[ { "path": ".github/workflows/sync.yml", "content": "name: Upstream Sync\n\npermissions:\n contents: write\n\non:\n schedule:\n - cron: \"0 0 * * *\" # every day\n workflow_dispatch:\n\njobs:\n sync_latest_from_upstream:\n name: Sync latest commits from upstream repo\n runs-on: ubuntu-latest\n if: ${{ github.event.repository.fork }}\n\n steps:\n # Step 1: run a standard checkout action\n - name: Checkout target repo\n uses: actions/checkout@v3\n\n # Step 2: run the sync action\n - name: Sync upstream changes\n id: sync\n uses: aormsby/Fork-Sync-With-Upstream-action@v3.4\n with:\n upstream_sync_repo: cmliu/CF-Workers-docker.io\n upstream_sync_branch: main\n target_sync_branch: main\n target_repo_token: ${{ secrets.GITHUB_TOKEN }} # automatically generated, no need to set\n\n # Set test_mode true to run tests instead of the true action!!\n test_mode: false\n\n - name: Sync check\n if: failure()\n run: |\n echo \"[Error] 由于上游仓库的 workflow 文件变更,导致 GitHub 自动暂停了本次自动更新,你需要手动 Sync Fork 一次,详细教程请查看项目README.md \"\n echo \"[Error] Due to a change in the workflow file of the upstream repository, GitHub has automatically suspended the scheduled automatic update. You need to manually sync your fork. Please refer to the project README.md for instructions. \"\n exit 1\n" }, { "path": "README.md", "content": "[**第三方 DockerHub 镜像服务列表**](https://github.com/cmliu/CF-Workers-docker.io?tab=readme-ov-file#%EF%B8%8F-%E7%AC%AC%E4%B8%89%E6%96%B9-dockerhub-%E9%95%9C%E5%83%8F%E6%9C%8D%E5%8A%A1)\n\n![CF-Workers-docker.io](./img.png)\n\n# 🐳 CF-Workers-docker.io:Docker仓库镜像代理工具\n\n这个项目是一个基于 Cloudflare Workers 的 Docker 镜像代理工具。它能够中转对 Docker 官方镜像仓库的请求,解决一些访问限制和加速访问的问题。\n\n> [!CAUTION]\n> **docker.fxxk.dedyn.io 已被GFW污染,需自行部署使用。**\n\n> [!WARNING]\n> 根据 [Cloudflare 协议](https://www.cloudflare.com/zh-cn/terms/) 中,2.2.1 第 (j) use the Services to provide a virtual private network or other similar proxy services.\n>\n> 使用本服务可能存在被 Cloudflare 封号的潜在风险,请自行斟酌使用风险。\n>\n> 如果你选择了“根据主机名选择对应的上游地址”方式部署,你可能会:\n> \n> 被 Netcraft 扫描到,收到警告邮件\n>\n> 被 Netcraft 同步到 Google Safe Browsing 标记为钓鱼网站\n>\n> 被 Netcraft 投诉到 Cloudflare 标记为钓鱼网站, 无法正常 pull 镜像\n>\n> 收到律师函\n\n## 🚀 部署方式\n\n- **Workers** 部署:复制 [_worker.js](https://github.com/cmliu/CF-Workers-docker.io/blob/main/_worker.js) 代码,`保存并部署`即可\n- **Pages** 部署:`Fork` 后 `连接GitHub` 一键部署即可\n\n## ⚙️ 如何使用? [视频教程](https://www.youtube.com/watch?v=l2jwq9CagNQ)\n\n例如您的Workers项目域名为:`docker.fxxk.dedyn.io`;\n\n### 1.官方镜像路径前面加域名\n\n```shell\ndocker pull docker.fxxk.dedyn.io/stilleshan/frpc:latest\n```\n\n```shell\ndocker pull docker.fxxk.dedyn.io/library/nginx:stable-alpine3.19-perl\n```\n\n### 2.