更新 install.sh

shell OOM

.gitattributes

@@ -1 +1,2 @@
 * text=auto eol=lf
+*.html linguist-vendored

.github/workflows/docker-ghcr.yml

@@ -3,9 +3,9 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version number'
+        description: '版本号 (例如: v1.0.0)'
         required: true
-        default: 'latest'
+        default: 'v1.0.0'
 
 jobs:
   build:
@@ -15,13 +15,13 @@ jobs:
       packages: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Cache Docker layers
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -29,14 +29,19 @@ jobs:
             ${{ runner.os }}-buildx-
             
       - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           
       - name: Set version from input
-        run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+        run: |
+          VERSION=${{ github.event.inputs.version }}
+          if [[ $VERSION == v* ]]; then
+            VERSION=${VERSION:1}
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Convert repository name to lowercase
         run: |
@@ -47,10 +52,10 @@ jobs:
       - name: Build and push Docker image
         run: |
           docker buildx build --push \
-            --platform linux/amd64,linux/arm64/v8 \
+            --platform linux/amd64,linux/arm64 \
             --tag ghcr.io/${{ env.REPO_LOWER }}:${{ env.VERSION }} \
             --tag ghcr.io/${{ env.REPO_LOWER }}:latest \
             --build-arg VERSION=${{ env.VERSION }} \
             -f Dockerfile .
         env:
-          GHCR_PUBLIC: true  # 将镜像设置为公开
+          GHCR_PUBLIC: true

.github/workflows/release.yml

@@ -1,7 +1,7 @@
 name: 发布二进制文件
 
 on:
-  workflow_dispatch:  # 手动触发
+  workflow_dispatch:
     inputs:
       version:
         description: '版本号 (例如: v1.0.0)'
@@ -18,12 +18,13 @@ jobs:
       - name: 检出代码
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # 获取完整历史，用于生成变更日志
+          fetch-depth: 0
           
       - name: 设置Go环境
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: '1.24'
+          go-version-file: "src/go.mod"
+          cache-dependency-path: "src/go.sum"
           
       - name: 获取版本号
         id: version
@@ -53,15 +54,24 @@ jobs:
         run: |
           mkdir -p build/hubproxy
           
+      - name: 安装 UPX
+        uses: crazy-max/ghaction-upx@v3
+        with:
+          install-only: true
+
       - name: 编译二进制文件
         run: |
           cd src
           
           # Linux AMD64
-          GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-amd64 .
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-amd64 .
           
           # Linux ARM64
-          GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-arm64 .
+          CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-arm64 .
+          
+          # 压缩二进制文件
+          upx -9 ../build/hubproxy/hubproxy-linux-amd64
+          upx -9 ../build/hubproxy/hubproxy-linux-arm64
           
       - name: 复制配置文件
         run: |
@@ -72,7 +82,7 @@ jobs:
           cp hubproxy.service build/hubproxy/
           
           # 复制安装脚本
-          cp install-service.sh build/hubproxy/
+          cp install.sh build/hubproxy/
          
           # 创建README文件
           cat > build/hubproxy/README.md << 'EOF'
@@ -88,13 +98,13 @@ jobs:
           # Linux AMD64 包
           mkdir -p linux-amd64/hubproxy
           cp hubproxy/hubproxy-linux-amd64 linux-amd64/hubproxy/hubproxy
-          cp hubproxy/config.toml hubproxy/hubproxy.service hubproxy/install-service.sh hubproxy/README.md linux-amd64/hubproxy/
+          cp hubproxy/config.toml hubproxy/hubproxy.service hubproxy/install.sh hubproxy/README.md linux-amd64/hubproxy/
           tar -czf hubproxy-${{ steps.version.outputs.version }}-linux-amd64.tar.gz -C linux-amd64 hubproxy
           
           # Linux ARM64 包
           mkdir -p linux-arm64/hubproxy
           cp hubproxy/hubproxy-linux-arm64 linux-arm64/hubproxy/hubproxy
-          cp hubproxy/config.toml hubproxy/hubproxy.service hubproxy/install-service.sh hubproxy/README.md linux-arm64/hubproxy/
+          cp hubproxy/config.toml hubproxy/hubproxy.service hubproxy/install.sh hubproxy/README.md linux-arm64/hubproxy/
           tar -czf hubproxy-${{ steps.version.outputs.version }}-linux-arm64.tar.gz -C linux-arm64 hubproxy
           
           # 列出生成的文件
@@ -107,7 +117,7 @@ jobs:
           cat checksums.txt
           
       - name: 创建或更新Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           tag_name: ${{ steps.version.outputs.version }}
           name: "HubProxy ${{ steps.version.outputs.version }}"

.gitignore

@@ -0,0 +1,5 @@
+.idea
+.vscode
+.DS_Store
+hubproxy*
+!hubproxy.service

Dockerfile

@@ -1,11 +1,14 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
+
+ARG TARGETARCH
 
 WORKDIR /app
 COPY src/go.mod src/go.sum ./
-RUN go mod download
+RUN go mod download && apk add upx
 
 COPY src/ .
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -trimpath -o hubproxy .
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -ldflags="-s -w" -trimpath -o hubproxy . && upx -9 hubproxy
 
 FROM alpine
 

README.md

@@ -1,23 +1,35 @@
 # HubProxy
 
-🚀 **Docker 和 GitHub 加速代理服务器**
+ **Docker 和 GitHub 加速代理服务器**
 
 一个轻量级、高性能的多功能代理服务，提供 Docker 镜像加速、GitHub 文件加速、下载离线镜像、在线搜索 Docker 镜像等功能。
 
-## ✨ 特性
 
-- 🐳 **Docker 镜像加速** - 单域名实现 Docker Hub、GHCR、Quay 等多个镜像仓库加速，流式传输优化拉取速度。
+<p align="center">
+  <img src="https://count.getloli.com/get/@sky22333.hubproxy?theme=rule34" alt="Visitors">
+</p>
+
+## 特性
+
+- 🐳 **Docker 镜像加速** - 支持 Docker Hub、GHCR、Quay 等多个镜像仓库加速，流式传输优化拉取速度。
 - 🐳 **离线镜像包** - 支持下载离线镜像包，流式传输加防抖设计。
 - 📁 **GitHub 文件加速** - 加速 GitHub Release、Raw 文件下载，支持`api.github.com`，脚本嵌套加速等等
 - 🤖 **AI 模型库支持** - 支持 Hugging Face 模型下载加速
 - 🛡️ **智能限流** - IP 限流保护，防止滥用
 - 🚫 **仓库审计** - 强大的自定义黑名单，白名单，同时审计镜像仓库，和GitHub仓库
 - 🔍 **镜像搜索** - 在线搜索 Docker 镜像
-- ⚡ **轻量高效** - 基于 Go 语言，单二进制文件运行，资源占用低，优雅的内存清理机制。
+- ⚡ **轻量高效** - 基于 Go 语言，单二进制文件运行，资源占用低。
-- 🔧 **统一配置** - 统一配置管理
+- 🔧 **统一配置** - 统一配置管理，便于维护。
+- 🛡️ **完全自托管** - 避免依赖免费第三方服务的不稳定性，例如`cloudflare`等等。
+- 🚀 **多服务统一加速** - 单个程序即可统一加速 Docker、GitHub、Hugging Face 等多种服务，简化部署与管理。
 
+## 详细文档
 
-## 🚀 快速开始
+[中文文档](https://zread.ai/sky22333/hubproxy)
+
+[English](https://deepwiki.com/sky22333/hubproxy)
+
+## 快速开始
 
 ### Docker部署（推荐）
 ```
@@ -28,25 +40,21 @@ docker run -d \
   ghcr.io/sky22333/hubproxy
 ```
 
-
-
 ### 一键脚本安装
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/sky22333/hubproxy/main/install-service.sh | sudo bash
+curl -fsSL https://raw.githubusercontent.com/sky22333/hubproxy/main/install.sh | sudo bash
 ```
 
-也可以直接下载二进制文件执行`./hubproxy`使用，无需配置文件即可启动，内置默认配置，支持所有功能。初始内存占用约18M，二进制文件大小约12M
+支持单个二进制文件直接启动，无需其他配置，内置默认配置，支持所有功能。
 
-这个命令会：
+这个脚本会：
-- 🔍 自动检测系统架构（AMD64/ARM64）
+- 自动检测系统架构（AMD64/ARM64）
-- 📥 从 GitHub Releases 下载最新版本
+- 从 GitHub Releases 下载最新版本
-- ⚙️ 自动配置系统服务
+- 自动配置系统服务
-- 🔄 保留现有配置（升级时）
+- 保留现有配置（升级时）
 
-
+## 使用方法
-
-## 📖 使用方法
 
 ### Docker 镜像加速
 
@@ -63,6 +71,20 @@ docker pull yourdomain.com/ghcr.io/sky22333/hubproxy
 # 符合Docker Registry API v2标准的仓库都支持
 ```
 
+当然也支持配置为全局镜像加速，在主机上新建（或编辑）`/etc/docker/daemon.json`
+
+在 `"registry-mirrors"` 中加入域名：
+
+```json
+{
+  "registry-mirrors": [
+    "https://yourdomain.com"
+  ]
+}
+```
+
+若已设置其他加速地址，直接并列添加后保存，再执行 `sudo systemctl restart docker` 重启docker服务让配置生效。
+
 ### GitHub 文件加速
 
 ```bash
@@ -71,31 +93,18 @@ https://github.com/user/repo/releases/download/v1.0.0/file.tar.gz
 
 # 加速链接
 https://yourdomain.com/https://github.com/user/repo/releases/download/v1.0.0/file.tar.gz
+
+# 加速下载仓库
+git clone https://yourdomain.com/https://github.com/sky22333/hubproxy.git
 ```
 
+## 配置
 
+<details>
+  <summary>config.toml 配置说明</summary>
 
-## ⚙️ 配置
+*此配置是默认配置，已经内置在程序中了*
 
-容器内的配置文件位于 `/root/config.toml`
-
-脚本部署配置文件位于 `/opt/hubproxy/config.toml`
-
-为了IP限流能够正常运行，反向代理需要传递IP头用来获取访客真实IP，以caddy为例：
-```
-example.com {
-    reverse_proxy 127.0.0.1:5000 {
-        header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
-        header_up X-Real-IP {http.request.header.CF-Connecting-IP}
-        header_up X-Forwarded-Proto https
-        header_up X-Forwarded-Host {host}
-    }
-}
-```
-
-### `config.toml`配置示例
-
-不配置也可以，程序内置有默认值
 ```
 [server]
 host = "0.0.0.0"
@@ -103,18 +112,21 @@ host = "0.0.0.0"
 port = 5000
 # Github文件大小限制（字节），默认2GB
 fileSize = 2147483648
+# HTTP/2 多路复用，提升下载速度
+enableH2C = false
 
 [rateLimit]
-# 每个IP每小时允许的请求数(注意Docker镜像会有多个层，会消耗多个次数)
+# 每个IP每周期允许的请求数(注意Docker镜像会有多个层，会消耗多个次数)
 requestLimit = 500
 # 限流周期（小时）
-periodHours = 1.0
+periodHours = 3.0
 
 [security]
 # IP白名单，支持单个IP或IP段
 # 白名单中的IP不受限流限制
 whiteList = [
     "127.0.0.1",
+    "172.17.0.0/16",
     "192.168.1.0/24"
 ]
 
@@ -125,7 +137,7 @@ blackList = [
     "192.168.100.0/24"
 ]
 
-[proxy]
+[access]
 # 代理服务白名单（支持GitHub仓库和Docker镜像，支持通配符）
 # 只允许访问白名单中的仓库/镜像，为空时不限制
 whiteList = []
@@ -138,11 +150,11 @@ blackList = [
     "baduser/*"
 ]
 
-# SOCKS5代理配置，支持有用户名/密码认证和无认证模式
+# 代理配置，支持有用户名/密码认证和无认证模式
 # 无认证: socks5://127.0.0.1:1080
 # 有认证: socks5://username:password@127.0.0.1:1080
 # 留空不使用代理
-socks5 = "" 
+proxy = "" 
 
 [download]
 # 批量下载离线镜像数量限制
@@ -186,6 +198,36 @@ enabled = true
 defaultTTL = "20m"
 ```
 
+</details>
+
+容器内的配置文件位于 `/root/config.toml`
+
+脚本部署配置文件位于 `/opt/hubproxy/config.toml`
+
+为了IP限流能够正常运行，反向代理需要传递IP头用来获取访客真实IP，以caddy为例：
+```
+example.com {
+    reverse_proxy {
+        to 127.0.0.1:5000
+        header_up X-Real-IP {remote}
+        header_up X-Forwarded-For {remote}
+        header_up X-Forwarded-Proto {scheme}
+    }
+}
+```
+cloudflare CDN：
+```
+example.com {
+    reverse_proxy 127.0.0.1:5000 {
+        header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+        header_up X-Real-IP {http.request.header.CF-Connecting-IP}
+        header_up X-Forwarded-Proto https
+        header_up X-Forwarded-Host {host}
+    }
+}
+```
+
+> 对于使用nginx反代的用户，Github加速提示`无效输入`的问题可以参见[issues/62](https://github.com/sky22333/hubproxy/issues/62#issuecomment-3219572440)
 
 
 ## ⚠️ 免责声明
@@ -201,3 +243,10 @@ defaultTTL = "20m"
 **⭐ 如果这个项目对你有帮助，请给个 Star！⭐**
 
 </div>
+
+## 界面预览
+
+![1](./.github/demo/demo1.jpg)
+
+## Star 趋势
+[![Star 趋势](https://starchart.cc/sky22333/hubproxy.svg?variant=adaptive)](https://starchart.cc/sky22333/hubproxy)

docker-compose.yml

@@ -1,8 +1,14 @@
 services:
-    hubproxy:
+  hubproxy:
-        build: .
+    image: ghcr.io/sky22333/hubproxy
-        restart: always
+    container_name: hubproxy
-        ports:
+    restart: always
-            - '5000:5000'
+    ports:
-        volumes:
+      - "5000:5000"
-            - ./src/config.toml:/root/config.toml
+    volumes:
+      - ./src/config.toml:/root/config.toml
+    logging:
+      driver: json-file
+      options:
+        max-size: "1g"
+        max-file: "2"

install-service.sh

@@ -1,213 +0,0 @@
-#!/bin/bash
-
-# HubProxy 一键安装脚本
-# 支持自动下载最新版本或使用本地文件安装
-set -e
-
-# 颜色定义
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
-NC='\033[0m' # No Color
-
-# 配置
-REPO="sky22333/hubproxy"
-GITHUB_API="https://api.github.com/repos/${REPO}"
-GITHUB_RELEASES="${GITHUB_API}/releases"
-SERVICE_NAME="hubproxy"
-INSTALL_DIR="/opt/hubproxy"
-CONFIG_FILE="config.toml"
-BINARY_NAME="hubproxy"
-LOG_DIR="/var/log/hubproxy"
-TEMP_DIR="/tmp/hubproxy-install"
-
-echo -e "${BLUE}HubProxy 一键安装脚本${NC}"
-echo "================================================="
-
-# 检查是否以root权限运行
-if [[ $EUID -ne 0 ]]; then
-           echo -e "${RED}此脚本需要root权限运行${NC}"
-   echo "请使用: sudo $0"
-   exit 1
-fi
-
-# 检测系统架构
-detect_arch() {
-    local arch=$(uname -m)
-    case $arch in
-        x86_64)
-            echo "amd64"
-            ;;
-        aarch64|arm64)
-            echo "arm64"
-            ;;
-        *)
-            echo -e "${RED}不支持的架构: $arch${NC}"
-            exit 1
-            ;;
-    esac
-}
-
-ARCH=$(detect_arch)
-echo -e "${BLUE}检测到架构: linux-${ARCH}${NC}"
-
-# 检查是否为本地安装模式
-if [ -f "${BINARY_NAME}" ]; then
-    echo -e "${BLUE}发现本地文件，使用本地安装模式${NC}"
-    LOCAL_INSTALL=true
-else
-    echo -e "${BLUE}本地无文件，使用自动下载模式${NC}"
-    LOCAL_INSTALL=false
-    
-    # 检查依赖
-    missing_deps=()
-    for cmd in curl jq tar; do
-        if ! command -v $cmd &> /dev/null; then
-            missing_deps+=($cmd)
-        fi
-    done
-    
-    if [ ${#missing_deps[@]} -gt 0 ]; then
-        echo -e "${YELLOW}检测到缺少依赖: ${missing_deps[*]}${NC}"
-        echo -e "${BLUE}正在自动安装依赖...${NC}"
-        
-        apt update && apt install -y curl jq
-        if [ $? -ne 0 ]; then
-            echo -e "${RED}依赖安装失败${NC}"
-            exit 1
-        fi
-        
-        # 重新检查依赖
-        for cmd in curl jq tar; do
-            if ! command -v $cmd &> /dev/null; then
-                echo -e "${RED}依赖安装后仍缺少: $cmd${NC}"
-                exit 1
-            fi
-        done
-        
-        echo -e "${GREEN}依赖安装成功${NC}"
-    fi
-fi
-
-# 自动下载功能
-if [ "$LOCAL_INSTALL" = false ]; then
-    echo -e "${BLUE}获取最新版本信息...${NC}"
-    LATEST_RELEASE=$(curl -s "${GITHUB_RELEASES}/latest")
-    if [ $? -ne 0 ]; then
-        echo -e "${RED}无法获取版本信息${NC}"
-        exit 1
-    fi
-
-    VERSION=$(echo "$LATEST_RELEASE" | jq -r '.tag_name')
-    if [ "$VERSION" = "null" ]; then
-        echo -e "${RED}无法解析版本信息${NC}"
-        exit 1
-    fi
-
-    echo -e "${GREEN}最新版本: ${VERSION}${NC}"
-
-    # 构造下载URL
-    ASSET_NAME="hubproxy-${VERSION}-linux-${ARCH}.tar.gz"
-    DOWNLOAD_URL="https://github.com/${REPO}/releases/download/${VERSION}/${ASSET_NAME}"
-
-    echo -e "${BLUE}下载: ${ASSET_NAME}${NC}"
-
-    # 创建临时目录并下载
-    rm -rf "${TEMP_DIR}"
-    mkdir -p "${TEMP_DIR}"
-    cd "${TEMP_DIR}"
-
-    curl -L -o "${ASSET_NAME}" "${DOWNLOAD_URL}"
-    if [ $? -ne 0 ]; then
-        echo -e "${RED}下载失败${NC}"
-        exit 1
-    fi
-
-    # 解压
-    tar -xzf "${ASSET_NAME}"
-    if [ $? -ne 0 ] || [ ! -d "hubproxy" ]; then
-        echo -e "${RED}解压失败${NC}"
-        exit 1
-    fi
-
-    cd hubproxy
-    echo -e "${GREEN}下载完成${NC}"
-fi
-
-echo -e "${YELLOW}开始安装 HubProxy...${NC}"
-
-# 停止现有服务（如果存在）
-if systemctl is-active --quiet ${SERVICE_NAME} 2>/dev/null; then
-    echo -e "${YELLOW}停止现有服务...${NC}"
-    systemctl stop ${SERVICE_NAME}
-fi
-
-# 备份现有配置（如果存在）
-CONFIG_BACKUP_EXISTS=false
-if [ -f "${INSTALL_DIR}/${CONFIG_FILE}" ]; then
-    echo -e "${BLUE}备份现有配置...${NC}"
-    cp "${INSTALL_DIR}/${CONFIG_FILE}" "${TEMP_DIR}/config.toml.backup"
-    CONFIG_BACKUP_EXISTS=true
-fi
-
-# 1. 创建目录结构
-echo -e "${BLUE}创建目录结构${NC}"
-mkdir -p ${INSTALL_DIR}
-mkdir -p ${LOG_DIR}
-chmod 755 ${INSTALL_DIR}
-chmod 755 ${LOG_DIR}
-
-# 2. 复制二进制文件
-echo -e "${BLUE}复制二进制文件${NC}"
-cp "${BINARY_NAME}" "${INSTALL_DIR}/"
-chmod +x "${INSTALL_DIR}/${BINARY_NAME}"
-
-# 3. 复制配置文件
-echo -e "${BLUE}复制配置文件${NC}"
-if [ -f "${CONFIG_FILE}" ]; then
-    if [ "$CONFIG_BACKUP_EXISTS" = false ]; then
-        cp "${CONFIG_FILE}" "${INSTALL_DIR}/"
-        echo -e "${GREEN}配置文件复制成功${NC}"
-    else
-        echo -e "${YELLOW}保留现有配置文件${NC}"
-    fi
-else
-    echo -e "${YELLOW}配置文件不存在，将使用默认配置${NC}"
-fi
-
-# 5. 安装systemd服务文件
-echo -e "${BLUE}安装systemd服务文件${NC}"
-cp "${SERVICE_NAME}.service" "/etc/systemd/system/"
-systemctl daemon-reload
-
-# 6. 恢复配置文件（如果有备份）
-if [ "$CONFIG_BACKUP_EXISTS" = true ]; then
-    echo -e "${BLUE}恢复配置文件...${NC}"
-    cp "${TEMP_DIR}/config.toml.backup" "${INSTALL_DIR}/${CONFIG_FILE}"
-fi
-
-# 7. 启用并启动服务
-echo -e "${BLUE}启用并启动服务${NC}"
-systemctl enable ${SERVICE_NAME}
-systemctl start ${SERVICE_NAME}
-
-# 8. 清理临时文件
-if [ "$LOCAL_INSTALL" = false ]; then
-    echo -e "${BLUE}清理临时文件...${NC}"
-    cd /
-    rm -rf "${TEMP_DIR}"
-fi
-
-# 9. 检查服务状态
-sleep 2
-if systemctl is-active --quiet ${SERVICE_NAME}; then
-    echo ""
-    echo -e "${GREEN}HubProxy 安装成功！${NC}"
-    echo -e "${GREEN}默认运行端口: 5000${NC}"
-    echo -e "${GREEN}配置文件路径: ${INSTALL_DIR}/${CONFIG_FILE}${NC}"
-else
-    echo -e "${RED}服务启动失败${NC}"
-    echo "查看错误日志: sudo journalctl -u ${SERVICE_NAME} -f"
-    exit 1
-fi 

