npm - block-proxy - Versions diffs - 0.1.1 → 0.1.4 - Mend

block-proxy 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md CHANGED Viewed

@@ -18,27 +18,42 @@
 ### 1）使用方法
-#### ①  快速部署
+#### ① 方式一：快速部署
 安装：
-`npm install -g block-proxy`
+```
+npm install -g block-proxy
+```
 启动：
-`block-proxy`
+```
+block-proxy
+```
+或者带配置文件启动
+```
+block-proxy -c rule.js
+```
+配置文件参照 [rule.js](example/rule.js)，可留空
-#### ②  Docker 部署（推荐）
+#### ② 方式二，Docker 部署（推荐）
 1. 下载 Docker 文件
    - Arm 架构 → <a href="http://yui.cool:7001/public/downloads/block-proxy/arm/block-proxy.tar" target=_blank>block-proxy-arm.tar</a>
    - X86 架构 → <a href="http://yui.cool:7001/public/downloads/block-proxy/x86/block-proxy-x86.tar" target=_blank>block-proxy-x86.tar</a>
 2. 导入：`docker load < block-proxy.tar`
 3. 启动：参照下文 Docker 部署
-4. 服务端配置：配置面板 <http://server-ip:8004>，关闭、启用配置面板：<http://server-ip:8001>
-5. 客户端配置：http 代理直接在 iphone wifi 详情里手动配置，socks5 代理只支持 socks5 over TLS，用小火箭配置。配置信息参照[配置面板](http://localhost:8004)
-### 2）开发和调试
+### 2）端口配置
+1. 服务端配置：配置面板 <http://server-ip:8004>，关闭、启用配置面板：<http://server-ip:8001>
+2. 客户端配置：http 代理直接在 iphone wifi 详情里手动配置，socks5 代理只支持 socks5 over TLS，用小火箭配置。配置信息参照[配置面板](http://localhost:8004)
+### 3）开发和调试
 代码 clone 下来后执行`pnpm i`，执行 `npm run dev` 运行本地服务。默认开启 5 个端口：
@@ -51,7 +66,7 @@
 |8004  |后台配置页端口  | 可禁用 |
-### 3）Docker 构建和部署
+### 4）Docker 构建说明
 准备工作，构建 docker 包，先启动本地 Docker：
@@ -77,9 +92,12 @@ docker run --init -d --restart=unless-stopped \
            --log-opt max-file=3 \
            --cpus="5" \
            --memory 400m \
+           -v "$(pwd)/":/app/config \
            --name block-proxy block-proxy
 ```
+其中挂载目录 `$(pws)/` 下的 `rule.js` 是需要额外挂载的配置文件，可留空。
 > block-proxy 可以配置只启动 proxy 不启动后台面板，首次启动后访问 http://代理IP:8001 根据提示操作。
 网关里为了方便获取子网机器 ip 和 mac 地址，docker 容器需要和宿主机共享同一个网络，同时指定时区。
@@ -88,14 +106,15 @@ docker run --init -d --restart=unless-stopped \
 ```
 docker run --init -d --restart=unless-stopped --user=root \
+           -v "$(pwd)/":/app/config \
            -e TZ=Asia/Shanghai -p 8001:8001 -p 8002:8002 -p 8003:8003 \
            --name block-proxy block-proxy
 ```
-### 4）配置说明
+### 5）配置说明
-#### 代理端口
+#### ① 代理端口
 默认开启两个代理端口：HTTP 8001 和 Socks5（over TLS） 8002。
@@ -103,7 +122,7 @@ docker run --init -d --restart=unless-stopped --user=root \
 ⚠️ 使用小火箭的 Socks5 over TLS 代理，TLS 选项里勾选“允许不安全”
-#### 后台配置
+#### ② 后台配置
 访问路径：`http://proxy-ip:8004`
@@ -112,16 +131,16 @@ docker run --init -d --restart=unless-stopped --user=root \
 <img src="https://github.com/user-attachments/assets/16f47d3f-1ef9-47a2-8640-c7e04ec64e1a" width=300 />
-#### 设备配置
+#### ③ 设备配置
 1. 代理设置：iPhone/iPad 为例：设置 → 无线局域网 → 点击当前网络 → HTTP代理/配置代理，设置服务器和端口。
-2. 证书设置：打开anproxy监控地址（8003端口），扫码安装证书，在手机设置中安装该证书，同时配置完全信任：设置→通用→关于本机→证书信任设置→打开对AnyProxy的完全信任
+2. 证书设置：打开 anproxy 监控地址（8003端口），扫码安装证书，在手机设置中安装该证书，同时配置完全信任：设置→通用→关于本机→证书信任设置→打开对AnyProxy的完全信任
 小朋友的设备里把 Mac 固定下来：
 <img width="350" alt="image" src="https://github.com/user-attachments/assets/f9bfab89-7194-4a72-b1ae-5cca27911bc9" />
-#### 禁掉设备直连
+#### ④ 禁掉设备直连
 防止小朋友修改网Wifi连接，只允许设备通过代理访问，把直连上网权限关掉。网关里配置防火墙规则：
@@ -133,7 +152,7 @@ ip6tables -I forwarding_rule -m mac --mac-source D2:9E:8D:1B:F1:4E -j REJECT
