npm - @lightharu/krouter - Versions diffs - 1.8.0 - Mend

@lightharu/krouter 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/LICENSE +679 -0
package/README.md +238 -0
package/dist-web/assets/index-CM4-0adf.css +1 -0
package/dist-web/assets/index-DCslvfUR.js +139 -0
package/dist-web/favicon.svg +9 -0
package/dist-web/icon.svg +9 -0
package/dist-web/index.html +19 -0
package/out-server/main/kiroAuthSync.js +249 -0
package/out-server/main/kproxy/certManager.js +262 -0
package/out-server/main/kproxy/index.js +254 -0
package/out-server/main/kproxy/mitmProxy.js +475 -0
package/out-server/main/kproxy/types.js +23 -0
package/out-server/main/proxy/accountPool.js +543 -0
package/out-server/main/proxy/clientConfig.js +596 -0
package/out-server/main/proxy/index.js +25 -0
package/out-server/main/proxy/kiroApi.js +1996 -0
package/out-server/main/proxy/logger.js +407 -0
package/out-server/main/proxy/modelCatalog.js +75 -0
package/out-server/main/proxy/promptCacheTracker.js +301 -0
package/out-server/main/proxy/proxyServer.js +3543 -0
package/out-server/main/proxy/selfSignedCert.js +179 -0
package/out-server/main/proxy/systemProxy.js +250 -0
package/out-server/main/proxy/tokenCounter.js +164 -0
package/out-server/main/proxy/toolNameRegistry.js +57 -0
package/out-server/main/proxy/translator.js +1084 -0
package/out-server/main/proxy/types.js +3 -0
package/out-server/main/registration/browser-identity.js +184 -0
package/out-server/main/registration/chainProxy.js +349 -0
package/out-server/main/registration/config.js +58 -0
package/out-server/main/registration/email-service.js +801 -0
package/out-server/main/registration/fingerprint.js +352 -0
package/out-server/main/registration/http-utils.js +148 -0
package/out-server/main/registration/jwe.js +74 -0
package/out-server/main/registration/names.js +142 -0
package/out-server/main/registration/proton-mail-window.js +339 -0
package/out-server/main/registration/registrar.js +1715 -0
package/out-server/main/registration/tlsClientPool.js +70 -0
package/out-server/main/registration/xxtea.js +161 -0
package/out-server/main/runtimePaths.js +19 -0
package/out-server/main/utils/redact.js +95 -0
package/out-server/server/index.js +1272 -0
package/out-server/server/services/accountExtras.js +105 -0
package/out-server/server/services/accountProfileHydration.js +95 -0
package/out-server/server/services/authFlows.js +509 -0
package/out-server/server/services/dashboardTunnel.js +315 -0
package/out-server/server/services/diagnostics.js +326 -0
package/out-server/server/services/kiroAccounts.js +431 -0
package/out-server/server/services/kiroSettings.js +260 -0
package/out-server/server/services/kproxyRuntime.js +264 -0
package/out-server/server/services/localKiroCredentials.js +320 -0
package/out-server/server/services/machineIdRuntime.js +327 -0
package/out-server/server/services/protonBrowserRuntime.js +724 -0
package/out-server/server/services/proxyRuntime.js +523 -0
package/out-server/server/services/registrationRuntime.js +106 -0
package/out-server/server/store.js +266 -0
package/package.json +113 -0
package/resources/tls-client-xgo-1.14.0-windows-amd64.dll +0 -0
package/scripts/kiro-manager-cli.cjs +3 -0
package/scripts/krouter-cli.cjs +509 -0
package/src/renderer/src/assets/krouter-logo.svg +11 -0
package/src/renderer/src/assets/krouter-mark.svg +9 -0

package/out-server/main/proxy/types.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+// Kiro Proxy 类型定义
+Object.defineProperty(exports, "__esModule", { value: true });

package/out-server/main/registration/browser-identity.js ADDED Viewed

@@ -0,0 +1,184 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.randomFullName = void 0;
+exports.randomIdentity = randomIdentity;
+const crypto_1 = __importDefault(require("crypto"));
+const LSUBID_PREFIXES = ['X10', 'X19', 'X42', 'X55', 'X73', 'X81', 'X96'];
+const GPU_CONFIGS = [