install.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# HubProxy 一键安装脚本 (Gitea 私人仓库版)
+set -e
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+# 配置信息
+VERSION="v1.2.1"
+SERVICE_NAME="hubproxy"
+# 按照你的习惯，安装在 /opt，如果你想完全放在 /vol1 下也可以修改此处
+INSTALL_DIR="/opt/hubproxy" 
+BINARY_NAME="hubproxy"
+TEMP_DIR="/tmp/hubproxy-install"
+
+echo -e "${BLUE}HubProxy 一键安装脚本 - 来自 Gitea 私人仓库${NC}"
+echo "================================================="
+
+# 1. 权限检查
+if [[ $EUID -ne 0 ]]; then
+   echo -e "${RED}此脚本需要 root 权限运行${NC}"
+   exit 1
+fi
+
+# 2. 检测系统架构并匹配你的 Gitea 链接
+arch=$(uname -m)
+case $arch in
+    x86_64)
+        ARCH="amd64"
+        DOWNLOAD_URL="https://git.vps3344521.xyz/3344/hubproxy/releases/download/v1.2.1/hubproxy-v1.2.1-linux-amd64.tar.gz"
+        ;;
+    aarch64|arm64)
+        ARCH="arm64"
+        DOWNLOAD_URL="https://git.vps3344521.xyz/3344/hubproxy/releases/download/v1.2.1/hubproxy-v1.2.1-linux-arm64.tar.gz"
+        ;;
+    *)
+        echo -e "${RED}不支持的架构: $arch${NC}"
+        exit 1
+        ;;
+esac
+
+echo -e "${BLUE}检测到架构: ${ARCH}${NC}"
+echo -e "${BLUE}准备从 Gitea 下载...${NC}"
+
+# 3. 安装必要工具
+for cmd in curl tar; do
+    if ! command -v $cmd &> /dev/null; then
+        echo -e "${YELLOW}正在安装依赖 $cmd...${NC}"
+        apt update && apt install -y $cmd
+    fi
+done
+
+# 4. 执行下载
+rm -rf "${TEMP_DIR}" && mkdir -p "${TEMP_DIR}"
+cd "${TEMP_DIR}"
+
+echo -e "${YELLOW}正在下载: ${DOWNLOAD_URL}${NC}"
+curl -L -o "hubproxy.tar.gz" "${DOWNLOAD_URL}"
+
+# 5. 解压 (根据你提供的包结构，通常解压后是一个目录或直接是二进制文件)
+tar -xzf "hubproxy.tar.gz"
+# 进入解压出的目录（如果压缩包里有 hubproxy 文件夹的话）
+[ -d "hubproxy" ] && cd hubproxy
+
+# 6. 配置服务环境
+echo -e "${BLUE}配置安装目录: ${INSTALL_DIR}${NC}"
+mkdir -p "${INSTALL_DIR}"
+cp "${BINARY_NAME}" "${INSTALL_DIR}/"
+chmod +x "${INSTALL_DIR}/${BINARY_NAME}"
+
+# 如果有默认配置文件也一并复制
+if [ -f "config.toml" ]; then
+    if [ ! -f "${INSTALL_DIR}/config.toml" ]; then
+        cp "config.toml" "${INSTALL_DIR}/"
+    fi
+fi
+
+# 7. 写入 Systemd 服务
+echo -e "${BLUE}正在创建 Systemd 服务...${NC}"
+cat <<EOF > /etc/systemd/system/${SERVICE_NAME}.service
+[Unit]
+Description=HubProxy Service
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=${INSTALL_DIR}
+ExecStart=${INSTALL_DIR}/${BINARY_NAME}
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# 8. 启动服务
+systemctl daemon-reload
+systemctl enable ${SERVICE_NAME}
+systemctl restart ${SERVICE_NAME}
+
+# 9. 清理并完成
+rm -rf "${TEMP_DIR}"
+echo "-------------------------------------------------"
+echo -e "${GREEN}HubProxy 安装成功！${NC}"
+echo -e "安装路径: ${INSTALL_DIR}"
+echo -e "服务状态: ${BLUE}systemctl status ${SERVICE_NAME}${NC}"

src/config.toml

@@ -4,18 +4,21 @@ host = "0.0.0.0"
 port = 5000
 # Github文件大小限制（字节），默认2GB
 fileSize = 2147483648
+# HTTP/2 多路复用
+enableH2C = false
 
 [rateLimit]
-# 每个IP每小时允许的请求数(注意Docker镜像会有多个层，会消耗多个次数)
+# 每个IP每周期允许的请求数
 requestLimit = 500
 # 限流周期（小时）
-periodHours = 1.0
+periodHours = 3.0
 
 [security]
 # IP白名单，支持单个IP或IP段
 # 白名单中的IP不受限流限制
 whiteList = [
     "127.0.0.1",
+    "172.17.0.0/16",
     "192.168.1.0/24"
 ]
 
@@ -26,7 +29,7 @@ blackList = [
     "192.168.100.0/24"
 ]
 
-[proxy]
+[access]
 # 代理服务白名单（支持GitHub仓库和Docker镜像，支持通配符）
 # 只允许访问白名单中的仓库/镜像，为空时不限制
 whiteList = []
@@ -39,11 +42,11 @@ blackList = [
     "baduser/*"
 ]
 
-# SOCKS5代理配置，支持有用户名/密码认证和无认证模式
+# 代理配置，支持有用户名/密码认证和无认证模式
 # 无认证: socks5://127.0.0.1:1080
 # 有认证: socks5://username:password@127.0.0.1:1080
 # 留空不使用代理
-socks5 = "" 
+proxy = "" 
 
 [download]
 # 批量下载离线镜像数量限制

src/config/config.go

@@ -1,4 +1,4 @@
-package main
+package config
 
 import (
 	"fmt"
@@ -13,45 +13,46 @@ import (
 
 // RegistryMapping Registry映射配置
 type RegistryMapping struct {
-	Upstream string `toml:"upstream"` // 上游Registry地址
+	Upstream string `toml:"upstream"`
-	AuthHost string `toml:"authHost"` // 认证服务器地址
+	AuthHost string `toml:"authHost"`
-	AuthType string `toml:"authType"` // 认证类型: docker/github/google/basic
+	AuthType string `toml:"authType"`
-	Enabled  bool   `toml:"enabled"`  // 是否启用
+	Enabled  bool   `toml:"enabled"`
 }
 
 // AppConfig 应用配置结构体
 type AppConfig struct {
 	Server struct {
-		Host     string `toml:"host"`     // 监听地址
+		Host      string `toml:"host"`
-		Port     int    `toml:"port"`     // 监听端口
+		Port      int    `toml:"port"`
-		FileSize int64  `toml:"fileSize"` // 文件大小限制（字节）
+		FileSize  int64  `toml:"fileSize"`
+		EnableH2C bool   `toml:"enableH2C"`
 	} `toml:"server"`
 
 	RateLimit struct {
-		RequestLimit int     `toml:"requestLimit"` // 每小时请求限制
+		RequestLimit int     `toml:"requestLimit"`
-		PeriodHours  float64 `toml:"periodHours"`  // 限制周期（小时）
+		PeriodHours  float64 `toml:"periodHours"`
 	} `toml:"rateLimit"`
 
 	Security struct {
-		WhiteList []string `toml:"whiteList"` // 白名单IP/CIDR列表
+		WhiteList []string `toml:"whiteList"`
-		BlackList []string `toml:"blackList"` // 黑名单IP/CIDR列表
+		BlackList []string `toml:"blackList"`
 	} `toml:"security"`
 
-	Proxy struct {
+	Access struct {
-		WhiteList []string `toml:"whiteList"` // 代理白名单（仓库级别）
+		WhiteList []string `toml:"whiteList"`
-		BlackList []string `toml:"blackList"` // 代理黑名单（仓库级别）
+		BlackList []string `toml:"blackList"`
-		Socks5    string   `toml:"socks5"`    // SOCKS5代理地址: socks5://[user:pass@]host:port
+		Proxy     string   `toml:"proxy"`
-	} `toml:"proxy"`
+	} `toml:"access"`
 
 	Download struct {
-		MaxImages int `toml:"maxImages"` // 单次下载最大镜像数量限制
+		MaxImages int `toml:"maxImages"`
 	} `toml:"download"`
 
 	Registries map[string]RegistryMapping `toml:"registries"`
 
 	TokenCache struct {
-		Enabled    bool   `toml:"enabled"`    // 是否启用token缓存
+		Enabled    bool   `toml:"enabled"`
-		DefaultTTL string `toml:"defaultTTL"` // 默认缓存时间
+		DefaultTTL string `toml:"defaultTTL"`
 	} `toml:"tokenCache"`
 }
 
@@ -69,20 +70,22 @@ var (
 func DefaultConfig() *AppConfig {
 	return &AppConfig{
 		Server: struct {
-			Host     string `toml:"host"`
+			Host      string `toml:"host"`
-			Port     int    `toml:"port"`
+			Port      int    `toml:"port"`
-			FileSize int64  `toml:"fileSize"`
+			FileSize  int64  `toml:"fileSize"`
+			EnableH2C bool   `toml:"enableH2C"`
 		}{
-			Host:     "0.0.0.0",
+			Host:      "0.0.0.0",
-			Port:     5000,
+			Port:      5000,
-			FileSize: 2 * 1024 * 1024 * 1024, // 2GB
+			FileSize:  2 * 1024 * 1024 * 1024, // 2GB
+			EnableH2C: false,                  // 默认关闭H2C
 		},
 		RateLimit: struct {
 			RequestLimit int     `toml:"requestLimit"`
 			PeriodHours  float64 `toml:"periodHours"`
 		}{
-			RequestLimit: 20,
+			RequestLimit: 500,
-			PeriodHours:  1.0,
+			PeriodHours:  3.0,
 		},
 		Security: struct {
 			WhiteList []string `toml:"whiteList"`
@@ -91,19 +94,19 @@ func DefaultConfig() *AppConfig {
 			WhiteList: []string{},
 			BlackList: []string{},
 		},
-		Proxy: struct {
+		Access: struct {
 			WhiteList []string `toml:"whiteList"`
 			BlackList []string `toml:"blackList"`
-			Socks5    string   `toml:"socks5"`
+			Proxy     string   `toml:"proxy"`
 		}{
 			WhiteList: []string{},
 			BlackList: []string{},
-			Socks5:    "", // 默认不使用代理
+			Proxy:     "",
 		},
 		Download: struct {
 			MaxImages int `toml:"maxImages"`
 		}{
-			MaxImages: 10, // 默认值：最多同时下载10个镜像
+			MaxImages: 10,
 		},
 		Registries: map[string]RegistryMapping{
 			"ghcr.io": {
@@ -135,7 +138,7 @@ func DefaultConfig() *AppConfig {
 			Enabled    bool   `toml:"enabled"`
 			DefaultTTL string `toml:"defaultTTL"`
 		}{
-			Enabled:    true, // docker认证的匿名Token缓存配置，用于提升性能
+			Enabled:    true,
 			DefaultTTL: "20m",
 		},
 	}
@@ -151,11 +154,9 @@ func GetConfig() *AppConfig {
 	}
 	configCacheMutex.RUnlock()
 
-	// 缓存过期，重新生成配置
 	configCacheMutex.Lock()
 	defer configCacheMutex.Unlock()
 
-	// 双重检查，防止重复生成
 	if cachedConfig != nil && time.Since(configCacheTime) < configCacheTTL {
 		return cachedConfig
 	}
@@ -169,12 +170,11 @@ func GetConfig() *AppConfig {
 		return defaultCfg
 	}
 
-	// 生成新的配置深拷贝
 	configCopy := *appConfig
 	configCopy.Security.WhiteList = append([]string(nil), appConfig.Security.WhiteList...)
 	configCopy.Security.BlackList = append([]string(nil), appConfig.Security.BlackList...)
-	configCopy.Proxy.WhiteList = append([]string(nil), appConfig.Proxy.WhiteList...)
+	configCopy.Access.WhiteList = append([]string(nil), appConfig.Access.WhiteList...)
-	configCopy.Proxy.BlackList = append([]string(nil), appConfig.Proxy.BlackList...)
+	configCopy.Access.BlackList = append([]string(nil), appConfig.Access.BlackList...)
 	appConfigLock.RUnlock()
 
 	cachedConfig = &configCopy
@@ -196,10 +196,8 @@ func setConfig(cfg *AppConfig) {
 
 // LoadConfig 加载配置文件
 func LoadConfig() error {
-	// 首先使用默认配置
 	cfg := DefaultConfig()
 
-	// 尝试加载TOML配置文件
 	if data, err := os.ReadFile("config.toml"); err == nil {
 		if err := toml.Unmarshal(data, cfg); err != nil {
 			return fmt.Errorf("解析配置文件失败: %v", err)
@@ -208,10 +206,7 @@ func LoadConfig() error {
 		fmt.Println("未找到config.toml，使用默认配置")
 	}
 
-	// 从环境变量覆盖配置
 	overrideFromEnv(cfg)
-	
-	// 设置配置
 	setConfig(cfg)
 
 	return nil
@@ -219,7 +214,6 @@ func LoadConfig() error {
 
 // overrideFromEnv 从环境变量覆盖配置
 func overrideFromEnv(cfg *AppConfig) {
-	// 服务器配置
 	if val := os.Getenv("SERVER_HOST"); val != "" {
 		cfg.Server.Host = val
 	}
@@ -228,13 +222,17 @@ func overrideFromEnv(cfg *AppConfig) {
 			cfg.Server.Port = port
 		}
 	}
+	if val := os.Getenv("ENABLE_H2C"); val != "" {
+		if enable, err := strconv.ParseBool(val); err == nil {
+			cfg.Server.EnableH2C = enable
+		}
+	}
 	if val := os.Getenv("MAX_FILE_SIZE"); val != "" {
 		if size, err := strconv.ParseInt(val, 10, 64); err == nil && size > 0 {
 			cfg.Server.FileSize = size
 		}
 	}
 
-	// 限流配置
 	if val := os.Getenv("RATE_LIMIT"); val != "" {
 		if limit, err := strconv.Atoi(val); err == nil && limit > 0 {
 			cfg.RateLimit.RequestLimit = limit
@@ -246,7 +244,6 @@ func overrideFromEnv(cfg *AppConfig) {
 		}
 	}
 
-	// IP限制配置
 	if val := os.Getenv("IP_WHITELIST"); val != "" {
 		cfg.Security.WhiteList = append(cfg.Security.WhiteList, strings.Split(val, ",")...)
 	}
@@ -254,7 +251,6 @@ func overrideFromEnv(cfg *AppConfig) {
 		cfg.Security.BlackList = append(cfg.Security.BlackList, strings.Split(val, ",")...)
 	}
 
-	// 下载限制配置
 	if val := os.Getenv("MAX_IMAGES"); val != "" {
 		if maxImages, err := strconv.Atoi(val); err == nil && maxImages > 0 {
 			cfg.Download.MaxImages = maxImages

src/go.mod

@@ -1,13 +1,13 @@
 module hubproxy
 
-go 1.24.0
+go 1.25
 
 require (
-	github.com/gin-gonic/gin v1.10.0
+	github.com/gin-gonic/gin v1.10.1
-	github.com/google/go-containerregistry v0.20.5
+	github.com/google/go-containerregistry v0.20.6
-	github.com/pelletier/go-toml/v2 v2.2.3
+	github.com/pelletier/go-toml/v2 v2.2.4
-	golang.org/x/net v0.33.0
+	golang.org/x/net v0.43.0
-	golang.org/x/time v0.11.0
+	golang.org/x/time v0.12.0
 )
 
 require (
@@ -16,7 +16,7 @@ require (
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
-	github.com/docker/cli v28.1.1+incompatible // indirect
+	github.com/docker/cli v28.2.2+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.9.3 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
@@ -28,7 +28,6 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -37,17 +36,15 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rogpeppe/go-internal v1.9.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/vbatts/tar-split v0.12.1 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect
-	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

src/go.sum

@@ -8,12 +8,11 @@ github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/cli v28.1.1+incompatible h1:eyUemzeI45DY7eDPuwUcmDyDj1pM98oD5MdSpiItp8k=
+github.com/docker/cli v28.2.2+incompatible h1:qzx5BNUDFqlvyq4AHzdNB7gSyVTmU4cgsyN9SdInc1A=
-github.com/docker/cli v28.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v28.2.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
@@ -22,8 +21,8 @@ github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uq
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
-github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -36,8 +35,8 @@ github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-containerregistry v0.20.5 h1:4RnlYcDs5hoA++CeFjlbZ/U9Yp1EuWr+UhhTyYQjOP0=
+github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU=
-github.com/google/go-containerregistry v0.20.5/go.mod h1:Q14vdOOzug02bwnhMkZKD4e30pDaD9W65qzXpyzF49E=
+github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -47,13 +46,6 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02
 github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
 github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
@@ -69,15 +61,12 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -99,28 +88,25 @@ github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVO
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
 google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

src/handlers/docker.go

@@ -1,4 +1,4 @@
-package main
+package handlers
 
 import (
 	"context"
@@ -12,6 +12,8 @@ import (
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"hubproxy/config"
+	"hubproxy/utils"
 )
 
 // DockerProxy Docker代理配置
@@ -26,13 +28,18 @@ var dockerProxy *DockerProxy
 type RegistryDetector struct{}
 
 // detectRegistryDomain 检测Registry域名并返回域名和剩余路径
-func (rd *RegistryDetector) detectRegistryDomain(path string) (string, string) {
+func (rd *RegistryDetector) detectRegistryDomain(c *gin.Context, path string) (string, string) {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
+
+	// 兼容Containerd的ns参数
+	if ns := c.Query("ns"); ns != "" {
+		if mapping, exists := cfg.Registries[ns]; exists && mapping.Enabled {
+			return ns, path
+		}
+	}
 
-	// 检查路径是否以已知Registry域名开头
 	for domain := range cfg.Registries {
 		if strings.HasPrefix(path, domain+"/") {
-			// 找到匹配的域名，返回域名和剩余路径
 			remainingPath := strings.TrimPrefix(path, domain+"/")
 			return domain, remainingPath
 		}
@@ -43,7 +50,7 @@ func (rd *RegistryDetector) detectRegistryDomain(path string) (string, string) {
 
 // isRegistryEnabled 检查Registry是否启用
 func (rd *RegistryDetector) isRegistryEnabled(domain string) bool {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 	if mapping, exists := cfg.Registries[domain]; exists {
 		return mapping.Enabled
 	}
@@ -51,28 +58,26 @@ func (rd *RegistryDetector) isRegistryEnabled(domain string) bool {
 }
 
 // getRegistryMapping 获取Registry映射配置
-func (rd *RegistryDetector) getRegistryMapping(domain string) (RegistryMapping, bool) {
+func (rd *RegistryDetector) getRegistryMapping(domain string) (config.RegistryMapping, bool) {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 	mapping, exists := cfg.Registries[domain]
 	return mapping, exists && mapping.Enabled
 }
 
 var registryDetector = &RegistryDetector{}
 
-// 初始化Docker代理
+// InitDockerProxy 初始化Docker代理
-func initDockerProxy() {
+func InitDockerProxy() {
-	// 创建目标registry
 	registry, err := name.NewRegistry("registry-1.docker.io")
 	if err != nil {
 		fmt.Printf("创建Docker registry失败: %v\n", err)
 		return
 	}
 
-	// 配置代理选项
 	options := []remote.Option{
 		remote.WithAuth(authn.Anonymous),
 		remote.WithUserAgent("hubproxy/go-containerregistry"),
-		remote.WithTransport(GetGlobalHTTPClient().Transport),
+		remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
 	}
 
 	dockerProxy = &DockerProxy{
@@ -85,13 +90,11 @@ func initDockerProxy() {
 func ProxyDockerRegistryGin(c *gin.Context) {
 	path := c.Request.URL.Path
 
-	// 处理 /v2/ API版本检查
 	if path == "/v2/" {
 		c.JSON(http.StatusOK, gin.H{})
 		return
 	}
 
-	// 处理不同的API端点
 	if strings.HasPrefix(path, "/v2/") {
 		handleRegistryRequest(c, path)
 	} else {
@@ -101,16 +104,13 @@ func ProxyDockerRegistryGin(c *gin.Context) {
 
 // handleRegistryRequest 处理Registry请求
 func handleRegistryRequest(c *gin.Context, path string) {
-	// 移除 /v2/ 前缀
 	pathWithoutV2 := strings.TrimPrefix(path, "/v2/")
 
-	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(pathWithoutV2); registryDomain != "" {
+	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(c, pathWithoutV2); registryDomain != "" {
 		if registryDetector.isRegistryEnabled(registryDomain) {
-			// 设置目标Registry信息到Context
 			c.Set("target_registry_domain", registryDomain)
 			c.Set("target_path", remainingPath)
 