 然后重启防火墙
-### 5）使用说明
+### 6）更多信息
 #### 应用条件：

package/bin/start.js CHANGED Viewed

@@ -2,44 +2,124 @@
 const { spawn } = require('child_process');
 const path = require('path');
+const { Command } = require('commander');
+const program = new Command();
+const _fs = require('../proxy/fs.js');
-// 获取包根目录和 start.js 路径
 const pkgDir = path.join(__dirname, '..');
 const startScript = path.resolve(pkgDir, 'server/start.js');
+const MAX_RESTARTS = 10000;
+let restartCount = 0;
+let restartTimer = null;
+let currentChild = null; // 👈 全局引用当前子进程
-// 构造命令：先运行 npm run cp，再运行 node server/start.js
-const command = `npm run cp && node "${startScript}"`;
+function startApp() {
+  const command = `npm run cp && node "${startScript}"`;
+  console.error(`[💟] Block-Proxy 启动 (第 ${restartCount + 1} 次): ${command}`);
-console.error(`[💟] Block-Proxy 启动: ${command}`);
+  currentChild = spawn(command, {
+    cwd: pkgDir,
+    shell: true,
+    stdio: 'pipe'
+  });
-// 使用 spawn + shell: true 来支持 && 和管道
-const child = spawn(command, {
-  cwd: pkgDir,
-  shell: true,           // ⭐ 必须启用 shell 才能解析 &&、|、> 等
-  stdio: 'pipe'          // 我们要手动处理流
-});
+  currentChild.stdout.on('data', (data) => {
+    process.stdout.write(data);
+  });
-// 实时输出 stdout（流式）
-child.stdout.on('data', (data) => {
-  process.stdout.write(data); // 直接写到父进程 stdout
-});
+  currentChild.stderr.on('data', (data) => {
+    process.stderr.write(data);
+  });
-// 实时输出 stderr（流式）
-child.stderr.on('data', (data) => {
-  process.stderr.write(data);
-});
+  currentChild.on('close', async (code, signal) => {
+    currentChild = null; // 清空引用
+    if (restartTimer) {
+      clearTimeout(restartTimer);
+      restartTimer = null;
+    }
+    await _fs.clearGlobalConfigFile();
+    if (code === 0) {
+      console.error('[block proxy] 正常退出，不重启。');
+      process.exit(0);
+      return;
+    }
+    if (signal === 'SIGINT' || signal === 'SIGTERM') {
+      console.error('[block-proxy] 被信号终止，不重启。');
+      process.exit(128 + (signal === 'SIGINT' ? 2 : 15));
+      return;
+    }
+    if (restartCount < MAX_RESTARTS) {
+      restartCount++;
+      console.error(`[block proxy] 将在 3 秒后自动重启...（已重启 ${restartCount}/${MAX_RESTARTS} 次）`);
+      restartTimer = setTimeout(() => {
+        restartTimer = null;
+        startApp();
+      }, 3000);
+    } else {
+      console.error(`[block proxy] 已达到最大重启次数 (${MAX_RESTARTS})，停止尝试。`);
+      process.exit(1);
+    }
+  });
+}
-// 处理子进程退出
-child.on('close', (code, signal) => {
-  console.error(`\n[my_app] Process exited with code ${code}`);
-  process.exit(code || 0);
+// ✅ 只注册一次 SIGINT 监听器（在 startApp 外部！）
+process.on('SIGINT', async () => {
+  console.error('\n[block proxy] 收到 SIGINT，正在关闭子进程...');
+  await _fs.clearGlobalConfigFile();
+  if (restartTimer) {
+    clearTimeout(restartTimer);
+    restartTimer = null;
+  }
+  if (currentChild) {
+    currentChild.kill('SIGINT');
+    // 注意：不要在这里 exit，等 close 事件处理
+  } else {
+    // 如果没有子进程，直接退出
+    process.exit(0);
+  }
 });
-// 转发 Ctrl+C 信号（重要！）
-process.on('SIGINT', () => {
-  console.error('\n[my_app] Received SIGINT, shutting down...');
-  child.kill('SIGINT'); // 发送中断信号给子进程
