From 07325bb45186fae16a8f72ecf38ea264d040f0ca Mon Sep 17 00:00:00 2001 From: lapp Date: Wed, 6 May 2026 15:36:51 -0700 Subject: [PATCH] remove script/ --- script/Code.gs | 131 -------------------------- script/upstream_forwarder.js | 143 ---------------------------- script/worker.js | 178 ----------------------------------- 3 files changed, 452 deletions(-) delete mode 100644 script/Code.gs delete mode 100644 script/upstream_forwarder.js delete mode 100644 script/worker.js diff --git a/script/Code.gs b/script/Code.gs deleted file mode 100644 index f898805..0000000 --- a/script/Code.gs +++ /dev/null @@ -1,131 +0,0 @@ -// Google Apps Script File - -const AUTH_KEY = "STRONG_SECRET_KEY"; -const WORKER_URL = "https://example.workers.dev"; - -const SKIP_HEADERS = { - host: 1, connection: 1, "content-length": 1, - "transfer-encoding": 1, "proxy-connection": 1, "proxy-authorization": 1, -}; - -function doPost(e) { - try { - var req = JSON.parse(e.postData.contents); - if (req.k !== AUTH_KEY) return _json({ e: "unauthorized" }); - - if (Array.isArray(req.q)) return _doBatch(req.q); - return _doSingle(req); - - } catch (err) { - return _json({ e: String(err) }); - } -} - -function _doSingle(req) { - if (!req.u || typeof req.u !== "string" || !req.u.match(/^https?:\/\//i)) { - return _json({ e: "bad url" }); - } - - var payload = _buildWorkerPayload(req); - - var resp = UrlFetchApp.fetch(WORKER_URL, { - method: "post", - contentType: "application/json", - payload: JSON.stringify(payload), - muteHttpExceptions: true, - followRedirects: true - }); - - try { - return _json(JSON.parse(resp.getContentText())); - } catch (e) { - return _json({ e: "invalid worker response", raw: resp.getContentText() }); - } -} - -function _doBatch(items) { - var fetchArgs = []; - var errorMap = {}; - - for (var i = 0; i < items.length; i++) { - var item = items[i]; - - if (!item.u || typeof item.u !== "string" || !item.u.match(/^https?:\/\//i)) { - errorMap[i] = "bad url"; - continue; - } - - var payload = _buildWorkerPayload(item); - - fetchArgs.push({ - _i: i, - _o: { - url: WORKER_URL, - method: "post", - contentType: "application/json", - payload: JSON.stringify(payload), - muteHttpExceptions: true, - followRedirects: true - } - }); - } - - var responses = []; - if (fetchArgs.length > 0) { - responses = UrlFetchApp.fetchAll(fetchArgs.map(function(x) { return x._o; })); - } - - var results = []; - var rIdx = 0; - - for (var i = 0; i < items.length; i++) { - if (errorMap.hasOwnProperty(i)) { - results.push({ e: errorMap[i] }); - } else { - var resp = responses[rIdx++]; - try { - results.push(JSON.parse(resp.getContentText())); - } catch (e) { - results.push({ e: "invalid worker response", raw: resp.getContentText() }); - } - } - } - - return _json({ q: results }); -} - -function _buildWorkerPayload(req) { - var headers = {}; - - if (req.h && typeof req.h === "object") { - for (var k in req.h) { - if (req.h.hasOwnProperty(k) && !SKIP_HEADERS[k.toLowerCase()]) { - headers[k] = req.h[k]; - } - } - } - - return { - u: req.u, - m: (req.m || "GET").toUpperCase(), - h: headers, - b: req.b || null, - ct: req.ct || null, - r: req.r !== false - }; -} - -function doGet(e) { - return HtmlService.createHtmlOutput( - "My App" + - '' + - "

Relay Active

Cloudflare Worker routing enabled.