-			// 处理多Registry请求
 			handleMultiRegistryRequest(c, registryDomain, remainingPath)
 			return
 		}
@@ -122,19 +122,16 @@ func handleRegistryRequest(c *gin.Context, path string) {
 		return
 	}
 
-	// 自动处理官方镜像的library命名空间
 	if !strings.Contains(imageName, "/") {
 		imageName = "library/" + imageName
 	}
 
-	// Docker镜像访问控制检查
+	if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(imageName); !allowed {
-	if allowed, reason := GlobalAccessController.CheckDockerAccess(imageName); !allowed {
 		fmt.Printf("Docker镜像 %s 访问被拒绝: %s\n", imageName, reason)
 		c.String(http.StatusForbidden, "镜像访问被限制")
 		return
 	}
 
-	// 构建完整的镜像引用
 	imageRef := fmt.Sprintf("%s/%s", dockerProxy.registry.Name(), imageName)
 
 	switch apiType {
@@ -151,7 +148,6 @@ func handleRegistryRequest(c *gin.Context, path string) {
 
 // parseRegistryPath 解析Registry路径
 func parseRegistryPath(path string) (imageName, apiType, reference string) {
-	// 查找API端点关键字
 	if idx := strings.Index(path, "/manifests/"); idx != -1 {
 		imageName = path[:idx]
 		apiType = "manifests"
@@ -178,13 +174,11 @@ func parseRegistryPath(path string) (imageName, apiType, reference string) {
 
 // handleManifestRequest 处理manifest请求
 func handleManifestRequest(c *gin.Context, imageRef, reference string) {
-	// Manifest缓存逻辑(仅对GET请求缓存)
+	if utils.IsCacheEnabled() && c.Request.Method == http.MethodGet {
-	if isCacheEnabled() && c.Request.Method == http.MethodGet {
+		cacheKey := utils.BuildManifestCacheKey(imageRef, reference)
-		cacheKey := buildManifestCacheKey(imageRef, reference)
 
-		// 优先从缓存获取
+		if cachedItem := utils.GlobalCache.Get(cacheKey); cachedItem != nil {
-		if cachedItem := globalCache.Get(cacheKey); cachedItem != nil {
+			utils.WriteCachedResponse(c, cachedItem)
-			writeCachedResponse(c, cachedItem)
 			return
 		}
 	}
@@ -192,12 +186,9 @@ func handleManifestRequest(c *gin.Context, imageRef, reference string) {
 	var ref name.Reference
 	var err error
 
-	// 判断reference是digest还是tag
 	if strings.HasPrefix(reference, "sha256:") {
-		// 是digest
 		ref, err = name.NewDigest(fmt.Sprintf("%s@%s", imageRef, reference))
 	} else {
-		// 是tag
 		ref, err = name.NewTag(fmt.Sprintf("%s:%s", imageRef, reference))
 	}
 
@@ -207,9 +198,7 @@ func handleManifestRequest(c *gin.Context, imageRef, reference string) {
 		return
 	}
 
-	// 根据请求方法选择操作
 	if c.Request.Method == http.MethodHead {
-		// HEAD请求，使用remote.Head
 		desc, err := remote.Head(ref, dockerProxy.options...)
 		if err != nil {
 			fmt.Printf("HEAD请求失败: %v\n", err)
@@ -217,13 +206,11 @@ func handleManifestRequest(c *gin.Context, imageRef, reference string) {
 			return
 		}
 
-		// 设置响应头
 		c.Header("Content-Type", string(desc.MediaType))
 		c.Header("Docker-Content-Digest", desc.Digest.String())
 		c.Header("Content-Length", fmt.Sprintf("%d", desc.Size))
 		c.Status(http.StatusOK)
 	} else {
-		// GET请求，使用remote.Get
 		desc, err := remote.Get(ref, dockerProxy.options...)
 		if err != nil {
 			fmt.Printf("GET请求失败: %v\n", err)
@@ -231,33 +218,28 @@ func handleManifestRequest(c *gin.Context, imageRef, reference string) {
 			return
 		}
 
-		// 设置响应头
 		headers := map[string]string{
 			"Docker-Content-Digest": desc.Digest.String(),
 			"Content-Length":        fmt.Sprintf("%d", len(desc.Manifest)),
 		}
 
-		// 缓存响应
+		if utils.IsCacheEnabled() {
-		if isCacheEnabled() {
+			cacheKey := utils.BuildManifestCacheKey(imageRef, reference)
-			cacheKey := buildManifestCacheKey(imageRef, reference)
+			ttl := utils.GetManifestTTL(reference)
-			ttl := getManifestTTL(reference)
+			utils.GlobalCache.Set(cacheKey, desc.Manifest, string(desc.MediaType), headers, ttl)
-			globalCache.Set(cacheKey, desc.Manifest, string(desc.MediaType), headers, ttl)
 		}
 
-		// 设置响应头
 		c.Header("Content-Type", string(desc.MediaType))
 		for key, value := range headers {
 			c.Header(key, value)
 		}
 
-		// 返回manifest内容
 		c.Data(http.StatusOK, string(desc.MediaType), desc.Manifest)
 	}
 }
 
 // handleBlobRequest 处理blob请求
 func handleBlobRequest(c *gin.Context, imageRef, digest string) {
-	// 构建digest引用
 	digestRef, err := name.NewDigest(fmt.Sprintf("%s@%s", imageRef, digest))
 	if err != nil {
 		fmt.Printf("解析digest引用失败: %v\n", err)
@@ -265,7 +247,6 @@ func handleBlobRequest(c *gin.Context, imageRef, digest string) {
 		return
 	}
 
-	// 使用remote.Layer获取layer
 	layer, err := remote.Layer(digestRef, dockerProxy.options...)
 	if err != nil {
 		fmt.Printf("获取layer失败: %v\n", err)
@@ -273,7 +254,6 @@ func handleBlobRequest(c *gin.Context, imageRef, digest string) {
 		return
 	}
 
-	// 获取layer信息
 	size, err := layer.Size()
 	if err != nil {
 		fmt.Printf("获取layer大小失败: %v\n", err)
@@ -281,7 +261,6 @@ func handleBlobRequest(c *gin.Context, imageRef, digest string) {
 		return
 	}
 
-	// 获取layer内容
 	reader, err := layer.Compressed()
 	if err != nil {
 		fmt.Printf("获取layer内容失败: %v\n", err)
@@ -290,19 +269,16 @@ func handleBlobRequest(c *gin.Context, imageRef, digest string) {
 	}
 	defer reader.Close()
 
-	// 设置响应头
 	c.Header("Content-Type", "application/octet-stream")
 	c.Header("Content-Length", fmt.Sprintf("%d", size))
 	c.Header("Docker-Content-Digest", digest)
 
-	// 流式传输blob内容
 	c.Status(http.StatusOK)
 	io.Copy(c.Writer, reader)
 }
 
 // handleTagsRequest 处理tags列表请求
 func handleTagsRequest(c *gin.Context, imageRef string) {
-	// 解析repository
 	repo, err := name.NewRepository(imageRef)
 	if err != nil {
 		fmt.Printf("解析repository失败: %v\n", err)
@@ -310,7 +286,6 @@ func handleTagsRequest(c *gin.Context, imageRef string) {
 		return
 	}
 
-	// 使用remote.List获取tags
 	tags, err := remote.List(repo, dockerProxy.options...)
 	if err != nil {
 		fmt.Printf("获取tags失败: %v\n", err)
@@ -318,7 +293,6 @@ func handleTagsRequest(c *gin.Context, imageRef string) {
 		return
 	}
 
-	// 构建响应
 	response := map[string]interface{}{
 		"name": strings.TrimPrefix(imageRef, dockerProxy.registry.Name()+"/"),
 		"tags": tags,
@@ -327,10 +301,9 @@ func handleTagsRequest(c *gin.Context, imageRef string) {
 	c.JSON(http.StatusOK, response)
 }
 
-// ProxyDockerAuthGin Docker认证代理（带缓存优化）
+// ProxyDockerAuthGin Docker认证代理
 func ProxyDockerAuthGin(c *gin.Context) {
-	// 检查是否启用token缓存
+	if utils.IsTokenCacheEnabled() {
-	if isTokenCacheEnabled() {
 		proxyDockerAuthWithCache(c)
 	} else {
 		proxyDockerAuthOriginal(c)
@@ -339,32 +312,26 @@ func ProxyDockerAuthGin(c *gin.Context) {
 
 // proxyDockerAuthWithCache 带缓存的认证代理
 func proxyDockerAuthWithCache(c *gin.Context) {
-	// 1. 构建缓存key（基于完整的查询参数）
+	cacheKey := utils.BuildTokenCacheKey(c.Request.URL.RawQuery)
-	cacheKey := buildTokenCacheKey(c.Request.URL.RawQuery)
 
-	// 2. 尝试从缓存获取token
+	if cachedToken := utils.GlobalCache.GetToken(cacheKey); cachedToken != "" {
-	if cachedToken := globalCache.GetToken(cacheKey); cachedToken != "" {
+		utils.WriteTokenResponse(c, cachedToken)
-		writeTokenResponse(c, cachedToken)
 		return
 	}
 
-	// 3. 缓存未命中，创建响应记录器
 	recorder := &ResponseRecorder{
 		ResponseWriter: c.Writer,
 		statusCode:     200,
 	}
 	c.Writer = recorder
 
-	// 4. 调用原有认证逻辑
 	proxyDockerAuthOriginal(c)
 
-	// 5. 如果认证成功，缓存响应
 	if recorder.statusCode == 200 && len(recorder.body) > 0 {
-		ttl := extractTTLFromResponse(recorder.body)
+		ttl := utils.ExtractTTLFromResponse(recorder.body)
-		globalCache.SetToken(cacheKey, string(recorder.body), ttl)
+		utils.GlobalCache.SetToken(cacheKey, string(recorder.body), ttl)
 	}
 
-	// 6. 写入实际响应
 	c.Writer = recorder.ResponseWriter
 	c.Data(recorder.statusCode, "application/json", recorder.body)
 }
@@ -389,14 +356,11 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 	var authURL string
 	if targetDomain, exists := c.Get("target_registry_domain"); exists {
 		if mapping, found := registryDetector.getRegistryMapping(targetDomain.(string)); found {
-			// 使用Registry特定的认证服务器
 			authURL = "https://" + mapping.AuthHost + c.Request.URL.Path
 		} else {
-			// fallback到默认Docker认证
 			authURL = "https://auth.docker.io" + c.Request.URL.Path
 		}
 	} else {
-		// 构建默认Docker认证URL
 		authURL = "https://auth.docker.io" + c.Request.URL.Path
 	}
 
@@ -404,13 +368,11 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 		authURL += "?" + c.Request.URL.RawQuery
 	}
 
-	// 创建HTTP客户端，复用全局传输配置（包含代理设置）
 	client := &http.Client{
 		Timeout:   30 * time.Second,
-		Transport: GetGlobalHTTPClient().Transport,
+		Transport: utils.GetGlobalHTTPClient().Transport,
 	}
 
-	// 创建请求
 	req, err := http.NewRequestWithContext(
 		context.Background(),
 		c.Request.Method,
@@ -422,14 +384,12 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 		return
 	}
 
-	// 复制请求头
 	for key, values := range c.Request.Header {
 		for _, value := range values {
 			req.Header.Add(key, value)
 		}
 	}
 
-	// 执行请求
 	resp, err := client.Do(req)
 	if err != nil {
 		c.String(http.StatusBadGateway, "Auth request failed")
@@ -437,37 +397,30 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 	}
 	defer resp.Body.Close()
 
-	// 获取当前代理的Host地址
 	proxyHost := c.Request.Host
 	if proxyHost == "" {
-		// 使用配置中的服务器地址和端口
+		cfg := config.GetConfig()
-		cfg := GetConfig()
 		proxyHost = fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
 		if cfg.Server.Host == "0.0.0.0" {
 			proxyHost = fmt.Sprintf("localhost:%d", cfg.Server.Port)
 		}
 	}
 
-	// 复制响应头并重写认证URL
 	for key, values := range resp.Header {
 		for _, value := range values {
-			// 重写WWW-Authenticate头中的realm URL
 			if key == "Www-Authenticate" {
-				// 支持多Registry的URL重写
 				value = rewriteAuthHeader(value, proxyHost)
 			}
 			c.Header(key, value)
 		}
 	}
 
-	// 返回响应
 	c.Status(resp.StatusCode)
 	io.Copy(c.Writer, resp.Body)
 }
 
 // rewriteAuthHeader 重写认证头
 func rewriteAuthHeader(authHeader, proxyHost string) string {
-	// 重写各种Registry的认证URL
 	authHeader = strings.ReplaceAll(authHeader, "https://auth.docker.io", "http://"+proxyHost)
 	authHeader = strings.ReplaceAll(authHeader, "https://ghcr.io", "http://"+proxyHost)
 	authHeader = strings.ReplaceAll(authHeader, "https://gcr.io", "http://"+proxyHost)
@@ -478,32 +431,27 @@ func rewriteAuthHeader(authHeader, proxyHost string) string {
 
 // handleMultiRegistryRequest 处理多Registry请求
 func handleMultiRegistryRequest(c *gin.Context, registryDomain, remainingPath string) {
-	// 获取Registry映射配置
 	mapping, exists := registryDetector.getRegistryMapping(registryDomain)
 	if !exists {
 		c.String(http.StatusBadRequest, "Registry not configured")
 		return
 	}
 
-	// 解析剩余路径
 	imageName, apiType, reference := parseRegistryPath(remainingPath)
 	if imageName == "" || apiType == "" {
 		c.String(http.StatusBadRequest, "Invalid path format")
 		return
 	}
 
-	// 访问控制检查（使用完整的镜像路径）
 	fullImageName := registryDomain + "/" + imageName
-	if allowed, reason := GlobalAccessController.CheckDockerAccess(fullImageName); !allowed {
+	if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(fullImageName); !allowed {
 		fmt.Printf("镜像 %s 访问被拒绝: %s\n", fullImageName, reason)
 		c.String(http.StatusForbidden, "镜像访问被限制")
 		return
 	}
 
-	// 构建上游Registry引用
 	upstreamImageRef := fmt.Sprintf("%s/%s", mapping.Upstream, imageName)
 
-	// 根据API类型处理请求
 	switch apiType {
 	case "manifests":
 		handleUpstreamManifestRequest(c, upstreamImageRef, reference, mapping)
@@ -517,14 +465,12 @@ func handleMultiRegistryRequest(c *gin.Context, registryDomain, remainingPath st
 }
 
 // handleUpstreamManifestRequest 处理上游Registry的manifest请求
-func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, mapping RegistryMapping) {
+func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, mapping config.RegistryMapping) {
-	// Manifest缓存逻辑(仅对GET请求缓存)
+	if utils.IsCacheEnabled() && c.Request.Method == http.MethodGet {
-	if isCacheEnabled() && c.Request.Method == http.MethodGet {
+		cacheKey := utils.BuildManifestCacheKey(imageRef, reference)
-		cacheKey := buildManifestCacheKey(imageRef, reference)
 
-		// 优先从缓存获取
+		if cachedItem := utils.GlobalCache.Get(cacheKey); cachedItem != nil {
-		if cachedItem := globalCache.Get(cacheKey); cachedItem != nil {
+			utils.WriteCachedResponse(c, cachedItem)
-			writeCachedResponse(c, cachedItem)
 			return
 		}
 	}
@@ -532,7 +478,6 @@ func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, m
 	var ref name.Reference
 	var err error
 
-	// 判断reference是digest还是tag
 	if strings.HasPrefix(reference, "sha256:") {
 		ref, err = name.NewDigest(fmt.Sprintf("%s@%s", imageRef, reference))
 	} else {
@@ -545,10 +490,8 @@ func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, m
 		return
 	}
 
-	// 创建针对上游Registry的选项
 	options := createUpstreamOptions(mapping)
 
-	// 根据请求方法选择操作
 	if c.Request.Method == http.MethodHead {
 		desc, err := remote.Head(ref, options...)
 		if err != nil {
@@ -569,20 +512,17 @@ func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, m
 			return
 		}
 
-		// 设置响应头
 		headers := map[string]string{
 			"Docker-Content-Digest": desc.Digest.String(),
 			"Content-Length":        fmt.Sprintf("%d", len(desc.Manifest)),
 		}
 
-		// 缓存响应
+		if utils.IsCacheEnabled() {
-		if isCacheEnabled() {
+			cacheKey := utils.BuildManifestCacheKey(imageRef, reference)
-			cacheKey := buildManifestCacheKey(imageRef, reference)
+			ttl := utils.GetManifestTTL(reference)
-			ttl := getManifestTTL(reference)
+			utils.GlobalCache.Set(cacheKey, desc.Manifest, string(desc.MediaType), headers, ttl)
-			globalCache.Set(cacheKey, desc.Manifest, string(desc.MediaType), headers, ttl)
 		}
 
-		// 设置响应头
 		c.Header("Content-Type", string(desc.MediaType))
 		for key, value := range headers {
 			c.Header(key, value)
@@ -593,7 +533,7 @@ func handleUpstreamManifestRequest(c *gin.Context, imageRef, reference string, m
 }
 
 // handleUpstreamBlobRequest 处理上游Registry的blob请求
-func handleUpstreamBlobRequest(c *gin.Context, imageRef, digest string, mapping RegistryMapping) {
+func handleUpstreamBlobRequest(c *gin.Context, imageRef, digest string, mapping config.RegistryMapping) {
 	digestRef, err := name.NewDigest(fmt.Sprintf("%s@%s", imageRef, digest))
 	if err != nil {
 		fmt.Printf("解析digest引用失败: %v\n", err)
@@ -633,7 +573,7 @@ func handleUpstreamBlobRequest(c *gin.Context, imageRef, digest string, mapping
 }
 
 // handleUpstreamTagsRequest 处理上游Registry的tags请求
-func handleUpstreamTagsRequest(c *gin.Context, imageRef string, mapping RegistryMapping) {
+func handleUpstreamTagsRequest(c *gin.Context, imageRef string, mapping config.RegistryMapping) {
 	repo, err := name.NewRepository(imageRef)
 	if err != nil {
 		fmt.Printf("解析repository失败: %v\n", err)
@@ -658,14 +598,14 @@ func handleUpstreamTagsRequest(c *gin.Context, imageRef string, mapping Registry
 }
 
 // createUpstreamOptions 创建上游Registry选项
-func createUpstreamOptions(mapping RegistryMapping) []remote.Option {
+func createUpstreamOptions(mapping config.RegistryMapping) []remote.Option {
 	options := []remote.Option{
 		remote.WithAuth(authn.Anonymous),
 		remote.WithUserAgent("hubproxy/go-containerregistry"),
-		remote.WithTransport(GetGlobalHTTPClient().Transport),
+		remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
 	}
 
