npm - pac-proxy-cli - Versions diffs - 1.1.13 → 1.2.0 - Mend

pac-proxy-cli 1.1.13 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +15 -0
package/dist/assets/index-CFoGlW0m.css +1 -0
package/dist/assets/index-DN6Yf8E7.js +28 -0
package/dist/index.html +2 -2
package/lib/config-cli.js +709 -0
package/lib/index.js +70 -0
package/lib/local-store.js +3 -3
package/lib/pac-file.js +3 -2
package/lib/pac-match.js +7 -5
package/lib/proxy-server.js +12 -0
package/lib/sslocal-manager.js +51 -14
package/package.json +4 -2
package/dist/assets/index-CmIDvBkA.js +0 -28
package/dist/assets/index-QepWtMiX.css +0 -1

package/lib/index.js CHANGED Viewed

@@ -3,6 +3,14 @@
 import { Command } from 'commander';
 import { createRequire } from 'module';
 import { startServer } from './server.js';
+import {
+  runConfigPrint,
+  runConfigInteractive,
+  runConfigInit,
+  runPacImportFile,
+  runPacRulesInteractive,
+  runConfigProxyModeInteractive,
+} from './config-cli.js';
 const require = createRequire(import.meta.url);
@@ -22,4 +30,66 @@ program
     await startServer(port);
   });
+const configCmd = program
+  .command('config')
+  .description('查看或交互编辑本地配置（与 Web 控制台共用数据目录）')
+  .option('--print', '打印当前配置 JSON（敏感字段脱敏），无需 TTY');
+configCmd.action(async (opts) => {
+  if (opts.print) {
+    runConfigPrint();
+    return;
+  }
+  if (!process.stdin.isTTY) {
+    console.error('非交互终端无法启动问答。请使用: pac-proxy config --print');
+    process.exitCode = 1;
+    return;
+  }
+  await runConfigInteractive();
+});
+configCmd
+  .command('init')
+  .description('首次配置向导（交互）')
+  .action(async () => {
+    if (!process.stdin.isTTY) {
+      console.error('非交互终端无法使用向导。请使用: pac-proxy config --print');
+      process.exitCode = 1;
+      return;
+    }
+    await runConfigInit();
+  });
+configCmd
+  .command('rules')
+  .description('交互式增删改查 PAC 规则（代理 / 直连 / 拦截）')
+  .action(async () => {
+    if (!process.stdin.isTTY) {
+      console.error('非交互终端无法使用。请使用: pac-proxy config --print');
+      process.exitCode = 1;
+      return;
+    }
+    await runPacRulesInteractive();
+  });
+configCmd
+  .command('proxy-mode')
+  .description('交互式选择代理模式（直连 / 系统代理 / PAC / 抓包）')
+  .action(async () => {
+    if (!process.stdin.isTTY) {
+      console.error('非交互终端无法使用。请使用: pac-proxy config --print');
+      process.exitCode = 1;
+      return;
+    }
+    await runConfigProxyModeInteractive();
+  });
+configCmd
+  .command('import')
+  .description('从 JSON 文件合并导入 PAC 规则（与 Web 导入逻辑一致）')
+  .argument('<file>', '规则 JSON 文件路径')
+  .action(async (file) => {
+    await runPacImportFile(file);
+  });
 program.parse();

package/lib/local-store.js CHANGED Viewed

@@ -27,15 +27,15 @@ const DEFAULT_CONFIG = {
   },
 };
-function getStoreDir() {
+export function getStoreDir() {
   return process.env.PAC_PROXY_HOME || path.join(os.homedir(), '.pac-proxy');
 }
-function getStorePath() {
+export function getStorePath() {
   return path.join(getStoreDir(), 'config.json');
 }
-function getRemoteConfigPath() {
+export function getRemoteConfigPath() {
   return path.join(getStoreDir(), 'remote_config.json');
 }

