No description
Find a file
eternal-flame-AD 58bfea6643
properly detect x_forwarded_for header
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2024-11-15 14:28:16 -06:00
.vscode init 2024-11-13 05:23:22 -06:00
mac/apparmor improve apparmor profile 2024-11-15 00:36:38 -06:00
src properly detect x_forwarded_for header 2024-11-15 14:28:16 -06:00
submodules init 2024-11-13 05:23:22 -06:00
.gitignore init 2024-11-13 05:23:22 -06:00
.gitmodules init 2024-11-13 05:23:22 -06:00
build.rs init 2024-11-13 05:23:22 -06:00
Cargo.lock block ip URLs 2024-11-15 03:28:59 -06:00
Cargo.toml block ip URLs 2024-11-15 03:28:59 -06:00
deny.toml Apparmor 2024-11-14 23:54:59 -06:00
LICENSE init 2024-11-13 05:23:22 -06:00
local.toml properly detect x_forwarded_for header 2024-11-15 14:28:16 -06:00
README.md Lossy webp encoding 2024-11-15 01:05:02 -06:00
rust-toolchain init 2024-11-13 05:23:22 -06:00
wrangler.toml change example configuration svg passthrough 2024-11-13 16:27:49 -06:00

Yumechi-no-kuni-proxy-worker

This is a misskey proxy worker for ゆめちのくに (Yumechi-no-kuni) instance. Runs natively on both local and Cloudflare Workers environments!

Work in progress! Currently to do:

  • Content-Type sniffing
  • SVG rendering
    • Font rendering (likely will not run on Cloudflare Workers Free plan)
  • Preset image resizing
  • Opportunistic Redirection on large video files
  • RFC9110 compliant proxy loop detection with defensive programming against known vulnerable proxies
  • HTTPs only mode and X-Forwarded-Proto reflection
  • Cache-Control header
  • Rate-limiting on local deployment (untested)
  • Read config from Cloudflare
  • Timing and Rate-limiting headers (some not available on Cloudflare Workers)
  • Lossy WebP on CF Workers
  • Cache Results on Cloudflare KV.
  • Handle all possible panics reported by Clippy
  • Sandboxing the image rendering

Demo

Avatar resizing

Preview at:

https://yumechi-no-kuni-proxy-worker.eternal-flame-ad.workers.dev/proxy/avatar.webp?url=https://media.misskeyusercontent.com/io/274cc4f7-4674-4db1-9439-9fac08a66aa1.png

Image:

Syuilo Avatar resived.png

SVG rendering

(font rendering disabled due to size restrictions)

https://yumechi-no-kuni-proxy-worker.eternal-flame-ad.workers.dev/proxy/static.webp?url=https://upload.wikimedia.org/wikipedia/commons/a/ad/AES-AddRoundKey.svg

AES-AddRoundKey.svg

Setup and Deployment

  1. Clone this repository. Load the submodules with git submodule update --init.

  2. Install Rust and Cargo, using rustup is recommended. If you do not plan on deploying to Cloudflare Workers, you can remove the rust-toolchain file intended to get around cloudflare/worker-rs#668. Otherwise you may need to install that specific version of Rust by rustup install $(cat rust-toolchain).

  3. IF deploying locally:

    1. Edit local.toml to your liking. The documentations can be opened with cargo doc --open.

    2. Test run with cargo run --features env-local -- -c local.toml. Additional features apparmor and reuse-port are available for Linux users.

    3. Build with cargo build --features env-local --profile release-local. The built binary will be in target/release-local/yumechi-no-kuni-proxy-worker.

    4. The only flag understood is -c for the configuration file. The configuration file is in TOML format. However, the RUST_LOG environment variable will change the log level. The log level is info by default if the environment variable is not set.

    IF deploying to Cloudflare Workers:

    1. Add the wasm target with rustup +$(cat rust-toolchain) target add wasm32-unknown-unknown.

    2. Have a working JS environment.

    3. Install wrangler with you JS package manager of choice. See https://developers.cloudflare.com/workers/wrangler/install-and-update/. npx also works.

    4. Edit wrangler.toml to your liking. Everything in the [vars] section maps directly into the config section of the TOML configuration file. There is a cf-worker-paid feature set which enable some additional features that will never fit in the free plan, mainly SVG font rendering and some debugging features.

    5. Test locally with wrangler dev.

    6. Deploy with wrangler deploy --outdir bundled/.