Open ghostWindows-files opened 1 month ago
Thanks for opening your first issue here! Be sure to follow the issue template!
你的代理链接是不是使用的默认的cloudflare
配置的域名?
你的代理链接是不是使用的默认的配置的域名?
cloudflare
我用cloudflare pages+绑定自定义域名
+1,我按照官方教程搭建cloudflare workers,然后添加下载代理,下载时就会提示{"error_code":31211, "error_msg":"access denied"}
WEBDAV策略改成302或者代理URL或者本地代理都一样
翻墙就可以正常下载。
:joy_cat: 可能确实出bug了.....
+1,我按照官方教程搭建cloudflare workers,然后添加下载代理,下载时就会提示{"error_code":31211, "error_msg":"access denied"}
WEBDAV策略改成302或者代理URL或者本地代理都一样 翻墙就可以正常下载。
我有一个临时的解决方案:就是再次用新worker代理原本翻墙才能下载的那个worker这样就可以正常下载,二次代理worker脚本:https://github.com/weaigc/bingo/blob/main/cloudflare/worker.js
😹 可能确实出bug了.....
Alist worker代理的时候会不会把ip位置检测的代码一起代理了😱
+1,我按照官方教程搭建cloudflare workers,然后添加下载代理,下载时就会提示{"error_code":31211, "error_msg":"access denied"}
WEBDAV策略改成302或者代理URL或者本地代理都一样 翻墙就可以正常下载。
我有一个临时的解决方案:就是再次用新worker代理原本翻墙才能下载的那个worker这样就可以正常下载,二次代理worker脚本:https://github.com/weaigc/bingo/blob/main/cloudflare/worker.js
请问alist下载代理URL填新worker的域名吗,我只显示一个Hello world
+1,我按照官方教程搭建cloudflare workers,然后添加下载代理,下载时就会提示{"error_code":31211, "error_msg":"access denied"}
WEBDAV策略改成302或者代理URL或者本地代理都一样 翻墙就可以正常下载。
我有一个临时的解决方案:就是再次用新worker代理原本翻墙才能下载的那个worker这样就可以正常下载,二次代理worker脚本:https://github.com/weaigc/bingo/blob/main/cloudflare/worker.js
请问alist下载代理URL填新worker的域名吗,我只显示一个Hello world
需要将 https://github.com/weaigc/bingo/blob/main/cloudflare/worker.js 中的代码填写到二次代理的worker编辑器中
Terabox检测了请求头是否为国内,是的话则拦截请求,我们可以伪造请求头来绕过(2024.6.17通过)
// 伪造地区头
request.headers.set("Accept-Language", "en-US,en;q=0.9");
// 伪造IP头
request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址
request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址
修改后的handleDownload
函数如下:
async function handleDownload(request) {
const origin = request.headers.get("origin") ?? "*";
const url = new URL(request.url);
const path = decodeURIComponent(url.pathname);
const sign = url.searchParams.get("sign") ?? "";
const verifyResult = await verify(path, sign);
if (verifyResult !== "") {
const resp2 = new Response(
JSON.stringify({
code: 401,
message: verifyResult
}),
{
headers: {
"content-type": "application/json;charset=UTF-8"
}
}
);
resp2.headers.set("Access-Control-Allow-Origin", origin);
return resp2;
}
let resp = await fetch(`${ADDRESS}/api/fs/link`, {
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
Authorization: TOKEN
},
body: JSON.stringify({
path
})
});
let res = await resp.json();
if (res.code !== 200) {
return new Response(JSON.stringify(res));
}
request = new Request(res.data.url, request);
if (res.data.header) {
for (const k in res.data.header) {
for (const v of res.data.header[k]) {
request.headers.set(k, v);
}
}
}
// 伪造地区头
request.headers.set("Accept-Language", "en-US,en;q=0.9");
// 伪造IP头
request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址
request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址
let response = await fetch(request);
while (response.status >= 300 && response.status < 400) {
const location = response.headers.get("Location");
if (location) {
if (location.startsWith(`${WORKER_ADDRESS}/`)) {
request = new Request(location, request);
return await handleRequest(request);
} else {
request = new Request(location, request);
response = await fetch(request);
}
} else {
break;
}
}
response = new Response(response.body, response);
response.headers.delete("set-cookie");
response.headers.set("Access-Control-Allow-Origin", origin);
response.headers.append("Vary", "Origin");
return response;
}
Terabox检测了请求头是否为国内,是的话则拦截请求,我们可以伪造请求头来绕过(2024.6.17通过)
// 伪造地区头 request.headers.set("Accept-Language", "en-US,en;q=0.9"); // 伪造IP头 request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址 request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址
修改后的
handleDownload
函数如下:async function handleDownload(request) { const origin = request.headers.get("origin") ?? "*"; const url = new URL(request.url); const path = decodeURIComponent(url.pathname); const sign = url.searchParams.get("sign") ?? ""; const verifyResult = await verify(path, sign); if (verifyResult !== "") { const resp2 = new Response( JSON.stringify({ code: 401, message: verifyResult }), { headers: { "content-type": "application/json;charset=UTF-8" } } ); resp2.headers.set("Access-Control-Allow-Origin", origin); return resp2; } let resp = await fetch(`${ADDRESS}/api/fs/link`, { method: "POST", headers: { "content-type": "application/json;charset=UTF-8", Authorization: TOKEN }, body: JSON.stringify({ path }) }); let res = await resp.json(); if (res.code !