block-proxy 0.1.8 → 0.1.9

package/config.json

@@ -145,62 +145,6 @@
     {
       "ip": "192.168.124.1",
       "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.2",
-      "mac": "7C:DE:78:A9:83:A0"
-    },
-    {
-      "ip": "192.168.124.3",
-      "mac": "0:DD:B6:EA:E6:2A"
-    },
-    {
-      "ip": "192.168.124.6",
-      "mac": "0:DD:B6:EB:26:5C"
-    },
-    {
-      "ip": "192.168.124.10",
-      "mac": "FA:27:3C:E5:31:5F"
-    },
-    {
-      "ip": "192.168.124.21",
-      "mac": "DC:97:58:D:FD:9F"
-    },
-    {
-      "ip": "192.168.124.37",
-      "mac": "DE:1E:87:ED:17:8B"
-    },
-    {
-      "ip": "192.168.124.107",
-      "mac": "6:26:EA:5A:9E:6C"
-    },
-    {
-      "ip": "192.168.124.111",
-      "mac": "74:3F:C2:67:74:98"
-    },
-    {
-      "ip": "192.168.124.128",
-      "mac": "48:F3:F3:CA:1D:E"
-    },
-    {
-      "ip": "192.168.124.200",
-      "mac": "54:52:84:95:DF:5E"
-    },
-    {
-      "ip": "192.168.124.229",
-      "mac": "D6:A0:61:69:67:F6"
-    },
-    {
-      "ip": "192.168.124.240",
-      "mac": "F4:6B:8C:90:29:5"
-    },
-    {
-      "ip": "192.168.124.251",
-      "mac": "6E:FB:18:4D:9C:3E"
-    },
-    {
-      "ip": "192.168.240.207",
-      "mac": "32:BC:EC:7C:66:F6"
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "block-proxy",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Small-scale network mitm proxy filter",
   "bin": {
     "block-proxy": "bin/start.js"
@@ -30,7 +30,7 @@
     "eject": "react-scripts eject"
   },
   "devDependencies": {
-    "@bachi/anyproxy": "^0.1.2",
+    "@bachi/anyproxy": "^0.1.3",
     "@craco/craco": "^7.1.0",
     "axios": "^1.13.2",
     "commander": "^14.0.2",

package/proxy/operator.js

@@ -0,0 +1,114 @@
+const _fs = require('./fs.js');
+const monitor = require('./monitor.js');
+
+async function getResponseByPathname(pathname, isDocker, proxyPort) {
+  if (pathname === "/favicon.ico") {
+    return {
+      response:{
+        statusCode:200,
+        body: Buffer.alloc(0)
+      }
+    };
+  } else if (pathname == "/restart_docker") {
+    if (isDocker) {
+      var msg = "请手动重启 Docker 容器。";
+    } else {
+      var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
+    }
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: msg
+      }
+    };
+  } else if (pathname == "/enable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_express") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_express: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 express 后台设置成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "开启 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_socks5") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_socks5: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 socks5 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/disable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "0"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "关闭 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else if (pathname == "/enable_webinterface") {
+    var configData = await _fs.readConfig();
+    _fs.writeConfig({
+      ...configData,
+      enable_webinterface: "1"
+    });
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: "启用 webinterface 成功，请重启 Docker。"
+      }
+    };
+  } else {
+    return {
+      response: {
+        statusCode: 200,
+        header: { 'Content-Type': 'text/html; charset=utf-8' },
+        body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
+      }
+    };
+  }
+}
+
+module.exports.getResponseByPathname = getResponseByPathname;

package/proxy/proxy.js

@@ -21,9 +21,9 @@ const { HttpsProxyAgent } = require('https-proxy-agent');
 const _request = require("./http.js").request;
 const uaFilter = require("./mitm/uaFilter.js");
 const attacker = require('./attacker.js');
-const monitor = require('./monitor.js');
 const domain = require('./domain.js');
 const wanip = require('./wanip.js');
+const operator = require("./operator.js");
 var   Rule = require("./mitm/rule.js");
 
 // 启用全局 keep-alive，使 AnyProxy 内部转发也复用连接
@@ -81,6 +81,69 @@ function preCompileRuleRegexp() {
   });
 }
 
