add

docker_proxy.js

@@ -0,0 +1,189 @@
+'use strict'
+
+const hub_host = 'registry-1.docker.io'
+const auth_url = 'https://auth.docker.io'
+const workers_url = 'https://docker.lework.workers.dev'
+/**
+ * static files (404.html, sw.js, conf.js)
+ */
+
+/** @type {RequestInit} */
+const PREFLIGHT_INIT = {
+    status: 204,
+    headers: new Headers({
+        'access-control-allow-origin': '*',
+        'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
+        'access-control-max-age': '1728000',
+    }),
+}
+
+/**
+ * @param {any} body
+ * @param {number} status
+ * @param {Object<string, string>} headers
+ */
+function makeRes(body, status = 200, headers = {}) {
+    headers['access-control-allow-origin'] = '*'
+    return new Response(body, {status, headers})
+}
+
+
+/**
+ * @param {string} urlStr
+ */
+function newUrl(urlStr) {
+    try {
+        return new URL(urlStr)
+    } catch (err) {
+        return null
+    }
+}
+
+
+addEventListener('fetch', e => {
+    const ret = fetchHandler(e)
+        .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
+    e.respondWith(ret)
+})
+
+
+/**
+ * @param {FetchEvent} e
+ */
+async function fetchHandler(e) {
+  const getReqHeader = (key) => e.request.headers.get(key);
+
+  let url = new URL(e.request.url);
+
+  if (url.pathname === '/token') {
+      let token_parameter = {
+        headers: {
+        'Host': 'auth.docker.io',
+        'User-Agent': getReqHeader("User-Agent"),
+        'Accept': getReqHeader("Accept"),
+        'Accept-Language': getReqHeader("Accept-Language"),
+        'Accept-Encoding': getReqHeader("Accept-Encoding"),
+        'Connection': 'keep-alive',
+        'Cache-Control': 'max-age=0'
+        }
+      };
+      let token_url = auth_url + url.pathname + url.search
+      return fetch(new Request(token_url, e.request), token_parameter)
+  }
+
+  url.hostname = hub_host;
+  
+  let parameter = {
+    headers: {
+      'Host': hub_host,
+      'User-Agent': getReqHeader("User-Agent"),
+      'Accept': getReqHeader("Accept"),
+      'Accept-Language': getReqHeader("Accept-Language"),
+      'Accept-Encoding': getReqHeader("Accept-Encoding"),
+      'Connection': 'keep-alive',
+      'Cache-Control': 'max-age=0'
+    },
+    cacheTtl: 3600
+  };
+
+  if (e.request.headers.has("Authorization")) {
+    parameter.headers.Authorization = getReqHeader("Authorization");
+  }
+
+  let original_response = await fetch(new Request(url, e.request), parameter)
+  let original_response_clone = original_response.clone();
+  let original_text = original_response_clone.body;
+  let response_headers = original_response.headers;
+  let new_response_headers = new Headers(response_headers);
+  let status = original_response.status;
+
+  if (new_response_headers.get("Www-Authenticate")) {
+    let auth = new_response_headers.get("Www-Authenticate");
+    let re = new RegExp(auth_url, 'g');
+    new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
+  }
+
+  if (new_response_headers.get("Location")) {
+    return httpHandler(e.request, new_response_headers.get("Location"))
+  }
+
+  let response = new Response(original_text, {
+            status,
+            headers: new_response_headers
+        })
+  return response;
+  
+}
+
+
+/**
+ * @param {Request} req
+ * @param {string} pathname
+ */
+function httpHandler(req, pathname) {
+    const reqHdrRaw = req.headers
+
+    // preflight
+    if (req.method === 'OPTIONS' &&
+        reqHdrRaw.has('access-control-request-headers')
+    ) {
+        return new Response(null, PREFLIGHT_INIT)
+    }
+
+    let rawLen = ''
+
+    const reqHdrNew = new Headers(reqHdrRaw)
+
+    const refer = reqHdrNew.get('referer')
+
+    let urlStr = pathname
+    
+    const urlObj = newUrl(urlStr)
+
+    /** @type {RequestInit} */
+    const reqInit = {
+        method: req.method,
+        headers: reqHdrNew,
+        redirect: 'follow',
+        body: req.body
+    }
+    return proxy(urlObj, reqInit, rawLen, 0)
+}
+
+
+/**
+ *
+ * @param {URL} urlObj
+ * @param {RequestInit} reqInit
+ */
+async function proxy(urlObj, reqInit, rawLen) {
+    const res = await fetch(urlObj.href, reqInit)
+    const resHdrOld = res.headers
+    const resHdrNew = new Headers(resHdrOld)
+
+    // verify
+    if (rawLen) {
+        const newLen = resHdrOld.get('content-length') || ''
+        const badLen = (rawLen !== newLen)
+
+        if (badLen) {
+            return makeRes(res.body, 400, {
+                '--error': `bad len: ${newLen}, except: ${rawLen}`,
+                'access-control-expose-headers': '--error',
+            })
+        }
+    }
+    const status = res.status
+    resHdrNew.set('access-control-expose-headers', '*')
+    resHdrNew.set('access-control-allow-origin', '*')
+    resHdrNew.set('Cache-Control', 'max-age=1500')
+    
+    resHdrNew.delete('content-security-policy')
+    resHdrNew.delete('content-security-policy-report-only')
+    resHdrNew.delete('clear-site-data')
+
+    return new Response(res.body, {
+        status,
+        headers: resHdrNew
+    })
+}