一键设置镜像加速\n\n修改文件 `/etc/docker/daemon.json`(如果不存在则创建)\n\n```shell\nsudo mkdir -p /etc/docker\nsudo tee /etc/docker/daemon.json <<-'EOF'\n{\n \"registry-mirrors\": [\"https://docker.fxxk.dedyn.io\"] # 请替换为您自己的Worker自定义域名\n}\nEOF\nsudo systemctl daemon-reload\nsudo systemctl restart docker\n```\n\n### 3. 配置常见仓库的镜像加速\n\n#### 3.1 配置\n\n`Containerd` 较简单,它支持任意 `registry` 的 `mirror`,只需要修改配置文件 `/etc/containerd/config.toml`,添加如下的配置:\n\n```yaml\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry.k8s.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"gcr.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"ghcr.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"quay.io\"]\n endpoint = [\"https://xxxx.xx.com\"]\n```\n\n`Podman` 同样支持任意 `registry` 的 `mirror`,修改配置文件 `/etc/containers/registries.conf`,添加配置:\n\n```yaml\nunqualified-search-registries = ['docker.io', 'k8s.gcr.io', 'gcr.io', 'ghcr.io', 'quay.io']\n\n[[registry]]\nprefix = \"docker.io\"\ninsecure = true\nlocation = \"registry-1.docker.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n[[registry]]\nprefix = \"registry.k8s.io\"\ninsecure = true\nlocation = \"registry.k8s.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n[[registry]]\nprefix = \"k8s.gcr.io\"\ninsecure = true\nlocation = \"k8s.gcr.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n[[registry]]\nprefix = \"gcr.io\"\ninsecure = true\nlocation = \"gcr.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n[[registry]]\nprefix = \"ghcr.io\"\ninsecure = true\nlocation = \"ghcr.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n[[registry]]\nprefix = \"quay.io\"\ninsecure = true\nlocation = \"quay.io\"\n\n[[registry.mirror]]\nlocation = \"xxxx.xx.com\"\n\n```\n\n#### 3.3 使用\n\n对于以上配置,k8s 在使用的时候,就可以直接 `pull` 外部无法 pull 的镜像了。\n\n```shell\n# 手动可以直接pull配置了mirror的仓库\ncrictl pull registry.k8s.io/kube-proxy:v1.28.4\ndocker pull nginx:1.21\n```\n\n## 🔧 变量说明\n\n| 变量名 | 示例 | 必填 | 备注 |\n|--|--|--|--|\n| URL302 | `https://t.me/CMLiussss` |❌| 主页302跳转 |\n| URL | `https://www.baidu.com/` |❌| 主页伪装(设为`nginx`则伪装为nginx默认页面) |\n| UA | `netcraft` |❌| 支持多元素, 元素之间使用空格或换行作间隔 |\n\n# 🛠️ 第三方 DockerHub 镜像服务\n\n**注意:**\n\n- 以下内容仅做镜像服务的整理与搜集,未做任何安全性检测和验证。\n- 使用前请自行斟酌,并根据实际需求进行必要的安全审查。\n- 本列表中的任何服务都不做任何形式的安全承诺或保证。