@lightharu/krouter 1.8.0

package/out-server/main/kproxy/mitmProxy.js

@@ -0,0 +1,475 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MitmProxy = void 0;
+// K-Proxy MITM 代理核心
+const http = __importStar(require("http"));
+const net = __importStar(require("net"));
+const tls = __importStar(require("tls"));
+const url = __importStar(require("url"));
+// Machine ID 正则匹配模式（64位十六进制）
+const MACHINE_ID_REGEX = /[a-f0-9]{64}/gi;
+// 支持两种格式：KiroIDE-0.6.18-{machineId} 或 KiroIDE 0.6.18 {machineId}
+const KIRO_UA_REGEX = /KiroIDE[-\s][\d.]+[-\s]([a-f0-9]{64})/i;
+/**
+ * K-Proxy MITM 代理服务器
+ */
+class MitmProxy {
+    server = null;
+    certManager;
+    config;
+    stats;
+    events;
+    tlsServers = new Map();
+    /** 跟踪所有 CONNECT 隧道客户端连接，stop() 时强制销毁，避免 server.close() 等 Keep-Alive 超时 */
+    sockets = new Set();
+    constructor(certManager, config, events = {}) {
+        this.certManager = certManager;
+        this.config = config;
+        this.events = events;
+        this.stats = {
+            totalRequests: 0,
+            mitmRequests: 0,
+            bypassRequests: 0,
+            modifiedRequests: 0,
+            startTime: 0,
+            lastRequestTime: 0
+        };
+    }
+    /**
+     * 启动代理服务器
+     */
+    async start() {
+        if (this.server) {
+            console.log('[MitmProxy] Server already running');
+            return;
+        }
+        return new Promise((resolve, reject) => {
+            this.server = http.createServer((req, res) => {
+                this.handleHttpRequest(req, res);
+            });
+            // 处理 CONNECT 请求（HTTPS 隧道）
+            this.server.on('connect', (req, clientSocket, head) => {
+                this.handleConnect(req, clientSocket, head);
+            });
+            this.server.on('error', (error) => {
+                if (error.code === 'EADDRINUSE') {
+                    console.error(`[MitmProxy] Port ${this.config.port} is already in use`);
+                    reject(new Error(`Port ${this.config.port} is already in use`));
+                }
+                else {
+                    console.error('[MitmProxy] Server error:', error);
+                    this.events.onError?.(error);
+                    reject(error);
+                }
+            });
+            this.server.listen(this.config.port, this.config.host, () => {
+                console.log(`[MitmProxy] Started on ${this.config.host}:${this.config.port}`);
+                this.stats.startTime = Date.now();
+                this.events.onStatusChange?.(true, this.config.port);
+                resolve();
+            });
+        });
+    }
+    /**
+     * 停止代理服务器
+     */
+    async stop() {
+        if (!this.server) {
+            return;
+        }
+        // 关闭所有 TLS 服务器
+        for (const [_host, tlsServer] of this.tlsServers) {
+            try {
+                tlsServer.close();
+            }
+            catch { /* ignore */ }
+        }
+        this.tlsServers.clear();
+        // 强制销毁所有活跃隧道连接：否则 server.close() 会等 Keep-Alive 连接自然超时（~60s）
+        for (const sock of this.sockets) {
+            try {
+                sock.destroy();
+            }
+            catch { /* ignore */ }
+        }
+        this.sockets.clear();
+        const srv = this.server;
+        this.server = null;
+        return new Promise((resolve) => {
+            const finish = () => {
+                console.log('[MitmProxy] Stopped');
+                this.events.onStatusChange?.(false, this.config.port);
+                resolve();
+            };
+            srv.close(() => finish());
+            // 双保险：1 秒后无论 close 回调是否触发都 resolve
+            setTimeout(finish, 1000);
+        });
+    }
+    /**
+     * 处理 HTTP 请求
+     */
+    handleHttpRequest(req, res) {
+        this.stats.totalRequests++;
+        this.stats.lastRequestTime = Date.now();
+        const targetUrl = url.parse(req.url || '');
+        const options = {
+            hostname: targetUrl.hostname,
+            port: targetUrl.port || 80,
