pac-proxy-cli 0.1.7 → 1.0.0

package/lib/proxy-server.js

@@ -0,0 +1,247 @@
+/**
+ * 统一代理服务：根据开关、全局/PAC 模式及 PAC 规则处理 HTTP/HTTPS 代理
+ */
+import http from 'http';
+import https from 'https';
+import net from 'net';
+import { URL } from 'url';
+import { SocksProxyAgent } from 'socks-proxy-agent';
+import { HttpsProxyAgent } from 'https-proxy-agent';
+import { SocksClient } from 'socks';
+import { getProxyConfig, getPacRules } from './local-store.js';
+import { getPacAction } from './pac-match.js';
+import { pushRecord } from './traffic-log.js';
+
+function createUpstreamAgent(upstream) {
+  const u = (upstream || '').trim();
+  if (!u) return null;
+  if (u.startsWith('socks5://') || u.startsWith('socks4://') || u.startsWith('socks://')) {
+    return new SocksProxyAgent(u);
+  }
+  if (u.startsWith('http://') || u.startsWith('https://')) {
+    return new HttpsProxyAgent(u);
+  }
+  return null;
+}
+
+/**
+ * 通过 socks 建立到 targetHost:targetPort 的 TCP 连接
+ */
+function connectViaSocks(upstream, targetHost, targetPort) {
+  const u = new URL(upstream);
+  const proxy = {
+    host: u.hostname,
+    port: parseInt(u.port || '1080', 10),
+    type: u.protocol === 'socks4:' ? 4 : 5,
+  };
+  return SocksClient.createConnection({
+    proxy,
+    command: 'connect',
+    destination: { host: targetHost, port: targetPort },
+  }).then((info) => info.socket);
+}
+
+/**
+ * 通过 HTTP 代理发送 CONNECT，返回与目标建立的 socket
+ */
+function connectViaHttpProxy(upstream, targetHost, targetPort) {
+  return new Promise((resolve, reject) => {
+    const u = new URL(upstream);
+    const proxyPort = parseInt(u.port || (u.protocol === 'https:' ? '443' : '80'), 10);
+    const socket = net.connect(proxyPort, u.hostname, () => {
+      const req = `CONNECT ${targetHost}:${targetPort} HTTP/1.1\r\nHost: ${targetHost}:${targetPort}\r\n\r\n`;
+      socket.write(req);
+    });
+    let buf = '';
+    const onData = (chunk) => {
+      buf += chunk.toString();
+      if (buf.includes('\r\n\r\n')) {
+        socket.removeListener('data', onData);
+        const code = parseInt(buf.split('\r\n')[0].split(' ')[1], 10);
+        if (code >= 200 && code < 300) resolve(socket);
+        else reject(new Error(`Proxy CONNECT failed: ${code}`));
+      }
+    };
+    socket.on('data', onData);
+    socket.on('error', reject);
+  });
+}
+
+/**
+ * 直连 targetHost:targetPort
+ */
+function connectDirect(targetHost, targetPort) {
+  return new Promise((resolve, reject) => {
+    const socket = net.connect(targetPort, targetHost, () => resolve(socket));
+    socket.on('error', reject);
+  });
+}
+
+export function createProxyServer() {
+  const server = http.createServer((req, res) => {
+    const config = getProxyConfig();
+    const rules = getPacRules();
+
+    if (!config.enabled) {
+      res.writeHead(403, { 'Content-Type': 'text/plain' });
+      res.end('Proxy is disabled');
+      return;
+    }
+
+    const targetUrl = req.url;
+    if (!targetUrl || targetUrl === '/') {
+      res.writeHead(400, { 'Content-Type': 'text/plain' });
+      res.end('Bad Request');
+      return;
+    }
+
+    let action = 'direct';
+    if (config.mode === 'global') {
+      action = config.upstream ? 'proxy' : 'direct';
+    } else {
+      action = getPacAction(targetUrl, rules);
+    }
+    pushRecord({ type: targetUrl.startsWith('https') ? 'https' : 'http', method: req.method, url: targetUrl, action });
+
+    const protocol = targetUrl.startsWith('https') ? https : http;
+    const opts = { method: req.method, headers: req.headers };
+
+    if (action === 'proxy' && config.upstream) {
+      const agent = createUpstreamAgent(config.upstream);
+      if (agent) opts.agent = agent;
+    }
+
+    res.on('error', () => proxyReq.destroy());
+    const proxyReq = protocol.request(targetUrl, opts, (proxyRes) => {
+      res.writeHead(proxyRes.statusCode || 200, proxyRes.headers);
+      proxyRes.pipe(res);
+      proxyRes.on('error', () => res.destroy());
+    });
+    proxyReq.on('error', (err) => {
+      if (!res.writableEnded) {
+        res.writeHead(502, { 'Content-Type': 'text/plain' });
+        res.end('Proxy Error: ' + err.message);
+      }
+    });
+    req.on('error', () => {
+      proxyReq.destroy();
+    });
+    req.pipe(proxyReq);
+  });
+
+  server.on('connect', (req, clientSocket, head) => {
