peep-proxy 0.1.0 → 0.2.0

package/dist/app.js

@@ -158,5 +158,5 @@ export default function App({ store, port, onQuit }) {
     if (quitting) {
         return (_jsxs(Box, { flexDirection: "column", height: rows, paddingTop: 1, paddingLeft: 2, children: [_jsx(Text, { bold: true, children: "Shutting down\u2026" }), quitSteps.map((msg) => (_jsxs(Text, { dimColor: true, children: [" ", msg] }, msg)))] }));
     }
-    return (_jsxs(Box, { flexDirection: "column", height: rows, children: [modalOpen && (_jsx(Box, { position: "absolute", marginTop: Math.max(0, Math.floor((rows - 8) / 2)), marginLeft: Math.max(0, Math.floor((columns - 22) / 2)), children: _jsx(SortModal, { sortConfig: sortConfig, onSelect: selectColumn, onClose: closeModal }) })), _jsxs(Box, { flexDirection: "row", height: available, children: [_jsx(DomainSidebar, { items: visibleItems, selectedIndex: sidebarSelectedIndex, scrollOffset: sidebarScrollOffset, viewportHeight: sidebarViewportHeight, width: SIDEBAR_WIDTH, height: available, isActive: activePanel === "sidebar" }), _jsxs(Box, { flexDirection: "column", width: contentWidth, children: [_jsx(RequestList, { entries: sortedEntries, selectedIndex: selectedIndex, scrollOffset: scrollOffset, viewportHeight: listViewportHeight, sortConfig: sortConfig, columnWidths: columnWidths, width: contentWidth, height: listHeight, isActive: activePanel === "list" }), selectedEntry && detailHeight > 0 && (_jsx(DetailPanel, { entry: selectedEntry, activePanel: activePanel, requestTab: requestTab, responseTab: responseTab, width: contentWidth, height: detailHeight }))] })] }), _jsx(StatusBar, { port: port, requestCount: sortedEntries.length, selectedIndex: selectedIndex, columns: columns, activePanel: activePanel, notification: notification })] }));
+    return (_jsxs(Box, { flexDirection: "column", height: rows, children: [_jsxs(Box, { flexDirection: "row", height: available, children: [_jsx(DomainSidebar, { items: visibleItems, selectedIndex: sidebarSelectedIndex, scrollOffset: sidebarScrollOffset, viewportHeight: sidebarViewportHeight, width: SIDEBAR_WIDTH, height: available, isActive: activePanel === "sidebar" }), modalOpen ? (_jsx(Box, { width: contentWidth, height: available, alignItems: "center", justifyContent: "center", children: _jsx(SortModal, { sortConfig: sortConfig, onSelect: selectColumn, onClose: closeModal }) })) : (_jsxs(Box, { flexDirection: "column", width: contentWidth, children: [_jsx(RequestList, { entries: sortedEntries, selectedIndex: selectedIndex, scrollOffset: scrollOffset, viewportHeight: listViewportHeight, sortConfig: sortConfig, columnWidths: columnWidths, width: contentWidth, height: listHeight, isActive: activePanel === "list" }), selectedEntry && detailHeight > 0 && (_jsx(DetailPanel, { entry: selectedEntry, activePanel: activePanel, requestTab: requestTab, responseTab: responseTab, width: contentWidth, height: detailHeight }))] }))] }), _jsx(StatusBar, { port: port, requestCount: sortedEntries.length, selectedIndex: selectedIndex, columns: columns, activePanel: activePanel, notification: notification })] }));
 }

package/dist/cli.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 import { jsx as _jsx } from "react/jsx-runtime";
+import { readFileSync } from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
 import { render } from "ink";
@@ -14,10 +15,14 @@ const cli = meow(`
 	  $ peep
 
 	Options
-		--port  Proxy port (default: 8080)
+		--port              Proxy port (default: 8080)
+		--upstream-proxy    Upstream proxy URL
+		--ca-cert           Path to additional CA certificate (PEM)
 