gcr_proxy.js

@@ -1,5 +1,8 @@
 'use strict'
 
+const hub_host = 'gcr.io'
+const auth_url = 'https://gcr.io'
+
 /**
  * static files (404.html, sw.js, conf.js)
  */
@@ -51,11 +54,11 @@ async function fetchHandler(e) {
   const getReqHeader = (key) => e.request.headers.get(key);
 
   let url = new URL(e.request.url);
-  url.hostname = "gcr.io";
+  url.hostname = hub_host;
 
   let parameter = {
     headers: {
-      'Host': 'gcr.io',
+      'Host': hub_host,
       'User-Agent': getReqHeader("User-Agent"),
       'Accept': getReqHeader("Accept"),
       'Accept-Language': getReqHeader("Accept-Language"),
@@ -66,12 +69,8 @@ async function fetchHandler(e) {
     cacheTtl: 3600
   };
 
-  if (e.request.headers.has("Referer")) {
-    parameter.headers.Referer = getReqHeader("Referer");
-  }
-
-  if (e.request.headers.has("Origin")) {
-    parameter.headers.Origin = getReqHeader("Origin");
+  if (e.request.headers.has("Authorization")) {
+    parameter.headers.Authorization = getReqHeader("Authorization");
   }
 
   let original_response = await fetch(new Request(url, e.request), parameter)
@@ -83,7 +82,7 @@ async function fetchHandler(e) {
 
   if (new_response_headers.get("Www-Authenticate")) {
     let auth = new_response_headers.get("Www-Authenticate");
-    let re = new RegExp('https://gcr.io', 'g');
+    let re = new RegExp(auth_url, 'g');
     new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, $custom_domain));
   }
 

github_proxy.js

@@ -67,9 +67,9 @@ async function fetchHandler(e) {
     path = urlObj.href.substr(urlObj.origin.length + PREFIX.length).replace(/^https?:\/+/, 'https://')
     const exp1 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:releases|archive)\/.*$/i
     const exp2 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:blob)\/.*$/i
-    const exp3 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:info|git-upload-pack).*$/i
+    const exp3 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:info|git-).*$/i
     const exp4 = /^(?:https?:\/\/)?raw\.githubusercontent\.com\/.+?\/.+?\/.+?\/.+$/i
-    if (path.search(exp1) === 0 || !Config.cnpmjs && (path.search(exp3) === 0 || path.search(exp4))) {
+    if (path.search(exp1) === 0 || !Config.cnpmjs && (path.search(exp3) === 0 || path.search(exp4) === 0)) {
         return httpHandler(req, path)
     } else if (path.search(exp2) === 0) {
         if (Config.jsdelivr){