\n\n| DockerHub 镜像仓库 | 镜像加地址 |\n| ------------------ | ----------- |\n| [bestcfipas 镜像服务](https://t.me/bestcfipas/4018) | `https://docker.registry.cyou` |\n| | `https://docker-cf.registry.cyou` |\n| | `https://registry.lfree.org` |\n| [zero_free 镜像服务](https://t.me/zero_free/80) | `https://docker.jsdelivr.fyi` |\n| | `https://docker.aeko.cn` |\n| [mingyu 镜像服务](https://github.com/ymyuuu/HubP) | `https://hubp.de` |\n| [Docker 镜像加速站](https://docker.1panel.live) | `https://docker.1panel.live` |\n| [Hub Proxy](https://hub.rat.dev) | `https://hub.rat.dev` |\n| [DaoCloud 镜像站](https://github.com/DaoCloud/public-image-mirror) | `https://docker.m.daocloud.io` |\n\n# 🙏 鸣谢\n### 💖 赞助支持 - 提供云服务器\n- [![digitalvirt.com](https://digitalvirt.com/templates/BlueWhite/img/logo-dark.svg)](https://url.cmliussss.com/dv)\n\n### 🛠 开源代码引用\n- [muzihuaner](https://github.com/muzihuaner)\n- [V2ex网友](https://global.v2ex.com/t/1007922)\n- [ciiiii](https://github.com/ciiiii/cloudflare-docker-proxy)\n- [ChatGPT](https://chatgpt.com/)\n- [白嫖哥](https://t.me/bestcfipas/1900)\n- [zero_free频道](https://t.me/zero_free/80)\n- [dongyubin](https://github.com/cmliu/CF-Workers-docker.io/issues/8)\n- [kiko923](https://github.com/cmliu/CF-Workers-docker.io/issues/5)\n" }, { "path": "_worker.js", "content": "// _worker.js\n\n// Docker镜像仓库主机地址\nlet hub_host = 'registry-1.docker.io';\n// Docker认证服务器地址\nconst auth_url = 'https://auth.docker.io';\n\nlet 屏蔽爬虫UA = ['netcraft'];\n\n// 根据主机名选择对应的上游地址\nfunction routeByHosts(host) {\n\t// 定义路由表\n\tconst routes = {\n\t\t// 生产环境\n\t\t\"quay\": \"quay.io\",\n\t\t\"gcr\": \"gcr.io\",\n\t\t\"k8s-gcr\": \"k8s.gcr.io\",\n\t\t\"k8s\": \"registry.k8s.io\",\n\t\t\"ghcr\": \"ghcr.io\",\n\t\t\"cloudsmith\": \"docker.cloudsmith.io\",\n\t\t\"nvcr\": \"nvcr.io\",\n\n\t\t// 测试环境\n\t\t\"test\": \"registry-1.docker.io\",\n\t};\n\n\tif (host in routes) return [routes[host], false];\n\telse return [hub_host, true];\n}\n\n/** @type {RequestInit} */\nconst PREFLIGHT_INIT = {\n\t// 预检请求配置\n\theaders: new Headers({\n\t\t'access-control-allow-origin': '*', // 允许所有来源\n\t\t'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS', // 允许的HTTP方法\n\t\t'access-control-max-age': '1728000', // 预检请求的缓存时间\n\t}),\n}\n\n/**\n * 构造响应\n * @param {any} body 响应体\n * @param {number} status 响应状态码\n * @param {Object} headers 响应头\n */\nfunction makeRes(body, status = 200, headers = {}) {\n\theaders['access-control-allow-origin'] = '*' // 允许所有来源\n\treturn new Response(body, { status, headers }) // 返回新构造的响应\n}\n\n/**\n * 构造新的URL对象\n * @param {string} urlStr URL字符串\n * @param {string} base URL base\n */\nfunction newUrl(urlStr, base) {\n\ttry {\n\t\tconsole.log(`Constructing new URL object with path ${urlStr} and base ${base}`);\n\t\treturn new URL(urlStr, base); // 尝试构造新的URL对象\n\t} catch (err) {\n\t\tconsole.error(err);\n\t\treturn null // 构造失败返回null\n\t}\n}\n\nasync function nginx() {\n\tconst text = `\n\t\n\t\n\t\n\tWelcome to nginx!\n\t\n\t\n\t\n\t