+            path: targetUrl.path,
+            method: req.method,
+            headers: req.headers
+        };
+        const proxyReq = http.request(options, (proxyRes) => {
+            res.writeHead(proxyRes.statusCode || 200, proxyRes.headers);
+            proxyRes.pipe(res);
+        });
+        proxyReq.on('error', (error) => {
+            console.error('[MitmProxy] HTTP proxy error:', error);
+            res.writeHead(502);
+            res.end('Bad Gateway');
+        });
+        req.pipe(proxyReq);
+    }
+    /**
+     * 处理 CONNECT 请求（HTTPS 隧道）
+     */
+    handleConnect(req, clientSocket, head) {
+        // 跟踪隧道连接，stop() 时强制断开
+        this.sockets.add(clientSocket);
+        clientSocket.once('close', () => this.sockets.delete(clientSocket));
+        this.stats.totalRequests++;
+        this.stats.lastRequestTime = Date.now();
+        const [hostname, portStr] = (req.url || '').split(':');
+        const port = parseInt(portStr, 10) || 443;
+        // 检查是否需要 MITM
+        const shouldMitm = this.shouldMitm(hostname);
+        if (shouldMitm) {
+            this.stats.mitmRequests++;
+            this.handleMitmConnect(hostname, port, clientSocket, head);
+        }
+        else {
+            this.stats.bypassRequests++;
+            this.handleDirectConnect(hostname, port, clientSocket, head);
+        }
+    }
+    /**
+     * 检查域名是否需要 MITM
+     */
+    shouldMitm(hostname) {
+        for (const domain of this.config.mitmDomains) {
+            if (hostname.includes(domain)) {
+                if (this.config.logRequests) {
+                    console.log(`[MitmProxy] MITM: ${hostname} matches ${domain}`);
+                }
+                return true;
+            }
+        }
+        if (this.config.logRequests) {
+            console.log(`[MitmProxy] Bypass: ${hostname}`);
+        }
+        return false;
+    }
+    /**
+     * 直接转发连接（不解密）
+     */
+    handleDirectConnect(hostname, port, clientSocket, head) {
+        const serverSocket = net.connect(port, hostname, () => {
+            clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+            serverSocket.write(head);
+            serverSocket.pipe(clientSocket);
+            clientSocket.pipe(serverSocket);
+        });
+        serverSocket.on('error', (error) => {
+            console.error(`[MitmProxy] Direct connect error to ${hostname}:${port}:`, error.message);
+            clientSocket.end();
+        });
+        clientSocket.on('error', (error) => {
+            console.error(`[MitmProxy] Client socket error:`, error.message);
+            serverSocket.end();
+        });
+    }
+    /**
+     * MITM 拦截连接
+     */
+    handleMitmConnect(hostname, port, clientSocket, _head) {
+        try {
+            // 为目标域名生成证书
+            const { cert, key } = this.certManager.generateCertForHost(hostname);
+            // 创建 TLS 连接选项
+            const tlsOptions = {
+                key,
+                cert
+            };
+            // 通知客户端连接已建立
+            clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+            // 创建 TLS 连接
+            const tlsSocket = new tls.TLSSocket(clientSocket, {
+                ...tlsOptions,
+                isServer: true
+            });
+            // 处理 TLS 错误
+            tlsSocket.on('error', (error) => {
+                console.error(`[MitmProxy] TLS error for ${hostname}:`, error.message);
+                clientSocket.end();
+            });
+            // 处理解密后的请求
+            this.handleDecryptedConnection(tlsSocket, hostname, port);
+        }
+        catch (error) {
+            console.error(`[MitmProxy] MITM setup error for ${hostname}:`, error);
+            clientSocket.end();
+        }
+    }
+    /**
+     * 处理解密后的 HTTPS 连接
+     */
+    handleDecryptedConnection(clientSocket, hostname, port) {
+        let requestData = '';
+        let headersParsed = false;
+        let contentLength = 0;
+        let bodyReceived = 0;
+        let modifiedHeaders = '';
+        let requestInfo = null;
