arn-browser 0.1.19 → 0.1.21

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "arn-browser",
-	"version": "0.1.19",
+	"version": "0.1.21",
 	"description": "A lightweight, browser autmation helper.",
 	"main": "src/index.js",
 	"types": "src/index.d.ts",

package/src/utility/playwright/routes/pwRoute.d.ts

@@ -32,9 +32,12 @@ export interface PwRouteOptions {
 	/** Enable caching for requests */
 	useCache?: boolean;
 
-	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: false) */
+	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: true) */
 	stripGotHeaders?: boolean;
 
+	/** Log stripped headers to console for debugging (default: false) */
+	stripGotLogger?: boolean;
+
 	/**
 	 * Proxy for custom fetch requests (only used when useGot is true).
 	 * String: "http://host:port", "socks5://user:pass@host:port"

package/src/utility/playwright/routes/pwRoute.js

@@ -75,10 +75,21 @@ function createProxyAgent(proxyUrl) {
  * Strips sensitive headers from outgoing request headers.
  * Removes cookie and authorization to prevent session/IP correlation.
  */
-function sanitizeRequestHeaders(headers) {
+function sanitizeRequestHeaders(headers, logger, url) {
 	const cleaned = { ...headers };
-	delete cleaned["cookie"];
-	delete cleaned["authorization"];
+	const stripped = [];
+	// Remove known auth headers
+	if (cleaned["cookie"]) { stripped.push("cookie"); delete cleaned["cookie"]; }
+	if (cleaned["authorization"]) { stripped.push("authorization"); delete cleaned["authorization"]; }
+	// Remove any header containing auth/token/csrf keywords
+	for (const key of Object.keys(cleaned)) {
+		const lower = key.toLowerCase();
+		if (lower.includes("token") || lower.includes("csrf") || lower.includes("auth")) {
+			stripped.push(key);
+			delete cleaned[key];
+		}
+	}
+	if (logger && stripped.length) console.log(`[stripGot] Request stripped: [${stripped.join(", ")}] → ${url}`);
 	return cleaned;
 }
 
@@ -87,15 +98,18 @@ function sanitizeRequestHeaders(headers) {
  * - Replaces access-control-allow-origin with * (if present)
  * - Removes access-control-allow-credentials, set-cookie, CSP, HSTS
  */
-function sanitizeResponseHeaders(headers) {
+function sanitizeResponseHeaders(headers, logger, url) {
 	const cleaned = { ...headers };
+	const changes = [];
 	if (cleaned["access-control-allow-origin"]) {
+		changes.push(`access-control-allow-origin: ${cleaned["access-control-allow-origin"]} → *`);
 		cleaned["access-control-allow-origin"] = "*";
 	}
-	delete cleaned["access-control-allow-credentials"];
-	delete cleaned["set-cookie"];
-	delete cleaned["content-security-policy"];
-	delete cleaned["strict-transport-security"];
+	if (cleaned["access-control-allow-credentials"]) { changes.push("access-control-allow-credentials"); delete cleaned["access-control-allow-credentials"]; }
+	if (cleaned["set-cookie"]) { changes.push("set-cookie"); delete cleaned["set-cookie"]; }
+	if (cleaned["content-security-policy"]) { changes.push("content-security-policy"); delete cleaned["content-security-policy"]; }
+	if (cleaned["strict-transport-security"]) { changes.push("strict-transport-security"); delete cleaned["strict-transport-security"]; }
+	if (logger && changes.length) console.log(`[stripGot] Response stripped: [${changes.join(", ")}] → ${url}`);
 	return cleaned;
 }
 
@@ -110,9 +124,10 @@ function sanitizeResponseHeaders(headers) {
  * @param {string|false} logger - Log level: "info" (success+error), "error" (errors only), false (no logs)
  * @param {Object|null} proxyAgent - Proxy agent to use for the request
  * @param {boolean} stripHeaders - Whether to sanitize request/response headers
+ * @param {boolean} stripLogger - Whether to log stripped headers
  * @returns {Promise<Object>} - The response object containing status, headers, and body
  */
-async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders) {
+async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders, stripLogger) {
 	// Determine the cache key based on configuration
 	let mainUrl = new URL(url).origin + new URL(url).pathname;
 	if (useFullUrl) {
@@ -132,7 +147,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 
 	try {
 		// Sanitize outgoing request headers if stripHeaders is enabled
-		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders) : requestHeaders;
+		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders, stripLogger, url) : requestHeaders;
 
