diff --git a/CHANGELOG.md b/CHANGELOG.md index 54e51ed..413955e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # 更新日志 +24w23a +--- +- PRE-RELEASE: 此版本是v1.7.4的预发布版本,请勿在生产环境中使用 +- ADD: `Auth`模块加入`Header`鉴权,使用`GH-Auth`的值进行鉴权 +- CHANGE: 对二进制文件部署脚本进行优化 +- CHANGE&ADD: 新增H2C相关配置 + v1.7.3 --- - CHANGE: Bump golang.org/x/time from 0.7.0 to 0.8.0 diff --git a/DEV-VERSION b/DEV-VERSION index c2b048e..1ffeae0 100644 --- a/DEV-VERSION +++ b/DEV-VERSION @@ -1 +1 @@ -24w22b \ No newline at end of file +24w23a \ No newline at end of file diff --git a/auth/auth-header.go b/auth/auth-header.go new file mode 100644 index 0000000..5089254 --- /dev/null +++ b/auth/auth-header.go @@ -0,0 +1,30 @@ +package auth + +import ( + "fmt" + "ghproxy/config" + + "github.com/gin-gonic/gin" +) + +func AuthHeaderHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { + if !cfg.Auth.Enabled { + return true, "" + } + // 获取"GH-Auth"的值 + authToken := c.GetHeader("GH-Auth") + logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.Request.Method, c.Request.Host, c.Request.URL.Path, c.Request.Proto, c.Request.RemoteAddr, authToken) + if authToken == "" { + err := "Auth Header == nil" + return false, err + } + + isValid = authToken == cfg.Auth.AuthToken + if !isValid { + err := fmt.Sprintf("Auth token incorrect: %s", authToken) + return false, err + } + + logInfo("auth SUCCESS: %t", isValid) + return isValid, "" +} diff --git a/auth/auth-parameters.go b/auth/auth-parameters.go new file mode 100644 index 0000000..c14e23a --- /dev/null +++ b/auth/auth-parameters.go @@ -0,0 +1,31 @@ +package auth + +import ( + "fmt" + "ghproxy/config" + + "github.com/gin-gonic/gin" +) + +func AuthParametersHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { + if !cfg.Auth.Enabled { + return true, "" + } + + authToken := c.Query("auth_token") + logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken) + + if authToken == "" { + err := "Auth token == nil" + return false, err + } + + isValid = authToken == cfg.Auth.AuthToken + if !isValid { + err := fmt.Sprintf("Auth token incorrect: %s", authToken) + return false, err + } + + logInfo("auth SUCCESS: %t", isValid) + return isValid, "" +} diff --git a/auth/auth.go b/auth/auth.go index 339486f..281eeff 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -1,7 +1,6 @@ package auth import ( - "fmt" "ghproxy/config" "ghproxy/logger" @@ -26,24 +25,17 @@ func Init(cfg *config.Config) { } func AuthHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) { - if !cfg.Auth.Enabled { + if cfg.Auth.AuthMethod == "parameters" { + isValid, err = AuthParametersHandler(c, cfg) + return isValid, err + } else if cfg.Auth.AuthMethod == "header" { + isValid, err = AuthHeaderHandler(c, cfg) + return isValid, err + } else if cfg.Auth.AuthMethod == "" { + logWarning("Auth method not set") return true, "" + } else { + logWarning("Auth method not supported") + return false, "Auth method not supported" } - - authToken := c.Query("auth_token") - logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken) - - if authToken == "" { - err := "Auth token == nil" - return false, err - } - - isValid = authToken == cfg.Auth.AuthToken - if !isValid { - err := fmt.Sprintf("Auth token incorrect: %s", authToken) - return false, err - } - - logInfo("auth SUCCESS: %t", isValid) - return isValid, "" } diff --git a/config/config.go b/config/config.go index 033a7ea..a9eaa58 100644 --- a/config/config.go +++ b/config/config.go @@ -19,6 +19,7 @@ type ServerConfig struct { Port int `toml:"port"` Host string `toml:"host"` SizeLimit int `toml:"sizeLimit"` + EnableH2C bool `toml:"enableH2C"` } type PagesConfig struct { @@ -36,8 +37,9 @@ type CORSConfig struct { } type AuthConfig struct { - Enabled bool `toml:"enabled"` - AuthToken string `toml:"authToken"` + Enabled bool `toml:"enabled"` + AuthMethod string `toml:"authMethod"` + AuthToken string `toml:"authToken"` } type BlacklistConfig struct { diff --git a/config/config.toml b/config/config.toml index 2592dae..6b65e7b 100644 --- a/config/config.toml +++ b/config/config.toml @@ -2,6 +2,7 @@ host = "127.0.0.1" port = 8080 sizeLimit = 125 # MB +enableH2C = true [pages] enabled = false @@ -15,6 +16,7 @@ maxLogSize = 5 # MB enabled = true [auth] +authMethod = "parameters" # "header" or "parameters" authToken = "token" enabled = false diff --git a/deploy/install-dev.sh b/deploy/install-dev.sh index 0119c63..44609e4 100644 --- a/deploy/install-dev.sh +++ b/deploy/install-dev.sh @@ -50,6 +50,12 @@ EOF } +# 检查是否为root用户 +if [ "$EUID" -ne 0 ]; then + echo "请以root用户运行此脚本" + exit 1 +fi + # 安装依赖包 install curl wget sed diff --git a/deploy/install.sh b/deploy/install.sh index c6ef3d1..3361e94 100644 --- a/deploy/install.sh +++ b/deploy/install.sh @@ -50,6 +50,12 @@ EOF } +# 检查是否为root用户 +if [ "$EUID" -ne 0 ]; then + echo "请以root用户运行此脚本" + exit 1 +fi + # 安装依赖包 install curl wget sed @@ -96,7 +102,7 @@ VERSION=$(curl -s https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/mai wget -q -O ${ghproxy_dir}/VERSION https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/VERSION # 下载ghproxy -wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/$VERSION/ghproxy-linux-$ARCH.tar.gz +wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/${VERSION}/ghproxy-linux-${ARCH}.tar.gz install tar tar -zxvf ${ghproxy_dir}/ghproxy-linux-$ARCH.tar.gz -C ${ghproxy_dir} chmod +x ${ghproxy_dir}/ghproxy diff --git a/init.sh b/init.sh index 2a62223..ce3bc05 100644 --- a/init.sh +++ b/init.sh @@ -25,7 +25,6 @@ fi sleep 30 while [[ true ]]; do - # 健康检查 curl -f http://localhost:8080/api/healthcheck || exit 1 sleep 120 done diff --git a/main.go b/main.go index ef0d301..a71b119 100644 --- a/main.go +++ b/main.go @@ -84,7 +84,9 @@ func init() { gin.SetMode(gin.ReleaseMode) router = gin.Default() - router.UseH2C = true + if cfg.Server.EnableH2C { + router.UseH2C = true + } setupApi(cfg, router, version)