[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74858":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":14,"stars7d":15,"stars30d":16,"stars90d":13,"forks30d":13,"starsTrendScore":17,"compositeScore":18,"rankGlobal":8,"rankLanguage":8,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":8,"pushedAt":8,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":13,"starSnapshotCount":13,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},74858,"AssppWeb","Lakr233\u002FAssppWeb","Lakr233",null,"TypeScript",2512,356,3,0,31,55,108,93,106.66,"MIT License",false,"main",[],"2026-06-12 04:01:16","# AssppWeb\n\nA web-based tool for acquiring and installing iOS apps outside the App Store. Authenticate with your Apple ID, search for apps, acquire licenses, and install IPAs directly to your device.\n\n![preview](.\u002Fresources\u002Fpreview.png)\n\n## Zero-Trust Architecture\n\nAssppWeb uses a zero-trust design where the server **never sees your Apple credentials**. All Apple API communication happens directly in your browser via WebAssembly (libcurl.js with Mbed TLS 1.3). The server only acts as a blind TCP relay (Wisp protocol) and handles IPA compilation from public CDN downloads.\n\n> **⚠️ Important Security Notice:** There are no official Asspp Web instances. Use any public instance at your own risk. While the backend cannot read your encrypted traffic, a malicious host could serve a modified frontend to capture your credentials before encryption. Therefore, **do not blindly trust public instances**. We strongly recommend self-hosting your own instance or using one provided by a trusted partner. Always verify the SSL certificate and ensure you are connecting to a secure, authentic endpoint.\n\n**恳请所有转发项目的博主对自己的受众进行网络安全技术科普。要有哪个不拎清的大头儿子搞出事情来都够我们喝一壶的。**\n\n## Quick Start\n\n### Deploy to Cloudflare\n\n[![Deploy to Cloudflare](https:\u002F\u002Fdeploy.workers.cloudflare.com\u002Fbutton)](https:\u002F\u002Fdeploy.workers.cloudflare.com\u002F?url=https:\u002F\u002Fgithub.com\u002FLakr233\u002FAssppWeb&apiTokenTmpl=%5B%7B%22key%22%3A%22workers_scripts%22%2C%22type%22%3A%22write%22%7D%2C%7B%22key%22%3A%22containers%22%2C%22type%22%3A%22write%22%7D%2C%7B%22key%22%3A%22cloudchamber%22%2C%22type%22%3A%22write%22%7D%5D&apiTokenName=AssppWeb%20Deploy)\n\nThis uses Cloudflare Workers + Containers with the published image `ghcr.io\u002Flakr233\u002Fassppweb:latest`.\n\nRequirements:\n\n- Cloudflare Workers **Paid** plan (Containers are not available on Free).\n- Deploy\u002Fbuild token with:\n - `Workers Scripts Edit`\n - `Containers Edit`\n - `Cloudchamber Edit`\n\nIf your build log fails at `Deploy a container application` with `Unauthorized`, your build token is missing required Containers\u002FCloudchamber permissions.\n\n### Deploy to Railway\n\n\u003Cdetails>\n\u003Csummary>Click to show Railway deployment instructions\u003C\u002Fsummary>\n\n1. Go to [railway.com\u002Fnew\u002Fimage](https:\u002F\u002Frailway.com\u002Fnew\u002Fimage) → enter `ghcr.io\u002Flakr233\u002Fassppweb:latest`\n2. In service **Settings**, set **Healthcheck Path** to `\u002Fapi\u002Fsettings` and deploy\n3. Right-click the service → **Attach volume** → mount path: `\u002Fdata`\n4. In **Variables**, set `DATA_DIR` = `\u002Fdata` and deploy\n5. In **Settings** → **Networking**, generate a public domain or add a custom domain\n\n**Notes**\n\n- The free trial works but has limitations (volume expiry, network restrictions). **Hobby** plan ($5\u002Fmonth) or above is recommended for reliable use.\n- Enable [**Serverless**](https:\u002F\u002Fdocs.railway.com\u002Fdeployments\u002Fserverless) in service settings to scale down to zero during idle periods\n- Railway [auto-updates](https:\u002F\u002Fdocs.railway.com\u002Fdeployments\u002Fimage-auto-updates) `:latest` images from GHCR — new releases will be deployed automatically within a few hours\n\n> **⚠️ Custom domain with Cloudflare:** Railway's Cloudflare integration creates DNS records with Proxy enabled (orange cloud) by default. After authorizing, go to Cloudflare DNS settings and switch the CNAME record to **DNS only** (gray cloud) — Railway handles TLS automatically. If you keep Cloudflare Proxy on, you must set SSL\u002FTLS mode to **Full** (not Flexible or Full Strict), otherwise you'll get an infinite redirect loop. See [Railway docs](https:\u002F\u002Fdocs.railway.com\u002Fnetworking\u002Ftroubleshooting\u002Fssl#err_too_many_redirects).