Compare commits
8 Commits
v1.2.0
...
registry-a
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
6ff610f5af | ||
|
|
7534c64197 | ||
|
|
5928a0a9e4 | ||
|
|
685388fff9 | ||
|
|
c6d95e683f | ||
|
|
f8828ccb74 | ||
|
|
fdc156adad | ||
|
|
80b0173d7c |
16
.github/workflows/docker-ghcr.yml
vendored
16
.github/workflows/docker-ghcr.yml
vendored
@@ -3,9 +3,9 @@ on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Version number'
|
||||
description: '版本号 (例如: v1.0.0)'
|
||||
required: true
|
||||
default: 'latest'
|
||||
default: 'v1.0.0'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@@ -36,7 +36,12 @@ jobs:
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Set version from input
|
||||
run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
|
||||
run: |
|
||||
VERSION=${{ github.event.inputs.version }}
|
||||
if [[ $VERSION == v* ]]; then
|
||||
VERSION=${VERSION:1}
|
||||
fi
|
||||
echo "VERSION=$VERSION" >> $GITHUB_ENV
|
||||
|
||||
- name: Convert repository name to lowercase
|
||||
run: |
|
||||
@@ -47,10 +52,9 @@ jobs:
|
||||
- name: Build and push Docker image
|
||||
run: |
|
||||
docker buildx build --push \
|
||||
--platform linux/amd64,linux/arm64 \
|
||||
--platform linux/amd64 \
|
||||
--tag ghcr.io/${{ env.REPO_LOWER }}:${{ env.VERSION }} \
|
||||
--tag ghcr.io/${{ env.REPO_LOWER }}:latest \
|
||||
--build-arg VERSION=${{ env.VERSION }} \
|
||||
-f Dockerfile .
|
||||
env:
|
||||
GHCR_PUBLIC: true # 将镜像设置为公开
|
||||
GHCR_PUBLIC: true
|
||||
|
||||
4
.github/workflows/release.yml
vendored
4
.github/workflows/release.yml
vendored
@@ -1,7 +1,7 @@
|
||||
name: 发布二进制文件
|
||||
|
||||
on:
|
||||
workflow_dispatch: # 手动触发
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: '版本号 (例如: v1.0.0)'
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
- name: 检出代码
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0 # 获取完整历史,用于生成变更日志
|
||||
fetch-depth: 0
|
||||
|
||||
- name: 设置Go环境
|
||||
uses: actions/setup-go@v5
|
||||
|
||||
@@ -83,6 +83,12 @@ authHost = "registry.k8s.io"
|
||||
authType = "anonymous"
|
||||
enabled = true
|
||||
|
||||
# Default Registry
|
||||
[defaultRegistry]
|
||||
upstream = "registry-1.docker.io"
|
||||
authHost = "auth.docker.io"
|
||||
enabled = true
|
||||
|
||||
[tokenCache]
|
||||
# 是否启用缓存(同时控制Token和Manifest缓存)显著提升性能
|
||||
enabled = true
|
||||
|
||||
@@ -49,6 +49,8 @@ type AppConfig struct {
|
||||
} `toml:"download"`
|
||||
|
||||
Registries map[string]RegistryMapping `toml:"registries"`
|
||||
|
||||
DefaultRegistry RegistryMapping `toml:"defaultRegistry"`
|
||||
|
||||
TokenCache struct {
|
||||
Enabled bool `toml:"enabled"`
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -16,6 +17,8 @@ import (
|
||||
"hubproxy/utils"
|
||||
)
|
||||
|
||||
var realmRegex = regexp.MustCompile(`realm="(https?://)([^/"]+)(/?[^"]*)"`)
|
||||
|
||||
// DockerProxy Docker代理配置
|
||||
type DockerProxy struct {
|
||||
registry name.Registry
|
||||
@@ -28,9 +31,16 @@ var dockerProxy *DockerProxy
|
||||
type RegistryDetector struct{}
|
||||
|
||||
// detectRegistryDomain 检测Registry域名并返回域名和剩余路径
|
||||
func (rd *RegistryDetector) detectRegistryDomain(path string) (string, string) {
|
||||
func (rd *RegistryDetector) detectRegistryDomain(c *gin.Context, path string) (string, string) {
|
||||
cfg := config.GetConfig()
|
||||
|
||||
// 兼容Containerd的ns参数
|
||||
if ns := c.Query("ns"); ns != "" {
|
||||
if mapping, exists := cfg.Registries[ns]; exists && mapping.Enabled {
|
||||
return ns, path
|
||||
}
|
||||
}
|
||||
|
||||
for domain := range cfg.Registries {
|
||||
if strings.HasPrefix(path, domain+"/") {
|
||||
remainingPath := strings.TrimPrefix(path, domain+"/")
|
||||
@@ -61,7 +71,13 @@ var registryDetector = &RegistryDetector{}
|
||||
|
||||
// InitDockerProxy 初始化Docker代理
|
||||
func InitDockerProxy() {
|
||||
registry, err := name.NewRegistry("registry-1.docker.io")
|
||||
cfg := config.GetConfig()
|
||||
upstream := "registry-1.docker.io"
|
