diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..87fe7c0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,40 @@ +--- +name: Bug report +about: 报告问题与漏洞 +title: "[BUG]" +labels: bug +assignees: '' + +--- + +### 问题描述 + +请简要描述发现的问题是什么,以及如何重现。 + +### 复现步骤 + +1. 打开... +2. 点击... +3. 观察到... + +### 预期行为 + +请描述在正常情况下应该发生什么。 + +### 实际行为 + +请描述实际发生了什么。 + +### 截图 + +如果适用,请添加截图以帮助解释您的问题。 + +### 环境信息 + +- 发行版: [例如 Debian12, Alpine-Edge ] +- 部署方式: [可执行文件/Docker ] +- GHProxy版本: [例如 1.0.0] + +### 附加信息 + +请提供任何其他可能有助于我们解决问题的信息。 diff --git a/.github/ISSUE_TEMPLATE/features_request.md b/.github/ISSUE_TEMPLATE/features_request.md new file mode 100644 index 0000000..603c02f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/features_request.md @@ -0,0 +1,20 @@ +--- +name: Features request +about: 提出新功能建议 +title: "[Features]" +labels: enhancement +assignees: '' + +--- + +### 功能描述 + +请简要描述您希望增加的功能。 + +### 功能原因 + +请说明您为什么需要这个功能。 + +### 功能实现 + +请详细描述您期望的功能实现。 \ No newline at end of file diff --git a/.github/workflows/build-dev.yml b/.github/workflows/build-dev.yml index 0dac3d8..912f2ab 100644 --- a/.github/workflows/build-dev.yml +++ b/.github/workflows/build-dev.yml @@ -17,27 +17,40 @@ jobs: goarch: [amd64, arm64] env: OUTPUT_BINARY: ghproxy - GO_VERSION: 1.23.2 + GO_VERSION: 1.23.4 steps: - uses: actions/checkout@v3 - - name: Load VERSION + - name: 加载版本号 run: | if [ -f DEV-VERSION ]; then echo "VERSION=$(cat DEV-VERSION)" >> $GITHUB_ENV else echo "DEV-VERSION file not found!" && exit 1 fi - - name: Set up Go + - name: 安装 Go uses: actions/setup-go@v3 with: go-version: ${{ env.GO_VERSION }} - - name: Build + - name: 安装UPX run: | - CGO_ENABLED=0 go build -ldflags="-s -w" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go - - name: Package + sudo apt update + sudo apt install upx -y + - name: 编译 + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} run: | - tar -czvf ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz ./${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} + CGO_ENABLED=0 go build -ldflags "-X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go + upx -9 ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} + - name: 打包 + run: | + mkdir ghproxyd + cp ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./ghproxyd/ + mv ./ghproxyd/${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./ghproxyd/${{ env.OUTPUT_BINARY }} + cp LICENSE ./ghproxyd/ + tar -czf ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz -C ghproxyd . + ls - name: Upload to GitHub Artifacts uses: actions/upload-artifact@v3 with: @@ -49,7 +62,7 @@ jobs: uses: ncipollo/release-action@v1 with: name: ${{ env.VERSION }} - artifacts: ./${{ env.OUTPUT_BINARY }}* + artifacts: ./${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ env.VERSION }} allowUpdates: true @@ -63,6 +76,7 @@ jobs: env: IMAGE_NAME: wjqserver/ghproxy DOCKERFILE: docker/dockerfile/dev/Dockerfile + DOCKERFILE_PATH: docker/dockerfile/dev steps: - name: Checkout diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0c44e0f..ecd561b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,28 +16,40 @@ jobs: goos: [linux] goarch: [amd64, arm64] env: - OUTPUT_BINARY: go - GO_VERSION: 1.23.2 + OUTPUT_BINARY: ghproxy + GO_VERSION: 1.23.4 steps: - uses: actions/checkout@v3 - - name: Load VERSION + - name: 加载版本号 run: | if [ -f VERSION ]; then echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV else echo "VERSION file not found!" && exit 1 fi - - name: Set up Go + - name: 安装 Go uses: actions/setup-go@v3 with: go-version: ${{ env.GO_VERSION }} - - name: Build + - name: 安装 UPX run: | - CGO_ENABLED=0 go build -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go - - name: Package + sudo apt-get update + sudo apt-get install -y upx + - name: 编译 + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} run: | - tar -czvf ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz ./${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} + CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${{ env.VERSION }}" -o ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./main.go + upx -9 ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} + - name: 打包 + run: | + mkdir ghproxyd + cp ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./ghproxyd/ + mv ./ghproxyd/${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}} ./ghproxyd/${{ env.OUTPUT_BINARY }} + cp LICENSE ./ghproxyd/ + tar -czf ${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz -C ghproxyd . - name: Upload to GitHub Artifacts uses: actions/upload-artifact@v3 with: @@ -49,12 +61,13 @@ jobs: uses: ncipollo/release-action@v1 with: name: ${{ env.VERSION }} - artifacts: ./${{ env.OUTPUT_BINARY }}* + artifacts: ./${{ env.OUTPUT_BINARY }}-${{matrix.goos}}-${{matrix.goarch}}.tar.gz token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ env.VERSION }} allowUpdates: true env: - export PATH: $PATH:/usr/local/go/bin + export PATH: $PATH:/usr/local/go/bin + docker: runs-on: ubuntu-latest needs: build # 确保这个作业在 build 作业完成后运行 @@ -94,3 +107,43 @@ jobs: tags: | ${{ env.IMAGE_NAME }}:${{ env.VERSION }} ${{ env.IMAGE_NAME }}:latest + + docker-nocache: + runs-on: ubuntu-latest + needs: build # 确保这个作业在 build 作业完成后运行 + env: + IMAGE_NAME: wjqserver/ghproxy # 定义镜像名称变量 + DOCKERFILE: docker/dockerfile/nocache/Dockerfile # 定义 Dockerfile 路径变量 + + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Load VERSION + run: | + if [ -f VERSION ]; then + echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV + else + echo "VERSION file not found!" && exit 1 + fi + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: 构建镜像 + uses: docker/build-push-action@v6 + with: + file: ./${{ env.DOCKERFILE }} + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ env.IMAGE_NAME }}:${{ env.VERSION }}-nocache + ${{ env.IMAGE_NAME }}:nocache \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 9900383..f775b69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,360 @@ # 更新日志 +24w27a +--- +- PRE-RELEASE: 此版本做为实验性功能测试版本,请勿在生产环境中使用 +- ADD: 新增`api.github.com`反代支持, 强制性要求开启`Header Auth`功能 + +v1.7.7 +--- +- CHANGE: 更新相关依赖库 +- CHANGE: 更新Go版本至1.23.4 +- CHANGE: 更新release及dev版本底包 + +24w26a +--- +- PRE-RELEASE: 此版本是v1.7.7的预发布版本,请勿在生产环境中使用 +- CHANGE: 更新相关依赖库 +- CHANGE: 更新Go版本至1.23.4 +- CHANGE: 更新release及dev版本底包 + +v1.7.6 +--- +- RELEASE: 版本在v1.7.4及以上的用户,我们建议升级到此版本以解决于v1.7.4版本功能更新所引入的问题 +- FIX: 进一步修正 H2C相关配置逻辑问题 +- CHANGE: 对Caddy配置进行实验性修改,优化H2C配置 +- CHANGE: 更新相关依赖库 + +24w25b +--- +- PRE-RELEASE: 此版本是v1.7.6的预发布版本,请勿在生产环境中使用 +- 说明: 本版本为24w25a-fix0 +- FIX: 进一步修正 H2C相关配置逻辑问题 + +24w25a +--- +- PRE-RELEASE: 此版本是v1.7.6的预发布版本,请勿在生产环境中使用 +- 说明: 本版本为v1.7.6的其中一个候选与开发测试版本,相关改动不一定实装 +- FIX: 进一步修正 H2C相关配置逻辑问题 +- CHANGE: 对Caddy配置进行实验性修改,优化H2C配置 +- CHANGE: 更新相关依赖库 + +v1.7.5 +--- +- FIX: 修复 v1.7.4 版本 Docker 镜像默认配置导致的 403 问题 +- ADD: `Rate`模块加入`IP`速率限制,可限制单个IP的请求速率 (需要更多测试) +- CHANGE: 处理积攒的依赖库更新 + +24w24c +--- +- PRE-RELEASE: 此版本是v1.7.5的预发布版本,请勿在生产环境中使用 +- CHANGE: 更新依赖 + +24w24b +--- +- PRE-RELEASE: 此版本是v1.7.5的预发布版本,请勿在生产环境中使用 +- FIX: 修复 Docker 默认配置导致的 403 问题 + +24w24a +--- +- PRE-RELEASE: 此版本是v1.7.5的预发布版本,请勿在生产环境中使用 +- ADD: `Rate`模块加入`IP`速率限制,可限制单个IP的请求速率 (需要更多测试) +- CHANGE: 处理积攒的依赖库更新,更新如下依赖库: +- **github.com/gabriel-vasile/mimetype**: 从 v1.4.6 升级到 v1.4.7 +- **github.com/go-playground/validator/v10**: 从 v10.22.1 升级到 v10.23.0 +- **github.com/klauspost/cpuid/v2**: 从 v2.2.8 升级到 v2.2.9 +- **github.com/onsi/ginkgo/v2**: 从 v2.21.0 升级到 v2.22.0 +- **golang.org/x/arch**: 从 v0.11.0 升级到 v0.12.0 +- **golang.org/x/crypto**: 从 v0.28.0 升级到 v0.29.0 +- **golang.org/x/exp**: 从 v0.0.0-20241009180824-f66d83c29e7c 升级到 v0.0.0-20241108190413-2d47ceb2692f +- **golang.org/x/mod**: 从 v0.21.0 升级到 v0.22.0 +- **golang.org/x/net**: 从 v0.30.0 升级到 v0.31.0 +- **golang.org/x/sync**: 从 v0.8.0 升级到 v0.9.0 +- **golang.org/x/sys**: 从 v0.26.0 升级到 v0.27.0 +- **golang.org/x/text**: 从 v0.19.0 升级到 v0.20.0 +- **golang.org/x/tools**: 从 v0.26.0 升级到 v0.27.0 +- **google.golang.org/protobuf**: 从 v1.35.1 升级到 v1.35.2 + +v1.7.4 +--- +- CHANGE: 对二进制文件部署脚本进行优化 +- CHANGE&ADD: 新增H2C相关配置 +- ADD: `Auth`模块加入`Header`鉴权,使用`GH-Auth`的值进行鉴权 + +24w23a +--- +- PRE-RELEASE: 此版本是v1.7.4的预发布版本,请勿在生产环境中使用 +- ADD: `Auth`模块加入`Header`鉴权,使用`GH-Auth`的值进行鉴权 +- CHANGE: 对二进制文件部署脚本进行优化 +- CHANGE&ADD: 新增H2C相关配置 + +v1.7.3 +--- +- CHANGE: Bump golang.org/x/time from 0.7.0 to 0.8.0 +- FIX: 修复故障熔断的相关问题 + +v1.7.2 +--- +- CHANGE: 为`nocache`版本加入测试性的故障熔断机制 + +v1.7.1 +--- +- CHANGE: 更新Go版本至1.23.3 +- CHANGE: 更新相关依赖库 +- ADD: 对`Proxy`模块进行优化,增加使用`HEAD`方式预获取`Content-Length`头 +- CHANGE: 将`release`与`dev`版本的底包切换至`wjqserver/caddy:2.9.0-rc4-alpine`,将`nocache`版本的底包切换至`alpine:latest` +- CHANGE: 对`nocache`版本的`config.toml`与`init.sh`进行适配性修改 +- CHANGE: 加入测试性的故障熔断机制(Failure Circuit Breaker) (nocache版本暂不支持) + +24w22b +--- +- PRE-RELEASE: 此版本是v1.7.1的预发布版本,请勿在生产环境中使用 +- CHANGE: 更新Go版本至1.23.3 +- CHANGE: 更新相关依赖库 +- ADD: 对`Proxy`模块进行优化,增加使用`HEAD`方式预获取`Content-Length`头 +- CHANGE: 将`release`与`dev`版本的底包切换至`wjqserver/caddy:2.9.0-rc4-alpine`,将`nocache`版本的底包切换至`alpine:latest` +- CHANGE: 对`nocache`版本的`config.toml`与`init.sh`进行适配性修改 + +24w22a +--- +- PRE-RELEASE: 此版本是v1.7.1的预发布版本,请勿在生产环境中使用 +- CHANGE: 更新底包 +- CHANGE: 加入测试性的故障熔断机制(Failure Circuit Breaker) + +v1.7.0 +--- +- ADD: 加入`rate`模块,实现内置速率限制 +- CHANGE: 优化`blacklist`与`whitelist`模块的匹配算法,提升性能;由原先的完整匹配改为切片匹配,提升匹配效率 +- ADD: 加入`version`相关表示与API接口 +- ADD: 加入`rate`相关API接口 +- CHANGE: 优化前端界面,优化部分样式 +- CHANGE: 更新相关依赖库 +- CHANGE: 对编译打包进行改进,此后不再提供独立可执行文件,请改为拉取`tar.gz`压缩包 + +24w21d +--- +- PRE-RELEASE: 此版本是v1.7.0的预发布版本,请勿在生产环境中使用 +- ADD: 新增`ratePerMinute` API可供查询 +- ADD: 前端新增 version 标识 +- ADD: 前端新增 `重定向` 按钮,用于重定向到代理后的链接 +- CHANGE: 优化输出代码块,使样式更加美观 +- CHANGE: 更新相关依赖库 +- CHANGE: 对黑名单模块进行实验性功能优化,提升性能(改进匹配算法,在切片后优先匹配user,减少无效匹配) + +24w21c +--- +- PRE-RELEASE: 此版本是v1.7.