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) Iris(R) Xe Graphics (0x000046A6) Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) UHD Graphics 630 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) UHD Graphics 770 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) UHD Graphics 730 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) HD Graphics 620 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) HD Graphics 530 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (Intel)', model: 'ANGLE (Intel, Intel(R) Iris(R) Plus Graphics Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce GTX 1060 6GB Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 3060 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce GTX 1650 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 2060 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 3070 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 4060 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce GTX 1080 Ti Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 3080 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce GTX 1070 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (NVIDIA)', model: 'ANGLE (NVIDIA, NVIDIA GeForce RTX 4070 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (AMD)', model: 'ANGLE (AMD, AMD Radeon RX 580 Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (AMD)', model: 'ANGLE (AMD, AMD Radeon RX 6600 XT Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (AMD)', model: 'ANGLE (AMD, AMD Radeon RX 5700 XT Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (AMD)', model: 'ANGLE (AMD, AMD Radeon RX 6700 XT Direct3D11 vs_5_0 ps_5_0, D3D11)' },
+    { vendor: 'Google Inc. (AMD)', model: 'ANGLE (AMD, AMD Radeon RX 570 Direct3D11 vs_5_0 ps_5_0, D3D11)' }
+];
+const SCREEN_CONFIGS = [
+    [1920, 1080, 1920, 1040, 24], [2560, 1440, 2560, 1400, 24],
+    [1920, 1200, 1920, 1160, 24], [1366, 768, 1366, 728, 24],
+    [1536, 864, 1536, 824, 24], [1680, 1050, 1680, 1010, 24],
+    [1440, 900, 1440, 860, 24], [1600, 900, 1600, 860, 24],
+    [2560, 1080, 2560, 1040, 24], [3440, 1440, 3440, 1400, 24],
+    [3840, 2160, 3840, 2120, 24], [1280, 1024, 1280, 984, 24]
+];
+const MATH_POOL = [
+    { tan: '-1.4214488238747245', sin: '0.8178819121159085', cos: '-0.5753861119575491' },
+    { tan: '-1.4214488238747245', sin: '0.8178819121159085', cos: '-0.5765775004286854' },
+    { tan: '-1.4214488238747243', sin: '0.8178819121159083', cos: '-0.5753861119575489' },
+    { tan: '-1.4214488238747247', sin: '0.8178819121159087', cos: '-0.5753861119575493' },
+    { tan: '-1.4214488238747244', sin: '0.8178819121159084', cos: '-0.5765775004286855' },
+    { tan: '-1.4214488238747246', sin: '0.8178819121159086', cos: '-0.5753861119575490' },
+    { tan: '-1.4214488238747242', sin: '0.8178819121159082', cos: '-0.5765775004286853' },
+    { tan: '-1.4214488238747248', sin: '0.8178819121159088', cos: '-0.5753861119575492' },
+    { tan: '-1.4214488238747241', sin: '0.8178819121159081', cos: '-0.5765775004286852' },
+    { tan: '-1.4214488238747249', sin: '0.8178819121159089', cos: '-0.5753861119575494' }
+];
+const WEBGL_EXT_CORE = [
+    'ANGLE_instanced_arrays', 'EXT_blend_minmax', 'EXT_color_buffer_half_float',
+    'EXT_float_blend', 'EXT_frag_depth', 'EXT_shader_texture_lod',
+    'EXT_texture_filter_anisotropic', 'EXT_sRGB', 'KHR_parallel_shader_compile',
+    'OES_element_index_uint', 'OES_fbo_render_mipmap', 'OES_standard_derivatives',
+    'OES_texture_float', 'OES_texture_float_linear', 'OES_texture_half_float',
+    'OES_texture_half_float_linear', 'OES_vertex_array_object',
+    'WEBGL_color_buffer_float', 'WEBGL_compressed_texture_s3tc',
+    'WEBGL_compressed_texture_s3tc_srgb', 'WEBGL_debug_renderer_info',
+    'WEBGL_debug_shaders', 'WEBGL_depth_texture', 'WEBGL_draw_buffers',
+    'WEBGL_lose_context', 'WEBGL_multi_draw'
+];
+const WEBGL_EXT_OPTIONAL = [
+    'EXT_disjoint_timer_query', 'EXT_texture_compression_bptc',
+    'EXT_texture_compression_rgtc', 'WEBGL_compressed_texture_astc',
+    'WEBGL_compressed_texture_etc', 'OES_draw_buffers_indexed',
+    'EXT_color_buffer_float'
+];
+const PLUGINS_POOL = [
