前言

本文主要记录如何快速为自己的网站建立一个安全的ip获取器.

关于前面的一些设置Workers操作可以看这篇文章

本文主要给出代码.

代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
// 内容参考:https://blog.dsrkafuu.net/post/2020/cloudflare-worker-cors-anywhere/

// 允许请求的 CORS 来源及其Referer
const ALLOWED_ORIGIN = [/^https:\/\/lanyundev\.com\/$/];
// 是否不拒绝所有无 Origin 请求
const ALLOW_NO_ORIGIN = false;
// 允许请求的 Referer
const ALLOWED_Referer = [/^https:\/\/lanyundev\.com\/$/];
// 是否不拒绝所有无 Referer 请求
const ALLOW_NO_Referer = false;
// 缓存控制
const CACHE_CONTROL = 'public, max-age=2592000'; //30天缓存  // no-cache, must-revalidate

/**
 * 验证 Origin
 * @param {Request} req
 * @return {boolean}
 */

function validateOrigin(req) {
  const origin = req.headers.get('Origin');
  if (origin) {
    for (let i = 0; i < ALLOWED_ORIGIN.length; i++) {
      if (ALLOWED_ORIGIN[i].exec(origin)) {
        return true;
      }
    }
  }
  return ALLOW_NO_ORIGIN; // 是否拒绝所有无 Origin 请求
}

/**
 * 验证 Referer */
function validateReferer(req) {
    const Referer = req.headers.get('Referer');
    if (Referer) {
        for (let i = 0; i < ALLOWED_Referer.length; i++) {
            if (ALLOWED_Referer[i].exec(Referer)) {
                return true;
            }
        }
    }
    return ALLOW_NO_Referer; // 是否拒绝所有无 Referer 请求
}

/**
 * 响应 CORS OPTIONS 请求
 * @param {Request} req 源请求
 * @return {Response}
 */
function handleOptions(req) {
    const rawOrigin = req.headers.get('Origin');
    const rawMethod = req.headers.get('Access-Control-Request-Method');
    const rawHeaders = req.headers.get('Access-Control-Request-Headers');

    const res = new Response(null, { status: 200 });
    res.headers.set('Access-Control-Allow-Origin', rawOrigin);
    rawMethod && res.headers.set('Access-Control-Allow-Methods', rawMethod);
    rawHeaders && res.headers.set('Access-Control-Allow-Headers', rawHeaders);
    res.headers.set('Access-Control-Max-Age', 86400);
    res.headers.set('Content-Type', 'application/javascript; charset=utf-8');
    // 设置 Vary 头使浏览器正确进行缓存
    res.headers.append('Vary', 'Accept-Encoding');
    res.headers.append('Vary', 'Origin');
    // res.headers.append('Vary', 'User-Agent'); //防止移动客户端误用桌面缓存
    return res;
}

/**
 * 拒绝请求
 * @return {Response}
 */
function handleReject() {
    //return new Response(null);
    //return null;
    return new Response('[LanYun_Blog] REQUEST NOT ALLOWED', {
        status: 403,
    });
}

addEventListener("fetch", event => {
    // 获取请求的信息
    const req = event.request;
    // 验证和解析
    const validOrigin = validateOrigin(req);
    const origin = req.headers.get('Origin');
    //const ip_host = req.headers.get('authority');
    const validReferer = validateReferer(req);
    if ( ( validReferer) || (validOrigin && validReferer && origin) ) {
        if (req.method === 'OPTIONS') {
            event.respondWith(handleOptions(req));
        } else {
            event.respondWith(handleRequest(req));
        }
    } else {
        return;
        event.respondWith(handleReject());
    }
})

async function handleRequest(request) {
    const rawOrigin = request.headers.get('Origin');
    const ip = request.headers.get("cf-connecting-ip")
    res = new Response('var returnCitySN = {"cip": "' + ip + '"};', { status: 200 })
    res.headers.set('Access-Control-Allow-Origin', 'https://lanyundev.com/');
    res.headers.set('Cache-Control', CACHE_CONTROL);
    res.headers.set('Access-Control-Max-Age', 86400);
    res.headers.set('Content-Type', 'application/javascript; charset=utf-8');
    // 设置 Vary 头使浏览器正确进行缓存
    res.headers.append('Vary', 'Accept-Encoding');
    res.headers.append('Vary', 'Origin');
    return res
}

你可以根据实际情况,进行修改.

上面代码能够一定程度防止滥用,具有一定安全性.