npm - block-proxy - Versions diffs - 0.1.15 → 0.1.16 - Mend

block-proxy 0.1.15 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/.claude/settings.local.json +88 -34
package/.claude/skills/icon_generate/skill.md +45 -0
package/CLAUDE.md +3 -3
package/README.md +28 -187
package/client/app.py +29 -9
package/client/build.sh +6 -0
package/client/config.py +1 -0
package/client/config_window.py +36 -26
package/client/icons/app.icns +0 -0
package/client/icons/christmas-sock_light.png +0 -0
package/client/icons/christmas-sock_light_bar.png +0 -0
package/client/icons/christmas-sock_light_bar_off.png +0 -0
package/client/icons/socks_on_G.png +0 -0
package/client/icons/socks_on_G_bar.png +0 -0
package/client/icons/socks_on_M.png +0 -0
package/client/icons/socks_on_M_bar.png +0 -0
package/client/proxy_core.py +305 -21
package/client/tests/test_proxy_core_udp.py +466 -0
package/package.json +1 -1
package/socks5/server.js +74 -167
package/wiki.md +287 -0
package/client/icons/backup/app_example.png +0 -0
package/client/icons/backup/christmas-sock_dark.png +0 -0
package/client/icons/backup/christmas-sock_light.png +0 -0
package/client/icons/backup/socks_on_G.png +0 -0
package/client/icons/backup/socks_on_M.png +0 -0
package/client/icons/christmas-sock_dark.png +0 -0