-	// 根据Registry类型添加特定的认证选项（方便后续扩展）
+	// 预留将来不同Registry的差异化认证逻辑扩展点
 	switch mapping.AuthType {
 	case "github":
 	case "google":

src/handlers/github.go

@@ -0,0 +1,232 @@
+package handlers
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"hubproxy/config"
+	"hubproxy/utils"
+)
+
+var (
+	// GitHub URL匹配正则表达式
+	githubExps = []*regexp.Regexp{
+		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:releases|archive)/.*`),
+		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:blob|raw)/.*`),
+		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:info|git-).*`),
+		regexp.MustCompile(`^(?:https?://)?raw\.github(?:usercontent|)\.com/([^/]+)/([^/]+)/.+?/.+`),
+		regexp.MustCompile(`^(?:https?://)?gist\.(?:githubusercontent|github)\.com/([^/]+)/([^/]+).*`),
+		regexp.MustCompile(`^(?:https?://)?api\.github\.com/repos/([^/]+)/([^/]+)/.*`),
+		regexp.MustCompile(`^(?:https?://)?huggingface\.co(?:/spaces)?/([^/]+)/(.+)`),
+		regexp.MustCompile(`^(?:https?://)?cdn-lfs\.hf\.co(?:/spaces)?/([^/]+)/([^/]+)(?:/(.*))?`),
+		regexp.MustCompile(`^(?:https?://)?download\.docker\.com/([^/]+)/.*\.(tgz|zip)`),
+		regexp.MustCompile(`^(?:https?://)?(github|opengraph)\.githubassets\.com/([^/]+)/.+?`),
+	}
+)
+
+// 全局变量：被阻止的内容类型
+var blockedContentTypes = map[string]bool{
+	"text/html":             true,
+	"application/xhtml+xml": true,
+	"text/xml":              true,
+	"application/xml":       true,
+}
+
+// GitHubProxyHandler GitHub代理处理器
+func GitHubProxyHandler(c *gin.Context) {
+	rawPath := strings.TrimPrefix(c.Request.URL.RequestURI(), "/")
+
+	for strings.HasPrefix(rawPath, "/") {
+		rawPath = strings.TrimPrefix(rawPath, "/")
+	}
+
+	// 自动补全协议头
+	if !strings.HasPrefix(rawPath, "https://") {
+		if strings.HasPrefix(rawPath, "http:/") || strings.HasPrefix(rawPath, "https:/") {
+			rawPath = strings.Replace(rawPath, "http:/", "", 1)
+			rawPath = strings.Replace(rawPath, "https:/", "", 1)
+		} else if strings.HasPrefix(rawPath, "http://") {
+			rawPath = strings.TrimPrefix(rawPath, "http://")
+		}
+		rawPath = "https://" + rawPath
+	}
+
+	matches := CheckGitHubURL(rawPath)
+	if matches != nil {
+		if allowed, reason := utils.GlobalAccessController.CheckGitHubAccess(matches); !allowed {
+			var repoPath string
+			if len(matches) >= 2 {
+				username := matches[0]
+				repoName := strings.TrimSuffix(matches[1], ".git")
+				repoPath = username + "/" + repoName
+			}
+			fmt.Printf("GitHub仓库 %s 访问被拒绝: %s\n", repoPath, reason)
+			c.String(http.StatusForbidden, reason)
+			return
+		}
+	} else {
+		c.String(http.StatusForbidden, "无效输入")
+		return
+	}
+
+	// 将blob链接转换为raw链接
+	if githubExps[1].MatchString(rawPath) {
+		rawPath = strings.Replace(rawPath, "/blob/", "/raw/", 1)
+	}
+
+	ProxyGitHubRequest(c, rawPath)
+}
+
+// CheckGitHubURL 检查URL是否匹配GitHub模式
+func CheckGitHubURL(u string) []string {
+	for _, exp := range githubExps {
+		if matches := exp.FindStringSubmatch(u); matches != nil {
+			return matches[1:]
+		}
+	}
+	return nil
+}
+
+// ProxyGitHubRequest 代理GitHub请求
+func ProxyGitHubRequest(c *gin.Context, u string) {
+	proxyGitHubWithRedirect(c, u, 0)
+}
+
+// proxyGitHubWithRedirect 带重定向的GitHub代理请求
+func proxyGitHubWithRedirect(c *gin.Context, u string, redirectCount int) {
+	const maxRedirects = 20
+	if redirectCount > maxRedirects {
+		c.String(http.StatusLoopDetected, "重定向次数过多，可能存在循环重定向")
+		return
+	}
+
+	req, err := http.NewRequest(c.Request.Method, u, c.Request.Body)
+	if err != nil {
+		c.String(http.StatusInternalServerError, fmt.Sprintf("server error %v", err))
+		return
+	}
+
+	// 复制请求头
+	for key, values := range c.Request.Header {
+		for _, value := range values {
+			req.Header.Add(key, value)
+		}
+	}
+	req.Header.Del("Host")
+
+	resp, err := utils.GetGlobalHTTPClient().Do(req)
+	if err != nil {
+		c.String(http.StatusInternalServerError, fmt.Sprintf("server error %v", err))
+		return
+	}
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			fmt.Printf("关闭响应体失败: %v\n", err)
+		}
+	}()
+	
+	// 检查并处理被阻止的内容类型
+	if c.Request.Method == "GET" {
+		if contentType := resp.Header.Get("Content-Type"); blockedContentTypes[strings.ToLower(strings.Split(contentType, ";")[0])] {
+			c.JSON(http.StatusForbidden, map[string]string{
+				"error":   "Content type not allowed",
+				"message": "检测到网页类型，本服务不支持加速网页，请检查您的链接是否正确。",
+			})
+			return
+		}
+	}
+
+	// 检查文件大小限制
+	cfg := config.GetConfig()
+	if contentLength := resp.Header.Get("Content-Length"); contentLength != "" {
+		if size, err := strconv.ParseInt(contentLength, 10, 64); err == nil && size > cfg.Server.FileSize {
+			c.String(http.StatusRequestEntityTooLarge,
+				fmt.Sprintf("文件过大，限制大小: %d MB", cfg.Server.FileSize/(1024*1024)))
+			return
+		}
+	}
+
+	// 清理安全相关的头
+	resp.Header.Del("Content-Security-Policy")
+	resp.Header.Del("Referrer-Policy")
+	resp.Header.Del("Strict-Transport-Security")
+
+	// 获取真实域名
+	realHost := c.Request.Header.Get("X-Forwarded-Host")
+	if realHost == "" {
+		realHost = c.Request.Host
+	}
+	if !strings.HasPrefix(realHost, "http://") && !strings.HasPrefix(realHost, "https://") {
+		realHost = "https://" + realHost
+	}
+
+	// 处理.sh和.ps1文件的智能处理
+	if strings.HasSuffix(strings.ToLower(u), ".sh") || strings.HasSuffix(strings.ToLower(u), ".ps1") {
+		isGzipCompressed := resp.Header.Get("Content-Encoding") == "gzip"
+
+		processedBody, processedSize, err := utils.ProcessSmart(resp.Body, isGzipCompressed, realHost)
+		if err != nil {
+			fmt.Printf("脚本处理失败: %v\n", err)
+			c.String(http.StatusBadGateway, "Script processing failed: %v", err)
+			return
+		}
+
+		// 智能设置响应头
+		if processedSize > 0 {
+			resp.Header.Del("Content-Length")
+			resp.Header.Del("Content-Encoding")
+			resp.Header.Set("Transfer-Encoding", "chunked")
+		}
+
+		// 复制其他响应头
+		for key, values := range resp.Header {
+			for _, value := range values {
+				c.Header(key, value)
+			}
+		}
+
+		// 处理重定向
+		if location := resp.Header.Get("Location"); location != "" {
+			if CheckGitHubURL(location) != nil {
+				c.Header("Location", "/"+location)
+			} else {
+				proxyGitHubWithRedirect(c, location, redirectCount+1)
+				return
+			}
+		}
+
+		c.Status(resp.StatusCode)
+
+		// 输出处理后的内容
+		if _, err := io.Copy(c.Writer, processedBody); err != nil {
+			return
+		}
+	} else {
+		// 复制响应头
+		for key, values := range resp.Header {
+			for _, value := range values {
+				c.Header(key, value)
+			}
+		}
+
+		// 处理重定向
+		if location := resp.Header.Get("Location"); location != "" {
+			if CheckGitHubURL(location) != nil {
+				c.Header("Location", "/"+location)
+			} else {
+				proxyGitHubWithRedirect(c, location, redirectCount+1)
+				return
+			}
+		}
+
+		c.Status(resp.StatusCode)
+
+		// 直接流式转发
+		io.Copy(c.Writer, resp.Body)
+	}
+}

src/handlers/imagetar.go

@@ -1,4 +1,4 @@
-package main
+package handlers
 
 import (
 	"archive/tar"
@@ -23,6 +23,8 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/partial"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/types"
+	"hubproxy/config"
+	"hubproxy/utils"
 )
 
 // DebounceEntry 防抖条目
@@ -58,17 +60,15 @@ func (d *DownloadDebouncer) ShouldAllow(userID, contentKey string) bool {
 
 	if entry, exists := d.entries[key]; exists {
 		if now.Sub(entry.LastRequest) < d.window {
-			return false // 在防抖窗口内，拒绝请求
+			return false
 		}
 	}
 
-	// 更新或创建条目
 	d.entries[key] = &DebounceEntry{
 		LastRequest: now,
 		UserID:      userID,
 	}
 
-	// 清理过期条目（每5分钟清理一次）
 	if time.Since(d.lastCleanup) > 5*time.Minute {
 		d.cleanup(now)
 		d.lastCleanup = now
@@ -88,50 +88,41 @@ func (d *DownloadDebouncer) cleanup(now time.Time) {
 
 // generateContentFingerprint 生成内容指纹
 func generateContentFingerprint(images []string, platform string) string {
-	// 对镜像列表排序确保顺序无关
 	sortedImages := make([]string, len(images))
 	copy(sortedImages, images)
 	sort.Strings(sortedImages)
 
-	// 组合内容：镜像列表 + 平台信息
 	content := strings.Join(sortedImages, "|") + ":" + platform
 
-	// 生成MD5哈希
 	hash := md5.Sum([]byte(content))
 	return hex.EncodeToString(hash[:])
 }
 
 // getUserID 获取用户标识
 func getUserID(c *gin.Context) string {
-	// 优先使用会话Cookie
 	if sessionID, err := c.Cookie("session_id"); err == nil && sessionID != "" {
 		return "session:" + sessionID
 	}
 
-	// 备用方案：IP + User-Agent组合
 	ip := c.ClientIP()
 	userAgent := c.GetHeader("User-Agent")
 	if userAgent == "" {
 		userAgent = "unknown"
 	}
 
-	// 生成简短标识
 	combined := ip + ":" + userAgent
 	hash := md5.Sum([]byte(combined))
-	return "ip:" + hex.EncodeToString(hash[:8]) // 只取前8字节
+	return "ip:" + hex.EncodeToString(hash[:8])
 }
 
-// 全局防抖器实例
 var (
 	singleImageDebouncer *DownloadDebouncer
 	batchImageDebouncer  *DownloadDebouncer
 )
 
-// initDebouncer 初始化防抖器
+// InitDebouncer 初始化防抖器
-func initDebouncer() {
+func InitDebouncer() {
-	// 单个镜像：5秒防抖窗口
 	singleImageDebouncer = NewDownloadDebouncer(5 * time.Second)
-	// 批量镜像：60秒防抖窗口
 	batchImageDebouncer = NewDownloadDebouncer(60 * time.Second)
 }
 
@@ -147,15 +138,15 @@ type ImageStreamerConfig struct {
 }
 
 // NewImageStreamer 创建镜像下载器
-func NewImageStreamer(config *ImageStreamerConfig) *ImageStreamer {
+func NewImageStreamer(cfg *ImageStreamerConfig) *ImageStreamer {
-	if config == nil {
+	if cfg == nil {
-		config = &ImageStreamerConfig{}
+		cfg = &ImageStreamerConfig{}
 	}
 
-	concurrency := config.Concurrency
+	concurrency := cfg.Concurrency
 	if concurrency <= 0 {
-		cfg := GetConfig()
+		appCfg := config.GetConfig()
-		concurrency = cfg.Download.MaxImages
+		concurrency = appCfg.Download.MaxImages
 		if concurrency <= 0 {
 			concurrency = 10
 		}
@@ -163,7 +154,7 @@ func NewImageStreamer(config *ImageStreamerConfig) *ImageStreamer {
 
 	remoteOptions := []remote.Option{
 		remote.WithAuth(authn.Anonymous),
-		remote.WithTransport(GetGlobalHTTPClient().Transport),
+		remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
 	}
 
 	return &ImageStreamer{
@@ -176,7 +167,7 @@ func NewImageStreamer(config *ImageStreamerConfig) *ImageStreamer {
 type StreamOptions struct {
 	Platform            string
 	Compression         bool
-	UseCompressedLayers bool // 是否保存原始压缩层，默认开启
+	UseCompressedLayers bool
 }
 
 // StreamImageToWriter 流式下载镜像到Writer
@@ -215,7 +206,6 @@ func (is *ImageStreamer) getImageDescriptor(ref name.Reference, options []remote
 
 // getImageDescriptorWithPlatform 获取指定平台的镜像描述符
 func (is *ImageStreamer) getImageDescriptorWithPlatform(ref name.Reference, options []remote.Option, platform string) (*remote.Descriptor, error) {
-	// 直接从网络获取完整的descriptor，确保对象完整性
 	return remote.Get(ref, options...)
 }
 
@@ -343,7 +333,6 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 			var layerSize int64
 			var layerReader io.ReadCloser
 
-			// 根据配置选择使用压缩层或未压缩层
 			if options != nil && options.UseCompressedLayers {
 				layerSize, err = layer.Size()
 				if err != nil {
@@ -385,12 +374,10 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 		log.Printf("已处理层 %d/%d", i+1, len(layers))
 	}
 
-
-	// 构建单个镜像的manifest信息
 	singleManifest := map[string]interface{}{
 		"Config":   configDigest.String() + ".json",
 		"RepoTags": []string{imageRef},
-		"Layers":   func() []string {
+		"Layers": func() []string {
 			var layers []string
 			for _, digest := range layerDigests {
 				layers = append(layers, digest+"/layer.tar")
@@ -399,7 +386,6 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 		}(),
 	}
 
-	// 构建repositories信息
 	repositories := make(map[string]map[string]string)
 	parts := strings.Split(imageRef, ":")
 	if len(parts) == 2 {
@@ -408,14 +394,12 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 		repositories[repoName] = map[string]string{tag: configDigest.String()}
 	}
 
-	// 如果是批量下载，返回信息而不写入文件
 	if manifestOut != nil && repositoriesOut != nil {
 		*manifestOut = singleManifest
 		*repositoriesOut = repositories
 		return nil
 	}
 
-	// 单镜像下载，直接写入manifest.json
 	manifest := []map[string]interface{}{singleManifest}
 
 	manifestData, err := json.Marshal(manifest)
@@ -437,7 +421,6 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 		return err
 	}
 
-	// 写入repositories文件
 	repositoriesData, err := json.Marshal(repositories)
 	if err != nil {
 		return err
@@ -457,7 +440,7 @@ func (is *ImageStreamer) streamDockerFormatWithReturn(ctx context.Context, tarWr
 	return err
 }
 
-// processImageForBatch 处理镜像的公共逻辑，用于批量下载
+// processImageForBatch 处理镜像的公共逻辑
 func (is *ImageStreamer) processImageForBatch(ctx context.Context, img v1.Image, tarWriter *tar.Writer, imageRef string, options *StreamOptions) (map[string]interface{}, map[string]map[string]string, error) {
 	layers, err := img.Layers()
 	if err != nil {
@@ -499,7 +482,6 @@ func (is *ImageStreamer) streamSingleImageForBatch(ctx context.Context, tarWrite
 
 	switch desc.MediaType {
 	case types.OCIImageIndex, types.DockerManifestList:
-		// 处理多架构镜像
 		img, err = is.selectPlatformImage(desc, options)
 		if err != nil {
 			return nil, nil, fmt.Errorf("选择平台镜像失败: %w", err)
@@ -531,7 +513,6 @@ func (is *ImageStreamer) selectPlatformImage(desc *remote.Descriptor, options *S
 		return nil, fmt.Errorf("获取索引清单失败: %w", err)
 	}
 
-	// 选择合适的平台
 	var selectedDesc *v1.Descriptor
 	for _, m := range manifest.Manifests {
 		if m.Platform == nil {
@@ -549,8 +530,8 @@ func (is *ImageStreamer) selectPlatformImage(desc *remote.Descriptor, options *S
 				}
 
 				if m.Platform.OS == targetOS &&
-				   m.Platform.Architecture == targetArch &&
+					m.Platform.Architecture == targetArch &&
-				   m.Platform.Variant == targetVariant {
+					m.Platform.Variant == targetVariant {
 					selectedDesc = &m
 					break
 				}
@@ -579,8 +560,8 @@ func (is *ImageStreamer) selectPlatformImage(desc *remote.Descriptor, options *S
 
 var globalImageStreamer *ImageStreamer
 
-// initImageStreamer 初始化镜像下载器
+// InitImageStreamer 初始化镜像下载器
-func initImageStreamer() {
+func InitImageStreamer() {
 	globalImageStreamer = NewImageStreamer(nil)
 }
 
@@ -592,8 +573,8 @@ func formatPlatformText(platform string) string {
 	return platform
 }
 
-// initImageTarRoutes 初始化镜像下载路由
+// InitImageTarRoutes 初始化镜像下载路由
-func initImageTarRoutes(router *gin.Engine) {
+func InitImageTarRoutes(router *gin.Engine) {
 	imageAPI := router.Group("/api/image")
 	{
 		imageAPI.GET("/download/:image", handleDirectImageDownload)
@@ -626,13 +607,12 @@ func handleDirectImageDownload(c *gin.Context) {
 		return
 	}
 
-	// 防抖检查
 	userID := getUserID(c)
 	contentKey := generateContentFingerprint([]string{imageRef}, platform)
 
 	if !singleImageDebouncer.ShouldAllow(userID, contentKey) {
 		c.JSON(http.StatusTooManyRequests, gin.H{
-			"error": "请求过于频繁，请稍后再试",
+			"error":       "请求过于频繁，请稍后再试",
 			"retry_after": 5,
 		})
 		return
@@ -678,7 +658,7 @@ func handleSimpleBatchDownload(c *gin.Context) {
 		}
 	}
 
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 	if len(req.Images) > cfg.Download.MaxImages {
 		c.JSON(http.StatusBadRequest, gin.H{
 			"error": fmt.Sprintf("镜像数量超过限制，最大允许: %d", cfg.Download.MaxImages),
@@ -686,19 +666,18 @@ func handleSimpleBatchDownload(c *gin.Context) {
 		return
 	}
 
-	// 批量下载防抖检查
 	userID := getUserID(c)
 	contentKey := generateContentFingerprint(req.Images, req.Platform)
 
 	if !batchImageDebouncer.ShouldAllow(userID, contentKey) {
 		c.JSON(http.StatusTooManyRequests, gin.H{
-			"error": "批量下载请求过于频繁，请稍后再试",
+			"error":       "批量下载请求过于频繁，请稍后再试",
 			"retry_after": 60,
 		})
 		return
 	}
 
-	useCompressed := true // 默认启用原始压缩层
+	useCompressed := true
 	if req.UseCompressedLayers != nil {
 		useCompressed = *req.UseCompressedLayers
 	}
@@ -802,7 +781,6 @@ func (is *ImageStreamer) StreamMultipleImages(ctx context.Context, imageRefs []s
 	var allManifests []map[string]interface{}
 	var allRepositories = make(map[string]map[string]string)
 
-	// 流式处理每个镜像
 	for i, imageRef := range imageRefs {
 		select {
 		case <-ctx.Done():
@@ -812,7 +790,6 @@ func (is *ImageStreamer) StreamMultipleImages(ctx context.Context, imageRefs []s
 
 		log.Printf("处理镜像 %d/%d: %s", i+1, len(imageRefs), imageRef)
 
-		// 防止单个镜像处理时间过长
 		timeoutCtx, cancel := context.WithTimeout(ctx, 15*time.Minute)
 		manifest, repositories, err := is.streamSingleImageForBatch(timeoutCtx, tarWriter, imageRef, options)
 		cancel()
@@ -826,10 +803,8 @@ func (is *ImageStreamer) StreamMultipleImages(ctx context.Context, imageRefs []s
 			return fmt.Errorf("镜像 %s manifest数据为空", imageRef)
 		}
 
-		// 收集manifest信息
 		allManifests = append(allManifests, manifest)
 
-		// 合并repositories信息
 		for repo, tags := range repositories {
 			if allRepositories[repo] == nil {
 				allRepositories[repo] = make(map[string]string)
@@ -840,7 +815,6 @@ func (is *ImageStreamer) StreamMultipleImages(ctx context.Context, imageRefs []s
 		}
 	}
 
-	// 写入合并的manifest.json
 	manifestData, err := json.Marshal(allManifests)
 	if err != nil {
 		return fmt.Errorf("序列化manifest失败: %w", err)
@@ -860,7 +834,6 @@ func (is *ImageStreamer) StreamMultipleImages(ctx context.Context, imageRefs []s
 		return fmt.Errorf("写入manifest数据失败: %w", err)
 	}
 
-	// 写入合并的repositories文件
 	repositoriesData, err := json.Marshal(allRepositories)
 	if err != nil {
 		return fmt.Errorf("序列化repositories失败: %w", err)

src/handlers/search.go

@@ -1,4 +1,4 @@
-package main
+package handlers
 
 import (
 	"context"
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"hubproxy/utils"
 )
 
 // SearchResult Docker Hub搜索结果
@@ -25,27 +26,27 @@ type SearchResult struct {
 
 // Repository 仓库信息
 type Repository struct {
-	Name           string    `json:"repo_name"`
+	Name          string `json:"repo_name"`
-	Description    string    `json:"short_description"`
+	Description   string `json:"short_description"`
-	IsOfficial     bool      `json:"is_official"`
+	IsOfficial    bool   `json:"is_official"`
-	IsAutomated    bool      `json:"is_automated"`
+	IsAutomated   bool   `json:"is_automated"`
-	StarCount      int       `json:"star_count"`
+	StarCount     int    `json:"star_count"`
-	PullCount      int       `json:"pull_count"`
+	PullCount     int    `json:"pull_count"`
-	RepoOwner      string    `json:"repo_owner"`
+	RepoOwner     string `json:"repo_owner"`
-	LastUpdated    string    `json:"last_updated"`
+	LastUpdated   string `json:"last_updated"`
-	Status         int       `json:"status"`
+	Status        int    `json:"status"`
-	Organization   string    `json:"affiliation"`
+	Organization  string `json:"affiliation"`
-	PullsLastWeek  int       `json:"pulls_last_week"`
+	PullsLastWeek int    `json:"pulls_last_week"`
-	Namespace      string    `json:"namespace"`
+	Namespace     string `json:"namespace"`
 }
 
 // TagInfo 标签信息
 type TagInfo struct {
-	Name          string    `json:"name"`
+	Name            string    `json:"name"`
-	FullSize      int64     `json:"full_size"`
+	FullSize        int64     `json:"full_size"`
-	LastUpdated   time.Time `json:"last_updated"`
+	LastUpdated     time.Time `json:"last_updated"`
-	LastPusher    string    `json:"last_pusher"`
+	LastPusher      string    `json:"last_pusher"`
-	Images        []Image   `json:"images"`
+	Images          []Image   `json:"images"`
 	Vulnerabilities struct {
 		Critical int `json:"critical"`
 		High     int `json:"high"`
@@ -66,20 +67,27 @@ type Image struct {
 	Size         int64  `json:"size"`
 }
 
+// TagPageResult 分页标签结果
+type TagPageResult struct {
+	Tags    []TagInfo `json:"tags"`
+	HasMore bool      `json:"has_more"`
+}
+
 type cacheEntry struct {
 	data      interface{}
-	timestamp time.Time
+	expiresAt time.Time
 }
 
 const (
-	maxCacheSize = 1000 // 最大缓存条目数
+	maxCacheSize       = 1000
-	cacheTTL     = 30 * time.Minute
+	maxPaginationCache = 200
+	cacheTTL           = 30 * time.Minute
 )
 
 type Cache struct {
-	data     map[string]cacheEntry
+	data    map[string]cacheEntry
-	mu       sync.RWMutex
+	mu      sync.RWMutex
-	maxSize  int
+	maxSize int
 }
 
 var (
@@ -98,7 +106,7 @@ func (c *Cache) Get(key string) (interface{}, bool) {
 		return nil, false
 	}
 
