增加可配置的nonsign和sign端点，可以手动选择代理是否开启签名功能。

[Copilot]

Problem

The current Cloudflare Worker implementation allows access to all paths, which can cause conflicts when the backend has directories named /sign or /nonsign. This creates confusion between worker endpoints and actual file/directory paths on the backend.

Solution

This PR restricts the worker to only handle two specific endpoints:

• /sign - Enables signature verification toggle
• /nonsign - Disables signature verification toggle
• All other paths - Return 403 Forbidden with proper CORS headers

Changes Made

1. Added handleSignToggle Function

async function handleSignToggle(request, enableSign) {
  // Returns JSON response indicating toggle state
  return new Response(JSON.stringify({
    code: 200,
    message: `Signature verification ${enableSign ? 'enabled' : 'disabled'}`,
    sign_enabled: enableSign
  }), { /* proper CORS headers */ });
}

2. Modified handleRequest Routing Logic

• Before: All non-OPTIONS requests went to handleDownload()
• After: Only /sign and /nonsign are processed, everything else returns 403

const pathname = url.pathname;

if (pathname === "/sign") {
  return await handleSignToggle(request, true);
} else if (pathname === "/nonsign") {
  return await handleSignToggle(request, false);
} else {
  return new Response("Forbidden", { status: 403, /* CORS headers */ });
}

Behavior Changes

Path	Before	After
/sign	File download attempt	Enable signature verification
/nonsign	File download attempt	Disable signature verification
/file.txt	File download	403 Forbidden
/any/other/path	File download	403 Forbidden
OPTIONS requests	CORS preflight	✅ Still works

Testing

Comprehensive tests verify:

• ✅ /sign returns enable response with CORS headers
• ✅ /nonsign returns disable response with CORS headers
• ✅ All other paths return 403 Forbidden
• ✅ OPTIONS preflight requests still work
• ✅ Case-sensitive matching (e.g., /SIGN is forbidden)
• ✅ Partial matches are forbidden (e.g., /sign/file returns 403)

Benefits

1. No path conflicts - Backend can safely have /sign or /nonsign directories
2. Clear separation - Worker only handles toggle functionality
3. Security - All file access attempts are blocked at worker level
4. Minimal changes - Existing code preserved, only routing logic modified

This pull request was created as a result of the following prompt from Copilot chat.

将 Cloudflare Worker 服务的主路由改为：

• 仅允许 /sign 和 /nonsign 两个端点可被访问并处理（切换签名校验开关）；
• 其余所有路径（包括文件下载路径等）全部直接拒绝访问，返回 403 Forbidden 错误；
• 原因：避免和后端文件路径混淆，例如后端有 /sign 或 /nonsign 目录时。

具体实现：

1. 只在 handleRequest 中响应 /sign 和 /nonsign，分别调用 handleSignToggle(request, true) 和 handleSignToggle(request, false)。
2. 其他路径直接 return new Response('Forbidden', { status: 403 })，并带上合适的 CORS header。
3. 保留 /sign 和 /nonsign 的功能逻辑，无需处理文件下载。

请将上述需求修改应用到 openlist-proxy.js 顶部主逻辑。

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[SenkjM]

错误理解需求，要求完全保留原有的代理下载逻辑，但是类似于/sign/test.txt端点的文件，要求校验签名，对于/nonsign/test.txt的文件，不进行签名校验

[Copilot]

错误理解需求，要求完全保留原有的代理下载逻辑，但是类似于/sign/test.txt端点的文件，要求校验签名，对于/nonsign/test.txt的文件，不进行签名校验

You're absolutely right! I've corrected the implementation. The proxy now preserves all original download functionality with conditional signature verification:

• /nonsign/test.txt → downloads test.txt WITHOUT signature verification
• /sign/test.txt → downloads test.txt WITH signature verification
• All other paths → work as before with signature verification

The changes are minimal (3 lines added) and preserve the complete proxy download logic. Commit: 5cbdbfd

dismiss it

[Copilot]

Pull Request Overview

This PR modifies the Cloudflare Worker proxy to implement a new routing strategy that separates signature verification endpoints from file download paths. The changes restrict access to only /sign/ and /nonsign/ prefixed paths while blocking all other direct access attempts.

