🔧 config: Default config field for docker hub auth

🔒️✨ docker: Support basic auth for docker hub
2025-10-03 16:48:05 +08:00 · 2025-10-03 16:41:40 +08:00
14 changed files with 106 additions and 93 deletions
--- a/.github/demo/deepwiki.svg
+++ b/.github/demo/deepwiki.svg
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="90" height="28" role="img" aria-label="DeepWiki">
+  <title>DeepWiki</title>
+  <rect width="90" height="28" rx="4" fill="#0f766e"></rect>
+  <text x="45" y="19" fill="#fff" font-family="Arial, Helvetica, sans-serif" font-size="12" text-anchor="middle">DeepWiki</text>
+</svg>
--- a/.github/demo/demo1.jpg
+++ b/.github/demo/demo1.jpg
--- a/.github/demo/demo2.jpg
+++ b/.github/demo/demo2.jpg
--- a/.github/demo/demo3.jpg
+++ b/.github/demo/demo3.jpg
--- a/.github/workflows/docker-ghcr.yml
+++ b/.github/workflows/docker-ghcr.yml
@@ -3,9 +3,9 @@ on:
  workflow_dispatch:
    inputs:
      version:
-        description: '版本号 (例如: v1.0.0)'
+        description: 'Version number'
        required: true
-        default: 'v1.0.0'
+        default: 'latest'

 jobs:
  build:
@@ -36,12 +36,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}
          
      - name: Set version from input
-        run: |
-          VERSION=${{ github.event.inputs.version }}
-          if [[ $VERSION == v* ]]; then
-            VERSION=${VERSION:1}
-          fi
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
+        run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV

      - name: Convert repository name to lowercase
        run: |
@@ -58,4 +53,4 @@ jobs:
            --build-arg VERSION=${{ env.VERSION }} \
            -f Dockerfile .
        env:
-          GHCR_PUBLIC: true
+          GHCR_PUBLIC: true  # 将镜像设置为公开
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,7 +1,7 @@
 name: 发布二进制文件

 on:
-  workflow_dispatch:
+  workflow_dispatch:  # 手动触发
    inputs:
      version:
        description: '版本号 (例如: v1.0.0)'
@@ -18,7 +18,7 @@ jobs:
      - name: 检出代码
        uses: actions/checkout@v4
        with:
-          fetch-depth: 0
+          fetch-depth: 0  # 获取完整历史，用于生成变更日志
          
      - name: 设置Go环境
        uses: actions/setup-go@v5
--- a/README.md
+++ b/README.md
@@ -1,6 +1,12 @@
 # HubProxy

- **Docker 和 GitHub 加速代理服务器**
+🚀 **Docker 和 GitHub 加速代理服务器**
+
+<p align="center">
+  <a href="https://deepwiki.com/sky22333/hubproxy">
+    <img src="./.github/demo/deepwiki.svg" alt="DeepWiki">
+  </a>
+</p>

 一个轻量级、高性能的多功能代理服务，提供 Docker 镜像加速、GitHub 文件加速、下载离线镜像、在线搜索 Docker 镜像等功能。

@@ -9,7 +15,7 @@
  <img src="https://count.getloli.com/get/@sky22333.hubproxy?theme=rule34" alt="Visitors">
 </p>

-## 特性
+## ✨ 特性

 - 🐳 **Docker 镜像加速** - 支持 Docker Hub、GHCR、Quay 等多个镜像仓库加速，流式传输优化拉取速度。
 - 🐳 **离线镜像包** - 支持下载离线镜像包，流式传输加防抖设计。
@@ -23,13 +29,8 @@
 - 🛡️ **完全自托管** - 避免依赖免费第三方服务的不稳定性，例如`cloudflare`等等。
 - 🚀 **多服务统一加速** - 单个程序即可统一加速 Docker、GitHub、Hugging Face 等多种服务，简化部署与管理。

-## 详细文档

-[中文文档](https://zread.ai/sky22333/hubproxy)
-
-[English](https://deepwiki.com/sky22333/hubproxy)
-
-## 快速开始
+## 🚀 快速开始