package/client/config_window.py CHANGED Viewed

@@ -39,12 +39,13 @@ def show_config_window(config_path):
         config = json.load(f)
     def save_and_close():
+        config["server"]["protocol"] = protocol_var.get()
         config["server"]["address"] = entries["address"].get()
         config["server"]["port"] = int(entries["port"].get())
         config["server"]["username"] = entries["username"].get()
         config["server"]["password"] = entries["password"].get()
         config["server"]["tls"] = tls_var.get()
-        config["server"]["allowInsecure"] = insecure_var.get() == "true"
+        config["server"]["allowInsecure"] = insecure_var.get()
         config["local"]["socks_port"] = int(entries["socks_port"].get())
         config["local"]["http_port"] = int(entries["http_port"].get())
         config["local"]["udp"] = udp_var.get()
@@ -55,12 +56,12 @@ def show_config_window(config_path):
             json.dump(config, f, indent=2)
         root.destroy()
-    pos = _center_on_mouse_screen(400, 460)
+    pos = _center_on_mouse_screen(400, 490)
     root = tk.Tk()
-    root.title("Socks 节点配置")
+    root.title("节点配置")
     root.resizable(False, False)
-    w, h = 400, 460
+    w, h = 400, 490
     if pos:
         x, y = pos
     else:
@@ -76,6 +77,16 @@ def show_config_window(config_path):
     frame.grid_columnconfigure(1, weight=1)
     entries = {}
+    row = 0
+    ttk.Label(frame, text="协议:").grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
+    protocol_var = tk.StringVar(value=config["server"].get("protocol", "socks5"))
+    protocol_combo = ttk.Combobox(
+        frame, textvariable=protocol_var, values=["socks5", "http"], state="readonly", width=10
+    )
+    protocol_combo.grid(row=row, column=1, sticky="w", pady=4)
+    row += 1
     fields = [
         ("address", "地址:", config["server"]["address"]),
         ("port", "端口:", str(config["server"]["port"])),
@@ -85,44 +96,43 @@ def show_config_window(config_path):
         ("http_port", "本地HTTP端口:", str(config["local"]["http_port"])),
     ]
-    for i, (key, label, default) in enumerate(fields):
-        ttk.Label(frame, text=label).grid(row=i, column=0, sticky="w", pady=4, padx=(0, 8))
+    for key, label, default in fields:
+        ttk.Label(frame, text=label).grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
         entry = ttk.Entry(frame)
         entry.insert(0, default)
-        entry.grid(row=i, column=1, sticky="ew", pady=4)
+        entry.grid(row=row, column=1, sticky="ew", pady=4)
         entries[key] = entry
-    row = len(fields)
+        row += 1
     tls_var = tk.BooleanVar(value=config["server"]["tls"])
     ttk.Label(frame, text="启用 TLS:").grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
-    ttk.Checkbutton(frame, variable=tls_var).grid(
-        row=row, column=1, sticky="w", pady=4
-    )
+    tls_frame = ttk.Frame(frame)
+    tls_frame.grid(row=row, column=1, sticky="w", pady=4)
+    ttk.Checkbutton(tls_frame, variable=tls_var).pack(side="left")
+    ttk.Label(tls_frame, text="（需节点服务器支持）", foreground="gray").pack(side="left")
     row += 1
-    ttk.Label(frame, text="allowInsecure:").grid(row=row, column=0, sticky="w", pady=4)
-    insecure_var = tk.StringVar(
-        value="true" if config["server"]["allowInsecure"] else "false"
-    )
-    insecure_combo = ttk.Combobox(
-        frame, textvariable=insecure_var, values=["true", "false"], state="readonly", width=10
-    )
-    insecure_combo.grid(row=row, column=1, sticky="w", pady=4)
+    insecure_var = tk.BooleanVar(value=config["server"]["allowInsecure"])
+    ttk.Label(frame, text="允许不安全连接:").grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
+    insecure_frame = ttk.Frame(frame)
+    insecure_frame.grid(row=row, column=1, sticky="w", pady=4)
+    ttk.Checkbutton(insecure_frame, variable=insecure_var).pack(side="left")
+    ttk.Label(insecure_frame, text="（跳过证书验证）", foreground="gray").pack(side="left")
     row += 1
     udp_var = tk.BooleanVar(value=config["local"]["udp"])
     ttk.Label(frame, text="启用 UDP:").grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
-    ttk.Checkbutton(frame, variable=udp_var).grid(
-        row=row, column=1, sticky="w", pady=4
-    )
+    udp_frame = ttk.Frame(frame)
+    udp_frame.grid(row=row, column=1, sticky="w", pady=4)
+    ttk.Checkbutton(udp_frame, variable=udp_var).pack(side="left")
     row += 1
     proxy_private_var = tk.BooleanVar(value=config["local"].get("proxy_private", False))
     ttk.Label(frame, text="代理私有地址段:").grid(row=row, column=0, sticky="w", pady=4, padx=(0, 8))
-    ttk.Checkbutton(frame, variable=proxy_private_var).grid(
-        row=row, column=1, sticky="w", pady=4
-    )
+    private_frame = ttk.Frame(frame)
+    private_frame.grid(row=row, column=1, sticky="w", pady=4)
+    ttk.Checkbutton(private_frame, variable=proxy_private_var).pack(side="left")
+    ttk.Label(private_frame, text="（192.168.x / 172.16.x / 10.x）", foreground="gray").pack(side="left")
     row += 1
     ttk.Separator(frame, orient="horizontal").grid(