 		// Fetch the resource using superagent
 		// buffer(true) ensures we get the raw binary data (essential for images/fonts)
@@ -149,7 +164,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 		const responseBody = response.body instanceof Buffer ? response.body : response.text;
 
 		// Sanitize response headers if stripHeaders is enabled
-		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers) : response.headers;
+		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers, stripLogger, url) : response.headers;
 
 		// Save to cache only when caching is enabled
 		if (useCache) {
@@ -201,6 +216,7 @@ export async function pwRoute({
 	useFullUrl = true,
 	useCache = true,
 	stripGotHeaders = true,
+	stripGotLogger = false,
 	proxy = null,
 	m4w_send_on_post = null,
 	m4w_send_on_message = null,
@@ -394,7 +410,8 @@ export async function pwRoute({
 					useFullUrl,
 					logger,
 					proxyAgent,
-					stripGotHeaders
+					stripGotHeaders,
+					stripGotLogger
 				);
 
 				if (response) {

package/src/utility/proxy-utility/proxy-chain.js

@@ -235,10 +235,10 @@ export async function startProxyServer({
 
 	// 5. Stats
 	const stats = {
-		DEFAULT_PROXY: { request: 0, Tx: 0, Rx: 0 },
-		NO_PROXY: { request: 0, Tx: 0, Rx: 0 },
-		PROXY_1: { request: 0, Tx: 0, Rx: 0 },
-		PROXY_2: { request: 0, Tx: 0, Rx: 0 },
+		DEFAULT_PROXY: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		NO_PROXY: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		PROXY_1: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		PROXY_2: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
 	};
 	// hostStatsMap is now categorized by proxy type
 	const hostStatsMap = {
@@ -301,7 +301,7 @@ export async function startProxyServer({
 				// Ensure the type exists in map (it should, but safety first)
 				if (!hostStatsMap[proxyType]) hostStatsMap[proxyType] = {};
 				if (!hostStatsMap[proxyType][hostname]) {
-					hostStatsMap[proxyType][hostname] = { req: 0, Tx: 0, Rx: 0 };
+					hostStatsMap[proxyType][hostname] = { req: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 };
 				}
 				hostStatsMap[proxyType][hostname].req++;
 			}
@@ -320,17 +320,26 @@ export async function startProxyServer({
 
 	server.on("connectionClosed", ({ connectionId, stats: connStats }) => {
 		const connectionInfo = connectionMap[connectionId];
-		if (connectionInfo) {
+		if (connectionInfo && connStats) {
 			const { type, hostname } = connectionInfo;
+			const srcTx = connStats.srcTxBytes || 0;
+			const srcRx = connStats.srcRxBytes || 0;
+			const trgTx = connStats.trgTxBytes || 0;
+			const trgRx = connStats.trgRxBytes || 0;
+
 			if (proxy_stats && stats[type]) {
 				stats[type].request++;
-				stats[type].Tx += connStats.srcTxBytes;
-				stats[type].Rx += connStats.srcRxBytes;
+				stats[type].srcTx += srcTx;
+				stats[type].srcRx += srcRx;
+				stats[type].trgTx += trgTx;
+				stats[type].trgRx += trgRx;
 			}
-			// Update host stats with Tx/Rx on connection close
+			// Update host stats
 			if (host_stats && hostname && hostStatsMap[type] && hostStatsMap[type][hostname]) {
-				hostStatsMap[type][hostname].Tx += connStats.srcTxBytes;
-				hostStatsMap[type][hostname].Rx += connStats.srcRxBytes;
+				hostStatsMap[type][hostname].srcTx += srcTx;
+				hostStatsMap[type][hostname].srcRx += srcRx;
+				hostStatsMap[type][hostname].trgTx += trgTx;
+				hostStatsMap[type][hostname].trgRx += trgRx;
 			}
 		}
 		delete connectionMap[connectionId];
@@ -345,15 +354,21 @@ export async function startProxyServer({
 		return null;
 	}
 
