mtproto-checker 0.0.1 → 0.1.1

package/README.md

@@ -42,8 +42,36 @@ Optional, if you want the `check-proxies` command available locally:
 npm link
 ```
 
+### GitHub Packages
+
+This project can also be published to GitHub Packages as
+`@tar4s/mtproto-checker`. GitHub's npm registry requires scoped package names,
+so the GitHub Packages workflow applies that scoped name during publishing.
+
+To install from GitHub Packages:
+
+```bash
+npm config set @tar4s:registry https://npm.pkg.github.com
+npm install @tar4s/mtproto-checker
+```
+
+Private packages require authentication with a GitHub personal access token that
+has `read:packages`.
+
 ## Quick Start
 
+Start the HTTP API server:
+
+```bash
+TG_API_ID=12345 \
+TG_API_HASH=abcdef \
+CHECK_AUTH_USER=admin \
+CHECK_AUTH_PASSWORD=secret \
+node check.js
+```
+
+By default it listens on port `3080`. Override it with `PORT`.
+
 Check URLs listed in `urls.txt`:
 
 ```bash
@@ -62,11 +90,25 @@ With `npm link`:
 TG_API_ID=12345 TG_API_HASH=abcdef check-proxies --sources urls.txt
 ```
 
+Check one proxy link directly:
+
+```bash
+TG_API_ID=12345 TG_API_HASH=abcdef node check.js \
+  --proxy 'tg://proxy?server=quackton.life&port=443&secret=7mX8dVOh9cqLULccAVs4ciR5YW5kZXgucnU'
+```
+
 ## Input Sources
 
 You can provide proxies in several ways.
 
-### 1. Source URL File
+### 1. Direct Proxy Link
+
+```bash
+TG_API_ID=12345 TG_API_HASH=abcdef node check.js \
+  --proxy 'https://t.me/proxy?server=1.2.3.4&port=443&secret=...'
+```
+
+### 2. Source URL File
 
 `urls.txt` contains one remote text-list URL per line:
 
@@ -81,7 +123,7 @@ Run:
 TG_API_ID=12345 TG_API_HASH=abcdef node check.js --sources urls.txt
 ```
 
-### 2. One Or More Remote URLs
+### 3. One Or More Remote URLs
 
 ```bash
 TG_API_ID=12345 TG_API_HASH=abcdef node check.js \
@@ -95,13 +137,13 @@ Positional HTTP URLs also work:
 TG_API_ID=12345 TG_API_HASH=abcdef node check.js https://example.com/proxies.txt
 ```
 
-### 3. Local Proxy File
+### 4. Local Proxy File
 
 ```bash
 TG_API_ID=12345 TG_API_HASH=abcdef node check.js proxies.txt
 ```
 
-### 4. stdin
+### 5. stdin
 
 ```bash
 cat proxies.txt | TG_API_ID=12345 TG_API_HASH=abcdef node check.js
@@ -114,6 +156,7 @@ Input files may contain blank lines and `#` comments.
 | Option | Default | Description |
 | --- | ---: | --- |
 | `--url <url>` | none | Add a remote proxy-list URL. Can be repeated. |
+| `--proxy <link>` | none | Check one `tg://proxy` or `https://t.me/proxy` link directly. |
 | `--sources <file>` | none | Read remote source URLs from a file, one URL per line. |
 | `--dc <1-5>` | `2` | Telegram data center ID used for `testProxy`. |
 | `--timeout <sec>` | `10` | Per-proxy TDLib timeout in seconds. Decimals are allowed. |
@@ -127,6 +170,64 @@ Environment variables:
 | --- | --- | --- |
 | `TG_API_ID` | yes | Telegram API ID from `my.telegram.org`. |
 | `TG_API_HASH` | yes | Telegram API hash from `my.telegram.org`. |
+| `CHECK_AUTH_USER` | HTTP server only | Basic auth username. |
+| `CHECK_AUTH_PASSWORD` | HTTP server only | Basic auth password. |
+| `PORT` | no | HTTP server port. Defaults to `3080`. |
+
+## HTTP API
+
+Running `node check.js` without CLI arguments starts the HTTP server. The server
+requires Basic auth and exposes one endpoint:
+
+```http
+POST /check
+Content-Type: application/json
+Authorization: Basic ...
+
+{ "url": "https://example.com/proxies.txt" }
+```
+
+The `url` field accepts either a remote `http(s)` proxy list or one direct
+`tg://proxy` / `https://t.me/proxy` link.
