block-proxy 0.1.8 → 0.1.10

package/config.json

@@ -145,62 +145,6 @@
     {
       "ip": "192.168.124.1",
       "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.2",
-      "mac": "7C:DE:78:A9:83:A0"
-    },
-    {
-      "ip": "192.168.124.3",
-      "mac": "0:DD:B6:EA:E6:2A"
-    },
-    {
-      "ip": "192.168.124.6",
-      "mac": "0:DD:B6:EB:26:5C"
-    },
-    {
-      "ip": "192.168.124.10",
-      "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.21",
-      "mac": "DC:97:58:D:FD:9F"
-    },
-    {
-      "ip": "192.168.124.37",
-      "mac": "DE:1E:87:ED:17:8B"
-    },
-    {
-      "ip": "192.168.124.107",
-      "mac": "6:26:EA:5A:9E:6C"
-    },
-    {
-      "ip": "192.168.124.111",
-      "mac": "74:3F:C2:67:74:98"
-    },
-    {
-      "ip": "192.168.124.128",
-      "mac": "48:F3:F3:CA:1D:E"
-    },
-    {
-      "ip": "192.168.124.200",
-      "mac": "54:52:84:95:DF:5E"
-    },
-    {
-      "ip": "192.168.124.229",
-      "mac": "D6:A0:61:69:67:F6"
-    },
-    {
-      "ip": "192.168.124.240",
-      "mac": "F4:6B:8C:90:29:5"
-    },
-    {
-      "ip": "192.168.124.251",
-      "mac": "6E:FB:18:4D:9C:3E"
-    },
-    {
-      "ip": "192.168.240.207",
-      "mac": "32:BC:EC:7C:66:F6"
     }
   ]
-}
+}

package/example/rule.js

@@ -37,3 +37,4 @@ module.exports = {
     }
   ]
 };
+

package/hack-of-anyproxy/lib/requestHandler.js

@@ -46,6 +46,28 @@ function normalizeSocketKey(ip, port) {
   return ip + ":" + port
 }
 
+// 判断是否命中 responseRules
+function matchResponseRule(responseRules, userConfig) {
+  try {
+    var hostname = userConfig.requestOptions.hostname.split(":")[0].toLowerCase();
+    var pathname = userConfig.requestOptions.path; // 带query
+    var url = `${userConfig.protocol}://${hostname}${pathname}`
+    var matched = false;
+    for (const item of responseRules) {
+      if (hostname.endsWith(item["host"]) && new RegExp(item['regexp']).test(url)) {
+        matched = true;
+        break;
+      } else {
+        continue;
+      }
+    }
+    return matched;
+  } catch (e) {
+    console.log(e);
+    return false;
+  }
+}
+
 class CommonReadableStream extends Readable {
   constructor(config) {
     super({
@@ -467,6 +489,15 @@ function getUserReqHandler(userRule, recorder) {
 
       // route user config
       .then(co.wrap(function *(userConfig) {
+        // Modified 2026-1-15
+        // 增加了对 responseRules 的判断，如果需要对 BeforeResponse 进行拦截
+        // 则让 chunkSizeThreshold 为很大的值（默认20M），以便让 response 一次性返回，方便BeforeResponse处理
+        // 否则以 512k 为上线，只要返回的数据达到阈值，就直接返回给调用端，以提高性能
+        if (userRule.responseRules && matchResponseRule(userRule.responseRules, userConfig)) {
+          var _chunkSizeThreshold = chunkSizeThreshold;
+        } else {
+          var _chunkSizeThreshold = 0.5 * 1024 * 1024; // 512K
+        }
         if (userConfig.response) {
           // user-assigned local response
           userConfig._directlyPassToRespond = true;
@@ -474,7 +505,7 @@ function getUserReqHandler(userRule, recorder) {
         } else if (userConfig.requestOptions) {
           const remoteResponse = yield fetchRemoteResponse(userConfig.protocol, userConfig.requestOptions, userConfig.requestData, {
             dangerouslyIgnoreUnauthorized: reqHandlerCtx.dangerouslyIgnoreUnauthorized,
-            chunkSizeThreshold,
+            chunkSizeThreshold: _chunkSizeThreshold,
           });
           return {
             response: {
@@ -1026,3 +1057,4 @@ class RequestHandler {
 }
 
