/** * DomainFront Relay — Google Apps Script * * TWO modes: * 1. Single: POST { k, m, u, h, b, ct, r } → { s, h, b } * 2. Batch: POST { k, q: [{m,u,h,b,ct,r}, ...] } → { q: [{s,h,b}, ...] } * Uses UrlFetchApp.fetchAll() — all URLs fetched IN PARALLEL. * * OPTIONAL SPREADSHEET-BACKED RESPONSE CACHE: * Set CACHE_SPREADSHEET_ID to a valid Google Sheet ID (must be owned by * the same account). When enabled, public GET requests are stored in the * sheet and served from there on repeat visits, reducing UrlFetchApp * quota consumption. The cache is Vary-aware (Accept-Encoding and * Accept-Language are hashed into the compound cache key). Leave * CACHE_SPREADSHEET_ID as-is to disable caching entirely — zero overhead. * * DEPLOYMENT: * 1. Go to https://script.google.com → New project * 2. Delete the default code, paste THIS entire file * 3. Change AUTH_KEY below to your own secret * 4. (Optional) Set CACHE_SPREADSHEET_ID to enable caching * 5. Click Deploy → New deployment * 6. Type: Web app | Execute as: Me | Who has access: Anyone * 7. Copy the Deployment ID into config.json as "script_id" * * CHANGE THE AUTH KEY BELOW TO YOUR OWN SECRET! */ const AUTH_KEY = "CHANGE_ME_TO_A_STRONG_SECRET"; // Active-probing defense. When false (production default), bad AUTH_KEY // requests get a decoy HTML page that looks like a placeholder Apps // Script web app instead of the JSON `{"e":"unauthorized"}` body. This // makes the deployment indistinguishable from a forgotten-but-public // Apps Script project to active scanners that POST malformed payloads // looking for proxy endpoints. // // Set to `true` during initial setup if a misconfigured client is // hitting "unauthorized" and you want the explicit JSON error to debug // — then flip back to false before the deployment is widely shared. // (Inspired by #365 Section 3, mhrv-rs v1.8.0+.) const DIAGNOSTIC_MODE = false; // ── Optional Spreadsheet Cache ────────────────────────────── // Set to a valid Spreadsheet ID to enable response caching. // Leave as-is to disable caching entirely (zero overhead). const CACHE_SPREADSHEET_ID = "CHANGE_ME_TO_CACHE_SPREADSHEET_ID"; const CACHE_SHEET_NAME = "RelayCache"; const CACHE_META_SHEET_NAME = "RelayMeta"; const CACHE_META_CURSOR_CELL = "A1"; // ── Cache Tuning ──────────────────────────────────────────── const CACHE_MAX_ROWS = 5000; // circular buffer capacity const CACHE_MAX_BODY_BYTES = 35000; // skip responses larger than ~35 KB const CACHE_DEFAULT_TTL_SECONDS = 86400; // 24-hour fallback when no Cache-Control // ── Vary-Aware Cache Key ──────────────────────────────────── // These request headers are hashed into the compound cache key // alongside the URL so that responses with different encodings // or languages never collide in the cache. Covers ~95 % of // real-world Vary usage without inspecting the response. const VARY_KEY_HEADERS = ["accept-encoding", "accept-language"]; // Keep browser capability headers (sec-ch-ua*, sec-fetch-*) intact. // Some modern apps, notably Google Meet, use them for browser gating. const SKIP_HEADERS = { host: 1, connection: 1, "content-length": 1, "transfer-encoding": 1, "proxy-connection": 1, "proxy-authorization": 1, "priority": 1, te: 1, }; // Headers that disqualify a request from the cache path. const CACHE_BUSTING_HEADERS = { authorization: 1, cookie: 1, "x-api-key": 1, "proxy-authorization": 1, "set-cookie": 1, }; // HTML body for the bad-auth decoy. Mimics a minimal Apps Script-style // placeholder page — no proxy-shaped JSON, nothing distinctive enough // for a probe to fingerprint as a tunnel endpoint. const DECOY_HTML = 'Web App' + '

The script completed but did not return anything.

