dev
/
sudo-proxy
mirror of https://github.com/sussy-code/sudo-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15 from movie-web/dev 

Simple proxy v2.0.0
This commit is contained in:
William Oldham 2023-10-16 19:11:24 +01:00 committed by GitHub
parent 23c090fc15 54b40c1be1
commit 3678522e20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 4548 additions and 3416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.dockerignore Normal file
View File

@ -0,0 +1,7 @@
node_modules
*.log*
.nitro
.cache
.output
.env
dist

3
.eslintignore Normal file
View File

@ -0,0 +1,3 @@
dist
.output
node-modules

50
.eslintrc.js Normal file
View File

@ -0,0 +1,50 @@
module.exports = {
env: {
browser: true,
},
extends: [
"plugin:@typescript-eslint/recommended",
"plugin:prettier/recommended",
],
ignorePatterns: ["public/*", "dist/*", "/*.js", "/*.ts"],
parser: "@typescript-eslint/parser",
parserOptions: {
project: "./tsconfig.json",
tsconfigRootDir: "./",
},
settings: {
"import/resolver": {
typescript: {
project: "./tsconfig.json",
},
},
},
plugins: ["@typescript-eslint", "import", "prettier"],
rules: {
"no-underscore-dangle": "off",
"@typescript-eslint/no-explicit-any": "off",
"no-console": "off",
"@typescript-eslint/no-this-alias": "off",
"import/prefer-default-export": "off",
"@typescript-eslint/no-empty-function": "off",
"no-shadow": "off",
"@typescript-eslint/no-shadow": ["error"],
"no-restricted-syntax": "off",
"import/no-unresolved": ["error", { ignore: ["^virtual:"] }],
"consistent-return": "off",
"no-continue": "off",
"no-eval": "off",
"no-await-in-loop": "off",
"no-nested-ternary": "off",
"prefer-destructuring": "off",
"@typescript-eslint/no-unused-vars": ["warn", { argsIgnorePattern: "^_" }],
"import/extensions": [
"error",
"ignorePackages",
{
ts: "never",
tsx: "never",
},
]
},
}

18
.eslintrc.json
View File

@ -1,18 +0,0 @@
{
"env": {
"worker": true,
"node": true,
"es6": true
},
"parserOptions": {
"ecmaVersion": "latest"
},
"root": true,
"extends": ["eslint:recommended", "plugin:prettier/recommended"],
"plugins": [],
"ignorePatterns": ["dist"],
"rules": {
"prettier/prettier": "error",
"no-undef": "off"
}
}

60
.github/workflows/build_release.yml vendored
View File

@ -1,60 +0,0 @@
name: Build Release
on:
push:
branches:
- master
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Install NPM packages
run: npm install
- name: Build project
run: npm run build
- name: Upload production-ready build files
uses: actions/upload-artifact@v3
with:
name: worker.js
path: ./dist/worker.js
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v6.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Simple Proxy Worker
draft: false
prerelease: false
- name: Upload Release Asset
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./dist/worker.js
asset_name: worker.js
asset_content_type: text/javascript

36
.github/workflows/cloudflare.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Deploy Worker
# this action is for the "deploy to cloudflare" button
# repository_dispatch is triggered by CF
# secrets should also be made by CF
on: ["repository_dispatch"]
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: latest
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
- name: Install packages
run: pnpm install --frozen-lockfile
- name: Build Project
run: pnpm build:cloudflare
- name: Build & Deploy Worker
uses: cloudflare/wrangler-action@v3
with:
apiToken: ${{ secrets.CF_API_TOKEN }}
accountId: ${{ secrets.CF_ACCOUNT_ID }}

60
.github/workflows/linting.yml vendored Normal file
View File

@ -0,0 +1,60 @@
name: Linting and Testing
on:
push:
branches:
- master
- dev
pull_request:
jobs:
linting:
name: Run Linters
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: latest
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
- name: Install packages
run: pnpm install --frozen-lockfile
- name: Prepare for linting
run: pnpm prepare
- name: Run ESLint
run: pnpm lint
building:
name: Build project
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: latest
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
- name: Install pnpm packages
run: pnpm install --frozen-lockfile
- name: Build Project
run: pnpm build

42
.github/workflows/linting_testing.yml vendored
View File

@ -1,42 +0,0 @@
name: Linting and Testing
on:
push:
branches:
- master
- dev
pull_request_target:
types: [opened, reopened, synchronize]
jobs:
linting:
name: Run Linters
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Install NPM packages
run: npm install
- name: Run ESLint Report
run: npm run lint:report
# continue on error, so it still reports it in the next step
continue-on-error: true
- name: Annotate Code Linting Results
uses: ataylorme/eslint-annotate-action@v2
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
report-json: "eslint_report.json"
- name: Build Project
run: npm run build