+// 对于一些流媒体的链接不支持 407 的情况要排除验证
+// host 可能携带端口：a.com:443
+function authPass(protocol, host, url) {
+  const passHosts = [
+    "googlevideo.com", // Toutube 视频流
+    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
+    "weixin.qq.com",
+    // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
+    "xiaohongshu.com:443",
+    "zhihu.com:443",
+    ...filtered_mitm_domains
+  ];
+  //  基于 http 传输的流
+  const passUrl = [
+    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
+  ];
+
+  var pass = false;
+  // 先检查是否完全比配，即带端口的匹配
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 去掉端口后匹配
+  host = trimHost(host);
+
+  // 检查流媒体域名的排除项
+  passHosts.some(function(item) {
+    if (host.toLowerCase().endsWith(item.toLowerCase())) {
+      pass = true;
+      return true;
+    } else {
+      return false;
+    }
+  });
+  if (pass) {
+    return pass;
+  }
+
+  // 检查流媒体类型的排除项
+  if (url != null) {
+    passUrl.some(function(item) {
+      if (item.test(url)) {
+        pass = true;
+        return true;
+      } else {
+        return false;
+      }
+    });
+  }
+
+  return pass;
+}
+
+
 async function fileExists(filePath) {
   try {
     await fs.promises.access(filePath);
@@ -658,6 +721,27 @@ async function MITMHandler(type, url, request, response) {
   return responseResult;
 }
 
+// 获得需要重写响应的规则列表，符合规则的则提高chunkSizeThreshold阈值到 20M（默认）以上，来强制整包返回
+// 否则就把chunkSizeThreshold阈值调整为 1M，超过阈值就流式返回，提高响应速度
+function getResponseRules() {
+  var Ms = [];
+
+  Object.keys(Rule).forEach(key => {
+    Ms = Ms.concat(Rule[key]);
+  });
+  var res = [];
+  for (const item of Ms) {
+    if (item['type'] == "beforeSendResponse") {
+      res.push({
+        type: item['type'],
+        host: item['host'],
+        regexp: item['regexp']
+      });
+    }
+  }
+  return res;
+}
+
 // 为 MITM 处理响应结果 body 的解压缩
 // 之前是在 Anyproxy 里做，每个 response 都处理解压缩，目的是为了返回明文，抓包看明文用的，这里没必要
 // 只需对 mitm 做解压就可以，其他的不需要解压缩的就完全透给客户端
@@ -820,53 +904,6 @@ function getProxyAuthConfig() {
   };
 }
 
-// 对于一些流媒体的链接不支持 407 的情况要排除验证
-// host 可能携带端口：a.com:443
-function authPass(protocol, host, url) {
-  const passHosts = [
-    "googlevideo.com", // Toutube 视频流
-    "dns.weixin.qq.com.cn", // 微信的 dns 预解析
-    "weixin.qq.com",
-    ...filtered_mitm_domains
-  ];
-  //  基于 http 传输的流
-  const passUrl = [
-    /\.(m3u8|mp4|mpd|ts|webm|avi|mkv)$/i
-  ];
-
-  host = trimHost(host);
-
-  var pass = false;
-
-  // 检查流媒体域名的排除项
-  passHosts.some(function(item) {
-    if (host.toLowerCase().endsWith(item.toLowerCase())) {
-      pass = true;
-      return true;
-    } else {
-      return false;
-    }
-  });
-
-  if (pass) {
-    return pass;
-  }
-
-  // 检查流媒体类型的排除项
-  if (url != null) {
-    passUrl.some(function(item) {
-      if (item.test(url)) {
-        pass = true;
-        return true;
-      } else {
-        return false;
-      }
-    });
-  }
-
-  return pass;
-}
-
 function passRequestWithHttpAgent(requestDetail, isHttps) {
   return {
     ...requestDetail,
@@ -881,6 +918,7 @@ function getAnyProxyOptions() {
   return {
     port: proxyPort,
     rule: {
+      responseRules: getResponseRules(),
       // 验证 Proxy-Authorization
       // protocol: http, https
       // req: 原始的 Request
@@ -922,17 +960,9 @@ function getAnyProxyOptions() {
 
         const authHeader = headers['proxy-authorization'];
 
