fbi-proxy 1.6.2 → 1.8.0

package/dist/cli.js

@@ -2365,14 +2365,14 @@ function usage(yargs, shim2) {
     const logger = yargs.getInternalMethods().getLoggerInstance();
     if (fails.length) {
       for (let i = fails.length - 1;i >= 0; --i) {
-        const fail = fails[i];
-        if (isBoolean(fail)) {
+        const fail2 = fails[i];
+        if (isBoolean(fail2)) {
           if (err)
             throw err;
           else if (msg)
             throw Error(msg);
         } else {
-          fail(msg, err, self);
+          fail2(msg, err, self);
         }
       }
     } else {
@@ -2429,7 +2429,7 @@ function usage(yargs, shim2) {
     examples.push([cmd, description || ""]);
   };
   let commands = [];
-  self.command = function command(cmd, description, isDefault, aliases, deprecated = false) {
+  self.command = function command2(cmd, description, isDefault, aliases, deprecated = false) {
     if (isDefault) {
       commands = commands.map((cmdArray) => {
         cmdArray[2] = false;
@@ -5009,6 +5009,8 @@ import { spawn } from "child_process";
 
 // node_modules/from-node-stream/dist/index.js
 function fromReadable(i) {
+  if (i instanceof ReadableStream)
+    return i;
   return new ReadableStream({
     start: (c) => {
       i.on("data", (data) => c.enqueue(data));
@@ -5232,14 +5234,14 @@ await yargs_default(hideBin(process.argv)).option("dev", {
   description: "Run in development mode"
 }).help().argv;
 console.log("Preparing Binaries");
-var FBIPROXY_PORT = String(await getPorts({ port: 2432 }));
+var FBI_PROXY_PORT = process.env.FBI_PROXY_PORT || String(await getPorts({ port: 2432 }));
 var proxyProcess = await hotMemo(async () => {
   const proxy = await getFbiProxyBinary();
   console.log("Starting Rust proxy server");
   const p = $2.opt({
     env: {
       ...process.env,
-      FBIPROXY_PORT
+      FBI_PROXY_PORT
     }
   })`${proxy}`.process;
   p.on("exit", (code) => {
@@ -5250,7 +5252,7 @@ var proxyProcess = await hotMemo(async () => {
 });
 console.log("All services started successfully!");
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
+console.log(`Proxy server running on port: ${FBI_PROXY_PORT}`);
 var exit = () => {
   console.log("Shutting down...");
   proxyProcess?.kill?.();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fbi-proxy",
-  "version": "1.6.2",
+  "version": "1.8.0",
   "description": "FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing",
   "keywords": [
     "development-tools",
@@ -40,31 +40,46 @@
     "lint": "prettier --check .",
     "prepare": "husky",
     "start": "bun ts/cli.ts",
-    "start:rs": "./target/release/fbi-proxy"
+    "start:rs": "./target/release/fbi-proxy",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:e2e": "vitest run e2e",
+    "test:e2e:watch": "vitest e2e",
+    "test:coverage": "vitest run --coverage"
   },
   "dependencies": {
-    "execa": "^9.6.0",
-    "from-node-stream": "^0.1.0",
+    "execa": "^9.6.1",
+    "from-node-stream": "^0.1.2",
     "get-port": "^7.1.0",
     "hot-memo": "^1.1.1",
-    "sflow": "^1.24.5",
+    "sflow": "^1.27.0",
     "tsa-composer": "^1.0.0",
     "yargs": "^17.7.2"
   },
   "devDependencies": {
+    "@playwright/test": "^1.58.2",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/github": "^9.2.0",
+    "@semantic-release/github": "^9.2.6",
+    "@semantic-release/npm": "^13.1.3",
     "@types/bun": "latest",
     "@types/minimist": "^1.2.5",
+    "@types/ws": "^8.18.1",
+    "@vitest/ui": "^3.2.4",
     "husky": "^9.1.7",
-    "lint-staged": "^16.1.2",
-    "prettier": "^3.6.2",
-    "semantic-release": "^22.0.0",
-    "semantic-release-cargo": "^2.4.0"
+    "lint-staged": "^16.2.7",
+    "node-fetch": "^3.3.2",
+    "playwright": "^1.58.2",
+    "prettier": "^3.8.1",
+    "semantic-release": "^24.0.0",
+    "semantic-release-cargo": "^2.4.2",
+    "vite": "^7.3.1",
+    "vitest": "^3.2.4",
+    "ws": "^8.19.0"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=22.14.0"
   },
   "lint-staged": {
     "*.{ts,js}": [
@@ -74,5 +89,8 @@
       "bun --bun prettier --write"
     ]
   },
-  "trustedDependencies": []
+  "trustedDependencies": [],
+  "overrides": {
+    "@semantic-release/npm": "^13.1.3"
+  }
 }

