Update app.py

app.py

@@ -2,85 +2,142 @@ import re
 import logging
 from flask import Flask, request, Response
 import requests
-from urllib.parse import urlparse
+from urllib.parse import urlparse, unquote
 
-# --- 设置日志 ---
+# --- Basic Configuration ---
 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
-
 app = Flask(__name__)
 
-# --- 白名单过滤规则 ---
+# --- Whitelisted URL Patterns for GitHub ---
+# This list defines all URL patterns that are permitted to be proxied.
+# It's a security measure to prevent the proxy from being used to access unintended domains.
 ALLOWED_PATTERNS = [
+    # Repositories: releases, archives, blobs, raw content
     re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:releases|archive)/.*$', re.IGNORECASE),
     re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:blob|raw)/.*$', re.IGNORECASE),
     
-    # --- 这里是修正后的一行 ---
+    # Git operations (clone, pull, push)
     re.compile(r'^https://github\.com/[^/]+/[^/]+/(?:info|git-).*$', re.IGNORECASE),
     
+    # Raw content from various GitHub domains
     re.compile(r'^https://raw\.(?:githubusercontent|github)\.com/[^/]+/[^/]+/.*/.*$', re.IGNORECASE),
     re.compile(r'^https://gist\.(?:githubusercontent|github)\.com/[^/]+/[^/]+/.*/.*$', re.IGNORECASE),
+    
+    # Repository tags and assets
     re.compile(r'^https://github\.com/[^/]+/[^/]+/tags.*$', re.IGNORECASE),
     re.compile(r'^https://avatars\.githubusercontent\.com/.*$', re.IGNORECASE),
     re.compile(r'^https://github\.githubassets\.com/.*$', re.IGNORECASE),
+
+    # Main repository/user pages
     re.compile(r'^https://github\.com/[^/]+/?$', re.IGNORECASE),
     re.compile(r'^https://github\.com/[^/]+/[^/]+/?$', re.IGNORECASE),
 ]
 
+# --- Custom Index Page ---
+INDEX_PAGE_HTML = """
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>GitHub Proxy</title>
+    <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; line-height: 1.6; color: #333; max-width: 800px; margin: 40px auto; padding: 20px; }
+        .container { border: 1px solid #ddd; border-radius: 8px; padding: 20px 40px; background-color: #f9f9f9; }
+        .warning { color: #856404; background-color: #fff3cd; border: 1px solid #ffeeba; padding: 15px; border-radius: 4px; margin-bottom: 20px; }
+        h1, h2 { border-bottom: 1px solid #eaecef; padding-bottom: 0.3em; }
+        code { background-color: #eef; padding: 2px 4px; border-radius: 3px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>GitHub Reverse Proxy</h1>
+        <div class="warning">
+            <strong>Warning:</strong> You are accessing GitHub content through a reverse proxy. 
+            All content served from this page is provided directly by GitHub.
+        </div>
+        <h2>How to Use</h2>
+        <p>To access GitHub content, simply append the GitHub URL to this proxy's address.</p>
+        <p>For example, to clone a repository:</p>
+        <code>git clone {YOUR_PROXY_URL}/https://github.com/owner/repo.git</code>
+        <p>Or to view a repository page:</p>
+        <code>{YOUR_PROXY_URL}/https://github.com/owner/repo</code>
+    </div>
+</body>
+</html>
+"""
+
 def is_url_allowed(url):
-    """检查给定的URL是否匹配白名单中的任何一个模式。"""
+    """Check if the given URL matches any pattern in the whitelist."""
     for pattern in ALLOWED_PATTERNS:
         if pattern.match(url):
             return True
     return False
 
-# --- 核心代理逻辑 ---
+# --- Core Proxy Logic ---
 @app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE'])
 @app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
 def proxy(path):
-    target_path = request.full_path
+    """
+    Proxies requests to GitHub after validating them against a whitelist.
+    It streams the response back to the client.
+    """
+    # The full path might be URL-encoded, so we decode it.
+    target_path = unquote(request.full_path)
     if target_path.startswith('/'):
         target_path = target_path[1:]
 
+    # For the root path, display the custom warning page.
     if not target_path:
-        return ("<p>GitHub reverse proxy is active.</p>"), 200
+        return INDEX_PAGE_HTML, 200
 
+    # Prepend 'https://' if the scheme is missing.
     if not target_path.startswith(('http://', 'https://')):
         target_url = 'https://' + target_path
     else:
         target_url = target_path
     
+    # Security check: Ensure the URL is in the whitelist.
     if not is_url_allowed(target_url):
         logging.warning(f"URL Denied! No pattern matched: {target_url}")
-        error_message = "<h1>403 Forbidden</h1><p>Request blocked by proxy security policy.</p>"
-        return error_message, 403
+        return "<h1>403 Forbidden</h1><p>Request blocked by proxy security policy.</p>", 403
 
     try:
         target_host = urlparse(target_url).hostname
         if not target_host:
-            raise ValueError("Could not parse hostname")
+            raise ValueError("Hostname could not be parsed from the target URL.")
     except Exception as e:
+        logging.error(f"Invalid target URL provided: {target_url} | Error: {e}")
         return f"Invalid target URL in path: {e}", 400
 
+    # Forward headers, but set the 'Host' header to the target's hostname.
     headers = {key: value for (key, value) in request.headers if key.lower() != 'host'}
     headers['Host'] = target_host
 
     try:
+        # Stream the request to handle large files efficiently.
         resp = requests.request(
             method=request.method,
             url=target_url,
             headers=headers,
             data=request.get_data(),
             cookies=request.cookies,
-            allow_redirects=False,
+            allow_redirects=False, # Redirects are handled by the client.
             stream=True,
-            timeout=30
+            timeout=30  # Timeout for the connection.
         )
+
+        # Exclude headers that can interfere with streaming.
         excluded_headers = ['content-encoding', 'content-length', 'transfer-encoding', 'connection']
-        response_headers = [(name, value) for (name, value) in resp.raw.headers.items() if name.lower() not in excluded_headers]
-        return Response(resp.iter_content(chunk_size=8192), status=resp.status_code, headers=response_headers)
+        response_headers = [(name, value) for (name, value) in resp.raw.headers.items() 
+                            if name.lower() not in excluded_headers]
+
+        # Stream the response back to the original client.
+        return Response(resp.iter_content(chunk_size=8192), resp.status_code, response_headers)
+    
     except requests.exceptions.RequestException as e:
-        return f"An error occurred while proxying: {e}", 502
+        logging.error(f"Error while proxying to {target_url}: {e}")
+        return "An error occurred while proxying the request.", 502
 
 if __name__ == '__main__':
     app.run(host='0.0.0.0', port=7860)
-