" + - "" - ); -} - -function _json(obj) { - return ContentService - .createTextOutput(JSON.stringify(obj)) - .setMimeType(ContentService.MimeType.JSON); -} diff --git a/script/upstream_forwarder.js b/script/upstream_forwarder.js deleted file mode 100644 index 80ff3a8..0000000 --- a/script/upstream_forwarder.js +++ /dev/null @@ -1,143 +0,0 @@ -// Upstream Forwarder — single-file Node 18+ HTTP server. -// -// Purpose: Provide a stable exit IP for the Cloudflare Worker relay so -// CAPTCHA tokens (Turnstile, reCAPTCHA, hCaptcha) bound to the solving -// IP survive verification on the target site. -// -// Run on a VPS with a stable public IP. Expose behind Caddy/nginx with -// TLS — the Worker rejects non-HTTPS forwarder URLs. -// -// Required env: -// AUTH_KEY — must match the Worker's UPSTREAM_AUTH_KEY (>= 32 chars) -// -// Optional env: -// PORT — listen port (default 8787) -// HOST — listen host (default 127.0.0.1, so Caddy/nginx fronts it) -// -// Wire protocol matches main/script/worker.js: -// POST /fwd body: { u, m, h, b, ct, r } → { s, h, b } or { e } - -"use strict"; - -const http = require("http"); - -const AUTH_KEY = process.env.AUTH_KEY || ""; -const PORT = parseInt(process.env.PORT, 10) || 8787; -const HOST = process.env.HOST || "127.0.0.1"; - -if (!AUTH_KEY || AUTH_KEY.length < 32) { - console.error("FATAL: AUTH_KEY env var missing or shorter than 32 chars."); - process.exit(1); -} - -// Mirrors SKIP_HEADERS in main/script/Code.gs:6-9. -const SKIP_HEADERS = new Set([ - "host", - "connection", - "content-length", - "transfer-encoding", - "proxy-connection", - "proxy-authorization" -]); - -const STATUS_PAGE = - "Forwarder Active" + - '' + - '

Forwarder Active

' + - "

Upstream forwarder for the relay Worker.