-	const formatBytes = (bytes) => (bytes / 1024 / 1024).toFixed(3);
+	const formatBytes = (bytes) => {
+		if (bytes < 1024) return bytes + " B";
+		if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(2) + " KB";
+		return (bytes / (1024 * 1024)).toFixed(3) + " MB";
+	};
 
 	const getProxyStatsFormatted = () => {
 		const formatted = {};
 		for (const [key, val] of Object.entries(stats)) {
 			formatted[key] = {
 				req: val.request,
-				Tx: formatBytes(val.Tx) + " MB",
-				Rx: formatBytes(val.Rx) + " MB",
+				sTx: formatBytes(val.srcTx),
+				sRx: formatBytes(val.srcRx),
+				tTx: formatBytes(val.trgTx),
+				tRx: formatBytes(val.trgRx),
 			};
 		}
 		return formatted;
@@ -361,20 +376,20 @@ export async function startProxyServer({
 
 	const getHostStatsFormatted = () => {
 		const result = {};
-		// Iterate over each proxy category
 		for (const [type, hosts] of Object.entries(hostStatsMap)) {
 			const sortedHosts = Object.entries(hosts)
-				.sort((a, b) => b[1].req - a[1].req) // Sort by request count descending
+				.sort((a, b) => b[1].req - a[1].req)
 				.reduce((acc, [host, hostData]) => {
 					acc[host] = {
 						req: hostData.req,
-						Tx: formatBytes(hostData.Tx) + " MB",
-						Rx: formatBytes(hostData.Rx) + " MB",
+						sTx: formatBytes(hostData.srcTx),
+						sRx: formatBytes(hostData.srcRx),
+						tTx: formatBytes(hostData.trgTx),
+						tRx: formatBytes(hostData.trgRx),
 					};
 					return acc;
 				}, {});
 
-			// Only include categories that have traffic
 			if (Object.keys(sortedHosts).length > 0) {
 				result[type] = sortedHosts;
 			}
@@ -406,16 +421,34 @@ export async function startProxyServer({
 		isServerRunning: () => serverRunning,
 
 		closeServer: async () => {
-			// Close the server — triggers connectionClosed events which accumulate byte stats
+			// Close the server — triggers socket destroys
 			await server.close(true);
 			serverRunning = false;
 
-			// Log stats AFTER close so all connectionClosed events have fired
+			// Wait up to 2000ms (2 seconds) for all async 'connectionClosed' events to fire
+			// When sockets are destroyed, their 'close' events happen asynchronously
+			let maxWait = 200; // 200 * 10ms = 2000ms
+			while (Object.keys(connectionMap).length > 0 && maxWait > 0) {
+				await new Promise((resolve) => setTimeout(resolve, 10));
+				maxWait--;
+			}
+
+			// Log stats AFTER close so all connectionClosed events have accumulated bytes
 			if (proxy_stats) {
-				console.log("░░ Proxy Stats:", getProxyStatsFormatted());
+				console.log("\n░░ Proxy Stats:");
+				for (const [type, data] of Object.entries(getProxyStatsFormatted())) {
+					console.log(`  ${type}: { req: ${data.req}, sTx: '${data.sTx}', sRx: '${data.sRx}', tTx: '${data.tTx}', tRx: '${data.tRx}' }`);
+				}
 			}
 			if (host_stats) {
-				console.log("░░ Host Stats:", getHostStatsFormatted());
+				console.log("░░ Host Stats:");
+				for (const [type, hosts] of Object.entries(getHostStatsFormatted())) {
+					console.log(`  ${type}: {`);
+					for (const [host, data] of Object.entries(hosts)) {
+						console.log(`    '${host}': { req: ${data.req}, sTx: '${data.sTx}', sRx: '${data.sRx}', tTx: '${data.tTx}', tRx: '${data.tRx}' }`);
+					}
+					console.log(`  }`);
+				}
 			}
 
 			console.log("░░ Proxy server closed.");

package/src/utility/puppeteer/routes/ppRoute.d.ts

@@ -29,9 +29,12 @@ export interface PpRouteOptions {
 	/** Enable caching for requests */
 	useCache?: boolean;
 
-	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: false) */
+	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: true) */
 	stripGotHeaders?: boolean;
 