-  setTimeout(() => {
-    child.kill('SIGTERM'); // 2秒后强制终止
-  }, 2000);
+process.on('SIGTERM', () => {
+  console.error('\n[block proxy] 收到 SIGTERM，正在关闭子进程...');
+  if (restartTimer) {
+    clearTimeout(restartTimer);
+    restartTimer = null;
+  }
+  if (currentChild) {
+    currentChild.kill('SIGTERM');
+  } else {
+    process.exit(0);
+  }
 });
+(async function() {
+  program
+    .name('block-proxy')
+    .description('极简的 MITM 代理工具：https://github.com/jayli/block-proxy')
+    .version('0.1.3')
+    .option('-c, --config <config>', 'MITM 配置文件');
+  program.parse(process.argv);
+  const options = program.opts();
+  if (options.config && options.config != "") {
+    if (path.isAbsolute(options.config)) {
+      await _fs.setGlobalConfigFile(options.config);
+    } else {
+      var pwd = process.cwd();
+      var configFile = path.resolve(pwd, options.config);
+      await _fs.setGlobalConfigFile(configFile);
+    }
+  }
+  // 启动
+  startApp();
+})();

package/config.json CHANGED Viewed

@@ -245,6 +245,14 @@
     {
       "ip": "192.168.124.128",
       "mac": "48:F3:F3:CA:1D:E"
+    },
+    {
+      "ip": "192.168.124.66",
+      "mac": "E2:4D:6E:1:21:6E"
+    },
+    {
+      "ip": "192.168.124.125",
+      "mac": "14:C0:50:14:6E:A5"
     }
   ]
-}
+}

package/example/rule.js ADDED Viewed

@@ -0,0 +1,39 @@
+module.exports = {
+  AAA: [
+    {
+      'type': 'beforeSendResponse',
+      'host': '163.com',
+      'regexp': "/123/v1/(browse|next)",
+      'callback': async function(url, request, response) {
+        return {
+          response
+        }
+      } // -- callback
+    },
+    {
+      'type': 'beforeSendResponse',
+      'host': '163.com',
+      'regexp': "/456",
+      'callback': async function(url, request, response) {
+        return {
+          response
+        }
+      } // -- callback
+    }
+  ],
+  BBB: [
+    {
+      type: "beforeSendRequest",
+      host: "163.com",
+      regexp: "/hello",
+      callback: async function(url, request, response) {
+        return {
+          response : {
+            statusCode: 200,
+            body: 'hello world'
+          }
+        }
+      }
+    }
+  ]
+};

package/package.json CHANGED Viewed

@@ -1,9 +1,9 @@
 {
   "name": "block-proxy",
-  "version": "0.1.1",
-  "description": "Small-scale network proxy filter",
-  "bin":{
-    "block-proxy": "./bin/start.js"
+  "version": "0.1.4",
+  "description": "Small-scale network mitm proxy filter",
+  "bin": {
+    "block-proxy": "bin/start.js"
   },
   "dependencies": {
     "react": "^19.2.0",
@@ -33,11 +33,11 @@
     "@craco/craco": "^7.1.0",
     "anyproxy": "^4.1.3",
     "axios": "^1.13.2",
+    "commander": "^14.0.2",
     "express": "^5.1.0",
     "http-proxy-agent": "^7.0.2",
     "https-proxy-agent": "^7.0.6",
-    "ping": "^1.0.0",
-    "write-file-atomic": "^7.0.0"
+    "ping": "^1.0.0"
   },
   "browserslist": {
     "production": [

package/proxy/fs.js CHANGED Viewed

@@ -1,7 +1,6 @@
 // proxy/fs.js
 const fs = require('fs').promises;
 const path = require('path');
-const writeFileAtomic = require('write-file-atomic'); // 引入 write-file-atomic
 const configPath = path.join(__dirname, '../config.json');