+    const config = getProxyConfig();
+    const rules = getPacRules();
+
+    if (!config.enabled) {
+      clientSocket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
+      clientSocket.end();
+      return;
+    }
+
+    let targetSocketRef = null;
+    clientSocket.on('error', () => {
+      if (targetSocketRef) targetSocketRef.destroy();
+    });
+
+    const [targetHost, targetPortStr] = req.url.split(':');
+    const targetPort = parseInt(targetPortStr || '443', 10);
+    const urlForPac = req.url;
+
+    let action = 'direct';
+    if (config.mode === 'global') {
+      action = config.upstream ? 'proxy' : 'direct';
+    } else {
+      action = getPacAction(urlForPac, rules);
+    }
+    pushRecord({ type: 'https', method: 'CONNECT', url: req.url, action });
+
+    const onTargetSocket = (targetSocket) => {
+      targetSocketRef = targetSocket;
+      targetSocket.on('error', () => clientSocket.destroy());
+      clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+      if (head && head.length) targetSocket.write(head);
+      targetSocket.pipe(clientSocket);
+      clientSocket.pipe(targetSocket);
+    };
+
+    const onError = (err) => {
+      clientSocket.write('HTTP/1.1 502 Bad Gateway\r\n\r\n');
+      clientSocket.end();
+    };
+
+    if (action === 'direct') {
+      connectDirect(targetHost, targetPort).then(onTargetSocket).catch(onError);
+      return;
+    }
+
+    const upstream = (config.upstream || '').trim();
+    if (!upstream) {
+      connectDirect(targetHost, targetPort).then(onTargetSocket).catch(onError);
+      return;
+    }
+
+    if (upstream.startsWith('socks5://') || upstream.startsWith('socks4://') || upstream.startsWith('socks://')) {
+      connectViaSocks(upstream, targetHost, targetPort).then(onTargetSocket).catch(onError);
+    } else if (upstream.startsWith('http://') || upstream.startsWith('https://')) {
+      connectViaHttpProxy(upstream, targetHost, targetPort).then(onTargetSocket).catch(onError);
+    } else {
+      connectDirect(targetHost, targetPort).then(onTargetSocket).catch(onError);
+    }
+  });
+
+  return server;
+}
+
+let proxyServerInstance = null;
+let proxyListenPort = null;
+
+export async function startProxyServer(port) {
+  await stopProxyServer();
+  if (port == null || port <= 0) return null;
+  try {
+    proxyServerInstance = createProxyServer();
+    await new Promise((resolve, reject) => {
+      proxyServerInstance.once('error', reject);
+      proxyServerInstance.listen(port, '127.0.0.1', () => {
+        proxyListenPort = port;
+        proxyServerInstance.removeListener('error', reject);
+        proxyServerInstance.on('error', (err) => console.error('Proxy server error:', err.message));
+        console.log(`代理服务已启动: http://127.0.0.1:${port}`);
+        resolve();
+      });
+    });
+  } catch (e) {
+    console.error('Failed to start proxy server:', e.message);
+    proxyServerInstance = null;
+    proxyListenPort = null;
+  }
+  return proxyServerInstance;
+}
+
+export function stopProxyServer() {
+  if (!proxyServerInstance) return Promise.resolve();
+  const server = proxyServerInstance;
+  proxyServerInstance = null;
+  proxyListenPort = null;
+  return new Promise((resolve) => {
+    let settled = false;
+    const done = () => {
+      if (settled) return;
+      settled = true;
+      resolve();
+    };
+    server.close(done);
+    server.once('error', done);
+    setTimeout(done, 3000);
+  });
+}
+
+export function getProxyServerInstance() {
+  return proxyServerInstance;
+}
+
+export function getProxyStatus() {
+  const running = !!(proxyServerInstance && proxyListenPort);
+  return { running, port: running ? proxyListenPort : null };
+}

package/lib/server.js

@@ -0,0 +1,239 @@
+import path from 'path';
+import fs from 'fs';
+import { fileURLToPath } from 'url';
+import dotenv from 'dotenv';
+import express from 'express';
+import cors from 'cors';
+import { createServer } from 'http';
+import { loadConfig, saveConfig, getPacRules, setPacRules, getProxyConfig, setProxyConfig } from './local-store.js';
+import { getRecords as getTrafficRecords } from './traffic-log.js';
+import { getCaptures } from './capture-log.js';
+import { getPort } from 'get-port-please';
+import { startProxyServer, stopProxyServer, getProxyStatus } from './proxy-server.js';