quay_proxy.js

@@ -0,0 +1,173 @@
+'use strict'
+
+const hub_host = 'quay.io'
+const auth_url = 'https://quay.io'
+const workers_url = 'https://quay.lework.workers.dev'
+
+/**
+ * static files (404.html, sw.js, conf.js)
+ */
+
+/** @type {RequestInit} */
+const PREFLIGHT_INIT = {
+    status: 204,
+    headers: new Headers({
+        'access-control-allow-origin': '*',
+        'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
+        'access-control-max-age': '1728000',
+    }),
+}
+
+/**
+ * @param {any} body
+ * @param {number} status
+ * @param {Object<string, string>} headers
+ */
+function makeRes(body, status = 200, headers = {}) {
+    headers['access-control-allow-origin'] = '*'
+    return new Response(body, {status, headers})
+}
+
+
+/**
+ * @param {string} urlStr
+ */
+function newUrl(urlStr) {
+    try {
+        return new URL(urlStr)
+    } catch (err) {
+        return null
+    }
+}
+
+
+addEventListener('fetch', e => {
+    const ret = fetchHandler(e)
+        .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
+    e.respondWith(ret)
+})
+
+
+/**
+ * @param {FetchEvent} e
+ */
+async function fetchHandler(e) {
+  const getReqHeader = (key) => e.request.headers.get(key);
+
+  let url = new URL(e.request.url);
+  url.hostname = hub_host;
+
+  let parameter = {
+    headers: {
+      'Host': hub_host,
+      'User-Agent': getReqHeader("User-Agent"),
+      'Accept': getReqHeader("Accept"),
+      'Accept-Language': getReqHeader("Accept-Language"),
+      'Accept-Encoding': getReqHeader("Accept-Encoding"),
+      'Connection': 'keep-alive',
+      'Cache-Control': 'max-age=0'
+    },
+    cacheTtl: 3600
+  };
+
+  if (e.request.headers.has("Authorization")) {
+    parameter.headers.Authorization = getReqHeader("Authorization");
+  }
+
+  let original_response = await fetch(new Request(url, e.request), parameter)
+  let original_response_clone = original_response.clone();
+  let original_text = original_response_clone.body;
+  let response_headers = original_response.headers;
+  let new_response_headers = new Headers(response_headers);
+  let status = original_response.status;
+
+  if (new_response_headers.get("Www-Authenticate")) {
+    let auth = new_response_headers.get("Www-Authenticate");
+    let re = new RegExp(auth_url, 'g');
+    new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
+  }
+
+  if (new_response_headers.get("Location")) {
+    return httpHandler(e.request, new_response_headers.get("Location"))
+  }
+
+  let response = new Response(original_text, {
+            status,
+            headers: new_response_headers
+        })
+  return response;
+  
+}
+
+
+/**
+ * @param {Request} req
+ * @param {string} pathname
+ */
+function httpHandler(req, pathname) {
+    const reqHdrRaw = req.headers
+
+    // preflight
+    if (req.method === 'OPTIONS' &&
+        reqHdrRaw.has('access-control-request-headers')
+    ) {
+        return new Response(null, PREFLIGHT_INIT)
+    }
+
+    let rawLen = ''
+
+    const reqHdrNew = new Headers(reqHdrRaw)
+
+    const refer = reqHdrNew.get('referer')
+
+    let urlStr = pathname
+    
+    const urlObj = newUrl(urlStr)
+
+    /** @type {RequestInit} */
+    const reqInit = {
+        method: req.method,
+        headers: reqHdrNew,
+        redirect: 'follow',
+        body: req.body
+    }
+    return proxy(urlObj, reqInit, rawLen, 0)
+}
+
+
+/**
+ *
+ * @param {URL} urlObj
+ * @param {RequestInit} reqInit
+ */
+async function proxy(urlObj, reqInit, rawLen) {
+    const res = await fetch(urlObj.href, reqInit)
+    const resHdrOld = res.headers
+    const resHdrNew = new Headers(resHdrOld)
+
+    // verify
+    if (rawLen) {
+        const newLen = resHdrOld.get('content-length') || ''
+        const badLen = (rawLen !== newLen)
+
+        if (badLen) {
+            return makeRes(res.body, 400, {
+                '--error': `bad len: ${newLen}, except: ${rawLen}`,
+                'access-control-expose-headers': '--error',
+            })
+        }
+    }
+    const status = res.status
+    resHdrNew.set('access-control-expose-headers', '*')
+    resHdrNew.set('access-control-allow-origin', '*')
+    resHdrNew.set('Cache-Control', 'max-age=1500')
+    
+    resHdrNew.delete('content-security-policy')
+    resHdrNew.delete('content-security-policy-report-only')
+    resHdrNew.delete('clear-site-data')
+
+    return new Response(res.body, {
+        status,
+        headers: resHdrNew
+    })
+}