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 对编译打包进行改进,此后不再提供独立可执行文件,请改为拉取`tar.gz`压缩包 +- CHANGE: 由于上述原因,对Docker打包进行相应改进 + +24w21b +--- +- PRE-RELEASE: 此版本是v1.7.0的预发布版本,请勿在生产环境中使用 +- ADD: 加入版本号标识与对应API接口 +- ADD: 加入速率限制API接口 +- CHANGE: 修改打包部分 + +24w21a +--- +- PRE-RELEASE: 此版本是v1.7.0的预发布版本,请勿在生产环境中使用 +- ADD: 尝试加入程序内置速率限制 +- CHANGE: 更新相关依赖库 +- CHANGE: 更换Dev版本底包,于release版本保持一致 + +v1.6.2 +--- +- CHANGE: 优化前端界面,优化部分样式 +- ADD: 前端加入黑夜模式 +- CHANGE: 优化移动端适配 +- CHANGE: 优化一键部署脚本,使其更加易用,并增加更多的功能(已于早些时候hotfix) +- CHANGE: 优化部分代码结构,提升性能 +- CHANGE: 优化日志记录,对各个部分的日志记录进行统一格式,并对部分重复日志进行合并 + +24w20b +--- +- PRE-RELEASE: 此版本是v1.6.2的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化前端界面,优化部分样式 +- ADD: 前端加入黑夜模式 +- CHANGE: 优化移动端适配 + +24w20a +--- +- PRE-RELEASE: 此版本是v1.6.2的预发布版本,请勿在生产环境中使用 +- CHANGE: 大幅修改日志记录,对各个部分的日志记录进行统一格式,并对部分重复日志进行合并 +- CHANGE: 大幅优化一键部署脚本,使其更加易用,并增加更多的功能(已于早些时候hotfix) +- CHANGE: 优化部分代码结构,提升性能 + +v1.6.1 +--- +- CHANGE: 根据社区建议,将`sizeLimit`由过去的以`byte`为单位,改为以`MB`为单位,以便于直观理解 +- ADD: 新增`nocache`版本,供由用户自行优化缓存策略 +- CHANGE: 优化`Proxy`核心模块内部结构,提升性能 +- REMOVE: 移除`Proxy`模块内部分无用`logInfo` +- FIX & ADD: 修复前端对gist的匹配问题,添加对`gist.githubusercontent.com`的前端转换支持 +- CHANGE: 改变部分前端匹配逻辑 +- CHANGE: 更新相关依赖库 + +24w19d +--- +- PRE-RELEASE: 此版本是v1.6.1的预发布版本,请勿在生产环境中使用 +- ADD: 新增nocache版本,供由用户自行优化缓存策略 +- CHANGE: 优化`Proxy`核心模块内部结构,提升性能 +- REMOVE: 移除`Proxy`模块内部分无用`logInfo` + +24w19c +--- +- PRE-RELEASE: 此版本是v1.6.1的预发布版本,请勿在生产环境中使用 +- FIX & ADD: 修复前端对gist的匹配问题,添加对`gist.githubusercontent.com`的前端转换支持 +- CHANGE: 改变部分前端匹配逻辑 +- CHANGE: 更新相关依赖库 + +24w19b +--- +- PRE-RELEASE: 此版本是v1.6.1的预发布版本,请勿在生产环境中使用 +- FIX: 修复`sizeLimit`单位更改导致API返回值错误的问题 +- FIX: 修正Gist匹配 + +24w19a +--- +- PRE-RELEASE: 此版本是v1.6.1的预发布版本,请勿在生产环境中使用 +- CHANGE: 根据社区建议,将`sizeLimit`由过去的以`byte`为单位,改为以`MB`为单位,以便于直观理解 +- CHANGE: 更新相关依赖 +- CHANGE: 对`Proxy`模块的核心函数进行模块化,为后续修改和扩展提供空间 + +v1.6.0 +--- +- CHANGE: 优化代码结构,提升性能 +- CHANGE: 引入H2C支持,支持无加密HTTP/2请求,一定程度上提升传输性能 +- ADD: 在核心程序内加入静态页面支持,支持不通过caddy等web server提供前端页面 +- CHANGE: 优化日志记录,带来更多的可观测性 +- CHANGE: 改进前端界面,优化用户体验; 对原有Alert提示进行优化,改为ShowToast提示 +- CHANGE: 规范化部分函数命名,提升可读性; 同时对config.toml内的参数命名进行规范化(部分参数名称已过时,请注意更新) +- CHANGE: 修改日志检查周期,降低检查频率,避免不必要的资源浪费 +- ADD: 增加CORS状态API + +24w18f +--- +- PRE-RELEASE: 此版本是v1.6.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 修正前端页面的部分样式问题 +- FIX: 修正部分问题 + +24w18e +--- +- PRE-RELEASE: 此版本是预发布版本,请勿在生产环境中使用 +- CHANGE: 引入H2C协议支持,支持无加密HTTP/2请求 +- ADD: 尝试在核心程序内加入静态页面支持 +- CHANGE: 优化日志记录 +- CHANGE: 去除部分无用/重复配置 +- CHANGE: 规范化部分函数命名 + +24w18d +--- +- PRE-RELEASE: 此版本是预发布版本,请勿在生产环境中使用 +- CHANGE: 更新相关依赖库 +- ADD: 增加CORS状态API +- CHANGE: 优化部分函数执行顺序 +- CHANGE: 优化前端界面 + +24w18c +--- +- PRE-RELEASE: 此版本是预发布版本,请勿在生产环境中使用 +- CHANGE: 修正配置命名,改为驼峰式命名 +- CHANGE: 修正函数命名 + +24w18b +--- +- PRE-RELEASE: 此版本是预发布版本,请勿在生产环境中使用 +- CHANGE: 经团队考量,移除 Docker 代理功能,若造成了不便敬请谅解 +- CHANGE: 修改日志检查周期 + +24w18a +--- +- PRE-RELEASE: 此版本是预发布版本,请勿在生产环境中使用 +- CHANGE: 改进Docker 代理 +- CHANGE: 改进前端页面的copy提示,弃用alert提示 + +v1.5.2 +--- +- FIX: 修正flag传入问题 +- CHANGE: 去除/路径重定向,改为返回403,并记录对应请求日志 +- CHANGE: 优化Proxy模块的日志记录,记录请求详细信息 + +24w17b +--- +- PRE-RELEASE: 此版本是v1.5.2的预发布版本,请勿在生产环境中使用 +- FIX: 修正flag传入问题 +- CHANGE: 去除/路径重定向,改为返回403,并记录对应请求日志 +- CHANGE: 优化Proxy模块的日志记录,记录请求详细信息 + +24w17a +--- +- PRE-RELEASE: 此版本是v1.5.2的预发布版本,请勿在生产环境中使用 +- FIX: 初步修正flag传入问题,但仍有可能存在其他问题 + +v1.5.1 +--- +- CHANGE: 优化代码结构,提升性能 +- CHANGE: Bump github.com/imroc/req/v3 from 3.48.0 to 3.49.0 by @dependabot in https://github.com/WJQSERVER-STUDIO/ghproxy/pull/7 +- ADD: 新增一键部署脚本,简化二进制文件部署流程 + +24w16a +--- +- PRE-RELEASE: 此版本是v1.5.1的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- CHANGE: Bump github.com/imroc/req/v3 from 3.47.0 to 3.48.0 by @dependabot in https://github.com/WJQSERVER-STUDIO/ghproxy/pull/6 +- ADD: 新增一键部署脚本,简化二进制文件部署流程 + +v1.5.0 +--- +- CHANGE: 优化代码结构,提升性能 +- CHANGE: 改进核心部分,即proxy模块的转发部分,对请求体处理与响应体处理进行优化 +- CHANGE: 配置文件格式由yaml切换至toml,使其具备更好的可读性 +- ADD: 黑白名单引入通配符支持,支持完全屏蔽或放行某个用户,例如`onwer/*`表示匹配`owner`的所有仓库 +- ADD: 新增API模块,新增配置开关状态接口,以在前端指示功能状态 +- CHANGE: 由于API变动,对前端进行相应调整 +- ADD: 日志模块引入日志级别,排障更加直观 +- CHANGE: 改进黑白名单机制,若禁用相关功能,则不对相关模块进行初始化 + +24w15d +--- +- PRE-RELEASE: 此版本是v1.5.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- ADD: 新增API模块,新增配置开关状态接口,以在前端指示功能状态 +- CHANGE: 由于API变动,对前端进行相应调整 + +24w15c +--- +- PRE-RELEASE: 此版本是v1.5.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- CHANGE: 改进核心部分,即proxy模块的转发部分,对请求体处理与响应体处理进行优化 +- CHANGE: 改进黑白名单机制,若禁用相关功能,则不对对应模块进行初始化 +- ADD: 黑白名单引入通配符支持,支持完全屏蔽或放行某个用户,例如`onwer/*`表示匹配`owner`的所有仓库 +- ADD: 日志模块引入日志级别,排障更加直观 + +24w15b +--- +- PRE-RELEASE: 此版本是v1.5.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- FIX: 修正24w15a版本的部分问题 + +24w15a +--- +- PRE-RELEASE: 此版本是v1.5.0的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- CHANGE: 将配置文件由yaml切换至toml + +v1.4.3 +--- +- CHANGE: 优化代码结构,提升性能 +- ADD: 新增命令行参数 `-cfg string` 用于指定配置文件路径 +- CHANGE: 对二进制文件大小进行改进 + +24w14a +--- +- PRE-RELEASE: 此版本是v1.4.3的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- ADD: 新增命令行参数 `-cfg string` 用于指定配置文件路径 + v1.4.2 --- - CHANGE: 优化代码结构,提升性能 @@ -7,6 +362,12 @@ v1.4.2 - CHANGE: 对Docker镜像构建进行优化,大幅减少镜像体积,从v1.4.0的`111 MB`,到v1.4.1的`58 MB`,再到v1.4.2的`28 MB` - CHANGE: 切换至wjqserver/caddy:2.9.0-rc-alpine作为基础镜像 +24w13c +--- +- PRE-RELEASE: 此版本是v1.4.2的预发布版本,请勿在生产环境中使用 +- CHANGE: 优化代码结构,提升性能 +- CHANGE: 修正交叉编译问题 + 24w13b --- - PRE-RELEASE: 此版本是v1.4.2的预发布版本,请勿在生产环境中使用 diff --git a/DEV-VERSION b/DEV-VERSION index ef86b22..1ec6f33 100644 --- a/DEV-VERSION +++ b/DEV-VERSION @@ -1 +1 @@ -24w13b \ No newline at end of file +24w27a \ No newline at end of file diff --git a/README.md b/README.md index 4218ca2..03ca5ac 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# GhProxy +# GHProxy ![pull](https://img.shields.io/docker/pulls/wjqserver/ghproxy.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/WJQSERVER-STUDIO/ghproxy)](https://goreportcard.com/report/github.com/WJQSERVER-STUDIO/ghproxy) @@ -7,6 +7,10 @@ [DEMO](https://ghproxy.1888866.xyz) +[TG讨论群组](https://t.me/ghproxy_go) + +[版本更新介绍](https://blog.wjqserver.com/categories/my-program/) + ## 项目说明 ### 项目特点 @@ -16,7 +20,7 @@ - 支持Docker部署 - 支持速率限制 - 支持用户鉴权 -- 支持自定义黑名单 +- 支持自定义黑名单/白名单 - 符合[RFC 7234](https://httpwg.org/specs/rfc7234.html)的HTTP Cache - 使用Caddy作为Web Server - 基于[WJQSERVER-STUDIO/golang-temp](https://github.com/WJQSERVER-STUDIO/golang-temp)模板构建,具有标准化的日志记录与构建流程 @@ -24,11 +28,10 @@ ### 项目开发过程 **本项目是[WJQSERVER-STUDIO/ghproxy-go](https://github.com/WJQSERVER-STUDIO/ghproxy-go)的重构版本,实现了原项目原定功能的同时,进一步优化了性能** -本项目源于[WJQSERVER-STUDIO/ghproxy-go](https://github.com/WJQSERVER-STUDIO/ghproxy-go)与[WJQSERVER/ghproxy-go-0RTT](https://github.com/WJQSERVER/ghproxy-go-0RTT)两个项目,前者带来了实现框架与资源,后者带来了解决Git clone问题的办法,使得本项目从net/http标准库切换至Gin框架,已解决此困扰已久的问题,在此基础上,本项目进一步优化了性能,并添加了用户鉴权功能,使得部署更加安全可靠。 关于此项目的详细开发过程,请参看Commit记录与[CHANGELOG.md](https://github.com/WJQSERVER-STUDIO/ghproxy/blob/main/CHANGELOG.md) - V1.0.0 迁移至本仓库,并再次重构内容实现 -- v0.2.0 重构项目实现,Git clone的实现完全自主化 +- v0.2.0 重构项目实现 ### LICENSE @@ -54,46 +57,61 @@ git clone https://ghproxy.1888866.xyz/github.com/WJQSERVER-STUDIO/ghproxy.git docker run -p 7210:80 -v ./ghproxy/log/run:/data/ghproxy/log -v ./ghproxy/log/caddy:/data/caddy/log -v ./ghproxy/config:/data/ghproxy/config --restart always wjqserver/ghproxy ``` -- Docker-Compose +- Docker-Compose (建议使用) 参看[docker-compose.yml](https://github.com/WJQSERVER-STUDIO/ghproxy/blob/main/docker/compose/docker-compose.yml) +### 二进制文件部署(不推荐) + +一键部署脚本: + +```bash +wget -O install.sh https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/deploy/install.sh && chmod +x install.sh &&./install.sh +``` + +## 配置说明 + ### 外部配置文件 -本项目采用config.yaml作为外部配置,默认配置如下 -使用Docker部署时,慎重修改config.yaml,以免造成不必要的麻烦 +本项目采用`config.toml`作为外部配置,默认配置如下 +使用Docker部署时,慎重修改`config.toml`,以免造成不必要的麻烦 -```yaml -# 核心配置 -server: - port: 8080 # 监听端口(小白请勿修改) - host: "127.0.0.1" # 监听地址(小白请勿修改) - sizelimit: 131072000 # 125MB +```toml +[server] +host = "127.0.0.1" # 监听地址 +port = 8080 # 监听端口 +sizeLimit = 125 # 125MB +enableH2C = "on" # 是否开启H2C传输(latest和dev版本请开启) on/off -# 日志配置 -logger: - logfilepath: "/data/ghproxy/log/ghproxy.log" # 日志文件路径(小白请勿修改) - maxlogsize: 5 # MB +[pages] +enabled = false # 是否开启内置静态页面(Docker版本请关闭此项) +staticPath = "/data/www" # 静态页面文件路径 -# CORS 配置 -cors: - enabled: true # 是否开启CORS +[log] +logFilePath = "/data/ghproxy/log/ghproxy.log" # 日志文件路径 +maxLogSize = 5 # MB 日志文件最大大小 -# 鉴权配置 -auth: - enabled: false # 是否开启鉴权 - authtoken: "test" # 鉴权Token +[cors] +enabled = true # 是否开启跨域 -# 黑名单配置 -blacklist: - enabled: true # 是否开启黑名单 - blacklistfile: "/data/ghproxy/config/blacklist.json" +[auth] +authMethod = "parameters" # 鉴权方式,支持parameters,header +authToken = "token" # 用户鉴权Token +enabled = false # 是否开启用户鉴权 -# 白名单配置 -whitelist: - enabled: false # 是否开启白名单 - whitelistfile: "/data/ghproxy/config/whitelist.json" +[blacklist] +blacklistFile = "/data/ghproxy/config/blacklist.json" # 黑名单文件路径 +enabled = false # 是否开启黑名单 +[whitelist] +enabled = false # 是否开启白名单 +whitelistFile = "/data/ghproxy/config/whitelist.json" # 白名单文件路径 + +[rateLimit] +enabled = false # 是否开启速率限制 +rateMrthod = "total" # "ip" or "total" 速率限制方式 +ratePerMinute = 180 # 每分钟限制请求数量 +burst = 5 # 突发请求数量 ``` ### 黑名单配置 @@ -105,7 +123,7 @@ whitelist: "blacklist": [ "test/test1", "example/repo2", - "another/repo3" + "another/*" ] } ``` @@ -119,7 +137,7 @@ whitelist: "whitelist": [ "test/test1", "example/repo2", - "another/repo3" + "another/*" ] } ``` @@ -139,16 +157,13 @@ example.com { } ``` -## TODO & DEV +### 前端页面 -### TODO +![ghproxy-demo.png](https://webp.wjqserver.com/ghproxy/ghproxy-demo-v1.7.0-mobile-night.png) -- [x] 允许更多参数通过config结构传入 -- [x] 改进程序效率 -- [x] 用户鉴权 -- [x] 仓库黑名单 -- [x] 仓库白名单 +结语 +--- -### DEV - -- [x] Docker Pull 代理 +本项目基于Go语言实现,使用Gin框架与req库 +Docker镜像基于[WJQSERVER-STUDIO/caddy](https://github.com/WJQSERVER-STUDIO/caddy) +本项目使用WSL LICENSE Version1.2 (WJQSERVER STUDIO LICENSE Version1.2) 授权协议,请遵守相关条例。 