block-proxy 0.1.7 → 0.1.9

package/config.json

@@ -135,8 +135,8 @@
   "web_interface_port": 8003,
   "your_domain": "yui.cool",
   "vpn_proxy": "",
-  "auth_username": "",
-  "auth_password": "",
+  "auth_username": "lijing",
+  "auth_password": "lijing",
   "enable_express": "1",
   "enable_socks5": "1",
   "socks5_port": 8002,
@@ -145,58 +145,6 @@
     {
       "ip": "192.168.124.1",
       "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.2",
-      "mac": "7C:DE:78:A9:83:A0"
-    },
-    {
-      "ip": "192.168.124.3",
-      "mac": "0:DD:B6:EA:E6:2A"
-    },
-    {
-      "ip": "192.168.124.6",
-      "mac": "0:DD:B6:EB:26:5C"
-    },
-    {
-      "ip": "192.168.124.10",
-      "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.21",
-      "mac": "DC:97:58:D:FD:9F"
-    },
-    {
-      "ip": "192.168.124.37",
-      "mac": "DE:1E:87:ED:17:8B"
-    },
-    {
-      "ip": "192.168.124.107",
-      "mac": "6:26:EA:5A:9E:6C"
-    },
-    {
-      "ip": "192.168.124.111",
-      "mac": "74:3F:C2:67:74:98"
-    },
-    {
-      "ip": "192.168.124.128",
-      "mac": "48:F3:F3:CA:1D:E"
-    },
-    {
-      "ip": "192.168.124.200",
-      "mac": "54:52:84:95:DF:5E"
-    },
-    {
-      "ip": "192.168.124.229",
-      "mac": "D6:A0:61:69:67:F6"
-    },
-    {
-      "ip": "192.168.124.240",
-      "mac": "F4:6B:8C:90:29:5"
-    },
-    {
-      "ip": "192.168.124.251",
-      "mac": "6E:FB:18:4D:9C:3E"
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "block-proxy",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "Small-scale network mitm proxy filter",
   "bin": {
     "block-proxy": "bin/start.js"
@@ -30,7 +30,7 @@
     "eject": "react-scripts eject"
   },
   "devDependencies": {
-    "@bachi/anyproxy": "^0.1.2",
+    "@bachi/anyproxy": "^0.1.3",
     "@craco/craco": "^7.1.0",
     "axios": "^1.13.2",
     "commander": "^14.0.2",

package/proxy/operator.js

@@ -0,0 +1,114 @@
+const _fs = require('./fs.js');
+const monitor = require('./monitor.js');
+
+async function getResponseByPathname(pathname, isDocker, proxyPort) {
+  if (pathname === "/favicon.ico") {
+    return {
+      response:{
+        statusCode:200,
+        body: Buffer.alloc(0)
+      }
+    };
+  } else if (pathname == "/restart_docker") {
+    if (isDocker) {
+      var msg = "请手动重启 Docker 容器。";
+    } else {
+      var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
+    }
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: msg
+      }
+    };
+  } else if (pathname == "/enable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "启用 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else {
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/html; charset=utf-8' },
+        body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
+      }
+    };
+  }
+}
+
+module.exports.getResponseByPathname = getResponseByPathname;

package/proxy/proxy.js

@@ -21,9 +21,9 @@ const { HttpsProxyAgent } = require('https-proxy-agent');
 const _request = require("./http.js").request;
 const uaFilter = require("./mitm/uaFilter.js");
 const attacker = require('./attacker.js');
-const monitor = require('./monitor.js');
 const domain = require('./domain.js');
 const wanip = require('./wanip.js');
+const operator = require("./operator.js");
 var   Rule = require("./mitm/rule.js");
 
 // 启用全局 keep-alive，使 AnyProxy 内部转发也复用连接
@@ -81,6 +81,69 @@ function preCompileRuleRegexp() {
   });
 }
 
+// 对于一些流媒体的链接不支持 407 的情况要排除验证
+// host 可能携带端口：a.com:443
+function authPass(protocol, host, url) {
+  const passHosts = [
+    "googlevideo.com", // Toutube 视频流
+    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
+    "weixin.qq.com",
+    // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
+    "xiaohongshu.com:443",
+    "zhihu.com:443",
+    ...filtered_mitm_domains
+  ];
+  //  基于 http 传输的流
+  const passUrl = [
+    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
+  ];
+
+  var pass = false;
+  // 先检查是否完全比配，即带端口的匹配
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 去掉端口后匹配
+  host = trimHost(host);
+
+  // 检查流媒体域名的排除项
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 检查流媒体类型的排除项
+  if (url != null) {
+    passUrl.some(function(item) {
+      if (item.test(url)) {
+        pass = true;
+        return true;
+      } else {
+        return false;
+      }
+    });
+  }
+
+  return pass;
+}
+
+
 async function fileExists(filePath) {
   try {
     await fs.promises.access(filePath);
@@ -658,6 +721,27 @@ async function MITMHandler(type, url, request, response) {
   return responseResult;
 }
 