+        clientSocket.on('data', (chunk) => {
+            if (!headersParsed) {
+                requestData += chunk.toString();
+                const headerEnd = requestData.indexOf('\r\n\r\n');
+                if (headerEnd !== -1) {
+                    headersParsed = true;
+                    const headers = requestData.substring(0, headerEnd);
+                    const body = requestData.substring(headerEnd + 4);
+                    // 解析并修改请求头
+                    const { modified, newHeaders, info } = this.modifyHeaders(headers, hostname);
+                    modifiedHeaders = newHeaders;
+                    requestInfo = info;
+                    // 记录请求
+                    if (requestInfo) {
+                        this.events.onRequest?.(requestInfo);
+                        this.events.onMitmIntercept?.(hostname, modified);
+                    }
+                    // 获取 Content-Length
+                    const clMatch = headers.match(/content-length:\s*(\d+)/i);
+                    if (clMatch) {
+                        contentLength = parseInt(clMatch[1], 10);
+                    }
+                    // 替换 body 中的 machineId
+                    const modifiedBody = this.modifyBody(body);
+                    if (modifiedBody !== body) {
+                        // body 长度变了，更新 Content-Length
+                        const newLength = contentLength - Buffer.byteLength(body) + Buffer.byteLength(modifiedBody);
+                        modifiedHeaders = modifiedHeaders.replace(/content-length:\s*\d+/i, `content-length: ${newLength}`);
+                        contentLength = newLength;
+                    }
+                    bodyReceived = Buffer.byteLength(modifiedBody);
+                    // 转发请求到目标服务器
+                    this.forwardRequest(modifiedHeaders, modifiedBody, hostname, port, clientSocket, contentLength, bodyReceived);
+                }
+            }
+        });
+        clientSocket.on('error', (error) => {
+            console.error(`[MitmProxy] Decrypted connection error:`, error.message);
+        });
+    }
+    /**
+     * 替换请求体中的 Machine ID
+     */
+    modifyBody(body) {
+        const targetDeviceId = this.config.deviceId;
+        if (!targetDeviceId || !body)
+            return body;
+        // 只在 body 中包含 64 位十六进制时才替换（避免误伤无关内容）
+        if (!MACHINE_ID_REGEX.test(body))
+            return body;
+        MACHINE_ID_REGEX.lastIndex = 0;
+        const result = body.replace(MACHINE_ID_REGEX, (match) => {
+            // 不替换已经是目标 ID 的
+            if (match.toLowerCase() === targetDeviceId.toLowerCase())
+                return match;
+            if (this.config.logRequests) {
+                console.log(`[MitmProxy] Replaced Machine ID in body: ${match.substring(0, 16)}... -> ${targetDeviceId.substring(0, 16)}...`);
+            }
+            return targetDeviceId;
+        });
+        MACHINE_ID_REGEX.lastIndex = 0;
+        return result;
+    }
+    /**
+     * 修改请求头（替换 Machine ID）
+     */
+    modifyHeaders(headers, hostname) {
+        const lines = headers.split('\r\n');
+        const firstLine = lines[0];
+        const [method, path] = firstLine.split(' ');
+        let modified = false;
+        let originalDeviceId;
+        let newDeviceId;
+        const targetDeviceId = this.config.deviceId;
+        const info = {
+            timestamp: Date.now(),
+            method: method || 'UNKNOWN',
+            host: hostname,
+            path: path || '/',
+            isMitm: true,
+            deviceIdReplaced: false
+        };
+        if (!targetDeviceId) {
+            return { modified: false, newHeaders: headers, info };
+        }
+        const modifiedLines = lines.map((line) => {
+            const lowerLine = line.toLowerCase();
+            // 检查 user-agent 和 x-amz-user-agent
+            if (lowerLine.startsWith('user-agent:') || lowerLine.startsWith('x-amz-user-agent:')) {
+                const match = line.match(KIRO_UA_REGEX);
+                if (match) {
