Implement the following functionality in rAPROXY Assetproxy:
- Add a SIGNING_SECRET variable to config.ts
- Add rewriting code that runs before the eval when rewriting the HTML of the proxied website. It should find all resources linked with <link href and <script src and <img src and srcset and the like and rewrite them to use a new URL of the form:
`${BASE_URL}/assetproxy?url=${encodeURIComponent(original_url)}&signature=${signature}`
- (BASE_URL) can be imported from config.ts
- signature is a safe hash (like SHA-512 - see https://nodejs.org/api/webcrypto.html#webcrypto_digest for an example code) of the URL concatenated with the secret from step 1 (hash(original_url + SECRET)). Signature can be a base64 representation of the hash digest
- Add an endpoint that handles the ${BASE_URL}/assetproxy URLs. It should generate the signature for the original url and compare it with the signature provided in the url. If the signature is missing or incorrect, it should throw a 403 HTTP error. If the signature matches, it should try to serve the cached response from the disk. If it's not present on the disk, it should fetch it, store it on the disk for future use, and reply to the user with the contents of the response.
How to know that it works correctly:
- The proxied website looks and behaves the same as original
- The URLs are replaced in HTML and no requests to third-party domains are made when viewing the proxied website
- The URLs are signed
- When changing one character in the signature of the URL or when removing the signature, it throws an error.