 	Examples
 	  $ peep --port=3128
+	  $ peep --upstream-proxy=http://proxy:8080
+	  $ peep --ca-cert=/path/to/zscaler-ca.pem
 `, {
     importMeta: import.meta,
     flags: {
@@ -25,6 +30,12 @@ const cli = meow(`
             type: "number",
             default: 8080,
         },
+        upstreamProxy: {
+            type: "string",
+        },
+        caCert: {
+            type: "string",
+        },
     },
 });
 const port = cli.flags.port;
@@ -61,7 +72,25 @@ if (findNssProfiles().length > 0 && !isNssTrusted()) {
             break;
     }
 }
-const proxy = new ProxyServer({ port, ca });
+const upstreamProxy = cli.flags.upstreamProxy
+    ? new URL(cli.flags.upstreamProxy)
+    : undefined;
+const extraCaCerts = [];
+if (cli.flags.caCert) {
+    try {
+        extraCaCerts.push(readFileSync(cli.flags.caCert, "utf-8"));
+    }
+    catch {
+        process.stderr.write(`Failed to read CA certificate: ${cli.flags.caCert}\n`);
+        process.exit(1);
+    }
+}
+const proxy = new ProxyServer({
+    port,
+    ca,
+    upstreamProxy,
+    extraCaCerts: extraCaCerts.length > 0 ? extraCaCerts : undefined,
+});
 const store = new TrafficStore(proxy);
 await proxy.start();
 const proxyService = enableSystemProxy(port);

package/dist/proxy/index.d.ts

@@ -1,3 +1,4 @@
 export { ProxyServer } from "./proxy-server.js";
 export { loadOrCreateCA } from "./ca.js";
+export { connectThroughProxy, getUpstreamProxy, shouldBypass, } from "./upstream.js";
 export type { CaConfig, ProxyConfig, ProxyConnectEvent, ProxyErrorEvent, ProxyEventMap, ProxyRequestEvent, ProxyResponseEvent, RequestId, } from "./types.js";

package/dist/proxy/index.js

@@ -1,2 +1,3 @@
 export { ProxyServer } from "./proxy-server.js";
 export { loadOrCreateCA } from "./ca.js";
+export { connectThroughProxy, getUpstreamProxy, shouldBypass, } from "./upstream.js";