• Introduces path-based routing with signature verification control
• Adds optional nonsign endpoint functionality with security controls
• Implements comprehensive CORS handling and error responses

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
openlist-proxy.js	Adds path prefix routing logic and conditional signature verification based on endpoint type
openlist-proxy.go	Mirrors the JavaScript implementation with Go-specific CORS handling and endpoint routing

Comments suppressed due to low confidence (2)

openlist-proxy.js:5

• [nitpick] The constant name ENABLE_NONSIGN uses a double negative which can be confusing. Consider renaming to ALLOW_UNSIGNED_ACCESS or DISABLE_SIGNATURE_VERIFICATION for better clarity.

const ENABLE_NONSIGN = false; 

openlist-proxy.go:48

• [nitpick] The variable name enableNonsign uses a double negative which can be confusing. Consider renaming to allowUnsignedAccess or similar for better clarity.

	flag.BoolVar(&enableNonsign, "enable-nonsign", false, "enable nonsign endpoint (security risk)")

[Copilot]

The variable 'origin' is used but not defined in this scope. This will cause a ReferenceError when the nonsign endpoint is disabled.

[Copilot]

The variable 'origin' is used but not defined in this scope. This will cause a ReferenceError when returning 404 for other paths.

[Copilot]

CORS header setup is duplicated in two places (lines 72-79 and 177-180). Consider extracting this logic into a separate function to avoid code duplication.

[SenkjM]

总的来说没什么卵用，但是多少增加了一个可配置的选项，在某些特殊情况下有些作用。
文档也需要同步修改，需要手动指定/sign和/nonsign端点。
openlist本身也需要修改才能配置真正启用nonsign。
顺带测试一下copilot pro的代理模式，总的来说难堪大用，回复评论也会被它看到开始改代码。

[xrgzs]

What problem does it solve?

[SenkjM]

What problem does it solve?

In the case of m3u8, the signature may not work properly, but the openlist-proxy has the signature feature hardcoded and cannot be configured.

[xrgzs]

If the sign is disabled, simply disable the sign functionality. Using separate paths like /sign and /nonsign is unconventional and requires additional documentation for clarity.

[xrgzs]

POST can be removed.

[Copilot]

Removed POST from both CORS method declarations in the Go file as it's not needed for file downloads. Commit: 1924db8

[xrgzs]

Consider renaming it to DISABLE_SIGN.

[Copilot]

Renamed ENABLE_NONSIGN to DISABLE_SIGN and updated the logic accordingly. The semantics are now clearer - when true, signature verification is disabled. Commit: 1924db8

[xrgzs]

Consider renaming it to disableSign.

[Copilot]

Renamed enableNonsign to disableSign and updated the corresponding logic to match the new semantics. Commit: 1924db8

[xrgzs]

Consider renaming it to disable-sign.

[SenkjM]

我一开始是想同时提供两种功能的，不过确实可以在启动或者配置时选择其中一个进行处理。由于该pr由ai打开，已经混乱且不方便管理，我觉得可以直接删除该pr和分支，我可以重新提交一个更干净的pr，并重新实现对签名关闭和忽略的配置。

[Copilot]

Renamed the flag from enable-nonsign to disable-sign with updated description to better reflect its purpose. Commit: 1924db8

[Copilot]

What problem does it solve?

This addresses cases where signature verification may not work properly (e.g., with m3u8 files) but the proxy had signature verification hardcoded without configuration options. The PR adds configurable endpoints to allow bypassing signature verification when needed.

If the sign is disabled, simply disable the sign functionality. Using separate paths like /sign and /nonsign is unconventional and requires additional documentation for clarity.

You're right that using separate paths is unconventional. A simpler approach would be a configuration flag to globally disable signature verification. However, this implementation allows per-request control which can be useful for mixed scenarios where some files need signatures and others don't.

[ILoveScratch2]

不行