wjqserver/ghproxy
1
0
Fork 0
mirror of https://github.com/WJQSERVER-STUDIO/ghproxy.git synced 2026-02-03 08:11:11 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

24w11b

Browse source
This commit is contained in:
WJQSERVER 2024-10-08 06:20:35 +08:00
parent b5bfc809a2
commit 05032158d4
6 changed files with 56 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

15
CHANGELOG.md
View file

@ -1,5 +1,18 @@
# 更新日志 # 更新日志
v1.4.0
---
- CHANGE: 优化代码结构,提升性能
- ADD: 新增auth子模块whitelist.go,支持白名单功能
- ADD: 新增whitelist.json文件,用于配置白名单
- CHANGE&ADD: 在config.yaml文件中新增白名单配置块
- FIX: 由于临时加入且未在原开发路线上计划的白名单功能,导致函数命名冲突,在此修复blacklist.go的函数命名问题
24w11b
---
- PRE-RELEASE: 此版本是v1.4.0的预发布版本,请勿在生产环境中使用
- FIX: 修复黑/白名单是否生效相关问题
24w11a 24w11a
--- ---
- PRE-RELEASE: 此版本是v1.4.0的预发布版本,请勿在生产环境中使用 - PRE-RELEASE: 此版本是v1.4.0的预发布版本,请勿在生产环境中使用
@ -7,7 +20,7 @@
- CHANGE: 优化代码结构,提升性能 - CHANGE: 优化代码结构,提升性能
- ADD: 新增auth子模块whitelist.go,支持白名单功能 - ADD: 新增auth子模块whitelist.go,支持白名单功能
- ADD: 新增whitelist.json文件,用于配置白名单 - ADD: 新增whitelist.json文件,用于配置白名单
- FIX: 由于新加入未在原开发路线上计划的白名单功能,导致函数命名冲突,在此修复blacklist.go的函数命名问题 - FIX: 由于临时加入且未在原开发路线上计划的白名单功能,导致函数命名冲突,在此修复blacklist.go的函数命名问题
v1.3.1 v1.3.1
--- ---

2
DEV-VERSION
View file

@ -1 +1 @@
24w11a 24w11b

26
README.md
View file

@ -51,7 +51,7 @@ git clone https://ghproxy.1888866.xyz/github.com/WJQSERVER-STUDIO/ghproxy.git
- Docker-cli - Docker-cli
``` ```
docker run -p 7210:80 -v ./ghproxy/log/run:/data/ghproxy/log -v ./ghproxy/log/caddy:/data/caddy/log --restart always wjqserver/ghproxy docker run -p 7210:80 -v ./ghproxy/log/run:/data/ghproxy/log -v ./ghproxy/log/caddy:/data/caddy/log -v ./ghproxy/config:/data/ghproxy/config --restart always wjqserver/ghproxy
``` ```
- Docker-Compose - Docker-Compose
@ -86,9 +86,14 @@ auth:
# 黑名单配置 # 黑名单配置
blacklist: blacklist:
enabled: true enabled: true # 是否开启黑名单
blacklistfile: "/data/ghproxy/config/blacklist.json" blacklistfile: "/data/ghproxy/config/blacklist.json"
# 白名单配置
whitelist:
enabled: false # 是否开启白名单
whitelistfile: "/data/ghproxy/config/whitelist.json"
``` ```
### 黑名单配置 ### 黑名单配置
@ -103,7 +108,21 @@ blacklist:
"another/repo3" "another/repo3"
] ]
} }
``` ```
### 白名单配置
白名单配置位于config/whitelist.json,格式如下:
```json
{
"whitelist": [
"test/test1",
"example/repo2",
"another/repo3"
]
}
```
### Caddy反代配置 ### Caddy反代配置
@ -128,6 +147,7 @@ example.com {
- [x] 改进程序效率 - [x] 改进程序效率
- [x] 用户鉴权 - [x] 用户鉴权
- [x] 仓库黑名单 - [x] 仓库黑名单
- [x] 仓库白名单
### DEV ### DEV

2
SECURITY.MD
View file

@ -7,7 +7,7 @@
| 版本 | 是否支持 | | 版本 | 是否支持 |
| --- | --- | | --- | --- |
| v1.x.x | :white_check_mark: | | v1.x.x | :white_check_mark: |
| **w**a/b | :warning: 这是测试版本,用于开发测试,可能存在未知的安全隐患 | | **w**a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 |
| v0.x.x | :x: 这些版本不再受支持 | | v0.x.x | :x: 这些版本不再受支持 |
### 版本说明 ### 版本说明

1
docker/dockerfile/release/Dockerfile
View file

@ -14,6 +14,7 @@ RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/VER
wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION} wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}
RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml
RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json
RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/whitelist.json
RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/init.sh RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/init.sh
RUN chmod +x /data/${APPLICATION}/${APPLICATION} RUN chmod +x /data/${APPLICATION}/${APPLICATION}
RUN chmod +x /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh

28
proxy/proxy.go
View file

@ -56,21 +56,25 @@ func NoRouteHandler(cfg *config.Config) gin.HandlerFunc {
fullrepo := fmt.Sprintf("%s/%s", username, repo) fullrepo := fmt.Sprintf("%s/%s", username, repo)
// 白名单检查 // 白名单检查
whitelistpass := auth.CheckWhitelist(fullrepo) if cfg.Whitelist.Enabled {
if !whitelistpass { whitelistpass := auth.CheckWhitelist(fullrepo)
errMsg := fmt.Sprintf("Whitelist Blocked repo: %s", fullrepo) if !whitelistpass {
c.JSON(http.StatusForbidden, gin.H{"error": errMsg}) errMsg := fmt.Sprintf("Whitelist Blocked repo: %s", fullrepo)
logw(errMsg) c.JSON(http.StatusForbidden, gin.H{"error": errMsg})
return logw(errMsg)
return
}
} }
// 黑名单检查 // 黑名单检查
blacklistpass := auth.CheckBlacklist(fullrepo) if cfg.Blacklist.Enabled {
if blacklistpass { blacklistpass := auth.CheckBlacklist(fullrepo)
errMsg := fmt.Sprintf("Blacklist Blocked repo: %s", fullrepo) if blacklistpass {
c.JSON(http.StatusForbidden, gin.H{"error": errMsg}) errMsg := fmt.Sprintf("Blacklist Blocked repo: %s", fullrepo)
logw(errMsg) c.JSON(http.StatusForbidden, gin.H{"error": errMsg})
return logw(errMsg)
return
}
} }
matches = CheckURL(rawPath) matches = CheckURL(rawPath)