package/client/icons/app.icns CHANGED Viewed

Binary file

package/client/icons/christmas-sock_light.png CHANGED Viewed

Binary file

package/client/icons/christmas-sock_light_bar.png CHANGED Viewed

Binary file

package/client/icons/christmas-sock_light_bar_off.png ADDED Viewed

Binary file

package/client/icons/socks_on_G.png CHANGED Viewed

Binary file

package/client/icons/socks_on_G_bar.png CHANGED Viewed

Binary file

package/client/icons/socks_on_M.png CHANGED Viewed

Binary file

package/client/icons/socks_on_M_bar.png CHANGED Viewed

Binary file

package/client/proxy_core.py CHANGED Viewed

@@ -29,6 +29,21 @@ def is_private_ip(host):
 RELAY_IDLE_TIMEOUT = 300
+UDP_IDLE_TIMEOUT = 120
+async def write_udp_frame(writer, data):
+    frame = struct.pack("!H", len(data)) + data
+    writer.write(frame)
+    await writer.drain()
+async def read_udp_frame(reader):
+    length_data = await reader.readexactly(2)
+    length = struct.unpack("!H", length_data)[0]
+    if length == 0 or length > 65535:
+        raise Exception("invalid UDP frame length")
+    return await reader.readexactly(length)
 async def relay(reader, writer):
@@ -57,6 +72,7 @@ async def relay(reader, writer):
 CONNECT_TIMEOUT = 10
 HANDSHAKE_TIMEOUT = 10
+LOCAL_HANDSHAKE_TIMEOUT = 30
 async def connect_upstream_socks5(server_config, dest_addr, dest_port, ssl_ctx=None):
@@ -129,7 +145,138 @@ async def connect_upstream_socks5(server_config, dest_addr, dest_port, ssl_ctx=N
         elif reply[3] == 0x04:
             await reader.readexactly(16 + 2)
-    await asyncio.wait_for(_handshake(), timeout=HANDSHAKE_TIMEOUT)
+    try:
+        await asyncio.wait_for(_handshake(), timeout=HANDSHAKE_TIMEOUT)
+    except Exception:
+        writer.close()
+        try:
+            await writer.wait_closed()
+        except OSError:
+            pass
+        raise
+    return reader, writer
+async def connect_upstream_http(server_config, dest_addr, dest_port, ssl_ctx=None):
+    host = server_config["address"]
+    port = server_config["port"]
+    username = server_config["username"]
+    password = server_config["password"]
+    use_tls = server_config["tls"]
+    reader, writer = await asyncio.wait_for(
+        asyncio.open_connection(
+            host, port, ssl=ssl_ctx if use_tls else None,
+            server_hostname=host if use_tls else None,
+        ),
+        timeout=CONNECT_TIMEOUT,
+    )
+    async def _handshake():
+        target = f"{dest_addr}:{dest_port}"
+        lines = [f"CONNECT {target} HTTP/1.1", f"Host: {target}"]
+        if username and password:
+            import base64
+            cred = base64.b64encode(f"{username}:{password}".encode()).decode()
+            lines.append(f"Proxy-Authorization: Basic {cred}")
+        lines.append("")
+        lines.append("")
+        writer.write("\r\n".join(lines).encode())
+        await writer.drain()
+        status_line = await reader.readline()
+        if not status_line:
+            raise Exception("HTTP proxy closed connection")
+        parts = status_line.decode().split(" ", 2)
+        if len(parts) < 2 or not parts[1].startswith("2"):
+            raise Exception(f"HTTP proxy CONNECT failed: {status_line.decode().strip()}")
+        while True:
+            line = await reader.readline()
+            if line in (b"\r\n", b"\n", b""):
+                break
+    try:
+        await asyncio.wait_for(_handshake(), timeout=HANDSHAKE_TIMEOUT)
+    except Exception:
+        writer.close()
+        try:
+            await writer.wait_closed()
+        except OSError:
+            pass
+        raise
+    return reader, writer
+async def connect_upstream_udp_associate(server_config, ssl_ctx=None):
+    host = server_config["address"]
+    port = server_config["port"]
+    username = server_config["username"]
+    password = server_config["password"]
+    use_tls = server_config["tls"]
+    reader, writer = await asyncio.wait_for(
+        asyncio.open_connection(
+            host, port, ssl=ssl_ctx if use_tls else None,
+            server_hostname=host if use_tls else None,
+        ),
+        timeout=CONNECT_TIMEOUT,
+    )
+    async def _handshake():
+        if username and password:
+            writer.write(b"\x05\x01\x02")
+        else:
+            writer.write(b"\x05\x01\x00")
+        await writer.drain()
+        resp = await reader.readexactly(2)
