From 395f6414681ad857f6b73471ffe8a6331e236b5f Mon Sep 17 00:00:00 2001
From: wjqserver <114663932+WJQSERVER@users.noreply.github.com>
Date: Tue, 1 Apr 2025 18:32:45 +0800
Subject: [PATCH] [break] change auth config & add auth key

---
 api/api.go                    | 13 ++-----------
 auth/auth-header.go           | 10 ++++++++--
 auth/auth-parameters.go       | 10 ++++++++--
 auth/auth.go                  |  8 ++++----
 config/config.go              | 15 +++++++++------
 middleware/nocache/nocache.go | 17 +++++++++++++++++
 proxy/authpass.go             |  2 +-
 proxy/match.go                |  2 +-
 8 files changed, 50 insertions(+), 27 deletions(-)
 create mode 100644 middleware/nocache/nocache.go

diff --git a/api/api.go b/api/api.go
index e463d9a..3f9adc7 100644
--- a/api/api.go
+++ b/api/api.go
@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"ghproxy/config"
+	"ghproxy/middleware/nocache"
 
 	"github.com/WJQSERVER-STUDIO/go-utils/logger"
 	"github.com/cloudwego/hertz/pkg/app"
@@ -18,18 +19,8 @@ var (
 	logError   = logger.LogError
 )
 
-func NoCacheMiddleware() app.HandlerFunc {
-	return func(ctx context.Context, c *app.RequestContext) {
-		// 设置禁止缓存的响应头
-		c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate")
-		c.Response.Header.Set("Pragma", "no-cache")
-		c.Response.Header.Set("Expires", "0")
-		c.Next(ctx) // 继续处理请求
-	}
-}
-
 func InitHandleRouter(cfg *config.Config, r *server.Hertz, version string) {
-	apiRouter := r.Group("/api", NoCacheMiddleware())
+	apiRouter := r.Group("/api", nocache.NoCacheMiddleware())
 	{
 		apiRouter.GET("/size_limit", func(ctx context.Context, c *app.RequestContext) {
 			SizeLimitHandler(cfg, c, ctx)
diff --git a/auth/auth-header.go b/auth/auth-header.go
index 18852ba..1457a13 100644
--- a/auth/auth-header.go
+++ b/auth/auth-header.go
@@ -12,13 +12,19 @@ func AuthHeaderHandler(c *app.RequestContext, cfg *config.Config) (isValid bool,
 		return true, nil
 	}
 	// 获取"GH-Auth"的值
-	authToken := string(c.GetHeader("GH-Auth"))
+	var authToken string
+	if cfg.Auth.Key != "" {
+		authToken = string(c.GetHeader(cfg.Auth.Key))
+
+	} else {
+		authToken = string(c.GetHeader("GH-Auth"))
+	}
 	logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
 	if authToken == "" {
 		return false, fmt.Errorf("Auth token not found")
 	}
 
-	isValid = authToken == cfg.Auth.AuthToken
+	isValid = authToken == cfg.Auth.Token
 	if !isValid {
 		return false, fmt.Errorf("Auth token incorrect")
 	}
diff --git a/auth/auth-parameters.go b/auth/auth-parameters.go
index 3635f92..2167b24 100644
--- a/auth/auth-parameters.go
+++ b/auth/auth-parameters.go
@@ -12,14 +12,20 @@ func AuthParametersHandler(c *app.RequestContext, cfg *config.Config) (isValid b
 		return true, nil
 	}
 
-	authToken := c.Query("auth_token")
+	var authToken string
+	if cfg.Auth.Key != "" {
+		authToken = c.Query(cfg.Auth.Key)
+	} else {
+		authToken = c.Query("auth_token")
+	}
+
 	logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
 
 	if authToken == "" {
 		return false, fmt.Errorf("Auth token not found")
 	}
 
-	isValid = authToken == cfg.Auth.AuthToken
+	isValid = authToken == cfg.Auth.Token
 	if !isValid {
 		return false, fmt.Errorf("Auth token invalid")
 	}
diff --git a/auth/auth.go b/auth/auth.go
index 0236903..1a7f1a2 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -37,17 +37,17 @@ func Init(cfg *config.Config) {
 }
 