+// 获得需要重写响应的规则列表，符合规则的则提高chunkSizeThreshold阈值到 20M（默认）以上，来强制整包返回
+// 否则就把chunkSizeThreshold阈值调整为 1M，超过阈值就流式返回，提高响应速度
+function getResponseRules() {
+  var Ms = [];
+
+  Object.keys(Rule).forEach(key => {
+    Ms = Ms.concat(Rule[key]);
+  });
+  var res = [];
+  for (const item of Ms) {
+    if (item['type'] == "beforeSendResponse") {
+      res.push({
+        type: item['type'],
+        host: item['host'],
+        regexp: item['regexp']
+      });
+    }
+  }
+  return res;
+}
+
 // 为 MITM 处理响应结果 body 的解压缩
 // 之前是在 Anyproxy 里做，每个 response 都处理解压缩，目的是为了返回明文，抓包看明文用的，这里没必要
 // 只需对 mitm 做解压就可以，其他的不需要解压缩的就完全透给客户端
@@ -820,53 +904,6 @@ function getProxyAuthConfig() {
   };
 }
 
-// 对于一些流媒体的链接不支持 407 的情况要排除验证
-// host 可能携带端口：a.com:443
-function authPass(protocol, host, url) {
-  const passHosts = [
-    "googlevideo.com", // Toutube 视频流
-    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
-    "weixin.qq.com",
-    ...filtered_mitm_domains
-  ];
-  //  基于 http 传输的流
-  const passUrl = [
-    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
-  ];
-
-  host = trimHost(host);
-
-  var pass = false;
-
-  // 检查流媒体域名的排除项
-  passHosts.some(function(item) {
-    if (host.toLowerCase().endsWith(item.toLowerCase())) {
-      pass = true;
-      return true;
-    } else {
-      return false;
-    }
-  });
-
-  if (pass) {
-    return pass;
-  }
-
-  // 检查流媒体类型的排除项
-  if (url != null) {
-    passUrl.some(function(item) {
-      if (item.test(url)) {
-        pass = true;
-        return true;
-      } else {
-        return false;
-      }
-    });
-  }
-
-  return pass;
-}
-
 function passRequestWithHttpAgent(requestDetail, isHttps) {
   return {
     ...requestDetail,
@@ -881,6 +918,7 @@ function getAnyProxyOptions() {
   return {
     port: proxyPort,
     rule: {
+      responseRules: getResponseRules(),
       // 验证 Proxy-Authorization
       // protocol: http, https
       // req: 原始的 Request
@@ -922,17 +960,9 @@ function getAnyProxyOptions() {
 
         const authHeader = headers['proxy-authorization'];
 
-        // Hack:
-        // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
-        // 请求不会带上authentication，这是 App 的 bug，为了避免功能不可用，这里统一 Hack 掉。
-        if (/:\d+$/ig.test(headers['host'])) {
-          return true;
-        }
-
         if (!authHeader || !authHeader.startsWith('Basic ')) {
           return this.sendAuthRequired();
         }
-
         const credentials = authHeader.substring(6); // 去掉 'Basic ' 前缀
         let decoded;
         try {
@@ -1042,7 +1072,7 @@ function getAnyProxyOptions() {
         const isHttps = url.startsWith('https:') ? true : false;
         const isHttp = !isHttps;
 
-        // 如果直接访问当前 IP 的代理端口
+        // 如果直接访问当前 IP 的代理端口  http://127.0.0.1:8001
         // 如果请求的目的是自己，防止代理回环
         // 这里没办法穷举，只能约定防火墙里绑定的转发端口和 AnyProxy 的代理端口保持一致
         // 只要不绑定其他端口，就绝对不会陷入回环问题
@@ -1051,116 +1081,12 @@ function getAnyProxyOptions() {
         if ((myIp.includes(requestOptions.hostname) && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == your_domain && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == wan_ip && requestOptions.port == proxyPort.toString()) ||
-          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问，其他机器访问 localhost 是不会走远端代理的
+          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问
+          // 其他机器访问 localhost 是不会走远端代理的
           (host == "localhost" || host == "127.0.0.1") 
         ) {
-          if (pathname === "/favicon.ico") {
-            return {
-              response:{
-                statusCode:200,
-                body: Buffer.alloc(0)
-              }
-            };
-          } else if (pathname == "/restart_docker") {
-            if (isDocker) {
-              var msg = "请手动重启 Docker 容器。";
-            } else {
-              var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
-            }
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: msg
-              }
-            };
-          } else if (pathname == "/enable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "启用 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else {
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/html; charset=utf-8' },
-                body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
-              }
-            };
-          }
+          // Operator
+          return await operator.getResponseByPathname(pathname, isDocker, proxyPort);
         }
 
         // 如果是裸IP请求，全部放行

package/proxy/scan.js

@@ -41,6 +41,11 @@ function parseArpTable(arpOutput, subnet) {
       macMatch = line.match(/(([0-9a-fA-F]{1,2}[:\-]){5}([0-9a-fA-F]{1,2}))/);
     }
 
+    if (macMatch && macMatch[0].startsWith("0:0:")) {
+      // 如果 mac 是 "0:0:0:0:4:1" 之类的，说明子网禁止扫描
+      continue;
+    }
+
     if (macMatch) {
       let mac = macMatch[1].toUpperCase();
       if (process.platform !== 'win32') {
@@ -77,9 +82,9 @@ async function doScan() {
   const subnet = getLocalSubnet();
   // 如果是 30 网段，直接返回空
   if (subnet.startsWith("30.")) {
-    return []
+    return [];
   }
-  console.log(`Scanning subnet: ${subnet}.0/24`);
+  console.log(`正在扫描网段: ${subnet}.0/24`);
 
   // Ping all IPs to populate ARP cache
   const ips = Array.from({ length: 254 }, (_, i) => `${subnet}.${i + 1}`);