Edgeone_CleanCache/worker.js at main · woodchen-ink/Edgeone_CleanCache · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Cloudflare Worker 代码
async function qcloudV3Post(secretId, secretKey, service, bodyArray, headersArray) {
  const HTTPRequestMethod = "POST";
  const CanonicalURI = "/";
  const CanonicalQueryString = "";

  // 按 ASCII 升序排序
  const sortHeadersArray = Object.keys(headersArray)
    .sort()
    .reduce((obj, key) => {
      obj[key] = headersArray[key];
      return obj;
    }, {});

  let SignedHeaders = "";
  let CanonicalHeaders = "";

  // 拼接键
  for (const key in sortHeadersArray) {
    SignedHeaders += key.toLowerCase() + ';';
  }
  SignedHeaders = SignedHeaders.slice(0, -1);

  // 拼接键和值
  for (const key in sortHeadersArray) {
    CanonicalHeaders += `${key.toLowerCase()}:${sortHeadersArray[key].toLowerCase()}\n`;
  }

  const HashedRequestPayload = await crypto.subtle.digest(
    "SHA-256",
    new TextEncoder().encode(JSON.stringify(bodyArray))
  ).then(hash => Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, '0')).join(''));

  const CanonicalRequest =
    `${HTTPRequestMethod}\n${CanonicalURI}\n${CanonicalQueryString}\n${CanonicalHeaders}\n${SignedHeaders}\n${HashedRequestPayload}`;

  // 时间戳
  const RequestTimestamp = Math.floor(Date.now() / 1000);
  const formattedDate = new Date(RequestTimestamp * 1000).toISOString().split('T')[0];
  const Algorithm = "TC3-HMAC-SHA256";
  const CredentialScope = `${formattedDate}/${service}/tc3_request`;

  const HashedCanonicalRequest = await crypto.subtle.digest(
    "SHA-256",
    new TextEncoder().encode(CanonicalRequest)
  ).then(hash => Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, '0')).join(''));

  const StringToSign =
    `${Algorithm}\n${RequestTimestamp}\n${CredentialScope}\n${HashedCanonicalRequest}`;

  // HMAC-SHA256 签名计算
  async function hmac(key, string) {
    const cryptoKey = await crypto.subtle.importKey(
      'raw',
      typeof key === 'string' ? new TextEncoder().encode(key) : key,
      { name: 'HMAC', hash: 'SHA-256' },
      false,
      ['sign']
    );
    const signature = await crypto.subtle.sign(
      'HMAC',
      cryptoKey,
      new TextEncoder().encode(string)
    );
    return new Uint8Array(signature);
  }

  const SecretDate = await hmac("TC3" + secretKey, formattedDate);
  const SecretService = await hmac(SecretDate, service);
  const SecretSigning = await hmac(SecretService, "tc3_request");

  const Signature = Array.from(
    new Uint8Array(
      await crypto.subtle.sign(
        'HMAC',
        await crypto.subtle.importKey(
          'raw',
          SecretSigning,
          { name: 'HMAC', hash: 'SHA-256' },
          false,
          ['sign']
        ),
        new TextEncoder().encode(StringToSign)
      )
    )
  ).map(b => b.toString(16).padStart(2, '0')).join('');

  const Authorization =
    `${Algorithm} Credential=${secretId}/${CredentialScope}, SignedHeaders=${SignedHeaders}, Signature=${Signature}`;

  headersArray["X-TC-Timestamp"] = RequestTimestamp.toString();
  headersArray["Authorization"] = Authorization;

  return headersArray;
}

async function handleRequest(request) {
  if (request.method === 'OPTIONS') {
    return new Response(null, {
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'POST, OPTIONS',
        'Access-Control-Allow-Headers': 'Content-Type',
      }
    });
  }

  const data = await request.json();
  const { secretId, secretKey, zoneId, type, targets, method = 'invalidate' } = data;

  const service = "teo";
  const host = "teo.tencentcloudapi.com";

  const payload = {
    ZoneId: zoneId,
    Type: type,
    Targets: targets
  };

  const headersPending = {
    'Host': host,
    'Content-Type': 'application/json',
    'X-TC-Action': 'CreatePurgeTask',
    'X-TC-Version': '2022-09-01',
    'X-TC-Region': 'ap-guangzhou',
  };

  const headers = await qcloudV3Post(secretId, secretKey, service, payload, headersPending);

  try {
    const response = await fetch(`https://${host}`, {
      method: 'POST',
      headers: headers,
      body: JSON.stringify(payload)
    });

    const result = await response.json();

    return new Response(JSON.stringify(result), {
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
      }
    });
  } catch (error) {
    return new Response(JSON.stringify({ error: error.message }), {
      status: 500,
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
      }
    });
  }
}

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request));
});