package/rs/fbi-proxy.rs

@@ -1,20 +1,30 @@
 use clap::{Arg, Command};
 use futures_util::{SinkExt, StreamExt};
+use http_body_util::{BodyExt, Full};
+use hyper::body::{Bytes, Incoming};
 use hyper::header::{HeaderValue, HOST};
-use hyper::service::{make_service_fn, service_fn};
-use hyper::{Body, Client, Request, Response, Server, StatusCode, Uri};
+use hyper::server::conn::http1;
+use hyper::service::service_fn;
+use hyper::{Method, Request, Response, StatusCode, Uri};
 use hyper_tungstenite::{HyperWebsocket, WebSocketStream};
+use hyper_util::client::legacy::{Client, connect::HttpConnector};
+use hyper_util::rt::TokioIo;
 use log::{error, info};
 use regex::Regex;
 use std::convert::Infallible;
 use std::net::SocketAddr;
 use std::sync::Arc;
+use std::time::Duration;
+use tokio::net::{TcpListener, TcpStream};
+use tokio::time::timeout;
+use tokio::io::copy_bidirectional;
 use tokio_tungstenite::connect_async;
 
 type BoxError = Box<dyn std::error::Error + Send + Sync>;
+type BoxBody = http_body_util::combinators::BoxBody<Bytes, hyper::Error>;
 
 pub struct FBIProxy {
-    client: Client<hyper::client::HttpConnector>,
+    client: Client<HttpConnector, BoxBody>,
     number_regex: Regex,
     domain_filter: Option<String>,
 }
@@ -51,8 +61,15 @@ for subdomains
 */
 impl FBIProxy {
     pub fn new(domain_filter: Option<String>) -> Self {
+        let mut connector = HttpConnector::new();
+        // Set connection timeout to 5 seconds to avoid hanging on invalid hosts
+        connector.set_connect_timeout(Some(Duration::from_secs(3)));
+
+        let client = Client::builder(hyper_util::rt::TokioExecutor::new())
+            .build(connector);
+
         Self {
-            client: Client::new(),
+            client,
             number_regex: Regex::new(r"^\d+$").unwrap(),
             domain_filter,
         }
@@ -131,7 +148,7 @@ impl FBIProxy {
         Some((format!("{}:80", host), host.to_string()))
     }
 
-    pub async fn handle_request(&self, mut req: Request<Body>) -> Result<Response<Body>, BoxError> {
+    pub async fn handle_request(&self, req: Request<Incoming>) -> Result<Response<BoxBody>, BoxError> {
         // Extract host from headers and process according to rules
         let host_header = req
             .headers()
@@ -157,13 +174,133 @@ impl FBIProxy {
                 );
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("Bad Gateway: Host not allowed"))?);
+                    .body(Full::new(Bytes::from("Bad Gateway: Host not allowed")).map_err(|e| match e {}).boxed())?);
             }
         };
         
         let method = req.method().clone();
         let original_uri = req.uri().clone();
 
