@fanboynz/network-scanner 2.0.65 → 3.0.0

package/lib/socks-relay.js

@@ -0,0 +1,267 @@
+/**
+ * Local no-auth SOCKS5 relay for authenticated SOCKS5 upstreams.
+ *
+ * Chromium cannot authenticate SOCKS5 proxies (crbug.com/256785 — it only
+ * implements the no-auth method 0x00; credentials in --proxy-server are
+ * discarded, and page.authenticate() is HTTP-407-only so it can't help —
+ * SOCKS auth happens at the TCP handshake before any HTTP).
+ *
+ * Workaround: run an in-process no-auth SOCKS5 server bound to 127.0.0.1.
+ * Chromium connects to it without auth (which it CAN do); for each
+ * connection we open an authenticated tunnel to the real upstream via the
+ * `socks` package (RFC 1929 user/pass) and pipe the two together. Domain
+ * address types are forwarded as hostnames so remote DNS still works
+ * end-to-end (no DNS leak).
+ *
+ * Relays are keyed by upstream identity and reused. closeAllRelays() must
+ * be called on scan exit / signal so listening sockets don't leak.
+ */
+
+const net = require('net');
+const { SocksClient } = require('socks');
+const { formatLogMessage, messageColors } = require('./colorize');
+const SOCKS_RELAY_TAG = messageColors.processing('[socks-relay]');
+
+// upstreamKey -> { server, port, activeSockets:Set<net.Socket> }
+const _relays = new Map();
+
+function upstreamKey(u) {
+  return `${u.host}:${u.port}:${u.username || ''}`;
+}
+
+/**
+ * Handle one Chromium->relay connection: minimal SOCKS5 server handshake,
+ * then an authenticated upstream tunnel, then bidirectional pipe.
+ */
+// Bail on a client that connects and never completes SOCKS5 negotiation.
+// Generous enough for a Chromium loopback handshake (microseconds), short
+// enough to catch a stalled / half-open client before the OS TCP keepalive
+// notices (default ~2 hours on Linux).
+const HANDSHAKE_TIMEOUT_MS = 10000;
+
+function handleClient(client, upstream, forceDebug) {
+  let phase = 'greeting';
+  let buf = Buffer.alloc(0);
+  let upstreamSock = null;
+  let settled = false;
+  // Handshake-phase watchdog handle. Assigned after cleanup is declared so
+  // both references in this scope resolve unambiguously.
+  let handshakeTimer = null;
+
+  const cleanup = () => {
+    if (settled) return;
+    settled = true;
+    if (handshakeTimer) { clearTimeout(handshakeTimer); handshakeTimer = null; }
+    try { client.destroy(); } catch (_) {}
+    if (upstreamSock) { try { upstreamSock.destroy(); } catch (_) {} }
+  };
+
+  // Bail on a client that connects and never completes SOCKS5 negotiation
+  // (stalled / half-open / non-SOCKS protocol). Without this, such a socket
+  // sits in activeSockets until the OS TCP keepalive notices — default
+  // ~2 hours on Linux. unref'd so a pending watchdog never holds the
+  // process alive after closeAllRelays().
+  handshakeTimer = setTimeout(() => {
+    if (phase !== 'piping') {
+      if (forceDebug) {
+        console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} handshake timeout (phase=${phase}) — closing`));
+      }
+      cleanup();
+    }
+  }, HANDSHAKE_TIMEOUT_MS);
+  if (typeof handshakeTimer.unref === 'function') handshakeTimer.unref();
+
+  const onData = async (chunk) => {
+    buf = Buffer.concat([buf, chunk]);
+    try {
+      if (phase === 'greeting') {
+        // [0x05, NMETHODS, METHODS...]
+        if (buf.length < 2) return;
+        const nMethods = buf[1];
+        if (buf.length < 2 + nMethods) return;
+        const offered = buf.subarray(2, 2 + nMethods);
+        buf = buf.subarray(2 + nMethods);
+        // We only speak no-auth (0x00) to the local client. Chromium always
+        // offers it; if a client somehow didn't, reply "no acceptable
+        // methods" rather than violate the protocol by selecting unoffered.