diff --git a/SECURITY.MD b/SECURITY.MD index 9bc5d86..8fc021c 100644 --- a/SECURITY.MD +++ b/SECURITY.MD @@ -7,7 +7,7 @@ | 版本 | 是否支持 | | --- | --- | | v1.x.x | :white_check_mark: | -| **w**a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 | +| 24w*a/b/c... | :warning: 此为PRE-RELEASE版本,用于开发与测试,可能存在未知的问题 | | v0.x.x | :x: 这些版本不再受支持 | ### 用户须知 @@ -16,6 +16,8 @@ 使用本项目,请遵循 **[WSL (WJQSERVER-STUDIO LICENSE)](https://wjqserver-studio.github.io/LICENSE/LICENSE.html)** 协议。 +本项目所有文件均受到 WSL (WJQSERVER-STUDIO LICENSE) 协议保护,任何人不得在任何情况下以非 WSL (WJQSERVER-STUDIO LICENSE) 协议内规定的方式使用,复制,修改,编译,发布,分发,再许可,或者出售本项目的任何部分。 + ## 报告漏洞 如果您发现本项目存在安全漏洞,请通过发送ISSUES或尝试联系项目维护者来报告。请在您的报告中包含以下信息: diff --git a/VERSION b/VERSION index 13175fd..73c8b4f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.1 \ No newline at end of file +1.7.7 \ No newline at end of file diff --git a/api/api.go b/api/api.go new file mode 100644 index 0000000..27f5bac --- /dev/null +++ b/api/api.go @@ -0,0 +1,117 @@ +package api + +import ( + "encoding/json" + "ghproxy/config" + "ghproxy/logger" + + "github.com/gin-gonic/gin" +) + +var ( + router *gin.Engine + cfg *config.Config +) + +var ( + logw = logger.Logw + logInfo = logger.LogInfo + logWarning = logger.LogWarning + logError = logger.LogError +) + +func InitHandleRouter(cfg *config.Config, router *gin.Engine, version string) { + apiRouter := router.Group("api") + { + apiRouter.GET("/size_limit", func(c *gin.Context) { + SizeLimitHandler(cfg, c) + }) + apiRouter.GET("/whitelist/status", func(c *gin.Context) { + WhiteListStatusHandler(c, cfg) + }) + apiRouter.GET("/blacklist/status", func(c *gin.Context) { + BlackListStatusHandler(c, cfg) + }) + apiRouter.GET("/cors/status", func(c *gin.Context) { + CorsStatusHandler(c, cfg) + }) + apiRouter.GET("/healthcheck", func(c *gin.Context) { + HealthcheckHandler(c) + }) + apiRouter.GET("/version", func(c *gin.Context) { + VersionHandler(c, version) + }) + apiRouter.GET("/rate_limit/status", func(c *gin.Context) { + RateLimitStatusHandler(c, cfg) + }) + apiRouter.GET("/rate_limit/limit", func(c *gin.Context) { + RateLimitLimitHandler(c, cfg) + }) + } + logInfo("API router Init success") +} + +func SizeLimitHandler(cfg *config.Config, c *gin.Context) { + sizeLimit := cfg.Server.SizeLimit + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "MaxResponseBodySize": sizeLimit, + }) +} + +func WhiteListStatusHandler(c *gin.Context, cfg *config.Config) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "Whitelist": cfg.Whitelist.Enabled, + }) +} + +func BlackListStatusHandler(c *gin.Context, cfg *config.Config) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "Blacklist": cfg.Blacklist.Enabled, + }) +} + +func CorsStatusHandler(c *gin.Context, cfg *config.Config) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "Cors": cfg.CORS.Enabled, + }) +} + +func HealthcheckHandler(c *gin.Context) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "Status": "OK", + }) +} + +func VersionHandler(c *gin.Context, version string) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "Version": version, + }) +} + +func RateLimitStatusHandler(c *gin.Context, cfg *config.Config) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "RateLimit": cfg.RateLimit.Enabled, + }) +} + +func RateLimitLimitHandler(c *gin.Context, cfg *config.Config) { + logInfo("%s %s %s %s %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto) + c.Writer.Header().Set("Content-Type", "application/json") + json.NewEncoder(c.Writer).Encode(map[string]interface{}{ + "RatePerMinute": cfg.RateLimit.RatePerMinute, + }) +} diff --git a/auth/auth-header.go b/auth/auth-header.go new file mode 100644 index 0000000..5089254 --- /dev/null +++ b/auth/auth-header.go @@ -0,0 +1,30 @@ +package auth + +import ( + "fmt" + "ghproxy/config" + + "github.com/gin-gonic/gin" +) + +func AuthHeaderHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { + if !cfg.Auth.Enabled { + return true, "" + } + // 获取"GH-Auth"的值 + authToken := c.GetHeader("GH-Auth") + logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.Request.Method, c.Request.Host, c.Request.URL.Path, c.Request.Proto, c.Request.RemoteAddr, authToken) + if authToken == "" { + err := "Auth Header == nil" + return false, err + } + + isValid = authToken == cfg.Auth.AuthToken + if !isValid { + err := fmt.Sprintf("Auth token incorrect: %s", authToken) + return false, err + } + + logInfo("auth SUCCESS: %t", isValid) + return isValid, "" +} diff --git a/auth/auth-parameters.go b/auth/auth-parameters.go new file mode 100644 index 0000000..c14e23a --- /dev/null +++ b/auth/auth-parameters.go @@ -0,0 +1,31 @@ +package auth + +import ( + "fmt" + "ghproxy/config" + + "github.com/gin-gonic/gin" +) + +func AuthParametersHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { + if !cfg.Auth.Enabled { + return true, "" + } + + authToken := c.Query("auth_token") + logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken) + + if authToken == "" { + err := "Auth token == nil" + return false, err + } + + isValid = authToken == cfg.Auth.AuthToken + if !isValid { + err := fmt.Sprintf("Auth token incorrect: %s", authToken) + return false, err + } + + logInfo("auth SUCCESS: %t", isValid) + return isValid, "" +} diff --git a/auth/auth.go b/auth/auth.go index f92eab7..6e3d9de 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -7,29 +7,35 @@ import ( "github.com/gin-gonic/gin" ) -var logw = logger.Logw +var ( + logw = logger.Logw + logInfo = logger.LogInfo + logWarning = logger.LogWarning + logError = logger.LogError +) -func AuthHandler(c *gin.Context, cfg *config.Config) bool { - // 如果身份验证未启用,直接返回 true - if !cfg.Auth.Enabled { - return true +func Init(cfg *config.Config) { + if cfg.Blacklist.Enabled { + LoadBlacklist(cfg) } - - // 获取 auth_token 参数 - authToken := c.Query("auth_token") - logw("auth_token received: %s", authToken) - - // 验证 token - if authToken == "" { - logw("auth FAILED: no auth_token provided") - return false + if cfg.Whitelist.Enabled { + LoadWhitelist(cfg) + } + logInfo("Auth Init") +} + +func AuthHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { + if cfg.Auth.AuthMethod == "parameters" { + isValid, err = AuthParametersHandler(c, cfg) + return isValid, err + } else if cfg.Auth.AuthMethod == "header" { + isValid, err = AuthHeaderHandler(c, cfg) + return isValid, err + } else if cfg.Auth.AuthMethod == "" { + logWarning("Auth method not set") + return true, "" + } else { + logWarning("Auth method not supported") + return false, "Auth method not supported" } - - isValid := authToken == cfg.Auth.AuthToken - if !isValid { - logw("auth FAILED: invalid auth_token: %s", authToken) - } - - logw("auth SUCCESS: %t", isValid) - return isValid } diff --git a/auth/blacklist.go b/auth/blacklist.go index 88de8eb..6390004 100644 --- a/auth/blacklist.go +++ b/auth/blacklist.go @@ -4,6 +4,7 @@ import ( "encoding/json" "github.com/satomitoka/ghproxy/config" "os" + "strings" ) type BlacklistConfig struct { @@ -22,23 +23,37 @@ func LoadBlacklist(cfg *config.Config) { data, err := os.ReadFile(blacklistfile) if err != nil { - logw("Failed to read blacklist file: %v", err) + logError("Failed to read blacklist file: %v", err) } err = json.Unmarshal(data, blacklist) if err != nil { - logw("Failed to unmarshal blacklist JSON: %v", err) + logError("Failed to unmarshal blacklist JSON: %v", err) } } -func CheckBlacklist(fullrepo string) bool { - return forRangeCheckBlacklist(blacklist.Blacklist, fullrepo) +func CheckBlacklist(repouser string, user string, repo string) bool { + return forRangeCheckBlacklist(blacklist.Blacklist, repouser, user) } -func forRangeCheckBlacklist(blist []string, fullrepo string) bool { +func sliceRepoName_Blacklist(fullrepo string) (string, string) { + s := strings.Split(fullrepo, "/") + if len(s) != 2 { + return "", "" + } + return s[0], s[1] +} + +func forRangeCheckBlacklist(blist []string, fullrepo string, user string) bool { for _, blocked := range blist { - if blocked == fullrepo { - return true + users, _ := sliceRepoName_Blacklist(blocked) + if user == users { + if strings.HasSuffix(blocked, "/*") { + return true + } + if fullrepo == blocked { + return true + } } } return false diff --git a/auth/whitelist.go b/auth/whitelist.go index 1193bfe..339dcfd 100644 --- a/auth/whitelist.go +++ b/auth/whitelist.go @@ -4,6 +4,7 @@ import ( "encoding/json" "github.com/satomitoka/ghproxy/config" "os" + "strings" ) type WhitelistConfig struct { @@ -21,23 +22,37 @@ func LoadWhitelist(cfg *config.Config) { data, err := os.ReadFile(whitelistfile) if err != nil { - logw("Failed to read whitelist file: %v", err) + logError("Failed to read whitelist file: %v", err) } err = json.Unmarshal(data, whitelist) if err != nil { - logw("Failed to unmarshal whitelist JSON: %v", err) + logError("Failed to unmarshal whitelist JSON: %v", err) } } -func CheckWhitelist(fullrepo string) bool { - return forRangeCheckWhitelist(whitelist.Whitelist, fullrepo) +func CheckWhitelist(fullrepo string, user string, repo string) bool { + return forRangeCheckWhitelist(whitelist.Whitelist, fullrepo, user) } -func forRangeCheckWhitelist(blist []string, fullrepo string) bool { - for _, blocked := range blist { - if blocked == fullrepo { - return true +func sliceRepoName_Whitelist(fullrepo string) (string, string) { + s := strings.Split(fullrepo, "/") + if len(s) != 2 { + return "", "" + } + return s[0], s[1] +} + +func forRangeCheckWhitelist(wlist []string, fullrepo string, user string) bool { + for _, passd := range wlist { + users, _ := sliceRepoName_Whitelist(passd) + if users == user { + if strings.HasSuffix(passd, "/*") { + return true + } + if fullrepo == passd { + return true + } } } return false diff --git a/caddyfile/dev/Caddyfile b/caddyfile/dev/Caddyfile index 4d5a963..cd58447 100644 --- a/caddyfile/dev/Caddyfile +++ b/caddyfile/dev/Caddyfile @@ -4,7 +4,7 @@ https_port 443 order cache before rewrite cache { - cache_name GhProxyCache + cache_name GHProxyCache } log { level INFO @@ -12,7 +12,10 @@ roll_size 5MB roll_keep 10 } - } + } + servers :80 { + protocols h1 h2c + } } (log) { @@ -70,14 +73,15 @@ reverse_proxy { to 127.0.0.1:8080 import header_realip + transport http { + versions 1.1 h2c + } } import log ghproxy import cache 0s 300s import error_page import encode import rate_limit 60 - header Age 10 - header Cache-Control "max-age=300" route / { root /data/www file_server @@ -88,22 +92,11 @@ file_server import cache 0s 24h } - handle_errors { - @redirects `{err.status_code} in [301, 302, 307]` - reverse_proxy @redirects { - header_up Location {http.response.header.Location} - } - } - route /v2* { - reverse_proxy https://registry-1.docker.io { - header_up Host registry-1.docker.io - header_up X-Real-IP {remote} - header_up X-Forwarded-For {http.request.header.X-Forwarded-For} - header_up X-Forwarded-Proto {scheme} - header_up Authorization {http.request.header.Authorization} - } - } + route /api* { + rate_limit {remote.ip} 15r/m 10000 429 + import cache 0s 6h + } } import /data/caddy/config.d/* diff --git a/caddyfile/nocache/Caddyfile b/caddyfile/nocache/Caddyfile new file mode 100644 index 0000000..b63e936 --- /dev/null +++ b/caddyfile/nocache/Caddyfile @@ -0,0 +1,99 @@ +{ + debug + http_port 80 + https_port 443 + order cache before rewrite + cache { + cache_name GHProxyCache + } + log { + level INFO + output file /data/caddy/log/caddy.log { + roll_size 5MB + roll_keep 10 + } + } + servers :80 { + protocols h1 h2c + } +} + + +(log) { + log { + format transform `{request>headers>X-Forwarded-For>[0]:request>remote_ip} - {user_id} [{ts}] "{request>method} {request>uri} {request>proto}" {status} {size} "{request>headers>Referer>[0]}" "{request>headers>User-Agent>[0]}"` { + time_format "02/Jan/2006:15:04:05 -0700" + } + output file /data/caddy/log/{args[0]}/access.log { + roll_size 5MB + roll_keep 10 + roll_keep_for 24h + } + } +} + +(error_page) { + handle_errors { + rewrite * /{err.status_code}.html + root * /data/caddy/pages/errors + file_server + } +} + +(encode) { + encode { + zstd best + br 5 v2 + gzip 5 + minimum_length 256 + } +} + +(cache) { + cache { + allowed_http_verbs GET + stale {args[0]} + ttl {args[1]} + } +} + +(header_realip) { + header_up X-Real-IP {remote_host} + header_up X-Real-IP {http.request.header.CF-Connecting-IP} + header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} + header_up X-Forwarded-Proto {http.request.header.CF-Visitor} +} + +(rate_limit) { + route /* { + rate_limit {remote.ip} {args[0]}r/m 10000 429 + } +} + +:80 { + reverse_proxy { + to h2c://127.0.0.1:8080 + import header_realip + } + import log ghproxy + import error_page + import encode + import rate_limit 60 + route / { + root /data/www + file_server + import cache 300s + } + route /favicon.ico { + root /data/www + file_server + import cache 300s + } + + route /api* { + rate_limit {remote.ip} 15r/m 10000 429 + import cache 300s + } +} + +import /data/caddy/config.d/* diff --git a/caddyfile/release/Caddyfile b/caddyfile/release/Caddyfile index 959f1c3..962fa39 100644 --- a/caddyfile/release/Caddyfile +++ b/caddyfile/release/Caddyfile @@ -4,15 +4,18 @@ https_port 443 order cache before rewrite cache { - cache_name GhProxyCache + cache_name GHProxyCache } log { level INFO output file /data/caddy/log/caddy.log { roll_size 5MB roll_keep 10 - } - } + } + } + servers :80 { + protocols h1 h2c + } } (log) { @@ -70,14 +73,15 @@ reverse_proxy { to 127.0.0.1:8080 import header_realip + transport http { + versions 1.1 h2c + } } import log ghproxy import cache 0s 300s import error_page import encode - route /* { - rate_limit {remote.ip} 60r/m 10000 429 - } + import rate_limit 60 route / { root /data/www file_server @@ -87,6 +91,12 @@ root /data/www file_server import cache 0s 24h + + } + + route /api* { + rate_limit {remote.ip} 15r/m 10000 429 + import cache 0s 6h } } diff --git a/config/blacklist.json b/config/blacklist.json index 286d110..839d3f6 100644 --- a/config/blacklist.json +++ b/config/blacklist.json @@ -1,8 +1,7 @@ { - "blacklist": [ - "black/list", - "test/test1", - "example/repo2" - ] - } - \ No newline at end of file + "blacklist": [ + "black/list", + "test/test1", + "example/*" + ] +} \ No newline at end of file diff --git a/config/config.go b/config/config.go index 2acfc51..bf9e30f 100644 --- a/config/config.go +++ b/config/config.go @@ -1,57 +1,69 @@ package config import ( - "os" - - "gopkg.in/yaml.v3" + "github.com/BurntSushi/toml" ) type Config struct { - Server struct { - Port int `yaml:"port"` - Host string `yaml:"host"` - SizeLimit int `yaml:"sizelimit"` - } `yaml:"server"` - - Log struct { - LogFilePath string `yaml:"logfilepath"` - MaxLogSize int `yaml:"maxlogsize"` - } `yaml:"logger"` - - CORS struct { - Enabled bool `yaml:"enabled"` - } `yaml:"cors"` - - Auth struct { - Enabled bool `yaml:"enabled"` - AuthToken string `yaml:"authtoken"` - } `yaml:"auth"` - - Blacklist struct { - Enabled bool `yaml:"enabled"` - BlacklistFile string `yaml:"blacklistfile"` - } `yaml:"blacklist"` - - Whitelist struct { - Enabled bool `yaml:"enabled"` - WhitelistFile string `yaml:"whitelistfile"` - } `yaml:"whitelist"` + Server ServerConfig + Pages PagesConfig + Log LogConfig + CORS CORSConfig + Auth AuthConfig + Blacklist BlacklistConfig + Whitelist WhitelistConfig + RateLimit RateLimitConfig } -// LoadConfig 从 YAML 配置文件加载配置 +type ServerConfig struct { + Port int `toml:"port"` + Host string `toml:"host"` + SizeLimit int `toml:"sizeLimit"` + EnableH2C string `toml:"enableH2C"` +} + +type PagesConfig struct { + Enabled bool `toml:"enabled"` + StaticDir string `toml:"staticDir"` +} + +type LogConfig struct { + LogFilePath string `toml:"logFilePath"` + MaxLogSize int `toml:"maxLogSize"` +} + +type CORSConfig struct { + Enabled bool `toml:"enabled"` +} + +type AuthConfig struct { + Enabled bool `toml:"enabled"` + AuthMethod string `toml:"authMethod"` + AuthToken string `toml:"authToken"` +} + +type BlacklistConfig struct { + Enabled bool `toml:"enabled"` + BlacklistFile string `toml:"blacklistFile"` +} + +type WhitelistConfig struct { + Enabled bool `toml:"enabled"` + WhitelistFile string `toml:"whitelistFile"` +} + +type RateLimitConfig struct { + Enabled bool `toml:"enabled"` + RateMethod string `toml:"rateMethod"` + RatePerMinute int `toml:"ratePerMinute"` + Burst int `toml:"burst"` +} + +// LoadConfig 从 TOML 配置文件加载配置 func LoadConfig(filePath string) (*Config, error) { var config Config - if err := loadYAML(filePath, &config); err != nil { + if _, err := toml.DecodeFile(filePath, &config); err != nil { return nil, err } return &config, nil } - -// LoadyamlConfig 从 YAML 配置文件加载配置 -func loadYAML(filePath string, out interface{}) error { - data, err := os.ReadFile(filePath) - if err != nil { - return err - } - return yaml.Unmarshal(data, out) -} diff --git a/config/config.toml b/config/config.toml new file mode 100644 index 0000000..ce83e2a --- /dev/null +++ b/config/config.toml @@ -0,0 +1,35 @@ +[server] +host = "127.0.0.1" +port = 8080 +sizeLimit = 125 # MB +enableH2C = "on" # "on" or "off" + +[pages] +enabled = false +staticDir = "/data/www" + +[log] +logFilePath = "/data/ghproxy/log/ghproxy.log" +maxLogSize = 5 # MB + +[cors] +enabled = true + +[auth] +authMethod = "parameters" # "header" or "parameters" +authToken = "token" +enabled = false + +[blacklist] +blacklistFile = "/data/ghproxy/config/blacklist.json" +enabled = false + +[whitelist] +enabled = false +whitelistFile = "/data/ghproxy/config/whitelist.json" + +[rateLimit] +enabled = false +rateMrthod = "total" # "ip" or "total" +ratePerMinute = 180 +burst = 5 diff --git a/config/config.yaml b/config/config.yaml deleted file mode 100644 index 21bc68b..0000000 --- a/config/config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Server Configuration -server: - port: 8080 - host: "127.0.0.1" - sizelimit: 131072000 # 125MB - -# Logging