-	if time.Since(entry.timestamp) > cacheTTL {
+	if time.Now().After(entry.expiresAt) {
 		c.mu.Lock()
 		delete(c.data, key)
 		c.mu.Unlock()
@@ -109,49 +117,43 @@ func (c *Cache) Get(key string) (interface{}, bool) {
 }
 
 func (c *Cache) Set(key string, data interface{}) {
+	c.SetWithTTL(key, data, cacheTTL)
+}
+
+func (c *Cache) SetWithTTL(key string, data interface{}, ttl time.Duration) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
-	now := time.Now()
-	for k, v := range c.data {
-		if now.Sub(v.timestamp) > cacheTTL {
-			delete(c.data, k)
-		}
-	}
-	
 	if len(c.data) >= c.maxSize {
-		toDelete := len(c.data) / 4
+		c.cleanupExpiredLocked()
-		for k := range c.data {
-			if toDelete <= 0 {
-				break
-			}
-			delete(c.data, k)
-			toDelete--
-		}
 	}
 
 	c.data[key] = cacheEntry{
 		data:      data,
-		timestamp: now,
+		expiresAt: time.Now().Add(ttl),
 	}
 }
 
 func (c *Cache) Cleanup() {
 	c.mu.Lock()
 	defer c.mu.Unlock()
+	c.cleanupExpiredLocked()
+}
 
+func (c *Cache) cleanupExpiredLocked() {
 	now := time.Now()
 	for key, entry := range c.data {
-		if now.Sub(entry.timestamp) > cacheTTL {
+		if now.After(entry.expiresAt) {
 			delete(c.data, key)
 		}
 	}
 }
 
-// 定期清理过期缓存
 func init() {
 	go func() {
 		ticker := time.NewTicker(5 * time.Minute)
+		defer ticker.Stop()
+
 		for range ticker.C {
 			searchCache.Cleanup()
 		}
@@ -163,67 +165,85 @@ func filterSearchResults(results []Repository, query string) []Repository {
 	filtered := make([]Repository, 0)
 
 	for _, repo := range results {
-		// 标准化仓库名称
 		repoName := strings.ToLower(repo.Name)
 		repoDesc := strings.ToLower(repo.Description)
 
-		// 计算相关性得分
 		score := 0
 
-		// 完全匹配
 		if repoName == searchTerm {
 			score += 100
 		}
 
-		// 前缀匹配
 		if strings.HasPrefix(repoName, searchTerm) {
 			score += 50
 		}
 
-		// 包含匹配
 		if strings.Contains(repoName, searchTerm) {
 			score += 30
 		}
 
-		// 描述匹配
 		if strings.Contains(repoDesc, searchTerm) {
 			score += 10
 		}
 
-		// 官方镜像加分
 		if repo.IsOfficial {
 			score += 20
 		}
 
-		// 分数达到阈值的结果才保留
 		if score > 0 {
 			filtered = append(filtered, repo)
 		}
 	}
 
-	// 按相关性排序
 	sort.Slice(filtered, func(i, j int) bool {
-		// 优先考虑官方镜像
 		if filtered[i].IsOfficial != filtered[j].IsOfficial {
 			return filtered[i].IsOfficial
 		}
-		// 其次考虑拉取次数
 		return filtered[i].PullCount > filtered[j].PullCount
 	})
 
 	return filtered
 }
 
+// normalizeRepository 统一规范化仓库信息
+func normalizeRepository(repo *Repository) {
+	if repo.IsOfficial {
+		repo.Namespace = "library"
+		if !strings.Contains(repo.Name, "/") {
+			repo.Name = "library/" + repo.Name
+		}
+	} else {
+		if repo.Namespace == "" && repo.RepoOwner != "" {
+			repo.Namespace = repo.RepoOwner
+		}
+
+		if strings.Contains(repo.Name, "/") {
+			parts := strings.Split(repo.Name, "/")
+			if len(parts) > 1 {
+				if repo.Namespace == "" {
+					repo.Namespace = parts[0]
+				}
+				repo.Name = parts[len(parts)-1]
+			}
+		}
+	}
+}
+
 // searchDockerHub 搜索镜像
 func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*SearchResult, error) {
+	return searchDockerHubWithDepth(ctx, query, page, pageSize, 0)
+}
+
+func searchDockerHubWithDepth(ctx context.Context, query string, page, pageSize int, depth int) (*SearchResult, error) {
+	if depth > 1 {
+		return nil, fmt.Errorf("搜索请求过于复杂，请尝试更具体的关键词")
+	}
 	cacheKey := fmt.Sprintf("search:%s:%d:%d", query, page, pageSize)
 
-	// 尝试从缓存获取
 	if cached, ok := searchCache.Get(cacheKey); ok {
 		return cached.(*SearchResult), nil
 	}
 
-	// 判断是否是用户/仓库格式的搜索
 	isUserRepo := strings.Contains(query, "/")
 	var namespace, repoName string
 
@@ -235,20 +255,17 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 		}
 	}
 
-	// 构建搜索URL
 	baseURL := "https://registry.hub.docker.com/v2"
 	var fullURL string
 	var params url.Values
 
 	if isUserRepo && namespace != "" {
-		// 如果是用户/仓库格式，使用repositories接口
 		fullURL = fmt.Sprintf("%s/repositories/%s/", baseURL, namespace)
 		params = url.Values{
 			"page":      {fmt.Sprintf("%d", page)},
 			"page_size": {fmt.Sprintf("%d", pageSize)},
 		}
 	} else {
-		// 普通搜索
 		fullURL = baseURL + "/search/repositories/"
 		params = url.Values{
 			"query":     {query},
@@ -259,16 +276,11 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 
 	fullURL = fullURL + "?" + params.Encode()
 
-	// 使用统一的搜索HTTP客户端
+	resp, err := utils.GetSearchHTTPClient().Get(fullURL)
-	resp, err := GetSearchHTTPClient().Get(fullURL)
 	if err != nil {
 		return nil, fmt.Errorf("请求Docker Hub API失败: %v", err)
 	}
-	defer func() {
+	defer safeCloseResponseBody(resp.Body, "搜索响应体")
-		if err := resp.Body.Close(); err != nil {
-			fmt.Printf("关闭搜索响应体失败: %v\n", err)
-		}
-	}()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
@@ -281,8 +293,7 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 			return nil, fmt.Errorf("请求过于频繁，请稍后重试")
 		case http.StatusNotFound:
 			if isUserRepo && namespace != "" {
-				// 如果用户仓库搜索失败，尝试普通搜索
+				return searchDockerHubWithDepth(ctx, repoName, page, pageSize, depth+1)
-				return searchDockerHub(ctx, repoName, page, pageSize)
 			}
 			return nil, fmt.Errorf("未找到相关镜像")
 		case http.StatusBadGateway, http.StatusServiceUnavailable:
@@ -292,10 +303,8 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 		}
 	}
 
-	// 解析响应
 	var result *SearchResult
 	if isUserRepo && namespace != "" {
-		// 解析用户仓库列表响应
 		var userRepos struct {
 			Count    int          `json:"count"`
 			Next     string       `json:"next"`
@@ -306,7 +315,6 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 			return nil, fmt.Errorf("解析响应失败: %v", err)
 		}
 
-		// 转换为SearchResult格式
 		result = &SearchResult{
 			Count:    userRepos.Count,
 			Next:     userRepos.Next,
@@ -314,52 +322,29 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 			Results:  make([]Repository, 0),
 		}
 
-		// 处理结果
 		for _, repo := range userRepos.Results {
-			// 如果指定了仓库名，只保留匹配的结果
 			if repoName == "" || strings.Contains(strings.ToLower(repo.Name), strings.ToLower(repoName)) {
-				// 确保设置正确的命名空间和名称
 				repo.Namespace = namespace
-				if !strings.Contains(repo.Name, "/") {
+				normalizeRepository(&repo)
-					repo.Name = fmt.Sprintf("%s/%s", namespace, repo.Name)
-				}
 				result.Results = append(result.Results, repo)
 			}
 		}
 
-		// 如果没有找到结果，尝试普通搜索
 		if len(result.Results) == 0 {
-			return searchDockerHub(ctx, repoName, page, pageSize)
+			return searchDockerHubWithDepth(ctx, repoName, page, pageSize, depth+1)
 		}
 
 		result.Count = len(result.Results)
 	} else {
-		// 解析普通搜索响应
 		result = &SearchResult{}
 		if err := json.Unmarshal(body, &result); err != nil {
 			return nil, fmt.Errorf("解析响应失败: %v", err)
 		}
 
-		// 处理搜索结果
 		for i := range result.Results {
-			if result.Results[i].IsOfficial {
+			normalizeRepository(&result.Results[i])
-				if !strings.Contains(result.Results[i].Name, "/") {
-					result.Results[i].Name = "library/" + result.Results[i].Name
-				}
-				result.Results[i].Namespace = "library"
-			} else {
-				parts := strings.Split(result.Results[i].Name, "/")
-				if len(parts) > 1 {
-					result.Results[i].Namespace = parts[0]
-					result.Results[i].Name = parts[1]
-				} else if result.Results[i].RepoOwner != "" {
-					result.Results[i].Namespace = result.Results[i].RepoOwner
-					result.Results[i].Name = fmt.Sprintf("%s/%s", result.Results[i].RepoOwner, result.Results[i].Name)
-				}
-			}
 		}
 
-		// 如果是用户/仓库搜索，过滤结果
 		if isUserRepo && namespace != "" {
 			filteredResults := make([]Repository, 0)
 			for _, repo := range result.Results {
@@ -372,22 +357,19 @@ func searchDockerHub(ctx context.Context, query string, page, pageSize int) (*Se
 		}
 	}
 
-	// 缓存结果
 	searchCache.Set(cacheKey, result)
 	return result, nil
 }
 
-// 判断错误是否可重试
 func isRetryableError(err error) bool {
 	if err == nil {
 		return false
 	}
 
-	// 网络错误、超时等可以重试
 	if strings.Contains(err.Error(), "timeout") ||
-	   strings.Contains(err.Error(), "connection refused") ||
+		strings.Contains(err.Error(), "connection refused") ||
-	   strings.Contains(err.Error(), "no such host") ||
+		strings.Contains(err.Error(), "no such host") ||
-	   strings.Contains(err.Error(), "too many requests") {
+		strings.Contains(err.Error(), "too many requests") {
 		return true
 	}
 
@@ -395,106 +377,183 @@ func isRetryableError(err error) bool {
 }
 
 // getRepositoryTags 获取仓库标签信息
-func getRepositoryTags(ctx context.Context, namespace, name string) ([]TagInfo, error) {
+func getRepositoryTags(ctx context.Context, namespace, name string, page, pageSize int) ([]TagInfo, bool, error) {
 	if namespace == "" || name == "" {
-		return nil, fmt.Errorf("无效输入：命名空间和名称不能为空")
+		return nil, false, fmt.Errorf("无效输入：命名空间和名称不能为空")
 	}
 
-	cacheKey := fmt.Sprintf("tags:%s:%s", namespace, name)
+	if page <= 0 {
+		page = 1
+	}
+	if pageSize <= 0 || pageSize > 100 {
+		pageSize = 100
+	}
+
+	cacheKey := fmt.Sprintf("tags:%s:%s:page_%d", namespace, name, page)
 	if cached, ok := searchCache.Get(cacheKey); ok {
-		return cached.([]TagInfo), nil
+		result := cached.(TagPageResult)
+		return result.Tags, result.HasMore, nil
 	}
 
-	// 构建API URL
 	baseURL := fmt.Sprintf("https://registry.hub.docker.com/v2/repositories/%s/%s/tags", namespace, name)
 	params := url.Values{}
-	params.Set("page_size", "100")
+	params.Set("page", fmt.Sprintf("%d", page))
+	params.Set("page_size", fmt.Sprintf("%d", pageSize))
 	params.Set("ordering", "last_updated")
 
 	fullURL := baseURL + "?" + params.Encode()
 
-	// 使用统一的搜索HTTP客户端
+	pageResult, err := fetchTagPage(ctx, fullURL, 3)
-	resp, err := GetSearchHTTPClient().Get(fullURL)
 	if err != nil {
-		return nil, fmt.Errorf("发送请求失败: %v", err)
+		return nil, false, fmt.Errorf("获取标签失败: %v", err)
 	}
-	defer func() {
+
-		if err := resp.Body.Close(); err != nil {
+	hasMore := pageResult.Next != ""
-			fmt.Printf("关闭搜索响应体失败: %v\n", err)
+
+	result := TagPageResult{Tags: pageResult.Results, HasMore: hasMore}
+	searchCache.SetWithTTL(cacheKey, result, 30*time.Minute)
+
+	return pageResult.Results, hasMore, nil
+}
+
+func fetchTagPage(ctx context.Context, url string, maxRetries int) (*struct {
+	Count    int       `json:"count"`
+	Next     string    `json:"next"`
+	Previous string    `json:"previous"`
+	Results  []TagInfo `json:"results"`
+}, error) {
+	var lastErr error
+
+	for retry := 0; retry < maxRetries; retry++ {
+		if retry > 0 {
+			time.Sleep(time.Duration(retry) * 500 * time.Millisecond)
 		}
-	}()
 
-	// 读取响应体
+		resp, err := utils.GetSearchHTTPClient().Get(url)
-	body, err := io.ReadAll(resp.Body)
+		if err != nil {
-	if err != nil {
+			lastErr = err
-		return nil, fmt.Errorf("读取响应失败: %v", err)
+			if isRetryableError(err) && retry < maxRetries-1 {
+				continue
+			}
+			return nil, fmt.Errorf("发送请求失败: %v", err)
+		}
+
+		body, err := func() ([]byte, error) {
+			defer safeCloseResponseBody(resp.Body, "标签响应体")
+			return io.ReadAll(resp.Body)
+		}()
+
+		if err != nil {
+			lastErr = err
+			if retry < maxRetries-1 {
+				continue
+			}
+			return nil, fmt.Errorf("读取响应失败: %v", err)
+		}
+
+		if resp.StatusCode != http.StatusOK {
+			lastErr = fmt.Errorf("状态码=%d, 响应=%s", resp.StatusCode, string(body))
+			if resp.StatusCode >= 400 && resp.StatusCode < 500 && resp.StatusCode != 429 {
+				return nil, fmt.Errorf("请求失败: %v", lastErr)
+			}
+			if retry < maxRetries-1 {
+				continue
+			}
+			return nil, fmt.Errorf("请求失败: %v", lastErr)
+		}
+
+		var result struct {
+			Count    int       `json:"count"`
+			Next     string    `json:"next"`
+			Previous string    `json:"previous"`
+			Results  []TagInfo `json:"results"`
+		}
+		if err := json.Unmarshal(body, &result); err != nil {
+			lastErr = err
+			if retry < maxRetries-1 {
+				continue
+			}
+			return nil, fmt.Errorf("解析响应失败: %v", err)
+		}
+
+		return &result, nil
 	}
 
-	// 检查响应状态码
+	return nil, lastErr
-	if resp.StatusCode != http.StatusOK {
+}
-		return nil, fmt.Errorf("请求失败: 状态码=%d, 响应=%s", resp.StatusCode, string(body))
+
+func parsePaginationParams(c *gin.Context, defaultPageSize int) (page, pageSize int) {
+	page = 1
+	pageSize = defaultPageSize
+
+	if p := c.Query("page"); p != "" {
+		fmt.Sscanf(p, "%d", &page)
+	}
+	if ps := c.Query("page_size"); ps != "" {
+		fmt.Sscanf(ps, "%d", &pageSize)
 	}
 
-	// 解析响应
+	return page, pageSize
-	var result struct {
+}
-		Count    int       `json:"count"`
-		Next     string    `json:"next"`
-		Previous string    `json:"previous"`
-		Results  []TagInfo `json:"results"`
-	}
-	if err := json.Unmarshal(body, &result); err != nil {
-		return nil, fmt.Errorf("解析响应失败: %v", err)
-	}
 
-	// 缓存结果
+func safeCloseResponseBody(body io.ReadCloser, context string) {
-	searchCache.Set(cacheKey, result.Results)
+	if body != nil {
-	return result.Results, nil
+		if err := body.Close(); err != nil {
+			fmt.Printf("关闭%s失败: %v\n", context, err)
+		}
+	}
+}
+
+func sendErrorResponse(c *gin.Context, message string) {
+	c.JSON(http.StatusBadRequest, gin.H{"error": message})
 }
 
 // RegisterSearchRoute 注册搜索相关路由
 func RegisterSearchRoute(r *gin.Engine) {
-	// 搜索镜像
 	r.GET("/search", func(c *gin.Context) {
 		query := c.Query("q")
 		if query == "" {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "搜索关键词不能为空"})
+			sendErrorResponse(c, "搜索关键词不能为空")
 			return
 		}
 
-		page := 1
+		page, pageSize := parsePaginationParams(c, 25)
-		pageSize := 25
-		if p := c.Query("page"); p != "" {
-			fmt.Sscanf(p, "%d", &page)
-		}
-		if ps := c.Query("page_size"); ps != "" {
-			fmt.Sscanf(ps, "%d", &pageSize)
-		}
 
 		result, err := searchDockerHub(c.Request.Context(), query, page, pageSize)
 		if err != nil {
-			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			sendErrorResponse(c, err.Error())
 			return
 		}
 
 		c.JSON(http.StatusOK, result)
 	})
 
-	// 获取标签信息
 	r.GET("/tags/:namespace/:name", func(c *gin.Context) {
 		namespace := c.Param("namespace")
 		name := c.Param("name")
 
 		if namespace == "" || name == "" {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "命名空间和名称不能为空"})
+			sendErrorResponse(c, "命名空间和名称不能为空")
 			return
 		}
 
-		tags, err := getRepositoryTags(c.Request.Context(), namespace, name)
+		page, pageSize := parsePaginationParams(c, 100)
+
+		tags, hasMore, err := getRepositoryTags(c.Request.Context(), namespace, name, page, pageSize)
 		if err != nil {
-			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			sendErrorResponse(c, err.Error())
 			return
 		}
 
-		c.JSON(http.StatusOK, tags)
+		if c.Query("page") != "" || c.Query("page_size") != "" {
+			c.JSON(http.StatusOK, gin.H{
+				"tags":      tags,
+				"has_more":  hasMore,
+				"page":      page,
+				"page_size": pageSize,
+			})
+		} else {
+			c.JSON(http.StatusOK, tags)
+		}
 	})
 }

src/http_client.go

@@ -1,113 +0,0 @@
-package main
-
-import (
-	"context"
-	"log"
-	"net"
-	"net/http"
-	"net/url"
-	"time"
-
-	"golang.org/x/net/proxy"
-)
-
-var (
-	// 全局HTTP客户端 - 用于代理请求（长超时）
-	globalHTTPClient *http.Client
-	// 搜索HTTP客户端 - 用于API请求（短超时） 
-	searchHTTPClient *http.Client
-)
-
-// initHTTPClients 初始化HTTP客户端
-func initHTTPClients() {
-	cfg := GetConfig()
-	
-	// 创建DialContext函数，支持SOCKS5代理
-	createDialContext := func(timeout time.Duration) func(ctx context.Context, network, addr string) (net.Conn, error) {
-		if cfg.Proxy.Socks5 == "" {
-			// 没有配置代理，使用直连
-			dialer := &net.Dialer{
-				Timeout:   timeout,
-				KeepAlive: 30 * time.Second,
-			}
-			return dialer.DialContext
-		}
-		
-		// 解析SOCKS5代理URL
-		proxyURL, err := url.Parse(cfg.Proxy.Socks5)
-		if err != nil {
-			log.Printf("SOCKS5代理配置错误，使用直连: %v", err)
-			dialer := &net.Dialer{
-				Timeout:   timeout,
-				KeepAlive: 30 * time.Second,
-			}
-			return dialer.DialContext
-		}
-		
-		// 创建基础dialer
-		baseDialer := &net.Dialer{
-			Timeout:   timeout,
-			KeepAlive: 30 * time.Second,
-		}
-		
-		// 创建SOCKS5代理dialer
-		var auth *proxy.Auth
-		if proxyURL.User != nil {
-			if password, ok := proxyURL.User.Password(); ok {
-				auth = &proxy.Auth{
-					User:     proxyURL.User.Username(),
-					Password: password,
-				}
-			}
-		}
-		
-		socks5Dialer, err := proxy.SOCKS5("tcp", proxyURL.Host, auth, baseDialer)
-		if err != nil {
-			log.Printf("创建SOCKS5代理失败，使用直连: %v", err)
-			return baseDialer.DialContext
-		}
-		
-		log.Printf("使用SOCKS5代理: %s", proxyURL.Host)
-		
-		// 返回带上下文的dial函数
-		return func(ctx context.Context, network, addr string) (net.Conn, error) {
-			return socks5Dialer.Dial(network, addr)
-		}
-	}
-	
-	// 代理客户端配置 - 适用于大文件传输
-	globalHTTPClient = &http.Client{
-		Transport: &http.Transport{
-			DialContext:           createDialContext(30 * time.Second),
-			MaxIdleConns:          1000,
-			MaxIdleConnsPerHost:   1000,
-			IdleConnTimeout:       90 * time.Second,
-			TLSHandshakeTimeout:   10 * time.Second,
-			ExpectContinueTimeout: 1 * time.Second,
-			ResponseHeaderTimeout: 300 * time.Second,
-		},
-	}
-	
-	// 搜索客户端配置 - 适用于API调用
-	searchHTTPClient = &http.Client{
-		Timeout: 10 * time.Second,
-		Transport: &http.Transport{
-			DialContext:         createDialContext(5 * time.Second),
-			MaxIdleConns:        100,
-			MaxIdleConnsPerHost: 10,
-			IdleConnTimeout:     90 * time.Second,
-			TLSHandshakeTimeout: 5 * time.Second,
-			DisableCompression:  false,
-		},
-	}
-}
-
-// GetGlobalHTTPClient 获取全局HTTP客户端（用于代理）
-func GetGlobalHTTPClient() *http.Client {
-	return globalHTTPClient
-}
-
-// GetSearchHTTPClient 获取搜索HTTP客户端（用于API调用）
-func GetSearchHTTPClient() *http.Client {
-	return searchHTTPClient
-} 

src/main.go

@@ -3,15 +3,17 @@ package main
 import (
 	"embed"
 	"fmt"
-	"io"
 	"log"
 	"net/http"
-	"regexp"
-	"strconv"
 	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
+	"hubproxy/config"
+	"hubproxy/handlers"
+	"hubproxy/utils"
 )
 