+        // Handle HTTP CONNECT tunneling (used by browsers for WebSocket/HTTPS through proxy)
+        if method == Method::CONNECT {
+            // For CONNECT, the URI contains the target authority (host:port)
+            // Parse the target from the URI
+            let connect_target = if let Some(authority) = req.uri().authority() {
+                authority.to_string()
+            } else {
+                // Fallback to parsed host
+                target_host.clone()
+            };
+
+            // Apply domain filtering to CONNECT target
+            let connect_host = connect_target.split(':').next().unwrap_or(&connect_target);
+            if let Some(ref domain) = self.domain_filter {
+                if !domain.is_empty() && !connect_host.ends_with(domain) {
+                    info!(
+                        "CONNECT {} => REJECTED{} 502",
+                        host_header,
+                        original_uri
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("Bad Gateway: Host not allowed")).map_err(|e| match e {}).boxed())?);
+                }
+            }
+
+            // Parse the connect target for routing
+            let tunnel_target = if let Some(ref domain) = self.domain_filter {
+                if !domain.is_empty() && connect_host.ends_with(domain) {
+                    // Strip domain and apply routing rules
+                    let prefix_len = connect_host.len() - domain.len();
+                    let stripped = if prefix_len > 0 && connect_host.chars().nth(prefix_len - 1) == Some('.') {
+                        &connect_host[..prefix_len - 1]
+                    } else if prefix_len == 0 {
+                        "localhost"
+                    } else {
+                        connect_host
+                    };
+
+                    // Apply number rule: if stripped is numeric, route to localhost:port
+                    if self.number_regex.is_match(stripped) {
+                        // Get the port from the connect target
+                        let _port = connect_target.split(':').nth(1).unwrap_or("80");
+                        format!("localhost:{}", stripped)
+                    } else {
+                        connect_target.clone()
+                    }
+                } else {
+                    connect_target.clone()
+                }
+            } else {
+                connect_target.clone()
+            };
+
+            info!(
+                "CONNECT {}@{}{} tunneling",
+                host_header,
+                tunnel_target,
+                original_uri
+            );
+
+            // Connect to upstream with timeout
+            let connect_result = timeout(
+                Duration::from_secs(3),
+                TcpStream::connect(&tunnel_target)
+            ).await;
+
+            match connect_result {
+                Ok(Ok(upstream)) => {
+                    // Spawn a task to handle the tunnel
+                    tokio::spawn(async move {
+                        // The upgrade happens after we return the response
+                        // We need to use hyper's upgrade mechanism
+                        match hyper::upgrade::on(req).await {
+                            Ok(upgraded) => {
+                                let mut upgraded = TokioIo::new(upgraded);
+                                let mut upstream = upstream;
+
+                                // Bidirectional copy
+                                if let Err(e) = copy_bidirectional(&mut upgraded, &mut upstream).await {
+                                    error!("Tunnel error: {}", e);
+                                }
+                            }
+                            Err(e) => {
+                                error!("Upgrade error: {}", e);
+                            }
+                        }
+                    });
+
+                    // Return 200 Connection Established
+                    return Ok(Response::builder()
+                        .status(StatusCode::OK)
+                        .body(Full::new(Bytes::new()).map_err(|e| match e {}).boxed())?);
+                }
+                Ok(Err(e)) => {
+                    error!(
+                        "CONNECT {}@{}{} 502 ({})",
+                        host_header,
+                        tunnel_target,
+                        original_uri,
+                        e
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("FBIPROXY CONNECT ERROR")).map_err(|e| match e {}).boxed())?);
+                }
+                Err(_) => {
+                    error!(
+                        "CONNECT {}@{}{} 502 (connection timeout)",
+                        host_header,
+                        tunnel_target,
+                        original_uri
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("FBIPROXY CONNECT TIMEOUT")).map_err(|e| match e {}).boxed())?);
+                }
+            }
+        }
+
         // Handle WebSocket upgrade requests
         if hyper_tungstenite::is_upgrade_request(&req) {
             return self
@@ -180,15 +317,26 @@ impl FBIProxy {
         );
         let target_uri: Uri = target_url.parse()?;
 
+        // Convert incoming body to a format the client can use
+        let (mut parts, incoming_body) = req.into_parts();
+        let body = incoming_body.map_err(|e| e).boxed();
+
         // Update request URI and headers
-        *req.uri_mut() = target_uri;
-        req.headers_mut()
-            .insert(HOST, HeaderValue::from_str(&new_host)?);
+        parts.uri = target_uri;
+        parts.headers.insert(HOST, HeaderValue::from_str(&new_host)?);
         // Preserve content-encoding header to maintain compression
 