+    { name: 'PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+    { name: 'Chrome PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+    { name: 'Chromium PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+    { name: 'Microsoft Edge PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+    { name: 'WebKit built-in PDF', filename: 'internal-pdf-viewer', description: 'Portable Document Format' }
+];
+function randInt(max) {
+    return Math.floor(Math.random() * max);
+}
+function pick(arr) {
+    return arr[randInt(arr.length)];
+}
+function shuffle(arr) {
+    for (let i = arr.length - 1; i > 0; i--) {
+        const j = randInt(i + 1);
+        [arr[i], arr[j]] = [arr[j], arr[i]];
+    }
+    return arr;
+}
+function generateCanvasData() {
+    const bins = new Array(256).fill(0);
+    const totalSamples = 36000;
+    bins[0] = 10000 + randInt(5001);
+    bins[255] = 12000 + randInt(4001);
+    const colorPeaks = [
+        [255, 400 + randInt(301)], [165, 200 + randInt(201)],
+        [0, 300 + randInt(301)], [128, 100 + randInt(201)],
+        [64, 50 + randInt(101)], [192, 80 + randInt(121)],
+        [32, 30 + randInt(71)], [224, 60 + randInt(121)]
+    ];
+    for (const [idx, val] of colorPeaks)
+        bins[idx] = val;
+    let remaining = totalSamples - bins.reduce((a, b) => a + b, 0);
+    for (let i = 1; i < 255; i++) {
+        if (bins[i] === 0 && remaining > 0) {
+            const v = Math.min(4 + randInt(97), remaining);
+            bins[i] = v;
+            remaining -= v;
+        }
+    }
+    bins[0] += remaining;
+    const raw = Buffer.alloc(256 * 4);
+    for (let i = 0; i < 256; i++)
+        raw.writeUInt32LE(bins[i], i * 4);
+    const digest = crypto_1.default.createHash('sha256').update(raw).digest();
+    const hash = digest.readInt32LE(0);
+    return { hash, histogram: bins };
+}
+/**
+ * 生成真实范围的 Chrome 详细版本号（major.minor.build.patch）
+ * Chrome 稳定版格式：主版本.0.buildNumber.patchNumber
+ * 随机从近几个主版本中选取，build/patch 在真实范围内随机
+ */
+function randomChromeVersion() {
+    // 近期稳定版主版本及其对应的 build 号范围 (从 Chromium release history)
+    const versions = [
+        { major: 137, buildMin: 7151, buildMax: 7160 },
+        { major: 138, buildMin: 7204, buildMax: 7213 },
+        { major: 139, buildMin: 7259, buildMax: 7268 },
+        { major: 140, buildMin: 7316, buildMax: 7325 },
+        { major: 141, buildMin: 7371, buildMax: 7380 },
+        { major: 142, buildMin: 7430, buildMax: 7439 },
+        { major: 143, buildMin: 7485, buildMax: 7494 },
+        { major: 144, buildMin: 7544, buildMax: 7553 },
+        { major: 145, buildMin: 7601, buildMax: 7610 },
+        { major: 146, buildMin: 7660, buildMax: 7669 },
+    ];
+    const v = versions[Math.floor(Math.random() * versions.length)];
+    const build = v.buildMin + Math.floor(Math.random() * (v.buildMax - v.buildMin + 1));
+    const patch = Math.floor(Math.random() * 150); // patch 通常 0-150
+    return `${v.major}.0.${build}.${patch}`;
+}
+function randomIdentity() {
+    const chromeVer = randomChromeVersion();
+    const gpu = pick(GPU_CONFIGS);
+    const scr = pick(SCREEN_CONFIGS);
+    const math = pick(MATH_POOL);
+    const { hash: canvasHash, histogram } = generateCanvasData();
+    const exts = [...WEBGL_EXT_CORE];
+    const nOpt = randInt(5);
+    if (nOpt > 0) {
+        const perm = shuffle([...Array(WEBGL_EXT_OPTIONAL.length).keys()]);
+        for (let i = 0; i < Math.min(nOpt, WEBGL_EXT_OPTIONAL.length); i++) {
+            exts.push(WEBGL_EXT_OPTIONAL[perm[i]]);
+        }
+    }
+    exts.sort();
+    const plugins = shuffle([...PLUGINS_POOL]);
+    return {
+        chromeVer: chromeVer,
+        ua: `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${chromeVer} Safari/537.36`,
+        gpuVendor: gpu.vendor,
+        gpuModel: gpu.model,
+        webGLExts: exts,
+        canvasHash,
+        histogramBase: histogram,
+        mathTan: math.tan,
+        mathSin: math.sin,
+        mathCos: math.cos,
+        plugins,
+        screen: {
+            width: scr[0], height: scr[1],
+            availWidth: scr[2], availHeight: scr[3],
+            colorDepth: scr[4]
+        },
+        lsubidPrefixSignin: pick(LSUBID_PREFIXES),
+        lsubidPrefixProfile: pick(LSUBID_PREFIXES),