 module.exports = RequestHandler;
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "block-proxy",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "Small-scale network mitm proxy filter",
   "bin": {
     "block-proxy": "bin/start.js"
@@ -16,7 +16,7 @@
     "url": "git+https://github.com/jayli/block-proxy.git"
   },
   "scripts": {
-    "cp": "echo '---- program start ----'",
+    "cp": "echo '----- program start -----'",
     "craco": "craco start",
     "dev": "BLOCK_PROXY_DEV=1 npm run express",
     "start": "npm run express",
@@ -30,7 +30,7 @@
     "eject": "react-scripts eject"
   },
   "devDependencies": {
-    "@bachi/anyproxy": "^0.1.2",
+    "@bachi/anyproxy": "^0.1.3",
     "@craco/craco": "^7.1.0",
     "axios": "^1.13.2",
     "commander": "^14.0.2",

package/proxy/operator.js

@@ -0,0 +1,114 @@
+const _fs = require('./fs.js');
+const monitor = require('./monitor.js');
+
+async function getResponseByPathname(pathname, isDocker, proxyPort) {
+  if (pathname === "/favicon.ico") {
+    return {
+      response:{
+        statusCode:200,
+        body: Buffer.alloc(0)
+      }
+    };
+  } else if (pathname == "/restart_docker") {
+    if (isDocker) {
+      var msg = "请手动重启 Docker 容器。";
+    } else {
+      var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
+    }
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: msg
+      }
+    };
+  } else if (pathname == "/enable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "启用 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else {
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/html; charset=utf-8' },
+        body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
+      }
+    };
+  }
+}
+
+module.exports.getResponseByPathname = getResponseByPathname;

package/proxy/proxy.js

@@ -21,19 +21,20 @@ const { HttpsProxyAgent } = require('https-proxy-agent');
 const _request = require("./http.js").request;
 const uaFilter = require("./mitm/uaFilter.js");
 const attacker = require('./attacker.js');
-const monitor = require('./monitor.js');
 const domain = require('./domain.js');
 const wanip = require('./wanip.js');
+const operator = require("./operator.js");
 var   Rule = require("./mitm/rule.js");
 
 // 启用全局 keep-alive，使 AnyProxy 内部转发也复用连接
 http.globalAgent.keepAlive = true;
 https.globalAgent.keepAlive = true;
-http.globalAgent.maxSockets = 50;
-https.globalAgent.maxSockets = 50;
+// 连接上限 50 应该足够了，设置 100 留足 buffer
+http.globalAgent.maxSockets = 100;
+https.globalAgent.maxSockets = 100;
 
-const httpAgent = new http.Agent({ keepAlive: true, maxSockets: 50 });
-const httpsAgent = new https.Agent({ keepAlive: true, maxSockets: 50 });
+const httpAgent = new http.Agent({ keepAlive: true, maxSockets: 100 });
+const httpsAgent = new https.Agent({ keepAlive: true, maxSockets: 100 });
 
 // 全局参数
 const configPath = path.join(__dirname, '../config.json');
@@ -81,6 +82,71 @@ function preCompileRuleRegexp() {
   });
 }
 
+// 对于一些流媒体的链接不支持 407 的情况要排除验证
+// host 可能携带端口：a.com:443
+function authPass(protocol, host, url) {
+  const passHosts = [
+    "googlevideo.com", // Toutube 视频流
+    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
+    "weixin.qq.com",
+    // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
+    "xiaohongshu.com:443",
+    "xiaohongshu.com",
+    "xhscdn.com",
+    "zhihu.com:443",
+    ...filtered_mitm_domains
+  ];
+  //  基于 http 传输的流
+  const passUrl = [
+    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
+  ];
+
+  var pass = false;
+  // 先检查是否完全比配，即带端口的匹配
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 去掉端口后匹配
+  host = trimHost(host);
+
+  // 检查流媒体域名的排除项
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 检查流媒体类型的排除项
+  if (url != null) {
+    passUrl.some(function(item) {
+      if (item.test(url)) {
+        pass = true;
+        return true;
+      } else {
+        return false;
+      }
+    });
+  }
+
+  return pass;
+}
+
+
 async function fileExists(filePath) {
   try {
     await fs.promises.access(filePath);
@@ -658,6 +724,27 @@ async function MITMHandler(type, url, request, response) {
   return responseResult;
 }
 
