pac-proxy-cli 0.1.6 → 1.0.0

package/lib/system-proxy.js

@@ -0,0 +1,264 @@
+/**
+ * 跨平台设置/清除系统代理（macOS、Windows、Linux）
+ * 需在用户环境下运行；Linux 仅支持 GNOME（gsettings）
+ * 含参数校验、安全转义、逐项检查与兜底容错
+ */
+import { execSync } from 'child_process';
+
+const isWindows = process.platform === 'win32';
+const isMac = process.platform === 'darwin';
+const isLinux = process.platform === 'linux';
+
+const EXEC_TIMEOUT = 12000;
+
+function exec(cmd, opts = {}) {
+  try {
+    const out = execSync(cmd, {
+      encoding: 'utf8',
+      stdio: opts.stdio ?? 'pipe',
+      timeout: opts.timeout ?? EXEC_TIMEOUT,
+      windowsHide: isWindows,
+      ...opts,
+    });
+    return opts.returnOutput ? (out || '').trim() : true;
+  } catch (e) {
+    if (opts.throw) throw e;
+    return opts.returnOutput ? '' : false;
+  }
+}
+
+/** 校验并规范化 host：仅允许 hostname 或 IP，防止注入 */
+function normalizeHost(host) {
+  const h = String(host || '127.0.0.1').trim();
+  if (!h || h.length > 253) return null;
+  if (/[\s\r\n\t'"\\;|&$`<>]/.test(h)) return null;
+  return h;
+}
+
+/** 校验端口 1-65535 */
+function normalizePort(port) {
+  const p = Number(port);
+  if (!Number.isInteger(p) || p < 1 || p > 65535) return 5175;
+  return p;
+}
+
+/** 校验 PAC URL：允许 http(s) URL，防止注入 */
+function normalizePacUrl(url) {
+  const u = String(url || '').trim();
+  if (!u) return '';
+  if (!/^https?:\/\//i.test(u) || u.length > 2048) return '';
+  if (/[\r\n\t'"\\]/.test(u)) return '';
+  return u;
+}
+
+/** Windows: 转义注册表 REG_SZ 的值（用于 reg add /d "value"） */
+function escapeRegSzValue(str) {
+  return String(str)
+    .replace(/\\/g, '\\\\')
+    .replace(/"/g, '\\"');
+}
+
+/** Linux: 转义单引号 shell 字面（'...' 内的 ' 变为 '\''） */
+function escapeShellSingleQuoted(str) {
+  return String(str).replace(/'/g, "'\\''");
+}
+
+// ---------- macOS ----------
+const MAC_NETWORKSETUP = '/usr/sbin/networksetup';
+
+function execSudo(cmd) {
+  return exec(`sudo -n ${cmd}`, { stdio: 'pipe', throw: false });
+}
+
+function getMacNetworkServices() {
+  const out = exec(`${MAC_NETWORKSETUP} -listallnetworkservices`, { returnOutput: true });
+  if (!out) return ['Wi-Fi'];
+  const lines = out.split('\n').map((s) => s.trim()).filter(Boolean);
+  const services = [];
+  const skip = 'An asterisk (*) denotes that a network service is disabled';
+  for (const line of lines) {
+    if (line.startsWith('*') || line === skip) continue;
+    const name = line.replace(/^\*\s*/, '').trim();
+    if (!name) continue;
+    const enabledOut = exec(`${MAC_NETWORKSETUP} -getnetworkserviceenabled "${name}"`, { returnOutput: true });
+    if ((String(enabledOut)).toLowerCase().includes('enabled')) services.push(name);
+  }
+  return services.length ? services : ['Wi-Fi'];
+}
+
+// ---------- Windows ----------
+const WIN_REG_KEY = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings';
+
+function winRegAdd(valueName, type, data) {
+  const escaped = type === 'REG_SZ' ? escapeRegSzValue(data) : String(data);
+  const part = type === 'REG_DWORD' ? ` /d ${escaped}` : ` /d "${escaped}"`;
+  return exec(`reg add "${WIN_REG_KEY}" /v ${valueName} /t ${type} ${part} /f`, { throw: false });
+}
+
+function winRegDelete(valueName) {
+  return exec(`reg delete "${WIN_REG_KEY}" /v ${valueName} /f`, { throw: false });
+}
+
+// ---------- Linux ----------