-        // Forward the request
-        match self.client.request(req).await {
-            Ok(response) => {
+        // Rebuild the request with the converted body
+        let new_req = Request::from_parts(parts, body);
+
+        // Forward the request with timeout
+        let request_result = timeout(
+            Duration::from_secs(3),
+            self.client.request(new_req)
+        ).await;
+
+        match request_result {
+            Ok(Ok(response)) => {
                 // Preserve content-encoding header in response to maintain compression
                 let status = response.status();
                 info!(
@@ -199,9 +347,12 @@ impl FBIProxy {
                     original_uri,
                     status.as_u16()
                 );
-                Ok(response)
+                // Convert the response body back to BoxBody
+                let (parts, body) = response.into_parts();
+                let boxed_body = body.map_err(|e| e).boxed();
+                Ok(Response::from_parts(parts, boxed_body))
             }
-            Err(e) => {
+            Ok(Err(e)) => {
                 error!(
                     "{} {}@{}{} 502 ({})",
                     method,
@@ -212,17 +363,29 @@ impl FBIProxy {
                 );
                 Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("FBIPROXY ERROR"))?)
+                    .body(Full::new(Bytes::from("FBIPROXY ERROR")).map_err(|e| match e {}).boxed())?)
+            }
+            Err(_) => {
+                error!(
+                    "{} {}@{}{} 502 (request timeout)",
+                    method,
+                    host_header,
+                    target_host,
+                    original_uri
+                );
+                Ok(Response::builder()
+                    .status(StatusCode::BAD_GATEWAY)
+                    .body(Full::new(Bytes::from("FBIPROXY TIMEOUT")).map_err(|e| match e {}).boxed())?)
             }
         }
     }
 
     async fn handle_websocket_upgrade(
         &self,
-        req: Request<Body>,
+        req: Request<Incoming>,
         target_host: &str,
         _new_host: &str, // Currently not used for WebSocket connections, but kept for consistency
-    ) -> Result<Response<Body>, BoxError> {
+    ) -> Result<Response<BoxBody>, BoxError> {
         let uri = req.uri().clone();
         let ws_url = format!(
             "ws://{}{}",
@@ -230,22 +393,23 @@ impl FBIProxy {
             uri.path_and_query().map(|pq| pq.as_str()).unwrap_or("/")
         );
 
-        // Upgrade the HTTP connection to WebSocket
-        let (response, websocket) = hyper_tungstenite::upgrade(req, None)?;
-
-        // Connect to upstream WebSocket
+        // Step 1: Connect to upstream WebSocket FIRST before upgrading client
+        // This ensures we can return proper errors if upstream is unavailable
         let (upstream_ws, _) = match connect_async(&ws_url).await {
             Ok(ws) => ws,
             Err(e) => {
-                error!("WS :ws:{} => :ws:{}{} 502 ({})", target_host, target_host, uri, e);
+                error!("WS :ws:{} => :ws:{}{} 502 (upstream connection failed: {})", target_host, target_host, uri, e);
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("WebSocket connection failed"))?);
+                    .body(Full::new(Bytes::from("WebSocket upstream unavailable")).map_err(|e| match e {}).boxed())?);
             }
         };
 
-        // Spawn task to handle WebSocket forwarding
-        // let ws_url_clone = ws_url.clone();
+        // Step 2: Now upgrade the HTTP connection to WebSocket
+        // Only do this after confirming upstream is available
+        let (response, websocket) = hyper_tungstenite::upgrade(req, None)?;
+
+        // Step 3: Spawn task to handle WebSocket forwarding
         tokio::spawn(async move {
             if let Err(e) = handle_websocket_forwarding(websocket, upstream_ws).await {
                 error!("WebSocket forwarding error: {}", e);
@@ -253,7 +417,9 @@ impl FBIProxy {
         });
 
         info!("WS :ws:{} => :ws:{}{} 101", target_host, target_host, uri);
-        Ok(response)
+        let (parts, body) = response.into_parts();
+        let boxed_body = body.map_err(|_: std::convert::Infallible| unreachable!()).boxed();
+        Ok(Response::from_parts(parts, boxed_body))
     }
 }
 
