add restry-ui proxy.

Server/conf/nginx.conf

@@ -85,6 +85,7 @@ http {
             proxy_set_header Host $http_host;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_pass http://frp_http_proxy;
+            access_by_lua_file lua/authentication.lua;
         }
     }
 
@@ -143,6 +144,34 @@ http {
         }
     }
 
+    server {
+        listen 443 ssl;
+        server_name docker.amass.fun;
+
+        client_header_timeout 120s;         
+        client_body_timeout 120s;           
+
+        ssl_certificate cert/docker.amass.fun.pem;
+        ssl_certificate_key cert/docker.amass.fun.key;
+        ssl_session_timeout 5m; #缓存有效期
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
+        ssl_prefer_server_ciphers on; #使用服务器端的首选算法
+        
+        location / {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header x-wiz-real-ip $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            access_by_lua_file lua/basic_authentication_proxy.lua;
+            proxy_pass http://frp_http_proxy;
+        }
+    }
+
     server {
         listen 443 ssl;
         server_name money.amass.fun;

Server/lua/accounts.lua

@@ -0,0 +1,23 @@
+local M = {}
+
+local password_path = "password.txt"
+
+function M.credentials()
+    local file = io.open(password_path, "r")
+    if not file then
+        ngx.log(ngx.INFO, "无法打开文件: ", password_path)
+        return
+    end
+
+    local credentials = {}
+    for line in file:lines() do
+        local account, password = line:match("([^=]+)=([^=]+)")
+        if account and password then
+            credentials[account] = password
+        end
+    end
+    file:close()
+    return credentials
+end
+
+return M

Server/lua/basic_authentication.lua

@@ -0,0 +1,33 @@
+local auth_header = ngx.var.http_authorization
+
+local function authenticate()
+    ngx.header.content_type = 'text/plain'
+    ngx.header.www_authenticate = 'Basic realm="Restricted Area"'
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.say('Unauthorized')
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+
+if not auth_header then
+    return authenticate()
+end
+
+local _, _, encoded = string.find(auth_header, "Basic%s+(.+)")
+if not encoded then
+    return authenticate()
+end
+
+
+local decoded = ngx.decode_base64(encoded)
+local user_account, user_password = decoded:match("([^:]+):(.+)")
+
+ngx.log(ngx.INFO, encoded, " ", user_account, " ", user_password)
+
+local accounts = require("lua/accounts")
+local credentials = accounts.credentials()
+
+if credentials and credentials[user_account] == user_password then
+    return
+else
+    return authenticate()
+end

Server/lua/basic_authentication_proxy.lua

@@ -0,0 +1,22 @@
+local session, err, exists = require "resty.session".open()
+if exists and session:get("authenticated") then
+    local account = session:get("account")
+    ngx.log(ngx.INFO, session:get("account"), " 访问")
+    local accounts = require("lua/accounts")
+    local credentials = accounts.credentials()
+    local password = ""
+    if credentials then
+        password = credentials[account]
+    end
+    local auth_value = ngx.encode_base64(account .. ':' .. password)
+    ngx.req.set_header("Authorization", "Basic " .. auth_value)
+else
+    local server = ""
+    if ngx.var.server_port == "80" then
+        server = ngx.var.host
+    else
+        server = ngx.var.host .. ":" .. ngx.var.server_port
+    end
+    local target_url = ngx.var.scheme .. "://" .. server .. ngx.var.request_uri
+    ngx.redirect('https://amass.fun/LoginPage?next=' .. ngx.escape_uri(target_url))
+end

Server/lua/login.lua

@@ -1,7 +1,5 @@
 local cjson = require "cjson"
 
-local password_path = "password.txt"
-
 local function add_domain(cookies, key, domain)
     if type(cookies) == "string" then -- 确保 set_cookies 是一个表
         cookies = { cookies }
@@ -11,7 +9,7 @@ local function add_domain(cookies, key, domain)
     for _, cookie in ipairs(cookies) do
         local cookie_key, value = string.match(cookie, "^%s*(.-)%s*=%s*(.-)%s*;")
         if cookie_key == key then
-            local new_cookie = value .. "; Domain=" .. domain .. "; Path=/; HttpOnly"
+            local new_cookie = value .. "; Domain=" .. domain .. "; Path=/; HttpOnly; SameSite=Lax"
             table.insert(new_cookies, key.."=" .. new_cookie)
         else
             table.insert(new_cookies, cookie)
@@ -42,27 +40,11 @@ local user_password = json_data.password
 
 local reply = {}
 
-local file = io.open(password_path, "r")
-if not file then
-    ngx.log(ngx.INFO, "无法打开文件: ", password_path)
-    reply.status = -1000
-    reply.message = "服务器错误,找不到 " .. password_path;
-    ngx.say(cjson.encode(reply))
-    return
-end
-
-local credentials = {}
-for line in file:lines() do
-    local account, password = line:match("([^=]+)=([^=]+)")
-    if account and password then
-        credentials[account] = password
-    end
-end
-file:close()
-
 local session = require "resty.session".start()
 
-if credentials[user_account] == user_password then
+local accounts = require("lua/accounts")
+local credentials = accounts.credentials()
+if credentials and credentials[user_account] == user_password then
     reply.status = 0
     reply.message = "登录成功"
     session:set("account", user_account)