+        if (!offered.includes(0x00)) {
+          try { client.write(Buffer.from([0x05, 0xFF])); } catch (_) {}
+          return cleanup();
+        }
+        client.write(Buffer.from([0x05, 0x00])); // select "no auth"
+        phase = 'request';
+      }
+
+      if (phase === 'request') {
+        // [0x05, CMD, 0x00, ATYP, ADDR..., PORT(2 BE)]
+        if (buf.length < 4) return;
+        if (buf[0] !== 0x05) { failReply(client, 0x01); return cleanup(); }
+        const cmd = buf[1];
+        const atyp = buf[3];
+        let host, port, hdrLen;
+
+        if (atyp === 0x01) {                 // IPv4
+          if (buf.length < 10) return;
+          host = `${buf[4]}.${buf[5]}.${buf[6]}.${buf[7]}`;
+          port = buf.readUInt16BE(8);
+          hdrLen = 10;
+        } else if (atyp === 0x03) {          // domain
+          if (buf.length < 5) return;
+          const dLen = buf[4];
+          if (buf.length < 7 + dLen) return;
+          host = buf.subarray(5, 5 + dLen).toString('utf8');
+          port = buf.readUInt16BE(5 + dLen);
+          hdrLen = 7 + dLen;
+        } else if (atyp === 0x04) {          // IPv6
+          if (buf.length < 22) return;
+          const seg = [];
+          for (let i = 0; i < 16; i += 2) seg.push(buf.readUInt16BE(4 + i).toString(16));
+          host = seg.join(':');
+          port = buf.readUInt16BE(20);
+          hdrLen = 22;
+        } else {
+          failReply(client, 0x08);            // address type not supported
+          return cleanup();
+        }
+
+        if (cmd !== 0x01) {                    // only CONNECT
+          failReply(client, 0x07);
+          return cleanup();
+        }
+
+        // Hand the stream to .pipe() from here. Pause + detach this handler
+        // so a data event during the upstream connect can't re-enter.
+        phase = 'connecting';
+        client.pause();
+        client.off('data', onData);
+        const early = buf.subarray(hdrLen);   // any bytes after the request header
+        buf = null;
+
+        let info;
+        try {
+          info = await SocksClient.createConnection({
+            proxy: {
+              host: upstream.host,
+              port: upstream.port,
+              type: 5,
+              userId: upstream.username,
+              password: upstream.password || '',
+            },
+            command: 'connect',
+            destination: { host, port },
+            timeout: 20000,
+          });
+        } catch (e) {
+          if (forceDebug) {
+            console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} upstream connect failed (${host}:${port}): ${e.message}`));
+          }
+          failReply(client, 0x05);             // connection refused
+          return cleanup();
+        }
+
+        upstreamSock = info.socket;
+        try { upstreamSock.setNoDelay(true); } catch (_) {}
+        upstreamSock.on('error', cleanup);
+        upstreamSock.on('close', cleanup);
+        client.on('error', cleanup);
+        client.on('close', cleanup);
+
+        // SOCKS5 success (BND.ADDR 0.0.0.0:0 — Chromium ignores it for CONNECT)
+        client.write(Buffer.from([0x05, 0x00, 0x00, 0x01, 0, 0, 0, 0, 0, 0]));
+        if (early && early.length) upstreamSock.write(early);
+        client.pipe(upstreamSock);
+        upstreamSock.pipe(client);
+        client.resume();
+        phase = 'piping';
+        // Negotiation complete — disarm the handshake watchdog so a
+        // long-running download isn't killed mid-transfer.
+        if (handshakeTimer) { clearTimeout(handshakeTimer); handshakeTimer = null; }
+      }
+    } catch (e) {
+      if (forceDebug) {
+        console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} handler error: ${e.message}`));
+      }
+      cleanup();
+    }
+  };
+
+  client.on('data', onData);
+  client.on('error', cleanup);
+}
+
+// SOCKS5 failure reply (valid only before piping starts).
+function failReply(client, code) {
+  try { client.write(Buffer.from([0x05, code, 0x00, 0x01, 0, 0, 0, 0, 0, 0])); } catch (_) {}
+}
+
+/**
+ * Ensure a relay exists for the given upstream; returns its local port.