-        // Hack:
-        // xiaohongshu.com:443，小红书App和知乎 App 里发起带端口的请求，收到 407 后第二次
-        // 请求不会带上authentication，这是 App 的 bug，为了避免功能不可用，这里统一 Hack 掉。
-        if (/:\d+$/ig.test(headers['host'])) {
-          return true;
-        }
-
         if (!authHeader || !authHeader.startsWith('Basic ')) {
           return this.sendAuthRequired();
         }
-
         const credentials = authHeader.substring(6); // 去掉 'Basic ' 前缀
         let decoded;
         try {
@@ -1042,7 +1072,7 @@ function getAnyProxyOptions() {
         const isHttps = url.startsWith('https:') ? true : false;
         const isHttp = !isHttps;
 
-        // 如果直接访问当前 IP 的代理端口
+        // 如果直接访问当前 IP 的代理端口  http://127.0.0.1:8001
         // 如果请求的目的是自己，防止代理回环
         // 这里没办法穷举，只能约定防火墙里绑定的转发端口和 AnyProxy 的代理端口保持一致
         // 只要不绑定其他端口，就绝对不会陷入回环问题
@@ -1051,116 +1081,12 @@ function getAnyProxyOptions() {
         if ((myIp.includes(requestOptions.hostname) && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == your_domain && requestOptions.port == proxyPort.toString()) ||
           (requestOptions.hostname == wan_ip && requestOptions.port == proxyPort.toString()) ||
-          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问，其他机器访问 localhost 是不会走远端代理的
+          // 如果这里收到了 localhost 或 127.0.0.1 的访问，一定是本机访问
+          // 其他机器访问 localhost 是不会走远端代理的
           (host == "localhost" || host == "127.0.0.1") 
         ) {
-          if (pathname === "/favicon.ico") {
-            return {
-              response:{
-                statusCode:200,
-                body: Buffer.alloc(0)
-              }
-            };
-          } else if (pathname == "/restart_docker") {
-            if (isDocker) {
-              var msg = "请手动重启 Docker 容器。";
-            } else {
-              var msg = "当前程序不在 Docker 容器内，请在终端终止程序后再 npm run start 启动。";
-            }
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: msg
-              }
-            };
-          } else if (pathname == "/enable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_express") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_express: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 express 后台设置成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "开启 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_socks5") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_socks5: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 socks5 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/disable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "0"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "关闭 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else if (pathname == "/enable_webinterface") {
-            var configData = await _fs.readConfig();
-            _fs.writeConfig({
-              ...configData,
-              enable_webinterface: "1"
-            });
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/plain; charset=utf-8' },
-                body: "启用 webinterface 成功，请重启 Docker。"
-              }
-            };
-          } else {
-            return {
-              response: {
-                statusCode: 200,
-                header: { 'Content-Type': 'text/html; charset=utf-8' },
-                body: '<pre>' + await monitor.getSystemMonitorInfo(proxyPort) + '</pre>'
-              }
-            };
-          }
+          // Operator
+          return await operator.getResponseByPathname(pathname, isDocker, proxyPort);
         }
 