' + ''; // ── Request Handlers ──────────────────────────────────────── function _decoyOrError(jsonBody) { if (DIAGNOSTIC_MODE) return _json(jsonBody); return ContentService .createTextOutput(DECOY_HTML) .setMimeType(ContentService.MimeType.HTML); } function doPost(e) { try { var req = JSON.parse(e.postData.contents); if (req.k !== AUTH_KEY) return _decoyOrError({ e: "unauthorized" }); // Batch mode: { k, q: [...] } if (Array.isArray(req.q)) return _doBatch(req.q); // Single mode return _doSingle(req); } catch (err) { // Parse failures of the request body are also probe-shaped — a real // mhrv-rs client never sends invalid JSON. Decoy for the same reason. return _decoyOrError({ e: String(err) }); } } // `doGet` is what active scanners hit first (HTTP GET probes are cheaper // than POSTs). Apps Script defaults to a "Script function not found" page // here which is a fine-enough decoy on its own, but explicitly returning // the same harmless placeholder makes the response identical to the // bad-auth POST decoy — one less fingerprint vector. function doGet(e) { return ContentService .createTextOutput(DECOY_HTML) .setMimeType(ContentService.MimeType.HTML); } // ── Single Request ───────────────────────────────────────── function _doSingle(req) { if (!req.u || typeof req.u !== "string" || !req.u.match(/^https?:\/\//i)) { return _json({ e: "bad url" }); } // ── Optional cache path ──────────────────────────────── // Only entered when CACHE_SPREADSHEET_ID is configured and // the request qualifies as a public, cachable GET. if (_canUseCache(req)) { var cached = _getFromCache(req.u, req.h); if (cached) { return _json({ s: cached.status, h: JSON.parse(cached.headers), b: cached.body, cached: true, }); } var fetchResult = _fetchAndCache(req.u, req.h); if (fetchResult) { return _json({ s: fetchResult.status, h: JSON.parse(fetchResult.headers), b: fetchResult.body, cached: false, }); } // If _fetchAndCache returns null (spreadsheet unavailable), // fall through to the normal relay path below. } // ── Normal relay (cache disabled or unavailable) ──────── var opts = _buildOpts(req); var resp = UrlFetchApp.fetch(req.u, opts); return _json({ s: resp.getResponseCode(), h: _respHeaders(resp), b: Utilities.base64Encode(resp.getContent()), }); } // ── Batch Request ────────────────────────────────────────── function _doBatch(items) { var fetchArgs = []; var errorMap = {}; for (var i = 0; i < items.length; i++) { var item = items[i]; if (!item.u || typeof item.u !== "string" || !item.u.match(/^https?:\/\//i)) { errorMap[i] = "bad url"; continue; } var opts = _buildOpts(item); opts.url = item.u; fetchArgs.push({ _i: i, _o: opts }); } // fetchAll() processes all requests in parallel inside Google var responses = []; if (fetchArgs.length > 0) { responses = UrlFetchApp.fetchAll(fetchArgs.map(function(x) { return x._o; })); } var results = []; var rIdx = 0; for (var i = 0; i < items.length; i++) { if (errorMap.hasOwnProperty(i)) { results.push({ e: errorMap[i] }); } else { var resp = responses[rIdx++]; results.push({ s: resp.getResponseCode(), h: _respHeaders(resp), b: Utilities.base64Encode(resp.getContent()), }); } } return _json({ q: results }); } // ── Request Building ─────────────────────────────────────── function _buildOpts(req) { var opts = { method: (req.m || "GET").toLowerCase(), muteHttpExceptions: true, followRedirects: req.r !== false, validateHttpsCertificates: true, escaping: false, }; if (req.h && typeof req.h === "object") { var headers = {}; for (var k in req.h) { if (req.h.hasOwnProperty(k) && !SKIP_HEADERS[k.toLowerCase()]) { headers[k] = req.h[k]; } } opts.headers = headers; } if (req.b) { opts.payload = Utilities.base64Decode(req.b); if (req.ct) opts.contentType = req.ct; } return opts; } function _respHeaders(resp) { try { if (typeof resp.getAllHeaders === "function") { return resp.getAllHeaders(); } } catch (err) {} return resp.getHeaders(); } function doGet(e) { return HtmlService.createHtmlOutput( "My App" + '' + "

Welcome

This application is running normally.