@@ -304,39 +470,27 @@ async fn handle_websocket_forwarding(
 }
 
 async fn handle_connection(
-    req: Request<Body>,
+    req: Request<Incoming>,
     proxy: Arc<FBIProxy>,
-) -> Result<Response<Body>, Infallible> {
+) -> Result<Response<BoxBody>, Infallible> {
     match proxy.handle_request(req).await {
         Ok(response) => Ok(response),
         Err(e) => {
             error!("Request handling error: {}", e);
             Ok(Response::builder()
                 .status(StatusCode::INTERNAL_SERVER_ERROR)
-                .body(Body::from("Internal Server Error"))
+                .body(Full::new(Bytes::from("Internal Server Error")).map_err(|e| match e {}).boxed())
                 .unwrap())
         }
     }
 }
 
-pub async fn start_proxy_server(port: u16) -> Result<(), BoxError> {
-    start_proxy_server_with_options("127.0.0.1", port, None).await
-}
-
-pub async fn start_proxy_server_with_host(host: &str, port: u16) -> Result<(), BoxError> {
-    start_proxy_server_with_options(host, port, None).await
-}
-
-pub async fn start_proxy_server_with_options(host: &str, port: u16, domain_filter: Option<String>) -> Result<(), BoxError> {
+pub async fn start_proxy_server(host: Option<&str>, port: u16, domain_filter: Option<String>) -> Result<(), BoxError> {
+    let host = host.unwrap_or("127.0.0.1");
     let addr: SocketAddr = format!("{}:{}", host, port).parse()?;
     let proxy = Arc::new(FBIProxy::new(domain_filter.clone()));
 
-    let make_svc = make_service_fn(move |_conn: &hyper::server::conn::AddrStream| {
-        let proxy = proxy.clone();
-        async move { Ok::<_, Infallible>(service_fn(move |req| handle_connection(req, proxy.clone()))) }
-    });
-
-    let server = Server::bind(&addr).serve(make_svc);
+    let listener = TcpListener::bind(addr).await?;
 
     info!("FBI Proxy server running on http://{}", addr);
     println!("FBI Proxy listening on: http://{}", addr);
@@ -350,11 +504,25 @@ pub async fn start_proxy_server_with_options(host: &str, port: u16, domain_filte
 
     info!("Features: HTTP proxying + WebSocket forwarding + Port encoding + Domain filtering");
 
-    if let Err(e) = server.await {
-        error!("Server error: {}", e);
-    }
+    loop {
+        let (stream, _) = listener.accept().await?;
+        let io = TokioIo::new(stream);
+        let proxy = proxy.clone();
 
-    Ok(())
+        tokio::task::spawn(async move {
+            let service = service_fn(move |req| handle_connection(req, proxy.clone()));
+
+            if let Err(err) = http1::Builder::new()
+                .preserve_header_case(true)
+                .title_case_headers(true)
+                .serve_connection(io, service)
+                .with_upgrades()
+                .await
+            {
+                error!("Error serving connection: {:?}", err);
+            }
+        });
+    }
 }
 
 fn main() {
@@ -453,7 +621,7 @@ TRY RUN:
             "Starting FBI-Proxy on {}:{} with domain filter: {:?}",
             host, port, domain_filter
         );
-        if let Err(e) = start_proxy_server_with_options(host, port, domain_filter).await {
+        if let Err(e) = start_proxy_server(Some(host), port, domain_filter).await {
             error!("Failed to start proxy server: {}", e);
         }
     });

package/ts/cli.ts

@@ -21,7 +21,8 @@ await yargs(hideBin(process.argv))
 
 console.log("Preparing Binaries");
 
-const FBIPROXY_PORT = String(await getPort({ port: 2432 }));
+const FBI_PROXY_PORT =
+  process.env.FBI_PROXY_PORT || String(await getPort({ port: 2432 }));
 
 const proxyProcess = await hotMemo(async () => {
   const proxy = await getFbiProxyBinary();
@@ -29,7 +30,7 @@ const proxyProcess = await hotMemo(async () => {
   const p = $.opt({
     env: {
       ...process.env,
-      FBIPROXY_PORT, // Rust proxy server port
+      FBI_PROXY_PORT, // Rust proxy server port
     },
   })`${proxy}`.process;
 
@@ -42,7 +43,7 @@ const proxyProcess = await hotMemo(async () => {
 
 console.log("All services started successfully!");
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
+console.log(`Proxy server running on port: ${FBI_PROXY_PORT}`);
 
 const exit = () => {
   console.log("Shutting down...");