package/dist/proxy/proxy-server.js

@@ -9,7 +9,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _ProxyServer_instances, _ProxyServer_config, _ProxyServer_server, _ProxyServer_emitter, _ProxyServer_certCache, _ProxyServer_sockets, _ProxyServer_tunnelSockets, _ProxyServer_mitmServers, _ProxyServer_handleRequest, _ProxyServer_handleConnect, _ProxyServer_handleTunnel, _ProxyServer_handleMitm;
+var _ProxyServer_instances, _ProxyServer_config, _ProxyServer_server, _ProxyServer_emitter, _ProxyServer_upstream, _ProxyServer_certCache, _ProxyServer_sockets, _ProxyServer_tunnelSockets, _ProxyServer_mitmServers, _ProxyServer_handleRequest, _ProxyServer_handleConnect, _ProxyServer_handleTunnel, _ProxyServer_handleMitm;
 import { randomUUID } from "node:crypto";
 import * as http from "node:http";
 import * as https from "node:https";
@@ -17,12 +17,14 @@ import * as net from "node:net";
 import * as tls from "node:tls";
 import { EventEmitter } from "node:events";
 import { generateHostCert } from "./ca.js";
+import { connectThroughProxy, getUpstreamProxy, shouldBypass, } from "./upstream.js";
 export class ProxyServer {
     constructor(config) {
         _ProxyServer_instances.add(this);
         _ProxyServer_config.set(this, void 0);
         _ProxyServer_server.set(this, void 0);
         _ProxyServer_emitter.set(this, void 0);
+        _ProxyServer_upstream.set(this, void 0);
         _ProxyServer_certCache.set(this, new Map());
         _ProxyServer_sockets.set(this, new Set());
         _ProxyServer_tunnelSockets.set(this, new Set());
@@ -56,13 +58,23 @@ export class ProxyServer {
                     timestamp,
                 };
                 __classPrivateFieldGet(this, _ProxyServer_emitter, "f").emit("request", requestEvent);
-                const upstreamOptions = {
-                    hostname: parsed.hostname,
-                    port: parsed.port || 80,
-                    path: parsed.pathname + parsed.search,
-                    method: clientReq.method,
-                    headers: clientReq.headers,
-                };
+                const upstreamHttp = __classPrivateFieldGet(this, _ProxyServer_upstream, "f").http;
+                const useUpstream = upstreamHttp && !shouldBypass(parsed.hostname);
+                const upstreamOptions = useUpstream
+                    ? {
+                        hostname: upstreamHttp.hostname,
+                        port: Number(upstreamHttp.port) || 80,
+                        path: clientReq.url,
+                        method: clientReq.method,
+                        headers: clientReq.headers,
+                    }
+                    : {
+                        hostname: parsed.hostname,
+                        port: parsed.port || 80,
+                        path: parsed.pathname + parsed.search,
+                        method: clientReq.method,
+                        headers: clientReq.headers,
+                    };
                 const upstreamReq = http.request(upstreamOptions, (upstreamRes) => {
                     const chunks = [];
                     upstreamRes.on("data", (chunk) => {
@@ -103,6 +115,7 @@ export class ProxyServer {
             }
         });
         __classPrivateFieldSet(this, _ProxyServer_config, config, "f");
+        __classPrivateFieldSet(this, _ProxyServer_upstream, getUpstreamProxy(config.upstreamProxy), "f");
         __classPrivateFieldSet(this, _ProxyServer_emitter, new EventEmitter(), "f");
         __classPrivateFieldSet(this, _ProxyServer_server, http.createServer(__classPrivateFieldGet(this, _ProxyServer_handleRequest, "f")), "f");
         __classPrivateFieldGet(this, _ProxyServer_server, "f").on("connect", __classPrivateFieldGet(this, _ProxyServer_handleConnect, "f"));
@@ -152,7 +165,7 @@ export class ProxyServer {
         __classPrivateFieldGet(this, _ProxyServer_emitter, "f").off(event, listener);
     }
 }
-_ProxyServer_config = new WeakMap(), _ProxyServer_server = new WeakMap(), _ProxyServer_emitter = new WeakMap(), _ProxyServer_certCache = new WeakMap(), _ProxyServer_sockets = new WeakMap(), _ProxyServer_tunnelSockets = new WeakMap(), _ProxyServer_mitmServers = new WeakMap(), _ProxyServer_handleRequest = new WeakMap(), _ProxyServer_handleConnect = new WeakMap(), _ProxyServer_instances = new WeakSet(), _ProxyServer_handleTunnel = function _ProxyServer_handleTunnel(host, port, clientSocket, head) {
+_ProxyServer_config = new WeakMap(), _ProxyServer_server = new WeakMap(), _ProxyServer_emitter = new WeakMap(), _ProxyServer_upstream = new WeakMap(), _ProxyServer_certCache = new WeakMap(), _ProxyServer_sockets = new WeakMap(), _ProxyServer_tunnelSockets = new WeakMap(), _ProxyServer_mitmServers = new WeakMap(), _ProxyServer_handleRequest = new WeakMap(), _ProxyServer_handleConnect = new WeakMap(), _ProxyServer_instances = new WeakSet(), _ProxyServer_handleTunnel = function _ProxyServer_handleTunnel(host, port, clientSocket, head) {
     const id = randomUUID();
     __classPrivateFieldGet(this, _ProxyServer_emitter, "f").emit("connect", {
         id,
@@ -160,6 +173,39 @@ _ProxyServer_config = new WeakMap(), _ProxyServer_server = new WeakMap(), _Proxy
         port,
         timestamp: Date.now(),
     });
+    const upstreamHttps = __classPrivateFieldGet(this, _ProxyServer_upstream, "f").https;
+    const useUpstream = upstreamHttps && !shouldBypass(host);
+    if (useUpstream) {
+        connectThroughProxy(upstreamHttps, host, port).then((upstreamSocket) => {
+            clientSocket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
+            if (head.length > 0) {
+                upstreamSocket.write(head);
+            }
+            upstreamSocket.pipe(clientSocket);
+            clientSocket.pipe(upstreamSocket);
+            __classPrivateFieldGet(this, _ProxyServer_tunnelSockets, "f").add(upstreamSocket);
+            upstreamSocket.once("close", () => __classPrivateFieldGet(this, _ProxyServer_tunnelSockets, "f").delete(upstreamSocket));
+            upstreamSocket.on("error", (error) => {
+                __classPrivateFieldGet(this, _ProxyServer_emitter, "f").emit("error", {
+                    id,
+                    error,
+                    phase: "connect",
+                });
+                clientSocket.end();
+            });
+            clientSocket.on("error", () => {
+                upstreamSocket.end();
+            });
+        }, (error) => {
+            __classPrivateFieldGet(this, _ProxyServer_emitter, "f").emit("error", {
+                id,
+                error: error,
+                phase: "connect",
+            });
+            clientSocket.end();
+        });
+        return;
+    }
     const upstreamSocket = net.connect(port, host, () => {
         clientSocket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
         if (head.length > 0) {
@@ -202,7 +248,7 @@ _ProxyServer_config = new WeakMap(), _ProxyServer_server = new WeakMap(), _Proxy
         clientReq.on("data", (chunk) => {
             reqChunks.push(chunk);
         });
-        clientReq.on("end", () => {
+        clientReq.on("end", async () => {
             const reqBody = Buffer.concat(reqChunks);
             const requestEvent = {
                 id,
@@ -222,6 +268,41 @@ _ProxyServer_config = new WeakMap(), _ProxyServer_server = new WeakMap(), _Proxy
                 method: clientReq.method,
                 headers: { ...clientReq.headers, host },
             };
+            const upstreamHttps = __classPrivateFieldGet(this, _ProxyServer_upstream, "f").https;
+            const useUpstream = upstreamHttps && !shouldBypass(host);
+            if (useUpstream) {
+                try {
+                    const tunnelSocket = await connectThroughProxy(upstreamHttps, host, port);
+                    const extraCa = __classPrivateFieldGet(this, _ProxyServer_config, "f").extraCaCerts;
+                    upstreamOptions.createConnection = () => tls.connect({
+                        socket: tunnelSocket,
+                        servername: host,
+                        ...(extraCa?.length && {
+                            ca: [...tls.rootCertificates, ...extraCa],
+                        }),
+                    });
+                }
+                catch (error) {
+                    __classPrivateFieldGet(this, _ProxyServer_emitter, "f").emit("error", {
+                        id,
+                        error: error,
+                        phase: "connect",
+                    });
+                    if (!clientRes.headersSent) {
+                        clientRes.writeHead(502, {
+                            "Content-Type": "text/plain",
+                        });
+                    }
+                    clientRes.end("Bad Gateway");
+                    return;
+                }
+            }
+            else if (__classPrivateFieldGet(this, _ProxyServer_config, "f").extraCaCerts?.length) {
+                upstreamOptions.ca = [
+                    ...tls.rootCertificates,
+                    ...__classPrivateFieldGet(this, _ProxyServer_config, "f").extraCaCerts,
+                ];
+            }
             const upstreamReq = https.request(upstreamOptions, (upstreamRes) => {
                 const chunks = [];
                 upstreamRes.on("data", (chunk) => {