||||
if cfg.DefaultRegistry.Upstream != "" {
|
||||
upstream = cfg.DefaultRegistry.Upstream
|
||||
}
|
||||
|
||||
registry, err := name.NewRegistry(upstream)
|
||||
if err != nil {
|
||||
fmt.Printf("创建Docker registry失败: %v\n", err)
|
||||
return
|
||||
@@ -99,7 +115,7 @@ func ProxyDockerRegistryGin(c *gin.Context) {
|
||||
func handleRegistryRequest(c *gin.Context, path string) {
|
||||
pathWithoutV2 := strings.TrimPrefix(path, "/v2/")
|
||||
|
||||
if registryDomain, remainingPath := registryDetector.detectRegistryDomain(pathWithoutV2); registryDomain != "" {
|
||||
if registryDomain, remainingPath := registryDetector.detectRegistryDomain(c, pathWithoutV2); registryDomain != "" {
|
||||
if registryDetector.isRegistryEnabled(registryDomain) {
|
||||
c.Set("target_registry_domain", registryDomain)
|
||||
c.Set("target_path", remainingPath)
|
||||
@@ -346,17 +362,21 @@ func (r *ResponseRecorder) Write(data []byte) (int, error) {
|
||||
}
|
||||
|
||||
func proxyDockerAuthOriginal(c *gin.Context) {
|
||||
var authURL string
|
||||
cfg := config.GetConfig()
|
||||
|
||||
authHost := "auth.docker.io"
|
||||
if cfg.DefaultRegistry.AuthHost != "" {
|
||||
authHost = cfg.DefaultRegistry.AuthHost
|
||||
}
|
||||
|
||||
if targetDomain, exists := c.Get("target_registry_domain"); exists {
|
||||
if mapping, found := registryDetector.getRegistryMapping(targetDomain.(string)); found {
|
||||
authURL = "https://" + mapping.AuthHost + c.Request.URL.Path
|
||||
} else {
|
||||
authURL = "https://auth.docker.io" + c.Request.URL.Path
|
||||
authHost = mapping.AuthHost
|
||||
}
|
||||
} else {
|
||||
authURL = "https://auth.docker.io" + c.Request.URL.Path
|
||||
}
|
||||
|
||||
authURL := "https://" + authHost + c.Request.URL.Path
|
||||
|
||||
if c.Request.URL.RawQuery != "" {
|
||||
authURL += "?" + c.Request.URL.RawQuery
|
||||
}
|
||||
@@ -399,10 +419,15 @@ func proxyDockerAuthOriginal(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
scheme := "http"
|
||||
if c.Request.TLS != nil || c.GetHeader("X-Forwarded-Proto") == "https" {
|
||||
scheme = "https"
|
||||
}
|
||||
|
||||
for key, values := range resp.Header {
|
||||
for _, value := range values {
|
||||
if key == "Www-Authenticate" {
|
||||
value = rewriteAuthHeader(value, proxyHost)
|
||||
value = rewriteAuthHeader(value, scheme, proxyHost)
|
||||
}
|
||||
c.Header(key, value)
|
||||
}
|
||||
@@ -413,13 +438,8 @@ func proxyDockerAuthOriginal(c *gin.Context) {
|
||||
}
|
||||
|
||||
// rewriteAuthHeader 重写认证头
|
||||
func rewriteAuthHeader(authHeader, proxyHost string) string {
|
||||
authHeader = strings.ReplaceAll(authHeader, "https://auth.docker.io", "http://"+proxyHost)
|
||||
authHeader = strings.ReplaceAll(authHeader, "https://ghcr.io", "http://"+proxyHost)
|
||||
authHeader = strings.ReplaceAll(authHeader, "https://gcr.io", "http://"+proxyHost)
|
||||
authHeader = strings.ReplaceAll(authHeader, "https://quay.io", "http://"+proxyHost)
|
||||
|
||||
return authHeader
|
||||
func rewriteAuthHeader(authHeader, scheme, proxyHost string) string {
|
||||
return realmRegex.ReplaceAllString(authHeader, fmt.Sprintf(`realm="%s://%s$3"`, scheme, proxyHost))
|
||||
}
|
||||
|
||||
// handleMultiRegistryRequest 处理多Registry请求
|
||||
@@ -598,12 +618,5 @@ func createUpstreamOptions(mapping config.RegistryMapping) []remote.Option {
|
||||
remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
|
||||
}
|
||||
|
||||
// 预留将来不同Registry的差异化认证逻辑扩展点
|
||||
switch mapping.AuthType {
|
||||
case "github":
|
||||
case "google":
|
||||
case "quay":
|
||||
}
|
||||
|
||||
return options
|
||||
}
|
||||
|
||||
@@ -171,9 +171,9 @@ func proxyGitHubWithRedirect(c *gin.Context, u string, redirectCount int) {
|
||||
|
||||
processedBody, processedSize, err := utils.ProcessSmart(resp.Body, isGzipCompressed, realHost)
|
||||
if err != nil {
|
||||
fmt.Printf("智能处理失败,回退到直接代理: %v\n", err)
|
||||
processedBody = resp.Body
|
||||
processedSize = 0
|
||||
