From c935b8729392455bb727e5da7d21c4717f932719 Mon Sep 17 00:00:00 2001 From: denuitt1 Date: Sun, 10 May 2026 12:33:23 -0700 Subject: [PATCH] Revert "feat(forwarder): scope upstream forwarder via forwarder_hosts config" --- README.md | 13 ---------- README_FA.md | 13 ---------- config.example.json | 1 - deploy/cloudflare-worker/worker.js | 4 +--- deploy/gas/Code.gs | 4 +--- src/domain_fronter.py | 38 ------------------------------ 6 files changed, 2 insertions(+), 71 deletions(-) diff --git a/README.md b/README.md index 07956c4..59df19b 100644 --- a/README.md +++ b/README.md @@ -179,19 +179,6 @@ Browse `https://httpbin.org/ip` through the proxy — you should see the **VPS's > The forwarder must require auth. Without `AUTH_KEY` it refuses to start. Anyone with the URL and key can use it as a relay, so keep both secret. -### 4. Scope the forwarder to specific hosts (optional) - -By default every request the Worker handles routes through the forwarder, so unrelated traffic also burns VPS bandwidth. To send only the sites that need a stable exit IP through the VPS, list them in `forwarder_hosts` in `config.json` — same syntax as `bypass_hosts` (exact hostname or `.suffix`). Anything not matched falls back to direct `fetch()` on the Worker. - -```json -"forwarder_hosts": [ - "example.com", - ".cf-protected-suffix" -] -``` - -Leave the list empty (or remove the key) to keep the historical "forward everything" behavior. - --- ## Disclaimer diff --git a/README_FA.md b/README_FA.md index 33b87d8..f98f5ef 100644 --- a/README_FA.md +++ b/README_FA.md @@ -519,19 +519,6 @@ curl -X POST https://forwarder.example.com/fwd \ > forwarder بدون `AUTH_KEY` راه‌اندازی نمی‌شود. هر کسی که آدرس و کلید را داشته باشد می‌تواند از آن به‌عنوان رله استفاده کند، بنابراین هر دو را محرمانه نگه دارید. -### ۴. محدود کردن forwarder به میزبان‌های خاص (اختیاری) - -به‌صورت پیش‌فرض همهٔ درخواست‌هایی که Worker پردازش می‌کند از طریق forwarder عبور می‌کنند، در نتیجه ترافیک غیرمرتبط هم پهنای باند VPS را مصرف می‌کند. اگر فقط می‌خواهید سایت‌هایی که به IP خروجی پایدار نیاز دارند از مسیر VPS رد شوند، آن‌ها را در `forwarder_hosts` در `config.json` فهرست کنید — همان نحو `bypass_hosts` (نام دقیق دامنه یا الگوی `.suffix`). هر چه با این لیست تطبیق نخورد، روی Worker با `fetch()` مستقیم ارسال می‌شود. - -```json -"forwarder_hosts": [ - "example.com", - ".cf-protected-suffix" -] -``` - -اگر این لیست خالی باشد (یا کلید را حذف کنید)، رفتار قبلی یعنی «forward همه» حفظ می‌شود. - --- ## تنظیمات پیشرفته config.json diff --git a/config.example.json b/config.example.json index 0b2b1c4..3714eca 100644 --- a/config.example.json +++ b/config.example.json @@ -60,7 +60,6 @@ ".lan", ".home.arpa" ], - "forwarder_hosts": [], "direct_google_exclude": [ "gemini.google.com", "aistudio.google.com", diff --git a/deploy/cloudflare-worker/worker.js b/deploy/cloudflare-worker/worker.js index 2f25b30..85449c8 100644 --- a/deploy/cloudflare-worker/worker.js +++ b/deploy/cloudflare-worker/worker.js @@ -38,9 +38,7 @@ export default { } const upstreamUrl = (env && env.UPSTREAM_FORWARDER_URL) || ""; - // f === 1: forward; f === 0: skip; missing: legacy client → forward (compat). - const wantForward = (req.f === 1) || (req.f === undefined); - if (upstreamUrl && wantForward) { + if (upstreamUrl) { const upstreamResp = await forwardViaUpstream(req, env, upstreamUrl); if (upstreamResp) return upstreamResp; // fall through to direct fetch only when fail-mode is open diff --git a/deploy/gas/Code.gs b/deploy/gas/Code.gs index 894c571..96edc3c 100644 --- a/deploy/gas/Code.gs +++ b/deploy/gas/Code.gs @@ -105,7 +105,7 @@ function _buildWorkerPayload(req) { } } - var out = { + return { u: req.u, m: (req.m || "GET").toUpperCase(), h: headers, @@ -113,8 +113,6 @@ function _buildWorkerPayload(req) { ct: req.ct || null, r: req.r !== false }; - if (typeof req.f === "number") out.f = req.f; - return out; } function doGet(e) { diff --git a/src/domain_fronter.py b/src/domain_fronter.py index c27954c..d59a738 100644 --- a/src/domain_fronter.py +++ b/src/domain_fronter.py @@ -150,10 +150,6 @@ class DomainFronter: minimum=1024, ) - self._forwarder_hosts = self._load_host_rules( - config.get("forwarder_hosts", []) - ) - # Connection pool — TTL-based, pre-warmed, with concurrency control self._pool: list[tuple[asyncio.StreamReader, asyncio.StreamWriter, float]] = [] self._pool_lock = asyncio.Lock() @@ -228,33 +224,6 @@ class DomainFronter: value = default return max(minimum, value) - @staticmethod - def _load_host_rules(raw) -> tuple[set[str], tuple[str, ...]]: - """Parse host strings into (exact_set, suffix_tuple). Mirrors ProxyServer._load_host_rules.""" - exact: set[str] = set() - suffixes: list[str] = [] - for item in raw or []: - h = str(item).strip().lower().rstrip(".") - if not h: - continue - if h.startswith("."): - suffixes.append(h) - else: - exact.add(h) - return exact, tuple(suffixes) - - @staticmethod - def _host_matches_rules(host: str, - rules: tuple[set[str], tuple[str, ...]]) -> bool: - exact, suffixes = rules - h = host.lower().rstrip(".") - if h in exact: - return True - for s in suffixes: - if h.endswith(s): - return True - return False - def _ssl_ctx(self) -> ssl.SSLContext: ctx = ssl.create_default_context() if certifi is not None: @@ -1546,13 +1515,6 @@ class DomainFronter: ct = headers.get("Content-Type") or headers.get("content-type") if ct: payload["ct"] = ct - # Only emit 'f' when scoped; Worker treats missing 'f' as forward (legacy compat). - exact, suffixes = self._forwarder_hosts - if exact or suffixes: - host = urlparse(url).hostname or "" - payload["f"] = 1 if self._host_matches_rules( - host, self._forwarder_hosts - ) else 0 return payload @classmethod