+	/** Log stripped headers to console for debugging (default: false) */
+	stripGotLogger?: boolean;
+
 	/**
 	 * Proxy for custom fetch requests (only used when useGot is true).
 	 * String: "http://host:port", "socks5://user:pass@host:port"

package/src/utility/puppeteer/routes/ppRoute.js

@@ -75,10 +75,21 @@ function createProxyAgent(proxyUrl) {
  * Strips sensitive headers from outgoing request headers.
  * Removes cookie and authorization to prevent session/IP correlation.
  */
-function sanitizeRequestHeaders(headers) {
+function sanitizeRequestHeaders(headers, logger, url) {
 	const cleaned = { ...headers };
-	delete cleaned["cookie"];
-	delete cleaned["authorization"];
+	const stripped = [];
+	// Remove known auth headers
+	if (cleaned["cookie"]) { stripped.push("cookie"); delete cleaned["cookie"]; }
+	if (cleaned["authorization"]) { stripped.push("authorization"); delete cleaned["authorization"]; }
+	// Remove any header containing auth/token/csrf keywords
+	for (const key of Object.keys(cleaned)) {
+		const lower = key.toLowerCase();
+		if (lower.includes("token") || lower.includes("csrf") || lower.includes("auth")) {
+			stripped.push(key);
+			delete cleaned[key];
+		}
+	}
+	if (logger && stripped.length) console.log(`[stripGot] Request stripped: [${stripped.join(", ")}] → ${url}`);
 	return cleaned;
 }
 
@@ -87,15 +98,18 @@ function sanitizeRequestHeaders(headers) {
  * - Replaces access-control-allow-origin with * (if present)
  * - Removes access-control-allow-credentials, set-cookie, CSP, HSTS
  */
-function sanitizeResponseHeaders(headers) {
+function sanitizeResponseHeaders(headers, logger, url) {
 	const cleaned = { ...headers };
+	const changes = [];
 	if (cleaned["access-control-allow-origin"]) {
+		changes.push(`access-control-allow-origin: ${cleaned["access-control-allow-origin"]} → *`);
 		cleaned["access-control-allow-origin"] = "*";
 	}
-	delete cleaned["access-control-allow-credentials"];
-	delete cleaned["set-cookie"];
-	delete cleaned["content-security-policy"];
-	delete cleaned["strict-transport-security"];
+	if (cleaned["access-control-allow-credentials"]) { changes.push("access-control-allow-credentials"); delete cleaned["access-control-allow-credentials"]; }
+	if (cleaned["set-cookie"]) { changes.push("set-cookie"); delete cleaned["set-cookie"]; }
+	if (cleaned["content-security-policy"]) { changes.push("content-security-policy"); delete cleaned["content-security-policy"]; }
+	if (cleaned["strict-transport-security"]) { changes.push("strict-transport-security"); delete cleaned["strict-transport-security"]; }
+	if (logger && changes.length) console.log(`[stripGot] Response stripped: [${changes.join(", ")}] → ${url}`);
 	return cleaned;
 }
 
@@ -110,9 +124,10 @@ function sanitizeResponseHeaders(headers) {
  * @param {string|false} logger - Log level: "info" (success+error), "error" (errors only), false (no logs)
  * @param {Object|null} proxyAgent - Proxy agent to use for the request
  * @param {boolean} stripHeaders - Whether to sanitize request/response headers
+ * @param {boolean} stripLogger - Whether to log stripped headers
  * @returns {Promise<Object>} - The response object containing status, headers, and body
  */
-async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders) {
+async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders, stripLogger) {
 	// Determine the cache key based on configuration
 	let mainUrl = new URL(url).origin + new URL(url).pathname;
 	if (useFullUrl) {
@@ -132,7 +147,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 
 	try {
 		// Sanitize outgoing request headers if stripHeaders is enabled
-		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders) : requestHeaders;
+		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders, stripLogger, url) : requestHeaders;
 
 		// Fetch the resource using superagent
 		// buffer(true) ensures we get the raw binary data (essential for images/fonts)
@@ -149,7 +164,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 		const responseBody = response.body instanceof Buffer ? response.body : response.text;
 
 		// Sanitize response headers if stripHeaders is enabled
-		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers) : response.headers;
+		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers, stripLogger, url) : response.headers;
 
 		// Save to cache only when caching is enabled
 		if (useCache) {
@@ -199,6 +214,7 @@ export async function ppRoute({
 	useFullUrl = true,
 	useCache = true,
 	stripGotHeaders = true,
+	stripGotLogger = false,
 	proxy = null,
 	m4w_send_on_post = null,
 	m4w_send_on_message = null,
@@ -397,7 +413,8 @@ export async function ppRoute({
 					useFullUrl,
 					logger,
 					proxyAgent,
-					stripGotHeaders
+					stripGotHeaders,
+					stripGotLogger
 				);
 
 				if (response) {