pyproxytools 0.3.2__py3-none-any.whl

pyproxy/server.py

@@ -0,0 +1,334 @@
+"""
+server.py
+
+This module defines a Python-based proxy server capable of handling both HTTP
+and HTTPS requests. It forwards client requests to target servers, applies
+filtering, serves custom 403 pages for blocked content, and logs access and
+block events.
+"""
+
+import socket
+import threading
+import logging
+import multiprocessing
+import os
+import time
+import ipaddress
+
+from pyproxy import __slim__
+from pyproxy.utils.logger import configure_file_logger, configure_console_logger
+from pyproxy.handlers.client import ProxyHandlers
+from pyproxy.modules.filter import filter_process
+from pyproxy.modules.cancel_inspect import cancel_inspect_process
+
+if not __slim__:
+    from pyproxy.modules.shortcuts import shortcuts_process
+if not __slim__:
+    from pyproxy.modules.custom_header import custom_header_process
+if not __slim__:
+    from pyproxy.monitoring.web import start_flask_server
+
+
+class ProxyServer:
+    """
+    A proxy server that forwards HTTP and HTTPS requests, blocks based on rules,
+    injects headers, and logs events.
+    """
+
+    _EXCLUDE_DEBUG_KEYS = {
+        "filter_proc",
+        "filter_queue",
+        "filter_result_queue",
+        "shortcuts_proc",
+        "shortcuts_queue",
+        "shortcuts_result_queue",
+        "cancel_inspect_proc",
+        "cancel_inspect_queue",
+        "cancel_inspect_result_queue",
+        "custom_header_proc",
+        "custom_header_queue",
+        "custom_header_result_queue",
+        "console_logger",
+        "access_logger",
+        "block_logger",
+        "authorized_ips",
+        "active_connections",
+    }
+
+    def __init__(
+        self,
+        host,
+        port,
+        debug,
+        logger_config,
+        filter_config,
+        html_403,
+        ssl_config,
+        shortcuts,
+        custom_header,
+        flask_port,
+        flask_pass,
+        proxy_enable,
+        proxy_host,
+        proxy_port,
+        authorized_ips,
+    ):
+        """
+        Initialize the ProxyServer with configuration parameters.
+        """
+        self.host_port = (host, port)
+        self.debug = debug
+        self.html_403 = html_403
+        self.active_connections = {}
+
+        self.logger_config = logger_config
+        self.filter_config = filter_config
+        self.ssl_config = ssl_config
+
+        # Monitoring
+        self.flask_port = flask_port
+        self.flask_pass = flask_pass
+
+        # Proxy
+        self.proxy_enable = proxy_enable
+        self.proxy_host = proxy_host
+        self.proxy_port = proxy_port
+
+        # Authorized IPS
+        self.authorized_ips = authorized_ips
+        self.allowed_subnets = None
+
+        # Process communication queues
+        self.filter_proc = None
+        self.filter_queue = multiprocessing.Queue()
+        self.filter_result_queue = multiprocessing.Queue()
+        self.shortcuts_proc = None
+        self.shortcuts_queue = multiprocessing.Queue()
+        self.shortcuts_result_queue = multiprocessing.Queue()
+        self.cancel_inspect_proc = None
+        self.cancel_inspect_queue = multiprocessing.Queue()
+        self.cancel_inspect_result_queue = multiprocessing.Queue()
+        self.custom_header_proc = None
+        self.custom_header_queue = multiprocessing.Queue()
+        self.custom_header_result_queue = multiprocessing.Queue()
+
+        # Logging
+        self.console_logger = configure_console_logger()
+        if not self.logger_config.no_logging_access:
+            self.logger_config.access_logger = configure_file_logger(
+                self.logger_config.access_log, "AccessLogger"
+            )
+        if not self.logger_config.no_logging_block:
+            self.logger_config.block_logger = configure_file_logger(
+                self.logger_config.block_log, "BlockLogger"
+            )
+
+        # Configuration files
+        self.config_shortcuts = shortcuts
+        self.config_custom_header = custom_header
+
+    def _initialize_processes(self):
+        """
+        Initializes and starts multiple processes for various tasks if their
+        respective configurations and conditions are met.
+        """
+        if not self.filter_config.no_filter:
+            self.filter_proc = multiprocessing.Process(
+                target=filter_process,
+                args=(
+                    self.filter_queue,
+                    self.filter_result_queue,
+                    self.filter_config.filter_mode,
+                    self.filter_config.blocked_sites,
+                    self.filter_config.blocked_url,
+                ),
+            )
+            self.filter_proc.start()
+            self.console_logger.debug("[*] Starting the filter process...")
