feat: support apk

2025-11-18 12:16:28 +08:00
parent 68b6bb78e6
commit ba5544c28d
28 changed files with 1412 additions and 54 deletions
--- a/internal/hubmodule/apk/hooks.go
+++ b/internal/hubmodule/apk/hooks.go
@@ -0,0 +1,83 @@
+// Package apk defines hook behaviors for Alpine APK proxying.
+// APKINDEX/签名需要再验证；packages/*.apk 视为不可变缓存。
+package apk
+
+import (
+	"path"
+	"strings"
+
+	"github.com/any-hub/any-hub/internal/proxy/hooks"
+)
+
+func init() {
+	hooks.MustRegister("apk", hooks.Hooks{
+		NormalizePath: normalizePath,
+		CachePolicy:   cachePolicy,
+		ContentType:   contentType,
+	})
+}
+
+func normalizePath(_ *hooks.RequestContext, p string, rawQuery []byte) (string, []byte) {
+	clean := path.Clean("/" + strings.TrimSpace(p))
+	return clean, rawQuery
+}
+
+func cachePolicy(_ *hooks.RequestContext, locatorPath string, current hooks.CachePolicy) hooks.CachePolicy {
+	clean := canonicalPath(locatorPath)
+	switch {
+	case isAPKIndexPath(clean), isAPKSignaturePath(clean):
+		// APKINDEX 及签名需要再验证，确保索引最新。
+		current.AllowCache = true
+		current.AllowStore = true
+		current.RequireRevalidate = true
+	case isAPKPackagePath(clean):
+		// 包体不可变，允许直接命中缓存，无需 HEAD。
+		current.AllowCache = true
+		current.AllowStore = true
+		current.RequireRevalidate = false
+	default:
+		current.AllowCache = false
+		current.AllowStore = false
+		current.RequireRevalidate = false
+	}
+	return current
+}
+
+func contentType(_ *hooks.RequestContext, locatorPath string) string {
+	clean := canonicalPath(locatorPath)
+	switch {
+	case strings.HasSuffix(clean, ".apk"):
+		return "application/vnd.android.package-archive"
+	case strings.HasSuffix(clean, ".tar.gz"):
+		return "application/gzip"
+	case strings.HasSuffix(clean, ".tar.gz.asc") || strings.HasSuffix(clean, ".tar.gz.sig"):
+		return "application/pgp-signature"
+	default:
+		return ""
+	}
+}
+
+func isAPKIndexPath(p string) bool {
+	clean := canonicalPath(p)
+	return strings.HasSuffix(clean, "/apkindex.tar.gz")
+}
+
+func isAPKSignaturePath(p string) bool {
+	clean := canonicalPath(p)
+	return strings.HasSuffix(clean, "/apkindex.tar.gz.asc") || strings.HasSuffix(clean, "/apkindex.tar.gz.sig")
+}
+
+func isAPKPackagePath(p string) bool {
+	clean := canonicalPath(p)
+	if isAPKIndexPath(clean) || isAPKSignaturePath(clean) {
+		return false
+	}
+	return strings.HasSuffix(clean, ".apk")
+}
+
+func canonicalPath(p string) string {
+	if p == "" {
+		return "/"
+	}
+	return strings.ToLower(path.Clean("/" + strings.TrimSpace(p)))
+}
--- a/internal/hubmodule/apk/hooks_test.go
+++ b/internal/hubmodule/apk/hooks_test.go
@@ -0,0 +1,61 @@
+package apk
+
+import (
+	"testing"
+
+	"github.com/any-hub/any-hub/internal/proxy/hooks"
+)
+
+func TestCachePolicyIndexAndSignatureRevalidate(t *testing.T) {
+	paths := []string{
+		"/v3.19/main/x86_64/APKINDEX.tar.gz",
+		"/v3.19/main/x86_64/APKINDEX.tar.gz.asc",
+		"/v3.19/community/aarch64/apkindex.tar.gz.sig",