Configuration -logger: - logfilepath: "/data/ghproxy/log/ghproxy.log" - maxlogsize: 5 # MB - -# CORS Configuration -cors: - enabled: true - -# Authentication Configuration -auth: - enabled: false - authtoken: "test" - -# Blacklist Configuration -blacklist: - enabled: false - blacklistfile: "/data/ghproxy/config/blacklist.json" - -# Whitelist Configuration -whitelist: - enabled: false - whitelistfile: "/data/ghproxy/config/whitelist.json" \ No newline at end of file diff --git a/config/whitelist.json b/config/whitelist.json index d7ba053..868a3a8 100644 --- a/config/whitelist.json +++ b/config/whitelist.json @@ -1,8 +1,7 @@ { - "whitelist": [ - "white/list", - "white/test1", - "example/white" - ] - } - \ No newline at end of file + "whitelist": [ + "white/list", + "white/test1", + "example/*" + ] +} \ No newline at end of file diff --git a/deploy/config.toml b/deploy/config.toml new file mode 100644 index 0000000..4789d92 --- /dev/null +++ b/deploy/config.toml @@ -0,0 +1,35 @@ +[server] +host = "127.0.0.1" +port = 8080 +sizeLimit = 125 # MB +enableH2C = false + +[pages] +enabled = true +staticDir = "/usr/local/ghproxy/pages" + +[log] +logFilePath = "/usr/local/ghproxy/log/ghproxy.log" +maxLogSize = 5 # MB + +[cors] +enabled = true + +[auth] +authMethod = "parameters" # "header" or "parameters" +authToken = "token" +enabled = false + +[blacklist] +blacklistFile = "/usr/local/ghproxy/config/blacklist.json" +enabled = false + +[whitelist] +enabled = false +whitelistFile = "/usr/local/ghproxy/config/whitelist.json" + +[rateLimit] +enabled = false +rateMrthod = "total" # "ip" or "total" +ratePerMinute = 180 +burst = 5 diff --git a/deploy/ghproxy.service b/deploy/ghproxy.service new file mode 100644 index 0000000..df85e32 --- /dev/null +++ b/deploy/ghproxy.service @@ -0,0 +1,13 @@ +[Unit] +Description=Github Proxy Service +After=network.target + +[Service] +ExecStart=/bin/bash -c '/usr/local/ghproxy/ghproxy -cfg /usr/local/ghproxy/config/config.toml > /usr/local/ghproxy/log/run.log 2>&1' +WorkingDirectory=/usr/local/ghproxy +Restart=always +User=root +Group=root + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/deploy/install-dev.sh b/deploy/install-dev.sh new file mode 100644 index 0000000..44609e4 --- /dev/null +++ b/deploy/install-dev.sh @@ -0,0 +1,144 @@ +# /bin/bash +# https://github.com/WJQSERVER-STUDIO/ghproxy + +ghproxy_dir="/usr/local/ghproxy" + +# install packages +install() { + if [ $# -eq 0 ]; then + echo "ARGS NOT FOUND" + return 1 + fi + + for package in "$@"; do + if ! command -v "$package" &>/dev/null; then + if command -v dnf &>/dev/null; then + dnf -y update && dnf install -y "$package" + elif command -v yum &>/dev/null; then + yum -y update && yum -y install "$package" + elif command -v apt &>/dev/null; then + apt update -y && apt install -y "$package" + elif command -v apk &>/dev/null; then + apk update && apk add "$package" + else + echo "UNKNOWN PACKAGE MANAGER" + return 1 + fi + fi + done + + return 0 +} + +make_systemd_service() { + cat < /etc/systemd/system/ghproxy.service +[Unit] +Description=Github Proxy Service +After=network.target + +[Service] +ExecStart=/bin/bash -c '$ghproxy_dir/ghproxy -cfg $ghproxy_dir/config/config.toml > $ghproxy_dir/log/run.log 2>&1' +WorkingDirectory=$ghproxy_dir +Restart=always +User=root +Group=root + +[Install] +WantedBy=multi-user.target + +EOF + +} + +# 检查是否为root用户 +if [ "$EUID" -ne 0 ]; then + echo "请以root用户运行此脚本" + exit 1 +fi + +# 安装依赖包 +install curl wget sed + +# 查看当前架构是否为linux/amd64或linux/arm64 +ARCH=$(uname -m) +if [ "$ARCH" != "x86_64" ] && [ "$ARCH" != "aarch64" ]; then + echo " $ARCH 架构不被支持" + exit 1 +fi + +# 重写架构值,改为amd64或arm64 +if [ "$ARCH" == "x86_64" ]; then + ARCH="amd64" +elif [ "$ARCH" == "aarch64" ]; then + ARCH="arm64" +fi + +# 获取监听端口 +read -p "请输入程序监听的端口(默认8080): " PORT +if [ -z "$PORT" ]; then + PORT=8080 +fi + +# 本机监听/泛监听(127.0.0.1/0.0.0.0) +read -p "请键入程序监听的IP(默认127.0.0.1)(0.0.0.0为泛监听): " IP +if [ -z "$IP" ]; then + IP="127.0.0.1" +fi + +# 安装目录 +read -p "请输入安装目录(默认/usr/local/ghproxy): " ghproxy_dir +if [ -z "$ghproxy_dir" ]; then + ghproxy_dir="/usr/local/ghproxy" +fi + +# 创建目录 +mkdir -p ${ghproxy_dir} +mkdir -p ${ghproxy_dir}/config +mkdir -p ${ghproxy_dir}/log +mkdir -p ${ghproxy_dir}/pages + +# 获取最新版本号 +VERSION=$(curl -s https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/DEV-VERSION) +wget -q -O ${ghproxy_dir}/VERSION https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/DEV-VERSION + +# 下载ghproxy +wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/$VERSION/ghproxy-linux-$ARCH.tar.gz +install tar +tar -zxvf ${ghproxy_dir}/ghproxy-linux-$ARCH.tar.gz -C ${ghproxy_dir} +chmod +x ${ghproxy_dir}/ghproxy + +# 下载pages +wget -q -O ${ghproxy_dir}/pages/index.html https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/pages/index.html +wget -q -O ${ghproxy_dir}/pages/favicon.ico https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/pages/favicon.ico + + +# 下载配置文件 +if [ -f ${ghproxy_dir}/config/config.toml ]; then + echo "配置文件已存在, 跳过下载" + echo "[WARNING] 请检查配置文件是否正确,DEV版本升级时请注意配置文件兼容性" + sleep 2 +else + wget -q -O ${ghproxy_dir}/config/config.toml https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/deploy/config.toml +fi + +# 替换 port = 8080 +sed -i "s/port = 8080/port = $PORT/g" ${ghproxy_dir}/config/config.toml +sed -i 's/host = "127.0.0.1"/host = "'"$IP"'"/g' ${ghproxy_dir}/config/config.toml +sed -i "s|staticDir = \"/usr/local/ghproxy/pages\"|staticDir = \"${ghproxy_dir}/pages\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|logFilePath = \"/usr/local/ghproxy/log/ghproxy.log\"|logFilePath = \"${ghproxy_dir}/log/ghproxy.log\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|blacklistFile = \"/usr/local/ghproxy/config/blacklist.json\"|blacklistFile = \"${ghproxy_dir}/config/blacklist.json\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|whitelistFile = \"/usr/local/ghproxy/config/whitelist.json\"|whitelistFile = \"${ghproxy_dir}/config/whitelist.json\"|g" ${ghproxy_dir}/config/config.toml + +# 下载systemd服务文件 +if [ "$ghproxy_dir" = "/usr/local/ghproxy" ]; then + wget -q -O /etc/systemd/system/ghproxy.service https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/deploy/ghproxy.service +else + make_systemd_service +fi + +# 启动ghproxy +systemctl daemon-reload +systemctl enable ghproxy +systemctl start ghproxy + +echo "ghproxy 安装成功, 监听端口为 $PORT" diff --git a/deploy/install.sh b/deploy/install.sh new file mode 100644 index 0000000..3361e94 --- /dev/null +++ b/deploy/install.sh @@ -0,0 +1,144 @@ +# /bin/bash +# https://github.com/WJQSERVER-STUDIO/ghproxy + +ghproxy_dir="/usr/local/ghproxy" + +# install packages +install() { + if [ $# -eq 0 ]; then + echo "ARGS NOT FOUND" + return 1 + fi + + for package in "$@"; do + if ! command -v "$package" &>/dev/null; then + if command -v dnf &>/dev/null; then + dnf -y update && dnf install -y "$package" + elif command -v yum &>/dev/null; then + yum -y update && yum -y install "$package" + elif command -v apt &>/dev/null; then + apt update -y && apt install -y "$package" + elif command -v apk &>/dev/null; then + apk update && apk add "$package" + else + echo "UNKNOWN PACKAGE MANAGER" + return 1 + fi + fi + done + + return 0 +} + +make_systemd_service() { + cat < /etc/systemd/system/ghproxy.service +[Unit] +Description=Github Proxy Service +After=network.target + +[Service] +ExecStart=/bin/bash -c '$ghproxy_dir/ghproxy -cfg $ghproxy_dir/config/config.toml > $ghproxy_dir/log/run.log 2>&1' +WorkingDirectory=$ghproxy_dir +Restart=always +User=root +Group=root + +[Install] +WantedBy=multi-user.target + +EOF + +} + +# 检查是否为root用户 +if [ "$EUID" -ne 0 ]; then + echo "请以root用户运行此脚本" + exit 1 +fi + +# 安装依赖包 +install curl wget sed + +# 查看当前架构是否为linux/amd64或linux/arm64 +ARCH=$(uname -m) +if [ "$ARCH" != "x86_64" ] && [ "$ARCH" != "aarch64" ]; then + echo " $ARCH 架构不被支持" + exit 1 +fi + +# 重写架构值,改为amd64或arm64 +if [ "$ARCH" == "x86_64" ]; then + ARCH="amd64" +elif [ "$ARCH" == "aarch64" ]; then + ARCH="arm64" +fi + +# 获取监听端口 +read -p "请输入程序监听的端口(默认8080): " PORT +if [ -z "$PORT" ]; then + PORT=8080 +fi + +# 本机监听/泛监听(127.0.0.1/0.0.0.0) +read -p "请键入程序监听的IP(默认127.0.0.1)(0.0.0.0为泛监听): " IP +if [ -z "$IP" ]; then + IP="127.0.0.1" +fi + +# 安装目录 +read -p "请输入安装目录(默认/usr/local/ghproxy): " ghproxy_dir +if [ -z "$ghproxy_dir" ]; then + ghproxy_dir="/usr/local/ghproxy" +fi + +# 创建目录 +mkdir -p ${ghproxy_dir} +mkdir -p ${ghproxy_dir}/config +mkdir -p ${ghproxy_dir}/log +mkdir -p ${ghproxy_dir}/pages + +# 获取最新版本号 +VERSION=$(curl -s https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/VERSION) +wget -q -O ${ghproxy_dir}/VERSION https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/VERSION + +# 下载ghproxy +wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/${VERSION}/ghproxy-linux-${ARCH}.tar.gz +install tar +tar -zxvf ${ghproxy_dir}/ghproxy-linux-$ARCH.tar.gz -C ${ghproxy_dir} +chmod +x ${ghproxy_dir}/ghproxy + +# 下载pages +wget -q -O ${ghproxy_dir}/pages/index.html https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/pages/index.html +wget -q -O ${ghproxy_dir}/pages/favicon.ico https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/pages/favicon.ico + + +# 下载配置文件 +if [ -f ${ghproxy_dir}/config/config.toml ]; then + echo "配置文件已存在, 跳过下载" + echo "[WARNING] 请检查配置文件是否正确,DEV版本升级时请注意配置文件兼容性" + sleep 2 +else + wget -q -O ${ghproxy_dir}/config/config.toml https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/deploy/config.toml +fi + +# 替换 port = 8080 +sed -i "s/port = 8080/port = $PORT/g" ${ghproxy_dir}/config/config.toml +sed -i 's/host = "127.0.0.1"/host = "'"$IP"'"/g' ${ghproxy_dir}/config/config.toml +sed -i "s|staticDir = \"/usr/local/ghproxy/pages\"|staticDir = \"${ghproxy_dir}/pages\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|logFilePath = \"/usr/local/ghproxy/log/ghproxy.log\"|logFilePath = \"${ghproxy_dir}/log/ghproxy.log\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|blacklistFile = \"/usr/local/ghproxy/config/blacklist.json\"|blacklistFile = \"${ghproxy_dir}/config/blacklist.json\"|g" ${ghproxy_dir}/config/config.toml +sed -i "s|whitelistFile = \"/usr/local/ghproxy/config/whitelist.json\"|whitelistFile = \"${ghproxy_dir}/config/whitelist.json\"|g" ${ghproxy_dir}/config/config.toml + +# 下载systemd服务文件 +if [ "$ghproxy_dir" = "/usr/local/ghproxy" ]; then + wget -q -O /etc/systemd/system/ghproxy.service https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/deploy/ghproxy.service +else + make_systemd_service +fi + +# 启动ghproxy +systemctl daemon-reload +systemctl enable ghproxy +systemctl start ghproxy + +echo "ghproxy 安装成功, 监听端口为 $PORT" diff --git a/deploy/uninstall.sh b/deploy/uninstall.sh new file mode 100644 index 0000000..d9b784e --- /dev/null +++ b/deploy/uninstall.sh @@ -0,0 +1,27 @@ +# /bin/bash + +# 停止 ghproxy 服务 +systemctl stop ghproxy + +# 删除 ghproxy 服务 +systemctl disable ghproxy +rm /etc/systemd/system/ghproxy.service + +# 获取安装文件夹 +read -p "请输入 ghproxy 安装文件夹路径(默认 /usr/local/ghproxy): " install_path +if [ -z "$install_path" ]; then + install_path="/usr/local/ghproxy" +fi + +# 删除 ghproxy 文件夹 +# 检查目录是否存在ghproxy文件 +if [ -f "$install_path" ]; then + echo "ghproxy 未安装或安装路径错误" + exit 1 +else + echo "ghproxy 安装目录已确认,正在卸载..." + rm -r $install_path +fi + + +echo "ghproxy 已成功卸载" \ No newline at end of file diff --git a/docker/compose/docker-compose.yml b/docker/compose/docker-compose.yml index 2c3c2f9..e87395e 100644 --- a/docker/compose/docker-compose.yml +++ b/docker/compose/docker-compose.yml @@ -3,6 +3,12 @@ services: ghproxy: image: 'wjqserver/ghproxy:latest' restart: always + healthcheck: + test: ["CMD", "curl", "-f", "http://127.0.0.1:80/api/healthcheck"] + interval: 60s + timeout: 10s + retries: 3 + start_period: 30s volumes: - './ghproxy/log/run:/data/ghproxy/log' - './ghproxy/log/caddy:/data/caddy/log' diff --git a/docker/dockerfile/dev/Dockerfile b/docker/dockerfile/dev/Dockerfile index cd15be6..20fffd1 100644 --- a/docker/dockerfile/dev/Dockerfile +++ b/docker/dockerfile/dev/Dockerfile @@ -1,4 +1,4 @@ -FROM wjqserver/caddy:daily-alpine AS builder +FROM wjqserver/caddy:2.9.0-rc5-alpine AS builder ARG USER=WJQSERVER-STUDIO ARG REPO=ghproxy @@ -13,7 +13,7 @@ RUN mkdir -p /data/${APPLICATION}/config RUN mkdir -p /data/${APPLICATION}/log # 安装依赖 -RUN apk add --no-cache curl wget +RUN apk add --no-cache curl wget tar # 前端 RUN wget -O /data/www/index.html https://raw.githubusercontent.com/${USER}/${REPO}/main/pages/index.html @@ -21,12 +21,14 @@ RUN wget -O /data/www/favicon.ico https://raw.githubusercontent.com/${USER}/${RE # 后端 RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/DEV-VERSION) && \ - wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}-${TARGETOS}-${TARGETARCH} + wget -O /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz && \ + tar -zxvf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz -C /data/${APPLICATION} && \ + rm -rf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/docker/dockerfile/dev/init.sh # 拉取配置 RUN wget -O /data/caddy/Caddyfile https://raw.githubusercontent.com/${USER}/${REPO}/main/caddyfile/dev/Caddyfile -RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml +RUN wget -O /data/${APPLICATION}/config.toml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.toml RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/whitelist.json @@ -34,7 +36,9 @@ RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.co RUN chmod +x /data/${APPLICATION}/${APPLICATION} RUN chmod +x /usr/local/bin/init.sh -FROM wjqserver/caddy:daily-alpine +FROM wjqserver/caddy:2.9.0-rc5-alpine + +RUN apk add --no-cache curl COPY --from=builder /data/www /data/www COPY --from=builder /data/caddy /data/caddy diff --git a/docker/dockerfile/dev/init.sh b/docker/dockerfile/dev/init.sh index a4dea96..993de64 100644 --- a/docker/dockerfile/dev/init.sh +++ b/docker/dockerfile/dev/init.sh @@ -14,14 +14,18 @@ if [ ! -f /data/${APPLICATION}/config/whitelist.json ]; then cp /data/${APPLICATION}/whitelist.json /data/${APPLICATION}/config/whitelist.json fi -if [ ! -f /data/${APPLICATION}/config/config.yaml ]; then - cp /data/${APPLICATION}/config.yaml /data/${APPLICATION}/config/config.yaml +if [ ! -f /data/${APPLICATION}/config/config.toml ]; then + cp /data/${APPLICATION}/config.toml /data/${APPLICATION}/config/config.toml fi /data/caddy/caddy run --config /data/caddy/config/Caddyfile > /data/${APPLICATION}/log/caddy.log 2>&1 & -/data/${APPLICATION}/${APPLICATION} > /data/${APPLICATION}/log/run.log 2>&1 & +/data/${APPLICATION}/${APPLICATION} -cfg /data/${APPLICATION}/config/config.toml > /data/${APPLICATION}/log/run.log 2>&1 & -while true; do - sleep 1 -done \ No newline at end of file +sleep 30 + +while [[ true ]]; do + # Failure Circuit Breaker + curl -f --max-time 5 -retry 3 http://127.0.0.1:8080/api/healthcheck || exit 1 + sleep 120 +done \ No newline at end of file diff --git a/docker/dockerfile/nocache/Dockerfile b/docker/dockerfile/nocache/Dockerfile new file mode 100644 index 0000000..2d7327b --- /dev/null +++ b/docker/dockerfile/nocache/Dockerfile @@ -0,0 +1,52 @@ +FROM alpine:latest AS builder + +ARG USER=WJQSERVER-STUDIO +ARG REPO=ghproxy +ARG APPLICATION=ghproxy +ARG TARGETOS +ARG TARGETARCH +ARG TARGETPLATFORM + +# 创建文件夹 +RUN mkdir -p /data/www +RUN mkdir -p /data/${APPLICATION}/config +RUN mkdir -p /data/${APPLICATION}/log + +# 安装依赖 +RUN apk add --no-cache curl wget tar + +# 前端 +RUN wget -O /data/www/index.html https://raw.githubusercontent.com/${USER}/${REPO}/main/pages/index.html +RUN wget -O /data/www/favicon.ico https://raw.githubusercontent.com/${USER}/${REPO}/main/pages/favicon.ico + +# 后端 +RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/VERSION) && \ + wget -O /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz && \ + tar -zxvf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz -C /data/${APPLICATION} && \ + rm -rf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz +RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/docker/dockerfile/nocache/init.sh + +# 拉取配置 +#RUN wget -O /data/caddy/Caddyfile https://raw.githubusercontent.com/${USER}/${REPO}/main/caddyfile/nocache/Caddyfile +RUN wget -O /data/${APPLICATION}/config.toml https://raw.githubusercontent.com/${USER}/${REPO}/main/docker/dockerfile/nocache/config.toml +RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json +RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/whitelist.json + +# 权限 +RUN chmod +x /data/${APPLICATION}/${APPLICATION} +RUN chmod +x /usr/local/bin/init.sh + +FROM alpine:latest + +RUN apk add --no-cache curl + +COPY --from=builder /data/www /data/www +COPY --from=builder /data/${APPLICATION} /data/${APPLICATION} +COPY --from=builder /usr/local/bin/init.sh /usr/local/bin/init.sh + +# 权限 +RUN chmod +x /data/${APPLICATION}/${APPLICATION} +RUN chmod +x /usr/local/bin/init.sh + +CMD ["/usr/local/bin/init.sh"] + diff --git a/docker/dockerfile/nocache/config.toml b/docker/dockerfile/nocache/config.toml new file mode 100644 index 0000000..99147a8 --- /dev/null +++ b/docker/dockerfile/nocache/config.toml @@ -0,0 +1,35 @@ +[server] +host = "0.0.0.0" +port = 80 #修改此配置会导致容器异常 +sizeLimit = 125 # MB +enableH2C = "off" # on / off + +[pages] +enabled = true +staticDir = "/data/www" + +[log] +logFilePath = "/data/ghproxy/log/ghproxy.log" +maxLogSize = 5 # MB + +[cors] +enabled = true + +[auth] +authMethod = "parameters" # "header" or "parameters" +authToken = "token" +enabled = false + +[blacklist] +blacklistFile = "/data/ghproxy/config/blacklist.json" +enabled = false + +[whitelist] +enabled = false +whitelistFile = "/data/ghproxy/config/whitelist.json" + +[rateLimit] +enabled = false +rateMrthod = "total" # "ip" or "total" +ratePerMinute = 180 +burst = 5 diff --git a/docker/dockerfile/nocache/init.sh b/docker/dockerfile/nocache/init.sh new file mode 100644 index 0000000..27a153f --- /dev/null +++ b/docker/dockerfile/nocache/init.