From 1e165357b8e7df6f22c445f42df4e2dc142bb686 Mon Sep 17 00:00:00 2001 From: Abolfazl Date: Tue, 28 Apr 2026 22:46:42 +0330 Subject: [PATCH] feat: enhance error handling in batch processing & fix ip leaking --- apps_script/Code.gs | 80 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 17 deletions(-) diff --git a/apps_script/Code.gs b/apps_script/Code.gs index 8c2acec..f809adf 100644 --- a/apps_script/Code.gs +++ b/apps_script/Code.gs @@ -1,11 +1,6 @@ /** - * DomainFront Relay — Google Apps Script - * - * TWO modes: - * 1. Single: POST { k, m, u, h, b, ct, r } → { s, h, b } - * 2. Batch: POST { k, q: [{m,u,h,b,ct,r}, ...] } → { q: [{s,h,b}, ...] } - * Uses UrlFetchApp.fetchAll() — all URLs fetched IN PARALLEL. - * + * MasterHttpRelay — Google Apps Script + * * DEPLOYMENT: * 1. Go to https://script.google.com → New project * 2. Delete the default code, paste THIS entire file @@ -20,12 +15,20 @@ const AUTH_KEY = "CHANGE_ME_TO_A_STRONG_SECRET"; // Keep browser capability headers (sec-ch-ua*, sec-fetch-*) intact. // Some modern apps, notably Google Meet, use them for browser gating. +// Headers that reveal the user's real IP are also stripped here as a +// second line of defence (the Python client strips them first). const SKIP_HEADERS = { host: 1, connection: 1, "content-length": 1, "transfer-encoding": 1, "proxy-connection": 1, "proxy-authorization": 1, "priority": 1, te: 1, + // IP-leaking / proxy-metadata headers + "x-forwarded-for": 1, "x-forwarded-host": 1, "x-forwarded-proto": 1, + "x-forwarded-port": 1, "x-real-ip": 1, "forwarded": 1, "via": 1, }; +// If fetchAll fails, only retry methods that are safe to replay. +const SAFE_REPLAY_METHODS = { GET: 1, HEAD: 1, OPTIONS: 1 }; + function doPost(e) { try { var req = JSON.parse(e.postData.contents); @@ -56,37 +59,80 @@ function _doSingle(req) { function _doBatch(items) { var fetchArgs = []; + var fetchIndex = []; + var fetchMethods = []; var errorMap = {}; for (var i = 0; i < items.length; i++) { var item = items[i]; + if (!item || typeof item !== "object") { + errorMap[i] = "bad item"; + continue; + } if (!item.u || typeof item.u !== "string" || !item.u.match(/^https?:\/\//i)) { errorMap[i] = "bad url"; continue; } - var opts = _buildOpts(item); - opts.url = item.u; - fetchArgs.push({ _i: i, _o: opts }); + try { + var opts = _buildOpts(item); + opts.url = item.u; + fetchArgs.push(opts); + fetchIndex.push(i); + fetchMethods.push(String(item.m || "GET").toUpperCase()); + } catch (err) { + errorMap[i] = String(err); + } } // fetchAll() processes all requests in parallel inside Google var responses = []; if (fetchArgs.length > 0) { - responses = UrlFetchApp.fetchAll(fetchArgs.map(function(x) { return x._o; })); + try { + responses = UrlFetchApp.fetchAll(fetchArgs); + } catch (err) { + // If fetchAll fails as a whole, degrade to per-item fetch so one bad + // request does not poison the full batch. + responses = []; + for (var j = 0; j < fetchArgs.length; j++) { + try { + if (!SAFE_REPLAY_METHODS[fetchMethods[j]]) { + errorMap[fetchIndex[j]] = "batch fetchAll failed; unsafe method not replayed"; + responses[j] = null; + continue; + } + var fallbackReq = fetchArgs[j]; + var fallbackUrl = fallbackReq.url; + var fallbackOpts = {}; + for (var key in fallbackReq) { + if (Object.prototype.hasOwnProperty.call(fallbackReq, key) && key !== "url") { + fallbackOpts[key] = fallbackReq[key]; + } + } + responses[j] = UrlFetchApp.fetch(fallbackUrl, fallbackOpts); + } catch (singleErr) { + errorMap[fetchIndex[j]] = String(singleErr); + responses[j] = null; + } + } + } } var results = []; var rIdx = 0; for (var i = 0; i < items.length; i++) { - if (errorMap.hasOwnProperty(i)) { + if (Object.prototype.hasOwnProperty.call(errorMap, i)) { results.push({ e: errorMap[i] }); } else { var resp = responses[rIdx++]; - results.push({ - s: resp.getResponseCode(), - h: _respHeaders(resp), - b: Utilities.base64Encode(resp.getContent()), - }); + if (!resp) { + results.push({ e: "fetch failed" }); + } else { + results.push({ + s: resp.getResponseCode(), + h: _respHeaders(resp), + b: Utilities.base64Encode(resp.getContent()), + }); + } } } return _json({ q: results });