+import { startMitmProxyServer, stopMitmProxyServer, getMitmProxyStatus, getCaCertPath, hasCaCert } from './mitm-proxy-server.js';
+import { setSystemProxy, clearSystemProxy } from './system-proxy.js';
+import { generatePacJs } from './pac-file.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const envDir = path.resolve(__dirname, '..');
+dotenv.config({ path: path.join(envDir, '.env') });
+dotenv.config({ path: path.join(envDir, '.env.local'), override: true });
+
+let lastSystemProxyResult = null;
+/** 控制台实际监听端口，用于拼 PAC URL（PAC 模式时系统代理指向此地址的 /proxy.pac） */
+let controlPanelPort = null;
+
+async function applyProxyService(proxyOverride) {
+  const proxy = proxyOverride ?? getProxyConfig();
+  const isMitm = (proxy.mode || '') === 'mitm';
+  const prevStatus = isMitm ? getMitmProxyStatus() : getProxyStatus();
+  const wasProxyRunning = prevStatus.running === true;
+  await stopProxyServer();
+  await stopMitmProxyServer();
+  const enabled = proxy.enabled === true || proxy.enabled === 'true';
+  const port = Number(proxy.httpPort) || 5175;
+  lastSystemProxyResult = null;
+  if (enabled) {
+    if (isMitm) {
+      try {
+        await startMitmProxyServer(port);
+      } catch (e) {
+        console.error('抓包代理启动失败:', e.message);
+      }
+    } else {
+      await startProxyServer(port);
+    }
+    if (proxy.applySystemProxy !== false) {
+      const mode = (proxy.mode || 'pac') === 'pac' ? 'pac' : 'global';
+      const pacUrl = controlPanelPort && mode === 'pac'
+        ? `http://127.0.0.1:${controlPanelPort}/proxy.pac?t=${Date.now()}`
+        : undefined;
+      const result = setSystemProxy('127.0.0.1', port, { mode, pacUrl });
+      lastSystemProxyResult = result;
+      if (!result.ok) console.warn('自动设置系统代理失败:', result.error || '未知');
+    }
+  } else {
+    if (proxy.applySystemProxy !== false && wasProxyRunning) {
+      const result = clearSystemProxy();
+      lastSystemProxyResult = result;
+      if (!result.ok) console.warn('自动清除系统代理失败:', result.error || '未知');
+    }
+  }
+}
+
+export async function startServer(port) {
+  const app = express();
+  app.use(cors());
+  app.use(express.json());
+
+  // 静态资源：优先 dist（生产），否则开发时可用 web/dist
+  const distPath = path.resolve(__dirname, '..', 'dist');
+  if (distPath) {
+    app.use(express.static(distPath, { index: 'index.html' }));
+  }
+
+  // ---------- 本地模式 API ----------
+  app.get('/api/local/config', (req, res) => {
+    try {
+      const config = loadConfig();
+      res.json(config);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.put('/api/local/config', (req, res) => {
+    try {
+      const current = loadConfig();
+      const body = req.body || {};
+      const merged = {
+        ...current,
+        ...body,
+        proxy: { ...current.proxy, ...(body.proxy || {}) },
+        pacRules: body.pacRules !== undefined ? body.pacRules : current.pacRules,
+      };
+      if (body.mode === 'remote' || body.mode === 'local') merged.mode = body.mode;
+      const config = saveConfig(merged);
+      res.json(config);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.get('/api/local/proxy', (req, res) => {
+    try {
+      const proxy = getProxyConfig();
+      res.json(proxy);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.put('/api/local/proxy', async (req, res) => {
+    try {
+      const proxy = setProxyConfig(req.body);
+      await applyProxyService(proxy);
+      res.json(proxy);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.get('/api/local/pac-rules', (req, res) => {
+    try {
+      const rules = getPacRules();
+      res.json(rules);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.put('/api/local/pac-rules', (req, res) => {
+    try {
+      const rules = setPacRules(Array.isArray(req.body) ? req.body : req.body.rules || []);
+      const proxy = getProxyConfig();
+      if (proxy.enabled && proxy.mode === 'pac' && proxy.applySystemProxy !== false && controlPanelPort) {
+        const pacUrl = `http://127.0.0.1:${controlPanelPort}/proxy.pac?t=${Date.now()}`;
+        const result = setSystemProxy('127.0.0.1', Number(proxy.httpPort) || 5175, { mode: 'pac', pacUrl });
+        if (!result.ok) console.warn('刷新系统 PAC URL 失败:', result.error);
+      }
+      res.json(rules);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.get('/api/local/traffic', (req, res) => {