package/lib/pac-file.js CHANGED Viewed

@@ -1,6 +1,6 @@
 /**
  * 生成 PAC 文件内容，供浏览器/系统“自动代理配置”使用
- * 规则与 pac-match 一致：按优先级匹配，命中则 proxy/direct，未命中直连
+ * 规则与 pac-match 一致：按优先级匹配，命中则 proxy/direct/block，未命中直连（block 与 proxy 均走本机代理以便本地拒绝）
  */
 import { getPacRules, getProxyConfig } from './local-store.js';
@@ -41,7 +41,8 @@ export function generatePacJs(proxyHost, proxyPort) {
     const condUrl = patternToPacCondition('url', r.pattern);
     const condHost = patternToPacCondition('host', r.pattern);
     const cond = `${condUrl} || ${condHost}`;
-    const ret = r.action === 'proxy' ? `return "${proxyStr}";` : 'return "DIRECT";';
+    const viaProxy = r.action === 'proxy' || r.action === 'block';
+    const ret = viaProxy ? `return "${proxyStr}";` : 'return "DIRECT";';
     lines.push(`  if (${cond}) { ${ret} }`);
   }
   const body = lines.join('\n');

package/lib/pac-match.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * PAC 规则匹配：按优先级排序，命中则返回对应动作（proxy/direct）
+ * PAC 规则匹配：按优先级排序，命中则返回对应动作（proxy/direct/block）
  * pattern 支持 * 通配符，匹配请求的 URL 或 host
  */
 export function patternToRegex(pattern) {
@@ -24,11 +24,11 @@ export function matchPattern(url, pattern) {
 }
 /**
- * 根据 PAC 规则决定该 URL 走代理还是直连。
- * PAC 模式下：匹配到规则则按规则执行（proxy/direct），未匹配到的一律直连。
+ * 根据 PAC 规则决定该 URL 走代理、直连或拦截。
+ * PAC 模式下：匹配到规则则按规则执行（proxy/direct/block），未匹配到的一律直连。
  * @param {string} url - 请求的完整 URL（如 http://example.com/path）或 CONNECT 时为 host:port
  * @param {Array<{pattern:string, action:string, priority:number}>} rules
- * @returns {'proxy'|'direct'}
+ * @returns {'proxy'|'direct'|'block'}
  */
 export function getPacAction(url, rules) {
   if (!url || !Array.isArray(rules) || rules.length === 0) {
@@ -37,7 +37,9 @@ export function getPacAction(url, rules) {
   const sorted = [...rules].sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
   for (const r of sorted) {
     if (matchPattern(url, r.pattern)) {
-      return r.action === 'proxy' ? 'proxy' : 'direct';
+      if (r.action === 'proxy') return 'proxy';
+      if (r.action === 'block') return 'block';
+      return 'direct';
     }
   }
   return 'direct';

package/lib/proxy-server.js CHANGED Viewed

@@ -103,6 +103,12 @@ export function createProxyServer() {
     }
     pushRecord({ type: targetUrl.startsWith('https') ? 'https' : 'http', method: req.method, url: targetUrl, action });
+    if (action === 'block') {
+      res.writeHead(403, { 'Content-Type': 'text/plain; charset=utf-8' });
+      res.end('Blocked by PAC rule');
+      return;
+    }
     const protocol = targetUrl.startsWith('https') ? https : http;
     const opts = { method: req.method, headers: req.headers };
@@ -156,6 +162,12 @@ export function createProxyServer() {
     }
     pushRecord({ type: 'https', method: 'CONNECT', url: req.url, action });
+    if (action === 'block') {
+      clientSocket.write('HTTP/1.1 403 Forbidden\r\nConnection: close\r\n\r\n');
+      clientSocket.end();
+      return;
+    }
     const onTargetSocket = (targetSocket) => {
       targetSocketRef = targetSocket;
       targetSocket.on('error', () => clientSocket.destroy());