+
+Example:
+
+```bash
+curl -u admin:secret \
+  -H 'content-type: application/json' \
+  -d '{"url":"https://example.com/proxies.txt"}' \
+  http://127.0.0.1:3080/check
+```
+
+Direct proxy link example:
+
+```bash
+curl -u admin:secret \
+  -H 'content-type: application/json' \
+  -d '{"url":"tg://proxy?server=quackton.life&port=443&secret=7mX8dVOh9cqLULccAVs4ciR5YW5kZXgucnU"}' \
+  http://127.0.0.1:3080/check
+```
+
+Response:
+
+```json
+{
+  "url": "https://example.com/proxies.txt",
+  "count": 1,
+  "working": 1,
+  "results": [
+    {
+      "server": "1.2.3.4",
+      "port": 443,
+      "sni": "example.com",
+      "ok": true,
+      "ms": 841,
+      "error": null,
+      "link": "tg://proxy?server=1.2.3.4&port=443&secret=..."
+    }
+  ]
+}
+```
 
 ## Output
 

package/check.js

@@ -18,15 +18,19 @@
  * result de-duplicated (by server+port+secret) via a Set.
  *
  * CLI usage:
+ *   TG_API_ID=12345 TG_API_HASH=abcdef CHECK_AUTH_USER=admin CHECK_AUTH_PASSWORD=secret node check.js
+ *   # starts the HTTP API server on PORT (default 3080)
  *   TG_API_ID=12345 TG_API_HASH=abcdef... node check.js [sources] [options]
  *   # sources: any positional http(s) URL, a local file path, or stdin
  *   node check.js https://raw.githubusercontent.com/u/r/main/list.txt
  *   node check.js --url URL1 --url URL2
+ *   node check.js --proxy "tg://proxy?server=...&port=443&secret=..."
  *   node check.js --sources urls.txt           # file with one URL per line
  *   cat proxies.txt | node check.js
  *
  * Options:
  *   --url <url>         add a source URL (repeatable)
+ *   --proxy <link>      check one proxy link directly
  *   --sources <file>    file containing source URLs (one per line, # comments ok)
  *   --dc <1-5>          data center id to test against (default 2)
  *   --timeout <sec>     per-proxy TDLib timeout in seconds (default 10)
@@ -43,7 +47,9 @@
  */
 
 const fs = require('fs')
+const http = require('http')
 const path = require('path')
+const crypto = require('crypto')
 const tdl = require('tdl')
 const { getTdjson } = require('prebuilt-tdlib')
 
@@ -65,10 +71,10 @@ function configureTdlibOnce(state = tdlibConfigState, configure = tdl.configure,
 /**
  * Parse argv into an options object, collecting source URLs and/or a file path.
  * @param {string[]} argv - process.argv.slice(2)
- * @returns {{file: string|null, urls: string[], sourcesFile: string|null, dc: number, timeout: number, concurrency: number, out: string, iterations: number}}
+ * @returns {{file: string|null, urls: string[], proxy: string|null, sourcesFile: string|null, dc: number, timeout: number, concurrency: number, out: string, iterations: number}}
  */
 function parseArgs(argv) {
-  const opts = { file: null, urls: [], sourcesFile: null, dc: 2, timeout: 10, concurrency: 30, out: 'result', iterations: 1 }
+  const opts = { file: null, urls: [], proxy: null, sourcesFile: null, dc: 2, timeout: 10, concurrency: 30, out: 'result', iterations: 1 }
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i]
     if (a === '--dc') opts.dc = parseInt(argv[++i], 10)
@@ -77,6 +83,7 @@ function parseArgs(argv) {
     else if (a === '--out') opts.out = argv[++i]
     else if (a === '--iterations') opts.iterations = parseInt(argv[++i], 10)
     else if (a === '--url') opts.urls.push(argv[++i])
+    else if (a === '--proxy') opts.proxy = argv[++i]
     else if (a === '--sources') opts.sourcesFile = argv[++i]
     else if (/^https?:\/\//i.test(a)) opts.urls.push(a)
     else if (!a.startsWith('--')) opts.file = a
@@ -384,6 +391,233 @@ async function checkProxiesFromUrls(urls, opts) {
   return checkProxies(proxies, opts)
 }
 
+async function checkSingleUrl(url, opts) {
+  const directProxy = parseLink(url)
+  if (directProxy) {
+    const checker = opts.checker || checkProxies
+    return checker([directProxy], opts)
+  }
+
+  let parsed
+  try {
+    parsed = new URL(url)
+  } catch {
+    throw new Error('url must be a proxy link or an http or https URL')
+  }
+  if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+    throw new Error('url must be a proxy link or an http or https URL')
+  }
+
+  const fetcher = opts.fetcher || fetchText