+    try {
+      res.json(getTrafficRecords());
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.get('/api/local/capture', (req, res) => {
+    try {
+      const { q, method, status, type, sort, order, limit, offset } = req.query;
+      const result = getCaptures({
+        q,
+        method,
+        status,
+        type,
+        sort: sort || 'time',
+        order: order === 'asc' ? 'asc' : 'desc',
+        limit,
+        offset,
+      });
+      res.json(result);
+    } catch (e) {
+      res.status(500).json({ error: String(e.message) });
+    }
+  });
+
+  app.get('/api/local/proxy-status', (req, res) => {
+    try {
+      const proxy = getProxyConfig();
+      const status = (proxy.mode || '') === 'mitm' ? getMitmProxyStatus() : getProxyStatus();
+      if (lastSystemProxyResult) {
+        status.systemProxyOk = lastSystemProxyResult.ok;
+        status.systemProxyError = lastSystemProxyResult.error || null;
+      }
+      res.json(status);
+    } catch (e) {
+      res.status(500).json({ running: false, port: null });
+    }
+  });
+
+  app.get('/api/local/ca-cert', (req, res) => {
+    try {
+      if (!hasCaCert()) {
+        res.status(404).set('Content-Type', 'text/plain; charset=utf-8').send('CA 证书尚未生成，请先启用抓包代理并访问任意 HTTPS 网站。');
+        return;
+      }
+      const certPath = getCaCertPath();
+      const pem = fs.readFileSync(certPath, 'utf-8');
+      res.set('Content-Type', 'application/x-pem-file');
+      res.set('Content-Disposition', 'attachment; filename="pac-proxy-ca.crt"');
+      res.send(pem);
+    } catch (e) {
+      res.status(500).set('Content-Type', 'text/plain; charset=utf-8').send('读取 CA 证书失败: ' + e.message);
+    }
+  });
+
+  app.get('/api/local/remote-server-url', (req, res) => {
+    const url = (process.env.REMOTE_SERVER_URL || '').trim().replace(/\/$/, '');
+    res.json({ url });
+  });
+
+  app.get('/proxy.pac', (req, res) => {
+    try {
+      const proxy = getProxyConfig();
+      const status = (proxy.mode || '') === 'mitm' ? getMitmProxyStatus() : getProxyStatus();
+      const port = status.port || getProxyConfig().httpPort || 5175;
+      const js = generatePacJs('127.0.0.1', port);
+      res.set('Content-Type', 'application/x-ns-proxy-autoconfig');
+      res.set('Cache-Control', 'no-store, no-cache, must-revalidate');
+      res.set('Pragma', 'no-cache');
+      res.set('Expires', '0');
+      res.send(js);
+    } catch (e) {
+      res.status(500).set('Content-Type', 'text/plain').send('FindProxyForURL(url,host){return"DIRECT";}');
+    }
+  });
+
+  // SPA fallback
+  app.get('*', (req, res) => {
+    res.sendFile(path.join(distPath, 'index.html'));
+  });
+
+  const actualPort = await getPort({ port, portRange: [port, port + 100] });
+  const server = createServer(app);
+
+  server.listen(actualPort, '127.0.0.1', async () => {
+    controlPanelPort = actualPort;
+    console.log(`控制台已启动: http://127.0.0.1:${actualPort}`);
+    await applyProxyService();
+  });
+
+  return server;
+}

package/lib/socks-http.js

@@ -0,0 +1,47 @@
+/**
+ * 将 SOCKS5 代理转为本地 HTTP/HTTPS 代理（供本地模式使用）
+ * 用户自行提供 SOCKS5，如 ssh -D 1080 user@host
+ */
+import http from 'http';
+import { SocksProxyAgent } from 'socks-proxy-agent';
+import { createServer } from 'http';
+
+/**
+ * 创建基于 SOCKS5 的 HTTP 代理服务
+ * @param {string} socksUrl - 如 socks5://127.0.0.1:1080
+ * @param {number} localPort - 本地 HTTP 代理监听端口
+ * @returns {http.Server}
+ */
+export function createSocksHttpProxy(socksUrl, localPort) {
+  const agent = new SocksProxyAgent(socksUrl);
+
+  const server = createServer((req, res) => {
+    const target = req.url;
+    if (!target || target === '/') {
+      res.writeHead(400, { 'Content-Type': 'text/plain' });
+      res.end('Bad Request: no URL');
+      return;
+    }
+
+    const opts = {
+      method: req.method,
+      headers: req.headers,
+      agent,
+    };
+
+    const proxyReq = http.request(target, opts, (proxyRes) => {
+      res.writeHead(proxyRes.statusCode || 200, proxyRes.headers);
+      proxyRes.pipe(res);
+    });
+
+    proxyReq.on('error', (err) => {
+      res.writeHead(502, { 'Content-Type': 'text/plain' });
+      res.end('Proxy Error: ' + err.message);
+    });
+
+    req.pipe(proxyReq);
+  });
+
+  server.listen(localPort, '127.0.0.1');
+  return server;
+}