 //go:embed public/*
@@ -32,19 +34,7 @@ func serveEmbedFile(c *gin.Context, filename string) {
 }
 
 var (
-	exps = []*regexp.Regexp{
+	globalLimiter *utils.IPRateLimiter
-		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:releases|archive)/.*$`),
-		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:blob|raw)/.*$`),
-		regexp.MustCompile(`^(?:https?://)?github\.com/([^/]+)/([^/]+)/(?:info|git-).*$`),
-		regexp.MustCompile(`^(?:https?://)?raw\.github(?:usercontent|)\.com/([^/]+)/([^/]+)/.+?/.+$`),
-		regexp.MustCompile(`^(?:https?://)?gist\.github(?:usercontent|)\.com/([^/]+)/.+?/.+`),
-		regexp.MustCompile(`^(?:https?://)?api\.github\.com/repos/([^/]+)/([^/]+)/.*`),
-		regexp.MustCompile(`^(?:https?://)?huggingface\.co(?:/spaces)?/([^/]+)/(.+)$`),
-		regexp.MustCompile(`^(?:https?://)?cdn-lfs\.hf\.co(?:/spaces)?/([^/]+)/([^/]+)(?:/(.*))?$`),
-		regexp.MustCompile(`^(?:https?://)?download\.docker\.com/([^/]+)/.*\.(tgz|zip)$`),
-		regexp.MustCompile(`^(?:https?://)?(github|opengraph)\.githubassets\.com/([^/]+)/.+?$`),
-	}
-	globalLimiter *IPRateLimiter
 
 	// 服务启动时间
 	serviceStartTime = time.Now()
@@ -52,25 +42,25 @@ var (
 
 func main() {
 	// 加载配置
-	if err := LoadConfig(); err != nil {
+	if err := config.LoadConfig(); err != nil {
 		fmt.Printf("配置加载失败: %v\n", err)
 		return
 	}
 
 	// 初始化HTTP客户端
-	initHTTPClients()
+	utils.InitHTTPClients()
 
 	// 初始化限流器
-	initLimiter()
+	globalLimiter = utils.InitGlobalLimiter()
 
 	// 初始化Docker流式代理
-	initDockerProxy()
+	handlers.InitDockerProxy()
 
 	// 初始化镜像流式下载器
-	initImageStreamer()
+	handlers.InitImageStreamer()
 
 	// 初始化防抖器
-	initDebouncer()
+	handlers.InitDebouncer()
 
 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
@@ -84,14 +74,14 @@ func main() {
 		})
 	}))
 
-	// 全局限流中间件 - 应用到所有路由
+	// 全局限流中间件
-	router.Use(RateLimitMiddleware(globalLimiter))
+	router.Use(utils.RateLimitMiddleware(globalLimiter))
 
 	// 初始化监控端点
 	initHealthRoutes(router)
 
 	// 初始化镜像tar下载路由
-	initImageTarRoutes(router)
+	handlers.InitImageTarRoutes(router)
 
 	// 静态文件路由
 	router.GET("/", func(c *gin.Context) {
@@ -113,270 +103,88 @@ func main() {
 	})
 
 	// 注册dockerhub搜索路由
-	RegisterSearchRoute(router)
+	handlers.RegisterSearchRoute(router)
 
-	// 注册Docker认证路由（/token*）
+	// 注册Docker认证路由
-	router.Any("/token", ProxyDockerAuthGin)
+	router.Any("/token", handlers.ProxyDockerAuthGin)
-	router.Any("/token/*path", ProxyDockerAuthGin)
+	router.Any("/token/*path", handlers.ProxyDockerAuthGin)
 
 	// 注册Docker Registry代理路由
-	router.Any("/v2/*path", ProxyDockerRegistryGin)
+	router.Any("/v2/*path", handlers.ProxyDockerRegistryGin)
 
+	// 注册GitHub代理路由（NoRoute处理器）
+	router.NoRoute(handlers.GitHubProxyHandler)
 
-	// 注册NoRoute处理器
+	cfg := config.GetConfig()
-	router.NoRoute(handler)
+	fmt.Printf("HubProxy 启动成功\n")
+	fmt.Printf("监听地址: %s:%d\n", cfg.Server.Host, cfg.Server.Port)
+	fmt.Printf("限流配置: %d请求/%g小时\n", cfg.RateLimit.RequestLimit, cfg.RateLimit.PeriodHours)
 
-	cfg := GetConfig()
+	// 显示HTTP/2支持状态
-	fmt.Printf("🚀 HubProxy 启动成功\n")
+	if cfg.Server.EnableH2C {
-	fmt.Printf("📡 监听地址: %s:%d\n", cfg.Server.Host, cfg.Server.Port)
+		fmt.Printf("H2c: 已启用\n")
-	fmt.Printf("⚡ 限流配置: %d请求/%g小时\n", cfg.RateLimit.RequestLimit, cfg.RateLimit.PeriodHours)
+	}
-	fmt.Printf("🔗 项目地址: https://github.com/sky22333/hubproxy\n")
 
-	err := router.Run(fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port))
+	fmt.Printf("版本号: v1.2.1\n")
+	fmt.Printf("项目地址: https://github.com/sky22333/hubproxy\n")
+
+	// 创建HTTP2服务器
+	server := &http.Server{
+		Addr:         fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port),
+		ReadTimeout:  60 * time.Second,
+		WriteTimeout: 30 * time.Minute,
+		IdleTimeout:  120 * time.Second,
+	}
+
+	// 根据配置决定是否启用H2C
+	if cfg.Server.EnableH2C {
+		h2cHandler := h2c.NewHandler(router, &http2.Server{
+			MaxConcurrentStreams:         250,
+			IdleTimeout:                  300 * time.Second,
+			MaxReadFrameSize:             4 << 20,
+			MaxUploadBufferPerConnection: 8 << 20,
+			MaxUploadBufferPerStream:     2 << 20,
+		})
+		server.Handler = h2cHandler
+	} else {
+		server.Handler = router
+	}
+
+	err := server.ListenAndServe()
 	if err != nil {
 		fmt.Printf("启动服务失败: %v\n", err)
 	}
 }
 
-func handler(c *gin.Context) {
+// 简单的健康检查
-	rawPath := strings.TrimPrefix(c.Request.URL.RequestURI(), "/")
+func formatDuration(d time.Duration) string {
-
+	if d < time.Minute {
-	for strings.HasPrefix(rawPath, "/") {
+		return fmt.Sprintf("%d秒", int(d.Seconds()))
-		rawPath = strings.TrimPrefix(rawPath, "/")
+	} else if d < time.Hour {
-	}
+		return fmt.Sprintf("%d分钟%d秒", int(d.Minutes()), int(d.Seconds())%60)
-
+	} else if d < 24*time.Hour {
-	if !strings.HasPrefix(rawPath, "http") {
+		return fmt.Sprintf("%d小时%d分钟", int(d.Hours()), int(d.Minutes())%60)
-		c.String(http.StatusForbidden, "无效输入")
-		return
-	}
-
-	matches := checkURL(rawPath)
-	if matches != nil {
-		// GitHub仓库访问控制检查
-		if allowed, reason := GlobalAccessController.CheckGitHubAccess(matches); !allowed {
-			// 构建仓库名用于日志
-			var repoPath string
-			if len(matches) >= 2 {
-				username := matches[0]
-				repoName := strings.TrimSuffix(matches[1], ".git")
-				repoPath = username + "/" + repoName
-			}
-			fmt.Printf("GitHub仓库 %s 访问被拒绝: %s\n", repoPath, reason)
-			c.String(http.StatusForbidden, reason)
-			return
-		}
 	} else {
-		c.String(http.StatusForbidden, "无效输入")
+		days := int(d.Hours()) / 24
-		return
+		hours := int(d.Hours()) % 24
-	}
+		return fmt.Sprintf("%d天%d小时", days, hours)
-
-	if exps[1].MatchString(rawPath) {
-		rawPath = strings.Replace(rawPath, "/blob/", "/raw/", 1)
-	}
-
-	proxyRequest(c, rawPath)
-}
-
-
-func proxyRequest(c *gin.Context, u string) {
-	proxyWithRedirect(c, u, 0)
-}
-
-
-func proxyWithRedirect(c *gin.Context, u string, redirectCount int) {
-	// 限制最大重定向次数，防止无限递归
-	const maxRedirects = 20
-	if redirectCount > maxRedirects {
-		c.String(http.StatusLoopDetected, "重定向次数过多，可能存在循环重定向")
-		return
-	}
-	req, err := http.NewRequest(c.Request.Method, u, c.Request.Body)
-	if err != nil {
-		c.String(http.StatusInternalServerError, fmt.Sprintf("server error %v", err))
-		return
-	}
-
-	for key, values := range c.Request.Header {
-		for _, value := range values {
-			req.Header.Add(key, value)
-		}
-	}
-	req.Header.Del("Host")
-
-	resp, err := GetGlobalHTTPClient().Do(req)
-	if err != nil {
-		c.String(http.StatusInternalServerError, fmt.Sprintf("server error %v", err))
-		return
-	}
-	defer func() {
-		if err := resp.Body.Close(); err != nil {
-			fmt.Printf("关闭响应体失败: %v\n", err)
-		}
-	}()
-
-	// 检查文件大小限制
-	cfg := GetConfig()
-	if contentLength := resp.Header.Get("Content-Length"); contentLength != "" {
-		if size, err := strconv.ParseInt(contentLength, 10, 64); err == nil && size > cfg.Server.FileSize {
-			c.String(http.StatusRequestEntityTooLarge, 
-				fmt.Sprintf("文件过大，限制大小: %d MB", cfg.Server.FileSize/(1024*1024)))
-			return
-		}
-	}
-
-	// 清理安全相关的头
-	resp.Header.Del("Content-Security-Policy")
-	resp.Header.Del("Referrer-Policy")
-	resp.Header.Del("Strict-Transport-Security")
-	
-	// 获取真实域名
-	realHost := c.Request.Header.Get("X-Forwarded-Host")
-	if realHost == "" {
-		realHost = c.Request.Host
-	}
-	// 如果域名中没有协议前缀，添加https://
-	if !strings.HasPrefix(realHost, "http://") && !strings.HasPrefix(realHost, "https://") {
-		realHost = "https://" + realHost
-	}
-
-	if strings.HasSuffix(strings.ToLower(u), ".sh") {
-		isGzipCompressed := resp.Header.Get("Content-Encoding") == "gzip"
-		
-		processedBody, processedSize, err := ProcessSmart(resp.Body, isGzipCompressed, realHost)
-		if err != nil {
-			fmt.Printf("智能处理失败，回退到直接代理: %v\n", err)
-			processedBody = resp.Body
-			processedSize = 0
-		}
-
-		// 智能设置响应头
-		if processedSize > 0 {
-			resp.Header.Del("Content-Length")
-			resp.Header.Del("Content-Encoding")
-			resp.Header.Set("Transfer-Encoding", "chunked")
-		}
-
-		// 复制其他响应头
-		for key, values := range resp.Header {
-			for _, value := range values {
-				c.Header(key, value)
-			}
-		}
-
-		if location := resp.Header.Get("Location"); location != "" {
-			if checkURL(location) != nil {
-				c.Header("Location", "/"+location)
-			} else {
-				proxyWithRedirect(c, location, redirectCount+1)
-				return
-			}
-		}
-
-		c.Status(resp.StatusCode)
-
-		// 输出处理后的内容
-		if _, err := io.Copy(c.Writer, processedBody); err != nil {
-			return
-		}
-	} else {
-		for key, values := range resp.Header {
-			for _, value := range values {
-				c.Header(key, value)
-			}
-		}
-
-		// 处理重定向
-		if location := resp.Header.Get("Location"); location != "" {
-			if checkURL(location) != nil {
-				c.Header("Location", "/"+location)
-			} else {
-				proxyWithRedirect(c, location, redirectCount+1)
-				return
-			}
-		}
-
-		c.Status(resp.StatusCode)
-
-		// 直接流式转发
-		io.Copy(c.Writer, resp.Body)
 	}
 }
 
-func checkURL(u string) []string {
+func getUptimeInfo() (time.Duration, float64, string) {
-	for _, exp := range exps {
+	uptime := time.Since(serviceStartTime)
-		if matches := exp.FindStringSubmatch(u); matches != nil {
+	return uptime, uptime.Seconds(), formatDuration(uptime)
-			return matches[1:]
-		}
-	}
-	return nil
 }
 
-// 初始化健康监控路由
 func initHealthRoutes(router *gin.Engine) {
-	// 健康检查端点
-	router.GET("/health", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{
-			"status":    "healthy",
-			"timestamp": time.Now().Unix(),
-			"uptime":    time.Since(serviceStartTime).Seconds(),
-			"service":   "hubproxy",
-		})
-	})
-	
-	// 就绪检查端点
 	router.GET("/ready", func(c *gin.Context) {
-		checks := make(map[string]string)
+		_, uptimeSec, uptimeHuman := getUptimeInfo()
-		allReady := true
+		c.JSON(http.StatusOK, gin.H{
-		
+			"ready":           true,
-		if GetConfig() != nil {
+			"service":         "hubproxy",
-			checks["config"] = "ok"
+			"start_time_unix": serviceStartTime.Unix(),
-		} else {
+			"uptime_sec":      uptimeSec,
-			checks["config"] = "failed"
+			"uptime_human":    uptimeHuman,
-			allReady = false
-		}
-		
-		// 检查全局缓存状态
-		if globalCache != nil {
-			checks["cache"] = "ok"
-		} else {
-			checks["cache"] = "failed"
-			allReady = false
-		}
-		
-		// 检查限流器状态
-		if globalLimiter != nil {
-			checks["ratelimiter"] = "ok"
-		} else {
-			checks["ratelimiter"] = "failed"
-			allReady = false
-		}
-		
-		// 检查镜像下载器状态
-		if globalImageStreamer != nil {
-			checks["imagestreamer"] = "ok"
-		} else {
-			checks["imagestreamer"] = "failed"
-			allReady = false
-		}
-		
-		// 检查HTTP客户端状态
-		if GetGlobalHTTPClient() != nil {
-			checks["httpclient"] = "ok"
-		} else {
-			checks["httpclient"] = "failed"
-			allReady = false
-		}
-		
-		status := http.StatusOK
-		if !allReady {
-			status = http.StatusServiceUnavailable
-		}
-		
-		c.JSON(status, gin.H{
-			"ready":     allReady,
-			"checks":    checks,
-			"timestamp": time.Now().Unix(),
-			"uptime":    time.Since(serviceStartTime).Seconds(),
 		})
 	})
 }

src/proxysh.go

@@ -1,95 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"regexp"
-	"strings"
-)
-
-// GitHub URL正则表达式
-var githubRegex = regexp.MustCompile(`https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'"]+`)
-
-// ProcessSmart Shell脚本智能处理函数
-func ProcessSmart(input io.ReadCloser, isCompressed bool, host string) (io.Reader, int64, error) {
-	defer input.Close()
-	
-	content, err := readShellContent(input, isCompressed)
-	if err != nil {
-		return nil, 0, fmt.Errorf("内容读取失败: %v", err)
-	}
-	
-	if len(content) == 0 {
-		return strings.NewReader(""), 0, nil
-	}
-	
-	if len(content) > 10*1024*1024 {
-		return strings.NewReader(content), int64(len(content)), nil
-	}
-	
-	if !strings.Contains(content, "github.com") && !strings.Contains(content, "githubusercontent.com") {
-		return strings.NewReader(content), int64(len(content)), nil
-	}
-	
-	processed := processGitHubURLs(content, host)
-	
-	return strings.NewReader(processed), int64(len(processed)), nil
-}
-
-func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
-	var reader io.Reader = input
-	
-	// 处理gzip压缩
-	if isCompressed {
-		peek := make([]byte, 2)
-		n, err := input.Read(peek)
-		if err != nil && err != io.EOF {
-			return "", fmt.Errorf("读取数据失败: %v", err)
-		}
-		
-		if n >= 2 && peek[0] == 0x1f && peek[1] == 0x8b {
-			combinedReader := io.MultiReader(bytes.NewReader(peek[:n]), input)
-			gzReader, err := gzip.NewReader(combinedReader)
-			if err != nil {
-				return "", fmt.Errorf("gzip解压失败: %v", err)
-			}
-			defer gzReader.Close()
-			reader = gzReader
-		} else {
-			reader = io.MultiReader(bytes.NewReader(peek[:n]), input)
-		}
-	}
-	
-	data, err := io.ReadAll(reader)
-	if err != nil {
-		return "", fmt.Errorf("读取内容失败: %v", err)
-	}
-	
-	return string(data), nil
-}
-
-func processGitHubURLs(content, host string) string {
-	return githubRegex.ReplaceAllStringFunc(content, func(url string) string {
-		return transformURL(url, host)
-	})
-}
-
-// transformURL URL转换函数
-func transformURL(url, host string) string {
-	if strings.Contains(url, host) {
-		return url
-	}
-	
-	if strings.HasPrefix(url, "http://") {
-		url = "https" + url[4:]
-	} else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
-		url = "https://" + url
-	}
-	cleanHost := strings.TrimPrefix(host, "https://")
-	cleanHost = strings.TrimPrefix(cleanHost, "http://")
-	cleanHost = strings.TrimSuffix(cleanHost, "/")
-	
-	return cleanHost + "/" + url
-}

src/public/images.html

@@ -1,13 +1,13 @@
 <!DOCTYPE html>
-<html lang="zh">
+<html lang="zh-CN">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="Docker镜像流式下载工具,即点即下,无需等待">
+    <meta name="description" content="Docker镜像流式下载工具、即点即下无需等待">
-    <meta name="keywords" content="Docker,镜像下载,流式下载,即时下载">
+    <meta name="keywords" content="Docker镜像下载、流式下载、即时下载">
     <meta name="color-scheme" content="dark light">
     <title>Docker离线镜像下载</title>
-    <link rel="icon" href="./favicon.ico">
+    <link rel="icon" href="/favicon.ico">
     <style>
         :root {
             --background: #ffffff;
@@ -581,7 +581,7 @@
                     </div>
                     <div class="feature">
                         <span class="feature-icon">💾</span>
-                        <span>无需打包</span>
+                        <span>无需等待</span>
                     </div>
                     <div class="feature">
                         <span class="feature-icon">🏗️</span>
@@ -642,7 +642,7 @@
                 
                 <form id="batchForm">
                     <div class="form-group">
-                        <label class="form-label" for="imagesTextarea">镜像列表，每行一个，会将多个镜像自动合并，符合官方标准，完全兼容docker load</label>
+                        <label class="form-label" for="imagesTextarea">镜像列表，每行一个，会将多个镜像自动合并，符合官方标准，兼容docker load</label>
                         <textarea 
                             id="imagesTextarea" 
                             class="textarea" 

src/public/index.html

@@ -1,14 +1,13 @@
 <!DOCTYPE html>
-<html lang="zh">
+<html lang="zh-CN">
-
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="Github文件加速,docker镜像加速">
+    <meta name="description" content="Github文件加速、docker镜像加速">
-    <meta name="keywords" content="Github,文件加速,ghproxy,docker镜像加速">
+    <meta name="keywords" content="Github、文件加速、ghproxy、docker镜像加速">
     <meta name="color-scheme" content="dark light">
-    <title>Github文件加速</title>
+    <title>Github、Docker加速</title>
-    <link rel="icon" href="./favicon.ico">
+    <link rel="icon" href="/favicon.ico">
     <style>
         :root {
             --background: #ffffff;
@@ -602,17 +601,17 @@
             <div class="hero">
                 <h1 class="hero-title">GitHub 文件加速</h1>
                 <p class="hero-subtitle">
-                    快速下载GitHub上的文件和仓库，解决国内访问GitHub速度慢的问题，支持AI模型库Hugging Face
+                    快速下载GitHub上的文件和仓库，解决国内访问GitHub速度慢的问题，支持Docker镜像加速和Hugging Face仓库。
                 </p>
             </div>
 
             <div class="card">
                 <div class="card-header">
                     <h2 class="card-title">
-                        ⚡ 快速生成加速链接
+                        ⚡ 快速转换加速链接
                     </h2>
                     <p class="card-description">
-                        输入GitHub文件或仓库链接，自动转换加速链接，可以直接在Github域名前面加上本站域名使用。
+                        输入GitHub文件链接，自动转换加速链接，可以直接在Github文件链接前加上本站域名使用。
                     </p>
                 </div>
 