+
+        if (
+            not __slim__
+            and self.config_shortcuts
+            and os.path.isfile(self.config_shortcuts)
+        ):
+            self.shortcuts_proc = multiprocessing.Process(
+                target=shortcuts_process,
+                args=(
+                    self.shortcuts_queue,
+                    self.shortcuts_result_queue,
+                    self.config_shortcuts,
+                ),
+            )
+            self.shortcuts_proc.start()
+            self.console_logger.debug("[*] Starting the shortcuts process...")
+
+        if self.ssl_config.cancel_inspect and os.path.isfile(
+            self.ssl_config.cancel_inspect
+        ):
+            self.cancel_inspect_proc = multiprocessing.Process(
+                target=cancel_inspect_process,
+                args=(
+                    self.cancel_inspect_queue,
+                    self.cancel_inspect_result_queue,
+                    self.ssl_config.cancel_inspect,
+                ),
+            )
+            self.cancel_inspect_proc.start()
+            self.console_logger.debug("[*] Starting the cancel inspection process...")
+
+        if (
+            not __slim__
+            and self.config_custom_header
+            and os.path.isfile(self.config_custom_header)
+        ):
+            self.custom_header_proc = multiprocessing.Process(
+                target=custom_header_process,
+                args=(
+                    self.custom_header_queue,
+                    self.custom_header_result_queue,
+                    self.config_custom_header,
+                ),
+            )
+            self.custom_header_proc.start()
+            self.console_logger.debug("[*] Starting the custom header process...")
+
+    def _clean_inspection_folder(self):
+        """
+        Delete old inspection cert/key files if they exist.
+        """
+        for file in os.listdir(self.ssl_config.inspect_certs_folder):
+            if file.endswith((".key", ".pem")):
+                file_path = os.path.join(self.ssl_config.inspect_certs_folder, file)
+                try:
+                    os.remove(file_path)
+                except (FileNotFoundError, PermissionError, OSError) as e:
+                    self.console_logger.debug("Error deleting %s: %s", file_path, e)
+
+    def _load_authorized_ips(self):
+        """
+        Load authorized IPs/subnets from the file.
+        """
+        self.allowed_subnets = None
+
+        if self.authorized_ips and os.path.isfile(self.authorized_ips):
+            with open(self.authorized_ips, "r", encoding="utf-8") as f:
+                lines = [line.strip() for line in f if line.strip()]
+            try:
+                self.allowed_subnets = [
+                    ipaddress.ip_network(line, strict=False) for line in lines
+                ]
+                self.console_logger.debug(
+                    "[*] Loaded %d authorized IPs/subnets", len(self.allowed_subnets)
+                )
+            except ValueError as e:
+                self.console_logger.error(
+                    "[*] Invalid IP/subnet in %s: %s", self.authorized_ips, e
+                )
+                self.allowed_subnets = None
+
+    def start(self):
+        """
+        Start the proxy server and listen for incoming client connections.
+        Logs configuration if debug is enabled.
+        """
+        self.console_logger.setLevel(logging.DEBUG if self.debug else logging.INFO)
+
+        if self.debug:
+            self.console_logger.debug("Configuration used:")
+            for key in sorted(vars(self)):
+                if key not in self._EXCLUDE_DEBUG_KEYS:
+                    self.console_logger.debug("[*] %s = %s", key, getattr(self, key))
+
+        if self.ssl_config.ssl_inspect:
+            if not self.ssl_config.inspect_ca_cert or not os.path.isfile(
+                self.ssl_config.inspect_ca_cert
+            ):
+                raise FileNotFoundError(
+                    f"CA certificate not found: {self.ssl_config.inspect_ca_cert}"
+                )
+            if not self.ssl_config.inspect_ca_key or not os.path.isfile(
+                self.ssl_config.inspect_ca_key
+            ):
+                raise FileNotFoundError(
+                    f"CA key not found: {self.ssl_config.inspect_ca_key}"
+                )
+            os.makedirs(self.ssl_config.inspect_certs_folder, exist_ok=True)
+            self._clean_inspection_folder()
+
+        if self.filter_config.filter_mode == "local":
+            for file in [
+                self.filter_config.blocked_sites,
+                self.filter_config.blocked_url,
+            ]:
+                if not os.path.exists(file):
+                    with open(file, "w", encoding="utf-8"):
+                        pass
+
+        self._initialize_processes()
+        self._load_authorized_ips()
+
+        if not __slim__:
+            flask_thread = threading.Thread(
+                target=start_flask_server,
+                args=(self, self.flask_port, self.flask_pass, self.debug),
+                daemon=True,
+            )
+            flask_thread.start()
+            self.console_logger.debug("[*] Starting the monitoring process...")
