wjqserver/ghproxy
1
0
Fork 0
mirror of https://github.com/WJQSERVER-STUDIO/ghproxy.git synced 2026-02-03 08:11:11 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix callback issue

Browse source
This commit is contained in:
wjqserver 2025-04-24 01:09:53 +08:00
parent e42ea358bb
commit b955c915ff
3 changed files with 48 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

37
proxy/handler.go
View file

@ -16,7 +16,11 @@ var re = regexp.MustCompile(`^(http:|https:)?/?/?(.*)`) // 匹配http://或https
func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc { func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) { return func(ctx context.Context, c *app.RequestContext) {
rateCheck(cfg, c, limiter, iplimiter) var shoudBreak bool
shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
if shoudBreak {
return
}
var ( var (
rawPath string rawPath string
@ -30,7 +34,6 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
// 匹配路径错误处理 // 匹配路径错误处理
if len(matches) < 3 { if len(matches) < 3 {
logWarning("%s %s %s %s %s Invalid URL", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol()) logWarning("%s %s %s %s %s Invalid URL", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol())
//c.String(http.StatusForbidden, "Invalid URL Format. Path: %s", rawPath)
c.JSON(http.StatusForbidden, map[string]string{"error": "Invalid URL Format"}) c.JSON(http.StatusForbidden, map[string]string{"error": "Invalid URL Format"})
return return
} }
@ -42,7 +45,6 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
user string user string
repo string repo string
matcher string matcher string
//err error
) )
var matcherErr *GHProxyErrors var matcherErr *GHProxyErrors
@ -50,31 +52,20 @@ func NoRouteHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
if matcherErr != nil { if matcherErr != nil {
ErrorPage(c, matcherErr) ErrorPage(c, matcherErr)
return return
/*
if errors.Is(err, ErrInvalidURL) {
c.JSON(ErrInvalidURL.Code, map[string]string{"error": "Invalid URL Format, Path: " + rawPath})
logWarning(err.Error())
return
}
if errors.Is(err, ErrAuthHeaderUnavailable) {
c.JSON(ErrAuthHeaderUnavailable.Code, map[string]string{"error": "AuthHeader Unavailable"})
logWarning(err.Error())
return
}
if errors.Is(err, ErrNotFound) {
//c.JSON(ErrNotFound.Code, map[string]string{"error": "Not Found"})
NotFoundPage(c)
logWarning(err.Error())
return
}
*/
} }
logInfo("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) logInfo("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
logDump("%s", c.Request.Header.Header()) logDump("%s", c.Request.Header.Header())
listCheck(cfg, c, user, repo, rawPath) shoudBreak = listCheck(cfg, c, user, repo, rawPath)
authCheck(c, cfg, matcher, rawPath) if shoudBreak {
return
}
shoudBreak = authCheck(c, cfg, matcher, rawPath)
if shoudBreak {
return
}
// 处理blob/raw路径 // 处理blob/raw路径
if matcher == "blob" { if matcher == "blob" {

18
proxy/routing.go
View file

@ -13,7 +13,12 @@ import (
func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc { func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) { return func(ctx context.Context, c *app.RequestContext) {
rateCheck(cfg, c, limiter, iplimiter) var shoudBreak bool
shoudBreak = rateCheck(cfg, c, limiter, iplimiter)
if shoudBreak {
return
}
var ( var (
rawPath string rawPath string
@ -34,8 +39,15 @@ func RoutingHandler(cfg *config.Config, limiter *rate.RateLimiter, iplimiter *ra
logInfo("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) logInfo("%s %s %s %s %s Matched-Username: %s, Matched-Repo: %s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
logDump("%s", c.Request.Header.Header()) logDump("%s", c.Request.Header.Header())
listCheck(cfg, c, user, repo, rawPath) shoudBreak = listCheck(cfg, c, user, repo, rawPath)
authCheck(c, cfg, matcher, rawPath) if shoudBreak {
return
}
shoudBreak = authCheck(c, cfg, matcher, rawPath)
if shoudBreak {
return
}
// 处理blob/raw路径 // 处理blob/raw路径
if matcher == "blob" { if matcher == "blob" {