@@ -622,7 +621,7 @@
                             type="text" 
                             class="input" 
                             id="githubLinkInput" 
-                            placeholder="请输入GitHub链接，例如：https://github.com/user/repo/releases/download/..."
+                            placeholder="请输入GitHub文件链接，例如：https://github.com/user/repo/releases/download/..."
                         >
                         <button class="button button-primary" id="formatButton">
                             获取加速链接
@@ -653,12 +652,12 @@
                         🐳 Docker 镜像加速
                     </h3>
                     <p class="card-description">
-                        支持多种Registry，在镜像名前添加本站域名即可加速下载。
+                        支持多种镜像仓库，在镜像名称前添加本站域名即可加速下载。
                     </p>
                 </div>
                 
                 <button class="docker-button" id="dockerButton">
-                    查看 Docker 镜像加速配置
+                    查看 Docker 镜像加速使用说明
                 </button>
             </div>
         </div>
@@ -669,23 +668,23 @@
             <button class="close-button" id="closeModal">&times;</button>
             <div class="modal-header">
                 <h2 class="modal-title">Docker 镜像加速</h2>
-                <p>支持多种Registry，在镜像名前添加本站域名即可加速下载。</p>
+                <p>支持多种镜像仓库，在镜像名称前添加本站域名即可加速下载。</p>
             </div>
             
             <div class="domain-examples">
-                <strong>Docker Hub 官方镜像：</strong>
+                <strong>Docker 官方镜像：</strong>
                 docker pull <span class="domain-base"></span>/nginx
 
-                <strong>Docker Hub 第三方镜像：</strong>
+                <strong>Docker 镜像：</strong>
                 docker pull <span class="domain-base"></span>/user/image
 
-                <strong>GitHub Container Registry：</strong>
+                <strong>ghcr.io 镜像：</strong>
                 docker pull <span class="domain-base"></span>/ghcr.io/user/image
 
-                <strong>Quay.io Registry：</strong>
+                <strong>Quay.io 镜像：</strong>
                 docker pull <span class="domain-base"></span>/quay.io/org/image
 
-                <strong>Kubernetes Registry：</strong>
+                <strong>Kubernetes 镜像：</strong>
                 docker pull <span class="domain-base"></span>/registry.k8s.io/pause:3.8
             </div>
         </div>

src/public/search.html

@@ -1,13 +1,13 @@
 <!DOCTYPE html>
-<html lang="zh">
+<html lang="zh-CN">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="description" content="Docker镜像搜索">
-    <meta name="keywords" content="Docker,镜像搜索,docker search">
+    <meta name="keywords" content="Docker、镜像搜索、docker search">
     <meta name="color-scheme" content="dark light">
     <title>Docker镜像搜索</title>
-    <link rel="icon" href="./favicon.ico">
+    <link rel="icon" href="/favicon.ico">
     <style>
         :root {
             --background: #ffffff;
@@ -778,7 +778,12 @@
             </div>
         </div>
 
-        <div class="tag-list" id="tagList"></div>
+        <div class="tag-list" id="tagList">
+            <div class="pagination" id="tagPagination" style="display: none;">
+                <button id="tagPrevPage" disabled>上一页</button>
+                <button id="tagNextPage" disabled>下一页</button>
+            </div>
+        </div>
     </div>
 
     <div id="toast"></div>
@@ -854,6 +859,10 @@
         let currentQuery = '';
         let currentRepo = null;
         
+        // 标签分页相关变量
+        let currentTagPage = 1;
+        let totalTagPages = 1;
+
         document.getElementById('searchButton').addEventListener('click', () => {
             currentPage = 1;
             performSearch();
@@ -884,6 +893,21 @@
             showSearchResults();
         });
 
+        // 使用事件委托处理分页按钮点击（避免DOM重建导致事件丢失）
+        document.addEventListener('click', (e) => {
+            if (e.target.id === 'tagPrevPage') {
+                if (currentTagPage > 1) {
+                    currentTagPage--;
+                    loadTagPage();
+                }
+            } else if (e.target.id === 'tagNextPage') {
+                if (currentTagPage < totalTagPages) {
+                    currentTagPage++;
+                    loadTagPage();
+                }
+            }
+        });
+
         function showLoading() {
             document.querySelector('.loading').style.display = 'block';
         }
@@ -901,71 +925,135 @@
             }, 3000);
         }
 
-        function updatePagination() {
+        // 统一分页更新函数（支持搜索和标签分页）
-            const prevButton = document.getElementById('prevPage');
+        function updatePagination(config = {}) {
-            const nextButton = document.getElementById('nextPage');
+            const {
+                currentPage: page = currentPage,
+                totalPages: total = totalPages,
+                prefix = ''
+            } = config;
 
-            prevButton.disabled = currentPage <= 1;
+            const prevButtonId = prefix ? `${prefix}PrevPage` : 'prevPage';
-            nextButton.disabled = currentPage >= totalPages;
+            const nextButtonId = prefix ? `${prefix}NextPage` : 'nextPage';
+            const paginationId = prefix ? `${prefix}Pagination` : '.pagination';
+
+            const prevButton = document.getElementById(prevButtonId);
+            const nextButton = document.getElementById(nextButtonId);
+            const paginationDiv = prefix ? document.getElementById(paginationId) : document.querySelector(paginationId);
+            
+            if (!prevButton || !nextButton || !paginationDiv) {
+                return; // 静默处理，避免控制台警告
+            }
+            
+            // 更新按钮状态
+            prevButton.disabled = page <= 1;
+            nextButton.disabled = page >= total;
+            
+            // 更新或创建页面信息
+            const pageInfoId = prefix ? `${prefix}PageInfo` : 'pageInfo';
+            let pageInfo = document.getElementById(pageInfoId);
             
-            const paginationDiv = document.querySelector('.pagination');
-            let pageInfo = document.getElementById('pageInfo');
             if (!pageInfo) {
-                const container = document.createElement('div');
+                pageInfo = createPageInfo(pageInfoId, prefix, total);
-                container.id = 'pageInfo';
+                paginationDiv.insertBefore(pageInfo, nextButton);
-                container.style.margin = '0 10px';
-                container.style.display = 'flex';
-                container.style.alignItems = 'center';
-                container.style.gap = '10px';
-                
-                const pageText = document.createElement('span');
-                pageText.id = 'pageText';
-                
-                const jumpInput = document.createElement('input');
-                jumpInput.type = 'number';
-                jumpInput.min = '1';
-                jumpInput.id = 'jumpPage';
-                jumpInput.style.width = '60px';
-                jumpInput.style.padding = '4px';
-                jumpInput.style.borderRadius = '4px';
-                jumpInput.style.border = '1px solid var(--border)';
-                jumpInput.style.backgroundColor = 'var(--input)';
-                jumpInput.style.color = 'var(--foreground)';
-                
-                const jumpButton = document.createElement('button');
-                jumpButton.textContent = '跳转';
-                jumpButton.className = 'btn search-button';
-                jumpButton.style.padding = '4px 8px';
-                jumpButton.onclick = () => {
-                    const page = parseInt(jumpInput.value);
-                    if (page && page >= 1 && page <= totalPages) {
-                        currentPage = page;
-                        performSearch();
-                    } else {
-                        showToast('请输入有效的页码');
-                    }
-                };
-                
-                container.appendChild(pageText);
-                container.appendChild(jumpInput);
-                container.appendChild(jumpButton);
-                
-                paginationDiv.insertBefore(container, nextButton);
-                pageInfo = container;
             }
             
-            const pageText = document.getElementById('pageText');
+            updatePageInfo(pageInfo, page, total, prefix);
-            pageText.textContent = `第 ${currentPage} / ${totalPages || 1} 页 共 ${totalPages || 1} 页`;
+            paginationDiv.style.display = total > 1 ? 'flex' : 'none';
-            
-            const jumpInput = document.getElementById('jumpPage');
-            if (jumpInput) {
-                jumpInput.max = totalPages;
-                jumpInput.value = currentPage;
-            }
-            
-            paginationDiv.style.display = totalPages > 1 ? 'flex' : 'none';
         }
 
+        // 创建页面信息元素
+        function createPageInfo(pageInfoId, prefix, total) {
+            const container = document.createElement('div');
+            container.id = pageInfoId;
+            container.style.cssText = 'margin: 0 10px; display: flex; align-items: center; gap: 10px;';
+            
+            const pageText = document.createElement('span');
+            pageText.id = prefix ? `${prefix}PageText` : 'pageText';
+            
+            const jumpInput = document.createElement('input');
+            jumpInput.type = 'number';
+            jumpInput.min = '1';
+            jumpInput.max = prefix === 'tag' ? total : Math.min(total, 100); // 搜索页面限制100页
+            jumpInput.id = prefix ? `${prefix}JumpPage` : 'jumpPage';
+            jumpInput.style.cssText = 'width: 60px; padding: 4px; border-radius: 4px; border: 1px solid var(--border); background-color: var(--input); color: var(--foreground);';
+            
+            const jumpButton = document.createElement('button');
+            jumpButton.textContent = '跳转';
+            jumpButton.className = 'btn search-button';
+            jumpButton.style.padding = '4px 8px';
+            jumpButton.onclick = () => handlePageJump(jumpInput, prefix, total);
+            
+            container.append(pageText, jumpInput, jumpButton);
+            return container;
+        }
+
+        // 更新页面信息显示
+        function updatePageInfo(pageInfo, page, total, prefix) {
+            const pageText = pageInfo.querySelector('span');
+            const jumpInput = pageInfo.querySelector('input');
+            
+            // 标签分页显示策略：根据是否确定总页数显示不同格式
+            const isTagPagination = prefix === 'tag';
+            const maxDisplayPages = isTagPagination ? total : Math.min(total, 100);
+            const pageTextContent = isTagPagination 
+                ? `第 ${page} 页` + (total > page ? ` (至少 ${total} 页)` : ` (共 ${total} 页)`)
+                : `第 ${page} / ${maxDisplayPages} 页 共 ${maxDisplayPages} 页` + (total > 100 ? ' (最多100页)' : '');
+            
+            pageText.textContent = pageTextContent;
+            jumpInput.max = maxDisplayPages;
+            jumpInput.value = page;
+        }
+
+        // 处理页面跳转
+        function handlePageJump(jumpInput, prefix, total) {
+            const inputPage = parseInt(jumpInput.value);
+            const maxPage = prefix === 'tag' ? total : Math.min(total, 100);
+            if (!inputPage || inputPage < 1 || inputPage > maxPage) {
+                const limitText = prefix === 'tag' ? '页码' : '页码 (最多100页)';
+                showToast(`请输入有效的${limitText}`);
+                return;
+            }
+            
+            if (prefix === 'tag') {
+                currentTagPage = inputPage;
+                loadTagPage();
+            } else {
+                currentPage = inputPage;
+                performSearch();
+            }
+        }
+
+        // 统一仓库信息处理
+        function parseRepositoryInfo(repo) {
+            const namespace = repo.namespace || (repo.is_official ? 'library' : '');
+            let name = repo.name || repo.repo_name || '';
+            
+            // 清理名称，确保不包含命名空间前缀
+            if (name.includes('/')) {
+                const parts = name.split('/');
+                name = parts[parts.length - 1];
+            }
+            
+            const cleanName = name.replace(/^library\//, '');
+            const fullRepoName = repo.is_official ? cleanName : `${namespace}/${cleanName}`;
+            
+            return {
+                namespace,
+                name,
+                cleanName,
+                fullRepoName
+            };
+        }
+
+        // 分页更新函数
+        const updateSearchPagination = () => updatePagination();
+        const updateTagPagination = () => updatePagination({
+            currentPage: currentTagPage,
+            totalPages: totalTagPages,
+            prefix: 'tag'
+        });
+
         function showSearchResults() {
             document.querySelector('.search-results').style.display = 'block';
             document.querySelector('.tag-list').style.display = 'none';
@@ -1006,7 +1094,7 @@
                     throw new Error(data.error || '搜索请求失败');
                 }
                 
-                totalPages = Math.ceil(data.count / 25);
+                totalPages = Math.min(Math.ceil(data.count / 25), 100);
                 updatePagination();
                 
                 displayResults(data.results, targetRepo);
@@ -1108,23 +1196,58 @@
             });
         }
 
+        // 内存管理
+        
         async function loadTags(namespace, name) {
+            currentTagPage = 1;
+            await loadTagPage(namespace, name);
+        }
+
+        async function loadTagPage(namespace = null, name = null) {
             showLoading();
             try {
-                if (!namespace || !name) {
+                // 如果传入了新的namespace和name，更新currentRepo
+                if (namespace && name) {
+                    // 清理旧数据，防止内存泄露
+                    cleanupOldTagData();
+                }
+
+                // 获取当前仓库信息
+                const repoInfo = parseRepositoryInfo(currentRepo);
+                const currentNamespace = namespace || repoInfo.namespace;
+                const currentName = name || repoInfo.name;
+                
+                // 调试日志
+                console.log(`loadTagPage: namespace=${currentNamespace}, name=${currentName}, page=${currentTagPage}`);
+                
+                if (!currentNamespace || !currentName) {
                     showToast('命名空间和镜像名称不能为空');
                     return;
                 }
 
-                const response = await fetch(`/tags/${encodeURIComponent(namespace)}/${encodeURIComponent(name)}`);
+                const response = await fetch(`/tags/${encodeURIComponent(currentNamespace)}/${encodeURIComponent(currentName)}?page=${currentTagPage}&page_size=100`);
                 if (!response.ok) {
                     const errorText = await response.text();
                     throw new Error(errorText || '获取标签信息失败');
                 }
 
                 const data = await response.json();
-                displayTags(data);
+                
-                showTagList();
+                // 改进的总页数计算：使用更准确的分页策略
+                if (data.has_more) {
+                    // 如果还有更多页面，至少有当前页+1页，但可能更多
+                    totalTagPages = Math.max(currentTagPage + 1, totalTagPages);
+                } else {
+                    // 如果没有更多页面，当前页就是最后一页
+                    totalTagPages = currentTagPage;
+                }
+                
+                displayTags(data.tags, data.has_more);
+                updateTagPagination();
+                
+                if (namespace && name) {
+                    showTagList();
+                }
             } catch (error) {
                 console.error('加载标签错误:', error);
                 showToast(error.message || '获取标签信息失败，请稍后重试');
@@ -1133,12 +1256,24 @@
             }
         }
 
-        function displayTags(tags) {
+        function cleanupOldTagData() {
+            // 清理全局变量，释放内存
+            if (window.currentPageTags) {
+                window.currentPageTags.length = 0;
+                window.currentPageTags = null;
+            }
+            
+            // 清理DOM缓存
+            const tagsContainer = document.getElementById('tagsContainer');
+            if (tagsContainer) {
+                tagsContainer.innerHTML = '';
+            }
+        }
+
+        function displayTags(tags, hasMore = false) {
             const tagList = document.getElementById('tagList');
-            const namespace = currentRepo.namespace || (currentRepo.is_official ? 'library' : '');
+            const repoInfo = parseRepositoryInfo(currentRepo);
-            const name = currentRepo.name || currentRepo.repo_name || '';
+            const { fullRepoName } = repoInfo;
-            const cleanName = name.replace(/^library\//, '');
-            const fullRepoName = currentRepo.is_official ? cleanName : `${namespace}/${cleanName}`;
             
             let header = `
                 <div class="tag-header">
@@ -1165,22 +1300,60 @@
                     <button class="tag-search-clear" onclick="clearTagSearch()">×</button>
                 </div>
                 <div id="tagsContainer"></div>
+                <div class="pagination" id="tagPagination" style="display: none;">
+                    <button id="tagPrevPage" disabled>上一页</button>
+                    <button id="tagNextPage" disabled>下一页</button>
+                </div>
             `;
 
             tagList.innerHTML = header;
             
-            window.allTags = tags;
+            // 存储当前页标签数据
+            window.currentPageTags = tags;
             renderFilteredTags(tags);
         }
 
         function renderFilteredTags(filteredTags) {
             const tagsContainer = document.getElementById('tagsContainer');
-            const namespace = currentRepo.namespace || (currentRepo.is_official ? 'library' : '');
+            const repoInfo = parseRepositoryInfo(currentRepo);
-            const name = currentRepo.name || currentRepo.repo_name || '';
+            const { fullRepoName } = repoInfo;
-            const cleanName = name.replace(/^library\//, '');
-            const fullRepoName = currentRepo.is_official ? cleanName : `${namespace}/${cleanName}`;
 
-            let tagsHtml = filteredTags.map(tag => {
+            if (filteredTags.length === 0) {
+                tagsContainer.innerHTML = '<div class="text-center" style="padding: 20px;">未找到匹配的标签</div>';
+                return;
+            }
+
+            // 渐进式渲染：分批处理大数据集
+            const BATCH_SIZE = 50;
+            
+            if (filteredTags.length <= BATCH_SIZE) {
+                // 小数据集：直接渲染
+                renderTagsBatch(filteredTags, fullRepoName, tagsContainer, true);
+            } else {
+                // 大数据集：分批渲染
+                tagsContainer.innerHTML = ''; // 清空容器
+                let currentBatch = 0;
+                
+                function renderNextBatch() {
+                    const start = currentBatch * BATCH_SIZE;
+                    const end = Math.min(start + BATCH_SIZE, filteredTags.length);
+                    const batch = filteredTags.slice(start, end);
+                    
+                    renderTagsBatch(batch, fullRepoName, tagsContainer, false);
+                    
+                    currentBatch++;
+                    if (end < filteredTags.length) {
+                        // 使用requestAnimationFrame确保UI响应性
+                        requestAnimationFrame(renderNextBatch);
+                    }
+                }
+                
+                renderNextBatch();
+            }
+        }
+
+        function renderTagsBatch(tags, fullRepoName, container, replaceContent = false) {
+            const tagsHtml = tags.map(tag => {
                 const vulnIndicators = Object.entries(tag.vulnerabilities || {})
                     .map(([level, count]) => count > 0 ? `<span class="vulnerability-dot vulnerability-${level.toLowerCase()}" title="${level}: ${count}"></span>` : '')
                     .join('');
@@ -1212,23 +1385,23 @@
                 `;
             }).join('');
 
-            if (filteredTags.length === 0) {
+            if (replaceContent) {
-                tagsHtml = '<div class="text-center" style="padding: 20px;">未找到匹配的标签</div>';
+                container.innerHTML = tagsHtml;
+            } else {
+                container.insertAdjacentHTML('beforeend', tagsHtml);
             }
-
-            tagsContainer.innerHTML = tagsHtml;
         }
 
         function filterTags(searchText) {
-            if (!window.allTags) return;
+            if (!window.currentPageTags) return;
 
             const searchLower = searchText.toLowerCase();
             let filteredTags;
 
             if (!searchText) {
-                filteredTags = window.allTags;
+                filteredTags = window.currentPageTags;
             } else {
-                const scoredTags = window.allTags.map(tag => {
+                const scoredTags = window.currentPageTags.map(tag => {
                     const name = tag.name.toLowerCase();
                     let score = 0;
 
@@ -1263,6 +1436,8 @@
             }
         }
 
+
+
         function copyToClipboard(text) {
             navigator.clipboard.writeText(text).then(() => {
                 showToast('已复制到剪贴板');

src/utils/access_control.go

@@ -1,8 +1,10 @@
-package main
+package utils
 
 import (
 	"strings"
 	"sync"
+
+	"hubproxy/config"
 )
 
 // ResourceType 资源类型
@@ -26,7 +28,7 @@ type DockerImageInfo struct {
 	FullName   string
 }
 
-// 全局访问控制器实例
+// GlobalAccessController 全局访问控制器实例
 var GlobalAccessController = &AccessController{}
 
 // ParseDockerImage 解析Docker镜像名称
@@ -79,21 +81,18 @@ func (ac *AccessController) ParseDockerImage(image string) DockerImageInfo {
 
 // CheckDockerAccess 检查Docker镜像访问权限
 func (ac *AccessController) CheckDockerAccess(image string) (allowed bool, reason string) {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 
-	// 解析镜像名称
 	imageInfo := ac.ParseDockerImage(image)
 
-	// 检查白名单（如果配置了白名单，则只允许白名单中的镜像）
+	if len(cfg.Access.WhiteList) > 0 {
-	if len(cfg.Proxy.WhiteList) > 0 {
+		if !ac.matchImageInList(imageInfo, cfg.Access.WhiteList) {
-		if !ac.matchImageInList(imageInfo, cfg.Proxy.WhiteList) {
 			return false, "不在Docker镜像白名单内"
 		}
 	}
 
-	// 检查黑名单
+	if len(cfg.Access.BlackList) > 0 {
-	if len(cfg.Proxy.BlackList) > 0 {
+		if ac.matchImageInList(imageInfo, cfg.Access.BlackList) {
-		if ac.matchImageInList(imageInfo, cfg.Proxy.BlackList) {
 			return false, "Docker镜像在黑名单内"
 		}
 	}
@@ -107,15 +106,13 @@ func (ac *AccessController) CheckGitHubAccess(matches []string) (allowed bool, r
 		return false, "无效的GitHub仓库格式"
 	}
 
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 
-	// 检查白名单
+	if len(cfg.Access.WhiteList) > 0 && !ac.checkList(matches, cfg.Access.WhiteList) {
-	if len(cfg.Proxy.WhiteList) > 0 && !ac.checkList(matches, cfg.Proxy.WhiteList) {
 		return false, "不在GitHub仓库白名单内"
 	}
 