+
+        server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        server.bind(self.host_port)
+        server.listen(10)
+        self.console_logger.info("Proxy server started on %s...", self.host_port)
+
+        try:
+            while True:
+                client_socket, addr = server.accept()
+                client_ip, client_port = addr
+
+                if self.allowed_subnets:
+                    ip_obj = ipaddress.ip_address(client_ip)
+                    if not any(ip_obj in net for net in self.allowed_subnets):
+                        self.console_logger.debug(
+                            "Unauthorized IP blocked: %s", client_ip
+                        )
+                        client_socket.close()
+                        continue
+
+                self.console_logger.debug("Connection from %s", addr)
+                client = ProxyHandlers(
+                    html_403=self.html_403,
+                    logger_config=self.logger_config,
+                    filter_config=self.filter_config,
+                    ssl_config=self.ssl_config,
+                    filter_queue=self.filter_queue,
+                    filter_result_queue=self.filter_result_queue,
+                    shortcuts_queue=self.shortcuts_queue,
+                    shortcuts_result_queue=self.shortcuts_result_queue,
+                    cancel_inspect_queue=self.cancel_inspect_queue,
+                    cancel_inspect_result_queue=self.cancel_inspect_result_queue,
+                    custom_header_queue=self.custom_header_queue,
+                    custom_header_result_queue=self.custom_header_result_queue,
+                    console_logger=self.console_logger,
+                    shortcuts=self.config_shortcuts,
+                    custom_header=self.config_custom_header,
+                    proxy_enable=self.proxy_enable,
+                    proxy_host=self.proxy_host,
+                    proxy_port=self.proxy_port,
+                    active_connections=self.active_connections,
+                )
+                client_handler = threading.Thread(
+                    target=client.handle_client, args=(client_socket,), daemon=True
+                )
+                client_handler.start()
+                client_ip, client_port = addr
+                self.active_connections[client_handler.ident] = {
+                    "client_ip": client_ip,
+                    "client_port": client_port,
+                    "start_time": time.time(),
+                    "bytes_sent": 0,
+                    "bytes_received": 0,
+                    "thread_name": client_handler.name,
+                }
+        except KeyboardInterrupt:
+            self.console_logger.info("Proxy interrupted, shutting down.")

pyproxy/utils/args.py

@@ -0,0 +1,176 @@
+"""
+pyproxy.utils.args.py
+
+This module allows you to read the program configuration file and return the values.
+"""
+
+import configparser
+import argparse
+import os
+from rich_argparse import MetavarTypeRichHelpFormatter
+from pyproxy import __version__
+
+
+def parse_args() -> argparse.Namespace:
+    """
+    Parses command-line arguments and returns the parsed arguments as an object.
+
+    Args:
+        None
+
+    Returns:
+        argparse.Namespace: The object containing parsed command-line arguments.
+    """
+    parser = argparse.ArgumentParser(
+        description="Lightweight and fast python web proxy",
+        formatter_class=MetavarTypeRichHelpFormatter,
+    )
+    parser.add_argument(
+        "-v", "--version", action="version", version=__version__, help="Show version"
+    )  # noqa: E501
+    parser.add_argument("--debug", action="store_true", help="Enable debug logging")
+    parser.add_argument("-H", "--host", type=str, help="IP address to listen on")
+    parser.add_argument("-P", "--port", type=int, help="Port to listen on")
+    parser.add_argument(
+        "-f",
+        "--config-file",
+        type=str,
+        default="./config.ini",
+        help="Path to config.ini file",
+    )  # noqa: E501
+    parser.add_argument("--access-log", type=str, help="Path to the access log file")
+    parser.add_argument("--block-log", type=str, help="Path to the block log file")
+    parser.add_argument(
+        "--html-403", type=str, help="Path to the custom 403 Forbidden HTML page"
+    )
+    parser.add_argument(
+        "--no-filter", action="store_true", help="Disable URL and domain filtering"
+    )
+    parser.add_argument(
+        "--filter-mode", type=str, choices=["local", "http"], help="Filter list mode"
+    )  # noqa: E501
+    parser.add_argument(
+        "--blocked-sites",
+        type=str,
+        help="Path to the text file containing the list of sites to block",
+    )  # noqa: E501
+    parser.add_argument(
+        "--blocked-url",
+        type=str,
+        help="Path to the text file containing the list of URLs to block",
+    )  # noqa: E501
+    parser.add_argument(
+        "--shortcuts",
+        type=str,
+        help="Path to the text file containing the list of shortcuts",
+    )  # noqa: E501
+    parser.add_argument(
+        "--custom-header",
+        type=str,
+        help="Path to the json file containing the list of custom headers",
+    )  # noqa: E501
+    parser.add_argument(
+        "--authorized-ips",
+        type=str,
+        help="Path to the txt file containing the list of authorized ips",
+    )  # noqa: E501
+    parser.add_argument(
+        "--no-logging-access", action="store_true", help="Disable access logging"
+    )
+    parser.add_argument(
+        "--no-logging-block", action="store_true", help="Disable block logging"
+    )
+    parser.add_argument(
+        "--ssl-inspect", action="store_true", help="Enable SSL inspection"
+    )
+    parser.add_argument(
+        "--inspect-ca-cert", type=str, help="Path to the CA certificate"
+    )
+    parser.add_argument("--inspect-ca-key", type=str, help="Path to the CA key")
+    parser.add_argument(
+        "--inspect-certs-folder",
+        type=str,
+        help="Path to the generated certificates folder",
+    )  # noqa: E501
+    parser.add_argument(
+        "--cancel-inspect",
+        type=str,
+        help="Path to the text file containing the list of URLs without ssl inspection",
+    )  # noqa: E501
+    parser.add_argument(
+        "--flask-port", type=int, help="Port to listen on for monitoring interface"
+    )
+    parser.add_argument(
+        "--flask-pass", type=int, help="Default password to Flask interface"
+    )
+    parser.add_argument(
+        "--proxy-enable", action="store_true", help="Enable proxy after PyProxy"
+    )
+    parser.add_argument("--proxy-host", type=str, help="Proxy IP to use after PyProxy")
+    parser.add_argument(
+        "--proxy-port", type=int, help="Proxy Port to use after PyProxy"
+    )
+
+    return parser.parse_args()
+
+
+def load_config(config_path: str) -> configparser.ConfigParser:
+    """
+    Loads the configuration file and returns the parsed config object.
+
+    Args:
+        config_path (str): The path to the configuration file to load.
+
+    Returns:
+        configparser.ConfigParser: The parsed configuration object.
+    """
+    config = configparser.ConfigParser()
+    config.read(config_path)
+    return config
+
+
+def get_config_value(
+    args: argparse.Namespace,
+    config: configparser.ConfigParser,
+    arg_name: str,
+    section: str,
+    fallback_value: str,
+) -> str:
+    """
+    Retrieves the configuration value, either from the command-line
+                        arguments or from the config file.
+
+    Args:
+        args (argparse.Namespace): The parsed command-line arguments object.
+        config (configparser.ConfigParser): The parsed configuration object.
+        arg_name (str): The name of the command-line argument.
+        section (str): The section in the config file where the value is located.
+        fallback_value (str): The fallback value to return if neither
+                        argument nor config has a value.
+
+    Returns:
+        str: The final value, either from command-line arguments, config file, or fallback.
+    """
+    arg_value = getattr(args, arg_name, None)
+    if arg_value:
+        return arg_value
+
+    env_var_name = f"PYPROXY_{arg_name.upper().replace('-', '_')}"
+    env_value = os.getenv(env_var_name)
+    if env_value:
+        return env_value
+
+    return config.get(section, arg_name, fallback=fallback_value)
+
+
+def str_to_bool(value: str) -> bool:
+    """
+    Converts a string representation of truth to a boolean value.
+
+    Args:
+        value (str): The value to convert (e.g., "true", "1", "yes").
+
+    Returns:
+        bool: True if the string represents a true value, False otherwise.
+    """
+    return str(value).lower() in ("yes", "true", "t", "1")

pyproxy/utils/config.py

@@ -0,0 +1,110 @@
+"""
+pyproxy.utils.config.py
+
+This module defines configuration classes used by the HTTP/HTTPS proxy.
+"""
+
+
+class ProxyConfigLogger:
+    """
+    Handles logging configuration for the proxy.
+    """
+
+    def __init__(self, access_log, block_log, no_logging_access, no_logging_block):
+        self.access_log = access_log
+        self.block_log = block_log
+        self.access_logger = None
+        self.block_logger = None
+        self.no_logging_access = no_logging_access
+        self.no_logging_block = no_logging_block
+
+    def __repr__(self):
+        return (
+            f"ProxyConfigLogger(access_log={self.access_log}, "
+            f"block_log={self.block_log}, "
+            f"no_logging_access={self.no_logging_access}, "
+            f"no_logging_block={self.no_logging_block})"
+        )
+
+    def to_dict(self):
+        """
+        Converts the ProxyConfigLogger instance into a dictionary.
+        """
+        return {
+            "access_log": self.access_log,
+            "block_log": self.block_log,
+            "no_logging_access": self.no_logging_access,
+            "no_logging_block": self.no_logging_block,
+        }
+
+
+class ProxyConfigFilter:
+    """
+    Manages filtering configuration for the proxy.
+    """
+
+    def __init__(self, no_filter, filter_mode, blocked_sites, blocked_url):
+        self.no_filter = no_filter
+        self.filter_mode = filter_mode
+        self.blocked_sites = blocked_sites
+        self.blocked_url = blocked_url
+
+    def __repr__(self):
+        return (
+            f"ProxyConfigFilter(no_filter={self.no_filter}, "
+            f"filter_mode='{self.filter_mode}', "
+            f"blocked_sites={self.blocked_sites}, "
+            f"blocked_url={self.blocked_url})"
+        )
+
+    def to_dict(self):
+        """
+        Converts the ProxyConfigFilter instance into a dictionary.
+        """
+        return {
+            "no_filter": self.no_filter,
+            "filter_mode": self.filter_mode,
+            "blocked_sites": self.blocked_sites,
+            "blocked_url": self.blocked_url,
+        }
+
+
+class ProxyConfigSSL:
+    """
+    Handles SSL/TLS inspection configuration.
+    """
+
+    def __init__(
+        self,
+        ssl_inspect,
+        inspect_ca_cert,
+        inspect_ca_key,
+        inspect_certs_folder,
+        cancel_inspect,
+    ):
+        self.ssl_inspect = ssl_inspect
+        self.inspect_ca_cert = inspect_ca_cert
+        self.inspect_ca_key = inspect_ca_key
+        self.inspect_certs_folder = inspect_certs_folder
+        self.cancel_inspect = cancel_inspect
+
+    def __repr__(self):
+        return (
+            f"ProxyConfigSSL(ssl_inspect={self.ssl_inspect}, "
+            f"inspect_ca_cert='{self.inspect_ca_cert}', "
+            f"inspect_ca_key='{self.inspect_ca_key}', "
+            f"inspect_certs_folder='{self.inspect_certs_folder}', "
+            f"cancel_inspect={self.cancel_inspect})"
+        )
+
+    def to_dict(self):
+        """
+        Converts the ProxyConfigSSL instance into a dictionary.
+        """
+        return {
+            "ssl_inspect": self.ssl_inspect,
+            "inspect_ca_cert": self.inspect_ca_cert,
+            "inspect_ca_key": self.inspect_ca_key,
+            "inspect_certs_folder": self.inspect_certs_folder,
+            "cancel_inspect": self.cancel_inspect,
+        }

pyproxy/utils/crypto.py

@@ -0,0 +1,52 @@
+"""
+pyproxy.utils.crypto.py
+
+Certificate generation utilities for SSL inspection in pyproxy.
+"""
+
+import os
+from OpenSSL import crypto
+
+
+def generate_certificate(domain, certs_folder, ca_cert, ca_key):
+    """
+    Generates a self-signed SSL certificate for the given domain.
+
+    Args:
+        domain (str): The domain name for which the certificate is generated.
+
+    Returns:
+        tuple: Paths to the generated certificate and private key files.
+    """
+    cert_path = f"{certs_folder}{domain}.pem"
+    key_path = f"{certs_folder}{domain}.key"
+
+    if not os.path.exists(cert_path):
+        key = crypto.PKey()
+        key.generate_key(crypto.TYPE_RSA, 2048)
+
+        with open(ca_cert, "r", encoding="utf-8") as f:
+            ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
+        with open(ca_key, "r", encoding="utf-8") as f:
+            ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
+
+        cert = crypto.X509()
+        cert.set_serial_number(int.from_bytes(os.urandom(16), "big"))
+        cert.get_subject().CN = domain
+        cert.gmtime_adj_notBefore(0)
+        cert.gmtime_adj_notAfter(365 * 24 * 60 * 60)
+        cert.set_issuer(ca_cert.get_subject())
+        cert.set_pubkey(key)
+        san = f"DNS:{domain}"
+        cert.add_extensions(
+            [crypto.X509Extension(b"subjectAltName", False, san.encode())]
+        )
+
+        cert.sign(ca_key, "sha256")
+
+        with open(cert_path, "wb") as f:
+            f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+        with open(key_path, "wb") as f:
+            f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
+
+    return cert_path, key_path