fbi-proxy 1.7.0 → 1.8.0

package/dist/cli.js

@@ -2365,14 +2365,14 @@ function usage(yargs, shim2) {
     const logger = yargs.getInternalMethods().getLoggerInstance();
     if (fails.length) {
       for (let i = fails.length - 1;i >= 0; --i) {
-        const fail = fails[i];
-        if (isBoolean(fail)) {
+        const fail2 = fails[i];
+        if (isBoolean(fail2)) {
           if (err)
             throw err;
           else if (msg)
             throw Error(msg);
         } else {
-          fail(msg, err, self);
+          fail2(msg, err, self);
         }
       }
     } else {
@@ -2429,7 +2429,7 @@ function usage(yargs, shim2) {
     examples.push([cmd, description || ""]);
   };
   let commands = [];
-  self.command = function command(cmd, description, isDefault, aliases, deprecated = false) {
+  self.command = function command2(cmd, description, isDefault, aliases, deprecated = false) {
     if (isDefault) {
       commands = commands.map((cmdArray) => {
         cmdArray[2] = false;
@@ -5009,6 +5009,8 @@ import { spawn } from "child_process";
 
 // node_modules/from-node-stream/dist/index.js
 function fromReadable(i) {
+  if (i instanceof ReadableStream)
+    return i;
   return new ReadableStream({
     start: (c) => {
       i.on("data", (data) => c.enqueue(data));
@@ -5232,14 +5234,14 @@ await yargs_default(hideBin(process.argv)).option("dev", {
   description: "Run in development mode"
 }).help().argv;
 console.log("Preparing Binaries");
-var FBIPROXY_PORT = String(await getPorts({ port: 2432 }));
+var FBI_PROXY_PORT = process.env.FBI_PROXY_PORT || String(await getPorts({ port: 2432 }));
 var proxyProcess = await hotMemo(async () => {
   const proxy = await getFbiProxyBinary();
   console.log("Starting Rust proxy server");
   const p = $2.opt({
     env: {
       ...process.env,
-      FBIPROXY_PORT
+      FBI_PROXY_PORT
     }
   })`${proxy}`.process;
   p.on("exit", (code) => {
@@ -5250,7 +5252,7 @@ var proxyProcess = await hotMemo(async () => {
 });
 console.log("All services started successfully!");
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
+console.log(`Proxy server running on port: ${FBI_PROXY_PORT}`);
 var exit = () => {
   console.log("Shutting down...");
   proxyProcess?.kill?.();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fbi-proxy",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing",
   "keywords": [
     "development-tools",
@@ -40,31 +40,46 @@
     "lint": "prettier --check .",
     "prepare": "husky",
     "start": "bun ts/cli.ts",
-    "start:rs": "./target/release/fbi-proxy"
+    "start:rs": "./target/release/fbi-proxy",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:e2e": "vitest run e2e",
+    "test:e2e:watch": "vitest e2e",
+    "test:coverage": "vitest run --coverage"
   },
   "dependencies": {
-    "execa": "^9.6.0",
-    "from-node-stream": "^0.1.0",
+    "execa": "^9.6.1",
+    "from-node-stream": "^0.1.2",
     "get-port": "^7.1.0",
     "hot-memo": "^1.1.1",
-    "sflow": "^1.24.5",
+    "sflow": "^1.27.0",
     "tsa-composer": "^1.0.0",
     "yargs": "^17.7.2"
   },
   "devDependencies": {
+    "@playwright/test": "^1.58.2",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/github": "^9.2.0",
+    "@semantic-release/github": "^9.2.6",
+    "@semantic-release/npm": "^13.1.3",
     "@types/bun": "latest",
     "@types/minimist": "^1.2.5",
+    "@types/ws": "^8.18.1",
+    "@vitest/ui": "^3.2.4",
     "husky": "^9.1.7",
-    "lint-staged": "^16.1.2",
-    "prettier": "^3.6.2",
-    "semantic-release": "^22.0.0",
-    "semantic-release-cargo": "^2.4.0"
+    "lint-staged": "^16.2.7",
+    "node-fetch": "^3.3.2",
+    "playwright": "^1.58.2",
+    "prettier": "^3.8.1",
+    "semantic-release": "^24.0.0",
+    "semantic-release-cargo": "^2.4.2",
+    "vite": "^7.3.1",
+    "vitest": "^3.2.4",
+    "ws": "^8.19.0"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=22.14.0"
   },
   "lint-staged": {
     "*.{ts,js}": [
@@ -74,5 +89,8 @@
       "bun --bun prettier --write"
     ]
   },
-  "trustedDependencies": []
+  "trustedDependencies": [],
+  "overrides": {
+    "@semantic-release/npm": "^13.1.3"
+  }
 }

