| --- |
| title: img-proxy |
| emoji: πΌοΈ |
| colorFrom: blue |
| colorTo: green |
| sdk: docker |
| pinned: false |
| --- |
| |
| # MangaDex Image/Auth Proxy |
|
|
| Two small proxies for projects that need MangaDex data in a browser, README renderer, or hosted automation. |
|
|
| - `image/` is an Express image proxy for MangaDex covers. It is meant for Hugging Face Spaces and other Docker hosts. |
| - `image/cloudflare-worker/` is the same cover proxy as a Cloudflare Worker. |
| - `auth/` is a Cloudflare Worker CORS proxy for MangaDex OAuth/API setup flows. |
|
|
| The root `Dockerfile` runs the image proxy, so this repository can be used directly as a Docker Hugging Face Space. |
|
|
| ## Why This Exists |
|
|
| MangaDex does not add CORS headers for third-party websites. If a browser app calls MangaDex directly, the browser may block the response even when MangaDex returned data correctly. |
|
|
| Cover images can also behave differently inside markdown previews because the preview site sends its own `Referer` and image request headers. The image proxy requests MangaDex covers with browser-like headers and then serves the image from your own domain with permissive cross-origin headers. |
|
|
| Use a proxy you control for auth. The auth proxy sees the request body while generating tokens. |
|
|
| ## Project Layout |
|
|
| ```text |
| mangadex-image-auth-proxy/ |
| ββ Dockerfile |
| ββ README.md |
| ββ auth/ |
| β ββ README.md |
| β ββ package-lock.json |
| β ββ package.json |
| β ββ tsconfig.json |
| β ββ worker.ts |
| β ββ wrangler.toml |
| ββ image/ |
| ββ Dockerfile |
| ββ README.md |
| ββ cloudflare-worker/ |
| ββ package-lock.json |
| ββ package.json |
| ββ server.js |
| ``` |
|
|
| ## Deploy Image Proxy On Hugging Face |
|
|
| 1. Create a new Hugging Face Space. |
| 2. Select `Docker` as the Space SDK. |
| 3. Upload or push this repository. |
| 4. Hugging Face builds the root `Dockerfile`. |
| 5. The image proxy listens on port `7860`. |
|
|
| Example proxy URL after deployment: |
|
|
| ```text |
| https://your-space.hf.space/covers/<manga-id>/<cover-file>.256.jpg |
| ``` |
|
|
| The proxy fetches: |
|
|
| ```text |
| https://uploads.mangadex.org/covers/<manga-id>/<cover-file>.256.jpg |
| ``` |
|
|
| For `MAL-ReadmeList` / `mangadex-readlist`, use: |
|
|
| ```yaml |
| cover_proxy_url: "https://your-space.hf.space${path}" |
| ``` |
|
|
| ## Deploy Image Proxy On Cloudflare |
|
|
| If you prefer a Worker instead of Hugging Face: |
|
|
| ```bash |
| cd image/cloudflare-worker |
| npm install |
| npm run deploy |
| ``` |
|
|
| Then use: |
|
|
| ```yaml |
| cover_proxy_url: "https://your-worker.example${path}" |
| ``` |
|
|
| If your image format already uses `https://mangadex.org/covers/...`, the proxy still accepts the full URL and strips the MangaDex domain before fetching from `uploads.mangadex.org`. |
|
|
| ## Image Proxy Local Test |
|
|
| ```bash |
| cd image |
| npm install |
| npm start |
| ``` |
|
|
| Open: |
|
|
| ```text |
| http://localhost:7860/covers/<manga-id>/<cover-file>.256.jpg |
| ``` |
|
|
| You can also pass a full URL through `url`: |
|
|
| ```text |
| http://localhost:7860/?url=https://uploads.mangadex.org/covers/<manga-id>/<cover-file>.256.jpg |
| ``` |
|
|
| ## Deploy Auth Proxy On Cloudflare |
|
|
| The auth proxy is a Cloudflare Worker. It is mainly useful for a plain HTML setup wizard that needs to call MangaDex OAuth from the browser. |
|
|
| ```bash |
| cd auth |
| npm install |
| npm run deploy |
| ``` |
|
|
| Example usage: |
|
|
| ```text |
| https://your-worker.example/https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token |
| ``` |
|
|
| For a setup wizard CORS proxy value: |
|
|
| ```text |
| https://your-worker.example/ |
| ``` |
|
|
| The worker preserves `application/x-www-form-urlencoded` request bodies, which is required for MangaDex OAuth token requests. |
|
|
| ## Auth Proxy Local Test |
|
|
| ```bash |
| cd auth |
| npm install |
| npm run dev |
| ``` |
|
|
| Then send a token request through the local Worker URL using placeholder values: |
|
|
| ```bash |
| curl "http://localhost:8787/https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token" \ |
| -H "content-type: application/x-www-form-urlencoded" \ |
| --data "grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET" |
| ``` |
|
|
| Do not commit real credentials, refresh tokens, or `.dev.vars`. |
|
|
| ## Security Notes |
|
|
| - The auth proxy can see usernames, passwords, client secrets, access tokens, and refresh tokens if you send them through it. |
| - Deploy your own auth proxy. Do not send MangaDex credentials through a random public CORS proxy. |
| - The image proxy is lower risk because it only requests public image paths, but it is still a public endpoint. |
| - Keep the image proxy path-based if possible: `https://your-space.hf.space${path}`. |
| - Keep the auth proxy limited to setup/testing. GitHub Actions should use stored secrets directly, not the browser proxy. |
|
|
| ## Recommended ReadmeList Settings |
|
|
| For cover images: |
|
|
| ```yaml |
| cover_url_format: "https://uploads.mangadex.org/covers/${mangaId}/${coverFileName}.256.jpg" |
| cover_proxy_url: "https://your-space.hf.space${path}" |
| ``` |
|
|
| For a browser setup wizard: |
|
|
| ```text |
| https://your-auth-worker.example/ |
| ``` |
|
|
| ## Publish To GitHub |
|
|
| From this folder: |
|
|
| ```bash |
| git init |
| git add . |
| git commit -m "Initial MangaDex auth and image proxies" |
| git branch -M main |
| git remote add origin https://github.com/gamersindo1223/mangadex-image-auth-proxy.git |
| git push -u origin main |
| ``` |
|
|
| Create the GitHub repository first if it does not exist yet. |
|
|