+	}
+	for _, p := range paths {
+		current := cachePolicy(nil, p, hooks.CachePolicy{})
+		if !current.AllowCache || !current.AllowStore || !current.RequireRevalidate {
+			t.Fatalf("expected index/signature to require revalidate for %s", p)
+		}
+	}
+}
+
+func TestCachePolicyPackageImmutable(t *testing.T) {
+	tests := []string{
+		"/v3.19/main/x86_64/packages/hello-1.0.apk",
+		"/v3.18/testing/aarch64/packages/../packages/hello-1.0-r1.APK",
+		"/v3.22/community/x86_64/tini-static-0.19.0-r3.apk", // 路径不含 /packages/ 也应视作包体
+	}
+	for _, p := range tests {
+		current := cachePolicy(nil, p, hooks.CachePolicy{})
+		if !current.AllowCache || !current.AllowStore || current.RequireRevalidate {
+			t.Fatalf("expected immutable cache for %s", p)
+		}
+	}
+}
+
+func TestCachePolicyNonAPKPath(t *testing.T) {
+	current := cachePolicy(nil, "/other/path", hooks.CachePolicy{})
+	if current.AllowCache || current.AllowStore || current.RequireRevalidate {
+		t.Fatalf("expected non-APK path to disable cache/store")
+	}
+}
+
+func TestNormalizePath(t *testing.T) {
+	p, _ := normalizePath(nil, "v3.19/main/x86_64/APKINDEX.tar.gz", nil)
+	if p != "/v3.19/main/x86_64/APKINDEX.tar.gz" {
+		t.Fatalf("unexpected normalized path: %s", p)
+	}
+}
+
+func TestContentType(t *testing.T) {
+	if ct := contentType(nil, "/v3.19/main/x86_64/APKINDEX.tar.gz"); ct != "application/gzip" {
+		t.Fatalf("expected gzip content type, got %s", ct)
+	}
+	if ct := contentType(nil, "/v3.19/main/x86_64/APKINDEX.tar.gz.asc"); ct != "application/pgp-signature" {
+		t.Fatalf("expected signature content type, got %s", ct)
+	}
+	if ct := contentType(nil, "/v3.19/main/x86_64/packages/hello.apk"); ct != "application/vnd.android.package-archive" {
+		t.Fatalf("expected apk content type, got %s", ct)
+	}
+}
--- a/internal/hubmodule/apk/module.go
+++ b/internal/hubmodule/apk/module.go
@@ -0,0 +1,29 @@
+// Package apk registers metadata for Alpine APK proxying.
+package apk
+
+import (
+	"time"
+
+	"github.com/any-hub/any-hub/internal/hubmodule"
+)
+
+const apkDefaultTTL = 6 * time.Hour
+
+func init() {
+	// 模块元数据声明，具体 hooks 见 hooks.go（已在 init 自动注册）。
+	hubmodule.MustRegister(hubmodule.ModuleMetadata{
+		Key:            "apk",
+		Description:    "Alpine APK proxy with cached indexes and packages",
+		MigrationState: hubmodule.MigrationStateBeta,
+		SupportedProtocols: []string{
+			"apk",
+		},
+		CacheStrategy: hubmodule.CacheStrategyProfile{
+			TTLHint:                0,                                    // APKINDEX 每次再验证，包体直接命中
+			ValidationMode:         hubmodule.ValidationModeLastModified, // APKINDEX 再验证
+			DiskLayout:             "raw_path",
+			RequiresMetadataFile:   false,
+			SupportsStreamingWrite: true, // 包体流式写
+		},
+	})
+}
--- a/internal/hubmodule/debian/hooks.go
+++ b/internal/hubmodule/debian/hooks.go
@@ -0,0 +1,102 @@
+// Package debian defines hook behaviors for APT (Debian/Ubuntu) proxying.