+function linuxGsettingsAvailable() {
+  const out = exec('gsettings list-schemas', { returnOutput: true, throw: false });
+  return out && out.includes('org.gnome.system.proxy');
+}
+
+function linuxGset(schema, key, value) {
+  const val = typeof value === 'number' ? value : `'${escapeShellSingleQuoted(String(value))}'`;
+  return exec(`gsettings set ${schema} ${key} ${val}`, { throw: false });
+}
+
+/**
+ * 设置系统代理
+ * @param {string} host - 如 '127.0.0.1'
+ * @param {number} port - 如 5175
+ * @param {{ mode?: 'global'|'pac', pacUrl?: string }} [options]
+ * @returns {{ ok: boolean, error?: string }}
+ */
+export function setSystemProxy(host, port, options = {}) {
+  try {
+    const h = normalizeHost(host);
+    const p = normalizePort(port);
+    const mode = options.mode === 'global' ? 'global' : 'pac';
+    const pacUrl = normalizePacUrl(options.pacUrl || '');
+
+    if (h === null) {
+      return { ok: false, error: '代理地址无效或包含非法字符' };
+    }
+
+    if (isMac) {
+      const services = getMacNetworkServices();
+      const run = (cmd) => exec(`${MAC_NETWORKSETUP} ${cmd}`) || execSudo(`${MAC_NETWORKSETUP} ${cmd}`);
+      let anyOk = false;
+      for (const service of services) {
+        try {
+          if (mode === 'pac' && pacUrl) {
+            const setUrl = run(`-setautoproxyurl "${service}" "${pacUrl}"`);
+            const setOn = run(`-setautoproxystate "${service}" on`);
+            const offWeb = run(`-setwebproxystate "${service}" off`) && run(`-setsecurewebproxystate "${service}" off`);
+            if (setUrl && setOn && offWeb) anyOk = true;
+          } else {
+            const setAddr = run(`-setwebproxy "${service}" ${h} ${p}`) && run(`-setsecurewebproxy "${service}" ${h} ${p}`);
+            const setOn = run(`-setwebproxystate "${service}" on`) && run(`-setsecurewebproxystate "${service}" on`);
+            const offAuto = run(`-setautoproxystate "${service}" off`);
+            if (setAddr && setOn && offAuto) anyOk = true;
+          }
+        } catch (_) {
+          // 单个服务失败继续尝试其他
+        }
+      }
+      if (!anyOk) {
+        return {
+          ok: false,
+          error: 'macOS 修改系统代理需要管理员权限。请运行: sudo visudo -f /etc/sudoers.d/pac-proxy ，添加: ' + (process.env.USER || '你的用户名') + ' ALL=(ALL) NOPASSWD: ' + MAC_NETWORKSETUP + ' ，保存后重试。或手动在 系统设置 → 网络 → 代理 中设置。',
+        };
+      }
+      return { ok: true };
+    }
+
+    if (isWindows) {
+      if (mode === 'pac' && pacUrl) {
+        winRegAdd('ProxyEnable', 'REG_DWORD', 0);
+        winRegAdd('ProxyServer', 'REG_SZ', '');
+        const autoOk = winRegAdd('AutoConfigURL', 'REG_SZ', pacUrl);
+        if (!autoOk) {
+          return { ok: false, error: '注册表 AutoConfigURL 写入失败，请以当前用户重试或手动在 设置 → 网络和 Internet → 代理 中配置 PAC 地址。' };
+        }
+        return { ok: true };
+      }
+      winRegDelete('AutoConfigURL');
+      const enableOk = winRegAdd('ProxyEnable', 'REG_DWORD', 1);
+      const serverOk = winRegAdd('ProxyServer', 'REG_SZ', `${h}:${p}`);
+      if (!enableOk || !serverOk) {
+        return { ok: false, error: '注册表代理设置写入失败，请以当前用户重试或手动在 设置 → 网络和 Internet → 代理 中配置。' };
+      }
+      return { ok: true };
+    }
+
+    if (isLinux) {
+      if (!linuxGsettingsAvailable()) {
+        return { ok: false, error: '未检测到 GNOME 桌面环境（gsettings）。当前仅支持 GNOME；若使用 KDE/XFCE 等请手动在系统设置中配置代理。' };