 ### Docker部署（推荐）
 ```
@@ -40,6 +41,8 @@ docker run -d \
  ghcr.io/sky22333/hubproxy
 ```

+
+
 ### 一键脚本安装

 ```bash
@@ -49,12 +52,14 @@ curl -fsSL https://raw.githubusercontent.com/sky22333/hubproxy/main/install.sh |
 支持单个二进制文件直接启动，无需其他配置，内置默认配置，支持所有功能。

 这个脚本会：
- 自动检测系统架构（AMD64/ARM64）
- 从 GitHub Releases 下载最新版本
- 自动配置系统服务
- 保留现有配置（升级时）
+- 🔍 自动检测系统架构（AMD64/ARM64）
+- 📥 从 GitHub Releases 下载最新版本
+- ⚙️ 自动配置系统服务
+- 🔄 保留现有配置（升级时）

-## 使用方法
+
+
+## 📖 使用方法

 ### Docker 镜像加速

@@ -98,7 +103,7 @@ https://yourdomain.com/https://github.com/user/repo/releases/download/v1.0.0/fil
 git clone https://yourdomain.com/https://github.com/sky22333/hubproxy.git
 ```

-## 配置
+## ⚙️ 配置

 <details>
  <summary>config.toml 配置说明</summary>
@@ -244,9 +249,16 @@ example.com {

 </div>

+
 ## 界面预览

 ![1](./.github/demo/demo1.jpg)

+![2](./.github/demo/demo2.jpg)
+
+![3](./.github/demo/demo3.jpg)
+
+
+
 ## Star 趋势
 [![Star 趋势](https://starchart.cc/sky22333/hubproxy.svg?variant=adaptive)](https://starchart.cc/sky22333/hubproxy)
--- a/src/config.toml
+++ b/src/config.toml
@@ -46,19 +46,24 @@ blackList = [
 # 无认证: socks5://127.0.0.1:1080
 # 有认证: socks5://username:password@127.0.0.1:1080
 # 留空不使用代理
-proxy = "" 
+proxy = ""

 [download]
 # 批量下载离线镜像数量限制
 maxImages = 10

+# Docker Hub 认证信息，留空则匿名拉取
+[dockerHubAuth]
+username = "" # e.g., user1
+token = "" # e.g., dckr_pat_***
+
 # Registry映射配置，支持多种镜像仓库上游
 [registries]

 # GitHub Container Registry
 [registries."ghcr.io"]
 upstream = "ghcr.io"
-authHost = "ghcr.io/token" 
+authHost = "ghcr.io/token"
 authType = "github"
 enabled = true

--- a/src/config/config.go
+++ b/src/config/config.go
@@ -48,6 +48,11 @@ type AppConfig struct {
 		MaxImages int `toml:"maxImages"`
 	} `toml:"download"`

+	DockerHubAuth struct {
+		Username string `toml:"username"`
+		Token    string `toml:"token"`
+	} `toml:"dockerHubAuth"`
+
 	Registries map[string]RegistryMapping `toml:"registries"`

 	TokenCache struct {
@@ -108,6 +113,13 @@ func DefaultConfig() *AppConfig {
 		}{
 			MaxImages: 10,
 		},
+		DockerHubAuth: struct {
+			Username string `toml:"username"`
+			Token    string `toml:"token"`
+		}{
+			Username: "",
+			Token:    "",
+		},
 		Registries: map[string]RegistryMapping{
 			"ghcr.io": {
 				Upstream: "ghcr.io",
--- a/src/handlers/docker.go
+++ b/src/handlers/docker.go
@@ -28,16 +28,9 @@ var dockerProxy *DockerProxy
 type RegistryDetector struct{}

 // detectRegistryDomain 检测Registry域名并返回域名和剩余路径
-func (rd *RegistryDetector) detectRegistryDomain(c *gin.Context, path string) (string, string) {
+func (rd *RegistryDetector) detectRegistryDomain(path string) (string, string) {
 	cfg := config.GetConfig()