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +APPLICATION=ghproxy + +if [ ! -f /data/${APPLICATION}/config/blacklist.json ]; then + cp /data/${APPLICATION}/blacklist.json /data/${APPLICATION}/config/blacklist.json +fi + +if [ ! -f /data/${APPLICATION}/config/whitelist.json ]; then + cp /data/${APPLICATION}/whitelist.json /data/${APPLICATION}/config/whitelist.json +fi + +if [ ! -f /data/${APPLICATION}/config/config.toml ]; then + cp /data/${APPLICATION}/config.toml /data/${APPLICATION}/config/config.toml +fi + +/data/${APPLICATION}/${APPLICATION} -cfg /data/${APPLICATION}/config/config.toml > /data/${APPLICATION}/log/run.log 2>&1 & + +sleep 30 + +while [[ true ]]; do + # Failure Circuit Breaker + curl -f --max-time 5 -retry 3 http://127.0.0.1:80/api/healthcheck || exit 1 + sleep 120 +done \ No newline at end of file diff --git a/docker/dockerfile/release/Dockerfile b/docker/dockerfile/release/Dockerfile index 5247449..3f90415 100644 --- a/docker/dockerfile/release/Dockerfile +++ b/docker/dockerfile/release/Dockerfile @@ -1,4 +1,4 @@ -FROM wjqserver/caddy:2.9.0-rc-alpine AS builder +FROM wjqserver/caddy:2.9.0-rc5-alpine AS builder ARG USER=WJQSERVER-STUDIO ARG REPO=ghproxy @@ -13,7 +13,7 @@ RUN mkdir -p /data/${APPLICATION}/config RUN mkdir -p /data/${APPLICATION}/log # 安装依赖 -RUN apk add --no-cache curl wget +RUN apk add --no-cache curl wget tar # 前端 RUN wget -O /data/www/index.html https://raw.githubusercontent.com/${USER}/${REPO}/main/pages/index.html @@ -21,12 +21,14 @@ RUN wget -O /data/www/favicon.ico https://raw.githubusercontent.com/${USER}/${RE # 后端 RUN VERSION=$(curl -s https://raw.githubusercontent.com/${USER}/${REPO}/main/VERSION) && \ - wget -O /data/${APPLICATION}/${APPLICATION} https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}-${TARGETOS}-${TARGETARCH} + wget -O /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz https://github.com/${USER}/${REPO}/releases/download/$VERSION/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz && \ + tar -zxvf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz -C /data/${APPLICATION} && \ + rm -rf /data/${APPLICATION}/${APPLICATION}-${TARGETOS}-${TARGETARCH}.tar.gz RUN wget -O /usr/local/bin/init.sh https://raw.githubusercontent.com/${USER}/${REPO}/main/docker/dockerfile/release/init.sh # 拉取配置 RUN wget -O /data/caddy/Caddyfile https://raw.githubusercontent.com/${USER}/${REPO}/main/caddyfile/release/Caddyfile -RUN wget -O /data/${APPLICATION}/config.yaml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.yaml +RUN wget -O /data/${APPLICATION}/config.toml https://raw.githubusercontent.com/${USER}/${REPO}/main/config/config.toml RUN wget -O /data/${APPLICATION}/blacklist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/blacklist.json RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.com/${USER}/${REPO}/main/config/whitelist.json @@ -34,7 +36,9 @@ RUN wget -O /data/${APPLICATION}/whitelist.json https://raw.githubusercontent.co RUN chmod +x /data/${APPLICATION}/${APPLICATION} RUN chmod +x /usr/local/bin/init.sh -FROM wjqserver/caddy:2.9.0-rc-alpine +FROM wjqserver/caddy:2.9.0-rc5-alpine + +RUN apk add --no-cache curl COPY --from=builder /data/www /data/www COPY --from=builder /data/caddy /data/caddy diff --git a/docker/dockerfile/release/init.sh b/docker/dockerfile/release/init.sh index a4dea96..66d65c6 100644 --- a/docker/dockerfile/release/init.sh +++ b/docker/dockerfile/release/init.sh @@ -14,14 +14,18 @@ if [ ! -f /data/${APPLICATION}/config/whitelist.json ]; then cp /data/${APPLICATION}/whitelist.json /data/${APPLICATION}/config/whitelist.json fi -if [ ! -f /data/${APPLICATION}/config/config.yaml ]; then - cp /data/${APPLICATION}/config.yaml /data/${APPLICATION}/config/config.yaml +if [ ! -f /data/${APPLICATION}/config/config.toml ]; then + cp /data/${APPLICATION}/config.toml /data/${APPLICATION}/config/config.toml fi /data/caddy/caddy run --config /data/caddy/config/Caddyfile > /data/${APPLICATION}/log/caddy.log 2>&1 & -/data/${APPLICATION}/${APPLICATION} > /data/${APPLICATION}/log/run.log 2>&1 & +/data/${APPLICATION}/${APPLICATION} -cfg /data/${APPLICATION}/config/config.toml > /data/${APPLICATION}/log/run.log 2>&1 & -while true; do - sleep 1 +sleep 30 + +while [[ true ]]; do + # Failure Circuit Breaker + curl -f --max-time 5 -retry 3 http://127.0.0.1:8080/api/healthcheck || exit 1 + sleep 120 done \ No newline at end of file diff --git a/go.mod b/go.mod index 93e23f4..685897b 100644 --- a/go.mod +++ b/go.mod @@ -1,53 +1,55 @@ module github.com/satomitoka/ghproxy -go 1.23.2 +go 1.23.4 require ( + github.com/BurntSushi/toml v1.4.0 github.com/gin-gonic/gin v1.10.0 - github.com/imroc/req/v3 v3.46.1 - gopkg.in/yaml.v3 v3.0.1 + github.com/imroc/req/v3 v3.48.0 + golang.org/x/time v0.8.0 ) require ( - github.com/andybalholm/brotli v1.1.0 // indirect - github.com/bytedance/sonic v1.12.3 // indirect - github.com/bytedance/sonic/loader v0.2.0 // indirect - github.com/cloudflare/circl v1.4.0 // indirect + github.com/andybalholm/brotli v1.1.1 // indirect + github.com/bytedance/sonic v1.12.5 // indirect + github.com/bytedance/sonic/loader v0.2.1 // indirect + github.com/cloudflare/circl v1.5.0 // indirect github.com/cloudwego/base64x v0.1.4 // indirect github.com/cloudwego/iasm v0.2.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.5 // indirect + github.com/gabriel-vasile/mimetype v1.4.7 // indirect github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.22.1 // indirect + github.com/go-playground/validator/v10 v10.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.3 // indirect - github.com/google/pprof v0.0.0-20241008150032-332c0e1a4a34 // indirect + github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.10 // indirect - github.com/klauspost/cpuid/v2 v2.2.8 // indirect + github.com/klauspost/compress v1.17.11 // indirect + github.com/klauspost/cpuid/v2 v2.2.9 // indirect github.com/leodido/go-urn v1.4.0 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/onsi/ginkgo/v2 v2.20.2 // indirect + github.com/onsi/ginkgo/v2 v2.22.0 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/quic-go/qpack v0.5.1 // indirect - github.com/quic-go/quic-go v0.47.0 // indirect + github.com/quic-go/quic-go v0.48.2 // indirect github.com/refraction-networking/utls v1.6.7 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.12 // indirect - go.uber.org/mock v0.4.0 // indirect - golang.org/x/arch v0.11.0 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/text v0.19.0 // indirect - golang.org/x/tools v0.26.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + go.uber.org/mock v0.5.0 // indirect + golang.org/x/arch v0.12.0 // indirect + golang.org/x/crypto v0.31.0 // indirect + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/tools v0.27.0 // indirect + google.golang.org/protobuf v1.35.2 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index f4753ff..642efb1 100644 --- a/go.sum +++ b/go.sum @@ -1,67 +1,60 @@ -github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= -github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= -github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= -github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4= -github.com/bytedance/sonic v1.12.3 h1:W2MGa7RCU1QTeYRTPE3+88mVC0yXmsRQRChiyVocVjU= -github.com/bytedance/sonic v1.12.3/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk= -github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA= +github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA= +github.com/bytedance/sonic v1.12.5 h1:hoZxY8uW+mT+OpkcUWw4k0fDINtOcVavEsGfzwzFU/w= +github.com/bytedance/sonic v1.12.5/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk= github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= -github.com/bytedance/sonic/loader v0.2.0 h1:zNprn+lsIP06C/IqCHs3gPQIvnvpKbbxyXQP1iU4kWM= -github.com/bytedance/sonic/loader v0.2.0/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= -github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= -github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E= +github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= +github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y= github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4= -github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4= +github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= +github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU= github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= -github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= -github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= -github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= +github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 h1:c5FlPPgxOn7kJz3VoPLkQYQXGBS3EklQ4Zfi57uOuqQ= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= -github.com/google/pprof v0.0.0-20241008150032-332c0e1a4a34 h1:4iExbL0TFWhkSCZx6nfKwjM+CbnBySx18KssYmdL1fc= -github.com/google/pprof v0.0.0-20241008150032-332c0e1a4a34/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467 h1:keEZFtbLJugfE0qHn+Ge1JCE71spzkchQobDf3mzS/4= +github.com/google/pprof v0.0.0-20241203143554-1e3fdc7de467/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/imroc/req/v3 v3.46.1 h1:oahr2hBTb3AaFI4P6jkN0Elj2ZVKJcdQ/IjWqeIKjvc= -github.com/imroc/req/v3 v3.46.1/go.mod h1:weam9gmyb00QnOtu6HXSnk44dNFkIUQb5QdMx13FeUU= +github.com/imroc/req/v3 v3.48.0 h1:IYuMGetuwLzOOTzDCquDqs912WNwpsPK0TBXWPIvoqg= +github.com/imroc/req/v3 v3.48.0/go.mod h1:weam9gmyb00QnOtu6HXSnk44dNFkIUQb5QdMx13FeUU= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= -github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= -github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= -github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM= -github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= +github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= @@ -72,86 +65,64 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI= github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg= -github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y= -github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E= +github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE= +github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs= github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM= github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE= github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= -go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= -go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= -golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= -golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= -golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= -golang.org/x/arch v0.11.0 h1:KXV8WWKCXm6tRpLirl2szsO5j/oOODwZf4hATmGVNs4= -golang.org/x/arch v0.11.