+  const checker = opts.checker || checkProxies
+  const text = await fetcher(url)
+  const proxies = mergeProxies([text])
+  return checker(proxies, opts)
+}
+
+async function resolveInputProxies(opts, deps = {}) {
+  const readFile = deps.readFile || (file => fs.readFileSync(file, 'utf8'))
+  const readInputFn = deps.readInput || readInput
+  const loadFromUrls = deps.loadFromUrls || loadProxiesFromUrls
+
+  if (opts.proxy) {
+    const proxy = parseLink(opts.proxy)
+    return proxy ? [proxy] : []
+  }
+
+  if (opts.sourcesFile) {
+    const text = readFile(opts.sourcesFile)
+    for (const rawLine of text.split(/\r?\n/)) {
+      const line = rawLine.split('#')[0].trim()
+      if (line) opts.urls.push(line)
+    }
+  }
+
+  if (opts.urls.length > 0) {
+    console.error(`Fetching ${opts.urls.length} source URL(s)...`)
+    return loadFromUrls(opts.urls)
+  }
+
+  const input = await readInputFn(opts.file)
+  return mergeProxies([input])
+}
+
+function toReport(results) {
+  return results.map(c => ({
+    server: c.proxy ? c.proxy.server : c.server,
+    port: c.proxy ? c.proxy.port : c.port,
+    sni: c.proxy ? c.proxy.sni : c.sni,
+    ok: c.ok,
+    ms: c.ms,
+    error: c.error,
+    link: c.proxy ? c.proxy.raw : c.link
+  }))
+}
+
+function jsonResponse(res, statusCode, body, headers = {}) {
+  const payload = JSON.stringify(body, null, 2)
+  res.writeHead(statusCode, {
+    'content-type': 'application/json; charset=utf-8',
+    'content-length': Buffer.byteLength(payload),
+    ...headers
+  })
+  res.end(payload)
+}
+
+function safeEqual(a, b) {
+  const left = Buffer.from(a)
+  const right = Buffer.from(b)
+  return left.length === right.length && crypto.timingSafeEqual(left, right)
+}
+
+function isAuthorized(req, auth) {
+  const header = req.headers.authorization
+  if (!header || !header.startsWith('Basic ')) return false
+
+  let decoded
+  try {
+    decoded = Buffer.from(header.slice(6), 'base64').toString('utf8')
+  } catch {
+    return false
+  }
+
+  const separator = decoded.indexOf(':')
+  if (separator === -1) return false
+  const user = decoded.slice(0, separator)
+  const password = decoded.slice(separator + 1)
+  return safeEqual(user, auth.user) && safeEqual(password, auth.password)
+}
+
+function readJsonBody(req, limitBytes = 1024 * 1024) {
+  return new Promise((resolve, reject) => {
+    let size = 0
+    let raw = ''
+    req.setEncoding('utf8')
+    req.on('data', chunk => {
+      size += Buffer.byteLength(chunk)
+      if (size > limitBytes) {
+        reject(Object.assign(new Error('Request body too large'), { statusCode: 413 }))
+        req.destroy()
+        return
+      }
+      raw += chunk
+    })
+    req.on('end', () => {
+      try {
+        resolve(raw ? JSON.parse(raw) : {})
+      } catch {
+        reject(Object.assign(new Error('Invalid JSON body'), { statusCode: 400 }))
+      }
+    })
+    req.on('error', reject)
+  })
+}
+
+function logRequest(logger, req, statusCode, started) {
+  const ms = Date.now() - started
+  const forwarded = req.headers['x-forwarded-for']
+  const remote = Array.isArray(forwarded) ? forwarded[0] : forwarded || req.socket.remoteAddress || '-'
+  logger(`${req.id} ${remote} ${req.method} ${req.url} ${statusCode} ${ms}ms`)
+}
+
+function createServer({ auth, checkUrl, logger = console.error }) {
+  let nextRequestId = 0
+  const realm = 'Basic realm="mtproto-checker"'
+
+  return http.createServer(async (req, res) => {
+    const started = Date.now()
+    req.id = `req-${++nextRequestId}`
+    let statusCode = 500
+
+    try {
+      if (!isAuthorized(req, auth)) {
+        statusCode = 401
+        jsonResponse(res, statusCode, { error: 'Unauthorized' }, { 'www-authenticate': realm })
+        return
+      }
+
+      if (req.url !== '/check') {
+        statusCode = 404
+        jsonResponse(res, statusCode, { error: 'Not found' })
+        return
+      }
+
+      if (req.method !== 'POST') {
+        statusCode = 405
+        jsonResponse(res, statusCode, { error: 'Method not allowed' }, { allow: 'POST' })
+        return
+      }
+
+      const body = await readJsonBody(req)
