  32 * 1024, // 32KB
 			Protocols:       proTolcols,
 		}
-	} else if cfg.Httpc.Mode == "advanced" {
+	case "advanced":
 		tr = &http.Transport{
 			MaxIdleConns:        cfg.Httpc.MaxIdleConns,
 			MaxConnsPerHost:     cfg.Httpc.MaxConnsPerHost,
@@ -56,9 +53,10 @@ func initHTTPClient(cfg *config.Config) {
 			ReadBufferSize:      32 * 1024, // 32KB
 			Protocols:           proTolcols,
 		}
-	} else {
+	default:
 		panic("unknown httpc mode: " + cfg.Httpc.Mode)
 	}
+
 	if cfg.Outbound.Enabled {
 		initTransport(cfg, tr)
 	}
@@ -72,18 +70,18 @@ func initHTTPClient(cfg *config.Config) {
 			httpc.WithTransport(tr),
 		)
 	}
-
+	return client
 }
 
 func initGitHTTPClient(cfg *config.Config) {
-
-	if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
+	switch cfg.Httpc.Mode {
+	case "auto", "":
 		gittr = &http.Transport{
 			IdleConnTimeout: 30 * time.Second,
 			WriteBufferSize: 32 * 1024, // 32KB
 			ReadBufferSize:  32 * 1024, // 32KB
 		}
-	} else if cfg.Httpc.Mode == "advanced" {
+	case "advanced":
 		gittr = &http.Transport{
 			MaxIdleConns:        cfg.Httpc.MaxIdleConns,
 			MaxConnsPerHost:     cfg.Httpc.MaxConnsPerHost,
@@ -91,84 +89,30 @@ func initGitHTTPClient(cfg *config.Config) {
 			WriteBufferSize:     32 * 1024, // 32KB
 			ReadBufferSize:      32 * 1024, // 32KB
 		}
-	} else {
+	default:
 		panic("unknown httpc mode: " + cfg.Httpc.Mode)
 	}
+
 	if cfg.Outbound.Enabled {
 		initTransport(cfg, gittr)
 	}
-	if cfg.Server.Debug && cfg.GitClone.ForceH2C {
-		gitclient = httpc.New(
-			httpc.WithTransport(gittr),
-			httpc.WithDumpLog(),
-			httpc.WithProtocols(httpc.ProtocolsConfig{
-				ForceH2C: true,
-			}),
-		)
-	} else if !cfg.Server.Debug && cfg.GitClone.ForceH2C {
-		gitclient = httpc.New(
-			httpc.WithTransport(gittr),
-			httpc.WithProtocols(httpc.ProtocolsConfig{
-				ForceH2C: true,
-			}),
-		)
-	} else if cfg.Server.Debug && !cfg.GitClone.ForceH2C {
-		gitclient = httpc.New(
-			httpc.WithTransport(gittr),
-			httpc.WithDumpLog(),
-			httpc.WithProtocols(httpc.ProtocolsConfig{
-				Http1:           true,
-				Http2:           true,
-				Http2_Cleartext: true,
-			}),
-		)
-	} else {
-		gitclient = httpc.New(
-			httpc.WithTransport(gittr),
-			httpc.WithProtocols(httpc.ProtocolsConfig{
-				Http1:           true,
-				Http2:           true,
-				Http2_Cleartext: true,
-			}),
-		)
-	}
-}
 
-func initGhcrHTTPClient(cfg *config.Config) {
-	var proTolcols = new(http.Protocols)
-	proTolcols.SetHTTP1(true)
-	proTolcols.SetHTTP2(true)
-	if cfg.Httpc.Mode == "auto" || cfg.Httpc.Mode == "" {
+	var opts []httpc.Option // 使用切片来收集选项
+	opts = append(opts, httpc.WithTransport(gittr))
+	var protocolsConfig httpc.ProtocolsConfig
 
-		ghcrtr = &http.Transport{
-			IdleConnTimeout: 30 * time.Second,
-			WriteBufferSize: 32 * 1024, // 32KB
-			ReadBufferSize:  32 * 1024, // 32KB
-			Protocols:       proTolcols,
-		}
-	} else if cfg.Httpc.Mode == "advanced" {
-		ghcrtr = &http.Transport{
-			MaxIdleConns:        cfg.Httpc.MaxIdleConns,
-			MaxConnsPerHost:     cfg.Httpc.MaxConnsPerHost,
-			MaxIdleConnsPerHost: cfg.Httpc.MaxIdleConnsPerHost,
-			WriteBufferSize:     32 * 1024, // 32KB
-			ReadBufferSize:      32 * 1024, // 32KB
-			Protocols:           proTolcols,
-		}
+	if cfg.GitClone.ForceH2C {
+		protocolsConfig.ForceH2C = true
 	} else {
-		panic(fmt.Sprintf("unknown httpc mode: %s", cfg.Httpc.Mode))
-	}
-	if cfg.Outbound.Enabled {
-		initTransport(cfg, ghcrtr)
+		protocolsConfig.Http1 = true
+		protocolsConfig.Http2 = true
+		protocolsConfig.Http2_Cleartext = true
 	}
+	opts = append(opts, httpc.WithProtocols(protocolsConfig))
+
 	if cfg.Server.Debug {
-		ghcrclient = httpc.New(
-			httpc.WithTransport(ghcrtr),
-			httpc.WithDumpLog(),
-		)
-	} else {
-		ghcrclient = httpc.New(
-			httpc.WithTransport(ghcrtr),
-		)
+		opts = append(opts, httpc.WithDumpLog())
 	}
+
+	gitclient = httpc.New(opts...)
 }