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= +github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= +go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= +go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM= +golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg= +golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= -golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= diff --git a/init.sh b/init.sh index 86db1e1..ce3bc05 100644 --- a/init.sh +++ b/init.sh @@ -20,9 +20,12 @@ fi /data/caddy/caddy run --config /data/caddy/config/Caddyfile > /data/${APPLICATON}/log/caddy.log 2>&1 & -/data/${APPLICATON}/${APPLICATON} > /data/ghproxy/log/run.log 2>&1 & +/data/${APPLICATON}/${APPLICATON} > /data/${APPLICATON}/log/run.log 2>&1 & + +sleep 30 while [[ true ]]; do - sleep 1 + curl -f http://localhost:8080/api/healthcheck || exit 1 + sleep 120 done diff --git a/logger/logger.go b/logger/logger.go index b6e7057..5e2f2b6 100644 --- a/logger/logger.go +++ b/logger/logger.go @@ -18,15 +18,17 @@ var ( logger *log.Logger logChannel = make(chan string, 100) quitChannel = make(chan struct{}) - logFileMutex sync.Mutex // 保护 logFile 的互斥锁 + logFileMutex sync.Mutex + logFilePath = "/data/ghproxy/log/ghproxy.log" ) -// Init 初始化日志记录器,接受日志文件路径作为参数 -func Init(logFilePath string, maxLogsize int) error { +// 初始化 +func Init(logFilePath_input string, maxLogsize int) error { logFileMutex.Lock() defer logFileMutex.Unlock() var err error + logFilePath = logFilePath_input logFile, err = os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err != nil { return err @@ -38,7 +40,6 @@ func Init(logFilePath string, maxLogsize int) error { return nil } -// logWorker 处理日志记录 func logWorker() { for { select { @@ -51,18 +52,35 @@ func logWorker() { } } -// Log 直接记录日志的函数 func Log(customMessage string) { logChannel <- customMessage } -// Logw 用于格式化日志记录 func Logw(format string, args ...interface{}) { message := fmt.Sprintf(format, args...) Log(message) } -// Close 关闭日志文件 +// INFO +func LogInfo(format string, args ...interface{}) { + message := fmt.Sprintf(format, args...) + output := fmt.Sprintf("[INFO] %s", message) + Log(output) +} + +// WARNING +func LogWarning(format string, args ...interface{}) { + message := fmt.Sprintf(format, args...) + output := fmt.Sprintf("[WARNING] %s", message) + Log(output) +} + +// ERROR +func LogError(format string, args ...interface{}) { + message := fmt.Sprintf(format, args...) + Log(message) +} + func Close() { logFileMutex.Lock() defer logFileMutex.Unlock() @@ -76,9 +94,9 @@ func Close() { } func monitorLogSize(logFilePath string, maxLogsize int) { - var maxLogsizeBytes int64 = int64(maxLogsize) * 1024 * 1024 // 最大日志文件大小,单位为MB + var maxLogsizeBytes int64 = int64(maxLogsize) * 1024 * 1024 for { - time.Sleep(600 * time.Second) // 每10分钟检查一次 + time.Sleep(120 * time.Minute) // 每120分钟检查一次日志文件大小 logFileMutex.Lock() info, err := logFile.Stat() logFileMutex.Unlock() @@ -101,7 +119,6 @@ func rotateLogFile(logFilePath string) error { } } - // 打开当前日志文件 logFile, err := os.Open(logFilePath) if err != nil { return fmt.Errorf("failed to open log file: %s, error: %w", logFilePath, err) @@ -148,7 +165,6 @@ func rotateLogFile(logFilePath string) error { return fmt.Errorf("failed to truncate log file: %s, error: %w", logFilePath, err) } - // 重新打开日志文件 logFile, err = os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) if err != nil { return fmt.Errorf("failed to reopen log file: %s, error: %w", logFilePath, err) diff --git a/main.go b/main.go index 074c44c..3297f91 100644 --- a/main.go +++ b/main.go @@ -1,95 +1,137 @@ package main import ( - "encoding/json" + "flag" "fmt" "log" "net/http" + "time" - "github.com/satomitoka/ghproxy/auth" - "github.com/satomitoka/ghproxy/config" - "github.com/satomitoka/ghproxy/logger" - "github.com/satomitoka/ghproxy/proxy" + "ghproxy/api" + "ghproxy/auth" + "ghproxy/config" + "ghproxy/logger" + "ghproxy/proxy" + "ghproxy/rate" "github.com/gin-gonic/gin" ) var ( cfg *config.Config - logw = logger.Logw router *gin.Engine - configfile = "/data/ghproxy/config/config.yaml" + configfile = "/data/ghproxy/config/config.toml" + cfgfile string + version string + limiter *rate.RateLimiter + iplimiter *rate.IPRateLimiter ) +var ( + logw = logger.Logw + logInfo = logger.LogInfo + logWarning = logger.LogWarning + logError = logger.LogError +) + +func readFlag() { + flag.StringVar(&cfgfile, "cfg", configfile, "config file path") +} + func loadConfig() { var err error - // 初始化配置 - cfg, err = config.LoadConfig(configfile) + cfg, err = config.LoadConfig(cfgfile) if err != nil { log.Fatalf("Failed to load config: %v", err) } + fmt.Println("Config File Path: ", cfgfile) fmt.Printf("Loaded config: %v\n", cfg) } -func setupLogger() { - // 初始化日志模块 +func setupLogger(cfg *config.Config) { var err error - err = logger.Init(cfg.Log.LogFilePath, cfg.Log.MaxLogSize) // 传递日志文件路径 + err = logger.Init(cfg.Log.LogFilePath, cfg.Log.MaxLogSize) if err != nil { log.Fatalf("Failed to initialize logger: %v", err) } - logw("Logger initialized") - logw("Init Completed") + logInfo("Config File Path: ", cfgfile) + logInfo("Loaded config: %v\n", cfg) + logInfo("Init Completed") } -func Loadlist(cfg *config.Config) { - auth.LoadBlacklist(cfg) - auth.LoadWhitelist(cfg) +func loadlist(cfg *config.Config) { + auth.Init(cfg) +} + +func setupApi(cfg *config.Config, router *gin.Engine, version string) { + api.InitHandleRouter(cfg, router, version) +} + +func setupRateLimit(cfg *config.Config) { + if cfg.RateLimit.Enabled { + if cfg.RateLimit.RateMethod == "ip" { + iplimiter = rate.NewIPRateLimiter(cfg.RateLimit.RatePerMinute, cfg.RateLimit.Burst, 1*time.Minute) + } else if cfg.RateLimit.RateMethod == "total" { + limiter = rate.New(cfg.RateLimit.RatePerMinute, cfg.RateLimit.Burst, 1*time.Minute) + } else { + logError("Invalid RateLimit Method: %s", cfg.RateLimit.RateMethod) + } + logInfo("Rate Limit Loaded") + } } func init() { + readFlag() + flag.Parse() loadConfig() - setupLogger() - Loadlist(cfg) + setupLogger(cfg) + loadlist(cfg) + setupRateLimit(cfg) - // 设置 Gin 模式 gin.SetMode(gin.ReleaseMode) - // 初始化路由 router = gin.Default() + //H2C默认值为true,而后遵循cfg.Server.EnableH2C的设置 + if cfg.Server.EnableH2C == "on" { + router.UseH2C = true + } else if cfg.Server.EnableH2C == "" { + router.UseH2C = true + } else { + router.UseH2C = false + } + /*if !cfg.Server.EnableH2C { + router.UseH2C = false + } else { + router.UseH2C = true + }*/ - // 定义路由 - router.GET("/", func(c *gin.Context) { - c.Redirect(http.StatusMovedPermanently, "https://ghproxy0rtt.1888866.xyz/") - }) + setupApi(cfg, router, version) - router.GET("/api", api) + if cfg.Pages.Enabled { + indexPagePath := fmt.Sprintf("%s/index.html", cfg.Pages.StaticDir) + faviconPath := fmt.Sprintf("%s/favicon.ico", cfg.Pages.StaticDir) + router.GET("/", func(c *gin.Context) { + c.File(indexPagePath) + logInfo("IP:%s UA:%s METHOD:%s HTTPv:%s", c.ClientIP(), c.Request.UserAgent(), c.Request.Method, c.Request.Proto) + }) + router.StaticFile("/favicon.ico", faviconPath) + } else if !cfg.Pages.Enabled { + router.GET("/", func(c *gin.Context) { + c.String(http.StatusForbidden, "403 Forbidden Access") + logWarning("403 > Path:/ IP:%s UA:%s METHOD:%s HTTPv:%s", c.ClientIP(), c.Request.UserAgent(), c.Request.Method, c.Request.Proto) + }) + } - // 健康检查 - router.GET("/api/healthcheck", func(c *gin.Context) { - c.String(http.StatusOK, "OK") - }) - - // 未匹配路由处理 router.NoRoute(func(c *gin.Context) { - proxy.NoRouteHandler(cfg)(c) + proxy.NoRouteHandler(cfg, limiter, iplimiter)(c) }) } func main() { - // 启动服务器 err := router.Run(fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)) if err != nil { - log.Fatalf("Error starting server: %v\n", err) + logError("Failed to start server: %v\n", err) } - - fmt.Println("Program finished") -} - -func api(c *gin.Context) { - // 设置响应头 - c.Writer.Header().Set("Content-Type", "application/json") - json.NewEncoder(c.Writer).Encode(map[string]interface{}{ - "MaxResponseBodySize": cfg.Server.SizeLimit, - }) + defer logger.Close() + fmt.Println("Program Exit") } diff --git a/pages/index.html b/pages/index.html index 4987c93..60b5053 100644 --- a/pages/index.html +++ b/pages/index.html @@ -5,12 +5,30 @@ + + Github文件加速 +
+

+

Github文件加速

- +
- + + 

         

         

-            
GitHub链接带不带协议头均可,支持release、archive以及文件,转换后链接均可使用。

-            
文件大小限制: ...

+            

+                
GitHub链接带不带协议头均可,支持release、archive以及文件,转换后链接均可使用。


+            

+            

+                
文件大小限制: ...

+                
白名单状态: ...

+                
黑名单状态: ...

+            

         

     

+    
+