package/dist/proxy/types.d.ts

@@ -7,6 +7,8 @@ export type ProxyConfig = {
     port: number;
     hostname?: string;
     ca?: CaConfig;
+    upstreamProxy?: URL;
+    extraCaCerts?: string[];
 };
 export type RequestId = string;
 export type ProxyRequestEvent = {

package/dist/proxy/upstream.d.ts

@@ -0,0 +1,7 @@
+import type * as net from "node:net";
+export declare function getUpstreamProxy(explicit?: URL): {
+    http?: URL;
+    https?: URL;
+};
+export declare function shouldBypass(hostname: string): boolean;
+export declare function connectThroughProxy(proxyUrl: URL, host: string, port: number): Promise<net.Socket>;

package/dist/proxy/upstream.js

@@ -0,0 +1,54 @@
+import * as http from "node:http";
+export function getUpstreamProxy(explicit) {
+    if (explicit) {
+        return { http: explicit, https: explicit };
+    }
+    const httpsRaw = process.env["HTTPS_PROXY"] ?? process.env["https_proxy"];
+    const httpRaw = process.env["HTTP_PROXY"] ?? process.env["http_proxy"];
+    return {
+        http: httpRaw ? new URL(httpRaw) : undefined,
+        https: httpsRaw ? new URL(httpsRaw) : undefined,
+    };
+}
+export function shouldBypass(hostname) {
+    const raw = process.env["NO_PROXY"] ?? process.env["no_proxy"] ?? "";
+    if (!raw)
+        return false;
+    if (raw === "*")
+        return true;
+    const entries = raw.split(",").map((e) => e.trim().toLowerCase());
+    const host = hostname.toLowerCase();
+    for (const entry of entries) {
+        if (!entry)
+            continue;
+        if (host === entry)
+            return true;
+        if (entry.startsWith(".") && host.endsWith(entry))
+            return true;
+        if (host.endsWith(`.${entry}`))
+            return true;
+    }
+    return false;
+}
+export function connectThroughProxy(proxyUrl, host, port) {
+    return new Promise((resolve, reject) => {
+        const req = http.request({
+            hostname: proxyUrl.hostname,
+            port: Number(proxyUrl.port) || 80,
+            method: "CONNECT",
+            path: `${host}:${port}`,
+            headers: { Host: `${host}:${port}` },
+        });
+        req.on("connect", (res, socket) => {
+            if (res.statusCode === 200) {
+                resolve(socket);
+            }
+            else {
+                socket.destroy();
+                reject(new Error(`Upstream proxy CONNECT failed with status ${res.statusCode}`));
+            }
+        });
+        req.on("error", reject);
+        req.end();
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "peep-proxy",
-	"version": "0.1.0",
+	"version": "0.2.0",
 	"description": "A TUI HTTP proxy for developers. Proxyman, but in your terminal.",
 	"license": "MIT",
 	"repository": {