55
.github/workflows/publish.yml vendored Normal file
View File

@ -0,0 +1,55 @@
name: Docker Publish
on:
push:
branches:
- master
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v2
- name: Get version
id: package-version
uses: martinbeentjes/npm-get-version-action@main
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
latest=auto
tags: |
type=semver,pattern={{version}},value=v${{ steps.package-version.outputs.current-version }}
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v4
with:
push: true
context: .
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}

81
.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,81 @@
name: Release
on:
push:
branches:
- master
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: latest
- name: Get version
id: package-version
uses: martinbeentjes/npm-get-version-action@main
- name: Install packages
run: pnpm install --frozen-lockfile
- name: Build for cloudflare
run: pnpm build:cloudflare && cp ./.output/server/index.mjs ./cloudflare.worker.mjs
- name: Build for AWS
run: pnpm build:aws && cd .output/server && zip -r ../../lambda.zip .
- name: Build for Node
run: pnpm build:node && cd .output/server && zip -r ../../nodejs.zip .
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ steps.package-version.outputs.current-version }}
release_name: Bot v${{ steps.package-version.outputs.current-version }}
draft: false
prerelease: false
body: |
Instead of downloading a package, you can also run it in docker:
```sh
docker run movie-web/simple-proxy:${{ steps.package-version.outputs.current-version }}
```
- name: Upload cloudflare build
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./cloudflare.worker.mjs
asset_name: simple-proxy-cloudflare.mjs
asset_content_type: text/javascript
- name: Upload AWS build
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./lambda.zip
asset_name: simple-proxy-aws-lambda.zip
asset_content_type: application/zip
- name: Upload Node build
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./node.zip
asset_name: simple-proxy-nodejs.zip
asset_content_type: application/zip

7
.gitignore vendored
View File

@ -1,2 +1,7 @@
node_modules
dist
*.log*
.nitro
.cache
.output
.env
dist

5
.vscode/extensions.json vendored
View File

@ -1,6 +1,3 @@
{
"recommendations": [
"dbaeumer.vscode-eslint",
"editorconfig.editorconfig"
]
"recommendations": ["dbaeumer.vscode-eslint", "editorconfig.editorconfig"]
}

20
Dockerfile Normal file
View File

@ -0,0 +1,20 @@
FROM node:18-alpine as base
WORKDIR /app
# Build layer
FROM base as build
RUN npm i -g pnpm
COPY pnpm-lock.yaml package.json ./
RUN pnpm install --frozen-lockfile
COPY . .
RUN pnpm build
# Production layer
FROM base as production
EXPOSE 3000
ENV NODE_ENV=production
COPY --from=build /app/.output ./.output
CMD ["node", ".output/server/index.mjs"]

18
README.md
View File

@ -1,3 +1,17 @@
# Cloudflare worker proxy
# simple-proxy
Simple http proxy in a cloudflare worker.
Simple reverse proxy to bypass CORS, used by [movie-web](https://movie-web.app).
[![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/movie-web/simple-proxy)
---
### features:
- Deployable on many platforms - thanks to nitro
- header rewrites - read and write protected headers
- bypass CORS - always allows browser to send requests through it
### supported platforms:
- cloudflare workers
- AWS lambda
- nodejs

10
nitro.config.ts Normal file
View File

@ -0,0 +1,10 @@
import { join } from "path";
//https://nitro.unjs.io/config
export default defineNitroConfig({
noPublicDir: true,
srcDir: "./src",
alias: {
"@": join(__dirname, "src")
}
});

3090
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

32
package.json
View File

@ -1,18 +1,30 @@
{
"name": "simple-proxy",
"private": true,
"version": "1.0.0",
"version": "2.0.0",
"scripts": {
"build": "vite build",
"lint": "eslint --ext .js src/",
"lint:fix": "eslint --fix --ext .js src/",
"lint:report": "eslint --ext .js --output-file eslint_report.json --format json src/"
"prepare": "nitropack prepare",
"dev": "nitropack dev",
"build": "nitropack build",
"build:cloudflare": "NITRO_PRESET=cloudflare npm run build",
"build:aws": "NITRO_PRESET=aws_lambda npm run build",
"build:node": "NITRO_PRESET=node-server npm run build",
"start": "node .output/server/index.mjs",
"lint": "eslint --ext .ts src/",
"lint:fix": "eslint --fix --ext .ts src/",
"preinstall": "npx only-allow pnpm"
},
"dependencies": {
"h3": "^1.8.1",
"nitropack": "latest"
},
"devDependencies": {
"eslint": "^8.30.0",
"eslint-config-prettier": "^8.5.0",
"eslint-plugin-prettier": "^4.2.1",
"vite": "^4.0.0",
"vite-plugin-eslint": "^1.8.1"
"@typescript-eslint/eslint-plugin": "^6.7.0",
"@typescript-eslint/parser": "^6.7.0",
"eslint": "^8.48.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^9.0.0",
"eslint-import-resolver-typescript": "^3.6.0",
"eslint-plugin-prettier": "^5.0.0"
}
}

