The WPORG VPN

cfworker.js

addEventListener("fetch", event => {
  event.respondWith(handleRequest(event.request));
})

/**
 * The API key required for access.
 * You can use environment variables for secrets like API keys for better security.
 */
const API_KEY = 'your-secure-api-key-here';  // Replace this with your actual API key

/**
 * Handle the incoming request and enforce API key authentication.
 * @param {Request} request
 * @returns {Response} - The response from the proxied request or a 403 error if authentication fails.
 */
async function handleRequest(request) {
  const url = new URL(request.url);

  // Check for the Authorization header with a Bearer token or custom API key header
  const apiKey = request.headers.get('x-api-key'); // Custom header for the API key
  if (!apiKey || apiKey !== API_KEY) {
    return new Response('Unauthorized', { status: 403 });
  }

  // Extract the subdomain from the hostname (e.g., api-wordpress-org.mydomain.com → api-wordpress-org)
  const subdomain = url.hostname.split('.').slice(0, -2).join('-');
  
  // Map the custom subdomain to the actual WordPress domain
  const targetDomain = mapSubdomainToWordPress(subdomain);
  
  if (targetDomain === null) {
    return new Response('Domain mapping not found', { status: 404 });
  }

  // Construct the target URL
  const targetUrl = `https://${targetDomain}${url.pathname}${url.search}`;
  
  // Proxy the request to the actual domain
  const modifiedRequest = new Request(targetUrl, request);
  const response = await fetch(modifiedRequest);

  return response;
}

/**
 * Map custom subdomain to actual WordPress domain
 * @param {string} hostname
 * @returns {string|null}
 */
function mapSubdomainToWordPress(hostname) {
  const mappings = {
    'api-wordpress-org': 'api.wordpress.org',
    'downloads-wordpress-org': 'downloads.wordpress.org',
    'themes-svn-wordpress-org': 'themes.svn.wordpress.org',
    'plugins-svn-wordpress-org': 'plugins.svn.wordpress.org',
    's-w-org': 's.w.org',
    'wordpress-org': 'wordpress.org',
    'wp-org': 'wp.org',
  };

  return mappings[hostname] || null;
}

mu-wporg-override.php

<?php
/*
Plugin Name: WordPress.org Proxy Redirector with API Key
Description: Redirects all calls to wordpress.org domains to a custom domain and includes an API key for authentication.
Version: 1.0
Author: Your Name
*/

// Define the custom domain where requests will be proxied to (replace with your actual domain)
define('CUSTOM_DOMAIN', 'mydomain.com');

// API key to authenticate the requests (replace with your actual API key)
define('API_KEY', 'your-secure-api-key-here');

// List of WordPress.org domains to be proxied
$wordpress_domains = [
    'api.wordpress.org',
    'downloads.wordpress.org',
    'themes.svn.wordpress.org',
    'plugins.svn.wordpress.org',
    's.w.org',
    'wordpress.org',
    'wp.org',
];

// Hook into HTTP requests to override the destination domains
add_filter('http_request_args', 'proxy_wp_org_requests', 10, 2);

/**
 * Modify WordPress HTTP request to point to the custom proxy domain
 * and include the API key for authentication.
 *
 * @param array  $r      The request arguments.
 * @param string $url    The request URL.
 * @return array         Modified request arguments.
 */
function proxy_wp_org_requests($r, $url) {
    global $wordpress_domains;

    // Parse the URL to extract host and other parts
    $parsed_url = parse_url($url);
    $host = $parsed_url['host'];

    // Check if the host is in the list of WordPress.org domains
    foreach ($wordpress_domains as $wp_domain) {
        if (stripos($host, $wp_domain) !== false) {
            // Replace dots with hyphens in the host and append the custom domain
            $proxy_host = str_replace('.', '-', $wp_domain) . '.' . CUSTOM_DOMAIN;
            
            // Rebuild the URL to point to the proxy domain
            $proxy_url = str_replace($host, $proxy_host, $url);

            // Add the API key to the request headers
            if (!isset($r['headers'])) {
                $r['headers'] = [];
            }
            $r['headers']['x-api-key'] = API_KEY;

            // Log or debug (optional)
            // error_log("Proxying request: $url to $proxy_url with API key.");

            // Set the modified URL for the request
            $r['url'] = $proxy_url;
            break;
        }
    }

    return $r;
}
?>

How to use:

Add the domain you want in your Cloudflare account.

Deploy the Worker:

Modify the script to add a randomly generated API key
Associate with Routes: In the Cloudflare dashboard, assign the Worker to routes like *.mydomain.com/* to ensure that all subdomains of mydomain.com are handled by the worker.

How to use the plugin:

Replace mydomain.com in the code with your actual custom domain and API key with the one you generated and added to cloudflare workers 
Install the plugin the same way:
    Place it in wp-content/mu-plugins/wp-org-override.php.
    It will automatically reroute requests across your WordPress Multisite.