Welcome to nginx!

\n\t

If you see this page, the nginx web server is successfully installed and\n\tworking. Further configuration is required.

\n\t\n\t

For online documentation and support please refer to\n\tnginx.org.
\n\tCommercial support is available at\n\tnginx.com.

\n\t\n\t

Thank you for using nginx.

\n\t\n\t\n\t`\n\treturn text;\n}\n\nasync function searchInterface() {\n\tconst html = `\n\t\n\t\n\t\n\t\tDocker Hub 镜像搜索\n\t\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\n\t\t\n\t\t
\n\t\t\t
\n\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\n\t\t\t
\n\t\t\t

Docker Hub 镜像搜索

\n\t\t\t

快速查找、下载和部署 Docker 容器镜像

\n\t\t\t
\n\t\t\t\t\n\t\t\t\t\n\t\t\t
\n\t\t\t

基于 Cloudflare Workers / Pages 构建,利用全球边缘网络实现毫秒级响应。

\n\t\t
\n\t\t\n\t\n\t\n\t`;\n\treturn html;\n}\n\nexport default {\n\tasync fetch(request, env, ctx) {\n\t\tconst getReqHeader = (key) => request.headers.get(key); // 获取请求头\n\n\t\tlet url = new URL(request.url); // 解析请求URL\n\t\tconst userAgentHeader = request.headers.get('User-Agent');\n\t\tconst userAgent = userAgentHeader ? userAgentHeader.toLowerCase() : \"null\";\n\t\tif (env.UA) 屏蔽爬虫UA = 屏蔽爬虫UA.concat(await ADD(env.UA));\n\t\tconst workers_url = `https://${url.hostname}`;\n\n\t\t// 获取请求参数中的 ns\n\t\tconst ns = url.searchParams.get('ns');\n\t\tconst hostname = url.searchParams.get('hubhost') || url.hostname;\n\t\tconst hostTop = hostname.split('.')[0]; // 获取主机名的第一部分\n\n\t\tlet checkHost; // 在这里定义 checkHost 变量\n\t\t// 如果存在 ns 参数,优先使用它来确定 hub_host\n\t\tif (ns) {\n\t\t\tif (ns === 'docker.io') {\n\t\t\t\thub_host = 'registry-1.docker.io'; // 设置上游地址为 registry-1.docker.io\n\t\t\t} else {\n\t\t\t\thub_host = ns; // 直接使用 ns 作为 hub_host\n\t\t\t}\n\t\t} else {\n\t\t\tcheckHost = routeByHosts(hostTop);\n\t\t\thub_host = checkHost[0]; // 获取上游地址\n\t\t}\n\n\t\tconst fakePage = checkHost ? checkHost[1] : false; // 确保 fakePage 不为 undefined\n\t\tconsole.log(`域名头部: ${hostTop} 反代地址: ${hub_host} searchInterface: ${fakePage}`);\n\t\t// 更改请求的主机名\n\t\turl.hostname = hub_host;\n\t\tconst hubParams = ['/v1/search', '/v1/repositories'];\n\t\tif (屏蔽爬虫UA.some(fxxk => userAgent.includes(fxxk)) && 屏蔽爬虫UA.length > 0) {\n\t\t\t// 首页改成一个nginx伪装页\n\t\t\treturn new Response(await nginx(), {\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'text/html; charset=UTF-8',\n\t\t\t\t},\n\t\t\t});\n\t\t} else if ((userAgent && userAgent.includes('mozilla')) || hubParams.some(param => url.pathname.includes(param))) {\n\t\t\tif (url.pathname == '/') {\n\t\t\t\tif (env.URL302) {\n\t\t\t\t\treturn Response.redirect(env.URL302, 302);\n\t\t\t\t} else if (env.URL) {\n\t\t\t\t\tif (env.URL.toLowerCase() == 'nginx') {\n\t\t\t\t\t\t//首页改成一个nginx伪装页\n\t\t\t\t\t\treturn new Response(await nginx(), {\n\t\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t\t'Content-Type': 'text/html; charset=UTF-8',\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t} else return fetch(new Request(env.URL, request));\n\t\t\t\t} else\t{\n\t\t\t\t\tif (fakePage) return new Response(await