         // 如果是裸IP请求，全部放行

package/tools/speed_test.sh

@@ -0,0 +1,121 @@
+#!/usr/bin/env sh
+
+# --- 参数检查 ---
+if [ $# -eq 0 ]; then
+    echo "用法: $0 <URL> [TARGET_IP]"
+    echo "说明: 若提供 TARGET_IP，则绕过 DNS，直连该 IP 并使用 URL 中的域名作为 SNI/Host"
+    echo "示例:"
+    echo "  $0 https://www.taobao.com"
+    echo "  $0 https://www.taobao.com 211.100.8.95"
+    exit 1
+fi
+
+URL="$1"
+TARGET_IP="${2:-}"  # 第二个参数可选
+PROXY="socks5://127.0.0.1:1081"
+TUNNEL_PID=""
+SOCAT_LOG="/tmp/socat_error.log"
+
+# --- 从 URL 提取主机名（用于 --resolve 和 SNI）---
+# 移除协议头，再截断路径和端口
+HOST=$(echo "$URL" | sed -E 's|^[^:]+://||' | sed -E 's|/.*$||' | sed -E 's/:.*$//')
+PORT="443"
+
+cleanup() {
+    if [ -n "$TUNNEL_PID" ]; then
+        # 检查进程是否存在
+        if kill -0 "$TUNNEL_PID" 2>/dev/null; then
+            echo "" >&2
+            # echo "🛑 正在终止 socat 隧道 (PID: $TUNNEL_PID)..." >&2
+            kill "$TUNNEL_PID" 2>/dev/null
+
+            # 等待最多 1 秒让它优雅退出
+            i=0
+            while kill -0 "$TUNNEL_PID" 2>/dev/null && [ $i -lt 10 ]; do
+                sleep 0.1
+                i=$((i + 1))
+            done
+
+            # 如果还在，强制杀死
+            if kill -0 "$TUNNEL_PID" 2>/dev/null; then
+                echo "⚠️  强制终止 socat..." >&2
+                kill -9 "$TUNNEL_PID" 2>/dev/null
+            fi
+
+            # 清理僵尸进程
+            wait "$TUNNEL_PID" 2>/dev/null
+        fi
+    fi
+    rm -f "$SOCAT_LOG"
+    exit "${1:-0}"
+}
+
+trap cleanup EXIT INT TERM
+
+# --- 检查本地端口 1081 是否已被占用 ---
+if command -v ss >/dev/null 2>&1; then
+    if ss -tuln 2>/dev/null | grep -q ':1081\b'; then
+        echo "⚠️  警告: 本地端口 1081 已被占用，socat 可能启动失败。"
+    fi
+elif command -v netstat >/dev/null 2>&1; then
+    if netstat -tuln 2>/dev/null | grep -q ':1081\b'; then
+        echo "⚠️  警告: 本地端口 1081 已被占用，socat 可能启动失败。"
+    fi
+fi
+
+# --- 启动 socat 隧道，并记录错误 ---
+echo "🔌 正在启动隧道: socat → OPENSSL:yui.cool:8002 ..."
+socat TCP-LISTEN:1081,fork,bind=127.0.0.1 OPENSSL:yui.cool:8002,verify=0 >"$SOCAT_LOG" 2>&1 &
+TUNNEL_PID=$!
+sleep 0.5
+
+# --- 检查 socat 是否仍在运行 ---
+if ! kill -0 "$TUNNEL_PID" 2>/dev/null; then
+    echo "❌ 隧道启动失败！socat 报错如下："
+    if [ -s "$SOCAT_LOG" ]; then
+        cat "$SOCAT_LOG"
+    else
+        echo "（无详细错误，可能进程立即崩溃）"
+    fi
+    exit 1
+else
+    : > "$SOCAT_LOG"  # 清空日志
+fi
+
+# --- 构建 curl 命令 ---
+CURL_CMD="curl -k -I --proxy '$PROXY'"
+
+if [ -n "$TARGET_IP" ]; then
+    CURL_CMD="$CURL_CMD --resolve '$HOST:$PORT:$TARGET_IP'"
+    echo "🌐 绕过 DNS: 直连 $TARGET_IP，SNI = $HOST"
+else
+    echo "🌐 使用代理解析 DNS（常规模式）"
+fi
+
+echo "📡 请求: $URL via $PROXY"
+
+# --- 执行 curl 并计时 ---
+FINAL_CMD="$CURL_CMD $URL"
+
+echo "$FINAL_CMD"
+
+{ time_output=$( { time eval "$FINAL_CMD"; } 2>&1 1>&3 ); } 3>&1
+exit_code=$?
+
+# --- 提取状态行 ---
+status_line=$(printf "%s\n" "$time_output" | head -n 1)
+
+if [ "$exit_code" -eq 0 ]; then
+    echo "✅ 响应状态: $status_line"
+else
+    echo "❌ 请求失败（退出码: $exit_code）"
+    [ -n "$status_line" ] && echo "⚠️  部分响应: $status_line"
+fi
+
+# --- 显示耗时 ---
+real_time=$(printf "%s\n" "$time_output" | grep "^real" | awk '{print $2}')
+if [ -n "$real_time" ]; then
+    echo "⏱️  耗时: $real_time"
+else
+    echo "⚠️  无法获取耗时（shell 不支持 time 内置命令的格式）"
+fi