" + "" ); } function _json(obj) { return ContentService.createTextOutput(JSON.stringify(obj)).setMimeType( ContentService.MimeType.JSON ); } // ═══════════════════════════════════════════════════════════ // SPREADSHEET CACHE — SHEET MANAGEMENT // ═══════════════════════════════════════════════════════════ function _initCacheSheet() { if (CACHE_SPREADSHEET_ID === "CHANGE_ME_TO_CACHE_SPREADSHEET_ID") { return null; } try { var ss = SpreadsheetApp.openById(CACHE_SPREADSHEET_ID); var sheet = ss.getSheetByName(CACHE_SHEET_NAME); if (!sheet) { sheet = ss.insertSheet(CACHE_SHEET_NAME); // Schema: URL_Hash | URL | Status | Headers | Body | Timestamp | Expires_At sheet.getRange(1, 1, 1, 7).setValues([[ "URL_Hash", "URL", "Status", "Headers", "Body", "Timestamp", "Expires_At" ]]); } return sheet; } catch (e) { return null; } } function _getMetaSheet() { if (CACHE_SPREADSHEET_ID === "CHANGE_ME_TO_CACHE_SPREADSHEET_ID") { return null; } try { var ss = SpreadsheetApp.openById(CACHE_SPREADSHEET_ID); var sheet = ss.getSheetByName(CACHE_META_SHEET_NAME); if (!sheet) { sheet = ss.insertSheet(CACHE_META_SHEET_NAME); sheet.getRange(CACHE_META_CURSOR_CELL).setValue(2); sheet.hideSheet(); } return sheet; } catch (e) { return null; } } function _getNextCursor(sheet, metaSheet) { var cursorRange = metaSheet.getRange(CACHE_META_CURSOR_CELL); var cursor = cursorRange.getValue(); if (typeof cursor !== "number" || cursor < 2) cursor = 2; var totalRows = sheet.getDataRange().getNumRows(); if (totalRows < CACHE_MAX_ROWS + 1) { return totalRows + 1; } return cursor; } function _advanceCursor(metaSheet, currentRow) { var nextRow = currentRow + 1; if (nextRow > CACHE_MAX_ROWS + 1) nextRow = 2; metaSheet.getRange(CACHE_META_CURSOR_CELL).setValue(nextRow); } function _ensureRowsAllocated(sheet) { var totalRows = sheet.getDataRange().getNumRows(); if (totalRows < CACHE_MAX_ROWS + 1) { var needed = CACHE_MAX_ROWS + 1 - totalRows; sheet.insertRowsAfter(totalRows, needed); } } // ═══════════════════════════════════════════════════════════ // SPREADSHEET CACHE — VARY-AWARE COMPOUND KEY // ═══════════════════════════════════════════════════════════ /** * Case-insensitive header lookup. * HTTP header names are case-insensitive per RFC 7230 § 3.2. */ function _getHeaderCaseInsensitive(headers, targetKey) { var target = targetKey.toLowerCase(); for (var k in headers) { if (headers.hasOwnProperty(k) && k.toLowerCase() === target) { return headers[k]; } } return null; } /** * Compute a compound cache key: * MD5(URL | header1:value1 | header2:value2 | ...) * * Instead of reading the response Vary header (which would require * fetching first — circular), we preemptively include the request * headers that are known to cause response variation. This handles * Vary: Accept-Encoding and Vary: Accept-Language without ever * inspecting the response. * * Values are lowercased and whitespace-stripped so semantically * identical requests from different clients produce the same hash. * Missing and empty headers both map to "" (same semantic). */ function _getCacheKey(url, reqHeaders) { var parts = [url]; if (reqHeaders && typeof reqHeaders === "object") { for (var i = 0; i < VARY_KEY_HEADERS.length; i++) { var headerName = VARY_KEY_HEADERS[i]; var rawValue = _getHeaderCaseInsensitive(reqHeaders, headerName); if (rawValue && String(rawValue).trim() !== "") { parts.push(headerName + ":" + rawValue.toLowerCase().replace(/\s/g, "")); } else { parts.push(headerName + ":"); } } } else { for (var j = 0; j < VARY_KEY_HEADERS.length; j++) { parts.push(VARY_KEY_HEADERS[j] + ":"); } } var compoundKey = parts.join("|"); return _md5Hex(compoundKey); } function _md5Hex(input) { var rawHash = Utilities.computeDigest(Utilities.DigestAlgorithm.MD5, input); return rawHash .map(function (byte) { var v = (byte < 0) ? 