+      if (!body || typeof body.url !== 'string' || body.url.trim() === '') {
+        statusCode = 400
+        jsonResponse(res, statusCode, { error: 'Request body must include url' })
+        return
+      }
+
+      const url = body.url.trim()
+      let results
+      try {
+        results = await checkUrl(url)
+      } catch (err) {
+        statusCode = 502
+        jsonResponse(res, statusCode, {
+          error: 'Failed to check url',
+          detail: err.message || String(err)
+        })
+        return
+      }
+      const report = toReport(results)
+      statusCode = 200
+      jsonResponse(res, statusCode, {
+        url,
+        count: report.length,
+        working: report.filter(item => item.ok).length,
+        results: report
+      })
+    } catch (err) {
+      statusCode = err.statusCode || 500
+      const message = statusCode === 500 ? 'Internal server error' : err.message
+      jsonResponse(res, statusCode, { error: message })
+      if (statusCode === 500) logger(`${req.id} error ${err.stack || err.message || err}`)
+    } finally {
+      logRequest(logger, req, statusCode, started)
+    }
+  })
+}
+
+function shouldStartServer(argv) {
+  return argv.length === 0
+}
+
+async function startServer(env = process.env) {
+  const apiId = parseInt(env.TG_API_ID, 10)
+  const apiHash = env.TG_API_HASH
+  const user = env.CHECK_AUTH_USER
+  const password = env.CHECK_AUTH_PASSWORD
+  const port = parseInt(env.PORT || '3080', 10)
+
+  if (!apiId || !apiHash) throw new Error('Set TG_API_ID and TG_API_HASH (get them at https://my.telegram.org).')
+  if (!user || !password) throw new Error('Set CHECK_AUTH_USER and CHECK_AUTH_PASSWORD for HTTP Basic auth.')
+  if (!Number.isInteger(port) || port < 1 || port > 65535) throw new Error('PORT must be a valid TCP port.')
+
+  const server = createServer({
+    auth: { user, password },
+    checkUrl: async url => checkSingleUrl(url, { apiId, apiHash })
+  })
+
+  await new Promise((resolve, reject) => {
+    server.once('error', reject)
+    server.listen(port, () => {
+      server.off('error', reject)
+      resolve()
+    })
+  })
+
+  console.error(`MTProto checker HTTP server listening on :${port}`)
+  return server
+}
+
 /**
  * CLI entry point: resolve sources (URLs / file / stdin), check, and write
  * `<out>.json` (full report) and `<out>.txt` (working links, fastest first).
@@ -398,23 +632,7 @@ async function main() {
     process.exit(1)
   }
 
-  // A --sources file contributes one URL per line (with # comments).
-  if (opts.sourcesFile) {
-    const text = fs.readFileSync(opts.sourcesFile, 'utf8')
-    for (const rawLine of text.split(/\r?\n/)) {
-      const line = rawLine.split('#')[0].trim()
-      if (line) opts.urls.push(line)
-    }
-  }
-
-  let proxies
-  if (opts.urls.length > 0) {
-    console.error(`Fetching ${opts.urls.length} source URL(s)...`)
-    proxies = await loadProxiesFromUrls(opts.urls)
-  } else {
-    const input = await readInput(opts.file)
-    proxies = mergeProxies([input])
-  }
+  const proxies = await resolveInputProxies(opts)
 
   if (proxies.length === 0) {
     console.error('No valid tg://proxy or t.me/proxy links found.')
@@ -463,9 +681,9 @@ async function main() {
   process.exit(0)
 }
 
-module.exports = { configureTdlibOnce, parseArgs, checkProxiesFromUrls, loadProxiesFromUrls, checkProxies, runIterativeChecks, mergeProxies, parseLink, normalizeSecret, faketlsSni }
+module.exports = { checkSingleUrl, configureTdlibOnce, createServer, parseArgs, resolveInputProxies, checkProxiesFromUrls, loadProxiesFromUrls, checkProxies, runIterativeChecks, mergeProxies, parseLink, normalizeSecret, faketlsSni, shouldStartServer, startServer }
 
-if (require.main === module) main().catch(err => {
+if (require.main === module) (shouldStartServer(process.argv.slice(2)) ? startServer() : main()).catch(err => {
   console.error(err)
   process.exit(1)
 })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mtproto-checker",
-  "version": "0.0.1",
+  "version": "0.1.1",
   "description": "Check Telegram MTProto proxies via a real TDLib handshake (testProxy), like tdesktop does",
   "repository": {
     "type": "git",