+        if resp[0] != 0x05:
+            raise Exception("SOCKS5 version mismatch")
+        if resp[1] == 0x02:
+            uname = username.encode("utf-8")
+            passwd = password.encode("utf-8")
+            writer.write(
+                b"\x01"
+                + struct.pack("B", len(uname))
+                + uname
+                + struct.pack("B", len(passwd))
+                + passwd
+            )
+            await writer.drain()
+            auth_resp = await reader.readexactly(2)
+            if auth_resp[1] != 0x00:
+                raise Exception("SOCKS5 auth failed")
+        elif resp[1] == 0xFF:
+            raise Exception("SOCKS5 no acceptable auth method")
+        # CMD=0x03 UDP ASSOCIATE, DST.ADDR=0.0.0.0:0
+        writer.write(b"\x05\x03\x00\x01" + b"\x00" * 4 + b"\x00\x00")
+        await writer.drain()
+        reply = await reader.readexactly(4)
+        if reply[1] != 0x00:
+            raise Exception(f"SOCKS5 UDP ASSOCIATE failed: {reply[1]:#x}")
+        if reply[3] == 0x01:
+            await reader.readexactly(4 + 2)
+        elif reply[3] == 0x03:
+            length = (await reader.readexactly(1))[0]
+            await reader.readexactly(length + 2)
+        elif reply[3] == 0x04:
+            await reader.readexactly(16 + 2)
+    try:
+        await asyncio.wait_for(_handshake(), timeout=HANDSHAKE_TIMEOUT)
+    except Exception:
+        writer.close()
+        try:
+            await writer.wait_closed()
+        except OSError:
+            pass
+        raise
     return reader, writer
@@ -141,6 +288,24 @@ async def connect_direct(dest_addr, dest_port):
 MAX_CONCURRENT = 256
+class _UdpRelayProtocol(asyncio.DatagramProtocol):
+    def __init__(self, tcp_writer, loop):
+        self._tcp_writer = tcp_writer
+        self._loop = loop
+        self.client_addr = None
+        self.transport = None
+    def connection_made(self, transport):
+        self.transport = transport
+    def datagram_received(self, data, addr):
+        self.client_addr = addr
+        if self._tcp_writer.is_closing():
+            return
+        frame = struct.pack("!H", len(data)) + data
+        self._tcp_writer.write(frame)
 class ProxyCore:
     def __init__(self):
         self._loop = None
@@ -150,6 +315,7 @@ class ProxyCore:
         self._running = False
         self._server_config = None
         self._proxy_private = False
+        self._udp_enabled = True
         self._socks_port = 1080
         self._http_port = 1087
         self._ssl_ctx = None
@@ -175,6 +341,7 @@ class ProxyCore:
         self._socks_port = local["socks_port"]
         self._http_port = local["http_port"]
         self._proxy_private = local.get("proxy_private", False)
+        self._udp_enabled = local.get("udp", True)
         self._build_ssl_context()
         self._loop = asyncio.new_event_loop()
@@ -202,15 +369,25 @@ class ProxyCore:
                 self._loop.stop()
             self._loop.call_soon_threadsafe(_shutdown)
         if self._thread:
-            self._thread.join(timeout=2)
-        if self._loop:
-            self._loop.close()
+            self._thread.join(timeout=5)
+            if not self._thread.is_alive() and self._loop:
+                self._loop.close()
+            elif self._loop:
+                logger.warning("proxy thread did not exit in time, skipping loop.close()")
         self._loop = None
         self._thread = None
     def is_running(self):
         return self._running and self._thread is not None and self._thread.is_alive()
+    @property
+    def socks_port(self):
+        return self._socks_port
+    @property
+    def http_port(self):
+        return self._http_port
     async def _measure_latency(self):
         import time
         start = time.monotonic()
@@ -280,12 +457,26 @@ class ProxyCore:
     async def _start_servers(self):
         self._semaphore = asyncio.Semaphore(MAX_CONCURRENT)
-        self._socks_server = await asyncio.start_server(
-            self._handle_socks, "127.0.0.1", self._socks_port
-        )
-        self._http_server = await asyncio.start_server(
-            self._handle_http, "127.0.0.1", self._http_port
-        )
+        max_attempts = 100
+        for attempt in range(max_attempts):
+            try:
+                self._socks_server = await asyncio.start_server(