\n\n\u003C\u002Fdetails>\n\n### Self-Host with Docker Compose\n\n\u003Cdetails>\n\u003Csummary>Click to show manual Docker Compose setup instructions\u003C\u002Fsummary>\n\n**Setup Docker Compose**\n\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLakr233\u002FAssppWeb\u002Fmain\u002Fcompose.yml\ndocker compose up -d\n```\n\n**Environment Variables**\n\n| Variable | Default | Description |\n| ------------------------------------------- | --------------- | ------------------------------------------------------------------------------------------- |\n| `PORT` | `8080` | Server listen port |\n| `DATA_DIR` | `.\u002Fdata` | Directory for storing compiled IPAs |\n| `PUBLIC_BASE_URL` | _(auto-detect)_ | Public URL for generating install manifests (e.g. `https:\u002F\u002Fasspp.example.com`) |\n| `UNSAFE_DANGEROUSLY_DISABLE_HTTPS_REDIRECT` | `false` | Disable HTTPS redirect (see warning below) |\n| `AUTO_CLEANUP_DAYS` | `0` | Automatically delete cached IPA files older than specified days (0 to disable) |\n| `AUTO_CLEANUP_MAX_MB` | `0` | Automatically delete oldest cached IPA files when size exceeds this MB limit (0 to disable) |\n| `MAX_DOWNLOAD_MB` | `0` | Reject downloads exceeding this size in MB to prevent out-of-memory errors (0 to disable) |\n| `DOWNLOAD_THREADS` | `8` | Number of parallel threads for IPA downloads (1–32) |\n| `ACCESS_PASSWORD` | _(none)_ | Require a password to access the web UI and API (empty to disable) |\n\n**Reverse Proxy (Required for Install Apps on iOS)**\n\niOS requires HTTPS for `itms-services:\u002F\u002F` install links. You must put AssppWeb behind a reverse proxy with a valid TLS certificate.\n\n> **⚠️ Redirect loop (`ERR_TOO_MANY_REDIRECTS`)?** Some reverse proxies (e.g. NAS built-in proxies) always send `X-Forwarded-Proto: http` even when the client connected via HTTPS, causing an infinite redirect loop. If you cannot configure your proxy to send the correct header, set `UNSAFE_DANGEROUSLY_DISABLE_HTTPS_REDIRECT=true` as a last resort. **This disables the HTTP→HTTPS redirect — you must ensure your proxy enforces HTTPS externally.**\n\nThe following is an example Caddyfile configuration:\n\n```\nasspp.example.com { reverse_proxy 127.0.0.1:8080 }\n```\n\n**⚠️ Make Sure WebSocket Works**\n\nAssppWeb relies on the Wisp protocol over WebSocket (`\u002Fwisp\u002F`) for its zero-trust architecture. Ensure your reverse proxy or CDN (e.g., Nginx, Cloudflare) is configured to allow WebSocket connections, otherwise the app will fail to communicate with Apple servers.\n\n\u003C\u002Fdetails>\n\n## Security Recommendations\n\n**DDoS Protection**\n\nIPA files can be hundreds of megabytes. If your instance is publicly accessible, put it behind a CDN like Cloudflare to absorb bandwidth and prevent abuse.\n\n## License\n\nMIT License. See [LICENSE](LICENSE) for details.\n\n## 🥰 Acknowledgments\n\nFor projects that was stolen and used heavily:\n\n- [ipatool](https:\u002F\u002Fgithub.com\u002Fmajd\u002Fipatool)\n- [Asspp](https:\u002F\u002Fgithub.com\u002FLakr233\u002FAsspp)\n\nFor friends who helped with testing and feedback:\n\n- [@lbr77](https:\u002F\u002Fgithub.com\u002Flbr77)\n- [@akinazuki](https:\u002F\u002Fgithub.com\u002Fakinazuki)\n","AssppWeb 是一个基于网页的工具,用于在App Store之外获取和安装iOS应用程序。其核心功能包括使用Apple ID进行身份验证、搜索应用、获取许可,并直接将IPA文件安装到设备上。技术特点方面,AssppWeb采用了零信任架构设计,服务器不会接触到用户的Apple凭证;所有与Apple API的通信都通过浏览器内的WebAssembly (libcurl.js配以Mbed TLS 1.3)直接完成,确保了用户数据的安全性。该工具适用于需要绕过官方应用商店限制来安装特定iOS应用的场景,如测试版软件或企业内部应用分发等。鉴于安全考量,强烈建议用户自行部署服务端或仅连接至可信赖的实例。",2,"2026-06-11 03:51:09","high_star"]