 const CONFIG_FILE_PATH = configPath;
@@ -9,9 +8,6 @@ const CONFIG_FILE_PATH = configPath;
 // 传入的是对象
 async function writeConfig(newData) {
   try {
-    // 使用 write-file-atomic 进行原子写入
-    // 它会在内部创建一个临时文件，写入成功后再重命名为目标文件
-    // await writeFileAtomic(CONFIG_FILE_PATH, JSON.stringify(newData, null, 2), 'utf8');
     await fs.writeFile(CONFIG_FILE_PATH, JSON.stringify(newData, null, 2), 'utf8');
     // console.log('Config file written successfully');
   } catch (error) {
@@ -41,7 +37,33 @@ async function readConfig() {
   }
 }
+async function setGlobalConfigFile(configFile) {
+  var data = await readConfig();
+  data.config_file = configFile;
+  await writeConfig(data);
+}
+async function getGlobalConfigFile() {
+  var data = await readConfig();
+  if (data.hasOwnProperty("config_file")) {
+    return data.config_file;
+  } else {
+    return null;
+  }
+}
+async function clearGlobalConfigFile() {
+  var data = await readConfig();
+  if (data.hasOwnProperty("config_file")) {
+    delete data.config_file
+  }
+  await writeConfig(data);
+}
 module.exports = {
   writeConfig,
-  readConfig
+  readConfig,
+  setGlobalConfigFile,
+  getGlobalConfigFile,
+  clearGlobalConfigFile
 };

package/proxy/proxy.js CHANGED Viewed

@@ -7,6 +7,7 @@ const path = require('path');
 const { start } = require('repl');
 const net = require('net');
 const scanNetwork = require("./scan").scanNetwork;
+const setScanStatus = require("./scan").setScanStatus;
 const util = require('util');
 const zlib = require('zlib');
 const _util = require('../server/util.js');
@@ -18,12 +19,12 @@ const axios = require('axios');
 const { HttpProxyAgent } = require('http-proxy-agent');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const _request = require("./http.js").request;
-const Rule = require("./mitm/rule.js");
 const uaFilter = require("./mitm/uaFilter.js");
 const attacker = require('./attacker.js');
 const monitor = require('./monitor.js');
 const domain = require('./domain.js');
 const wanip = require('./wanip.js');
+var   Rule = require("./mitm/rule.js");
 // 启用全局 keep-alive，使 AnyProxy 内部转发也复用连接
 http.globalAgent.keepAlive = true;
@@ -80,6 +81,45 @@ function preCompileRuleRegexp() {
   });
 }
+async function fileExists(filePath) {
+  try {
+    await fs.promises.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+// 引入从命令行传进来的 rule.js，并加载
+async function loadGlobalConfigFile() {
+  var configFile = await _fs.getGlobalConfigFile();
+  await _fs.clearGlobalConfigFile();
+  if (configFile == null) {
+    return;
+  } else {
+    var extraRule = require(configFile);
+    Rule = {
+      ...Rule,
+      ...extraRule
+    }
+  }
+}
+// 引入 Docker 挂载目录下的 rule.js，并加载
+async function loadDockerMountedConfigFile() {
+  var rulePath = path.join(__dirname, '../config/rule.js');
+  var fileOK = await fileExists(rulePath);
+  if (fileOK) {
+    var extraRule = require(rulePath);
+    Rule = {
+      ...Rule,
+      ...extraRule
+    }
+  } else {
+    return;
+  }
+}
 function isEmpty(obj) {
   if (obj === null || obj === undefined) {
     return true;
@@ -207,7 +247,12 @@ async function loadConfig() {
 async function updateWanIp() {
