24w23a

2026-02-03 00:01:10 +08:00 · 2024-11-15 19:04:35 +08:00 · 2024-11-15 19:04:35 +08:00 · c55ae4a5b7
commit c55ae4a5b7
parent 85896ffbfe
11 changed files with 102 additions and 25 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,12 @@
 # 更新日志

+24w23a
+---
+- PRE-RELEASE: 此版本是v1.7.4的预发布版本,请勿在生产环境中使用
+- ADD: `Auth`模块加入`Header`鉴权,使用`GH-Auth`的值进行鉴权
+- CHANGE: 对二进制文件部署脚本进行优化
+- CHANGE&ADD: 新增H2C相关配置
+
 v1.7.3
 ---
 - CHANGE: Bump golang.org/x/time from 0.7.0 to 0.8.0
--- a/2
+++ b/2
@ -1 +1 @@
-24w22b
+24w23a
--- a/auth/auth-header.go
+++ b/auth/auth-header.go
@ -0,0 +1,30 @@
+package auth
+
+import (
+	"fmt"
+	"ghproxy/config"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthHeaderHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
+	if !cfg.Auth.Enabled {
+		return true, ""
+	}
+	// 获取"GH-Auth"的值
+	authToken := c.GetHeader("GH-Auth")
+	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.Request.Method, c.Request.Host, c.Request.URL.Path, c.Request.Proto, c.Request.RemoteAddr, authToken)
+	if authToken == "" {
+		err := "Auth Header == nil"
+		return false, err
+	}
+
+	isValid = authToken == cfg.Auth.AuthToken
+	if !isValid {
+		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
+		return false, err
+	}
+
+	logInfo("auth SUCCESS: %t", isValid)
+	return isValid, ""
+}
--- a/auth/auth-parameters.go
+++ b/auth/auth-parameters.go
@ -0,0 +1,31 @@
+package auth
+
+import (
+	"fmt"
+	"ghproxy/config"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthParametersHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
+	if !cfg.Auth.Enabled {
+		return true, ""
+	}
+
+	authToken := c.Query("auth_token")
+	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken)
+
+	if authToken == "" {
+		err := "Auth token == nil"
+		return false, err
+	}
+
+	isValid = authToken == cfg.Auth.AuthToken
+	if !isValid {
+		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
+		return false, err
+	}
+
+	logInfo("auth SUCCESS: %t", isValid)
+	return isValid, ""
+}
--- a/auth/auth.go
+++ b/auth/auth.go
@ -1,7 +1,6 @@
 package auth

 import (
-	"fmt"
 	"ghproxy/config"
 	"ghproxy/logger"

@ -26,24 +25,17 @@ func Init(cfg *config.Config) {
 }

 func AuthHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
-	if !cfg.Auth.Enabled {
+	if cfg.Auth.AuthMethod == "parameters" {
+		isValid, err = AuthParametersHandler(c, cfg)
+		return isValid, err
+	} else if cfg.Auth.AuthMethod == "header" {
+		isValid, err = AuthHeaderHandler(c, cfg)
+		return isValid, err
+	} else if cfg.Auth.AuthMethod == "" {
+		logWarning("Auth method not set")
 		return true, ""
+	} else {
+		logWarning("Auth method not supported")
+		return false, "Auth method not supported"
 	}
-
-	authToken := c.Query("auth_token")
-	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken)
-
-	if authToken == "" {
-		err := "Auth token == nil"
-		return false, err
-	}
-
-	isValid = authToken == cfg.Auth.AuthToken
-	if !isValid {
-		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
-		return false, err
-	}
-
-	logInfo("auth SUCCESS: %t", isValid)
-	return isValid, ""
 }
--- a/config/config.go
+++ b/config/config.go
@ -19,6 +19,7 @@ type ServerConfig struct {
 	Port      int    `toml:"port"`
 	Host      string `toml:"host"`
 	SizeLimit int    `toml:"sizeLimit"`
+	EnableH2C bool   `toml:"enableH2C"`
 }

 type PagesConfig struct {
@ -36,8 +37,9 @@ type CORSConfig struct {
 }

 type AuthConfig struct {
-	Enabled   bool   `toml:"enabled"`
-	AuthToken string `toml:"authToken"`
+	Enabled    bool   `toml:"enabled"`
+	AuthMethod string `toml:"authMethod"`
+	AuthToken  string `toml:"authToken"`
 }

 type BlacklistConfig struct {
--- a/config/config.toml
+++ b/config/config.toml
@ -2,6 +2,7 @@
 host = "127.0.0.1" 
 port = 8080 
 sizeLimit = 125 # MB
+enableH2C = true 

 [pages]
 enabled = false
@ -15,6 +16,7 @@ maxLogSize = 5 # MB
 enabled = true

 [auth]
+authMethod = "parameters" # "header" or "parameters"
 authToken = "token"
 enabled = false

--- a/deploy/install-dev.sh
+++ b/deploy/install-dev.sh
@ -50,6 +50,12 @@ EOF

 }

+# 检查是否为root用户
+if [ "$EUID" -ne 0 ]; then
+    echo "请以root用户运行此脚本"
+    exit 1
+fi
+
 # 安装依赖包
 install curl wget sed

--- a/deploy/install.sh
+++ b/deploy/install.sh
@ -50,6 +50,12 @@ EOF

 }

+# 检查是否为root用户
+if [ "$EUID" -ne 0 ]; then
+    echo "请以root用户运行此脚本"
+    exit 1
+fi
+
 # 安装依赖包
 install curl wget sed

@ -96,7 +102,7 @@ VERSION=$(curl -s https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/mai
 wget -q -O ${ghproxy_dir}/VERSION https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/VERSION

 # 下载ghproxy
-wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/$VERSION/ghproxy-linux-$ARCH.tar.gz
+wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/${VERSION}/ghproxy-linux-${ARCH}.tar.gz
 install tar
 tar -zxvf ${ghproxy_dir}/ghproxy-linux-$ARCH.tar.gz -C ${ghproxy_dir}
 chmod +x ${ghproxy_dir}/ghproxy
--- a/init.sh
+++ b/init.sh
@ -25,7 +25,6 @@ fi
 sleep 30

 while [[ true ]]; do
-    # 健康检查
    curl -f http://localhost:8080/api/healthcheck || exit 1
    sleep 120
 done    
--- a/main.go
+++ b/main.go
@ -84,7 +84,9 @@ func init() {
 	gin.SetMode(gin.ReleaseMode)

 	router = gin.Default()
-	router.UseH2C = true
+	if cfg.Server.EnableH2C {
+		router.UseH2C = true
+	}

 	setupApi(cfg, router, version)
 @ -1 +1 @@
 w22b
 w23a