24w23a

CHANGELOG.md

@@ -1,5 +1,12 @@
 # 更新日志
 
+24w23a
+---
+- PRE-RELEASE: 此版本是v1.7.4的预发布版本,请勿在生产环境中使用
+- ADD: `Auth`模块加入`Header`鉴权,使用`GH-Auth`的值进行鉴权
+- CHANGE: 对二进制文件部署脚本进行优化
+- CHANGE&ADD: 新增H2C相关配置
+
 v1.7.3
 ---
 - CHANGE: Bump golang.org/x/time from 0.7.0 to 0.8.0

DEV-VERSION

@@ -1 +1 @@
-24w22b
+24w23a

auth/auth-header.go

@@ -0,0 +1,30 @@
+package auth
+
+import (
+	"fmt"
+	"ghproxy/config"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthHeaderHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
+	if !cfg.Auth.Enabled {
+		return true, ""
+	}
+	// 获取"GH-Auth"的值
+	authToken := c.GetHeader("GH-Auth")
+	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.Request.Method, c.Request.Host, c.Request.URL.Path, c.Request.Proto, c.Request.RemoteAddr, authToken)
+	if authToken == "" {
+		err := "Auth Header == nil"
+		return false, err
+	}
+
+	isValid = authToken == cfg.Auth.AuthToken
+	if !isValid {
+		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
+		return false, err
+	}
+
+	logInfo("auth SUCCESS: %t", isValid)
+	return isValid, ""
+}

auth/auth-parameters.go

@@ -0,0 +1,31 @@
+package auth
+
+import (
+	"fmt"
+	"ghproxy/config"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthParametersHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
+	if !cfg.Auth.Enabled {
+		return true, ""
+	}
+
+	authToken := c.Query("auth_token")
+	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken)
+
+	if authToken == "" {
+		err := "Auth token == nil"
+		return false, err
+	}
+
+	isValid = authToken == cfg.Auth.AuthToken
+	if !isValid {
+		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
+		return false, err
+	}
+
+	logInfo("auth SUCCESS: %t", isValid)
+	return isValid, ""
+}

auth/auth.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"fmt"
 	"ghproxy/config"
 	"ghproxy/logger"
 
@@ -26,24 +25,17 @@ func Init(cfg *config.Config) {
 }
 
 func AuthHandler(c *gin.Context, cfg *config.Config) (isValid bool, err string) {
-	if !cfg.Auth.Enabled {
+	if cfg.Auth.AuthMethod == "parameters" {
+		isValid, err = AuthParametersHandler(c, cfg)
+		return isValid, err
+	} else if cfg.Auth.AuthMethod == "header" {
+		isValid, err = AuthHeaderHandler(c, cfg)
+		return isValid, err
+	} else if cfg.Auth.AuthMethod == "" {
+		logWarning("Auth method not set")
 		return true, ""
+	} else {
+		logWarning("Auth method not supported")
+		return false, "Auth method not supported"
 	}
-
-	authToken := c.Query("auth_token")
-	logInfo("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Request.Method, c.Request.URL.Path, c.Request.UserAgent(), c.Request.Proto, authToken)
-
-	if authToken == "" {
-		err := "Auth token == nil"
-		return false, err
-	}
-
-	isValid = authToken == cfg.Auth.AuthToken
-	if !isValid {
-		err := fmt.Sprintf("Auth token incorrect: %s", authToken)
-		return false, err
-	}
-
-	logInfo("auth SUCCESS: %t", isValid)
-	return isValid, ""
 }

config/config.go

@@ -19,6 +19,7 @@ type ServerConfig struct {
 	Port      int    `toml:"port"`
 	Host      string `toml:"host"`
 	SizeLimit int    `toml:"sizeLimit"`
+	EnableH2C bool   `toml:"enableH2C"`
 }
 
 type PagesConfig struct {
@@ -36,8 +37,9 @@ type CORSConfig struct {
 }
 
 type AuthConfig struct {
-	Enabled   bool   `toml:"enabled"`
+	Enabled    bool   `toml:"enabled"`
-	AuthToken string `toml:"authToken"`
+	AuthMethod string `toml:"authMethod"`
+	AuthToken  string `toml:"authToken"`
 }
 
 type BlacklistConfig struct {

config/config.toml

@@ -2,6 +2,7 @@
 host = "127.0.0.1" 
 port = 8080 
 sizeLimit = 125 # MB
+enableH2C = true 
 
 [pages]
 enabled = false
@@ -15,6 +16,7 @@ maxLogSize = 5 # MB
 enabled = true
 
 [auth]
+authMethod = "parameters" # "header" or "parameters"
 authToken = "token"
 enabled = false
 

deploy/install-dev.sh

@@ -50,6 +50,12 @@ EOF
 
 }
 
+# 检查是否为root用户
+if [ "$EUID" -ne 0 ]; then
+    echo "请以root用户运行此脚本"
+    exit 1
+fi
+
 # 安装依赖包
 install curl wget sed
 

deploy/install.sh

@@ -50,6 +50,12 @@ EOF
 
 }
 
+# 检查是否为root用户
+if [ "$EUID" -ne 0 ]; then
+    echo "请以root用户运行此脚本"
+    exit 1
+fi
+
 # 安装依赖包
 install curl wget sed
 
@@ -96,7 +102,7 @@ VERSION=$(curl -s https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/mai
 wget -q -O ${ghproxy_dir}/VERSION https://raw.githubusercontent.com/WJQSERVER-STUDIO/ghproxy/main/VERSION
 
 # 下载ghproxy
-wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/$VERSION/ghproxy-linux-$ARCH.tar.gz
+wget -q -O ${ghproxy_dir}/ghproxy https://github.com/WJQSERVER-STUDIO/ghproxy/releases/download/${VERSION}/ghproxy-linux-${ARCH}.tar.gz
 install tar
 tar -zxvf ${ghproxy_dir}/ghproxy-linux-$ARCH.tar.gz -C ${ghproxy_dir}
 chmod +x ${ghproxy_dir}/ghproxy

init.sh

@@ -25,7 +25,6 @@ fi
 sleep 30
 
 while [[ true ]]; do
-    # 健康检查
     curl -f http://localhost:8080/api/healthcheck || exit 1
     sleep 120
 done    

main.go

@@ -84,7 +84,9 @@ func init() {
 	gin.SetMode(gin.ReleaseMode)
 
 	router = gin.Default()
-	router.UseH2C = true
+	if cfg.Server.EnableH2C {
+		router.UseH2C = true
+	}
 
 	setupApi(cfg, router, version)