-	// 兼容Containerd的ns参数
-	if ns := c.Query("ns"); ns != "" {
-		if mapping, exists := cfg.Registries[ns]; exists && mapping.Enabled {
-			return ns, path
-		}
-	}
-
 	for domain := range cfg.Registries {
 		if strings.HasPrefix(path, domain+"/") {
 			remainingPath := strings.TrimPrefix(path, domain+"/")
@@ -75,10 +68,18 @@ func InitDockerProxy() {
 	}

 	options := []remote.Option{
-		remote.WithAuth(authn.Anonymous),
 		remote.WithUserAgent("hubproxy/go-containerregistry"),
 		remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
 	}
+	dockerHubAuth := config.GetConfig().DockerHubAuth
+	if dockerHubAuth.Token != "" && dockerHubAuth.Username != "" {
+		options = append(options, remote.WithAuth(&authn.Basic{
+			Username: dockerHubAuth.Username,
+			Password: dockerHubAuth.Token,
+		}))
+	} else {
+		options = append(options, remote.WithAuth(authn.Anonymous))
+	}

 	dockerProxy = &DockerProxy{
 		registry: registry,
@@ -106,7 +107,7 @@ func ProxyDockerRegistryGin(c *gin.Context) {
 func handleRegistryRequest(c *gin.Context, path string) {
 	pathWithoutV2 := strings.TrimPrefix(path, "/v2/")

-	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(c, pathWithoutV2); registryDomain != "" {
+	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(pathWithoutV2); registryDomain != "" {
 		if registryDetector.isRegistryEnabled(registryDomain) {
 			c.Set("target_registry_domain", registryDomain)
 			c.Set("target_path", remainingPath)
--- a/src/handlers/github.go
+++ b/src/handlers/github.go
@@ -171,9 +171,9 @@ func proxyGitHubWithRedirect(c *gin.Context, u string, redirectCount int) {

 		processedBody, processedSize, err := utils.ProcessSmart(resp.Body, isGzipCompressed, realHost)
 		if err != nil {
-			fmt.Printf("脚本处理失败: %v\n", err)
-			c.String(http.StatusBadGateway, "Script processing failed: %v", err)
-			return
+			fmt.Printf("智能处理失败，回退到直接代理: %v\n", err)
+			processedBody = resp.Body
+			processedSize = 0
 		}

 		// 智能设置响应头
--- a/src/main.go
+++ b/src/main.go
@@ -125,7 +125,7 @@ func main() {
 		fmt.Printf("H2c: 已启用\n")
 	}

-	fmt.Printf("版本号: v1.2.1\n")
+	fmt.Printf("版本号: v1.1.9\n")
 	fmt.Printf("项目地址: https://github.com/sky22333/hubproxy\n")

 	// 创建HTTP2服务器
--- a/src/utils/access_control.go
+++ b/src/utils/access_control.go
@@ -200,13 +200,6 @@ func (ac *AccessController) checkList(matches, list []string) bool {
 		if strings.HasPrefix(fullRepo, item+"/") {
 			return true
 		}
-
-		if strings.HasPrefix(item, "*/") {
-			p := item[2:]
-			if p == repoName || (strings.HasSuffix(p, "*") && strings.HasPrefix(repoName, p[:len(p)-1])) {
-				return true
-			}
-		}
 	}
 	return false
 }
--- a/src/utils/proxy_shell.go
+++ b/src/utils/proxy_shell.go
@@ -10,46 +10,49 @@ import (
 )

 // GitHub URL正则表达式
-var githubRegex = regexp.MustCompile(`(?:^|[\s'"(=,\[{;|&<>])https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'")]*`)
-
-// MaxShellSize 限制最大处理大小为 10MB
-const MaxShellSize = 10 * 1024 * 1024
+var githubRegex = regexp.MustCompile(`https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'"]+`)