package/rs/fbi-proxy.rs

@@ -5,7 +5,7 @@ use hyper::body::{Bytes, Incoming};
 use hyper::header::{HeaderValue, HOST};
 use hyper::server::conn::http1;
 use hyper::service::service_fn;
-use hyper::{Request, Response, StatusCode, Uri};
+use hyper::{Method, Request, Response, StatusCode, Uri};
 use hyper_tungstenite::{HyperWebsocket, WebSocketStream};
 use hyper_util::client::legacy::{Client, connect::HttpConnector};
 use hyper_util::rt::TokioIo;
@@ -14,7 +14,10 @@ use regex::Regex;
 use std::convert::Infallible;
 use std::net::SocketAddr;
 use std::sync::Arc;
-use tokio::net::TcpListener;
+use std::time::Duration;
+use tokio::net::{TcpListener, TcpStream};
+use tokio::time::timeout;
+use tokio::io::copy_bidirectional;
 use tokio_tungstenite::connect_async;
 
 type BoxError = Box<dyn std::error::Error + Send + Sync>;
@@ -58,7 +61,10 @@ for subdomains
 */
 impl FBIProxy {
     pub fn new(domain_filter: Option<String>) -> Self {
-        let connector = HttpConnector::new();
+        let mut connector = HttpConnector::new();
+        // Set connection timeout to 5 seconds to avoid hanging on invalid hosts
+        connector.set_connect_timeout(Some(Duration::from_secs(3)));
+
         let client = Client::builder(hyper_util::rt::TokioExecutor::new())
             .build(connector);
 
@@ -175,6 +181,126 @@ impl FBIProxy {
         let method = req.method().clone();
         let original_uri = req.uri().clone();
 
+        // Handle HTTP CONNECT tunneling (used by browsers for WebSocket/HTTPS through proxy)
+        if method == Method::CONNECT {
+            // For CONNECT, the URI contains the target authority (host:port)
+            // Parse the target from the URI
+            let connect_target = if let Some(authority) = req.uri().authority() {
+                authority.to_string()
+            } else {
+                // Fallback to parsed host
+                target_host.clone()
+            };
+
+            // Apply domain filtering to CONNECT target
+            let connect_host = connect_target.split(':').next().unwrap_or(&connect_target);
+            if let Some(ref domain) = self.domain_filter {
+                if !domain.is_empty() && !connect_host.ends_with(domain) {
+                    info!(
+                        "CONNECT {} => REJECTED{} 502",
+                        host_header,
+                        original_uri
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("Bad Gateway: Host not allowed")).map_err(|e| match e {}).boxed())?);
+                }
+            }
+
+            // Parse the connect target for routing
+            let tunnel_target = if let Some(ref domain) = self.domain_filter {
+                if !domain.is_empty() && connect_host.ends_with(domain) {
+                    // Strip domain and apply routing rules
+                    let prefix_len = connect_host.len() - domain.len();
+                    let stripped = if prefix_len > 0 && connect_host.chars().nth(prefix_len - 1) == Some('.') {
+                        &connect_host[..prefix_len - 1]
+                    } else if prefix_len == 0 {
+                        "localhost"
+                    } else {
+                        connect_host
+                    };
+
+                    // Apply number rule: if stripped is numeric, route to localhost:port
+                    if self.number_regex.is_match(stripped) {
+                        // Get the port from the connect target
+                        let _port = connect_target.split(':').nth(1).unwrap_or("80");
+                        format!("localhost:{}", stripped)
+                    } else {
+                        connect_target.clone()
+                    }
+                } else {
+                    connect_target.clone()
+                }
+            } else {
+                connect_target.clone()
+            };
+
+            info!(
+                "CONNECT {}@{}{} tunneling",
+                host_header,
+                tunnel_target,
+                original_uri
+            );
+
+            // Connect to upstream with timeout
+            let connect_result = timeout(
+                Duration::from_secs(3),
+                TcpStream::connect(&tunnel_target)
+            ).await;
+
+            match connect_result {
+                Ok(Ok(upstream)) => {
+                    // Spawn a task to handle the tunnel
+                    tokio::spawn(async move {
+                        // The upgrade happens after we return the response
+                        // We need to use hyper's upgrade mechanism
+                        match hyper::upgrade::on(req).await {
+                            Ok(upgraded) => {
+                                let mut upgraded = TokioIo::new(upgraded);
+                                let mut upstream = upstream;
+
+                                // Bidirectional copy
+                                if let Err(e) = copy_bidirectional(&mut upgraded, &mut upstream).await {
+                                    error!("Tunnel error: {}", e);
+                                }
+                            }
+                            Err(e) => {
+                                error!("Upgrade error: {}", e);
+                            }
+                        }
+                    });
+
+                    // Return 200 Connection Established
+                    return Ok(Response::builder()
+                        .status(StatusCode::OK)
+                        .body(Full::new(Bytes::new()).map_err(|e| match e {}).boxed())?);
+                }
+                Ok(Err(e)) => {
+                    error!(
+                        "CONNECT {}@{}{} 502 ({})",
+                        host_header,
+                        tunnel_target,
+                        original_uri,
+                        e
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("FBIPROXY CONNECT ERROR")).map_err(|e| match e {}).boxed())?);
+                }
+                Err(_) => {
+                    error!(
+                        "CONNECT {}@{}{} 502 (connection timeout)",
+                        host_header,
+                        tunnel_target,
+                        original_uri
+                    );
+                    return Ok(Response::builder()
+                        .status(StatusCode::BAD_GATEWAY)
+                        .body(Full::new(Bytes::from("FBIPROXY CONNECT TIMEOUT")).map_err(|e| match e {}).boxed())?);
+                }
+            }
+        }
+
         // Handle WebSocket upgrade requests
         if hyper_tungstenite::is_upgrade_request(&req) {
             return self
@@ -203,9 +329,14 @@ impl FBIProxy {
         // Rebuild the request with the converted body
         let new_req = Request::from_parts(parts, body);
 