+        webpackHash: randInt(0x7fffffff).toString(16).padStart(10, '0').slice(0, 10)
+    };
+}
+var names_1 = require("./names");
+Object.defineProperty(exports, "randomFullName", { enumerable: true, get: function () { return names_1.randomFullName; } });

package/out-server/main/registration/chainProxy.js ADDED Viewed

@@ -0,0 +1,349 @@
+"use strict";
+// 本地中继代理链（Proxy Chaining）
+//
+// 背景：部分目标代理（如 bestproxy）要求「来源 IP 必须为非大陆」，大陆 IP 既不能加白名单也会被拒（610）。
+// 底层 TLS 引擎只支持单层代理，因此这里在本机起一个本地中继，把链路串成：
+//   本机 → 本地中继 → 上游中转(非大陆, upstream) → 目标代理(target, bestproxy) → 目标站点
+// 这样目标代理看到的来源 IP 是上游中转的出口（非大陆），即可通过。
+//
+// 仅实现 HTTP CONNECT 入站（注册全程为 https，足够）；上游中转支持 http / socks5(4)。
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChainProxyRelay = void 0;
+const net_1 = __importDefault(require("net"));
+const socks_1 = require("socks");
+function parseChainProxy(url) {
+    try {
+        const u = new URL(url);
+        const proto = u.protocol.replace(':', '').toLowerCase();
+        let protocol;
+        if (proto === 'http')
+            protocol = 'http';
+        else if (proto === 'https')
+            protocol = 'https';
+        else if (proto === 'socks5' || proto === 'socks5h' || proto === 'socks')
+            protocol = 'socks5';
+        else if (proto === 'socks4' || proto === 'socks4a')
+            protocol = 'socks4';
+        else
+            return null;
+        const port = Number(u.port) || (protocol.startsWith('socks') ? 1080 : 8080);
+        if (!u.hostname)
+            return null;
+        return {
+            protocol,
+            host: u.hostname,
+            port,
+            username: u.username ? decodeURIComponent(u.username) : undefined,
+            password: u.password ? decodeURIComponent(u.password) : undefined
+        };
+    }
+    catch {
+        return null;
+    }
+}
+class ChainProxyRelay {
+    server = null;
+    /** 跟踪所有活跃的入站连接，stop() 时强制销毁，避免 server.close() 等 Keep-Alive 超时（~60s）*/
+    sockets = new Set();
+    upstream;
+    target;
+    log;
+    port = 0;
+    constructor(upstreamUrl, targetUrl, log) {
+        const up = parseChainProxy(upstreamUrl);
+        const tg = parseChainProxy(targetUrl);
+        if (!up)
+            throw new Error(`上游中转代理无效: ${upstreamUrl}`);
+        if (!tg)
+            throw new Error(`目标代理无效: ${targetUrl}`);
+        this.upstream = up;
+        this.target = tg;
+        this.log = log || (() => { });
+    }
+    /** 启动本地中继，返回可直接作为代理使用的 http://127.0.0.1:port */
+    start() {
+        return new Promise((resolve, reject) => {
+            const server = net_1.default.createServer((client) => this.handleClient(client));
+            server.once('error', reject);
+            server.listen(0, '127.0.0.1', () => {
+                const addr = server.address();
+                if (addr && typeof addr === 'object') {
+                    this.port = addr.port;
+                    this.server = server;
+                    server.removeListener('error', reject);
+                    resolve(`http://127.0.0.1:${this.port}`);
+                }
+                else {
+                    reject(new Error('本地中继启动失败：无法获取端口'));
+                }
+            });
+        });
+    }
+    stop() {
+        return new Promise((resolve) => {
+            const srv = this.server;
+            this.server = null;
+            // 强制销毁所有活跃隧道连接：否则 server.close() 会等 DLL Go http.Transport
+            // 的 Keep-Alive 连接自然超时（~60s），导致注册结束后 cleanup 卡住一分钟
+            for (const sock of this.sockets) {
+                try {
+                    sock.destroy();
+                }
+                catch { /* ignore */ }
+            }
+            this.sockets.clear();
+            if (!srv) {
+                resolve();
+                return;
+            }
+            srv.close(() => resolve());
+            // 双保险：500ms 后无论 close 回调是否触发都 resolve
+            setTimeout(resolve, 500);
+        });
+    }
+    handleClient(client) {
+        this.sockets.add(client);
+        client.on('close', () => this.sockets.delete(client));
+        client.on('error', () => client.destroy());