package/lib/sslocal-manager.js CHANGED Viewed

@@ -78,27 +78,64 @@ function waitForPort(port, timeoutMs = 4000) {
   });
 }
+const SSLOCAL_CIPHER_FALLBACK = [
+  'aes-256-gcm',
+  'aes-128-gcm',
+  'chacha20-ietf-poly1305',
+  '2022-blake3-aes-256-gcm',
+  '2022-blake3-aes-128-gcm',
+  '2022-blake3-chacha20-poly1305',
+];
+/** 协议/传输类枚举，勿当作 encrypt-method 的 possible values */
+const PROTOCOL_LIKE = /^(socks4?|socks5|http|https|tcp|udp|tls|ws|wss|quic|local|remote)$/i;
+function splitPossibleValuesBlock(inner) {
+  return inner.split(',').map((s) => s.trim()).filter(Boolean);
+}
+/** 从 --help 文本中挑出「加密方法」枚举，避免误用首个 [possible values:]（常为协议名） */
+function parseCipherListFromHelp(output) {
+  const lines = output.split(/\r?\n/);
+  for (const line of lines) {
+    if (!/(encrypt|cipher|method).*method|--encrypt|-m[,<\s]/i.test(line)) continue;
+    const m = line.match(/\[possible values:\s*([^\]]+)\]/i);
+    if (m) {
+      const items = splitPossibleValuesBlock(m[1]);
+      if (items.length && !items.some((s) => PROTOCOL_LIKE.test(s))) {
+        return items;
+      }
+    }
+  }
+  const re = /\[possible values:\s*([^\]]+)\]/gi;
+  let block;
+  while ((block = re.exec(output)) !== null) {
+    const items = splitPossibleValuesBlock(block[1]);
+    if (items.length < 2) continue;
+    if (items.some((s) => PROTOCOL_LIKE.test(s))) continue;
+    const cipherLike = items.filter(
+      (s) =>
+        /(gcm|poly1305|blake3|chacha|aes-\d+|rc4|bf-cfb|table|none|plain|sm4|2022-)/i.test(s)
+    );
+    if (cipherLike.length >= Math.min(items.length, 3) || (items.length >= 4 && cipherLike.length >= 2)) {
+      return items;
+    }
+  }
+  return null;
+}
 export function getSslocalCiphers() {
   try {
     const binPath = getBinaryPath();
     ensureExecutable(binPath);
     const result = spawnSync(binPath, ['--help'], { encoding: 'utf-8', timeout: 3000 });
     const output = (result.stdout || '') + (result.stderr || '');
-    // 匹配 [possible values: aes-256-gcm, chacha20-ietf-poly1305, ...]
-    const match = output.match(/\[possible values:\s*([^\]]+)\]/i);
-    if (match) {
-      return match[1].split(',').map((s) => s.trim()).filter(Boolean);
-    }
+    const parsed = parseCipherListFromHelp(output);
+    if (parsed?.length) return parsed;
   } catch (_) {}
-  // 回退到通用列表
-  return [
-    'aes-256-gcm',
-    'aes-128-gcm',
-    'chacha20-ietf-poly1305',
-    '2022-blake3-aes-256-gcm',
-    '2022-blake3-aes-128-gcm',
-    '2022-blake3-chacha20-poly1305',
-  ];
+  return [...SSLOCAL_CIPHER_FALLBACK];
 }
 export async function startSslocal(cfg) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pac-proxy-cli",
-  "version": "1.1.13",
+  "version": "1.2.0",
   "description": "node pac proxy and web control panel",
   "type": "module",
   "main": "lib/index.js",
@@ -17,7 +17,8 @@
   "scripts": {
     "dev": "node lib/index.js serve --port 5174",
     "build": "vite build",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "test": "node --test test/config-cli.test.js"
   },
   "optionalDependencies": {
     "pac-proxy-sslocal-win32-x64": "1.24.1",
@@ -27,6 +28,7 @@
     "pac-proxy-sslocal-linux-arm64": "1.24.0"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.3.2",
     "commander": "^12.0.0",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",