+// 索引（Release/InRelease/Packages*）需要再验证；包体（pool/ 和 by-hash）视为不可变直接缓存。
+// 日志字段沿用通用 proxy（命中/上游状态），无需额外改写。
+package debian
+
+import (
+	"path"
+	"strings"
+
+	"github.com/any-hub/any-hub/internal/proxy/hooks"
+)
+
+func init() {
+	hooks.MustRegister("debian", hooks.Hooks{
+		NormalizePath: normalizePath,
+		CachePolicy:   cachePolicy,
+		ContentType:   contentType,
+	})
+}
+
+func normalizePath(_ *hooks.RequestContext, p string, rawQuery []byte) (string, []byte) {
+	clean := path.Clean("/" + strings.TrimSpace(p))
+	return clean, rawQuery
+}
+
+func cachePolicy(_ *hooks.RequestContext, locatorPath string, current hooks.CachePolicy) hooks.CachePolicy {
+	clean := canonicalPath(locatorPath)
+	switch {
+	case isAptIndexPath(clean):
+		// 索引类（Release/Packages）需要 If-None-Match/If-Modified-Since 再验证。
+		current.AllowCache = true
+		current.AllowStore = true
+		current.RequireRevalidate = true
+	case isAptImmutablePath(clean):
+		// pool/*.deb 与 by-hash 路径视为不可变，直接缓存后续不再 HEAD。
+		current.AllowCache = true
+		current.AllowStore = true
+		current.RequireRevalidate = false
+	default:
+		current.AllowCache = false
+		current.AllowStore = false
+		current.RequireRevalidate = false
+	}
+	return current
+}
+
+func contentType(_ *hooks.RequestContext, locatorPath string) string {
+	switch {
+	case strings.HasSuffix(locatorPath, ".gz"):
+		return "application/gzip"
+	case strings.HasSuffix(locatorPath, ".xz"):
+		return "application/x-xz"
+	case strings.HasSuffix(locatorPath, "Release.gpg"):
+		return "application/pgp-signature"
+	case isAptIndexPath(locatorPath):
+		return "text/plain"
+	default:
+		return ""
+	}
+}
+
+func isAptIndexPath(p string) bool {
+	clean := canonicalPath(p)
+	if isByHashPath(clean) {
+		return false
+	}
+	if strings.HasPrefix(clean, "/dists/") {
+		if strings.HasSuffix(clean, "/release") || strings.HasSuffix(clean, "/inrelease") || strings.HasSuffix(clean, "/release.gpg") {
+			return true
+		}
+		if strings.Contains(clean, "/packages") {
+			return true
+		}
+	}
+	return false
+}
+
+func isAptImmutablePath(p string) bool {
+	clean := canonicalPath(p)
+	if isByHashPath(clean) {
+		return true
+	}
+	if strings.HasPrefix(clean, "/pool/") {
+		return true
+	}
+	return false
+}
+
+func isByHashPath(p string) bool {
+	clean := canonicalPath(p)
+	if !strings.HasPrefix(clean, "/dists/") {
+		return false
+	}
+	return strings.Contains(clean, "/by-hash/")
+}
+
+func canonicalPath(p string) string {
+	if p == "" {
+		return "/"
+	}
+	return strings.ToLower(path.Clean("/" + strings.TrimSpace(p)))
+}
--- a/internal/hubmodule/debian/hooks_test.go
+++ b/internal/hubmodule/debian/hooks_test.go
@@ -0,0 +1,64 @@
+package debian
+
+import (
+	"testing"
+
+	"github.com/any-hub/any-hub/internal/proxy/hooks"
+)
+
+func TestCachePolicyIndexesRevalidate(t *testing.T) {
+	current := cachePolicy(nil, "/dists/bookworm/Release", hooks.CachePolicy{})
+	if !current.AllowCache || !current.AllowStore || !current.RequireRevalidate {
+		t.Fatalf("expected index to allow cache/store and revalidate")
+	}
+	current = cachePolicy(nil, "/dists/bookworm/main/binary-amd64/Packages.gz", hooks.CachePolicy{})
+	if !current.AllowCache || !current.AllowStore || !current.RequireRevalidate {
+		t.Fatalf("expected packages index to revalidate")
+	}
+}
+
+func TestCachePolicyImmutable(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+	}{
+		{name: "by-hash index snapshot", path: "/dists/bookworm/by-hash/sha256/abc"},
+		{name: "by-hash nested", path: "/dists/bookworm/main/binary-amd64/by-hash/SHA256/def"},
+		{name: "pool package", path: "/pool/main/h/hello.deb"},
+		{name: "pool canonicalized", path: " /PoOl/main/../main/h/hello_1.0_amd64.DeB "},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			current := cachePolicy(nil, tt.path, hooks.CachePolicy{})
+			if !current.AllowCache || !current.AllowStore || current.RequireRevalidate {
+				t.Fatalf("expected immutable cache for %s", tt.path)
+			}
+		})
+	}
+}
+
+func TestCachePolicyNonAptPath(t *testing.T) {
+	current := cachePolicy(nil, "/other/path", hooks.CachePolicy{})
+	if current.AllowCache || current.AllowStore || current.RequireRevalidate {
+		t.Fatalf("expected non-APT path to disable cache/store")
+	}
+}
+
+func TestNormalizePath(t *testing.T) {
+	path, _ := normalizePath(nil, "dists/bookworm/Release", nil)
+	if path != "/dists/bookworm/Release" {
+		t.Fatalf("unexpected path: %s", path)
+	}
+}
+
+func TestContentType(t *testing.T) {
+	if ct := contentType(nil, "/dists/bookworm/Release"); ct != "text/plain" {
+		t.Fatalf("expected text/plain for Release, got %s", ct)
+	}
+	if ct := contentType(nil, "/dists/bookworm/Release.gpg"); ct != "application/pgp-signature" {
+		t.Fatalf("expected signature content-type, got %s", ct)
+	}
+	if ct := contentType(nil, "/dists/bookworm/main/binary-amd64/Packages.gz"); ct != "application/gzip" {
+		t.Fatalf("expected gzip content-type, got %s", ct)
+	}
+}
--- a/internal/hubmodule/debian/module.go
+++ b/internal/hubmodule/debian/module.go
@@ -0,0 +1,29 @@
+// Package debian registers metadata for Debian/Ubuntu APT proxying.
