229 lines
5.3 KiB
Go
229 lines
5.3 KiB
Go
package main
|
||
|
||
import (
|
||
"fmt"
|
||
"io"
|
||
"log"
|
||
"net/http"
|
||
"net/url"
|
||
"regexp"
|
||
"strings"
|
||
)
|
||
|
||
// ========================
|
||
// 配置区域
|
||
// ========================
|
||
const (
|
||
sizeLimit = int64(1024 * 1024 * 1024 * 1) // 允许的文件大小, 1GB
|
||
host = "127.0.0.1"
|
||
port = "2005"
|
||
)
|
||
|
||
// 先生效白名单再匹配黑名单
|
||
// 每行一个规则,示例:
|
||
// user1 # 封禁user1的所有仓库
|
||
// user1/repo1 # 封禁user1的repo1
|
||
// */repo1 # 封禁所有叫做repo1的仓库
|
||
var (
|
||
whiteListStr = ``
|
||
blackListStr = ``
|
||
)
|
||
|
||
|
||
// ========================
|
||
// 全局变量与预编译正则
|
||
// ========================
|
||
var (
|
||
whiteList [][]string
|
||
blackList [][]string
|
||
|
||
|
||
exp1 = regexp.MustCompile(`^(?:https?://)?github\.com/(?P<author>[^/]+)/(?P<repo>[^/]+)/(?:releases|archive)/.*$`)
|
||
exp2 = regexp.MustCompile(`^(?:https?://)?github\.com/(?P<author>[^/]+)/(?P<repo>[^/]+)/(?:blob|raw)/.*$`)
|
||
exp3 = regexp.MustCompile(`^(?:https?://)?github\.com/(?P<author>[^/]+)/(?P<repo>[^/]+)/(?:info|git-).*$`)
|
||
exp4 = regexp.MustCompile(`^(?:https?://)?raw\.(?:githubusercontent|github)\.com/(?P<author>[^/]+)/(?P<repo>[^/]+)/.+?/.+$`)
|
||
exp5 = regexp.MustCompile(`^(?:https?://)?gist\.(?:githubusercontent|github)\.com/(?P<author>[^/]+)/.+?/.+$`)
|
||
|
||
httpClient *http.Client
|
||
)
|
||
|
||
func init() {
|
||
// 1. 初始化列表
|
||
whiteList = parseList(whiteListStr)
|
||
blackList = parseList(blackListStr)
|
||
|
||
httpClient = &http.Client{
|
||
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||
return http.ErrUseLastResponse
|
||
},
|
||
Timeout: 0,
|
||
}
|
||
}
|
||
|
||
func main() {
|
||
http.HandleFunc("/", routeHandler)
|
||
addr := fmt.Sprintf("%s:%s", host, port)
|
||
log.Printf("服务器启动成功,正在监听 %s", addr)
|
||
if err := http.ListenAndServe(addr, nil); err != nil {
|
||
log.Fatal(err)
|
||
}
|
||
}
|
||
|
||
func routeHandler(w http.ResponseWriter, r *http.Request) {
|
||
|
||
u := strings.TrimPrefix(r.URL.RequestURI(), "/")
|
||
if strings.HasPrefix(u, "https:/") && !strings.HasPrefix(u, "https://") {
|
||
u = "https://" + strings.TrimPrefix(u, "https:/")
|
||
} else if strings.HasPrefix(u, "http:/") && !strings.HasPrefix(u, "http://") {
|
||
u = "http://" + strings.TrimPrefix(u, "http:/")
|
||
}
|
||
|
||
if !strings.HasPrefix(u, "http") {
|
||
u = "https://" + u
|
||
}
|
||
|
||
m := checkURL(u)
|
||
if m == nil {
|
||
http.Error(w, "Invalid input.", http.StatusForbidden)
|
||
return
|
||
}
|
||
|
||
if len(whiteList) > 0 {
|
||
allowed := false
|
||
for _, i := range whiteList {
|
||
if matchRule(m, i) {
|
||
allowed = true
|
||
break
|
||
}
|
||
}
|
||
if !allowed {
|
||
http.Error(w, "Forbidden by white list.", http.StatusForbidden)
|
||
return
|
||
}
|
||
}
|
||
|
||
for _, i := range blackList {
|
||
if matchRule(m, i) {
|
||
http.Error(w, "Forbidden by black list.", http.StatusForbidden)
|
||
return
|
||
}
|
||