+                    self._handle_socks, "127.0.0.1", self._socks_port
+                )
+                self._http_server = await asyncio.start_server(
+                    self._handle_http, "127.0.0.1", self._http_port
+                )
+                return
+            except OSError as e:
+                if e.errno == 48 and attempt < max_attempts - 1:
+                    if self._socks_server:
+                        self._socks_server.close()
+                        await self._socks_server.wait_closed()
+                        self._socks_server = None
+                    self._socks_port += 1
+                    self._http_port += 1
+                else:
+                    raise
     async def _stop_servers(self):
         if self._socks_server:
@@ -303,6 +494,11 @@ class ProxyCore:
     async def _connect_target(self, dest_addr, dest_port):
         if self._should_direct(dest_addr):
             return await connect_direct(dest_addr, dest_port)
+        protocol = self._server_config.get("protocol", "socks5")
+        if protocol == "http":
+            return await connect_upstream_http(
+                self._server_config, dest_addr, dest_port, ssl_ctx=self._ssl_ctx
+            )
         return await connect_upstream_socks5(
             self._server_config, dest_addr, dest_port, ssl_ctx=self._ssl_ctx
         )
@@ -313,19 +509,23 @@ class ProxyCore:
     async def _do_handle_socks(self, client_reader, client_writer):
         try:
-            header = await client_reader.readexactly(2)
+            header = await asyncio.wait_for(client_reader.readexactly(2), timeout=LOCAL_HANDSHAKE_TIMEOUT)
             ver, nmethods = header
             if ver != 0x05:
                 client_writer.close()
                 return
-            await client_reader.readexactly(nmethods)
+            await asyncio.wait_for(client_reader.readexactly(nmethods), timeout=LOCAL_HANDSHAKE_TIMEOUT)
             client_writer.write(b"\x05\x00")
             await client_writer.drain()
-            req = await client_reader.readexactly(4)
+            req = await asyncio.wait_for(client_reader.readexactly(4), timeout=LOCAL_HANDSHAKE_TIMEOUT)
             ver, cmd, _, atyp = req
+            if cmd == 0x03:
+                await self._handle_udp_associate(client_reader, client_writer, atyp)
+                return
             if cmd != 0x01:
                 client_writer.write(
                     b"\x05\x07\x00\x01" + b"\x00" * 4 + b"\x00\x00"
@@ -335,13 +535,13 @@ class ProxyCore:
                 return
             if atyp == 0x01:
-                raw = await client_reader.readexactly(4)
+                raw = await asyncio.wait_for(client_reader.readexactly(4), timeout=LOCAL_HANDSHAKE_TIMEOUT)
                 dest_addr = str(ipaddress.IPv4Address(raw))
             elif atyp == 0x03:
-                length = (await client_reader.readexactly(1))[0]
-                dest_addr = (await client_reader.readexactly(length)).decode("utf-8")
+                length = (await asyncio.wait_for(client_reader.readexactly(1), timeout=LOCAL_HANDSHAKE_TIMEOUT))[0]
+                dest_addr = (await asyncio.wait_for(client_reader.readexactly(length), timeout=LOCAL_HANDSHAKE_TIMEOUT)).decode("utf-8")
             elif atyp == 0x04:
-                raw = await client_reader.readexactly(16)
+                raw = await asyncio.wait_for(client_reader.readexactly(16), timeout=LOCAL_HANDSHAKE_TIMEOUT)
                 dest_addr = str(ipaddress.IPv6Address(raw))
             else:
                 client_writer.write(
@@ -351,7 +551,7 @@ class ProxyCore:
                 client_writer.close()
                 return
-            port_data = await client_reader.readexactly(2)
+            port_data = await asyncio.wait_for(client_reader.readexactly(2), timeout=LOCAL_HANDSHAKE_TIMEOUT)
             dest_port = struct.unpack("!H", port_data)[0]
             remote_reader, remote_writer = await self._connect_target(
@@ -376,13 +576,97 @@ class ProxyCore:
             except OSError:
                 pass
+    async def _handle_udp_associate(self, client_reader, client_writer, atyp):
+        # 消费掉请求中剩余的地址和端口字段
+        try:
+            if atyp == 0x01:
+                await asyncio.wait_for(client_reader.readexactly(4 + 2), timeout=LOCAL_HANDSHAKE_TIMEOUT)
+            elif atyp == 0x03:
