Hugging Face's logo

Spaces:
megatrump
/
deno
Running

App Files Community
deno
File size: 6,153 Bytes 
5d66f59
915b179
f8390d3
 
200c491
f8390d3
200c491
915b179
f8390d3
 
200c491
 
 
5d66f59
200c491
5d66f59
 
bc3acf5
200c491
bc3acf5
 
200c491
5d66f59
 
200c491
 
5d66f59
 
 
200c491
 
5d66f59
 
 
f8390d3
200c491
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5d66f59
200c491
bc3acf5
5d66f59
 
 
 
200c491
1dbbd42
 
f8390d3
200c491
 
 
 
 
 
5d66f59
 
 
200c491
1dbbd42
200c491
1dbbd42
200c491
5d66f59
 
 
 
915b179
200c491
5d66f59
bc3acf5
200c491
5d66f59
 
 
1dbbd42
200c491
1dbbd42
200c491
1dbbd42
5d66f59
200c491
5d66f59
 
 
f8390d3
200c491
f8390d3
 
5d66f59
f8390d3
 
 
200c491
1dbbd42
200c491
f8390d3
200c491
 
f8390d3
200c491
 
 
 
 
 
f8390d3
200c491
 
5d66f59
f8390d3
bc3acf5
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
 
import re
import logging
from flask import Flask, request, Response
import requests
from urllib.parse import urlparse, unquote

# --- Basic Configuration ---
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
app = Flask(__name__)

# --- Whitelisted URL Patterns for GitHub ---
# This list defines all URL patterns that are permitted to be proxied.
# It's a security measure to prevent the proxy from being used to access unintended domains.
ALLOWED_PATTERNS = [
    # Repositories: releases, archives, blobs, raw content
    re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:releases|archive)/.*$', re.IGNORECASE),
    re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:blob|raw)/.*$', re.IGNORECASE),
    
    # Git operations (clone, pull, push)
    re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:info|git-).*$', re.IGNORECASE),
    
    # Raw content from various GitHub domains
    re.compile(r'^https://raw\.(?:githubusercontent|github)\.com/[^/]+/[^/]+/.*/.*$', re.IGNORECASE),
    re.compile(r'^https://gist\.(?:githubusercontent|github)\.com/[^/]+/[^/]+/.*/.*$', re.IGNORECASE),
    
    # Repository tags and assets
    re.compile(r'^https://github\.com/[^/]+/[^/]+/tags.*$', re.IGNORECASE),
    re.compile(r'^https://avatars\.githubusercontent\.com/.*$', re.IGNORECASE),
    re.compile(r'^https://github\.githubassets\.com/.*$', re.IGNORECASE),

    # Main repository/user pages
    re.compile(r'^https://github\.com/[^/]+/?$', re.IGNORECASE),
    re.compile(r'^https://github\.com/[^/]+/[^/]+/?$', re.IGNORECASE),
]

# --- Custom Index Page ---
INDEX_PAGE_HTML = """
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>GitHub Proxy</title>
    <style>
        body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; line-height: 1.6; color: #333; max-width: 800px; margin: 40px auto; padding: 20px; }
        .container { border: 1px solid #ddd; border-radius: 8px; padding: 20px 40px; background-color: #f9f9f9; }
        .warning { color: #856404; background-color: #fff3cd; border: 1px solid #ffeeba; padding: 15px; border-radius: 4px; margin-bottom: 20px; }
        h1, h2 { border-bottom: 1px solid #eaecef; padding-bottom: 0.3em; }
        code { background-color: #eef; padding: 2px 4px; border-radius: 3px; }
    </style>
</head>
<body>
    <div class="container">
        <h1>GitHub Reverse Proxy</h1>
        <div class="warning">
            <strong>Warning:</strong> You are accessing GitHub content through a reverse proxy. 
            All content served from this page is provided directly by GitHub.
        </div>
        <h2>How to Use</h2>
        <p>To access GitHub content, simply append the GitHub URL to this proxy's address.</p>
        <p>For example, to clone a repository:</p>
        <code>git clone {YOUR_PROXY_URL}/https://github.com/owner/repo.git</code>
        <p>Or to view a repository page:</p>
        <code>{YOUR_PROXY_URL}/https://github.com/owner/repo</code>
    </div>
</body>
</html>
"""

def is_url_allowed(url):
    """Check if the given URL matches any pattern in the whitelist."""
    for pattern in ALLOWED_PATTERNS:
        if pattern.match(url):
            return True
    return False

# --- Core Proxy Logic ---
@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE'])
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
def proxy(path):
    """
    Proxies requests to GitHub after validating them against a whitelist.
    It streams the response back to the client.
    """
    # The full path might be URL-encoded, so we decode it.
    target_path = unquote(request.full_path)
    if target_path.startswith('/'):
        target_path = target_path[1:]

    # For the root path, display the custom warning page.
    if not target_path:
        return INDEX_PAGE_HTML, 200

    # Prepend 'https://' if the scheme is missing.
    if not target_path.startswith(('http://', 'https://')):
        target_url = 'https://' + target_path
    else:
        target_url = target_path
    
    # Security check: Ensure the URL is in the whitelist.
    if not is_url_allowed(target_url):
        logging.warning(f"URL Denied! No pattern matched: {target_url}")
        return "<h1>403 Forbidden</h1><p>Request blocked by proxy security policy.</p>", 403

    try:
        target_host = urlparse(target_url).hostname
        if not target_host:
            raise ValueError("Hostname could not be parsed from the target URL.")
    except Exception as e:
        logging.error(f"Invalid target URL provided: {target_url} | Error: {e}")
        return f"Invalid target URL in path: {e}", 400

    # Forward headers, but set the 'Host' header to the target's hostname.
    headers = {key: value for (key, value) in request.headers if key.lower() != 'host'}
    headers['Host'] = target_host

    try:
        # Stream the request to handle large files efficiently.
        resp = requests.request(
            method=request.method,
            url=target_url,
            headers=headers,
            data=request.get_data(),
            cookies=request.cookies,
            allow_redirects=False, # Redirects are handled by the client.
            stream=True,
            timeout=30  # Timeout for the connection.
        )

        # Exclude headers that can interfere with streaming.
        excluded_headers = ['content-encoding', 'content-length', 'transfer-encoding', 'connection']
        response_headers = [(name, value) for (name, value) in resp.raw.headers.items() 
                            if name.lower() not in excluded_headers]

        # Stream the response back to the original client.
        return Response(resp.iter_content(chunk_size=8192), resp.status_code, response_headers)
    
    except requests.exceptions.RequestException as e:
        logging.error(f"Error while proxying to {target_url}: {e}")
        return "An error occurred while proxying the request.", 502

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=7860)