-	// 检查黑名单
+	if len(cfg.Access.BlackList) > 0 && ac.checkList(matches, cfg.Access.BlackList) {
-	if len(cfg.Proxy.BlackList) > 0 && ac.checkList(matches, cfg.Proxy.BlackList) {
 		return false, "GitHub仓库在黑名单内"
 	}
 
@@ -185,17 +182,14 @@ func (ac *AccessController) checkList(matches, list []string) bool {
 			continue
 		}
 
-		// 支持多种匹配模式
 		if fullRepo == item {
 			return true
 		}
 
-		// 用户级匹配
 		if item == username || item == username+"/*" {
 			return true
 		}
 
-		// 前缀匹配（支持通配符）
 		if strings.HasSuffix(item, "*") {
 			prefix := strings.TrimSuffix(item, "*")
 			if strings.HasPrefix(fullRepo, prefix) {
@@ -203,12 +197,16 @@ func (ac *AccessController) checkList(matches, list []string) bool {
 			}
 		}
 
-		// 子仓库匹配（防止 user/repo 匹配到 user/repo-fork）
 		if strings.HasPrefix(fullRepo, item+"/") {
 			return true
 		}
+
+		if strings.HasPrefix(item, "*/") {
+			p := item[2:]
+			if p == repoName || (strings.HasSuffix(p, "*") && strings.HasPrefix(repoName, p[:len(p)-1])) {
+				return true
+			}
+		}
 	}
 	return false
 }
-
- 

src/utils/cache.go

@@ -1,4 +1,4 @@
-package main
+package utils
 
 import (
 	"crypto/md5"
@@ -9,22 +9,23 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"hubproxy/config"
 )
 
-// CachedItem 通用缓存项，支持Token和Manifest
+// CachedItem 通用缓存项
 type CachedItem struct {
-	Data        []byte         // 缓存数据(token字符串或manifest字节)
+	Data        []byte
-	ContentType string         // 内容类型
+	ContentType string
-	Headers     map[string]string // 额外的响应头
+	Headers     map[string]string
-	ExpiresAt   time.Time      // 过期时间
+	ExpiresAt   time.Time
 }
 
-// UniversalCache 通用缓存，支持Token和Manifest
+// UniversalCache 通用缓存
 type UniversalCache struct {
 	cache sync.Map
 }
 
-var globalCache = &UniversalCache{}
+var GlobalCache = &UniversalCache{}
 
 // Get 获取缓存项
 func (c *UniversalCache) Get(key string) *CachedItem {
@@ -57,22 +58,22 @@ func (c *UniversalCache) SetToken(key, token string, ttl time.Duration) {
 	c.Set(key, []byte(token), "application/json", nil, ttl)
 }
 
-// buildCacheKey 构建稳定的缓存key
+// BuildCacheKey 构建稳定的缓存key
-func buildCacheKey(prefix, query string) string {
+func BuildCacheKey(prefix, query string) string {
 	return fmt.Sprintf("%s:%x", prefix, md5.Sum([]byte(query)))
 }
 
-func buildTokenCacheKey(query string) string {
+func BuildTokenCacheKey(query string) string {
-	return buildCacheKey("token", query)
+	return BuildCacheKey("token", query)
 }
 
-func buildManifestCacheKey(imageRef, reference string) string {
+func BuildManifestCacheKey(imageRef, reference string) string {
 	key := fmt.Sprintf("%s:%s", imageRef, reference)
-	return buildCacheKey("manifest", key)
+	return BuildCacheKey("manifest", key)
 }
 
-func getManifestTTL(reference string) time.Duration {
+func GetManifestTTL(reference string) time.Duration {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 	defaultTTL := 30 * time.Minute
 	if cfg.TokenCache.DefaultTTL != "" {
 		if parsed, err := time.ParseDuration(cfg.TokenCache.DefaultTTL); err == nil {
@@ -84,23 +85,20 @@ func getManifestTTL(reference string) time.Duration {
 		return 24 * time.Hour
 	}
 
-	// mutable tag的智能判断
 	if reference == "latest" || reference == "main" || reference == "master" ||
-	   reference == "dev" || reference == "develop" {
+		reference == "dev" || reference == "develop" {
-		// 热门可变标签: 短期缓存
 		return 10 * time.Minute
 	}
 
 	return defaultTTL
 }
 
-// extractTTLFromResponse 从响应中智能提取TTL
+// ExtractTTLFromResponse 从响应中智能提取TTL
-func extractTTLFromResponse(responseBody []byte) time.Duration {
+func ExtractTTLFromResponse(responseBody []byte) time.Duration {
 	var tokenResp struct {
 		ExpiresIn int `json:"expires_in"`
 	}
 
-	// 默认30分钟TTL，确保稳定性
 	defaultTTL := 30 * time.Minute
 
 	if json.Unmarshal(responseBody, &tokenResp) == nil && tokenResp.ExpiresIn > 0 {
@@ -113,37 +111,35 @@ func extractTTLFromResponse(responseBody []byte) time.Duration {
 	return defaultTTL
 }
 
-func writeTokenResponse(c *gin.Context, cachedBody string) {
+func WriteTokenResponse(c *gin.Context, cachedBody string) {
 	c.Header("Content-Type", "application/json")
 	c.String(200, cachedBody)
 }
 
-func writeCachedResponse(c *gin.Context, item *CachedItem) {
+func WriteCachedResponse(c *gin.Context, item *CachedItem) {
 	if item.ContentType != "" {
 		c.Header("Content-Type", item.ContentType)
 	}
 
-	// 设置额外的响应头
 	for key, value := range item.Headers {
 		c.Header(key, value)
 	}
 
-	// 返回数据
 	c.Data(200, item.ContentType, item.Data)
 }
 
-// isCacheEnabled 检查缓存是否启用
+// IsCacheEnabled 检查缓存是否启用
-func isCacheEnabled() bool {
+func IsCacheEnabled() bool {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 	return cfg.TokenCache.Enabled
 }
 
-// isTokenCacheEnabled 检查token缓存是否启用(向后兼容)
+// IsTokenCacheEnabled 检查token缓存是否启用
-func isTokenCacheEnabled() bool {
+func IsTokenCacheEnabled() bool {
-	return isCacheEnabled()
+	return IsCacheEnabled()
 }
 
-// 定期清理过期缓存，防止内存泄漏
+// 定期清理过期缓存
 func init() {
 	go func() {
 		ticker := time.NewTicker(20 * time.Minute)
@@ -153,7 +149,7 @@ func init() {
 			now := time.Now()
 			expiredKeys := make([]string, 0)
 
-			globalCache.cache.Range(func(key, value interface{}) bool {
+			GlobalCache.cache.Range(func(key, value interface{}) bool {
 				if cached := value.(*CachedItem); now.After(cached.ExpiresAt) {
 					expiredKeys = append(expiredKeys, key.(string))
 				}
@@ -161,7 +157,7 @@ func init() {
 			})
 
 			for _, key := range expiredKeys {
-				globalCache.cache.Delete(key)
+				GlobalCache.cache.Delete(key)
 			}
 		}
 	}()

src/utils/http_client.go

@@ -0,0 +1,67 @@
+package utils
+
+import (
+	"net"
+	"net/http"
+	"os"
+	"time"
+
+	"hubproxy/config"
+)
+
+var (
+	globalHTTPClient *http.Client
+	searchHTTPClient *http.Client
+)
+
+// InitHTTPClients 初始化HTTP客户端
+func InitHTTPClients() {
+	cfg := config.GetConfig()
+
+	if p := cfg.Access.Proxy; p != "" {
+		os.Setenv("HTTP_PROXY", p)
+		os.Setenv("HTTPS_PROXY", p)
+	}
+
+	globalHTTPClient = &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			MaxIdleConns:          1000,
+			MaxIdleConnsPerHost:   1000,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+			ResponseHeaderTimeout: 300 * time.Second,
+		},
+	}
+
+	searchHTTPClient = &http.Client{
+		Timeout: 10 * time.Second,
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   5 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			MaxIdleConns:        100,
+			MaxIdleConnsPerHost: 10,
+			IdleConnTimeout:     90 * time.Second,
+			TLSHandshakeTimeout: 5 * time.Second,
+			DisableCompression:  false,
+		},
+	}
+}
+
+// GetGlobalHTTPClient 获取全局HTTP客户端
+func GetGlobalHTTPClient() *http.Client {
+	return globalHTTPClient
+}
+
+// GetSearchHTTPClient 获取搜索HTTP客户端
+func GetSearchHTTPClient() *http.Client {
+	return searchHTTPClient
+}

src/utils/proxy_shell.go

@@ -0,0 +1,107 @@
+package utils
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"regexp"
+	"strings"
+)
+
+// GitHub URL正则表达式
+var githubRegex = regexp.MustCompile(`(?:^|[\s'"(=,\[{;|&<>])https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'")]*`)
+
+// MaxShellSize 限制最大处理大小为 10MB
+const MaxShellSize = 10 * 1024 * 1024
+
+// ProcessSmart Shell脚本智能处理函数
+func ProcessSmart(input io.Reader, isCompressed bool, host string) (io.Reader, int64, error) {
+	content, err := readShellContent(input, isCompressed)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	if len(content) == 0 {
+		return strings.NewReader(""), 0, nil
+	}
+
+	if !bytes.Contains(content, []byte("github.com")) && !bytes.Contains(content, []byte("githubusercontent.com")) {
+		return bytes.NewReader(content), int64(len(content)), nil
+	}
+
+	processed := processGitHubURLs(string(content), host)
+
+	return strings.NewReader(processed), int64(len(processed)), nil
+}
+
+func readShellContent(input io.Reader, isCompressed bool) ([]byte, error) {
+	var reader io.Reader = input
+
+	if isCompressed {
+		peek := make([]byte, 2)
+		n, err := input.Read(peek)
+		if err != nil && err != io.EOF {
+			return nil, fmt.Errorf("读取数据失败: %v", err)
+		}
+
+		if n >= 2 && peek[0] == 0x1f && peek[1] == 0x8b {
+			combinedReader := io.MultiReader(bytes.NewReader(peek[:n]), input)
+			gzReader, err := gzip.NewReader(combinedReader)
+			if err != nil {
+				return nil, fmt.Errorf("gzip解压失败: %v", err)
+			}
+			defer gzReader.Close()
+			reader = gzReader
+		} else {
+			reader = io.MultiReader(bytes.NewReader(peek[:n]), input)
+		}
+	}
+
+	limit := int64(MaxShellSize + 1)
+	limitedReader := io.LimitReader(reader, limit)
+
+	data, err := io.ReadAll(limitedReader)
+	if err != nil {
+		return nil, fmt.Errorf("读取内容失败: %v", err)
+	}
+
+	if int64(len(data)) > MaxShellSize {
+		return nil, fmt.Errorf("脚本文件过大，超过 %d MB 限制", MaxShellSize/1024/1024)
+	}
+
+	return data, nil
+}
+
+func processGitHubURLs(content, host string) string {
+	return githubRegex.ReplaceAllStringFunc(content, func(match string) string {
+		// 如果匹配包含前缀分隔符，保留它，防止出现重复转换
+		if len(match) > 0 && match[0] != 'h' {
+			prefix := match[0:1]
+			url := match[1:]
+			return prefix + transformURL(url, host)
+		}
+		return transformURL(match, host)
+	})
+}
+
+// transformURL URL转换函数
+func transformURL(url, host string) string {
+	if strings.Contains(url, host) {
+		return url
+	}
+
+	if strings.HasPrefix(url, "http://") {
+		url = "https" + url[4:]
+	} else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
+		url = "https://" + url
+	}
+
+	// 确保 host 有协议头
+	if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
+		host = "https://" + host
+	}
+	host = strings.TrimSuffix(host, "/")
+
+	return host + "/" + url
+}

src/utils/ratelimiter.go

@@ -1,4 +1,4 @@
-package main
+package utils
 
 import (
 	"fmt"
@@ -9,22 +9,23 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"golang.org/x/time/rate"
+	"hubproxy/config"
 )
 
 const (
-	// 清理间隔
+	CleanupInterval = 20 * time.Minute
-	CleanupInterval = 10 * time.Minute
+	MaxIPCacheSize  = 10000
-	MaxIPCacheSize = 10000
 )
 
 // IPRateLimiter IP限流器结构体
 type IPRateLimiter struct {
-	ips       map[string]*rateLimiterEntry // IP到限流器的映射
+	ips              map[string]*rateLimiterEntry
-	mu        *sync.RWMutex                // 读写锁，保证并发安全
+	mu               *sync.RWMutex
-	r         rate.Limit                   // 速率限制（每秒允许的请求数）
+	r                rate.Limit
-	b         int                          // 令牌桶容量（突发请求数）
+	b                int
-	whitelist []*net.IPNet                 // 白名单IP段
+	whitelist        []*net.IPNet
-	blacklist []*net.IPNet                 // 黑名单IP段
+	blacklist        []*net.IPNet
+	whitelistLimiter *rate.Limiter // 全局共享的白名单限流器
 }
 
 // rateLimiterEntry 限流器条目
@@ -33,15 +34,15 @@ type rateLimiterEntry struct {
 	lastAccess time.Time
 }
 
-// initGlobalLimiter 初始化全局限流器
+// InitGlobalLimiter 初始化全局限流器
-func initGlobalLimiter() *IPRateLimiter {
+func InitGlobalLimiter() *IPRateLimiter {
-	cfg := GetConfig()
+	cfg := config.GetConfig()
 
 	whitelist := make([]*net.IPNet, 0, len(cfg.Security.WhiteList))
 	for _, item := range cfg.Security.WhiteList {
 		if item = strings.TrimSpace(item); item != "" {
 			if !strings.Contains(item, "/") {
-				item = item + "/32" // 单个IP转为CIDR格式
+				item = item + "/32"
 			}
 			_, ipnet, err := net.ParseCIDR(item)
 			if err == nil {
@@ -52,12 +53,11 @@ func initGlobalLimiter() *IPRateLimiter {
 		}
 	}
 
-	// 解析黑名单IP段
 	blacklist := make([]*net.IPNet, 0, len(cfg.Security.BlackList))
 	for _, item := range cfg.Security.BlackList {
 		if item = strings.TrimSpace(item); item != "" {
 			if !strings.Contains(item, "/") {
-				item = item + "/32" // 单个IP转为CIDR格式
+				item = item + "/32"
 			}
 			_, ipnet, err := net.ParseCIDR(item)
 			if err == nil {
@@ -68,34 +68,25 @@ func initGlobalLimiter() *IPRateLimiter {
 		}
 	}
 
-	// 计算速率：将 "每N小时X个请求" 转换为 "每秒Y个请求"
 	ratePerSecond := rate.Limit(float64(cfg.RateLimit.RequestLimit) / (cfg.RateLimit.PeriodHours * 3600))
 
 	burstSize := cfg.RateLimit.RequestLimit
-	if burstSize < 1 {
-		burstSize = 1
-	}
 
 	limiter := &IPRateLimiter{
-		ips:       make(map[string]*rateLimiterEntry),
+		ips:              make(map[string]*rateLimiterEntry),
-		mu:        &sync.RWMutex{},
+		mu:               &sync.RWMutex{},
-		r:         ratePerSecond,
+		r:                ratePerSecond,
-		b:         burstSize,
+		b:                burstSize,
-		whitelist: whitelist,
+		whitelist:        whitelist,
-		blacklist: blacklist,
+		blacklist:        blacklist,
+		whitelistLimiter: rate.NewLimiter(rate.Inf, burstSize),
 	}
 
-	// 启动定期清理goroutine
 	go limiter.cleanupRoutine()
 
 	return limiter
 }
 
-// initLimiter 初始化限流器
-func initLimiter() {
-	globalLimiter = initGlobalLimiter()
-}
-
 // cleanupRoutine 定期清理过期的限流器
 func (i *IPRateLimiter) cleanupRoutine() {
 	ticker := time.NewTicker(CleanupInterval)
@@ -105,25 +96,20 @@ func (i *IPRateLimiter) cleanupRoutine() {
 		now := time.Now()
 		expired := make([]string, 0)
 
-		// 查找过期的条目
 		i.mu.RLock()
 		for ip, entry := range i.ips {
-			// 如果最后访问时间超过1小时，认为过期
+			if now.Sub(entry.lastAccess) > 2*time.Hour {
-			if now.Sub(entry.lastAccess) > 1*time.Hour {
 				expired = append(expired, ip)
 			}
 		}
 		i.mu.RUnlock()
 
-		// 如果有过期条目或者缓存过大，进行清理
 		if len(expired) > 0 || len(i.ips) > MaxIPCacheSize {
 			i.mu.Lock()
-			// 删除过期条目
 			for _, ip := range expired {
 				delete(i.ips, ip)
 			}
 
-			// 如果缓存仍然过大，全部清理
 			if len(i.ips) > MaxIPCacheSize {
 				i.ips = make(map[string]*rateLimiterEntry)
 			}
@@ -140,28 +126,26 @@ func extractIPFromAddress(address string) string {
 	return address
 }
 
-// normalizeIPForRateLimit 标准化IP地址用于限流：IPv4保持不变，IPv6标准化为/64网段
+// normalizeIPForRateLimit 标准化IP地址用于限流
 func normalizeIPForRateLimit(ipStr string) string {
 	ip := net.ParseIP(ipStr)
 	if ip == nil {
-		return ipStr // 解析失败，返回原值
+		return ipStr
 	}
 
 	if ip.To4() != nil {
-		return ipStr // IPv4保持不变
+		return ipStr
 	}
 
-	// IPv6：标准化为 /64 网段
 	ipv6 := ip.To16()
 	for i := 8; i < 16; i++ {
-		ipv6[i] = 0 // 清零后64位
+		ipv6[i] = 0
 	}
 	return ipv6.String() + "/64"
 }
 
 // isIPInCIDRList 检查IP是否在CIDR列表中
 func isIPInCIDRList(ip string, cidrList []*net.IPNet) bool {
-	// 先提取纯IP地址
 	cleanIP := extractIPFromAddress(ip)
 	parsedIP := net.ParseIP(cleanIP)
 	if parsedIP == nil {
@@ -176,22 +160,18 @@ func isIPInCIDRList(ip string, cidrList []*net.IPNet) bool {
 	return false
 }
 
-// GetLimiter 获取指定IP的限流器，同时返回是否允许访问
+// GetLimiter 获取指定IP的限流器
 func (i *IPRateLimiter) GetLimiter(ip string) (*rate.Limiter, bool) {
-	// 提取纯IP地址
 	cleanIP := extractIPFromAddress(ip)
 
-	// 检查是否在黑名单中
 	if isIPInCIDRList(cleanIP, i.blacklist) {
 		return nil, false
 	}
 
-	// 检查是否在白名单中
 	if isIPInCIDRList(cleanIP, i.whitelist) {
-		return rate.NewLimiter(rate.Inf, i.b), true
+		return i.whitelistLimiter, true
 	}
 
-	// 标准化IP用于限流：IPv4保持不变，IPv6标准化为/64网段
 	normalizedIP := normalizeIPForRateLimit(cleanIP)
 
 	now := time.Now()
@@ -230,38 +210,29 @@ func (i *IPRateLimiter) GetLimiter(ip string) (*rate.Limiter, bool) {
 // RateLimitMiddleware 速率限制中间件
 func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 静态文件豁免：跳过限流检查
 		path := c.Request.URL.Path
 		if path == "/" || path == "/favicon.ico" || path == "/images.html" || path == "/search.html" ||
-		   strings.HasPrefix(path, "/public/") {
+			strings.HasPrefix(path, "/public/") {
 			c.Next()
 			return
 		}
 
-		// 获取客户端真实IP
 		var ip string
 
-		// 优先尝试从请求头获取真实IP
 		if forwarded := c.GetHeader("X-Forwarded-For"); forwarded != "" {
-			// X-Forwarded-For可能包含多个IP，取第一个
 			ips := strings.Split(forwarded, ",")
 			ip = strings.TrimSpace(ips[0])
 		} else if realIP := c.GetHeader("X-Real-IP"); realIP != "" {
-			// 如果有X-Real-IP头
 			ip = realIP
 		} else if remoteIP := c.GetHeader("X-Original-Forwarded-For"); remoteIP != "" {
-			// 某些代理可能使用此头
 			ips := strings.Split(remoteIP, ",")
 			ip = strings.TrimSpace(ips[0])
 		} else {
-			// 回退到ClientIP方法
 			ip = c.ClientIP()
 		}
 
-		// 提取纯IP地址（去除可能存在的端口）
 		cleanIP := extractIPFromAddress(ip)
 
-		// 日志记录请求IP和头信息
 		normalizedIP := normalizeIPForRateLimit(cleanIP)
 		if cleanIP != normalizedIP {
 			fmt.Printf("请求IP: %s (提纯后: %s, 限流段: %s), X-Forwarded-For: %s, X-Real-IP: %s\n",
@@ -275,10 +246,8 @@ func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc {
 				c.GetHeader("X-Real-IP"))
 		}
 
-		// 获取限流器并检查是否允许访问
 		ipLimiter, allowed := limiter.GetLimiter(cleanIP)
 
-		// 如果IP在黑名单中
 		if !allowed {
 			c.JSON(403, gin.H{
 				"error": "您已被限制访问",
@@ -287,7 +256,6 @@ func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc {
 			return
 		}
 
-		// 检查限流
 		if !ipLimiter.Allow() {
 			c.JSON(429, gin.H{
 				"error": "请求频率过快，暂时限制访问",
@@ -299,5 +267,3 @@ func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc {
 		c.Next()
 	}
 }
-
-