-        // Forward the request
-        match self.client.request(new_req).await {
-            Ok(response) => {
+        // Forward the request with timeout
+        let request_result = timeout(
+            Duration::from_secs(3),
+            self.client.request(new_req)
+        ).await;
+
+        match request_result {
+            Ok(Ok(response)) => {
                 // Preserve content-encoding header in response to maintain compression
                 let status = response.status();
                 info!(
@@ -221,7 +352,7 @@ impl FBIProxy {
                 let boxed_body = body.map_err(|e| e).boxed();
                 Ok(Response::from_parts(parts, boxed_body))
             }
-            Err(e) => {
+            Ok(Err(e)) => {
                 error!(
                     "{} {}@{}{} 502 ({})",
                     method,
@@ -234,6 +365,18 @@ impl FBIProxy {
                     .status(StatusCode::BAD_GATEWAY)
                     .body(Full::new(Bytes::from("FBIPROXY ERROR")).map_err(|e| match e {}).boxed())?)
             }
+            Err(_) => {
+                error!(
+                    "{} {}@{}{} 502 (request timeout)",
+                    method,
+                    host_header,
+                    target_host,
+                    original_uri
+                );
+                Ok(Response::builder()
+                    .status(StatusCode::BAD_GATEWAY)
+                    .body(Full::new(Bytes::from("FBIPROXY TIMEOUT")).map_err(|e| match e {}).boxed())?)
+            }
         }
     }
 
@@ -250,22 +393,23 @@ impl FBIProxy {
             uri.path_and_query().map(|pq| pq.as_str()).unwrap_or("/")
         );
 
-        // Upgrade the HTTP connection to WebSocket
-        let (response, websocket) = hyper_tungstenite::upgrade(req, None)?;
-
-        // Connect to upstream WebSocket
+        // Step 1: Connect to upstream WebSocket FIRST before upgrading client
+        // This ensures we can return proper errors if upstream is unavailable
         let (upstream_ws, _) = match connect_async(&ws_url).await {
             Ok(ws) => ws,
             Err(e) => {
-                error!("WS :ws:{} => :ws:{}{} 502 ({})", target_host, target_host, uri, e);
+                error!("WS :ws:{} => :ws:{}{} 502 (upstream connection failed: {})", target_host, target_host, uri, e);
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Full::new(Bytes::from("WebSocket connection failed")).map_err(|e| match e {}).boxed())?);
+                    .body(Full::new(Bytes::from("WebSocket upstream unavailable")).map_err(|e| match e {}).boxed())?);
             }
         };
 
-        // Spawn task to handle WebSocket forwarding
-        // let ws_url_clone = ws_url.clone();
+        // Step 2: Now upgrade the HTTP connection to WebSocket
+        // Only do this after confirming upstream is available
+        let (response, websocket) = hyper_tungstenite::upgrade(req, None)?;
+
+        // Step 3: Spawn task to handle WebSocket forwarding
         tokio::spawn(async move {
             if let Err(e) = handle_websocket_forwarding(websocket, upstream_ws).await {
                 error!("WebSocket forwarding error: {}", e);

package/ts/cli.ts

@@ -21,7 +21,8 @@ await yargs(hideBin(process.argv))
 
 console.log("Preparing Binaries");
 
-const FBIPROXY_PORT = String(await getPort({ port: 2432 }));
+const FBI_PROXY_PORT =
+  process.env.FBI_PROXY_PORT || String(await getPort({ port: 2432 }));
 
 const proxyProcess = await hotMemo(async () => {
   const proxy = await getFbiProxyBinary();
@@ -29,7 +30,7 @@ const proxyProcess = await hotMemo(async () => {
   const p = $.opt({
     env: {
       ...process.env,
-      FBIPROXY_PORT, // Rust proxy server port
+      FBI_PROXY_PORT, // Rust proxy server port
     },
   })`${proxy}`.process;
 
@@ -42,7 +43,7 @@ const proxyProcess = await hotMemo(async () => {
 
 console.log("All services started successfully!");
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
+console.log(`Proxy server running on port: ${FBI_PROXY_PORT}`);
 
 const exit = () => {
   console.log("Shutting down...");