fmt.Printf("脚本处理失败: %v\n", err)
|
||||
c.String(http.StatusBadGateway, "Script processing failed: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
// 智能设置响应头
|
||||
|
||||
@@ -125,7 +125,7 @@ func main() {
|
||||
fmt.Printf("H2c: 已启用\n")
|
||||
}
|
||||
|
||||
fmt.Printf("版本号: v1.2.0\n")
|
||||
fmt.Printf("版本号: v1.2.1\n")
|
||||
fmt.Printf("项目地址: https://github.com/sky22333/hubproxy\n")
|
||||
|
||||
// 创建HTTP2服务器
|
||||
|
||||
@@ -200,6 +200,13 @@ func (ac *AccessController) checkList(matches, list []string) bool {
|
||||
if strings.HasPrefix(fullRepo, item+"/") {
|
||||
return true
|
||||
}
|
||||
|
||||
if strings.HasPrefix(item, "*/") {
|
||||
p := item[2:]
|
||||
if p == repoName || (strings.HasSuffix(p, "*") && strings.HasPrefix(repoName, p[:len(p)-1])) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -12,47 +12,44 @@ import (
|
||||
// GitHub URL正则表达式
|
||||
var githubRegex = regexp.MustCompile(`(?:^|[\s'"(=,\[{;|&<>])https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'")]*`)
|
||||
|
||||
// ProcessSmart Shell脚本智能处理函数
|
||||
func ProcessSmart(input io.ReadCloser, isCompressed bool, host string) (io.Reader, int64, error) {
|
||||
defer input.Close()
|
||||
// MaxShellSize 限制最大处理大小为 10MB
|
||||
const MaxShellSize = 10 * 1024 * 1024
|
||||
|
||||
// ProcessSmart Shell脚本智能处理函数
|
||||
func ProcessSmart(input io.Reader, isCompressed bool, host string) (io.Reader, int64, error) {
|
||||
content, err := readShellContent(input, isCompressed)
|
||||
if err != nil {
|
||||
return nil, 0, fmt.Errorf("内容读取失败: %v", err)
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
if len(content) == 0 {
|
||||
return strings.NewReader(""), 0, nil
|
||||
}
|
||||
|
||||
if len(content) > 10*1024*1024 {
|
||||
return strings.NewReader(content), int64(len(content)), nil
|
||||
if !bytes.Contains(content, []byte("github.com")) && !bytes.Contains(content, []byte("githubusercontent.com")) {
|
||||
return bytes.NewReader(content), int64(len(content)), nil
|
||||
}
|
||||
|
||||
if !strings.Contains(content, "github.com") && !strings.Contains(content, "githubusercontent.com") {
|
||||
return strings.NewReader(content), int64(len(content)), nil
|
||||
}
|
||||
|
||||
processed := processGitHubURLs(content, host)
|
||||
processed := processGitHubURLs(string(content), host)
|
||||
|
||||
return strings.NewReader(processed), int64(len(processed)), nil
|
||||
}
|
||||
|
||||
func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
|
||||
func readShellContent(input io.Reader, isCompressed bool) ([]byte, error) {
|
||||
var reader io.Reader = input
|
||||
|
||||
if isCompressed {
|
||||
peek := make([]byte, 2)
|
||||
n, err := input.Read(peek)
|
||||
if err != nil && err != io.EOF {
|
||||
return "", fmt.Errorf("读取数据失败: %v", err)
|
||||
return nil, fmt.Errorf("读取数据失败: %v", err)
|
||||
}
|
||||
|
||||
if n >= 2 && peek[0] == 0x1f && peek[1] == 0x8b {
|
||||
combinedReader := io.MultiReader(bytes.NewReader(peek[:n]), input)
|
||||
gzReader, err := gzip.NewReader(combinedReader)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("gzip解压失败: %v", err)
|
||||
return nil, fmt.Errorf("gzip解压失败: %v", err)
|
||||
}
|
||||
defer gzReader.Close()
|
||||
reader = gzReader
|
||||
@@ -61,12 +58,19 @@ func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
|
||||
}
|
||||
}
|
||||
|
||||
data, err := io.ReadAll(reader)
|
||||
limit := int64(MaxShellSize + 1)
|
||||
limitedReader := io.LimitReader(reader, limit)
|
||||
|
||||
data, err := io.ReadAll(limitedReader)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("读取内容失败: %v", err)
|
||||
return nil, fmt.Errorf("读取内容失败: %v", err)
|
||||
}
|
||||
|
||||
return string(data), nil
|
||||
if int64(len(data)) > MaxShellSize {
|
||||
return nil, fmt.Errorf("脚本文件过大,超过 %d MB 限制", MaxShellSize/1024/1024)
|
||||
}
|
||||
|
||||
return data, nil
|
||||
}
|
||||
|
||||
func processGitHubURLs(content, host string) string {
|
||||
|
||||
Reference in New Issue
Block a user