 func AuthHandler(ctx context.Context, c *app.RequestContext, cfg *config.Config) (isValid bool, err error) {
-	if cfg.Auth.AuthMethod == "parameters" {
+	if cfg.Auth.Method == "parameters" {
 		isValid, err = AuthParametersHandler(c, cfg)
 		return isValid, err
-	} else if cfg.Auth.AuthMethod == "header" {
+	} else if cfg.Auth.Method == "header" {
 		isValid, err = AuthHeaderHandler(c, cfg)
 		return isValid, err
-	} else if cfg.Auth.AuthMethod == "" {
+	} else if cfg.Auth.Method == "" {
 		logError("Auth method not set")
 		return true, nil
 	} else {
 		logError("Auth method not supported")
-		return false, fmt.Errorf(fmt.Sprintf("Auth method %s not supported", cfg.Auth.AuthMethod))
+		return false, fmt.Errorf(fmt.Sprintf("Auth method %s not supported", cfg.Auth.Method))
 	}
 }
diff --git a/config/config.go b/config/config.go
index c667e91..76e14df 100644
--- a/config/config.go
+++ b/config/config.go
@@ -93,16 +93,18 @@ type LogConfig struct {
 
 /*
 [auth]
-authMethod = "parameters" # "header" or "parameters"
-authToken = "token"
+Method = "parameters" # "header" or "parameters"
+Key = ""
+Token = "token"
 enabled = false
 passThrough = false
 ForceAllowApi = true
 */
 type AuthConfig struct {
 	Enabled       bool   `toml:"enabled"`
-	AuthMethod    string `toml:"authMethod"`
-	AuthToken     string `toml:"authToken"`
+	Method        string `toml:"method"`
+	Key           string `toml:"key"`
+	Token         string `toml:"token"`
 	PassThrough   bool   `toml:"passThrough"`
 	ForceAllowApi bool   `toml:"ForceAllowApi"`
 }
@@ -208,8 +210,9 @@ func DefaultConfig() *Config {
 		},
 		Auth: AuthConfig{
 			Enabled:       false,
-			AuthMethod:    "parameters",
-			AuthToken:     "token",
+			Method:        "parameters",
+			Key:           "",
+			Token:         "token",
 			PassThrough:   false,
 			ForceAllowApi: true,
 		},
diff --git a/middleware/nocache/nocache.go b/middleware/nocache/nocache.go
new file mode 100644
index 0000000..4e8f0d3
--- /dev/null
+++ b/middleware/nocache/nocache.go
@@ -0,0 +1,17 @@
+package nocache
+
+import (
+	"context"
+
+	"github.com/cloudwego/hertz/pkg/app"
+)
+
+func NoCacheMiddleware() app.HandlerFunc {
+	return func(ctx context.Context, c *app.RequestContext) {
+		// 设置禁止缓存的响应头
+		c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate")
+		c.Response.Header.Set("Pragma", "no-cache")
+		c.Response.Header.Set("Expires", "0")
+		c.Next(ctx) // 继续处理请求
+	}
+}
diff --git a/proxy/authpass.go b/proxy/authpass.go
index 46d982c..e506a9e 100644
--- a/proxy/authpass.go
+++ b/proxy/authpass.go
@@ -12,7 +12,7 @@ func AuthPassThrough(c *app.RequestContext, cfg *config.Config, req *http.Reques
 		token := c.Query("token")
 		if token != "" {
 			logDebug("%s %s %s %s %s Auth-PassThrough: token %s", c.ClientIP(), c.Method(), string(c.Path()), c.UserAgent(), c.Request.Header.GetProtocol(), token)
-			switch cfg.Auth.AuthMethod {
+			switch cfg.Auth.Method {
 			case "parameters":
 				if !cfg.Auth.Enabled {
 					req.Header.Set("Authorization", "token "+token)
diff --git a/proxy/match.go b/proxy/match.go
index 7d90077..71f779a 100644
--- a/proxy/match.go
+++ b/proxy/match.go
@@ -114,7 +114,7 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, error)
 			user = parts[1]
 		}
 		if !cfg.Auth.ForceAllowApi {
-			if cfg.Auth.AuthMethod != "header" || !cfg.Auth.Enabled {
+			if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
 				return "", "", "", ErrAuthHeaderUnavailable
 			}
 		}