" + - ""; - -const server = http.createServer(async (req, res) => { - try { - if (req.method === "GET" && (req.url === "/" || req.url === "")) { - res.writeHead(200, { "content-type": "text/html; charset=utf-8" }); - res.end(STATUS_PAGE); - return; - } - - if (req.method !== "POST" || req.url !== "/fwd") { - sendJson(res, 404, { e: "not found" }); - return; - } - - if (req.headers["x-upstream-auth"] !== AUTH_KEY) { - sendJson(res, 401, { e: "unauthorized" }); - return; - } - - const raw = await readBody(req); - let body; - try { - body = JSON.parse(raw); - } catch (_) { - sendJson(res, 400, { e: "invalid json" }); - return; - } - - if (!body.u || typeof body.u !== "string" || !/^https?:\/\//i.test(body.u)) { - sendJson(res, 400, { e: "bad url" }); - return; - } - - const headers = {}; - if (body.h && typeof body.h === "object") { - for (const [k, v] of Object.entries(body.h)) { - if (typeof v !== "string") continue; - if (SKIP_HEADERS.has(k.toLowerCase())) continue; - headers[k] = v; - } - } - headers["x-fwd-hop"] = "1"; - - const fetchOptions = { - method: (body.m || "GET").toUpperCase(), - headers, - redirect: body.r === false ? "manual" : "follow" - }; - - if (body.b) { - fetchOptions.body = Buffer.from(body.b, "base64"); - } - - let resp; - try { - resp = await fetch(body.u, fetchOptions); - } catch (err) { - sendJson(res, 502, { e: "fetch failed: " + String(err && err.message || err) }); - return; - } - - const buf = Buffer.from(await resp.arrayBuffer()); - const responseHeaders = {}; - resp.headers.forEach((v, k) => { - responseHeaders[k] = v; - }); - - sendJson(res, 200, { - s: resp.status, - h: responseHeaders, - b: buf.toString("base64") - }); - } catch (err) { - sendJson(res, 500, { e: String(err && err.message || err) }); - } -}); - -server.listen(PORT, HOST, () => { - console.log("upstream_forwarder listening on " + HOST + ":" + PORT); -}); - -function readBody(req) { - return new Promise((resolve, reject) => { - const chunks = []; - req.on("data", c => chunks.push(c)); - req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8"))); - req.on("error", reject); - }); -} - -function sendJson(res, status, obj) { - const body = JSON.stringify(obj); - res.writeHead(status, { "content-type": "application/json" }); - res.end(body); -} diff --git a/script/worker.js b/script/worker.js deleted file mode 100644 index 5f64959..0000000 --- a/script/worker.js +++ /dev/null @@ -1,178 +0,0 @@ -// Cloudflare Worker File - v2.0 - -const WORKER_URL = "myworker.workers.dev"; - -const DEFAULT_UPSTREAM_TIMEOUT_MS = 25000; - -export default { - async fetch(request, env) { - try { - const hop = request.headers.get("x-relay-hop"); - const fwdHop = request.headers.get("x-fwd-hop"); - if (hop === "1" || fwdHop === "1") { - return json({ e: "loop detected" }, 508); - } - - if (request.method == "GET") { - return json({ e: "Relay is Active." }, 200); - } - - if (request.method !== "POST") { - return json({ e: "Method not allowed." }, 405); - } - - const req = await request.json(); - - if (!req.u) { - return json({ e: "missing url" }, 400); - } - - const targetUrl = new URL(req.u); - - const BLOCKED_HOSTS = [ - WORKER_URL, - ]; - - if (BLOCKED_HOSTS.some(h => targetUrl.hostname.endsWith(h))) { - return json({ e: "self-fetch blocked" }, 400); - } - - const upstreamUrl = (env && env.UPSTREAM_FORWARDER_URL) || ""; - if (upstreamUrl) { - const upstreamResp = await forwardViaUpstream(req, env, upstreamUrl); - if (upstreamResp) return upstreamResp; - // fall through to direct fetch only when fail-mode is open - } - - const headers = new Headers(); - if (req.h && typeof req.h === "object") { - for (const [k, v] of Object.entries(req.h)) { - headers.set(k, v); - } - } - - headers.set("x-relay-hop", "1"); - - const fetchOptions = { - method: (req.m || "GET").toUpperCase(), - headers, - redirect: req.r === false ? "manual" : "follow" - }; - - if (req.b) { - const binary = Uint8Array.from(atob(req.b), c => c.charCodeAt(0)); - fetchOptions.body = binary; - } - - const resp = await fetch(targetUrl.toString(), fetchOptions); - - // Read response safely (no stack overflow) - const buffer = await resp.arrayBuffer(); - const uint8 = new Uint8Array(buffer); - - let binary = ""; - const chunkSize = 0x8000; // prevent call stack overflow - - for (let i = 0; i < uint8.length; i += chunkSize) { - binary += String.fromCharCode.apply( - null, - uint8.subarray(i, i + chunkSize) - ); - } - - const base64 = btoa(binary); - - const responseHeaders = {}; - resp.headers.forEach((v, k) => { - responseHeaders[k] = v; - }); - - return json({ - s: resp.status, - h: responseHeaders, - b: base64 - }); - - } catch (err) { - return json({ e: String(err) }, 500); - } - } -}; - -async function forwardViaUpstream(req, env, upstreamUrl) { - const failMode = (env.UPSTREAM_FAIL_MODE || "closed").toLowerCase(); - const timeoutMs = parseInt(env.UPSTREAM_TIMEOUT_MS, 10) || DEFAULT_UPSTREAM_TIMEOUT_MS; - const authKey = env.UPSTREAM_AUTH_KEY || ""; - - let parsed; - try { - parsed = new URL(upstreamUrl); - } catch (_) { - return upstreamFailure("invalid UPSTREAM_FORWARDER_URL", failMode); - } - if (parsed.protocol !== "https:") { - return upstreamFailure("UPSTREAM_FORWARDER_URL must be https://", failMode); - } - if (parsed.hostname.endsWith(WORKER_URL)) { - return upstreamFailure("self-forward blocked", failMode); - } - if (!authKey) { - return upstreamFailure("UPSTREAM_AUTH_KEY missing", failMode); - } - - const payload = { - u: req.u, - m: req.m, - h: req.h, - b: req.b, - ct: req.ct, - r: req.r - }; - - const controller = new AbortController(); - const timer = setTimeout(() => controller.abort(), timeoutMs); - - try { - const resp = await fetch(upstreamUrl, { - method: "POST", - headers: { - "content-type": "application/json", - "x-upstream-auth": authKey - }, - body: JSON.stringify(payload), - signal: controller.signal - }); - - if (!resp.ok) { - return upstreamFailure("forwarder status " + resp.status, failMode); - } - - // Pass body straight through without parsing — saves CPU and memory. - const body = await resp.text(); - return new Response(body, { - status: 200, - headers: { "content-type": "application/json" } - }); - } catch (err) { - return upstreamFailure(String(err && err.message || err), failMode); - } finally { - clearTimeout(timer); - } -} - -function upstreamFailure(reason, failMode) { - if (failMode === "open") { - console.warn("upstream forwarder failed (falling back to direct):", reason); - return null; // signals caller to fall through to direct fetch - } - return json({ e: "upstream forwarder failed: " + reason }, 502); -} - -function json(obj, status = 200) { - return new Response(JSON.stringify(obj), { - status, - headers: { - "content-type": "application/json" - } - }); -}