diff --git a/auth/auth.go b/auth/auth.go index 3b1d294..2e3c680 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -33,26 +33,3 @@ func AuthHandler(c *gin.Context, cfg *config.Config) bool { return isValid } - -func IsBlacklisted(username, repo string, blacklist map[string][]string, enabled bool) bool { - if !enabled { - return false - } - - // 检查 blacklist 是否为 nil - if blacklist == nil { - // 可以选择记录日志或返回 false - logw("Warning: Blacklist map is nil") - return false - } - - if repos, ok := blacklist[username]; ok { - for _, blacklistedRepo := range repos { - if blacklistedRepo == repo { - return true - } - } - } - - return false -} diff --git a/auth/blacklist.go b/auth/blacklist.go new file mode 100644 index 0000000..2d4b634 --- /dev/null +++ b/auth/blacklist.go @@ -0,0 +1,10 @@ +package auth + +func CheckBlacklist(fullrepo string) bool { + if fullrepo == "test/test1" { + logw("%s in blacklist", fullrepo) + return true + } + logw("%s not in blacklist", fullrepo) + return false +} diff --git a/config/config.go b/config/config.go index 584f794..e4b36e6 100644 --- a/config/config.go +++ b/config/config.go @@ -33,7 +33,7 @@ type Config struct { } `yaml:"blacklist"` } -type Blacklist struct { +type BlacklistMap struct { Blist map[string][]string `yaml:"blacklist"` } @@ -47,8 +47,8 @@ func LoadConfig(filePath string) (*Config, error) { } // LoadBlacklistConfig 从 YAML 配置文件加载黑名单配置 -func LoadBlacklistConfig(filePath string) (*Blacklist, error) { - var blacklist Blacklist +func LoadBlacklistConfig(filePath string) (*BlacklistMap, error) { + var blacklist BlacklistMap if err := loadYAML(filePath, &blacklist); err != nil { return nil, err } diff --git a/main.go b/main.go index f84f30a..9a58fae 100644 --- a/main.go +++ b/main.go @@ -16,7 +16,7 @@ import ( var ( cfg *config.Config - blacklist *config.Blacklist + blacklist *config.BlacklistMap logw = logger.Logw router *gin.Engine configfile = "/data/ghproxy/config/config.yaml" @@ -44,7 +44,7 @@ func loadConfig() { func loadBlacklistConfig() { // 初始化黑名单配置 - blacklist, err := config.LoadBlacklistConfig("/data/ghproxy/config/blacklist.yaml") + blacklist, err := config.LoadBlacklistConfig(cfg.Blacklist.BlacklistFile) if err != nil { log.Fatalf("Failed to load blacklist: %v", err) } @@ -87,7 +87,7 @@ func init() { // 未匹配路由处理 router.NoRoute(func(c *gin.Context) { - proxy.NoRouteHandler(cfg, blacklist)(c) + proxy.NoRouteHandler(cfg, config.BlacklistMap{})(c) }) } diff --git a/proxy/proxy.go b/proxy/proxy.go index ab24b39..08bf85e 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -30,7 +30,7 @@ var exps = []*regexp.Regexp{ regexp.MustCompile(`^(?:https?://)?gist\.github\.com/([^/]+)/.+?/.+`), } -func NoRouteHandler(cfg *config.Config, blacklist *config.Blacklist) gin.HandlerFunc { +func NoRouteHandler(cfg *config.Config, bmap config.BlacklistMap) gin.HandlerFunc { return func(c *gin.Context) { rawPath := strings.TrimPrefix(c.Request.URL.RequestURI(), "/") re := regexp.MustCompile(`^(http:|https:)?/?/?(.*)`) @@ -57,17 +57,13 @@ func NoRouteHandler(cfg *config.Config, blacklist *config.Blacklist) gin.Handler username := pathParts[2] repo := pathParts[3] logw("Blacklist Check > Username: %s, Repo: %s", username, repo) + fullrepo := fmt.Sprintf("%s/%s", username, repo) - if blacklist.Blist == nil { - logw("Warning: Blacklist map is nil") - // 根据需要初始化或处理 - blacklist.Blist = make(map[string][]string) - } - - // 检查仓库是否在黑名单中 - if auth.IsBlacklisted(username, repo, blacklist.Blist, cfg.Blacklist.Enabled) { - c.String(http.StatusForbidden, "Access denied: repository is blacklisted.") - logw("Blacklisted repository: %s/%s", username, repo) + // 黑名单检查 + blacklistpass := auth.CheckBlacklist(fullrepo) + if !blacklistpass { + c.AbortWithStatusJSON(404, gin.H{"error": "Not found"}) + logw("Blacklisted repo: %s", fullrepo) return }