 // ProcessSmart Shell脚本智能处理函数
-func ProcessSmart(input io.Reader, isCompressed bool, host string) (io.Reader, int64, error) {
+func ProcessSmart(input io.ReadCloser, isCompressed bool, host string) (io.Reader, int64, error) {
+	defer input.Close()
+
 	content, err := readShellContent(input, isCompressed)
 	if err != nil {
-		return nil, 0, err
+		return nil, 0, fmt.Errorf("内容读取失败: %v", err)
 	}

 	if len(content) == 0 {
 		return strings.NewReader(""), 0, nil
 	}

-	if !bytes.Contains(content, []byte("github.com")) && !bytes.Contains(content, []byte("githubusercontent.com")) {
-		return bytes.NewReader(content), int64(len(content)), nil
+	if len(content) > 10*1024*1024 {
+		return strings.NewReader(content), int64(len(content)), nil
 	}

-	processed := processGitHubURLs(string(content), host)
+	if !strings.Contains(content, "github.com") && !strings.Contains(content, "githubusercontent.com") {
+		return strings.NewReader(content), int64(len(content)), nil
+	}
+
+	processed := processGitHubURLs(content, host)

 	return strings.NewReader(processed), int64(len(processed)), nil
 }

-func readShellContent(input io.Reader, isCompressed bool) ([]byte, error) {
+func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
 	var reader io.Reader = input

 	if isCompressed {
 		peek := make([]byte, 2)
 		n, err := input.Read(peek)
 		if err != nil && err != io.EOF {
-			return nil, fmt.Errorf("读取数据失败: %v", err)
+			return "", fmt.Errorf("读取数据失败: %v", err)
 		}

 		if n >= 2 && peek[0] == 0x1f && peek[1] == 0x8b {
 			combinedReader := io.MultiReader(bytes.NewReader(peek[:n]), input)
 			gzReader, err := gzip.NewReader(combinedReader)
 			if err != nil {
-				return nil, fmt.Errorf("gzip解压失败: %v", err)
+				return "", fmt.Errorf("gzip解压失败: %v", err)
 			}
 			defer gzReader.Close()
 			reader = gzReader
@@ -58,50 +61,37 @@ func readShellContent(input io.Reader, isCompressed bool) ([]byte, error) {
 		}
 	}

-	limit := int64(MaxShellSize + 1)
-	limitedReader := io.LimitReader(reader, limit)
-
-	data, err := io.ReadAll(limitedReader)
+	data, err := io.ReadAll(reader)
 	if err != nil {
-		return nil, fmt.Errorf("读取内容失败: %v", err)
+		return "", fmt.Errorf("读取内容失败: %v", err)
 	}

-	if int64(len(data)) > MaxShellSize {
-		return nil, fmt.Errorf("脚本文件过大，超过 %d MB 限制", MaxShellSize/1024/1024)
-	}
-
-	return data, nil
+	return string(data), nil
 }

 func processGitHubURLs(content, host string) string {
-	return githubRegex.ReplaceAllStringFunc(content, func(match string) string {
-		// 如果匹配包含前缀分隔符，保留它，防止出现重复转换
-		if len(match) > 0 && match[0] != 'h' {
-			prefix := match[0:1]
-			url := match[1:]
-			return prefix + transformURL(url, host)
-		}
-		return transformURL(match, host)
+	return githubRegex.ReplaceAllStringFunc(content, func(url string) string {
+		return transformURL(url, host)
 	})
 }

 // transformURL URL转换函数
 func transformURL(url, host string) string {
-	if strings.Contains(url, host) {
-		return url
-	}
+    if strings.Contains(url, host) {
+        return url
+    }

-	if strings.HasPrefix(url, "http://") {
-		url = "https" + url[4:]
-	} else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
-		url = "https://" + url
-	}
+    if strings.HasPrefix(url, "http://") {
+        url = "https" + url[4:]
+    } else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
+        url = "https://" + url
+    }

-	// 确保 host 有协议头
-	if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
-		host = "https://" + host
-	}
-	host = strings.TrimSuffix(host, "/")
+    // 确保 host 有协议头
+    if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
+        host = "https://" + host
+    }
+    host = strings.TrimSuffix(host, "/")

-	return host + "/" + url
-}
+    return host + "/" + url
+}
Author	SHA1	Message	Date
wmgit	4053481714	🔧 config: Default config field for docker hub auth	2025-10-03 16:48:05 +08:00
wmgit	58097f865d	🔒️✨ docker: Support basic auth for docker hub	2025-10-03 16:41:40 +08:00