+        client.once('data', (chunk) => {
+            const head = chunk.toString('latin1');
+            const m = head.match(/^CONNECT\s+([^\s:]+):(\d+)\s+HTTP\/1\.[01]/i);
+            if (!m) {
+                client.end('HTTP/1.1 405 Method Not Allowed\r\n\r\n');
+                return;
+            }
+            const host = m[1];
+            const port = Number(m[2]);
+            this.dialChain(host, port)
+                .then((tunnel) => {
+                client.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+                client.pipe(tunnel);
+                tunnel.pipe(client);
+                client.on('close', () => tunnel.destroy());
+                tunnel.on('close', () => client.destroy());
+                tunnel.on('error', () => { client.destroy(); tunnel.destroy(); });
+            })
+                .catch((err) => {
+                this.log(`[ProxyChain] 隧道建立失败: ${err instanceof Error ? err.message : String(err)}`);
+                if (!client.destroyed)
+                    client.end('HTTP/1.1 502 Bad Gateway\r\n\r\n');
+            });
+        });
+    }
+    /** 经上游中转连到目标代理入口，再在该连接上对目标代理做 CONNECT 抵达最终目标 */
+    async dialChain(host, port) {
+        const sock = await this.connectViaUpstream(this.target.host, this.target.port);
+        try {
+            const resp = await this.sendConnectRequest(sock, host, port, this.target);
+            if (resp.status !== 200) {
+                throw new Error(this.formatConnectError('目标代理', resp));
+            }
+        }
+        catch (err) {
+            sock.destroy();
+            throw err;
+        }
+        return sock;
+    }
+    connectViaUpstream(host, port) {
+        if (this.upstream.protocol === 'socks5' || this.upstream.protocol === 'socks4') {
+            return this.connectViaSocks(host, port);
+        }
+        return this.connectViaHttpUpstream(host, port);
+    }
+    connectViaHttpUpstream(host, port) {
+        return new Promise((resolve, reject) => {
+            const sock = net_1.default.connect(this.upstream.port, this.upstream.host);
+            sock.setTimeout(20000);
+            sock.once('timeout', () => { sock.destroy(); reject(new Error('上游中转连接超时')); });
+            sock.once('error', reject);
+            sock.once('connect', () => {
+                sock.setNoDelay(true);
+                this.sendConnectRequest(sock, host, port, this.upstream)
+                    .then((resp) => {
+                    sock.setTimeout(0);
+                    if (resp.status === 200)
+                        resolve(sock);
+                    else {
+                        sock.destroy();
+                        reject(new Error(this.formatConnectError('上游中转', resp)));
+                    }
+                })
+                    .catch((err) => { sock.destroy(); reject(err); });
+            });
+        });
+    }
+    connectViaSocks(host, port) {
+        return new Promise((resolve, reject) => {
+            void socks_1.SocksClient.createConnection({
+                proxy: {
+                    host: this.upstream.host,
+                    port: this.upstream.port,
+                    type: this.upstream.protocol === 'socks4' ? 4 : 5,
+                    userId: this.upstream.username,
+                    password: this.upstream.password
+                },
+                command: 'connect',
+                destination: { host, port },
+                timeout: 20000
+            })
+                .then(({ socket }) => {
+                // socks 包返回的 socket 默认开启了 30s timeout，会在空闲后触发 'end'，导致我们误判为"被对端关闭"
+                socket.setTimeout(0);
+                socket.setNoDelay(true);
+                socket.setKeepAlive(true, 30000);
+                resolve(socket);
+            })
+                .catch((err) => reject(err));
+        });
+    }
+    /**
+     * 通用 CONNECT：发送请求 + 解析响应。
+     *
+     * 关键容错：
+     *   - 部分代理返回错误时只发状态行就 close，**不补 \r\n\r\n**（如 bestproxy 的 610），
+     *     旧实现会等空行等到 FIN 触发 'end' 然后误报「代理连接被对端关闭」，错误状态码被丢。
+     *     新实现：'end' 事件触发时若 buf 已含状态行，尽力解析；只有空 buf 才报「关闭」。