}
|
||
|
||
// 将网页浏览的blob链接统一替换为raw下载链接
|
||
if exp2.MatchString(u) {
|
||
u = strings.Replace(u, "/blob/", "/raw/", 1)
|
||
}
|
||
|
||
// 发起代理请求
|
||
parsedURL, err := url.Parse(u)
|
||
if err == nil {
|
||
u = parsedURL.String()
|
||
}
|
||
proxy(w, r, u)
|
||
}
|
||
|
||
func proxy(w http.ResponseWriter, r *http.Request, targetURL string) {
|
||
// 修正由于多重代理可能造成的 URL 格式错误
|
||
if strings.HasPrefix(targetURL, "https:/") && ! strings.HasPrefix(targetURL, "https://") {
|
||
targetURL = "https://" + targetURL[7:]
|
||
}
|
||
|
||
req, err := http.NewRequest(r.Method, targetURL, r.Body)
|
||
if err != nil {
|
||
http.Error(w, "server error " + err.Error(), http.StatusInternalServerError)
|
||
return
|
||
}
|
||
|
||
// 拷贝 Header, 但不包含 Host
|
||
for k, vv := range r.Header {
|
||
if strings.EqualFold(k, "Host") {
|
||
continue
|
||
}
|
||
for _, v := range vv {
|
||
req.Header.Add(k, v)
|
||
}
|
||
}
|
||
|
||
resp, err := httpClient.Do(req)
|
||
if err != nil {
|
||
http.Error(w, "server error " + err.Error(), http.StatusInternalServerError)
|
||
return
|
||
}
|
||
defer resp.Body.Close()
|
||
|
||
// 校验大文件限制
|
||
if resp.ContentLength > sizeLimit {
|
||
http.Redirect(w, r, targetURL, http.StatusFound)
|
||
return
|
||
}
|
||
|
||
// 处理重定向 Location Header
|
||
if loc := resp.Header.Get("Location"); loc != "" {
|
||
if checkURL(loc) != nil {
|
||
resp.Header.Set("Location", "/"+loc)
|
||
} else {
|
||
// 如果不符合 Github 下载格式,则递归代理目标地址
|
||
proxy(w, r, loc)
|
||
return
|
||
}
|
||
}
|
||
|
||
// 拷贝响应的 Header 并写入状态码
|
||
for k, vv := range resp.Header {
|
||
for _, v := range vv {
|
||
w.Header().Add(k, v)
|
||
}
|
||
}
|
||
w.WriteHeader(resp.StatusCode)
|
||
|
||
// Go 会原生以 Stream 方式拷贝数据给 Client 端
|
||
io.Copy(w, resp.Body)
|
||
}
|
||
|
||
func matchRule(m []string, i []string) bool {
|
||
// m 通常为 [author, repo] 或 [author]
|
||
if len(i) == 1 {
|
||
return len(m) >= 1 && m[0] == i[0]
|
||
} else if len(i) == 2 {
|
||
if i[0] == "*" && len(m) >= 2 && m[1] == i[1] {
|
||
return true
|
||
}
|
||
return len(m) >= 2 && m[0] == i[0] && m[1] == i[1]
|
||
}
|
||
return false
|
||
}
|
||
|
||
func checkURL(u string) []string {
|
||
exps := []*regexp.Regexp {exp1, exp2, exp3, exp4, exp5}
|
||
for _, exp := range exps {
|
||
matches := exp.FindStringSubmatch(u)
|
||
if matches != nil {
|
||
var result []string
|
||
for i, name := range exp.SubexpNames() {
|
||
if i > 0 && name != "" {
|
||
result = append(result, matches[i])
|
||
}
|
||
}
|
||
return result
|
||
}
|
||
}
|
||
return nil
|
||
}
|
||
|
||
|
||
func parseList(s string) [][]string {
|
||
var res [][]string
|
||
lines := strings.Split(s, "\n")
|
||
for _, line := range lines {
|
||
line = strings.TrimSpace(line)
|
||
if line != "" {
|
||
parts := strings.Split(line, "/")
|
||
var cleaned []string
|
||
for _, p := range parts {
|
||
cleaned = append(cleaned, strings.ReplaceAll(p, " ", ""))
|
||
}
|
||
res = append(res, cleaned)
|
||
}
|
||
}
|
||
return res
|
||
} |