4036
pnpm-lock.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

173
src/main.js
View File

@ -1,173 +0,0 @@
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET,HEAD,POST,OPTIONS',
'Access-Control-Max-Age': '86400',
};
async function handleRequest(oRequest, destination, iteration = 0) {
console.log(
`PROXYING ${destination}${iteration ? ' ON ITERATION ' + iteration : ''}`,
);
// Create a new mutable request object for the destination
const request = new Request(destination, oRequest);
request.headers.set('Origin', new URL(destination).origin);
// TODO - Make cookie handling better. PHPSESSID overwrites all other cookie related headers
// Add custom X headers from client
// These headers are usually forbidden to be set by fetch
if (oRequest.headers.has('X-Cookie')) {
request.headers.set('Cookie', oRequest.headers.get('X-Cookie'));
request.headers.delete('X-Cookie');
}
if (request.headers.has('X-Referer')) {
request.headers.set('Referer', request.headers.get('X-Referer'));
request.headers.delete('X-Referer');
}
if (request.headers.has('X-Origin')) {
request.headers.set('Origin', request.headers.get('X-Origin'));
request.headers.delete('X-Origin');
}
// Set PHPSESSID cookie
if (request.headers.get('PHPSESSID')) {
request.headers.set(
'Cookie',
`PHPSESSID=${request.headers.get('PHPSESSID')}`,
);
}
// Set User Agent, if not exists
const useragent = request.headers.get('User-Agent');
if (!useragent) {
request.headers.set(
'User-Agent',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0',
);
}
// Fetch the new resource
const oResponse = await fetch(request.clone());
// If the server returned a redirect, follow it
if (
(oResponse.status === 302 || oResponse.status === 301) &&
oResponse.headers.get('location')
) {
// Server tried to redirect too many times
if (iteration > 5) {
return new Response('418 Too many redirects', {
status: 418,
});
}
// Handle and return the request for the redirected destination
return await handleRequest(
request,
oResponse.headers.get('location'),
iteration + 1,
);
}
// Create mutable response using the original response as init
const response = new Response(oResponse.body, oResponse);
// Set CORS headers
response.headers.set('Access-Control-Allow-Origin', '*');
response.headers.set('Access-Control-Expose-Headers', '*');
const cookiesToSet = response.headers.get('Set-Cookie');
// Transfer Set-Cookie to X-Set-Cookie
// Normally the Set-Cookie header is not accessible to fetch clients
if (cookiesToSet) {
response.headers.set('X-Set-Cookie', response.headers.get('Set-Cookie'));
}
// Set PHPSESSID cookie
if (
cookiesToSet &&
cookiesToSet.includes('PHPSESSID') &&
cookiesToSet.includes(';')
) {
let phpsessid = cookiesToSet.slice(cookiesToSet.search('PHPSESSID') + 10);
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
response.headers.set('PHPSESSID', phpsessid);
}
// Append to/Add Vary header so browser will cache response correctly
response.headers.append('Vary', 'Origin');
// Add X-Final-Destination header to get the final url
response.headers.set('X-Final-Destination', oResponse.url);
return response;
}
function handleOptions(request) {
// Make sure the necessary headers are present
// for this to be a valid pre-flight request
const headers = request.headers;
let response = new Response(null, {
headers: {
Allow: 'GET, HEAD, POST, OPTIONS',
},
});
if (
headers.get('Origin') !== null &&
headers.get('Access-Control-Request-Method') !== null &&
headers.get('Access-Control-Request-Headers') !== null
) {
response = new Response(null, {
headers: {
...corsHeaders,
// Allow all future content Request headers to go back to browser
// such as Authorization (Bearer) or X-Client-Name-Version
'Access-Control-Allow-Headers': request.headers.get(
'Access-Control-Request-Headers',
),
},
});
}
return response;
}
addEventListener('fetch', (event) => {
const request = event.request;
const url = new URL(request.url);
const destination = url.searchParams.get('destination');
console.log(`HTTP ${request.method} - ${request.url}`);
let response = new Response('404 Not Found', {
status: 404,
});
if (request.method === 'OPTIONS') {
// Handle CORS preflight requests
response = handleOptions(request);
} else if (!destination) {
response = new Response('200 OK', {
status: 200,
headers: {
Allow: 'GET, HEAD, POST, OPTIONS',
'Access-Control-Allow-Origin': '*',
},
});
} else if (
request.method === 'GET' ||
request.method === 'HEAD' ||
request.method === 'POST'
) {
// Handle request
response = handleRequest(request, destination);
}
event.respondWith(response);
});

