aheh/MasterHttpRelayVPN
1
0
Fork 0
mirror of https://github.com/masterking32/MasterHttpRelayVPN.git synced 2026-05-17 21:24:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance logging by masking Apps Script deployment IDs for security

Browse Source
This commit is contained in:
Abolfazl
2026-05-05 08:04:11 +03:30
parent 01e28f50bb
commit 0169c81b73
3 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config.example.json
+5
View File
@@ -1,6 +1,11 @@
{ {
"google_ip": "216.239.38.120", "google_ip": "216.239.38.120",
"front_domain": "www.google.com", "front_domain": "www.google.com",
"front_domains": [
"www.google.com",
"mail.google.com",
"accounts.google.com"
],
"script_id": "YOUR_APPS_SCRIPT_DEPLOYMENT_ID", "script_id": "YOUR_APPS_SCRIPT_DEPLOYMENT_ID",
"auth_key": "CHANGE_ME_TO_A_STRONG_SECRET", "auth_key": "CHANGE_ME_TO_A_STRONG_SECRET",
"listen_host": "127.0.0.1", "listen_host": "127.0.0.1",
main.py
+6 -2
View File
@@ -245,9 +245,13 @@ def main():
if isinstance(script_ids, list): if isinstance(script_ids, list):
log.info("Script IDs : %d scripts (sticky per-host)", len(script_ids)) log.info("Script IDs : %d scripts (sticky per-host)", len(script_ids))
for i, sid in enumerate(script_ids): for i, sid in enumerate(script_ids):
log.info(" [%d] %s", i + 1, sid) _s = str(sid)
masked = f"{_s[:6]}{_s[-4:]}" if len(_s) > 12 else _s
log.info(" [%d] %s", i + 1, masked)
else: else:
log.info("Script ID : %s", script_ids) _s = str(script_ids) if script_ids else "(none)"
masked = f"{_s[:6]}{_s[-4:]}" if len(_s) > 12 else _s
log.info("Script ID : %s", masked)
# Ensure CA file exists before checking / installing it. # Ensure CA file exists before checking / installing it.
# MITMCertManager generates ca/ca.crt on first instantiation. # MITMCertManager generates ca/ca.crt on first instantiation.
src/relay/domain_fronter.py
+17 -2
View File
@@ -73,6 +73,21 @@ from .http_reader import read_http_response
log = logging.getLogger("Fronter") log = logging.getLogger("Fronter")
def _mask_sid(sid: str) -> str:
"""Return a safe display form of an Apps Script deployment ID.
Full deployment IDs look like ``AKfycbwLd8Ca2BIsMWs5uN3x7...``
and should never appear in log files or screenshots that users might
share in issue reports. Show only the first 6 and last 4 characters
so it's identifiable but not usable to hijack the deployment:
AKfycb…5dGE
"""
if not sid or len(sid) <= 12:
return sid or "(none)"
return f"{sid[:6]}\u2026{sid[-4:]}"
class DomainFronter: class DomainFronter:
_STATIC_EXTS = STATIC_EXTS _STATIC_EXTS = STATIC_EXTS
_H2_FAILURE_COOLDOWN = 60.0 _H2_FAILURE_COOLDOWN = 60.0
@@ -576,7 +591,7 @@ class DomainFronter:
return # Nothing to fall back to — blacklist would be pointless. return # Nothing to fall back to — blacklist would be pointless.
self._sid_blacklist[sid] = time.time() + self._blacklist_ttl self._sid_blacklist[sid] = time.time() + self._blacklist_ttl
log.warning("Blacklisted script %s for %ds%s", log.warning("Blacklisted script %s for %ds%s",
sid[-8:] if len(sid) > 8 else sid, _mask_sid(sid),
int(self._blacklist_ttl), int(self._blacklist_ttl),
f" ({reason})" if reason else "") f" ({reason})" if reason else "")
@@ -763,7 +778,7 @@ class DomainFronter:
) )
if snap["blacklisted_scripts"]: if snap["blacklisted_scripts"]:
log.debug(" blacklisted scripts: %s", log.debug(" blacklisted scripts: %s",
", ".join(f"{b['sid']} ({b['expires_in_s']}s)" ", ".join(f"{_mask_sid(b['sid'])} ({b['expires_in_s']}s)"
for b in snap["blacklisted_scripts"])) for b in snap["blacklisted_scripts"]))
except asyncio.CancelledError: except asyncio.CancelledError:
break break