36
proxy/utils.go
View file

@ -12,7 +12,7 @@ import (
"github.com/cloudwego/hertz/pkg/app" "github.com/cloudwego/hertz/pkg/app"
) )
func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo string, rawPath string) { func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo string, rawPath string) bool {
var errMsg string var errMsg string
// 白名单检查 // 白名单检查
@ -22,8 +22,8 @@ func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo stri
if !whitelist { if !whitelist {
errMsg = fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo) errMsg = fmt.Sprintf("Whitelist Blocked repo: %s/%s", user, repo)
c.JSON(403, map[string]string{"error": errMsg}) c.JSON(403, map[string]string{"error": errMsg})
logWarning("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) logInfo("%s %s %s %s %s Whitelist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
return return true
} }
} }
@ -34,21 +34,23 @@ func listCheck(cfg *config.Config, c *app.RequestContext, user string, repo stri
if blacklist { if blacklist {
errMsg = fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo) errMsg = fmt.Sprintf("Blacklist Blocked repo: %s/%s", user, repo)
c.JSON(403, map[string]string{"error": errMsg}) c.JSON(403, map[string]string{"error": errMsg})
logWarning("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo) logInfo("%s %s %s %s %s Blacklist Blocked repo: %s/%s", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), user, repo)
return return true
}
} }
} }
return false
}
// 鉴权 // 鉴权
func authCheck(c *app.RequestContext, cfg *config.Config, matcher string, rawPath string) { func authCheck(c *app.RequestContext, cfg *config.Config, matcher string, rawPath string) bool {
var err error var err error
if matcher == "api" && !cfg.Auth.ForceAllowApi { if matcher == "api" && !cfg.Auth.ForceAllowApi {
if cfg.Auth.Method != "header" || !cfg.Auth.Enabled { if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
c.JSON(403, map[string]string{"error": "Github API Req without AuthHeader is Not Allowed"}) c.JSON(403, map[string]string{"error": "Github API Req without AuthHeader is Not Allowed"})
logWarning("%s %s %s %s %s AuthHeader Unavailable", c.ClientIP(), c.Method(), rawPath) logInfo("%s %s %s %s %s AuthHeader Unavailable", c.ClientIP(), c.Method(), rawPath)
return return true
} }
} }
@ -58,13 +60,15 @@ func authCheck(c *app.RequestContext, cfg *config.Config, matcher string, rawPat
authcheck, err = auth.AuthHandler(c, cfg) authcheck, err = auth.AuthHandler(c, cfg)
if !authcheck { if !authcheck {
c.JSON(401, map[string]string{"error": "Unauthorized"}) c.JSON(401, map[string]string{"error": "Unauthorized"})
logWarning("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), err) logInfo("%s %s %s %s %s Auth-Error: %v", c.ClientIP(), c.Method(), rawPath, c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), err)
return return true
}
} }
} }
func rateCheck(cfg *config.Config, c *app.RequestContext, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) { return false
}
func rateCheck(cfg *config.Config, c *app.RequestContext, limiter *rate.RateLimiter, iplimiter *rate.IPRateLimiter) bool {
// 限制访问频率 // 限制访问频率
if cfg.RateLimit.Enabled { if cfg.RateLimit.Enabled {
@ -78,15 +82,17 @@ func rateCheck(cfg *config.Config, c *app.RequestContext, limiter *rate.RateLimi
default: default:
logWarning("Invalid RateLimit Method") logWarning("Invalid RateLimit Method")
c.JSON(500, map[string]string{"error": "Invalid RateLimit Method"}) c.JSON(500, map[string]string{"error": "Invalid RateLimit Method"})
return return true
} }
if !allowed { if !allowed {
c.JSON(429, map[string]string{"error": "Too Many Requests"}) c.JSON(429, map[string]string{"error": "Too Many Requests"})
logWarning("%s %s %s %s %s 429-TooManyRequests", c.ClientIP(), c.Method(), c.Request.RequestURI(), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol()) logWarning("%s %s %s %s %s 429-TooManyRequests", c.ClientIP(), c.Method(), c.Request.RequestURI(), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol())
return return true
} }
} }
return false
} }
var errPagesFs fs.FS var errPagesFs fs.FS