+                    originalDeviceId = match[1];
+                    const newLine = line.replace(MACHINE_ID_REGEX, targetDeviceId);
+                    if (newLine !== line) {
+                        modified = true;
+                        newDeviceId = targetDeviceId;
+                        if (this.config.logRequests) {
+                            console.log(`[MitmProxy] Replaced Machine ID in ${line.split(':')[0]}`);
+                            console.log(`  Original: ${originalDeviceId?.substring(0, 16)}...`);
+                            console.log(`  New: ${targetDeviceId.substring(0, 16)}...`);
+                        }
+                        return newLine;
+                    }
+                }
+            }
+            return line;
+        });
+        if (modified) {
+            this.stats.modifiedRequests++;
+            info.deviceIdReplaced = true;
+            info.originalDeviceId = originalDeviceId;
+            info.newDeviceId = newDeviceId;
+        }
+        return {
+            modified,
+            newHeaders: modifiedLines.join('\r\n'),
+            info
+        };
+    }
+    /**
+     * 转发请求到目标服务器
+     */
+    forwardRequest(headers, initialBody, hostname, port, clientSocket, contentLength, bodyReceived) {
+        const startTime = Date.now();
+        // 连接到目标服务器
+        const serverSocket = tls.connect({
+            host: hostname,
+            port,
+            servername: hostname,
+            rejectUnauthorized: true
+        }, () => {
+            // 发送修改后的请求头
+            serverSocket.write(headers + '\r\n\r\n');
+            // 发送已接收的请求体
+            if (initialBody) {
+                serverSocket.write(initialBody);
+            }
+            // 如果还有更多数据，继续转发
+            if (bodyReceived < contentLength) {
+                clientSocket.on('data', (chunk) => {
+                    serverSocket.write(chunk);
+                    bodyReceived += chunk.length;
+                });
+            }
+        });
+        // 将响应转发回客户端
+        serverSocket.on('data', (chunk) => {
+            clientSocket.write(chunk);
+        });
+        serverSocket.on('end', () => {
+            const duration = Date.now() - startTime;
+            this.events.onResponse?.({
+                timestamp: Date.now(),
+                host: hostname,
+                statusCode: 200,
+                duration
+            });
+            clientSocket.end();
+        });
+        serverSocket.on('error', (error) => {
+            console.error(`[MitmProxy] Server connection error to ${hostname}:`, error.message);
+            clientSocket.end();
+        });
+        clientSocket.on('end', () => {
+            serverSocket.end();
+        });
+        clientSocket.on('error', () => {
+            serverSocket.end();
+        });
+    }
+    /**
+     * 更新配置
+     */
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * 获取配置
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * 获取统计信息
+     */
+    getStats() {
+        return { ...this.stats };
+    }
+    /**
+     * 重置统计
+     */
+    resetStats() {
+        this.stats = {
+            totalRequests: 0,
+            mitmRequests: 0,
+            bypassRequests: 0,
+            modifiedRequests: 0,
+            startTime: this.stats.startTime,
+            lastRequestTime: 0
+        };
+    }
+    /**
+     * 检查是否运行中
+     */
+    isRunning() {
+        return this.server !== null;
+    }
+}
+exports.MitmProxy = MitmProxy;

package/out-server/main/kproxy/types.js

@@ -0,0 +1,23 @@
+"use strict";
+// K-Proxy 类型定义
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_KPROXY_CONFIG = exports.DEFAULT_MITM_DOMAINS = void 0;
+/**
+ * 默认 MITM 域名白名单
+ */
+exports.DEFAULT_MITM_DOMAINS = [
+    'amazonaws.com',
+    'amazon.com',
+    'kiro.dev'
+];
+/**
+ * 默认 K-Proxy 配置
+ */
+exports.DEFAULT_KPROXY_CONFIG = {
+    enabled: false,
+    port: 8899,
+    host: '127.0.0.1',
+    mitmDomains: exports.DEFAULT_MITM_DOMAINS,
+    autoStart: false,
+    logRequests: true
+};