+     *   - 附带常见兼容头（Proxy-Connection / User-Agent），减少代理服务端的策略性拒绝。
+     */
+    sendConnectRequest(sock, host, port, auth) {
+        return new Promise((resolve, reject) => {
+            const lines = [
+                `CONNECT ${host}:${port} HTTP/1.1`,
+                `Host: ${host}:${port}`,
+                'Proxy-Connection: keep-alive',
+                'User-Agent: Mozilla/5.0'
+            ];
+            if (auth.username) {
+                const b64 = Buffer.from(`${auth.username}:${auth.password || ''}`).toString('base64');
+                lines.push(`Proxy-Authorization: Basic ${b64}`);
+            }
+            const req = lines.join('\r\n') + '\r\n\r\n';
+            this.readHttpResponse(sock).then(resolve, reject);
+            sock.write(req);
+        });
+    }
+    /** 读取 HTTP 响应：直到 \r\n\r\n 完整、或对端关闭/出错时尽力解析。返回结构化结果。 */
+    readHttpResponse(sock) {
+        return new Promise((resolve, reject) => {
+            let buf = '';
+            const cleanup = () => {
+                sock.removeListener('data', onData);
+                sock.removeListener('error', onErr);
+                sock.removeListener('end', onEnd);
+                sock.removeListener('close', onEnd);
+            };
+            const parse = (raw) => {
+                const nlIdx = raw.indexOf('\r\n');
+                if (nlIdx < 0)
+                    return null;
+                const statusLine = raw.slice(0, nlIdx);
+                const m = statusLine.match(/^HTTP\/1\.[01]\s+(\d{3})\s*(.*)$/);
+                if (!m)
+                    return null;
+                const status = Number(m[1]);
+                const statusText = m[2] || '';
+                const sep = raw.indexOf('\r\n\r\n');
+                const headersEnd = sep >= 0 ? sep : raw.length;
+                const headersRaw = raw.slice(nlIdx + 2, headersEnd);
+                const bodySnippet = sep >= 0 ? raw.slice(sep + 4, sep + 4 + 200) : '';
+                return { status, statusText, headersRaw, bodySnippet };
+            };
+            const finish = (raw, viaClose) => {
+                cleanup();
+                const parsed = parse(raw);
+                if (parsed) {
+                    if (parsed.status === 200 && raw.indexOf('\r\n\r\n') >= 0) {
+                        const sep = raw.indexOf('\r\n\r\n');
+                        const rest = raw.slice(sep + 4);
+                        if (rest.length > 0)
+                            sock.unshift(Buffer.from(rest, 'latin1'));
+                    }
+                    resolve(parsed);
+                }
+                else if (viaClose) {
+                    reject(new Error(raw ? `代理返回不可解析: ${raw.slice(0, 120)}` : '代理连接被对端关闭（无任何响应）'));
+                }
+            };
+            const onData = (d) => {
+                buf += d.toString('latin1');
+                const sep = buf.indexOf('\r\n\r\n');
+                if (sep >= 0)
+                    finish(buf, false);
+            };
+            const onErr = (err) => { cleanup(); reject(err); };
+            const onEnd = () => finish(buf, true);
+            sock.on('data', onData);
+            sock.once('error', onErr);
+            sock.once('end', onEnd);
+            sock.once('close', onEnd);
+        });
+    }
+    formatConnectError(stage, resp) {
+        const suffix = resp.bodySnippet ? ` body=${resp.bodySnippet.replace(/[\r\n]/g, ' ').slice(0, 120)}` : '';
+        return `${stage} CONNECT 失败: HTTP ${resp.status} ${resp.statusText}${suffix}`;
+    }
+    /**
+     * 分阶段诊断：
+     *   A) 上游中转 TCP 连通
+     *   B) 经上游 CONNECT 到目标代理入口
+     *   C) 经完整链路 CONNECT 到 testHost:testPort
+     * 不依赖本地 server，独立可用；定位问题精确到哪一层。
+     */
+    async diagnose(testHost = 'www.gstatic.com', testPort = 443) {
+        const result = { upstreamReachable: false, targetReachable: false };
+        const t0 = Date.now();
+        try {
+            await this.tcpProbe(this.upstream.host, this.upstream.port, 8000);
+            result.upstreamReachable = true;
+            result.upstreamRtMs = Date.now() - t0;
+        }