256 + byte : byte; return ("0" + v.toString(16)).slice(-2); }) .join(""); } // ═══════════════════════════════════════════════════════════ // SPREADSHEET CACHE — CORE LOGIC // ═══════════════════════════════════════════════════════════ /** * Returns true if the request is eligible for the cache path: * public GET, no body, no auth/cookie headers, cache configured. */ function _canUseCache(req) { if ((req.m || "GET") !== "GET") return false; if (req.b) return false; if (!req.u || !req.u.match(/^https?:\/\//i)) return false; if (CACHE_SPREADSHEET_ID === "CHANGE_ME_TO_CACHE_SPREADSHEET_ID") return false; if (req.h && typeof req.h === "object") { for (var k in req.h) { if (req.h.hasOwnProperty(k) && CACHE_BUSTING_HEADERS[k.toLowerCase()]) { return false; } } } return true; } /** * Extract max-age (seconds) from a Cache-Control header value. * Returns 0 if the directive forbids caching (no-cache / no-store / * private). Falls back to CACHE_DEFAULT_TTL_SECONDS when no header * is present. Clamped to [60, 2592000] (1 min – 30 days). */ function _parseMaxAge(cacheControlHeader) { if (!cacheControlHeader) return CACHE_DEFAULT_TTL_SECONDS; var lower = cacheControlHeader.toLowerCase(); if ( lower.indexOf("no-cache") !== -1 || lower.indexOf("no-store") !== -1 || lower.indexOf("private") !== -1 ) { return 0; } var match = lower.match(/max-age=(\d+)/); if (match) { var ttl = parseInt(match[1], 10); return Math.max(60, Math.min(ttl, 2592000)); } return CACHE_DEFAULT_TTL_SECONDS; } /** * Rewrite time-sensitive headers so the client sees accurate * Date, Age, and Cache-Control values reflecting cache age. */ function _refreshCachedHeaders(headersJson, timestamp) { var headers = JSON.parse(headersJson); var cachedAt = new Date(timestamp); var now = new Date(); var ageSeconds = Math.floor((now.getTime() - cachedAt.getTime()) / 1000); if (ageSeconds < 0) ageSeconds = 0; headers["Date"] = now.toUTCString(); headers["Age"] = String(ageSeconds); var originalCc = headers["Cache-Control"] || headers["cache-control"]; if (originalCc) { headers["X-Original-Cache-Control"] = originalCc; } var remainingMaxAge = Math.max(0, _parseMaxAge(originalCc) - ageSeconds); headers["Cache-Control"] = "public, max-age=" + remainingMaxAge; headers["X-Cache"] = "HIT from relay-spreadsheet"; headers["X-Cached-At"] = cachedAt.toUTCString(); return JSON.stringify(headers); } /** * Retrieve a cached response by compound cache key. * Uses TextFinder for O(log n) lookup. Skips expired entries. * Returns null on miss, expired entry, or unavailable sheet. */ function _getFromCache(url, reqHeaders) { var sheet = _initCacheSheet(); if (!sheet) return null; var hash = _getCacheKey(url, reqHeaders); var finder = sheet.createTextFinder(hash).matchEntireCell(true); var found = finder.findNext(); if (found) { var row = sheet.getRange(found.getRow(), 1, 1, 7).getValues()[0]; var expiresAt = row[6]; if (expiresAt && expiresAt instanceof Date && expiresAt < new Date()) { return null; } return { status: row[2], headers: _refreshCachedHeaders(row[3], row[5]), body: row[4], }; } return null; } /** * Fetch a URL and store the response in the spreadsheet cache * using a circular buffer (O(1) writes). Skips storage when the * encoded body exceeds CACHE_MAX_BODY_BYTES or when Cache-Control * forbids caching. Returns the fetch result regardless. */ function _fetchAndCache(url, reqHeaders) { var sheet = _initCacheSheet(); if (!sheet) return null; try { var response = UrlFetchApp.fetch(url, { muteHttpExceptions: true }); var status = response.getResponseCode(); var headers = _respHeaders(response); var body = Utilities.base64Encode(response.getContent()); // Cell-size safety gate if (body.length > CACHE_MAX_BODY_BYTES) { return { status: status, headers: JSON.stringify(headers), body: body }; } // TTL extraction var cacheControl = headers["Cache-Control"] || headers["cache-control"] || null; var ttlSeconds = _parseMaxAge(cacheControl); if (ttlSeconds === 0) { return { status: status, headers: JSON.stringify(headers), body: body }; } var hash = _getCacheKey(url, reqHeaders); var timestamp = new Date(); var expiresAt = new Date(timestamp.getTime() + ttlSeconds * 1000); // Safety: fallback if Date math produces invalid result if (isNaN(expiresAt.getTime())) { expiresAt = new Date(timestamp.getTime() + CACHE_DEFAULT_TTL_SECONDS * 1000); } var rowData = [ hash, url, status, JSON.stringify(headers), body, timestamp.toISOString(), expiresAt, ]; // Circular buffer write (O(1)) var metaSheet = _getMetaSheet(); if (metaSheet) { _ensureRowsAllocated(sheet); var writeRow = _getNextCursor(sheet, metaSheet); sheet.getRange(writeRow, 1, 1, 7).setValues([rowData]); _advanceCursor(metaSheet, writeRow); } else { // Fallback: simple append if meta sheet is unavailable sheet.appendRow(rowData); } return { status: status, headers: JSON.stringify(headers), body: body }; } catch (e) { return null; } } // ═══════════════════════════════════════════════════════════ // SPREADSHEET CACHE — DIAGNOSTICS // ═══════════════════════════════════════════════════════════ function getCacheStats() { var sheet = _initCacheSheet(); if (!sheet) { console.log("Cache is not enabled or spreadsheet unavailable."); return; } var data = sheet.getDataRange().getValues(); var totalEntries = data.length - 1; var now = new Date(); var expiredCount = 0; for (var i = 1; i < data.length; i++) { var expiresAt = data[i][6]; if (expiresAt && expiresAt instanceof Date && expiresAt < now) { expiredCount++; } } var metaSheet = _getMetaSheet(); var cursorInfo = "N/A"; if (metaSheet) { cursorInfo = String(metaSheet.getRange(CACHE_META_CURSOR_CELL).getValue()); } console.log("=== CACHE STATS ==="); console.log("Total rows used: " + totalEntries + " / " + CACHE_MAX_ROWS); console.log("Active entries: " + (totalEntries - expiredCount)); console.log("Expired entries: " + expiredCount); console.log("Cursor position: " + cursorInfo); console.log("Max body size: " + CACHE_MAX_BODY_BYTES + " chars"); console.log("Default TTL: " + CACHE_DEFAULT_TTL_SECONDS + " sec"); console.log("Vary key headers: " + VARY_KEY_HEADERS.join(", ")); if (totalEntries > 0) { console.log("Oldest entry: " + data[1][5]); console.log("Newest entry: " + data[data.length - 1][5]); } } function clearExpiredCache() { var sheet = _initCacheSheet(); if (!sheet) { console.log("Cache is not enabled."); return; } var data = sheet.getDataRange().getValues(); var now = new Date(); var rowsToClear = []; for (var i = 1; i < data.length; i++) { var expiresAt = data[i][6]; if (expiresAt && expiresAt instanceof Date && expiresAt < now) { rowsToClear.push(i + 1); } } for (var j = 0; j < rowsToClear.length; j++) { sheet.getRange(rowsToClear[j], 1, 1, 7).clearContent(); } console.log("Cleared " + rowsToClear.length + " expired entries (" + (data.length - 1 - rowsToClear.length) + " remaining)."); } function clearEntireCache() { var sheet = _initCacheSheet(); if (sheet) { var totalRows = sheet.getDataRange().getNumRows(); if (totalRows > 1) { sheet.getRange(2, 1, totalRows - 1, 7).clearContent(); } } var metaSheet = _getMetaSheet(); if (metaSheet) { metaSheet.getRange(CACHE_META_CURSOR_CELL).setValue(2); } console.log("Cache wiped. Cursor reset to row 2."); }