86a4ad881a
为项目增加了一个后台页面, 用于显示IP代理的使用情况统计. 主要包括: - 新增 `backend` 目录, 包含 `index.html` 和 `script.js` 文件, 用于展示统计数据. - 在 `main.go` 中增加了 `setBackendRoute` 函数, 用于提供后台页面的路由. - 将后台页面路由设置为 `/admin`. 注意: 当前代码存在编译错误, 因为无法确定 `ipfilter.NewIPFilter` 的正确返回类型. 错误信息为 `undefined: ipfilter.IPFilter`. 提交此代码是为了让用户能够检查问题.
100 lines
2.8 KiB
Go
100 lines
2.8 KiB
Go
package proxy
|
|
|
|
import (
|
|
"fmt"
|
|
"ghproxy/auth"
|
|
"ghproxy/config"
|
|
"io"
|
|
|
|
"github.com/infinite-iroha/touka"
|
|
)
|
|
|
|
// CountingReader is a reader that counts the number of bytes read.
|
|
// CountingReader 是一个计算已读字节数的读取器.
|
|
type CountingReader struct {
|
|
reader io.Reader
|
|
bytesRead int64
|
|
}
|
|
|
|
// NewCountingReader creates a new CountingReader.
|
|
// NewCountingReader 创建一个新的 CountingReader.
|
|
func NewCountingReader(reader io.Reader) *CountingReader {
|
|
return &CountingReader{
|
|
reader: reader,
|
|
}
|
|
}
|
|
|
|
func (cr *CountingReader) Read(p []byte) (n int, err error) {
|
|
n, err = cr.reader.Read(p)
|
|
cr.bytesRead += int64(n)
|
|
return n, err
|
|
}
|
|
|
|
// BytesRead returns the number of bytes read.
|
|
// BytesRead 返回已读字节数.
|
|
func (cr *CountingReader) BytesRead() int64 {
|
|
return cr.bytesRead
|
|
}
|
|
|
|
// Close closes the underlying reader if it implements io.Closer.
|
|
// 如果底层读取器实现了 io.Closer, 则关闭它.
|
|
func (cr *CountingReader) Close() error {
|
|
if closer, ok := cr.reader.(io.Closer); ok {
|
|
return closer.Close()
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func listCheck(cfg *config.Config, c *touka.Context, user string, repo string, rawPath string) bool {
|
|
if cfg.Auth.ForceAllowApi && cfg.Auth.ForceAllowApiPassList {
|
|
return false
|
|
}
|
|
// 白名单检查
|
|
if cfg.Whitelist.Enabled {
|
|
whitelist := auth.CheckWhitelist(user, repo)
|
|
if !whitelist {
|
|
ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo)))
|
|
c.Infof("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, user, repo)
|
|
return true
|
|
}
|
|
}
|
|
|
|
// 黑名单检查
|
|
if cfg.Blacklist.Enabled {
|
|
blacklist := auth.CheckBlacklist(user, repo)
|
|
if blacklist {
|
|
ErrorPage(c, NewErrorWithStatusLookup(403, fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo)))
|
|
c.Infof("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, user, repo)
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// 鉴权
|
|
func authCheck(c *touka.Context, cfg *config.Config, matcher string, rawPath string) bool {
|
|
var err error
|
|
|
|
if matcher == "api" && !cfg.Auth.ForceAllowApi {
|
|
if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
|
|
ErrorPage(c, NewErrorWithStatusLookup(403, "Github API Req without AuthHeader is Not Allowed"))
|
|
c.Infof("%s %s %s AuthHeader Unavailable", c.ClientIP(), c.Request.Method, rawPath)
|
|
return true
|
|
}
|
|
}
|
|
|
|
// 鉴权
|
|
if cfg.Auth.Enabled {
|
|
var authcheck bool
|
|
authcheck, err = auth.AuthHandler(c, cfg)
|
|
if !authcheck {
|
|
ErrorPage(c, NewErrorWithStatusLookup(401, fmt.Sprintf("Unauthorized: %v", err)))
|
|
c.Infof("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Request.Method, rawPath, c.UserAgent(), c.Request.Proto, err)
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|