== 200) { return new Response(JSON.stringify(res)); } request = new Request(res.data.url, request); if (res.data.header) { for (const k in res.data.header) { for (const v of res.data.header[k]) { request.headers.set(k, v); } } } // 伪造地区头 request.headers.set("Accept-Language", "en-US,en;q=0.9"); // 伪造IP头 request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址 request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址 let response = await fetch(request); while (response.status >= 300 && response.status < 400) { const location = response.headers.get("Location"); if (location) { if (location.startsWith(`${WORKER_ADDRESS}/`)) { request = new Request(location, request); return await handleRequest(request); } else { request = new Request(location, request); response = await fetch(request); } } else { break; } } response = new Response(response.body, response); response.headers.delete("set-cookie"); response.headers.set("Access-Control-Allow-Origin", origin); response.headers.append("Vary", "Origin"); return response; }
非常感谢,这样就不需要二次代理了
Terabox检测了请求头是否为国内,是的话则拦截请求,我们可以伪造请求头来绕过(2024.6.17通过)
// 伪造地区头 request.headers.set("Accept-Language", "en-US,en;q=0.9"); // 伪造IP头 request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址 request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址
修改后的函数如下:
handleDownload
async function handleDownload(request) { const origin = request.headers.get("origin") ?? "*"; const url = new URL(request.url); const path = decodeURIComponent(url.pathname); const sign = url.searchParams.get("sign") ?? ""; const verifyResult = await verify(path, sign); if (verifyResult !== "") { const resp2 = new Response( JSON.stringify({ code: 401, message: verifyResult }), { headers: { "content-type": "application/json;charset=UTF-8" } } ); resp2.headers.set("Access-Control-Allow-Origin", origin); return resp2; } let resp = await fetch(`${ADDRESS}/api/fs/link`, { method: "POST", headers: { "content-type": "application/json;charset=UTF-8", Authorization: TOKEN }, body: JSON.stringify({ path }) }); let res = await resp.json(); if (res.code !== 200) { return new Response(JSON.stringify(res)); } request = new Request(res.data.url, request); if (res.data.header) { for (const k in res.data.header) { for (const v of res.data.header[k]) { request.headers.set(k, v); } } } // 伪造地区头 request.headers.set("Accept-Language", "en-US,en;q=0.9"); // 伪造IP头 request.headers.set("X-Forwarded-For", "8.8.8.8"); // 替换为你想要的IP地址 request.headers.set("X-Real-IP", "8.8.8.8"); // 替换为你想要的IP地址 let response = await fetch(request); while (response.status >= 300 && response.status < 400) { const location = response.headers.get("Location"); if (location) { if (location.startsWith(`${WORKER_ADDRESS}/`)) { request = new Request(location, request); return await handleRequest(request); } else { request = new Request(location, request); response = await fetch(request); } } else { break; } } response = new Response(response.body, response); response.headers.delete("set-cookie"); response.headers.set("Access-Control-Allow-Origin", origin); response.headers.append("Vary", "Origin"); return response; }
再次感谢大佬。如果方便的话吧代码给alist官方吧
Please make sure of the following things
[X] I have read the documentation. 我已经阅读了文档。
[x] I'm sure there are no duplicate issues or discussions. 我确定没有重复的issue或讨论。
[X] I'm sure it's due to
AList
and not something else(such as Network ,Dependencies
orOperational
). 我确定是AList
的问题,而不是其他原因(例如网络,依赖
或操作
)。[x] I'm sure this issue is not fixed in the latest version. 我确定这个问题在最新版本中没有被修复。
AList Version / AList 版本
v3.35.0
Driver used / 使用的存储驱动
Terabox
Describe the bug / 问题描述
因为proxy无法发起issues所以就在这里说了 前提:我用的服务器在国外 https://github.com/alist-org/alist-proxy/blob/main/alist-proxy.js部署到cloudflare pages后国内网络代理链接可以正常调用并下载其他储存的文件,在Terabox就提示{"error_code":31211, "error_msg":"access denied"},但是挂了梯子再打开下载链接就可以直接下载。![image](https://github.com/alist-org/alist/assets/156029516/0b7912a1-ff7e-4db2-a97f-3d1214d1ec57)
配置是本地代理的话还是情况同上![image](https://github.com/alist-org/alist/assets/156029516/942a1df4-62eb-4409-b554-93a416e264d3)
很神奇的Bug-.-
Reproduction / 复现链接
https://github.com/alist-org/alist-proxy
Config / 配置
Cloud flare Pages:
Local Proxy:
Error:
![image](https://github.com/alist-org/alist/assets/156029516/3cfaa16d-4038-416d-8fa6-c21f80ec0a2e)
Logs / 日志
No response