proxy/match.go

@@ -28,7 +28,6 @@ func init() {
 	gistPrefixLen = len(gistPrefix)
 	gistContentPrefixLen = len(gistContentPrefix)
 	apiPrefixLen = len(apiPrefix)
-	//log.Printf("githubPrefixLen: %d, rawPrefixLen: %d, gistPrefixLen: %d, apiPrefixLen: %d", githubPrefixLen, rawPrefixLen, gistPrefixLen, apiPrefixLen)
 }
 
 // Matcher 从原始URL路径中高效地解析并匹配代理规则.
@@ -159,105 +158,6 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHPro
 	return "", "", "", NewErrorWithStatusLookup(404, "no matcher found for the given path")
 }
 
-// 原实现
-/*
-func Matcher(rawPath string, cfg *config.Config) (string, string, string, *GHProxyErrors) {
-	var (
-		user    string
-		repo    string
-		matcher string
-	)
-	// 匹配 "https://github.com"开头的链接
-	if strings.HasPrefix(rawPath, "https://github.com") {
-		remainingPath := strings.TrimPrefix(rawPath, "https://github.com")
-
-		//if strings.HasPrefix(remainingPath, "/") {
-		//		remainingPath = strings.TrimPrefix(remainingPath, "/")
-		//}
-
-		remainingPath = strings.TrimPrefix(remainingPath, "/")
-		// 预期格式/user/repo/more...
-		// 取出user和repo和最后部分
-		parts := strings.Split(remainingPath, "/")
-		if len(parts) <= 2 {
-			errMsg := "Not enough parts in path after matching 'https://github.com*'"
-			return "", "", "", NewErrorWithStatusLookup(400, errMsg)
-		}
-		user = parts[0]
-		repo = parts[1]
-		// 匹配 "https://github.com"开头的链接
-		if len(parts) >= 3 {
-			switch parts[2] {
-			case "releases", "archive":
-				matcher = "releases"
-			case "blob":
-				matcher = "blob"
-			case "raw":
-				matcher = "raw"
-			case "info", "git-upload-pack":
-				matcher = "clone"
-			default:
-				errMsg := "Url Matched 'https://github.com*', but didn't match the next matcher"
-				return "", "", "", NewErrorWithStatusLookup(400, errMsg)
-			}
-		}
-		return user, repo, matcher, nil
-	}
-	// 匹配 "https://raw"开头的链接
-	if strings.HasPrefix(rawPath, "https://raw") {
-		remainingPath := strings.TrimPrefix(rawPath, "https://")
-		parts := strings.Split(remainingPath, "/")
-		if len(parts) <= 3 {
-			errMsg := "URL after matched 'https://raw*' should have at least 4 parts (user/repo/branch/file)."
-			return "", "", "", NewErrorWithStatusLookup(400, errMsg)
-		}
-		user = parts[1]
-		repo = parts[2]
-		matcher = "raw"
-
-		return user, repo, matcher, nil
-	}
-	// 匹配 "https://gist"开头的链接
-	if strings.HasPrefix(rawPath, "https://gist") {
-		remainingPath := strings.TrimPrefix(rawPath, "https://")
-		parts := strings.Split(remainingPath, "/")
-		if len(parts) <= 3 {
-			errMsg := "URL after matched 'https://gist*' should have at least 4 parts (user/gist_id)."
-			return "", "", "", NewErrorWithStatusLookup(400, errMsg)
-		}
-		user = parts[1]
-		repo = ""
-		matcher = "gist"
-		return user, repo, matcher, nil
-	}
-	// 匹配 "https://api.github.com/"开头的链接
-	if strings.HasPrefix(rawPath, "https://api.github.com/") {
-		matcher = "api"
-		remainingPath := strings.TrimPrefix(rawPath, "https://api.github.com/")
-
-		parts := strings.Split(remainingPath, "/")
-		if parts[0] == "repos" {
-			user = parts[1]
-			repo = parts[2]
-		}
-		if parts[0] == "users" {
-			user = parts[1]
-		}
-		if !cfg.Auth.ForceAllowApi {
-			if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
-				//return "", "", "", ErrAuthHeaderUnavailable
-				errMsg := "AuthHeader Unavailable, Need to open header auth to enable api proxy"
-				return "", "", "", NewErrorWithStatusLookup(403, errMsg)
-			}
-		}
-		return user, repo, matcher, nil
-	}
-	//return "", "", "", ErrNotFound
-	errMsg := "Didn't match any matcher"
-	return "", "", "", NewErrorWithStatusLookup(404, errMsg)
-}
-*/
-
 var (
 	proxyableMatchersMap map[string]struct{}
 	initMatchersOnce     sync.Once

proxy/routing.go

@@ -12,11 +12,6 @@ func RoutingHandler(cfg *config.Config) touka.HandlerFunc {
 
 		var shoudBreak bool
 
-		//	shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
-		//	if shoudBreak {
-		//		return
-		//}
-
 		var (
 			rawPath string
 		)