+        catch (err) {
+            result.upstreamError = err instanceof Error ? err.message : String(err);
+            return result;
+        }
+        const t1 = Date.now();
+        let chainSock = null;
+        try {
+            chainSock = await this.connectViaUpstream(this.target.host, this.target.port);
+            result.targetReachable = true;
+            result.targetRtMs = Date.now() - t1;
+        }
+        catch (err) {
+            result.targetError = err instanceof Error ? err.message : String(err);
+            return result;
+        }
+        const t2 = Date.now();
+        try {
+            const resp = await this.sendConnectRequest(chainSock, testHost, testPort, this.target);
+            result.targetStatus = resp.status;
+            result.targetStatusText = resp.statusText;
+            result.targetBodySnippet = resp.bodySnippet;
+            result.endToEndOk = resp.status === 200;
+            result.endToEndRtMs = Date.now() - t2;
+            if (resp.status !== 200) {
+                result.endToEndError = `目标代理拒绝: HTTP ${resp.status} ${resp.statusText}`;
+            }
+        }
+        catch (err) {
+            result.endToEndOk = false;
+            result.endToEndError = err instanceof Error ? err.message : String(err);
+        }
+        finally {
+            chainSock.destroy();
+        }
+        return result;
+    }
+    tcpProbe(host, port, timeoutMs) {
+        return new Promise((resolve, reject) => {
+            const sock = net_1.default.connect(port, host);
+            const timer = setTimeout(() => { sock.destroy(); reject(new Error(`TCP 连接超时 ${host}:${port}`)); }, timeoutMs);
+            sock.once('connect', () => { clearTimeout(timer); sock.destroy(); resolve(); });
+            sock.once('error', (err) => { clearTimeout(timer); reject(err); });
+        });
+    }
+}
+exports.ChainProxyRelay = ChainProxyRelay;

package/out-server/main/registration/config.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.genPassword = genPassword;
+exports.newConfig = newConfig;
+const browser_identity_1 = require("./browser-identity");
+function genPassword() {
+    const upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    const lower = 'abcdefghijklmnopqrstuvwxyz';
+    const digits = '0123456789';
+    const special = '!@#$%^&*';
+    let pw = '';
+    for (let i = 0; i < 3; i++)
+        pw += upper[Math.floor(Math.random() * upper.length)];
+    for (let i = 0; i < 6; i++)
+        pw += lower[Math.floor(Math.random() * lower.length)];
+    for (let i = 0; i < 3; i++)
+        pw += digits[Math.floor(Math.random() * digits.length)];
+    for (let i = 0; i < 2; i++)
+        pw += special[Math.floor(Math.random() * special.length)];
+    const arr = pw.split('');
+    for (let i = arr.length - 1; i > 0; i--) {
+        const j = Math.floor(Math.random() * (i + 1));
+        [arr[i], arr[j]] = [arr[j], arr[i]];
+    }
+    return arr.join('');
+}
+function newConfig(overrides) {
+    return {
+        oidcBase: 'https://oidc.us-east-1.amazonaws.com',
+        signinBase: 'https://us-east-1.signin.aws',
+        profileBase: 'https://profile.aws.amazon.com',
+        viewBase: 'https://view.awsapps.com',
+        portalBase: 'https://portal.sso.us-east-1.amazonaws.com',
+        directoryId: 'd-9067642ac7',
+        startURL: 'https://view.awsapps.com/start',
+        password: genPassword(),
+        fullName: (0, browser_identity_1.randomFullName)(),
+        proxy: '',
+        upstreamProxy: '',
+        strictProxy: false,
+        moEmailBaseURL: '',
+        moEmailAPIKey: '',
+        useOutlook: false,
+        outlookData: '',
+        useTempMailPlus: false,
+        tempMailPlusEmail: '',
+        tempMailPlusEpin: '',
+        tempMailPlusDomain: '',
+        useTingamefiMail: false,
+        tingamefiMailApiUrl: 'https://temp-email-worker.thienp1301.workers.dev',
+        tingamefiMailAdminPassword: '',
+        tingamefiMailDomain: 'mail.tingamefi.com',
+        useProton: false,
+        protonEmail: '',
+        manualMode: false,
+        ...overrides
+    };
+}