+                length = (await asyncio.wait_for(client_reader.readexactly(1), timeout=LOCAL_HANDSHAKE_TIMEOUT))[0]
+                await asyncio.wait_for(client_reader.readexactly(length + 2), timeout=LOCAL_HANDSHAKE_TIMEOUT)
+            elif atyp == 0x04:
+                await asyncio.wait_for(client_reader.readexactly(16 + 2), timeout=LOCAL_HANDSHAKE_TIMEOUT)
+        except Exception:
+            client_writer.close()
+            return
+        protocol = self._server_config.get("protocol", "socks5")
+        udp_enabled = getattr(self, "_udp_enabled", True)
+        if protocol != "socks5" or not udp_enabled:
+            client_writer.write(b"\x05\x07\x00\x01" + b"\x00" * 4 + b"\x00\x00")
+            await client_writer.drain()
+            client_writer.close()
+            return
+        try:
+            remote_reader, remote_writer = await connect_upstream_udp_associate(
+                self._server_config, ssl_ctx=self._ssl_ctx
+            )
+        except Exception:
+            client_writer.write(b"\x05\x05\x00\x01" + b"\x00" * 4 + b"\x00\x00")
+            await client_writer.drain()
+            client_writer.close()
+            return
+        loop = asyncio.get_event_loop()
+        transport, udp_relay = await loop.create_datagram_endpoint(
+            lambda: _UdpRelayProtocol(remote_writer, loop),
+            local_addr=("127.0.0.1", 0),
+        )
+        relay_addr = transport.get_extra_info("sockname")
+        relay_port = relay_addr[1]
+        # 回复客户端 UDP relay 地址
+        reply = b"\x05\x00\x00\x01\x7f\x00\x00\x01" + struct.pack("!H", relay_port)
+        client_writer.write(reply)
+        await client_writer.drain()
+        async def _tcp_to_udp():
+            try:
+                while True:
+                    frame_data = await asyncio.wait_for(
+                        read_udp_frame(remote_reader), timeout=UDP_IDLE_TIMEOUT
+                    )
+                    if udp_relay.client_addr:
+                        transport.sendto(frame_data, udp_relay.client_addr)
+            except (asyncio.TimeoutError, asyncio.IncompleteReadError,
+                    ConnectionResetError, BrokenPipeError, OSError):
+                pass
+        async def _wait_control_close():
+            try:
+                await client_reader.read(1)
+            except (ConnectionResetError, BrokenPipeError, OSError):
+                pass
+        tasks = [
+            asyncio.ensure_future(_tcp_to_udp()),
+            asyncio.ensure_future(_wait_control_close()),
+        ]
+        try:
+            await asyncio.wait(tasks, return_when=asyncio.FIRST_COMPLETED)
+            for t in tasks:
+                t.cancel()
+        finally:
+            transport.close()
+            remote_writer.close()
+            try:
+                await remote_writer.wait_closed()
+            except OSError:
+                pass
+            try:
+                client_writer.close()
+                await client_writer.wait_closed()
+            except OSError:
+                pass
     async def _handle_http(self, client_reader, client_writer):
         async with self._semaphore:
             await self._do_handle_http(client_reader, client_writer)
     async def _do_handle_http(self, client_reader, client_writer):
         try:
-            raw_line = await client_reader.readline()
+            raw_line = await asyncio.wait_for(client_reader.readline(), timeout=LOCAL_HANDSHAKE_TIMEOUT)
             if not raw_line:
                 client_writer.close()
                 return
@@ -404,7 +688,7 @@ class ProxyCore:
                     port = 443
                 while True:
-                    header_line = await client_reader.readline()
+                    header_line = await asyncio.wait_for(client_reader.readline(), timeout=LOCAL_HANDSHAKE_TIMEOUT)
                     if header_line in (b"\r\n", b"\n", b""):
                         break
@@ -442,7 +726,7 @@ class ProxyCore:
                     headers = []
                     while True:
-                        header_line = await client_reader.readline()
+                        header_line = await asyncio.wait_for(client_reader.readline(), timeout=LOCAL_HANDSHAKE_TIMEOUT)
                         if header_line in (b"\r\n", b"\n", b""):
                             break
                         headers.append(header_line)