+ * Idempotent — repeated calls for the same upstream reuse one relay.
+ *
+ * @param {{host:string,port:number,username:string,password:string}} upstream
+ * @param {boolean} forceDebug
+ * @returns {Promise<number>} local 127.0.0.1 port the relay listens on
+ */
+async function ensureRelay(upstream, forceDebug = false) {
+  const key = upstreamKey(upstream);
+  const existing = _relays.get(key);
+  if (existing) return existing.port;
+
+  const activeSockets = new Set();
+  const server = net.createServer((clientSock) => {
+    // Disable Nagle: page scanning is full of small-packet phases (per-origin
+    // TLS handshakes, small XHR/API calls, the SOCKS handshake itself).
+    // Nagle + delayed-ACK adds ~40ms stalls on those; relays should not.
+    try { clientSock.setNoDelay(true); } catch (_) {}
+    activeSockets.add(clientSock);
+    clientSock.on('close', () => activeSockets.delete(clientSock));
+    handleClient(clientSock, upstream, forceDebug);
+  });
+
+  await new Promise((resolve, reject) => {
+    const onErr = (e) => reject(e);
+    server.once('error', onErr);
+    server.listen(0, '127.0.0.1', () => {
+      server.removeListener('error', onErr);
+      // Keep a listener so a late server error doesn't crash the process.
+      server.on('error', (e) => {
+        if (forceDebug) console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} server error: ${e.message}`));
+      });
+      resolve();
+    });
+  });
+
+  const port = server.address().port;
+  _relays.set(key, { server, port, activeSockets });
+  if (forceDebug) {
+    console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} 127.0.0.1:${port} -> ${upstream.host}:${upstream.port} (auth user "${upstream.username}")`));
+  }
+  return port;
+}
+
+/**
+ * Sync lookup of an already-started relay's port. Returns null if no relay
+ * has been started for this upstream (caller should have called ensureRelay
+ * upfront).
+ */
+function getRelayPort(upstream) {
+  const r = _relays.get(upstreamKey(upstream));
+  return r ? r.port : null;
+}
+
+/**
+ * Tear down every relay: destroy in-flight sockets, close listeners.
+ * Safe to call multiple times.
+ */
+async function closeAllRelays(forceDebug = false) {
+  for (const [key, r] of _relays) {
+    for (const s of r.activeSockets) { try { s.destroy(); } catch (_) {} }
+    await new Promise((res) => {
+      try { r.server.close(() => res()); } catch (_) { res(); }
+    });
+    if (forceDebug) console.log(formatLogMessage('proxy', `${SOCKS_RELAY_TAG} closed relay for ${key}`));
+  }
+  _relays.clear();
+}
+
+module.exports = { ensureRelay, getRelayPort, closeAllRelays };

package/lib/spawn-async.js

@@ -0,0 +1,137 @@
+// === Shared async-spawn helper ===
+// Single canonical implementation of "spawn an external command, collect
+// stdout/stderr with hard caps, enforce a kill timeout" — extracted from
+// what used to be ~400 lines of near-identical Promise wrappers across
+// lib/curl.js, lib/searchstring.js, and lib/grep.js (two sites in the
+// latter). Each caller previously had its own copy of the same pattern:
+// truncate-on-cap, SIGKILL belt-and-braces timer, stdout buffer concat,
+// error/close handlers.
+//
+// Design notes:
+// - Resolves (never rejects). Callers inspect the result object to
+//   distinguish failure modes instead of needing try/catch. Pre-existing
+//   call sites all converted failure into a result-object anyway —
+//   this just standardizes the shape.
+// - stdout/stderr returned as Buffer so the caller decides decoding
+//   (curl's `--write-out` metadata is line-oriented and tolerant of
+//   UTF-8 decoding mid-multibyte; binary HTTP responses are not).
+// - lib/wireguard_vpn.js intentionally stays on spawnSync — its calls
+//   are startup-only (validation, health check) and the synchronous
+//   semantics are simpler. Not all spawn calls benefit from async.