+      }
+      if (mode === 'pac' && pacUrl) {
+        const modeOk = linuxGset('org.gnome.system.proxy', 'mode', 'auto');
+        if (!modeOk) return { ok: false, error: 'gsettings 设置 mode 失败，请确保在图形会话中运行（DISPLAY/DBUS 已设置）。' };
+        linuxGset('org.gnome.system.proxy', 'autoconfig-url', pacUrl);
+        return { ok: true };
+      }
+      const manualOk = linuxGset('org.gnome.system.proxy', 'mode', 'manual');
+      if (!manualOk) return { ok: false, error: 'gsettings 设置 mode 失败，请确保在图形会话中运行（DISPLAY/DBUS 已设置）。' };
+      linuxGset('org.gnome.system.proxy', 'autoconfig-url', '');
+      linuxGset('org.gnome.system.proxy.http', 'host', h);
+      linuxGset('org.gnome.system.proxy.http', 'port', p);
+      linuxGset('org.gnome.system.proxy.https', 'host', h);
+      linuxGset('org.gnome.system.proxy.https', 'port', p);
+      return { ok: true };
+    }
+
+    return { ok: false, error: '不支持的平台: ' + process.platform };
+  } catch (e) {
+    return { ok: false, error: (e && e.message) ? e.message : '设置系统代理时发生未知错误' };
+  }
+}
+
+/**
+ * 清除系统代理（同时清除手动代理与 PAC）
+ * @returns {{ ok: boolean, error?: string }}
+ */
+export function clearSystemProxy() {
+  try {
+    if (isMac) {
+      const services = getMacNetworkServices();
+      const run = (cmd) => exec(`${MAC_NETWORKSETUP} ${cmd}`) || execSudo(`${MAC_NETWORKSETUP} ${cmd}`);
+      let anyOk = false;
+      for (const service of services) {
+        try {
+          const offWeb = run(`-setwebproxystate "${service}" off`) && run(`-setsecurewebproxystate "${service}" off`);
+          const offAuto = run(`-setautoproxystate "${service}" off`);
+          const clearUrl = run(`-setautoproxyurl "${service}" ""`);
+          if (offWeb && offAuto && clearUrl) anyOk = true;
+        } catch (_) {}
+      }
+      if (!anyOk) {
+        return { ok: false, error: '关闭系统代理可能需要管理员权限（配置 sudo 免密后重试），或手动在 系统设置 → 网络 → 代理 中关闭。' };
+      }
+      return { ok: true };
+    }
+
+    if (isWindows) {
+      const enableOk = winRegAdd('ProxyEnable', 'REG_DWORD', 0);
+      winRegDelete('AutoConfigURL');
+      winRegAdd('ProxyServer', 'REG_SZ', '');
+      if (!enableOk) {
+        return { ok: false, error: '注册表 ProxyEnable 清除失败，请手动在 设置 → 网络和 Internet → 代理 中关闭代理。' };
+      }
+      return { ok: true };
+    }
+
+    if (isLinux) {
+      if (!linuxGsettingsAvailable()) {
+        return { ok: false, error: '未检测到 GNOME（gsettings），无法自动清除。请手动在系统设置中关闭代理。' };
+      }
+      linuxGset('org.gnome.system.proxy', 'autoconfig-url', '');
+      linuxGset('org.gnome.system.proxy.http', 'host', '');
+      linuxGset('org.gnome.system.proxy.http', 'port', 0);
+      linuxGset('org.gnome.system.proxy.https', 'host', '');
+      linuxGset('org.gnome.system.proxy.https', 'port', 0);
+      const ok = linuxGset('org.gnome.system.proxy', 'mode', 'none');
+      return ok ? { ok: true } : { ok: false, error: 'gsettings 设置 mode 为 none 失败，请手动在系统设置中关闭代理。' };
+    }
+
+    return { ok: false, error: '不支持的平台: ' + process.platform };
+  } catch (e) {
+    return { ok: false, error: (e && e.message) ? e.message : '清除系统代理时发生未知错误' };
+  }
+}
+
+export function getPlatform() {
+  if (isMac) return 'darwin';
+  if (isWindows) return 'win32';
+  if (isLinux) return 'linux';
+  return process.platform;
+}

