反代github解决gitalk网络问题
gitalk网络问题的根源是gitalk基于github仓库进行评论记录和展示,如果无法访问到github的地址就没办法使用gitalk评论。
0x1 反代github
秉着少花钱甚至不花钱的基本原则,解决方法的原理就是使用cloudflare的workers对github进行代理,但是默认的workers.dev域名已经被墙,所以还需要申请一个免费的域名,然后再cloudflare上托管,再配置域名访问workers服务。
1 注册免费域名
参考:https://www.youtube.com/watch?v=mC8H4Y05ccM
域名申请:https://www.freenom.com/
当前ip查询:https://www.ipaddress.com/
美国身份证生成:https://www.meiguodizhi.com/
cloudflare:https://www.cloudflare.com/zh-cn/
美国节点,最好是原生相对干净的节点,全局模式或者浏览器全局代理,这里不过多解释,浏览器无痕模式,先打开当前ip查询一下自己ip的城市(挂代理下的美国ip),然后根据ip的城市在美国身份证生成网址生成美国身份信息,然后去申请免费域名,输入域名之后会让填邮箱验证,建议使用gmail邮箱,同样在全局代理下,去邮箱打开freenom邮件的链接,会让填写信息,照着生成的美国身份填就行,手机号记得把“-”去掉再输入。
然后在自己的domain中将dns服务器修改为clouflare的域名服务器,然后在cloudflare里面接管一下,不知道的可以在网上搜索一下·,挺简单的。
2 创建反代workers
参考:https://www.j000e.com/cloudflare/cfworkers_reverse_proxy.html
这里直接丢workers的代码,我这里是反代的api.github.com。
// Website you intended to retrieve for users.
const upstream = 'api.github.com'
// Custom pathname for the upstream website.
const upstream_path = '/'
// Website you intended to retrieve for users using mobile devices.
const upstream_mobile = 'api.github.com'
// Countries and regions where you wish to suspend your service.
const blocked_region = []
// IP addresses which you wish to block from using your service.
const blocked_ip_address = ['0.0.0.0', '127.0.0.1']
// Whether to use HTTPS protocol for upstream address.
const https = true
// Whether to disable cache.
const disable_cache = true
// Replace texts.
const replace_dict = {
'$upstream': '$custom_domain',
}
addEventListener('fetch', event => {
event.respondWith(fetchAndApply(event.request));
})
async function fetchAndApply(request) {
const region = request.headers.get('cf-ipcountry').toUpperCase();
const ip_address = request.headers.get('cf-connecting-ip');
const user_agent = request.headers.get('user-agent');
let response = null;
let url = new URL(request.url);
let url_hostname = url.hostname;
if (https == true) {
url.protocol = 'https:';
} else {
url.protocol = 'http:';
}
if (await device_status(user_agent)) {
var upstream_domain = upstream;
} else {
var upstream_domain = upstream_mobile;
}
url.host = upstream_domain;
if (url.pathname == '/') {
url.pathname = upstream_path;
} else {
url.pathname = upstream_path + url.pathname;
}
if (blocked_region.includes(region)) {
response = new Response('Access denied: WorkersProxy is not available in your region yet.', {
status: 403
});
} else if (blocked_ip_address.includes(ip_address)) {
response = new Response('Access denied: Your IP address is blocked by WorkersProxy.', {
status: 403
});
} else {
let method = request.method;
let request_headers = request.headers;
let new_request_headers = new Headers(request_headers);
let body = request.body
new_request_headers.set('Host', upstream_domain);
new_request_headers.set('Referer', url.protocol + '//' + url_hostname);
let original_response = await fetch(url.href, {
method: method,
headers: new_request_headers,
body: body
})
connection_upgrade = new_request_headers.get("Upgrade");
if (connection_upgrade && connection_upgrade.toLowerCase() == "websocket") {
return original_response;
}
let original_response_clone = original_response.clone();
let original_text = null;
let response_headers = original_response.headers;
let new_response_headers = new Headers(response_headers);
let status = original_response.status;
if (disable_cache) {
new_response_headers.set('Cache-Control', 'no-store');
}
new_response_headers.set('access-control-allow-origin', '*');
new_response_headers.set('access-control-allow-credentials', true);
new_response_headers.delete('content-security-policy');
new_response_headers.delete('content-security-policy-report-only');
new_response_headers.delete('clear-site-data');
if (new_response_headers.get("x-pjax-url")) {
new_response_headers.set("x-pjax-url", response_headers.get("x-pjax-url").replace("//" + upstream_domain, "//" + url_hostname));
}
const content_type = new_response_headers.get('content-type');
if (content_type != null && content_type.includes('text/html') && content_type.includes('UTF-8')) {
original_text = await replace_response_text(original_response_clone, upstream_domain, url_hostname);
} else {
original_text = original_response_clone.body
}
response = new Response(original_text, {
status,
headers: new_response_headers
})
}
return response;
}
async function replace_response_text(response, upstream_domain, host_name) {
let text = await response.text()
var i, j;
for (i in replace_dict) {
j = replace_dict[i]
if (i == '$upstream') {
i = upstream_domain
} else if (i == '$custom_domain') {
i = host_name
}
if (j == '$upstream') {
j = upstream_domain
} else if (j == '$custom_domain') {
j = host_name
}
let re = new RegExp(i, 'g')
text = text.replace(re, j);
}
return text;
}
async function device_status(user_agent_info) {
var agents = ["Android", "iPhone", "SymbianOS", "Windows Phone", "iPad", "iPod"];
var flag = true;
for (var v = 0; v < agents.length; v++) {
if (user_agent_info.indexOf(agents[v]) > 0) {
flag = false;
break;
}
}
return flag;
}
3 域名指向workers
在workers的配置页面有个触发器,可以设置自定义域名,但是要求必须是当前cloudflare账户托管的域名才行。
0x02 魔改gitalk
魔改的方法很多种,最简单的就是将gitalk的js文件中的api.github.com改成自己的workers域名,另一种方法就是在页面上增加ajax-hook,自定义规则将api.github.com的请求域名改成自己的workers域名,这样以后更新gitalk或者使用cdn加载时,不用动js文件,下面是简单的代码示例。
ajax-hook: https://github.com/wendux/ajax-hook
<script src="https://unpkg.com/[email protected]/dist/ajaxhook.min.js"></script>
<script>
ah.proxy({
onRequest: (config,handler) => {
let api = '自己的反代workers域名';
config.url = config.url.replace("api.github.com", api);
handler.next(config);
}
});
</script>