+
+const { spawn } = require('child_process');
+
+const DEFAULT_TIMEOUT_MS = 30000;
+const DEFAULT_MAX_STDOUT = 50 * 1024 * 1024; // 50MB
+const KILL_GRACE_MS = 5000; // belt-and-braces SIGKILL after timeout+grace
+
+/**
+ * Spawn a process asynchronously, collect stdout/stderr with hard caps,
+ * enforce a kill timeout. Resolves with a result object describing what
+ * happened — never rejects.
+ *
+ * @param {string} cmd - Executable name (no shell — args are not parsed)
+ * @param {string[]} args - Argument array
+ * @param {object} [opts]
+ * @param {number} [opts.timeout=30000] - Soft timeout in ms; primary
+ *   limit is whatever the executable itself enforces (e.g. curl
+ *   --max-time). This is the belt-and-braces SIGKILL deadline fired at
+ *   `timeout + 5000` ms.
+ * @param {number} [opts.maxStdout=52428800] - Cap on stdout collection.
+ *   When the cap is exceeded the child is killed with SIGTERM and the
+ *   result has `truncated: true`.
+ * @param {string|Buffer} [opts.input] - Data to write to the child's
+ *   stdin then close. EPIPE on stdin is swallowed (child may exit early).
+ * @param {boolean} [opts.collectStderr=true] - When false, stderr is
+ *   drained but not retained (saves memory when caller doesn't need it).
+ * @returns {Promise<{
+ *   code: number|null,
+ *   signal: string|null,
+ *   stdout: Buffer,
+ *   stderr: Buffer,
+ *   truncated: boolean,
+ *   error: string|null
+ * }>}
+ */
+function runProcess(cmd, args, opts = {}) {
+  const {
+    timeout = DEFAULT_TIMEOUT_MS,
+    maxStdout = DEFAULT_MAX_STDOUT,
+    input,
+    collectStderr = true
+  } = opts;
+
+  return new Promise((resolve) => {
+    let child;
+    try {
+      child = spawn(cmd, args);
+    } catch (spawnErr) {
+      resolve({
+        code: null, signal: null,
+        stdout: Buffer.alloc(0), stderr: Buffer.alloc(0),
+        truncated: false, error: spawnErr.message
+      });
+      return;
+    }
+
+    const stdoutChunks = [];
+    const stderrChunks = [];
+    let stdoutBytes = 0;
+    let truncated = false;
+
+    child.stdout.on('data', (chunk) => {
+      if (truncated) return;
+      if (stdoutBytes + chunk.length > maxStdout) {
+        truncated = true;
+        try { child.kill('SIGTERM'); } catch (_) {}
+        return;
+      }
+      stdoutBytes += chunk.length;
+      stdoutChunks.push(chunk);
+    });
+
+    if (collectStderr) {
+      child.stderr.on('data', (chunk) => { stderrChunks.push(chunk); });
+    } else {
+      child.stderr.on('data', () => {}); // drain but discard
+    }
+
+    // SIGKILL belt-and-braces after timeout+grace. unref'd so the timer
+    // doesn't keep the event loop alive on its own; if the process exits
+    // earlier, the timer is cleared in the close handler.
+    const killTimer = setTimeout(() => {
+      try { child.kill('SIGKILL'); } catch (_) {}
+    }, timeout + KILL_GRACE_MS);
+    if (typeof killTimer.unref === 'function') killTimer.unref();
+
+    child.on('error', (err) => {
+      clearTimeout(killTimer);
+      resolve({
+        code: null, signal: null,
+        stdout: Buffer.concat(stdoutChunks),
+        stderr: Buffer.concat(stderrChunks),
+        truncated, error: err.message
+      });
+    });
+
+    child.on('close', (code, signal) => {
+      clearTimeout(killTimer);
+      resolve({
+        code, signal,
+        stdout: Buffer.concat(stdoutChunks),
+        stderr: Buffer.concat(stderrChunks),
+        truncated, error: null
+      });
+    });
+
+    if (input !== undefined) {
+      // EPIPE if the child exited before we finished writing (e.g. grep
+      // matched and bailed early, or our truncation kill fired). Swallow
+      // so it doesn't surface as an unhandled stream error.
+      child.stdin.on('error', () => {});
+      child.stdin.end(input);
+    }
+  });
+}
+
+module.exports = { runProcess };