+package debian
+
+import (
+	"time"
+
+	"github.com/any-hub/any-hub/internal/hubmodule"
+)
+
+const debianDefaultTTL = 6 * time.Hour
+
+func init() {
+	// 仅声明模块元数据（缓存策略等）；具体 hooks 在后续实现。
+	hubmodule.MustRegister(hubmodule.ModuleMetadata{
+		Key:            "debian",
+		Description:    "APT proxy with cached indexes and packages",
+		MigrationState: hubmodule.MigrationStateBeta,
+		SupportedProtocols: []string{
+			"debian",
+		},
+		CacheStrategy: hubmodule.CacheStrategyProfile{
+			TTLHint:                0,                                    // 索引每次再验证，由 ETag/Last-Modified 控制
+			ValidationMode:         hubmodule.ValidationModeLastModified, // 索引使用 Last-Modified/ETag 再验证
+			DiskLayout:             "raw_path",                           // 复用通用原始路径布局
+			RequiresMetadataFile:   false,
+			SupportsStreamingWrite: true, // 包体需要流式写入，避免大文件占用内存
+		},
+	})
+}
--- a/internal/hubmodule/docker/hooks.go
+++ b/internal/hubmodule/docker/hooks.go
@@ -15,9 +15,6 @@ func init() {
 }

 func normalizePath(ctx *hooks.RequestContext, clean string, rawQuery []byte) (string, []byte) {
-	if !isDockerHubHost(ctx.UpstreamHost) {
-		return clean, rawQuery
-	}
 	repo, rest, ok := splitDockerRepoPath(clean)
 	if !ok || repo == "" || strings.Contains(repo, "/") || repo == "library" {
 		return clean, rawQuery
--- a/internal/hubmodule/docker/module.go
+++ b/internal/hubmodule/docker/module.go
@@ -19,7 +19,7 @@ func init() {
 			"docker",
 		},
 		CacheStrategy: hubmodule.CacheStrategyProfile{
-			TTLHint:                dockerDefaultTTL,
+			TTLHint:                0, // manifests 需每次再验证，由 ETag 控制新鲜度
 			ValidationMode:         hubmodule.ValidationModeETag,
 			DiskLayout:             "raw_path",
 			RequiresMetadataFile:   false,
--- a/internal/hubmodule/pypi/module.go
+++ b/internal/hubmodule/pypi/module.go
@@ -19,7 +19,7 @@ func init() {
 			"pypi",
 		},
 		CacheStrategy: hubmodule.CacheStrategyProfile{
-			TTLHint:                pypiDefaultTTL,
+			TTLHint:                0, // simple index 每次再验证
 			ValidationMode:         hubmodule.ValidationModeLastModified,
 			DiskLayout:             "raw_path",
 			RequiresMetadataFile:   false,
--- a/internal/hubmodule/strategy.go
+++ b/internal/hubmodule/strategy.go
@@ -11,7 +11,7 @@ type StrategyOptions struct {
 // ResolveStrategy 将模块的默认策略与 hub 级覆盖合并。
 func ResolveStrategy(meta ModuleMetadata, opts StrategyOptions) CacheStrategyProfile {
 	strategy := meta.CacheStrategy
-	if opts.TTLOverride > 0 {
+	if strategy.TTLHint > 0 && opts.TTLOverride > 0 {
 		strategy.TTLHint = opts.TTLOverride
 	}
 	if opts.ValidationOverride != "" {