   // var ips = await domain.getDomainIP(your_domain);
-  var ip = await wanip.getPublicIp();
+  var ip = "0.0.0.0";
+  try {
+    ip = await wanip.getPublicIp();
+  } catch(e) {
+    ip = "0.0.0.0";
+  }
   if (ip === null) {
     ip = "0.0.0.0";
   }
@@ -398,12 +443,10 @@ function startProxyServer() {
     proxyServerInstance = new AnyProxy.ProxyServer(options);
     proxyServerInstance.on('ready', () => {
-      console.log(`✅ Proxy server started on port ${proxyPort}`);
+      console.log(`✅ \x1b[32mHTTP 代理服务启动，端口 ${proxyPort}\x1b[0m`);
       if (enable_webinterface == "1") {
-        console.log(`✅ Web interface available on port ${webInterfacePort}`);
+        console.log(`✅ \x1b[32mAnyProxy 监控面板启动，端口 ${webInterfacePort}\x1b[0m`);
       }
-      console.log('Intercepting requests to hosts:', blockHosts.join(', '));
-      console.log('All other requests will be passed through without HTTPS interception');
     });
     proxyServerInstance.on('error', (e) => {
@@ -1359,6 +1402,7 @@ var LocalProxy = {
       newRouterMap = await scanNetwork();
     } catch (e) {
       newRouterMap = [];
+      setScanStatus("0");
     }
     var mergedRouterMap = [];
@@ -1445,7 +1489,17 @@ var LocalProxy = {
       return;
     }
-    console.log('启动代理服务 LocalProxy.init() ');
+    // 加载命令行里携带的配置文件
+    await loadGlobalConfigFile();
+    // 加载 Docker 挂载目录中的配置文件
+    await loadDockerMountedConfigFile();
+    // 预编译 MITM Rule 的正则
+    preCompileRuleRegexp();
+    // 启动时重置 Scan 本地扫描
+    setScanStatus("0");
+    console.log('启动代理服务');
     console.log('Dev server started, starting LocalProxy...');
     is_running_in_docker = _util.isRunningInDocker();
     if (is_running_in_docker) {
@@ -1481,8 +1535,9 @@ var LocalProxy = {
 };
 // 预编译 MITM Rule 的正则
-(function() {
-  preCompileRuleRegexp();
+(async function() {
+  // await loadGlobalConfigFile();
+  // preCompileRuleRegexp();
 })();
 module.exports = LocalProxy;

package/proxy/scan.js CHANGED Viewed

@@ -106,7 +106,7 @@ var tempDevices = [];
 async function scanNetwork() {
   var status = await getScanStatus();
   if (status == "1") {
-    await setScanStatus("0");
+    // await setScanStatus("0");
     return tempDevices;
   } else {
     await setScanStatus("1");
@@ -117,4 +117,5 @@ async function scanNetwork() {
   }
 }
+module.exports.setScanStatus = setScanStatus;
 module.exports.scanNetwork = scanNetwork;

package/server/express.js CHANGED Viewed

@@ -206,7 +206,6 @@ module.exports = {
   init: function() {
     // 启动服务器
     app.listen(PORT, async () => {
-      console.log(`✅ 静态服务器运行在 http://localhost:${PORT}`);
       // 如果是开发环境，则启动SSR服务，开启端口3000
       if (DEV === '1') {
         const child = exec('npm run craco', { cwd: path.join(__dirname,'../') });
@@ -227,6 +226,7 @@ module.exports = {
       }
       // 启动本地代理
       await LocalProxy.init();
+      console.log(`✅ \x1b[32m后台配置面板启动 → http://localhost:${PORT}\x1b[0m`);
     });
   }
 };

package/socks5/server.js CHANGED Viewed

@@ -196,6 +196,12 @@ async function init() {
     // 创建 TLS 封装的 SOCKS5 服务器
     const server = tls.createServer(tlsOptions, async (socket) => {