searchInterface(), {\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'Content-Type': 'text/html; charset=UTF-8',\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// 新增逻辑:/v1/ 路径特殊处理\n\t\t\t\tif (url.pathname.startsWith('/v1/')) {\n\t\t\t\t\turl.hostname = 'index.docker.io';\n\t\t\t\t} else if (fakePage) {\n\t\t\t\t\turl.hostname = 'hub.docker.com';\n\t\t\t\t}\n\t\t\t\tif (url.searchParams.get('q')?.includes('library/') && url.searchParams.get('q') != 'library/') {\n\t\t\t\t\tconst search = url.searchParams.get('q');\n\t\t\t\t\turl.searchParams.set('q', search.replace('library/', ''));\n\t\t\t\t}\n\t\t\t\tconst newRequest = new Request(url, request);\n\t\t\t\treturn fetch(newRequest);\n\t\t\t}\n\t\t}\n\n\t\t// 修改包含 %2F 和 %3A 的请求\n\t\tif (!/%2F/.test(url.search) && /%3A/.test(url.toString())) {\n\t\t\tlet modifiedUrl = url.toString().replace(/%3A(?=.*?&)/, '%3Alibrary%2F');\n\t\t\turl = new URL(modifiedUrl);\n\t\t\tconsole.log(`handle_url: ${url}`);\n\t\t}\n\n\t\t// 处理token请求\n\t\tif (url.pathname.includes('/token')) {\n\t\t\tlet token_parameter = {\n\t\t\t\theaders: {\n\t\t\t\t\t'Host': 'auth.docker.io',\n\t\t\t\t\t'User-Agent': getReqHeader(\"User-Agent\"),\n\t\t\t\t\t'Accept': getReqHeader(\"Accept\"),\n\t\t\t\t\t'Accept-Language': getReqHeader(\"Accept-Language\"),\n\t\t\t\t\t'Accept-Encoding': getReqHeader(\"Accept-Encoding\"),\n\t\t\t\t\t'Connection': 'keep-alive',\n\t\t\t\t\t'Cache-Control': 'max-age=0'\n\t\t\t\t}\n\t\t\t};\n\t\t\tlet token_url = auth_url + url.pathname + url.search;\n\t\t\treturn fetch(new Request(token_url, request), token_parameter);\n\t\t}\n\n\t\t// 修改 /v2/ 请求路径\n\t\tif (hub_host == 'registry-1.docker.io' && /^\\/v2\\/[^/]+\\/[^/]+\\/[^/]+$/.test(url.pathname) && !/^\\/v2\\/library/.test(url.pathname)) {\n\t\t\t//url.pathname = url.pathname.replace(/\\/v2\\//, '/v2/library/');\n\t\t\turl.pathname = '/v2/library/' + url.pathname.split('/v2/')[1];\n\t\t\tconsole.log(`modified_url: ${url.pathname}`);\n\t\t}\n\n\t\t// 新增:/v2/、/manifests/、/blobs/、/tags/ 先获取token再请求\n\t\tif (\n\t\t\turl.pathname.startsWith('/v2/') &&\n\t\t\t(\n\t\t\t\turl.pathname.includes('/manifests/') ||\n\t\t\t\turl.pathname.includes('/blobs/') ||\n\t\t\t\turl.pathname.includes('/tags/')\n\t\t\t\t|| url.pathname.endsWith('/tags/list')\n\t\t\t)\n\t\t) {\n\t\t\t// 提取镜像名\n\t\t\tlet repo = '';\n\t\t\tconst v2Match = url.pathname.match(/^\\/v2\\/(.+?)(?:\\/(manifests|blobs|tags)\\/)/);\n\t\t\tif (v2Match) {\n\t\t\t\trepo = v2Match[1];\n\t\t\t}\n\t\t\tif (repo) {\n\t\t\t\tconst tokenUrl = `${auth_url}/token?service=registry.docker.io&scope=repository:${repo}:pull`;\n\t\t\t\tconst tokenRes = await fetch(tokenUrl, {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'User-Agent': getReqHeader(\"User-Agent\"),\n\t\t\t\t\t\t'Accept': getReqHeader(\"Accept\"),\n\t\t\t\t\t\t'Accept-Language': getReqHeader(\"Accept-Language\"),\n\t\t\t\t\t\t'Accept-Encoding': getReqHeader(\"Accept-Encoding\"),\n\t\t\t\t\t\t'Connection': 'keep-alive',\n\t\t\t\t\t\t'Cache-Control': 'max-age=0'\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t\tconst