amass/Older
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add restry-ui proxy.

Browse Source
This commit is contained in:
amass 2024-06-17 16:27:43 +00:00
parent 9e3bf28451
commit ea553cfc3e
5 changed files with 111 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Server/conf/nginx.conf
View File

@ -85,6 +85,7 @@ http {
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy; proxy_pass http://frp_http_proxy;
access_by_lua_file lua/authentication.lua;
} }
} }
@ -143,6 +144,34 @@ http {
} }
} }
server {
listen 443 ssl;
server_name docker.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/docker.amass.fun.pem;
ssl_certificate_key cert/docker.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
access_by_lua_file lua/basic_authentication_proxy.lua;
proxy_pass http://frp_http_proxy;
}
}
server { server {
listen 443 ssl; listen 443 ssl;
server_name money.amass.fun; server_name money.amass.fun;

23
Server/lua/accounts.lua Normal file
View File

@ -0,0 +1,23 @@
local M = {}
local password_path = "password.txt"
function M.credentials()
local file = io.open(password_path, "r")
if not file then
ngx.log(ngx.INFO, "无法打开文件: ", password_path)
return
end
local credentials = {}
for line in file:lines() do
local account, password = line:match("([^=]+)=([^=]+)")
if account and password then
credentials[account] = password
end
end
file:close()
return credentials
end
return M

33
Server/lua/basic_authentication.lua Normal file
View File

@ -0,0 +1,33 @@
local auth_header = ngx.var.http_authorization
local function authenticate()
ngx.header.content_type = 'text/plain'
ngx.header.www_authenticate = 'Basic realm="Restricted Area"'
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say('Unauthorized')
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
if not auth_header then
return authenticate()
end
local _, _, encoded = string.find(auth_header, "Basic%s+(.+)")
if not encoded then
return authenticate()
end
local decoded = ngx.decode_base64(encoded)
local user_account, user_password = decoded:match("([^:]+):(.+)")
ngx.log(ngx.INFO, encoded, " ", user_account, " ", user_password)
local accounts = require("lua/accounts")
local credentials = accounts.credentials()
if credentials and credentials[user_account] == user_password then
return
else
return authenticate()
end

22
Server/lua/basic_authentication_proxy.lua Normal file
View File

@ -0,0 +1,22 @@
local session, err, exists = require "resty.session".open()
if exists and session:get("authenticated") then
local account = session:get("account")
ngx.log(ngx.INFO, session:get("account"), " 访问")
local accounts = require("lua/accounts")
local credentials = accounts.credentials()
local password = ""
if credentials then
password = credentials[account]
end
local auth_value = ngx.encode_base64(account .. ':' .. password)
ngx.req.set_header("Authorization", "Basic " .. auth_value)
else
local server = ""
if ngx.var.server_port == "80" then
server = ngx.var.host
else
server = ngx.var.host .. ":" .. ngx.var.server_port
end
local target_url = ngx.var.scheme .. "://" .. server .. ngx.var.request_uri
ngx.redirect('https://amass.fun/LoginPage?next=' .. ngx.escape_uri(target_url))
end

26
Server/lua/login.lua
View File

@ -1,7 +1,5 @@
local cjson = require "cjson" local cjson = require "cjson"
local password_path = "password.txt"
local function add_domain(cookies, key, domain) local function add_domain(cookies, key, domain)
if type(cookies) == "string" then -- 确保 set_cookies 是一个表 if type(cookies) == "string" then -- 确保 set_cookies 是一个表
cookies = { cookies } cookies = { cookies }
@ -11,7 +9,7 @@ local function add_domain(cookies, key, domain)
for _, cookie in ipairs(cookies) do for _, cookie in ipairs(cookies) do
local cookie_key, value = string.match(cookie, "^%s*(.-)%s*=%s*(.-)%s*;") local cookie_key, value = string.match(cookie, "^%s*(.-)%s*=%s*(.-)%s*;")
if cookie_key == key then if cookie_key == key then
local new_cookie = value .. "; Domain=" .. domain .. "; Path=/; HttpOnly" local new_cookie = value .. "; Domain=" .. domain .. "; Path=/; HttpOnly; SameSite=Lax"
table.insert(new_cookies, key.."=" .. new_cookie) table.insert(new_cookies, key.."=" .. new_cookie)
else else
table.insert(new_cookies, cookie) table.insert(new_cookies, cookie)
@ -42,27 +40,11 @@ local user_password = json_data.password
local reply = {} local reply = {}
local file = io.open(password_path, "r")
if not file then
ngx.log(ngx.INFO, "无法打开文件: ", password_path)
reply.status = -1000
reply.message = "服务器错误,找不到 " .. password_path;
ngx.say(cjson.encode(reply))
return
end
local credentials = {}
for line in file:lines() do
local account, password = line:match("([^=]+)=([^=]+)")
if account and password then
credentials[account] = password
end
end
file:close()
local session = require "resty.session".start() local session = require "resty.session".start()
if credentials[user_account] == user_password then local accounts = require("lua/accounts")
local credentials = accounts.credentials()
if credentials and credentials[user_account] == user_password then
reply.status = 0 reply.status = 0
reply.message = "登录成功" reply.message = "登录成功"
session:set("account", user_account) session:set("account", user_account)