+      // 👇 关键：捕获 socket 级别的错误（包括 ECONNRESET）
+      socket.on('error', (err) => {
+        console.warn('Client socket error (ignored):', err.message);
+        // 不需要手动 destroy()，Node.js 会自动关闭
+      });
       try {
         // Step 1: 协商认证方法
         const authMethodsBuf = await new Promise((resolve) => {
@@ -295,6 +301,11 @@ async function init() {
       }
     });
+    server.on('clientError', (err, socket) => {
+      console.warn('TLS client error during handshake:', err.message);
+      socket?.end(); // 安全关闭
+    });
     // 错误处理
     server.on('tlsClientError', (err, tlsSocket) => {
       console.warn('TLS handshake failed:', err.message);
@@ -307,10 +318,10 @@ async function init() {
     // 启动监听
     server.listen(LISTEN_PORT, () => {
-      console.log(`✅ SOCKS5 over TLS server started on port ${LISTEN_PORT}`);
-      console.log(`🔒 Credentials and traffic are encrypted via TLS`);
-      console.log(`➡️  TCP → downstream HTTP proxy at ${DOWNSTREAM_HTTP_PROXY_HOST}:${DOWNSTREAM_HTTP_PROXY_PORT}`);
-      console.log(`➡️  UDP → direct local relay`);
+      console.log(`✅ \x1b[32mSOCKS5 (over TLS) 服务启动，端口 ${LISTEN_PORT}\x1b[0m`);
+      console.log(`🔒 传输加密和认证基于 TLS`);
+      console.log(`➡️  TCP → 流量转发至 HTTP 代理 → ${DOWNSTREAM_HTTP_PROXY_HOST}:${DOWNSTREAM_HTTP_PROXY_PORT}`);
+      console.log(`➡️  UDP → 直接发起请求`);
     });
   } catch (err) {
     console.error('Failed to initialize SOCKS5-TLS proxy:', err);

package/AD_BLOCK.md DELETED Viewed

@@ -1,38 +0,0 @@
-[Rule]
-AND,((DOMAIN-SUFFIX,googlevideo.com), (PROTOCOL,UDP)),REJECT
-AND,((DOMAIN,youtubei.googleapis.com), (PROTOCOL,UDP)),REJECT
-[URL Rewrite]
-(^https?:\/\/[\w-]+\.googlevideo\.com\/(?!dclk_video_ads).+?)&ctier=L(&.+?),ctier,(.+) $1$2$3 302
-^https?:\/\/[\w-]+\.googlevideo\.com\/(?!(dclk_video_ads|videoplayback\?)).+&oad _ reject-200
-^https?:\/\/(www|s)\.youtube\.com\/api\/stats\/ads _ reject-200
-^https?:\/\/(www|s)\.youtube\.com\/(pagead|ptracking) _ reject-200
-^https?:\/\/s\.youtube\.com\/api\/stats\/qoe\?adcontext _ reject-200
-[Script]
-youtube.response = type=http-response,pattern=^https:\/\/youtubei\.googleapis\.com\/youtubei\/v1\/(browse|next|player|search|reel\/reel_watch_sequence|guide|account\/get_setting|get_watch),requires-body=1,max-size=-1,binary-body-mode=1,engine={{{脚本执行引擎}}},script-path=https://raw.githubusercontent.com/Maasea/sgmodule/master/Script/Youtube/youtube.response.js,argument="{"lyricLang":"{{{歌词翻译语言}}}","captionLang":"{{{字幕翻译语言}}}","blockUpload":{{{屏蔽上传按钮}}},"blockImmersive":{{{屏蔽选段按钮}}},"debug":{{{启用调试模式}}}}"
-[MITM]
-hostname = %APPEND% -redirector*.googlevideo.com,*.googlevideo.com,www.youtube.com,s.youtube.com,youtubei.googleapis.com
---------------------
-youtube.com
-`^https?:\/\/(www|s)\.youtube\.com\/api\/stats\/ads`
-youtube.com
-`^https?:\/\/(www|s)\.youtube\.com\/(pagead|ptracking)`
-youtube.com
-`^https?:\/\/s\.youtube\.com\/api\/stats\/qoe\?adcontext`
-googlevideo.com
-`^https?:\/\/[\w-]+\.googlevideo\.com\/(?!(dclk_video_ads|videoplayback\?)).+(&oad|ctier)`
-s.youtube.com
-`^https?:\/\/s\.youtube\.com\/api\/stats\/atr.+&is_ad=1`
-youtube.com
-`^https?:\/\/(www|s)\.youtube\.com\/pcs\/activeview.+&ad_cpn=`