package/lib/traffic-log.js

@@ -0,0 +1,14 @@
+const MAX_RECORDS = 500;
+const records = [];
+
+export function pushRecord(entry) {
+  records.unshift({
+    time: Date.now(),
+    ...entry,
+  });
+  if (records.length > MAX_RECORDS) records.length = MAX_RECORDS;
+}
+
+export function getRecords() {
+  return [...records];
+}

package/package.json

@@ -1,28 +1,50 @@
 {
   "name": "pac-proxy-cli",
-  "version": "0.1.6",
-  "description": "HTTP 代理与隧道 CLI + Web 管理面板",
+  "version": "1.0.0",
+  "description": "node pac proxy and web control panel",
   "type": "module",
+  "main": "lib/index.js",
+  "bin": {
+    "pac-proxy": "bin/cli.js"
+  },
   "files": [
     "bin",
-    "src",
-    "public",
-    "README.md",
+    "lib",
+    "dist",
     ".env"
   ],
-  "bin": {
-    "pac-proxy": "./bin/proxy.js"
-  },
   "scripts": {
-    "start": "node bin/proxy.js start",
-    "panel": "node bin/proxy.js panel"
+    "dev": "node lib/index.js serve --port 5174",
+    "build": "vite build",
+    "prepublishOnly": "pnpm run build"
   },
   "dependencies": {
     "commander": "^12.0.0",
-    "dotenv": "^16.6.1",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
     "express": "^4.21.0",
-    "open": "^10.0.0",
-    "proxy": "^2.2.0",
-    "socks": "^2.8.0"
-  }
+    "get-port-please": "^3.0.0",
+    "http-mitm-proxy": "^1.1.0",
+    "https-proxy-agent": "^7.0.0",
+    "socks": "^2.8.0",
+    "socks-proxy-agent": "^8.0.0",
+    "vue-router": "^4.2.0"
+  },
+  "devDependencies": {
+    "@vitejs/plugin-vue": "^5.0.0",
+    "vite": "^5.4.0",
+    "vue": "^3.4.0",
+    "vue-router": "^4.2.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "proxy",
+    "pac",
+    "cli",
+    "socks5",
+    "http-proxy"
+  ],
+  "license": "MIT"
 }

package/bin/proxy.js

@@ -1,30 +0,0 @@
-#!/usr/bin/env node
-
-import 'dotenv/config';
-import { program } from 'commander';
-import { startProxyAndPanel } from '../src/cli/start.js';
-import { panelOnly } from '../src/cli/panel.js';
-
-program
-  .name('proxy')
-  .description('HTTP 代理与隧道 - CLI')
-  .version('0.1.0');
-
-program
-  .command('start')
-  .description('启动 HTTP 代理 + Web 管理面板（上游为本地 SOCKS5 或远程 Server）')
-  .option('-p, --port <number>', 'HTTP 代理端口', '3893')
-  .option('--panel-port <number>', 'Web 面板端口', '3892')
-  .option('-s, --socks <host:port>', '上游 SOCKS5 地址，如 127.0.0.1:1080（与远程服务器二选一）')
-  .option('--server [url]', '上游远程代理服务器地址；可为空，为空时使用默认的上游远程服务器地址')
-  .option('--no-open', '不自动打开浏览器')
-  .action(startProxyAndPanel);
-
-program
-  .command('panel')
-  .description('仅启动 Web 管理面板（不启动代理）')
-  .option('-p, --port <number>', '面板端口', '3892')
-  .option('--no-open', '不自动打开浏览器')
-  .action(panelOnly);
-
-program.parse();