cnpmcore icon indicating copy to clipboard operation
cnpmcore copied to clipboard
verified publisher icon cnpm

nw.js 没有同步?

Open abcfy2 opened this issue 1 month ago • 9 comments

https://registry.npmmirror.com/binary.html?path=nwjs/

nwjs 版本怎么从今年开始就再也没有同步了?

abcfy2 avatar Nov 28 '25 05:11 abcfy2

估计 nwjs 的分发页面逻辑变化了,晚点看看

fengmk2 avatar Nov 28 '25 06:11 fengmk2

看着是 bug,有数据没有同步上来 https://r.cnpmjs.org/binary.html?path=nwjs/

fengmk2 avatar Nov 29 '25 05:11 fengmk2

需要更新到 https://dl.nwjs.io/

fengmk2 avatar Nov 29 '25 06:11 fengmk2

目前无法同步了,走了 r2 的动态请求,需要正常浏览器访问才能同步,像我们这种脚本请求无法实现。

curl 'https://6883a4a09c48918c64df1ec7ddb744ba.r2.cloudflarestorage.com/nwjs?list-type=2&delimiter=%2F&prefix=v0.59.0%2F' \
  -H 'Accept: */*' \
  -H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8' \
  -H 'Authorization: AWS4-HMAC-SHA256 Credential=90fdca5d031b05eed0ef896a56a9521a/20251129/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-user-agent, Signature=12cd16f7d446e60007785b9639961c166df6662f960bc2571dae4eb564ff8e6c' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Origin: https://dl.nwjs.io' \
  -H 'Pragma: no-cache' \
  -H 'Referer: https://dl.nwjs.io/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' \
  -H 'X-Amz-Content-Sha256: UNSIGNED-PAYLOAD' \
  -H 'X-Amz-Date: 20251129T150304Z' \
  -H 'X-Amz-User-Agent: aws-sdk-js/2.1148.0 callback' \
  -H 'sec-ch-ua: "Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"'

fengmk2 avatar Nov 29 '25 15:11 fengmk2

是否考虑使用 http 递归爬取的方案?因为 https://dl.nwjs.io 是没有 CF 保护的。而国内一些镜像站在没有 rsync 可用的情况下也是通过 http 递归爬取的方式同步的

abcfy2 avatar Nov 29 '25 15:11 abcfy2

@abcfy2 二级页面就无法爬取了 https://dl.nwjs.io/v0.106.0/

fengmk2 avatar Nov 29 '25 15:11 fengmk2

但是意外发现不知道 nwjs 的程序员是故意的还是不小心,居然把 R2 的 AK 泄漏到前端页面上去了:

            /**
             * Setup S3 bucket params.
             */
            var s3Params = {
                bucketName:     'nwjs',
                bucketEndpoint: 'https://6883a4a09c48918c64df1ec7ddb744ba.r2.cloudflarestorage.com',
                accessKeyId:    '90fdca5d031b05eed0ef896a56a9521a',
                secretAccessKey:'34eeb665b34bfb9b773a8ff763a15e76621f541fdbbadeca6ed23e6d99c878ad'
            };

试了下直接使用 aws cli (aws s3 sync)就可以同步了:

AWS_ACCESS_KEY_ID=90fdca5d031b05eed0ef896a56a9521a \
AWS_SECRET_ACCESS_KEY=34eeb665b34bfb9b773a8ff763a15e76621f541fdbbadeca6ed23e6d99c878ad \
AWS_REGION=auto \
aws s3 --endpoint-url https://6883a4a09c48918c64df1ec7ddb744ba.r2.cloudflarestorage.com sync --exclude 'live-build/*' s3://nwjs/ .

就是不知道官方多久会发现这个问题,不确定这个 AK 还能用多久

abcfy2 avatar Nov 29 '25 15:11 abcfy2

估计是会定时滚动轮换?看着 nwjs 不太喜欢别人去同步。

fengmk2 avatar Nov 29 '25 16:11 fengmk2

等了一天,目前来看好像密钥没有轮换,所以不行就先用它页面上的密钥使用 aws cli 同步再说,这样可以暂时恢复同步。等官方改了再找别的方案

abcfy2 avatar Nov 30 '25 12:11 abcfy2