有意无意之间
“庾子嵩作意赋成,从子文康见, 问曰:若有意邪?非赋之所尽,若无意邪?复何所赋? 答曰:正在有意无意之间。”
利用 Cloudflare 和 telegra.ph 搭建无限量且流畅的图床
首先是想玩一玩 Cloudflare Workers ,一项被称为 Serverless 和边缘计算的服务。官方的文档里有代理相关的示例,于是玩法就很多了。稍微一搜索就有反向代理的玩法,先去试了一下谷歌,谷歌提示异常流量,意义不大。
想到前几天看到别人博客利用电报“公众号” telegra.ph 匿名上传的接口做网盘的玩法。Cloudflare 老本行就是 cdn加速,减少加载 时间,电报有着匿名不限量的存储 空间 ,一结合简直是白嫖党的 元宇宙(Metaverse) ~!
新建一个 workers 代理 telegra.ph
地址: https://workers.cloudflare.com/
很容易从网上找到一段,但是有点问题,在替换 response 的时候只转发了 method 和 headers,导致上传的时候并没有把数据传过去,这一点加上 body 就好了。另外一个是存在跨域问题,尽管设置了请求头和响应头似乎都没用。于是需要把调用上传接口的网站部署到同一个域名下面,正好 telegra.ph 首页有 check 代理不了没啥用。就拿来转发网站了。
转发网站的时候,根据 pathname
来判断需要响应的内容。https://your-uploader.pages.dev/
替换为自己部署的 Pages 站点。
新建一个 pages 托管站点
地址:https://pages.cloudflare.com/
给启动的 works 绑定一个域名例如 domain.tld
,由于是代理了整个 telegra.ph
,所以可以通过 domain.tld/upload
来上传文件,通过 domain.tld/file/f4899999xxxx.jpg
来访问图片。由于我直接使用早期写的一个上传工具来部署的,故而代码省略。
最终 Workers 的代码
// Website you intended to retrieve for users.
const upstream = 'telegra.ph'
// Custom pathname for the upstream website.
const upstream_path = '/'
// Website you intended to retrieve for users using mobile devices.
const upstream_mobile = 'telegra.ph'
// Countries and regions where you wish to suspend your service.
const blocked_region = [ 'KP', 'SY', 'PK', 'CU']
// IP addresses which you wish to block from using your service.
const blocked_ip_address = []
// Whether to use HTTPS protocol for upstream address.
const https = true
// Whether to disable cache.
const disable_cache = false
// Replace texts.
const replace_dict = {
'$upstream': '$custom_domain',
'//telegra.ph': ''
}
const corsHeaders = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
"Access-Control-Max-Age": "86400",
}
addEventListener('fetch', event => {
event.respondWith(fetchAndApply(event.request));
})
async function fetchAndApply(request) {
const region = request.headers.get('cf-ipcountry').toUpperCase();
const ip_address = request.headers.get('cf-connecting-ip');
const user_agent = request.headers.get('user-agent');
let response = null;
let url = new URL(request.url);
let url_hostname = url.hostname;
if (https == true) {
url.protocol = 'https:';
} else {
url.protocol = 'http:';
}
if (await device_status(user_agent)) {
var upstream_domain = upstream;
} else {
var upstream_domain = upstream_mobile;
}
url.host = upstream_domain;
if ( url.pathname == '/' ) {
url.pathname = upstream_path;
return fetch(`https://your-uploader.pages.dev/`)
} else if ( url.pathname.startsWith('/css') || url.pathname.startsWith('/js') || url.pathname.startsWith('/font') || url.pathname.startsWith('/favicon') ) {
return fetch(`https://your-uploader.pages.dev/` + url.pathname)
} else {
url.pathname = upstream_path + url.pathname;
}
if (blocked_region.includes(region)) {
response = new Response('Access denied: WorkersProxy is not available in your region yet.', {
status: 403
});
} else if (blocked_ip_address.includes(ip_address)) {
response = new Response('Access denied: Your IP address is blocked by WorkersProxy.', {
status: 403
});
} else {
let method = request.method;
if ( method == 'OPTIONS' ) {
response = new Response('ok', {
status: 200
});
return response;
}
let request_headers = request.headers;
let new_request_headers = new Headers(request_headers);
new_request_headers.set('Host', upstream_domain);
new_request_headers.set('Referer', url.protocol + '//' + url_hostname);
let original_response = await fetch(url.href, {
method: method,
headers: new_request_headers ,
body: request.body,
data: request.data
})
connection_upgrade = new_request_headers.get("Upgrade");
if (connection_upgrade && connection_upgrade.toLowerCase() == "websocket") {
return original_response;
}
let original_response_clone = original_response.clone();
let original_text = null;
let response_headers = original_response.headers;
let new_response_headers = new Headers(response_headers);
let status = original_response.status;
if (disable_cache) {
new_response_headers.set('Cache-Control', 'no-store');
}
new_response_headers.set('access-control-allow-origin', '*');
new_response_headers.set('access-control-allow-credentials', true);
new_response_headers.set('access-control-allow-method', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
new_response_headers.delete('content-security-policy');
new_response_headers.delete('content-security-policy-report-only');
new_response_headers.delete('clear-site-data');
if (new_response_headers.get("x-pjax-url")) {
new_response_headers.set("x-pjax-url", response_headers.get("x-pjax-url").replace("//" + upstream_domain, "//" + url_hostname));
}
const content_type = new_response_headers.get('content-type');
if (content_type != null && content_type.includes('text/html') && content_type.includes('UTF-8')) {
original_text = await replace_response_text(original_response_clone, upstream_domain, url_hostname);
} else {
original_text = original_response_clone.body
}
response = new Response(original_text, {
status,
headers: new_response_headers
})
}
return response;
}
async function replace_response_text(response, upstream_domain, host_name) {
let text = await response.text()
var i, j;
for (i in replace_dict) {
j = replace_dict[i]
if (i == '$upstream') {
i = upstream_domain
} else if (i == '$custom_domain') {
i = host_name
}
if (j == '$upstream') {
j = upstream_domain
} else if (j == '$custom_domain') {
j = host_name
}
let re = new RegExp(i, 'g')
text = text.replace(re, j);
}
return text;
}
async function device_status(user_agent_info) {
var agents = ["Android", "iPhone", "SymbianOS", "Windows Phone", "iPad", "iPod"];
var flag = true;
for (var v = 0; v < agents.length; v++) {
if (user_agent_info.indexOf(agents[v]) > 0) {
flag = false;
break;
}
}
return flag;
}
最终效果
访问地址:https://box.p0t.top/
重要提示: Cloudflare 有能力和动机搜集上传者的信息(包括且不限于 IP 地址,经纬度坐标,设备和浏览器)来配合执法部门的监管。Telegram 上的图片获取到地址之后任何人都可以查看。故而请不要上传违反法律法规和涉及个人隐私的图片!