34
src/routes/index.ts Normal file
View File

@ -0,0 +1,34 @@
import {
getProxyHeaders,
getAfterResponseHeaders,
cleanupHeadersBeforeProxy,
} from '@/utils/headers';
export default defineEventHandler(async (event) => {
// handle cors, if applicable
if (isPreflightRequest(event)) return handleCors(event, {});
// parse destination URL
const destination = getQuery<{ destination?: string }>(event).destination;
if (!destination)
return sendJson({
event,
status: 400,
data: {
error: 'destination query parameter invalid',
},
});
// proxy
cleanupHeadersBeforeProxy(event);
await proxyRequest(event, destination, {
fetchOptions: {
redirect: 'follow',
headers: getProxyHeaders(event.headers),
},
onResponse(outputEvent, response) {
const headers = getAfterResponseHeaders(response.headers, response.url);
setResponseHeaders(outputEvent, headers);
},
});
});

73
src/utils/headers.ts Normal file
View File

@ -0,0 +1,73 @@
import { H3Event } from 'h3';
const blacklistedHeaders = [
'cf-connecting-ip',
'cf-worker',
'cf-ray',
'cf-visitor',
'cf-ew-via',
'x-forwarded-for',
'x-forwarded-host',
'x-forwarded-proto',
'forwarded',
'x-real-ip',
];
function copyHeader(
headers: Headers,
outputHeaders: Headers,
inputKey: string,
outputKey: string,
) {
if (headers.has(inputKey))
outputHeaders.set(outputKey, headers.get(inputKey) ?? '');
}
export function getProxyHeaders(headers: Headers): Headers {
const output = new Headers();
const headerMap: Record<string, string> = {
'X-Cookie': 'Cookie',
'X-Referer': 'Referer',
'X-Origin': 'Origin',
};
Object.entries(headerMap).forEach((entry) => {
copyHeader(headers, output, entry[0], entry[1]);
});
output.set(
'User-Agent',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0',
);
return output;
}
export function getAfterResponseHeaders(
headers: Headers,
finalUrl: string,
): Record<string, string> {
const output: Record<string, string> = {};
if (headers.has('Set-Cookie'))
output['X-Set-Cookie'] = headers.get('Set-Cookie') ?? '';
return {
'Access-Control-Allow-Origin': '*',
'Access-Control-Expose-Headers': '*',
Vary: 'Origin',
'X-Final-Destination': finalUrl,
};
}
export function removeHeadersFromEvent(event: H3Event, key: string) {
const normalizedKey = key.toLowerCase();
if (event.node.req.headers[normalizedKey])
delete event.node.req.headers[normalizedKey];
}
export function cleanupHeadersBeforeProxy(event: H3Event) {
blacklistedHeaders.forEach((key) => {
removeHeadersFromEvent(event, key);
});
}

11
src/utils/sending.ts Normal file
View File

@ -0,0 +1,11 @@
import { H3Event, EventHandlerRequest } from 'h3';
export function sendJson(ops: {
event: H3Event<EventHandlerRequest>;
data: Record<string, any>;
status?: number;
}) {
setResponseStatus(ops.event, ops.status ?? 200);
appendResponseHeader(ops.event, 'content-type', 'application/json');
send(ops.event, JSON.stringify(ops.data, null, 2));
}

23
tsconfig.json Normal file
View File

@ -0,0 +1,23 @@
{
"compilerOptions": {
"target": "ES2020",
"lib": ["dom", "dom.iterable", "esnext"],
"allowJs": true,
"skipLibCheck": true,
"esModuleInterop": true,
"allowSyntheticDefaultImports": true,
"strict": true,
"forceConsistentCasingInFileNames": true,
"noFallthroughCasesInSwitch": true,
"module": "esnext",
"moduleResolution": "node",
"resolveJsonModule": true,
"isolatedModules": true,
"noEmit": true,
"baseUrl": "./src",
"paths": {
"@/*": ["./*"]
}
},
"extends": "./.nitro/types/tsconfig.json"
}

16
vite.config.js
View File

@ -1,16 +0,0 @@
const path = require('path');
const { defineConfig } = require('vite');
const { default: eslint } = require('vite-plugin-eslint');
module.exports = defineConfig({
plugins: [eslint()],
build: {
minify: false,
lib: {
entry: path.resolve(__dirname, 'src/main.js'),
name: 'worker',
formats: ['es'],
fileName: () => `worker.js`,
},
},
});

4
wrangler.toml Normal file
View File

@ -0,0 +1,4 @@
name = "simple-proxy"
main = "./.output/server/index.mjs"
workers_dev = true
compatibility_date = "2022-09-10"