+// 获得需要重写响应的规则列表，符合规则的则提高chunkSizeThreshold阈值到 20M（默认）以上，来强制整包返回
+// 否则就把chunkSizeThreshold阈值调整为 1M，超过阈值就流式返回，提高响应速度
+function getResponseRules() {
+  var Ms = [];
+
+  Object.keys(Rule).forEach(key => {
+    Ms = Ms.concat(Rule[key]);
+  });
+  var res = [];
+  for (const item of Ms) {
+    if (item['type'] == "beforeSendResponse") {
+      res.push({
+        type: item['type'],
+        host: item['host'],
+        regexp: item['regexp']
+      });
+    }
+  }
+  return res;
+}
+
 // 为 MITM 处理响应结果 body 的解压缩
 // 之前是在 Anyproxy 里做，每个 response 都处理解压缩，目的是为了返回明文，抓包看明文用的，这里没必要
 // 只需对 mitm 做解压就可以，其他的不需要解压缩的就完全透给客户端
@@ -820,53 +907,6 @@ function getProxyAuthConfig() {
   };
 }
 
-// 对于一些流媒体的链接不支持 407 的情况要排除验证
-// host 可能携带端口：a.com:443
-function authPass(protocol, host, url) {
-  const passHosts = [
-    "googlevideo.com", // Toutube 视频流
-    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
-    "weixin.qq.com",
-    ...filtered_mitm_domains
-  ];
-  //  基于 http 传输的流
-  const passUrl = [
-    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
-  ];
-
-  host = trimHost(host);
-
-  var pass = false;
-
-  // 检查流媒体域名的排除项
-  passHosts.some(function(item) {
-    if (host.toLowerCase().endsWith(item.toLowerCase())) {
-      pass = true;
-      return true;
-    } else {
-      return false;
-    }
-  });
-
-  if (pass) {
-    return pass;
-  }
-
-  // 检查流媒体类型的排除项
-  if (url != null) {
-    passUrl.some(function(item) {
-      if (item.test(url)) {
-        pass = true;
-        return true;
-      } else {
-        return false;
-      }
-    });
-  }
-
-  return pass;
-}
-
 function passRequestWithHttpAgent(requestDetail, isHttps) {
   return {
     ...requestDetail,
@@ -881,6 +921,7 @@ function getAnyProxyOptions() {
   return {
     port: proxyPort,
     rule: {
+      responseRules: getResponseRules(),
       // 验证 Proxy-Authorization
       // protocol: http, https
       // req: 原始的 Request
@@ -922,17 +963,9 @@ function getAnyProxyOptions() {
 
         const authHeader = headers['proxy-authorization'];
 
-        // Hack:
-        // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
-        // 请求不会带上authentication，这是 App 的 bug，为了避免功能不可用，这里统一 Hack 掉。
-        if (/:\d+$/ig.test(headers['host'])) {
-          return true;
-        }
-
         if (!authHeader || !authHeader.startsWith('Basic ')) {
           return this.sendAuthRequired();
         }
-
         const credentials = authHeader.substring(6); // 去掉 'Basic ' 前缀
         let decoded;
         try {
@@ -1042,7 +1075,7 @@ function getAnyProxyOptions() {
         const isHttps = url.startsWith('https:') ? true : false;
         const isHttp = !isHttps;
 