tokenData = await tokenRes.json();\n\t\t\t\tconst token = tokenData.token;\n\t\t\t\tlet parameter = {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'Host': hub_host,\n\t\t\t\t\t\t'User-Agent': getReqHeader(\"User-Agent\"),\n\t\t\t\t\t\t'Accept': getReqHeader(\"Accept\"),\n\t\t\t\t\t\t'Accept-Language': getReqHeader(\"Accept-Language\"),\n\t\t\t\t\t\t'Accept-Encoding': getReqHeader(\"Accept-Encoding\"),\n\t\t\t\t\t\t'Connection': 'keep-alive',\n\t\t\t\t\t\t'Cache-Control': 'max-age=0',\n\t\t\t\t\t\t'Authorization': `Bearer ${token}`\n\t\t\t\t\t},\n\t\t\t\t\tcacheTtl: 3600\n\t\t\t\t};\n\t\t\t\tif (request.headers.has(\"X-Amz-Content-Sha256\")) {\n\t\t\t\t\tparameter.headers['X-Amz-Content-Sha256'] = getReqHeader(\"X-Amz-Content-Sha256\");\n\t\t\t\t}\n\t\t\t\tlet original_response = await fetch(new Request(url, request), parameter);\n\t\t\t\tlet original_response_clone = original_response.clone();\n\t\t\t\tlet original_text = original_response_clone.body;\n\t\t\t\tlet response_headers = original_response.headers;\n\t\t\t\tlet new_response_headers = new Headers(response_headers);\n\t\t\t\tlet status = original_response.status;\n\t\t\t\tif (new_response_headers.get(\"Www-Authenticate\")) {\n\t\t\t\t\tlet auth = new_response_headers.get(\"Www-Authenticate\");\n\t\t\t\t\tlet re = new RegExp(auth_url, 'g');\n\t\t\t\t\tnew_response_headers.set(\"Www-Authenticate\", response_headers.get(\"Www-Authenticate\").replace(re, workers_url));\n\t\t\t\t}\n\t\t\t\tif (new_response_headers.get(\"Location\")) {\n\t\t\t\t\tconst location = new_response_headers.get(\"Location\");\n\t\t\t\t\tconsole.info(`Found redirection location, redirecting to ${location}`);\n\t\t\t\t\treturn httpHandler(request, location, hub_host);\n\t\t\t\t}\n\t\t\t\tlet response = new Response(original_text, {\n\t\t\t\t\tstatus,\n\t\t\t\t\theaders: new_response_headers\n\t\t\t\t});\n\t\t\t\treturn response;\n\t\t\t}\n\t\t}\n\n\t\t// 构造请求参数\n\t\tlet parameter = {\n\t\t\theaders: {\n\t\t\t\t'Host': hub_host,\n\t\t\t\t'User-Agent': getReqHeader(\"User-Agent\"),\n\t\t\t\t'Accept': getReqHeader(\"Accept\"),\n\t\t\t\t'Accept-Language': getReqHeader(\"Accept-Language\"),\n\t\t\t\t'Accept-Encoding': getReqHeader(\"Accept-Encoding\"),\n\t\t\t\t'Connection': 'keep-alive',\n\t\t\t\t'Cache-Control': 'max-age=0'\n\t\t\t},\n\t\t\tcacheTtl: 3600 // 缓存时间\n\t\t};\n\n\t\t// 添加Authorization头\n\t\tif (request.headers.has(\"Authorization\")) {\n\t\t\tparameter.headers.Authorization = getReqHeader(\"Authorization\");\n\t\t}\n\n\t\t// 添加可能存在字段X-Amz-Content-Sha256\n\t\tif (request.headers.has(\"X-Amz-Content-Sha256\")) {\n\t\t\tparameter.headers['X-Amz-Content-Sha256'] = getReqHeader(\"X-Amz-Content-Sha256\");\n\t\t}\n\n\t\t// 发起请求并处理响应\n\t\tlet original_response = await fetch(new Request(url, request), parameter);\n\t\tlet original_response_clone = original_response.clone();\n\t\tlet original_text = original_response_clone.body;\n\t\tlet response_headers = original_response.headers;\n\t\tlet new_response_headers = new Headers(response_headers);\n\t\tlet