chore: remove manual Cloudflare Worker proxy setup and source file
Browse files- README.md +0 -8
- cloudflare-worker.js +0 -103
README.md
CHANGED
|
@@ -101,14 +101,6 @@ This is the easiest way. Hugging8n will handle the deployment for you.
|
|
| 101 |
- It generates a secure, private `CLOUDFLARE_PROXY_SECRET`.
|
| 102 |
- All restricted outbound traffic is automatically routed through this Worker.
|
| 103 |
|
| 104 |
-
### 🛠️ Manual Setup
|
| 105 |
-
|
| 106 |
-
If you prefer to manage the Worker yourself:
|
| 107 |
-
|
| 108 |
-
1. Create a new Cloudflare Worker.
|
| 109 |
-
2. Paste the code from [cloudflare-worker.js](./cloudflare-worker.js) and deploy.
|
| 110 |
-
3. Add the Worker URL to your Space as `CLOUDFLARE_PROXY_URL`.
|
| 111 |
-
4. (Optional) Set a `CLOUDFLARE_PROXY_SECRET` in both the Worker (as a variable) and the Space (as a secret).
|
| 112 |
|
| 113 |
## 💾 Persistent Backup
|
| 114 |
|
|
|
|
| 101 |
- It generates a secure, private `CLOUDFLARE_PROXY_SECRET`.
|
| 102 |
- All restricted outbound traffic is automatically routed through this Worker.
|
| 103 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 104 |
|
| 105 |
## 💾 Persistent Backup
|
| 106 |
|
cloudflare-worker.js
DELETED
|
@@ -1,103 +0,0 @@
|
|
| 1 |
-
/**
|
| 2 |
-
* Cloudflare Worker: Universal Outbound Proxy
|
| 3 |
-
*
|
| 4 |
-
* Manual setup:
|
| 5 |
-
* 1. Create a Cloudflare Worker.
|
| 6 |
-
* 2. Paste this file and deploy it.
|
| 7 |
-
* 3. Use the worker URL as CLOUDFLARE_PROXY_URL.
|
| 8 |
-
*
|
| 9 |
-
* Optional worker vars:
|
| 10 |
-
* - PROXY_SHARED_SECRET
|
| 11 |
-
* - ALLOWED_TARGETS
|
| 12 |
-
* - ALLOW_PROXY_ALL
|
| 13 |
-
*/
|
| 14 |
-
|
| 15 |
-
function normalizeList(raw) {
|
| 16 |
-
return String(raw || "")
|
| 17 |
-
.split(",")
|
| 18 |
-
.map((value) => value.trim().toLowerCase())
|
| 19 |
-
.filter(Boolean);
|
| 20 |
-
}
|
| 21 |
-
|
| 22 |
-
export default {
|
| 23 |
-
async fetch(request, env) {
|
| 24 |
-
const url = new URL(request.url);
|
| 25 |
-
const queryTarget = url.searchParams.get("proxy_target");
|
| 26 |
-
const targetHost = request.headers.get("x-target-host") || queryTarget;
|
| 27 |
-
const proxySecret = (
|
| 28 |
-
env.PROXY_SHARED_SECRET ||
|
| 29 |
-
env.CLOUDFLARE_PROXY_SECRET ||
|
| 30 |
-
""
|
| 31 |
-
).trim();
|
| 32 |
-
|
| 33 |
-
if (proxySecret) {
|
| 34 |
-
const providedSecret = request.headers.get("x-proxy-key") || url.searchParams.get("proxy_key") || "";
|
| 35 |
-
if (providedSecret !== proxySecret) {
|
| 36 |
-
// Fallback: allow Telegram requests via path without secret if it looks like a bot API call.
|
| 37 |
-
// This is safe because it only proxies to api.telegram.org.
|
| 38 |
-
if (url.pathname.startsWith("/bot") && !targetHost) {
|
| 39 |
-
// Allowed
|
| 40 |
-
} else {
|
| 41 |
-
return new Response("Unauthorized: Invalid proxy key", { status: 401 });
|
| 42 |
-
}
|
| 43 |
-
}
|
| 44 |
-
}
|
| 45 |
-
|
| 46 |
-
const allowProxyAll =
|
| 47 |
-
String(env.ALLOW_PROXY_ALL || "true").toLowerCase() === "true";
|
| 48 |
-
const allowedTargets = normalizeList(
|
| 49 |
-
env.ALLOWED_TARGETS || "api.telegram.org,discord.com,discordapp.com,gateway.discord.gg,status.discord.com,web.whatsapp.com,graph.facebook.com,googleapis.com,google.com,googleusercontent.com,gstatic.com",
|
| 50 |
-
);
|
| 51 |
-
|
| 52 |
-
const isAllowedHost = (hostname) => {
|
| 53 |
-
const normalized = String(hostname || "")
|
| 54 |
-
.trim()
|
| 55 |
-
.toLowerCase();
|
| 56 |
-
if (!normalized) return false;
|
| 57 |
-
if (allowProxyAll) return true;
|
| 58 |
-
return allowedTargets.some(
|
| 59 |
-
(domain) => normalized === domain || normalized.endsWith(`.${domain}`),
|
| 60 |
-
);
|
| 61 |
-
};
|
| 62 |
-
|
| 63 |
-
let targetBase = "";
|
| 64 |
-
if (targetHost) {
|
| 65 |
-
if (!isAllowedHost(targetHost)) {
|
| 66 |
-
return new Response(`Forbidden: Host ${targetHost} is not allowed.`, { status: 403 });
|
| 67 |
-
}
|
| 68 |
-
targetBase = `https://${targetHost}`;
|
| 69 |
-
} else if (url.pathname.startsWith("/bot")) {
|
| 70 |
-
targetBase = "https://api.telegram.org";
|
| 71 |
-
} else {
|
| 72 |
-
return new Response("Invalid request: No target host provided.", { status: 400 });
|
| 73 |
-
}
|
| 74 |
-
|
| 75 |
-
const cleanSearch = new URLSearchParams(url.search);
|
| 76 |
-
cleanSearch.delete("proxy_target");
|
| 77 |
-
cleanSearch.delete("proxy_key");
|
| 78 |
-
const searchStr = cleanSearch.toString();
|
| 79 |
-
const targetUrl = targetBase + url.pathname + (searchStr ? `?${searchStr}` : "");
|
| 80 |
-
|
| 81 |
-
const headers = new Headers(request.headers);
|
| 82 |
-
headers.delete("cf-connecting-ip");
|
| 83 |
-
headers.delete("cf-ray");
|
| 84 |
-
headers.delete("cf-visitor");
|
| 85 |
-
headers.delete("host");
|
| 86 |
-
headers.delete("x-real-ip");
|
| 87 |
-
headers.delete("x-target-host");
|
| 88 |
-
headers.delete("x-proxy-key");
|
| 89 |
-
|
| 90 |
-
const proxiedRequest = new Request(targetUrl, {
|
| 91 |
-
method: request.method,
|
| 92 |
-
headers,
|
| 93 |
-
body: request.body,
|
| 94 |
-
redirect: "follow",
|
| 95 |
-
});
|
| 96 |
-
|
| 97 |
-
try {
|
| 98 |
-
return await fetch(proxiedRequest);
|
| 99 |
-
} catch (error) {
|
| 100 |
-
return new Response(`Proxy Error: ${error.message}`, { status: 502 });
|
| 101 |
-
}
|
| 102 |
-
},
|
| 103 |
-
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|