-        // 如果直接访问当前 IP 的代理端口
+        // 如果直接访问当前 IP 的代理端口  http://127.0.0.1:8001
         // 如果请求的目的是自己，防止代理回环
         // 这里没办法穷举，只能约定防火墙里绑定的转发端口和 AnyProxy 的代理端口保持一致
         // 只要不绑定其他端口，就绝对不会陷入回环问题
@@ -1051,116 +1084,12 @@ function getAnyProxyOptions() {
         if ((myIp.includes(requestOptions.hostname) && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == your_domain && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == wan_ip && requestOptions.port == proxyPort.toString()) ||
-          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问，其他机器访问 localhost 是不会走远端代理的
+          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问
+          // 其他机器访问 localhost 是不会走远端代理的
           (host == "localhost" || host == "127.0.0.1") 
         ) {
-          if (pathname === "/favicon.ico") {
-            return {
-              response:{
-                statusCode:200,
-                body: Buffer.alloc(0)
-              }
-            };
-          } else if (pathname == "/restart_docker") {
-            if (isDocker) {
-              var msg = "请手动重启 Docker 容器。";
-            } else {
-              var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
-            }
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: msg
-              }
-            };
-          } else if (pathname == "/enable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "启用 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else {
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/html; charset=utf-8' },
-                body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
-              }
-            };
-          }
+          // Operator
+          return await operator.getResponseByPathname(pathname, isDocker, proxyPort);
         }
 
         // 如果是裸IP请求，全部放行

package/proxy/scan.js

@@ -78,6 +78,46 @@ async function getScanStatus() {
   return loadedConfig.network_scanning_status;
 }
 
+// 并发控制器，限制同时进行的 ping 数量
+class ConcurrentPingController {
+  constructor(maxConcurrent = 32, batchDelay = 50) {
+    this.maxConcurrent = maxConcurrent;
+    this.batchDelay = batchDelay; // 批次之间的延迟（毫秒）
+  }
+
+  // 批量执行 ping，控制并发数（真正的批次并发）
+  async batchPing(ips, timeout = 1) {
+    const results = [];
+
+    // 将IP列表分成多个批次
+    for (let i = 0; i < ips.length; i += this.maxConcurrent) {
+      const batch = ips.slice(i, i + this.maxConcurrent);
+
+      // 并发执行当前批次的所有ping
+      const batchPromises = batch.map(ip =>
+        ping.promise.probe(ip, { timeout })
+      );
+
+      const batchResults = await Promise.allSettled(batchPromises);
+
+      // 将批次结果添加到总结果中
+      batch.forEach((ip, index) => {
+        results.push({
+          ip,
+          result: batchResults[index]
+        });
+      });
+
+      // 如果不是最后一个批次，则添加延迟
+      if (i + this.maxConcurrent < ips.length) {
+        await new Promise(resolve => setTimeout(resolve, this.batchDelay));
+      }
+    }
+
+    return results;
+  }
+}
+
 async function doScan() {
   const subnet = getLocalSubnet();
   // 如果是 30 网段，直接返回空
@@ -86,11 +126,17 @@ async function doScan() {
   }
   console.log(`正在扫描网段: ${subnet}.0/24`);
 
-  // Ping all IPs to populate ARP cache
+  // 创建并发控制器，限制同时进行32个ping，批次间延迟50ms
+  const controller = new ConcurrentPingController(32, 50);
+
+  // 生成所有IP地址
   const ips = Array.from({ length: 254 }, (_, i) => `${subnet}.${i + 1}`);
-  await Promise.allSettled(ips.map(ip => ping.promise.probe(ip, { timeout: 1 })));
 
-  // Read ARP table via system command
+  // 使用并发控制器分批ping所有IP
+  console.log(`开始并发ping扫描，最大并发数: 32，批次延迟: 50ms`);
+  await controller.batchPing(ips, 1); // 使用1秒超时，ping结果仅用于填充ARP缓存
+
+  // 读取ARP表以获取MAC地址
   const cmd = process.platform === 'win32' ? 'arp -a' : 'arp -a';
   const arpOutput = await new Promise((resolve, reject) => {
     exec(cmd, async (error, stdout) => {

package/server/express.js

@@ -232,3 +232,4 @@ module.exports = {
     });
   }
 };
+

package/socks5/test_tls_reuse.js

@@ -38,3 +38,4 @@ sock1.on('secureConnect', () => {
   };
   setTimeout(trySecond, 5);
 });
+

package/src/setupTests.js

@@ -3,3 +3,4 @@
 // expect(element).toHaveTextContent(/react/i)
 // learn more: https://github.com/testing-library/jest-dom
 import '@testing-library/jest-dom';
+