status = original_response.status;\n\n\t\t// 修改 Www-Authenticate 头\n\t\tif (new_response_headers.get(\"Www-Authenticate\")) {\n\t\t\tlet auth = new_response_headers.get(\"Www-Authenticate\");\n\t\t\tlet re = new RegExp(auth_url, 'g');\n\t\t\tnew_response_headers.set(\"Www-Authenticate\", response_headers.get(\"Www-Authenticate\").replace(re, workers_url));\n\t\t}\n\n\t\t// 处理重定向\n\t\tif (new_response_headers.get(\"Location\")) {\n\t\t\tconst location = new_response_headers.get(\"Location\");\n\t\t\tconsole.info(`Found redirection location, redirecting to ${location}`);\n\t\t\treturn httpHandler(request, location, hub_host);\n\t\t}\n\n\t\t// 返回修改后的响应\n\t\tlet response = new Response(original_text, {\n\t\t\tstatus,\n\t\t\theaders: new_response_headers\n\t\t});\n\t\treturn response;\n\t}\n};\n\n/**\n * 处理HTTP请求\n * @param {Request} req 请求对象\n * @param {string} pathname 请求路径\n * @param {string} baseHost 基地址\n */\nfunction httpHandler(req, pathname, baseHost) {\n\tconst reqHdrRaw = req.headers;\n\n\t// 处理预检请求\n\tif (req.method === 'OPTIONS' &&\n\t\treqHdrRaw.has('access-control-request-headers')\n\t) {\n\t\treturn new Response(null, PREFLIGHT_INIT);\n\t}\n\n\tlet rawLen = '';\n\n\tconst reqHdrNew = new Headers(reqHdrRaw);\n\n\treqHdrNew.delete(\"Authorization\"); // 修复s3错误\n\n\tconst refer = reqHdrNew.get('referer');\n\n\tlet urlStr = pathname;\n\n\tconst urlObj = newUrl(urlStr, 'https://' + baseHost);\n\n\t/** @type {RequestInit} */\n\tconst reqInit = {\n\t\tmethod: req.method,\n\t\theaders: reqHdrNew,\n\t\tredirect: 'follow',\n\t\tbody: req.body\n\t};\n\treturn proxy(urlObj, reqInit, rawLen);\n}\n\n/**\n * 代理请求\n * @param {URL} urlObj URL对象\n * @param {RequestInit} reqInit 请求初始化对象\n * @param {string} rawLen 原始长度\n */\nasync function proxy(urlObj, reqInit, rawLen) {\n\tconst res = await fetch(urlObj.href, reqInit);\n\tconst resHdrOld = res.headers;\n\tconst resHdrNew = new Headers(resHdrOld);\n\n\t// 验证长度\n\tif (rawLen) {\n\t\tconst newLen = resHdrOld.get('content-length') || '';\n\t\tconst badLen = (rawLen !== newLen);\n\n\t\tif (badLen) {\n\t\t\treturn makeRes(res.body, 400, {\n\t\t\t\t'--error': `bad len: ${newLen}, except: ${rawLen}`,\n\t\t\t\t'access-control-expose-headers': '--error',\n\t\t\t});\n\t\t}\n\t}\n\tconst status = res.status;\n\tresHdrNew.set('access-control-expose-headers', '*');\n\tresHdrNew.set('access-control-allow-origin', '*');\n\tresHdrNew.set('Cache-Control', 'max-age=1500');\n\n\t// 删除不必要的头\n\tresHdrNew.delete('content-security-policy');\n\tresHdrNew.delete('content-security-policy-report-only');\n\tresHdrNew.delete('clear-site-data');\n\n\treturn new Response(res.body, {\n\t\tstatus,\n\t\theaders: resHdrNew\n\t});\n}\n\nasync function ADD(envadd) {\n\tvar addtext = envadd.replace(/[\t |\"'\\r\\n]+/g, ',').replace(/,+/g, ',');\t// 将空格、双引号、单引号和换行符替换为逗号\n\tif (addtext.charAt(0) == ',') addtext = addtext.slice(1);\n\tif (addtext.charAt(addtext.length - 1) == ',') addtext = addtext.slice(0, addtext.length - 1);\n\tconst add = addtext.split(',');\n\treturn add;\n}\n" } ]