use gertz route for std url

2026-02-03 08:11:11 +08:00 · 2025-04-19 22:59:59 +08:00 · 2025-04-19 22:59:59 +08:00 · 26a5148c6f
commit 26a5148c6f
parent 0b052f9c7f
3 changed files with 161 additions and 41 deletions
--- a/proxy/handler.go
+++ b/proxy/handler.go
@ -147,3 +147,123 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
 		}
 	}
 }
+
+func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc {
+	return func(ctx context.Context, c *app.RequestContext) {
+		// 输出所有传入参数
+		logDebug("All Request Params: %v", c.Params)
+		logDebug("Context Params(Matcher): %v", ctx.Value("matcher"))
+
+		// 限制访问频率
+		if cfg.RateLimit.Enabled {
+
+			var allowed bool
+
+			switch cfg.RateLimit.RateMethod {
+			case "ip":
+				allowed = iplimiter.Allow(c.ClientIP())
+			case "total":
+				allowed = limiter.Allow()
+			default:
+				logWarning("Invalid RateLimit Method")
+				return
+			}
+
+			if !allowed {
+				c.JSON(http.StatusTooManyRequests, map[string]string{"error": "Too Many Requests"})
+				logWarning("%s %s %s %s %s 429-TooManyRequests", c.ClientIP(), c.Method(), c.Request.RequestURI(), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol())
+				return
+			}
+		}
+
+		var (
+			rawPath string
+			errMsg  string
+		)
+
+		rawPath = strings.TrimPrefix(string(c.Request.RequestURI()), "/") // 去掉前缀/
+
+		var (
+			user    string
+			repo    string
+			matcher string
+			err     error
+		)
+
+		user = c.Param("user")
+		repo = c.Param("repo")
+		matcher = ctx.Value("matcher").(string)
+
+		logInfo("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
+		// dump log 记录详细信息 c.ClientIP(), c.Method(), rawPath,c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), full Header
+		logDump("%s %s %s %s %s %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), c.Request.Header.Header())
+
+		// 白名单检查
+		if cfg.Whitelist.Enabled {
+			var whitelist bool
+			whitelist = auth.CheckWhitelist(user, repo)
+			if !whitelist {
+				errMsg = fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo)
+				c.JSON(http.StatusForbidden, map[string]string{"error": errMsg})
+				logWarning("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
+				return
+			}
+		}
+
+		// 黑名单检查
+		if cfg.Blacklist.Enabled {
+			var blacklist bool
+			blacklist = auth.CheckBlacklist(user, repo)
+			if blacklist {
+				errMsg = fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo)
+				c.JSON(http.StatusForbidden, map[string]string{"error": errMsg})
+				logWarning("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
+				return
+			}
+		}
+
+		if matcher == "api" && !cfg.Auth.ForceAllowApi {
+			if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
+				c.JSON(http.StatusForbidden, map[string]string{"error": "Github API Req without AuthHeader is Not Allowed"})
+				logWarning("%s %s %s %s %s AuthHeader Unavailable", c.ClientIP(), c.Method(), rawPath)
+				return
+			}
+		}
+
+		// 鉴权
+		if cfg.Auth.Enabled {
+			var authcheck bool
+			authcheck, err = auth.AuthHandler(ctx, c, cfg)
+			if !authcheck {
+				//c.AbortWithStatusJSON(401, gin.H{"error": "Unauthorized"})
+				c.AbortWithStatusJSON(401, map[string]string{"error": "Unauthorized"})
+				logWarning("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), err)
+				return
+			}
+		}
+
+		// 若匹配api.github.com/repos/用户名/仓库名/路径, 则检查是否开启HeaderAuth
+
+		// 处理blob/raw路径
+		if matcher == "blob" {
+			rawPath = strings.Replace(rawPath, "/blob/", "/raw/", 1)
+		}
+
+		// 为rawpath加入https:// 头
+		rawPath = "https://" + rawPath
+
+		// IP METHOD URL USERAGENT PROTO MATCHES
+		logDebug("%s %s %s %s %s Matched: %v", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), matcher)
+
+		switch matcher {
+		case "releases", "blob", "raw", "gist", "api":
+			ChunkedProxyRequest(ctx, c, rawPath, cfg, matcher)
+		case "clone":
+			GitReq(ctx, c, rawPath, cfg, "git")
+		default:
+			c.String(http.StatusForbidden, "Invalid input.")
+			fmt.Println("Invalid input.")
+			return
+		}
+	}
+}
--- a/proxy/match.go
+++ b/proxy/match.go
@ -65,8 +65,10 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, error)
 			switch parts[2] {
 			case "releases", "archive":
 				matcher = "releases"
-			case "blob", "raw":
+			case "blob":
 				matcher = "blob"
+			case "raw":
+				matcher = "raw"
 			case "info", "git-upload-pack":
 				matcher = "clone"
 			default: