mirror of
https://github.com/decolua/9router.git
synced 2026-05-08 12:01:28 +00:00
Fix bug Tunnel
This commit is contained in:
decolua
@@ -367,7 +367,7 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
const targetFormat = modelTargetFormat || getTargetFormat(provider);
|
||||
|
||||
// Track if client actually wants streaming (before we force it for providers)
|
||||
const clientRequestedStreaming = body.stream === true;
|
||||
const clientRequestedStreaming = body.stream === true || sourceFormat === FORMATS.ANTIGRAVITY || sourceFormat === FORMATS.GEMINI || sourceFormat === FORMATS.GEMINI_CLI;
|
||||
const providerRequiresStreaming = provider === 'openai' || provider === 'codex';
|
||||
|
||||
// Force streaming for OpenAI/Codex models (they don't support non-streaming mode properly)
|
||||
@@ -411,6 +411,7 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
appendRequestLog({ model, provider, connectionId, status: "PENDING" }).catch(() => { });
|
||||
|
||||
const msgCount = translatedBody.messages?.length
|
||||
|| translatedBody.input?.length
|
||||
|| translatedBody.contents?.length
|
||||
|| translatedBody.request?.contents?.length
|
||||
|| 0;
|
||||
@@ -579,13 +580,13 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
// (Codex API doesn't always set Content-Type on streaming responses)
|
||||
const isSSEResponse = contentType.includes("text/event-stream") || (contentType === "" && provider === "codex");
|
||||
if (isSSEResponse) {
|
||||
const isResponsesApi = sourceFormat === 'openai-responses';
|
||||
// Codex always returns Responses API SSE format regardless of client source format
|
||||
const isCodexResponsesApi = provider === "codex" || sourceFormat === "openai-responses";
|
||||
|
||||
if (isResponsesApi) {
|
||||
// Responses API SSE → Responses API JSON (for pydantic_ai, OpenAI SDK, etc.)
|
||||
if (isCodexResponsesApi) {
|
||||
// Responses API SSE → parse → translate to client format
|
||||
try {
|
||||
const jsonResponse = await convertResponsesStreamToJson(providerResponse.body);
|
||||
log?.info?.("STREAM", `Converted Responses API SSE → JSON for non-streaming client`);
|
||||
|
||||
if (onRequestSuccess) await onRequestSuccess();
|
||||
|
||||
@@ -606,6 +607,9 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
}).catch(() => { });
|
||||
}
|
||||
|
||||
const msgItem = jsonResponse.output?.find(item => item.type === "message");
|
||||
const textContent = msgItem?.content?.find(c => c.type === "output_text")?.text || msgItem?.content?.[0]?.text || null;
|
||||
console.log(`[DBG] codex status=${jsonResponse.status} output.len=${jsonResponse.output?.length} msgItem.type=${msgItem?.type} textLen=${textContent?.length||0}`);
|
||||
const totalLatency = Date.now() - requestStartTime;
|
||||
saveRequestDetail({
|
||||
provider: provider || "unknown",
|
||||
@@ -617,22 +621,67 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
request: extractRequestConfig(body, stream),
|
||||
providerRequest: finalBody || translatedBody || null,
|
||||
providerResponse: null,
|
||||
response: {
|
||||
content: jsonResponse.output?.[0]?.content?.[0]?.text || null,
|
||||
thinking: null,
|
||||
finish_reason: jsonResponse.status || "unknown"
|
||||
},
|
||||
response: { content: textContent, thinking: null, finish_reason: jsonResponse.status || "unknown" },
|
||||
status: "success",
|
||||
endpoint: clientRawRequest?.endpoint || null
|
||||
}).catch(() => { });
|
||||
|
||||
// If client is openai-responses → return as-is
|
||||
if (sourceFormat === "openai-responses") {
|
||||
return {
|
||||
success: true,
|
||||
response: new Response(JSON.stringify(jsonResponse), {
|
||||
headers: { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" }
|
||||
})
|
||||
};
|
||||
}
|
||||
|
||||
// Translate Responses API JSON → OpenAI chat completion JSON
|
||||
const openaiMsg = {
|
||||
id: jsonResponse.id || `chatcmpl-${Date.now()}`,
|
||||
object: "chat.completion",
|
||||
created: jsonResponse.created_at || Math.floor(Date.now() / 1000),
|
||||
model: jsonResponse.model || model,
|
||||
choices: [{
|
||||
index: 0,
|
||||
message: { role: "assistant", content: textContent || "" },
|
||||
finish_reason: jsonResponse.status === "completed" ? "stop" : (jsonResponse.status || "stop")
|
||||
}],
|
||||
usage: {
|
||||
prompt_tokens: usage.input_tokens || 0,
|
||||
completion_tokens: usage.output_tokens || 0,
|
||||
total_tokens: (usage.input_tokens || 0) + (usage.output_tokens || 0)
|
||||
}
|
||||
};
|
||||
|
||||
// Build client-format response based on sourceFormat
|
||||
let finalResp;
|
||||
if (sourceFormat === FORMATS.ANTIGRAVITY || sourceFormat === FORMATS.GEMINI || sourceFormat === FORMATS.GEMINI_CLI) {
|
||||
// Antigravity/Gemini non-streaming format
|
||||
finalResp = {
|
||||
response: {
|
||||
candidates: [{
|
||||
content: { role: "model", parts: [{ text: textContent || "" }] },
|
||||
finishReason: "STOP",
|
||||
index: 0
|
||||
}],
|
||||
usageMetadata: {
|
||||
promptTokenCount: usage.input_tokens || 0,
|
||||
candidatesTokenCount: usage.output_tokens || 0,
|
||||
totalTokenCount: (usage.input_tokens || 0) + (usage.output_tokens || 0)
|
||||
},
|
||||
modelVersion: model,
|
||||
responseId: jsonResponse.id || `resp_${Date.now()}`
|
||||
}
|
||||
};
|
||||
} else {
|
||||
finalResp = openaiMsg;
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
response: new Response(JSON.stringify(jsonResponse), {
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
"Access-Control-Allow-Origin": "*"
|
||||
}
|
||||
response: new Response(JSON.stringify(finalResp), {
|
||||
headers: { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" }
|
||||
})
|
||||
};
|
||||
} catch (error) {
|
||||
@@ -906,9 +955,12 @@ export async function handleChatCore({ body, modelInfo, credentials, log, onCred
|
||||
&& !isDroidCLI;
|
||||
|
||||
if (needsCodexTranslation) {
|
||||
// For claude clients, translate directly to claude format
|
||||
// For openai/openai-responses clients, translate to openai (responsesHandler will re-add event: lines)
|
||||
const codexTarget = sourceFormat === FORMATS.CLAUDE ? FORMATS.CLAUDE : FORMATS.OPENAI;
|
||||
// Translate Codex (openai-responses) SSE → client's source format
|
||||
// Claude → claude, Antigravity/Gemini → antigravity, others → openai
|
||||
let codexTarget;
|
||||
if (sourceFormat === FORMATS.CLAUDE) codexTarget = FORMATS.CLAUDE;
|
||||
else if (sourceFormat === FORMATS.ANTIGRAVITY || sourceFormat === FORMATS.GEMINI || sourceFormat === FORMATS.GEMINI_CLI) codexTarget = FORMATS.ANTIGRAVITY;
|
||||
else codexTarget = FORMATS.OPENAI;
|
||||
log?.debug?.("STREAM", `Codex translation mode: openai-responses → ${codexTarget}`);
|
||||
transformStream = createSSETransformStreamWithLogger('openai-responses', codexTarget, provider, reqLogger, toolNameMap, model, connectionId, body, onStreamComplete, apiKey);
|
||||
} else if (needsTranslation(targetFormat, sourceFormat)) {
|
||||
|
||||
@@ -1,7 +1,11 @@
|
||||
"use server";
|
||||
|
||||
import { NextResponse } from "next/server";
|
||||
import { getMitmStatus, startMitm, stopMitm, getCachedPassword, setCachedPassword } from "@/mitm/manager";
|
||||
import { getMitmStatus, startMitm, stopMitm, getCachedPassword, setCachedPassword, loadEncryptedPassword, initDbHooks } from "@/mitm/manager";
|
||||
import { getSettings, updateSettings } from "@/lib/localDb";
|
||||
|
||||
// Inject DB hooks so manager.js (CJS) can persist settings without dynamic import issues
|
||||
initDbHooks(getSettings, updateSettings);
|
||||
|
||||
// GET - Check MITM status
|
||||
export async function GET() {
|
||||
@@ -25,7 +29,8 @@ export async function POST(request) {
|
||||
try {
|
||||
const { apiKey, sudoPassword } = await request.json();
|
||||
const isWin = process.platform === "win32";
|
||||
const pwd = sudoPassword || getCachedPassword() || "";
|
||||
// Priority: request password → in-memory cache → encrypted db
|
||||
const pwd = sudoPassword || getCachedPassword() || await loadEncryptedPassword() || "";
|
||||
|
||||
if (!apiKey || (!isWin && !pwd)) {
|
||||
return NextResponse.json(
|
||||
@@ -53,7 +58,7 @@ export async function DELETE(request) {
|
||||
try {
|
||||
const { sudoPassword } = await request.json();
|
||||
const isWin = process.platform === "win32";
|
||||
const pwd = sudoPassword || getCachedPassword() || "";
|
||||
const pwd = sudoPassword || getCachedPassword() || await loadEncryptedPassword() || "";
|
||||
|
||||
if (!isWin && !pwd) {
|
||||
return NextResponse.json({ error: "Missing sudoPassword" }, { status: 400 });
|
||||
|
||||
@@ -62,7 +62,12 @@ export async function GET(request, { params }) {
|
||||
export async function POST(request, { params }) {
|
||||
try {
|
||||
const { provider, action } = await params;
|
||||
const body = await request.json();
|
||||
let body;
|
||||
try {
|
||||
body = await request.json();
|
||||
} catch {
|
||||
return NextResponse.json({ error: "Invalid or empty request body" }, { status: 400 });
|
||||
}
|
||||
|
||||
if (action === "exchange") {
|
||||
const { code, redirectUri, codeVerifier, state } = body;
|
||||
|
||||
@@ -4,6 +4,85 @@ import { homedir } from "os";
|
||||
import { join } from "path";
|
||||
import Database from "better-sqlite3";
|
||||
|
||||
const ACCESS_TOKEN_KEYS = ["cursorAuth/accessToken", "cursorAuth/token"];
|
||||
const MACHINE_ID_KEYS = ["storage.serviceMachineId", "storage.machineId", "telemetry.machineId"];
|
||||
|
||||
/** Get candidate db paths by platform */
|
||||
function getCandidatePaths(platform) {
|
||||
const home = homedir();
|
||||
|
||||
if (platform === "darwin") {
|
||||
return [
|
||||
join(home, "Library/Application Support/Cursor/User/globalStorage/state.vscdb"),
|
||||
join(home, "Library/Application Support/Cursor - Insiders/User/globalStorage/state.vscdb"),
|
||||
];
|
||||
}
|
||||
|
||||
if (platform === "win32") {
|
||||
const appData = process.env.APPDATA || join(home, "AppData", "Roaming");
|
||||
const localAppData = process.env.LOCALAPPDATA || join(home, "AppData", "Local");
|
||||
return [
|
||||
join(appData, "Cursor", "User", "globalStorage", "state.vscdb"),
|
||||
join(appData, "Cursor - Insiders", "User", "globalStorage", "state.vscdb"),
|
||||
join(localAppData, "Cursor", "User", "globalStorage", "state.vscdb"),
|
||||
join(localAppData, "Programs", "Cursor", "User", "globalStorage", "state.vscdb"),
|
||||
];
|
||||
}
|
||||
|
||||
// Linux
|
||||
return [
|
||||
join(home, ".config/Cursor/User/globalStorage/state.vscdb"),
|
||||
join(home, ".config/cursor/User/globalStorage/state.vscdb"),
|
||||
];
|
||||
}
|
||||
|
||||
/** Extract tokens from open db, with fuzzy fallback */
|
||||
function extractTokens(db, platform) {
|
||||
const desiredKeys = [...ACCESS_TOKEN_KEYS, ...MACHINE_ID_KEYS];
|
||||
const rows = db.prepare(
|
||||
`SELECT key, value FROM itemTable WHERE key IN (${desiredKeys.map(() => "?").join(",")})`
|
||||
).all(...desiredKeys);
|
||||
|
||||
const normalize = (value) => {
|
||||
if (typeof value !== "string") return value;
|
||||
try {
|
||||
const parsed = JSON.parse(value);
|
||||
return typeof parsed === "string" ? parsed : value;
|
||||
} catch {
|
||||
return value;
|
||||
}
|
||||
};
|
||||
|
||||
const tokens = {};
|
||||
for (const row of rows) {
|
||||
if (ACCESS_TOKEN_KEYS.includes(row.key) && !tokens.accessToken) {
|
||||
tokens.accessToken = normalize(row.value);
|
||||
} else if (MACHINE_ID_KEYS.includes(row.key) && !tokens.machineId) {
|
||||
tokens.machineId = normalize(row.value);
|
||||
}
|
||||
}
|
||||
|
||||
// Fuzzy fallback for all platforms when exact keys miss
|
||||
if (!tokens.accessToken || !tokens.machineId) {
|
||||
const fallbackRows = db.prepare(
|
||||
"SELECT key, value FROM itemTable WHERE key LIKE '%cursorAuth/%' OR key LIKE '%machineId%' OR key LIKE '%serviceMachineId%'"
|
||||
).all();
|
||||
|
||||
for (const row of fallbackRows) {
|
||||
const key = row.key || "";
|
||||
const value = normalize(row.value);
|
||||
if (!tokens.accessToken && key.toLowerCase().includes("accesstoken")) {
|
||||
tokens.accessToken = value;
|
||||
}
|
||||
if (!tokens.machineId && key.toLowerCase().includes("machineid")) {
|
||||
tokens.machineId = value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return tokens;
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/oauth/cursor/auto-import
|
||||
* Auto-detect and extract Cursor tokens from local SQLite database
|
||||
@@ -11,120 +90,41 @@ import Database from "better-sqlite3";
|
||||
export async function GET() {
|
||||
try {
|
||||
const platform = process.platform;
|
||||
let dbPath;
|
||||
const candidates = getCandidatePaths(platform);
|
||||
|
||||
if (platform === "darwin") {
|
||||
// macOS: probe multiple locations (standard + Insiders)
|
||||
const userHome = homedir();
|
||||
const candidateDbPaths = [
|
||||
join(userHome, "Library/Application Support/Cursor/User/globalStorage/state.vscdb"),
|
||||
join(userHome, "Library/Application Support/Cursor - Insiders/User/globalStorage/state.vscdb"),
|
||||
];
|
||||
|
||||
for (const path of candidateDbPaths) {
|
||||
try {
|
||||
await access(path, constants.R_OK);
|
||||
dbPath = path;
|
||||
break;
|
||||
} catch {
|
||||
// Continue probing next candidate.
|
||||
}
|
||||
// Find first readable db path
|
||||
let dbPath = null;
|
||||
for (const candidate of candidates) {
|
||||
try {
|
||||
await access(candidate, constants.R_OK);
|
||||
dbPath = candidate;
|
||||
break;
|
||||
} catch {
|
||||
// Try next candidate
|
||||
}
|
||||
|
||||
if (!dbPath) {
|
||||
return NextResponse.json({
|
||||
found: false,
|
||||
error:
|
||||
"Cursor database not found in known macOS locations. Make sure Cursor IDE is installed and opened at least once.",
|
||||
});
|
||||
}
|
||||
} else if (platform === "linux") {
|
||||
dbPath = join(homedir(), ".config/Cursor/User/globalStorage/state.vscdb");
|
||||
} else if (platform === "win32") {
|
||||
dbPath = join(process.env.APPDATA || "", "Cursor/User/globalStorage/state.vscdb");
|
||||
} else {
|
||||
return NextResponse.json(
|
||||
{ error: "Unsupported platform", found: false },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Try to open database
|
||||
if (!dbPath) {
|
||||
return NextResponse.json({
|
||||
found: false,
|
||||
error: `Cursor database not found. Checked locations:\n${candidates.join("\n")}\n\nMake sure Cursor IDE is installed and opened at least once.`,
|
||||
});
|
||||
}
|
||||
|
||||
let db;
|
||||
try {
|
||||
db = new Database(dbPath, { readonly: true, fileMustExist: true });
|
||||
} catch (error) {
|
||||
if (platform === "darwin") {
|
||||
return NextResponse.json({
|
||||
found: false,
|
||||
error: `Found Cursor database at ${dbPath} but could not open it: ${error.message}`,
|
||||
});
|
||||
}
|
||||
return NextResponse.json({
|
||||
found: false,
|
||||
error: "Cursor database not found. Make sure Cursor IDE is installed and you are logged in.",
|
||||
error: `Found Cursor database at:\n${dbPath}\n\nBut could not open it: ${error.message}`,
|
||||
});
|
||||
}
|
||||
|
||||
try {
|
||||
const accessTokenKeys = [
|
||||
"cursorAuth/accessToken",
|
||||
"cursorAuth/token",
|
||||
];
|
||||
const machineIdKeys = [
|
||||
"storage.serviceMachineId",
|
||||
"storage.machineId",
|
||||
"telemetry.machineId",
|
||||
];
|
||||
const desiredKeys = [...accessTokenKeys, ...machineIdKeys];
|
||||
|
||||
const rows = db.prepare(
|
||||
`SELECT key, value FROM itemTable WHERE key IN (${desiredKeys.map(() => "?").join(",")})`
|
||||
).all(...desiredKeys);
|
||||
|
||||
const normalizeValue = (value) => {
|
||||
if (typeof value !== "string") return value;
|
||||
try {
|
||||
const parsed = JSON.parse(value);
|
||||
return typeof parsed === "string" ? parsed : value;
|
||||
} catch {
|
||||
return value;
|
||||
}
|
||||
};
|
||||
|
||||
const tokens = {};
|
||||
for (const row of rows) {
|
||||
if (accessTokenKeys.includes(row.key) && !tokens.accessToken) {
|
||||
tokens.accessToken = normalizeValue(row.value);
|
||||
} else if (machineIdKeys.includes(row.key) && !tokens.machineId) {
|
||||
tokens.machineId = normalizeValue(row.value);
|
||||
}
|
||||
}
|
||||
|
||||
// Fuzzy fallback for newer/changed key names (macOS only, where the
|
||||
// issue was originally reported; other platforms use exact keys).
|
||||
if (platform === "darwin" && (!tokens.accessToken || !tokens.machineId)) {
|
||||
const fallbackRows = db.prepare(
|
||||
"SELECT key, value FROM itemTable WHERE key LIKE '%cursorAuth/%' OR key LIKE '%machineId%' OR key LIKE '%serviceMachineId%'"
|
||||
).all();
|
||||
|
||||
for (const row of fallbackRows) {
|
||||
const key = row.key || "";
|
||||
const value = normalizeValue(row.value);
|
||||
|
||||
if (!tokens.accessToken && key.toLowerCase().includes("accesstoken")) {
|
||||
tokens.accessToken = value;
|
||||
}
|
||||
|
||||
if (!tokens.machineId && key.toLowerCase().includes("machineid")) {
|
||||
tokens.machineId = value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const tokens = extractTokens(db, platform);
|
||||
db.close();
|
||||
|
||||
// Validate tokens exist
|
||||
if (!tokens.accessToken || !tokens.machineId) {
|
||||
return NextResponse.json({
|
||||
found: false,
|
||||
|
||||
@@ -113,6 +113,12 @@ export async function ensureCloudflared() {
|
||||
}
|
||||
|
||||
let cloudflaredProcess = null;
|
||||
let unexpectedExitHandler = null;
|
||||
|
||||
/** Register a callback to be called when cloudflared exits unexpectedly after connecting */
|
||||
export function setUnexpectedExitHandler(handler) {
|
||||
unexpectedExitHandler = handler;
|
||||
}
|
||||
|
||||
export async function spawnCloudflared(tunnelToken) {
|
||||
const binaryPath = await ensureCloudflared();
|
||||
@@ -127,7 +133,9 @@ export async function spawnCloudflared(tunnelToken) {
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
let connectionCount = 0;
|
||||
let resolved = false;
|
||||
const timeout = setTimeout(() => {
|
||||
resolved = true;
|
||||
resolve(child);
|
||||
}, 90000);
|
||||
|
||||
@@ -135,7 +143,8 @@ export async function spawnCloudflared(tunnelToken) {
|
||||
const msg = data.toString();
|
||||
if (msg.includes("Registered tunnel connection")) {
|
||||
connectionCount++;
|
||||
if (connectionCount >= 4) {
|
||||
if (connectionCount >= 4 && !resolved) {
|
||||
resolved = true;
|
||||
clearTimeout(timeout);
|
||||
resolve(child);
|
||||
}
|
||||
@@ -146,14 +155,27 @@ export async function spawnCloudflared(tunnelToken) {
|
||||
child.stderr.on("data", handleLog);
|
||||
|
||||
child.on("error", (err) => {
|
||||
clearTimeout(timeout);
|
||||
reject(err);
|
||||
if (!resolved) {
|
||||
resolved = true;
|
||||
clearTimeout(timeout);
|
||||
reject(err);
|
||||
}
|
||||
});
|
||||
|
||||
child.on("exit", (code) => {
|
||||
clearTimeout(timeout);
|
||||
if (connectionCount === 0) {
|
||||
reject(new Error(`cloudflared exited with code ${code}`));
|
||||
cloudflaredProcess = null;
|
||||
clearPid();
|
||||
if (!resolved) {
|
||||
resolved = true;
|
||||
clearTimeout(timeout);
|
||||
if (connectionCount === 0) {
|
||||
reject(new Error(`cloudflared exited with code ${code}`));
|
||||
return;
|
||||
}
|
||||
}
|
||||
// Notify reconnect handler if tunnel died after successful connection
|
||||
if (unexpectedExitHandler) {
|
||||
unexpectedExitHandler();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import crypto from "crypto";
|
||||
import { loadState, saveState, clearState } from "./state.js";
|
||||
import { spawnCloudflared, killCloudflared, isCloudflaredRunning } from "./cloudflared.js";
|
||||
import { spawnCloudflared, killCloudflared, isCloudflaredRunning, setUnexpectedExitHandler } from "./cloudflared.js";
|
||||
import { getSettings, updateSettings } from "@/lib/localDb";
|
||||
|
||||
const TUNNEL_WORKER_URL = process.env.TUNNEL_WORKER_URL || "https://tunnel.9router.com";
|
||||
@@ -8,6 +8,9 @@ const MACHINE_ID_SALT = "9router-tunnel-salt";
|
||||
const API_KEY_SECRET = "9router-tunnel-api-key-secret";
|
||||
const SHORT_ID_LENGTH = 6;
|
||||
const SHORT_ID_CHARS = "abcdefghijklmnpqrstuvwxyz23456789";
|
||||
const RECONNECT_DELAYS_MS = [5000, 15000, 30000];
|
||||
|
||||
let isReconnecting = false;
|
||||
|
||||
function generateShortId() {
|
||||
let result = "";
|
||||
@@ -80,9 +83,43 @@ export async function enableTunnel() {
|
||||
|
||||
await updateSettings({ tunnelEnabled: true, tunnelUrl: hostname });
|
||||
|
||||
// Register exit handler for auto-reconnect on unexpected crash/sleep-wake
|
||||
setUnexpectedExitHandler(() => scheduleReconnect(0));
|
||||
|
||||
return { success: true, tunnelUrl: hostname, shortId };
|
||||
}
|
||||
|
||||
async function scheduleReconnect(attempt) {
|
||||
if (isReconnecting) return;
|
||||
isReconnecting = true;
|
||||
|
||||
const delay = RECONNECT_DELAYS_MS[Math.min(attempt, RECONNECT_DELAYS_MS.length - 1)];
|
||||
console.log(`[Tunnel] Unexpected exit detected, reconnecting in ${delay / 1000}s (attempt ${attempt + 1})...`);
|
||||
|
||||
await new Promise((r) => setTimeout(r, delay));
|
||||
|
||||
try {
|
||||
const settings = await getSettings();
|
||||
if (!settings.tunnelEnabled) {
|
||||
console.log("[Tunnel] Tunnel disabled, skipping reconnect");
|
||||
isReconnecting = false;
|
||||
return;
|
||||
}
|
||||
await enableTunnel();
|
||||
console.log("[Tunnel] Reconnected successfully");
|
||||
isReconnecting = false;
|
||||
} catch (err) {
|
||||
console.log(`[Tunnel] Reconnect attempt ${attempt + 1} failed:`, err.message);
|
||||
isReconnecting = false;
|
||||
const nextAttempt = attempt + 1;
|
||||
if (nextAttempt < RECONNECT_DELAYS_MS.length) {
|
||||
scheduleReconnect(nextAttempt);
|
||||
} else {
|
||||
console.log("[Tunnel] All reconnect attempts exhausted");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export async function disableTunnel() {
|
||||
const state = loadState();
|
||||
|
||||
|
||||
@@ -2,22 +2,52 @@ const { spawn, exec } = require("child_process");
|
||||
const path = require("path");
|
||||
const fs = require("fs");
|
||||
const os = require("os");
|
||||
const net = require("net");
|
||||
const crypto = require("crypto");
|
||||
const { addDNSEntry, removeDNSEntry, checkDNSEntry } = require("./dns/dnsConfig");
|
||||
|
||||
const IS_WIN = process.platform === "win32";
|
||||
const { generateCert } = require("./cert/generate");
|
||||
const { installCert } = require("./cert/install");
|
||||
|
||||
// Store server process
|
||||
const MITM_PORT = 443;
|
||||
const PID_FILE = path.join(os.homedir(), ".9router", "mitm", ".mitm.pid");
|
||||
|
||||
// Resolve server.js path robustly:
|
||||
// __dirname is unreliable inside Next.js bundles, so we use DATA_DIR env or
|
||||
// fall back to locating the file relative to the app's source root.
|
||||
function resolveServerPath() {
|
||||
// 1. Explicit override via env (useful for packaged/standalone builds)
|
||||
if (process.env.MITM_SERVER_PATH) return process.env.MITM_SERVER_PATH;
|
||||
|
||||
// 2. Try sibling of this file (works in dev where __dirname is real)
|
||||
const sibling = path.join(__dirname, "server.js");
|
||||
if (fs.existsSync(sibling)) return sibling;
|
||||
|
||||
// 3. Fallback: resolve from process.cwd() → src/mitm/server.js
|
||||
const fromCwd = path.join(process.cwd(), "src", "mitm", "server.js");
|
||||
if (fs.existsSync(fromCwd)) return fromCwd;
|
||||
|
||||
// 4. Standalone build: app root is parent of .next
|
||||
const fromNext = path.join(process.cwd(), "..", "src", "mitm", "server.js");
|
||||
if (fs.existsSync(fromNext)) return fromNext;
|
||||
|
||||
return fromCwd; // best guess
|
||||
}
|
||||
|
||||
const SERVER_PATH = resolveServerPath();
|
||||
|
||||
const ENCRYPT_ALGO = "aes-256-gcm";
|
||||
const ENCRYPT_SALT = "9router-mitm-pwd";
|
||||
|
||||
// Store server process in-memory
|
||||
let serverProcess = null;
|
||||
let serverPid = null;
|
||||
// Persist across Next.js hot reloads
|
||||
|
||||
// Persist sudo password across Next.js hot reloads (in-memory only)
|
||||
function getCachedPassword() { return globalThis.__mitmSudoPassword || null; }
|
||||
function setCachedPassword(pwd) { globalThis.__mitmSudoPassword = pwd; }
|
||||
|
||||
// server.js is in same directory as this file
|
||||
const PID_FILE = path.join(os.homedir(), ".9router", "mitm", ".mitm.pid");
|
||||
|
||||
// Check if a PID is alive
|
||||
function isProcessAlive(pid) {
|
||||
try {
|
||||
@@ -34,7 +64,193 @@ function killProcess(pid, force = false) {
|
||||
const flag = force ? "/F " : "";
|
||||
exec(`taskkill ${flag}/PID ${pid}`, () => {});
|
||||
} else {
|
||||
process.kill(pid, force ? "SIGKILL" : "SIGTERM");
|
||||
// Use pkill to kill entire process group (catches sudo + child node process)
|
||||
const sig = force ? "SIGKILL" : "SIGTERM";
|
||||
exec(`pkill -${sig} -P ${pid} 2>/dev/null; kill -${sig} ${pid} 2>/dev/null`, () => {});
|
||||
}
|
||||
}
|
||||
|
||||
/** Derive a 32-byte encryption key from machineId */
|
||||
function deriveKey() {
|
||||
try {
|
||||
const { machineIdSync } = require("node-machine-id");
|
||||
const raw = machineIdSync();
|
||||
return crypto.createHash("sha256").update(raw + ENCRYPT_SALT).digest();
|
||||
} catch {
|
||||
// Fallback: fixed key derived from salt (less secure but functional)
|
||||
return crypto.createHash("sha256").update(ENCRYPT_SALT).digest();
|
||||
}
|
||||
}
|
||||
|
||||
/** Encrypt sudo password with AES-256-GCM */
|
||||
function encryptPassword(plaintext) {
|
||||
const key = deriveKey();
|
||||
const iv = crypto.randomBytes(12);
|
||||
const cipher = crypto.createCipheriv(ENCRYPT_ALGO, key, iv);
|
||||
const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
||||
const tag = cipher.getAuthTag();
|
||||
// Store as hex: iv:tag:ciphertext
|
||||
return `${iv.toString("hex")}:${tag.toString("hex")}:${encrypted.toString("hex")}`;
|
||||
}
|
||||
|
||||
/** Decrypt sudo password */
|
||||
function decryptPassword(stored) {
|
||||
try {
|
||||
const [ivHex, tagHex, dataHex] = stored.split(":");
|
||||
if (!ivHex || !tagHex || !dataHex) return null;
|
||||
const key = deriveKey();
|
||||
const decipher = crypto.createDecipheriv(ENCRYPT_ALGO, key, Buffer.from(ivHex, "hex"));
|
||||
decipher.setAuthTag(Buffer.from(tagHex, "hex"));
|
||||
return decipher.update(Buffer.from(dataHex, "hex")) + decipher.final("utf8");
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// DB hooks — injected from ESM context (initializeApp / route handlers)
|
||||
// to avoid webpack bundling issues with dynamic imports in CJS modules.
|
||||
let _getSettings = null;
|
||||
let _updateSettings = null;
|
||||
|
||||
/** Called once from ESM context to inject DB access functions */
|
||||
function initDbHooks(getSettingsFn, updateSettingsFn) {
|
||||
_getSettings = getSettingsFn;
|
||||
_updateSettings = updateSettingsFn;
|
||||
}
|
||||
|
||||
/** Save encrypted sudo password + mitmEnabled to db */
|
||||
async function saveMitmSettings(enabled, password) {
|
||||
if (!_updateSettings) {
|
||||
console.log("[MITM] DB hooks not initialized, skipping save");
|
||||
return;
|
||||
}
|
||||
try {
|
||||
const updates = { mitmEnabled: enabled };
|
||||
if (password) updates.mitmSudoEncrypted = encryptPassword(password);
|
||||
await _updateSettings(updates);
|
||||
} catch (e) {
|
||||
console.log("[MITM] Failed to save settings:", e.message);
|
||||
}
|
||||
}
|
||||
|
||||
/** Load and decrypt sudo password from db */
|
||||
async function loadEncryptedPassword() {
|
||||
if (!_getSettings) return null;
|
||||
try {
|
||||
const settings = await _getSettings();
|
||||
if (!settings.mitmSudoEncrypted) return null;
|
||||
return decryptPassword(settings.mitmSudoEncrypted);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if port 443 is available
|
||||
* Returns: "free" | "in-use" | "no-permission"
|
||||
*/
|
||||
function checkPort443Free() {
|
||||
return new Promise((resolve) => {
|
||||
const tester = net.createServer();
|
||||
tester.once("error", (err) => {
|
||||
if (err.code === "EADDRINUSE") resolve("in-use");
|
||||
else resolve("no-permission"); // EACCES or other → port free but needs sudo
|
||||
});
|
||||
tester.once("listening", () => { tester.close(() => resolve("free")); });
|
||||
tester.listen(MITM_PORT, "127.0.0.1");
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Get PID and process name currently holding port 443
|
||||
* Returns { pid, name } or null if port is free / cannot determine
|
||||
*/
|
||||
function getPort443Owner() {
|
||||
return new Promise((resolve) => {
|
||||
const cmd = IS_WIN
|
||||
? `netstat -ano | findstr ":443 "`
|
||||
// Only match TCP processes actually LISTEN-ing on port 443 (not outbound UDP/QUIC)
|
||||
: `lsof -i TCP:${MITM_PORT} -n -P -sTCP:LISTEN`;
|
||||
|
||||
exec(cmd, (err, stdout) => {
|
||||
if (err || !stdout.trim()) return resolve(null);
|
||||
|
||||
let pid = null;
|
||||
|
||||
if (IS_WIN) {
|
||||
// netstat line: " TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1234"
|
||||
for (const line of stdout.split("\n")) {
|
||||
const match = line.match(/LISTENING\s+(\d+)/i);
|
||||
if (match) { pid = parseInt(match[1], 10); break; }
|
||||
}
|
||||
} else {
|
||||
// lsof line: "node 1234 user ..."
|
||||
for (const line of stdout.split("\n").slice(1)) {
|
||||
const parts = line.trim().split(/\s+/);
|
||||
if (parts.length >= 2) { pid = parseInt(parts[1], 10); break; }
|
||||
}
|
||||
}
|
||||
|
||||
if (!pid || isNaN(pid)) return resolve(null);
|
||||
|
||||
// Get process name by PID
|
||||
const nameCmd = IS_WIN
|
||||
? `tasklist /FI "PID eq ${pid}" /FO CSV /NH`
|
||||
: `ps -p ${pid} -o comm=`;
|
||||
|
||||
exec(nameCmd, (e2, out2) => {
|
||||
let name = "unknown";
|
||||
if (!e2 && out2.trim()) {
|
||||
if (IS_WIN) {
|
||||
// CSV: "node.exe","1234",...
|
||||
const m = out2.match(/"([^"]+)"/);
|
||||
if (m) name = m[1];
|
||||
} else {
|
||||
name = out2.trim();
|
||||
}
|
||||
}
|
||||
resolve({ pid, name });
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Kill any leftover MITM server process (from previous failed start)
|
||||
* Uses sudo to kill the node process that was spawned with sudo
|
||||
*/
|
||||
async function killLeftoverMitm(sudoPassword) {
|
||||
// Kill in-memory process if still alive
|
||||
if (serverProcess && !serverProcess.killed) {
|
||||
try { serverProcess.kill("SIGKILL"); } catch { /* ignore */ }
|
||||
serverProcess = null;
|
||||
serverPid = null;
|
||||
}
|
||||
|
||||
// Kill from PID file
|
||||
try {
|
||||
if (fs.existsSync(PID_FILE)) {
|
||||
const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
|
||||
if (savedPid && isProcessAlive(savedPid)) {
|
||||
killProcess(savedPid, true);
|
||||
await new Promise(r => setTimeout(r, 500));
|
||||
}
|
||||
fs.unlinkSync(PID_FILE);
|
||||
}
|
||||
} catch { /* ignore */ }
|
||||
|
||||
// Also kill any node process running server.js via sudo (belt-and-suspenders)
|
||||
if (!IS_WIN && SERVER_PATH) {
|
||||
try {
|
||||
const escaped = SERVER_PATH.replace(/'/g, "'\\''");
|
||||
if (sudoPassword) {
|
||||
const { execWithPassword } = require("./dns/dnsConfig");
|
||||
await execWithPassword(`pkill -SIGKILL -f "${escaped}" 2>/dev/null || true`, sudoPassword).catch(() => {});
|
||||
} else {
|
||||
exec(`pkill -SIGKILL -f "${escaped}" 2>/dev/null || true`, () => {});
|
||||
}
|
||||
await new Promise(r => setTimeout(r, 500));
|
||||
} catch { /* ignore */ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,7 +258,6 @@ function killProcess(pid, force = false) {
|
||||
* Get MITM status
|
||||
*/
|
||||
async function getMitmStatus() {
|
||||
// Check in-memory process first, then fallback to PID file
|
||||
let running = serverProcess !== null && !serverProcess.killed;
|
||||
let pid = serverPid;
|
||||
|
||||
@@ -54,7 +269,6 @@ async function getMitmStatus() {
|
||||
running = true;
|
||||
pid = savedPid;
|
||||
} else {
|
||||
// Stale PID file, clean up
|
||||
fs.unlinkSync(PID_FILE);
|
||||
}
|
||||
}
|
||||
@@ -63,10 +277,7 @@ async function getMitmStatus() {
|
||||
}
|
||||
}
|
||||
|
||||
// Check DNS configuration (cross-platform via dnsConfig)
|
||||
const dnsConfigured = checkDNSEntry();
|
||||
|
||||
// Check cert
|
||||
const certDir = path.join(os.homedir(), ".9router", "mitm");
|
||||
const certExists = fs.existsSync(path.join(certDir, "server.crt"));
|
||||
|
||||
@@ -79,109 +290,133 @@ async function getMitmStatus() {
|
||||
* @param {string} sudoPassword - Sudo password for DNS/cert operations
|
||||
*/
|
||||
async function startMitm(apiKey, sudoPassword) {
|
||||
// Check if already running
|
||||
// Check orphan process from PID file before spawning
|
||||
if (!serverProcess || serverProcess.killed) {
|
||||
try {
|
||||
if (fs.existsSync(PID_FILE)) {
|
||||
const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
|
||||
if (savedPid && isProcessAlive(savedPid)) {
|
||||
// Orphan MITM process still alive — reuse it
|
||||
serverPid = savedPid;
|
||||
console.log(`[MITM] Reusing existing process PID ${savedPid}`);
|
||||
await saveMitmSettings(true, sudoPassword);
|
||||
if (sudoPassword) setCachedPassword(sudoPassword);
|
||||
return { running: true, pid: savedPid };
|
||||
} else {
|
||||
fs.unlinkSync(PID_FILE);
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// Ignore stale PID file errors
|
||||
}
|
||||
}
|
||||
|
||||
if (serverProcess && !serverProcess.killed) {
|
||||
throw new Error("MITM proxy is already running");
|
||||
}
|
||||
|
||||
|
||||
// Kill any leftover MITM server from a previous failed start attempt
|
||||
await killLeftoverMitm(sudoPassword);
|
||||
|
||||
// Check port 443 availability BEFORE modifying system
|
||||
const portStatus = await checkPort443Free();
|
||||
if (portStatus === "in-use") {
|
||||
const owner = await getPort443Owner();
|
||||
let ownerDesc = "another process";
|
||||
if (owner) {
|
||||
const shortName = owner.name.includes("/")
|
||||
? owner.name.split("/").filter(Boolean).pop()
|
||||
: owner.name;
|
||||
ownerDesc = `"${shortName}" (PID ${owner.pid})`;
|
||||
}
|
||||
throw new Error(
|
||||
`Port 443 is already in use by ${ownerDesc}. Stop that process first, then retry.`
|
||||
);
|
||||
}
|
||||
|
||||
// 1. Generate SSL certificate if not exists
|
||||
const certPath = path.join(os.homedir(), ".9router", "mitm", "server.crt");
|
||||
if (!fs.existsSync(certPath)) {
|
||||
console.log("Generating SSL certificate...");
|
||||
await generateCert();
|
||||
}
|
||||
|
||||
|
||||
// 2. Install certificate to system keychain
|
||||
await installCert(sudoPassword, certPath);
|
||||
|
||||
// Skip if db flag says installed AND cert file still exists (same cert in keychain)
|
||||
const settings = _getSettings ? await _getSettings().catch(() => ({})) : {};
|
||||
const certAlreadyInstalled = settings.mitmCertInstalled && fs.existsSync(certPath);
|
||||
if (!certAlreadyInstalled) {
|
||||
await installCert(sudoPassword, certPath);
|
||||
if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => {});
|
||||
}
|
||||
|
||||
// 3. Add DNS entry
|
||||
console.log("Adding DNS entry...");
|
||||
await addDNSEntry(sudoPassword);
|
||||
|
||||
// 4. Start MITM server (port 443 requires elevated privileges)
|
||||
|
||||
// 4. Spawn MITM server with sudo (port 443 requires root on macOS/Linux)
|
||||
console.log("Starting MITM server...");
|
||||
const serverPath = path.join(process.cwd(), "src/mitm/server.js");
|
||||
|
||||
if (IS_WIN) {
|
||||
// Windows: spawn via powershell elevated to bind port 443
|
||||
const nodePath = process.execPath;
|
||||
const envArgs = `$env:ROUTER_API_KEY='${apiKey}'; $env:NODE_ENV='production'; & '${nodePath}' '${serverPath}'`;
|
||||
const envArgs = `$env:ROUTER_API_KEY='${apiKey}'; $env:NODE_ENV='production'; & '${nodePath}' '${SERVER_PATH}'`;
|
||||
serverProcess = spawn("powershell", [
|
||||
"-Command",
|
||||
`Start-Process powershell -ArgumentList '-NoProfile','-Command','${envArgs.replace(/'/g, "''")}' -Verb RunAs -PassThru`
|
||||
], {
|
||||
detached: false,
|
||||
stdio: ["ignore", "pipe", "pipe"]
|
||||
});
|
||||
], { detached: false, stdio: ["ignore", "pipe", "pipe"] });
|
||||
} else {
|
||||
serverProcess = spawn("node", [serverPath], {
|
||||
env: {
|
||||
...process.env,
|
||||
ROUTER_API_KEY: apiKey,
|
||||
NODE_ENV: "production"
|
||||
},
|
||||
detached: false,
|
||||
stdio: ["ignore", "pipe", "pipe"]
|
||||
});
|
||||
// sudo -S: read password from stdin, -E: preserve env vars
|
||||
// Pass ROUTER_API_KEY inline via env=... wrapper to avoid sudo stripping env
|
||||
const inlineCmd = `ROUTER_API_KEY='${apiKey}' NODE_ENV='production' '${process.execPath}' '${SERVER_PATH}'`;
|
||||
serverProcess = spawn(
|
||||
"sudo", ["-S", "-E", "sh", "-c", inlineCmd],
|
||||
{ detached: false, stdio: ["pipe", "pipe", "pipe"] }
|
||||
);
|
||||
// Write password then close stdin so sudo proceeds
|
||||
serverProcess.stdin.write(`${sudoPassword}\n`);
|
||||
serverProcess.stdin.end();
|
||||
}
|
||||
|
||||
|
||||
serverPid = serverProcess.pid;
|
||||
|
||||
// Save PID to file
|
||||
fs.writeFileSync(PID_FILE, String(serverPid));
|
||||
|
||||
// Log server output
|
||||
|
||||
let startError = null;
|
||||
serverProcess.stdout.on("data", (data) => {
|
||||
console.log(`[MITM Server] ${data.toString().trim()}`);
|
||||
});
|
||||
|
||||
serverProcess.stderr.on("data", (data) => {
|
||||
console.error(`[MITM Server Error] ${data.toString().trim()}`);
|
||||
const msg = data.toString().trim();
|
||||
// Capture meaningful errors (ignore sudo password prompt noise)
|
||||
if (msg && !msg.includes("Password:") && !msg.includes("password for")) {
|
||||
console.error(`[MITM Server Error] ${msg}`);
|
||||
startError = msg;
|
||||
}
|
||||
});
|
||||
|
||||
serverProcess.on("exit", (code) => {
|
||||
console.log(`MITM server exited with code ${code}`);
|
||||
serverProcess = null;
|
||||
serverPid = null;
|
||||
|
||||
// Remove PID file
|
||||
try {
|
||||
fs.unlinkSync(PID_FILE);
|
||||
} catch (error) {
|
||||
// Ignore
|
||||
}
|
||||
try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
|
||||
});
|
||||
|
||||
// Wait and verify server actually started
|
||||
|
||||
// Wait up to 8s — sudo + Node startup takes longer than plain spawn
|
||||
const started = await new Promise((resolve) => {
|
||||
let resolved = false;
|
||||
const timeout = setTimeout(() => {
|
||||
if (!resolved) { resolved = true; resolve(true); }
|
||||
}, 2000);
|
||||
|
||||
serverProcess.on("exit", (code) => {
|
||||
clearTimeout(timeout);
|
||||
if (!resolved) { resolved = true; resolve(false); }
|
||||
});
|
||||
|
||||
// Check stderr for error messages
|
||||
serverProcess.stderr.on("data", (data) => {
|
||||
const msg = data.toString().trim();
|
||||
if (msg.includes("Port") && msg.includes("already in use")) {
|
||||
clearTimeout(timeout);
|
||||
if (!resolved) { resolved = true; resolve(false); }
|
||||
}
|
||||
});
|
||||
const done = (val) => { if (!resolved) { resolved = true; resolve(val); } };
|
||||
const timeout = setTimeout(() => done(true), 8000);
|
||||
serverProcess.once("exit", () => { clearTimeout(timeout); done(false); });
|
||||
});
|
||||
|
||||
if (!started) {
|
||||
throw new Error("MITM server failed to start (port 443 may be in use)");
|
||||
try { await removeDNSEntry(sudoPassword); } catch { /* best effort */ }
|
||||
const reason = startError || "Check sudo password or port 443 access.";
|
||||
throw new Error(`MITM server failed to start. ${reason}`);
|
||||
}
|
||||
|
||||
return {
|
||||
running: true,
|
||||
pid: serverPid
|
||||
};
|
||||
await saveMitmSettings(true, sudoPassword);
|
||||
if (sudoPassword) setCachedPassword(sudoPassword);
|
||||
|
||||
return { running: true, pid: serverPid };
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -189,19 +424,15 @@ async function startMitm(apiKey, sudoPassword) {
|
||||
* @param {string} sudoPassword - Sudo password for DNS cleanup
|
||||
*/
|
||||
async function stopMitm(sudoPassword) {
|
||||
// 1. Kill server process (in-memory or from PID file)
|
||||
const proc = serverProcess;
|
||||
if (proc && !proc.killed) {
|
||||
console.log("Stopping MITM server...");
|
||||
killProcess(proc.pid, false);
|
||||
await new Promise(resolve => setTimeout(resolve, 1000));
|
||||
if (isProcessAlive(proc.pid)) {
|
||||
killProcess(proc.pid, true);
|
||||
}
|
||||
if (isProcessAlive(proc.pid)) killProcess(proc.pid, true);
|
||||
serverProcess = null;
|
||||
serverPid = null;
|
||||
} else {
|
||||
// Fallback: kill by PID file
|
||||
try {
|
||||
if (fs.existsSync(PID_FILE)) {
|
||||
const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
|
||||
@@ -209,33 +440,22 @@ async function stopMitm(sudoPassword) {
|
||||
console.log(`Killing MITM server (PID: ${savedPid})...`);
|
||||
killProcess(savedPid, false);
|
||||
await new Promise(resolve => setTimeout(resolve, 1000));
|
||||
if (isProcessAlive(savedPid)) {
|
||||
killProcess(savedPid, true);
|
||||
}
|
||||
if (isProcessAlive(savedPid)) killProcess(savedPid, true);
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// Ignore
|
||||
}
|
||||
} catch { /* ignore */ }
|
||||
serverProcess = null;
|
||||
serverPid = null;
|
||||
}
|
||||
|
||||
// 2. Remove DNS entry
|
||||
|
||||
console.log("Removing DNS entry...");
|
||||
await removeDNSEntry(sudoPassword);
|
||||
|
||||
// 3. Remove PID file
|
||||
try {
|
||||
fs.unlinkSync(PID_FILE);
|
||||
} catch (error) {
|
||||
// Ignore
|
||||
}
|
||||
|
||||
return {
|
||||
running: false,
|
||||
pid: null
|
||||
};
|
||||
|
||||
try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
|
||||
|
||||
await saveMitmSettings(false, null);
|
||||
|
||||
return { running: false, pid: null };
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
@@ -243,5 +463,7 @@ module.exports = {
|
||||
startMitm,
|
||||
stopMitm,
|
||||
getCachedPassword,
|
||||
setCachedPassword
|
||||
setCachedPassword,
|
||||
loadEncryptedPassword,
|
||||
initDbHooks,
|
||||
};
|
||||
|
||||
@@ -23,10 +23,16 @@ if (!API_KEY) {
|
||||
|
||||
// Load SSL certificates
|
||||
const certDir = path.join(os.homedir(), ".9router", "mitm");
|
||||
const sslOptions = {
|
||||
key: fs.readFileSync(path.join(certDir, "server.key")),
|
||||
cert: fs.readFileSync(path.join(certDir, "server.crt"))
|
||||
};
|
||||
let sslOptions;
|
||||
try {
|
||||
sslOptions = {
|
||||
key: fs.readFileSync(path.join(certDir, "server.key")),
|
||||
cert: fs.readFileSync(path.join(certDir, "server.crt"))
|
||||
};
|
||||
} catch (e) {
|
||||
console.error(`❌ SSL cert not found in ${certDir}: ${e.message}`);
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
// Chat endpoints that should be intercepted
|
||||
const CHAT_URL_PATTERNS = [":generateContent", ":streamGenerateContent"];
|
||||
@@ -146,12 +152,10 @@ async function intercept(req, res, bodyBuffer, mappedModel) {
|
||||
throw new Error(`9Router ${response.status}: ${errText}`);
|
||||
}
|
||||
|
||||
res.writeHead(200, {
|
||||
"Content-Type": "text/event-stream",
|
||||
"Cache-Control": "no-cache",
|
||||
"Connection": "keep-alive",
|
||||
"X-Accel-Buffering": "no"
|
||||
});
|
||||
const ct = response.headers.get("content-type") || "application/json";
|
||||
const resHeaders = { "Content-Type": ct, "Cache-Control": "no-cache", "Connection": "keep-alive" };
|
||||
if (ct.includes("text/event-stream")) resHeaders["X-Accel-Buffering"] = "no";
|
||||
res.writeHead(200, resHeaders);
|
||||
|
||||
const reader = response.body.getReader();
|
||||
const decoder = new TextDecoder();
|
||||
|
||||
@@ -1,17 +1,52 @@
|
||||
import { cleanupProviderConnections, getSettings } from "@/lib/localDb";
|
||||
import { cleanupProviderConnections, getSettings, updateSettings, getApiKeys } from "@/lib/localDb";
|
||||
import { enableTunnel } from "@/lib/tunnel/tunnelManager";
|
||||
import { killCloudflared, isCloudflaredRunning, ensureCloudflared } from "@/lib/tunnel/cloudflared";
|
||||
import { getMitmStatus, startMitm, loadEncryptedPassword, initDbHooks } from "@/mitm/manager";
|
||||
import { fileURLToPath } from "url";
|
||||
import { dirname, join } from "path";
|
||||
import { existsSync } from "fs";
|
||||
|
||||
import os from "os";
|
||||
|
||||
// Inject correct paths and DB hooks into manager.js (CJS) from ESM context.
|
||||
// Must run before any MITM function is called.
|
||||
(function bootstrapMitm() {
|
||||
// 1. Resolve server.js path from real ESM __filename (not bundled path)
|
||||
if (!process.env.MITM_SERVER_PATH) {
|
||||
try {
|
||||
const thisFile = fileURLToPath(import.meta.url);
|
||||
const appSrc = dirname(dirname(thisFile)); // src/
|
||||
const candidate = join(appSrc, "mitm", "server.js");
|
||||
if (existsSync(candidate)) {
|
||||
process.env.MITM_SERVER_PATH = candidate;
|
||||
}
|
||||
} catch { /* ignore */ }
|
||||
}
|
||||
|
||||
// 2. Inject DB functions so manager.js (CJS) can save/load settings
|
||||
// without dynamic import issues inside webpack bundles
|
||||
try {
|
||||
initDbHooks(getSettings, updateSettings);
|
||||
} catch { /* ignore */ }
|
||||
})();
|
||||
|
||||
// Multiple modules register SIGINT/SIGTERM handlers legitimately
|
||||
process.setMaxListeners(20);
|
||||
|
||||
let signalHandlersRegistered = false;
|
||||
let watchdogInterval = null;
|
||||
let networkMonitorInterval = null;
|
||||
let lastNetworkFingerprint = null;
|
||||
let lastWatchdogTick = Date.now();
|
||||
const WATCHDOG_INTERVAL_MS = 60000;
|
||||
const NETWORK_CHECK_INTERVAL_MS = 5000;
|
||||
|
||||
/**
|
||||
* Initialize app on startup
|
||||
* - Cleanup stale data
|
||||
* - Auto-reconnect tunnel if previously enabled
|
||||
* - Register shutdown handler to kill cloudflared
|
||||
* - Start watchdog to recover tunnel after sleep/wake
|
||||
*/
|
||||
export async function initializeApp() {
|
||||
try {
|
||||
@@ -42,9 +77,124 @@ export async function initializeApp() {
|
||||
|
||||
// Pre-download cloudflared binary in background
|
||||
ensureCloudflared().catch(() => {});
|
||||
|
||||
// Watchdog: recover tunnel after process crash
|
||||
startWatchdog();
|
||||
|
||||
// Network monitor: detect sleep/wake + network changes → restart tunnel
|
||||
startNetworkMonitor();
|
||||
|
||||
// Auto-start MITM if it was enabled before restart
|
||||
autoStartMitm();
|
||||
} catch (error) {
|
||||
console.error("[InitApp] Error:", error);
|
||||
}
|
||||
}
|
||||
|
||||
/** Auto-start MITM if it was enabled before restart */
|
||||
async function autoStartMitm() {
|
||||
try {
|
||||
const settings = await getSettings();
|
||||
if (!settings.mitmEnabled) return;
|
||||
|
||||
const mitmStatus = await getMitmStatus();
|
||||
if (mitmStatus.running) return;
|
||||
|
||||
const password = await loadEncryptedPassword();
|
||||
if (!password && process.platform !== "win32") {
|
||||
console.log("[InitApp] MITM was enabled but no saved password found, skipping auto-start");
|
||||
return;
|
||||
}
|
||||
|
||||
// Need an active API key
|
||||
const keys = await getApiKeys();
|
||||
const activeKey = keys.find(k => k.isActive !== false);
|
||||
if (!activeKey) {
|
||||
console.log("[InitApp] MITM auto-start skipped: no active API key");
|
||||
return;
|
||||
}
|
||||
|
||||
console.log("[InitApp] MITM was enabled, auto-starting...");
|
||||
await startMitm(activeKey.key, password || "");
|
||||
console.log("[InitApp] MITM auto-started");
|
||||
} catch (err) {
|
||||
console.log("[InitApp] MITM auto-start failed:", err.message);
|
||||
}
|
||||
}
|
||||
|
||||
/** Periodically check tunnel process health and reconnect if crashed */
|
||||
function startWatchdog() {
|
||||
if (watchdogInterval) return;
|
||||
watchdogInterval = setInterval(async () => {
|
||||
try {
|
||||
const settings = await getSettings();
|
||||
if (!settings.tunnelEnabled) return;
|
||||
if (isCloudflaredRunning()) return;
|
||||
console.log("[Watchdog] Tunnel process is down, attempting recovery...");
|
||||
await enableTunnel();
|
||||
console.log("[Watchdog] Tunnel recovered");
|
||||
} catch (err) {
|
||||
console.log("[Watchdog] Recovery failed:", err.message);
|
||||
}
|
||||
}, WATCHDOG_INTERVAL_MS);
|
||||
|
||||
if (watchdogInterval.unref) watchdogInterval.unref();
|
||||
}
|
||||
|
||||
/** Get network fingerprint from active interfaces (IPv4 only) */
|
||||
function getNetworkFingerprint() {
|
||||
const interfaces = os.networkInterfaces();
|
||||
const active = [];
|
||||
for (const [name, addrs] of Object.entries(interfaces)) {
|
||||
if (!addrs) continue;
|
||||
for (const addr of addrs) {
|
||||
if (!addr.internal && addr.family === "IPv4") {
|
||||
active.push(`${name}:${addr.address}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
return active.sort().join("|");
|
||||
}
|
||||
|
||||
/** Monitor network changes + sleep/wake → kill and reconnect tunnel */
|
||||
function startNetworkMonitor() {
|
||||
if (networkMonitorInterval) return;
|
||||
|
||||
lastNetworkFingerprint = getNetworkFingerprint();
|
||||
lastWatchdogTick = Date.now();
|
||||
|
||||
networkMonitorInterval = setInterval(async () => {
|
||||
try {
|
||||
const settings = await getSettings();
|
||||
if (!settings.tunnelEnabled) return;
|
||||
|
||||
const now = Date.now();
|
||||
const elapsed = now - lastWatchdogTick;
|
||||
lastWatchdogTick = now;
|
||||
|
||||
const currentFingerprint = getNetworkFingerprint();
|
||||
const networkChanged = currentFingerprint !== lastNetworkFingerprint;
|
||||
const wasSleep = elapsed > NETWORK_CHECK_INTERVAL_MS * 3;
|
||||
|
||||
if (networkChanged) lastNetworkFingerprint = currentFingerprint;
|
||||
|
||||
if (!networkChanged && !wasSleep) return;
|
||||
|
||||
const reason = wasSleep && networkChanged ? "sleep/wake + network change"
|
||||
: wasSleep ? "sleep/wake" : "network change";
|
||||
console.log(`[NetworkMonitor] ${reason} detected, restarting tunnel...`);
|
||||
|
||||
killCloudflared();
|
||||
await new Promise(r => setTimeout(r, 2000));
|
||||
await enableTunnel();
|
||||
console.log("[NetworkMonitor] Tunnel restarted");
|
||||
lastNetworkFingerprint = getNetworkFingerprint();
|
||||
} catch (err) {
|
||||
console.log("[NetworkMonitor] Tunnel restart failed:", err.message);
|
||||
}
|
||||
}, NETWORK_CHECK_INTERVAL_MS);
|
||||
|
||||
if (networkMonitorInterval.unref) networkMonitorInterval.unref();
|
||||
}
|
||||
|
||||
export default initializeApp;
|
||||
|
||||
Reference in New Issue
Block a user