sub2api

zfc/sub2api

Fork 0

Commit Graph

Author	SHA1	Message	Date
win	0bfd6edde6	feat: Sora curl_cffi sidecar — Chrome TLS 指纹绕过 Cloudflare Some checks failed CI / test (push) Failing after 3s Details CI / golangci-lint (push) Failing after 3s Details Security Scan / backend-security (push) Failing after 3s Details Security Scan / frontend-security (push) Failing after 3s Details - 新增 sora-curl-cffi-sidecar 容器（Python + curl_cffi + chrome131） - docker-compose.tls-proxy.yml 集成 sidecar，sub2api 自动连接 - 会话池复用，避免重复 TLS 握手 - 镜像 zfc931912343/sora-curl-cffi-sidecar:latest (amd64+arm64)	2026-03-22 03:31:49 +08:00
win	a72ba424cc	feat: Node.js TLS 指纹代理 + 网络隔离防泄露 Some checks failed CI / test (push) Failing after 1m32s Details CI / golangci-lint (push) Failing after 33s Details Security Scan / backend-security (push) Failing after 32s Details Security Scan / frontend-security (push) Failing after 32s Details - 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI SSE 流式透传，支持上游 HTTP CONNECT 代理零依赖，Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络，物理隔离外网 node-tls-proxy 唯一出站通道，IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库	2026-03-22 00:18:43 +08:00

Author

SHA1

Message

Date

win

0bfd6edde6

feat: Sora curl_cffi sidecar — Chrome TLS 指纹绕过 Cloudflare

CI / test (push) Failing after 3s

Details

CI / golangci-lint (push) Failing after 3s

Details

Security Scan / backend-security (push) Failing after 3s

Details

Security Scan / frontend-security (push) Failing after 3s

Details

- 新增 sora-curl-cffi-sidecar 容器（Python + curl_cffi + chrome131）
- docker-compose.tls-proxy.yml 集成 sidecar，sub2api 自动连接
- 会话池复用，避免重复 TLS 握手
- 镜像 zfc931912343/sora-curl-cffi-sidecar:latest (amd64+arm64)

2026-03-22 03:31:49 +08:00

win

a72ba424cc

feat: Node.js TLS 指纹代理 + 网络隔离防泄露

CI / test (push) Failing after 1m32s

Details

CI / golangci-lint (push) Failing after 33s

Details

Security Scan / backend-security (push) Failing after 32s

Details

Security Scan / frontend-security (push) Failing after 32s

Details

- 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/)
  原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI
  SSE 流式透传，支持上游 HTTP CONNECT 代理
  零依赖，Node.js 24.13.0 锁定版本

- Go 集成 (config.go + http_upstream.go)
  新增 NodeTLSProxyConfig 配置
  DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456

- Docker 网络隔离 (docker-compose.tls-proxy.yml)
  sub2api 容器仅 internal 网络，物理隔离外网
  node-tls-proxy 唯一出站通道，IPv6 内核级禁用

- iptables 防泄露脚本 (tools/firewall/)
  QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443

- 镜像切换为 zfc931912343/ 仓库

2026-03-22 00:18:43 +08:00

2 Commits