feat: 1.3.0

Zekfad · Zekfad · commit 7ca4654396ea · 2025-06-09T16:19:10.000+03:00
diff --git a/.env.sample b/.env.sample
@@ -11,3 +11,4 @@ LOCAL_USERNAME = user
 LOCAL_PASSWORD = passw0rd
 LOCAL_HOST = 127.0.0.1
 LOCAL_PORT = 8080
+SSLKEYLOGFILE = ./keys.log
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# 1.3.0
+
+- Add support for `SSLKEYLOGFILE`.
+- Fix internal auth leak to remote server.
+
 # 1.2.1
 
 - Fix HTTP_PROXY variable.
diff --git a/ReadMe.md b/ReadMe.md
@@ -5,12 +5,13 @@ It will help you to keep private credentials out of build artifacts.
 
 ## Features
 
-* Remote server authentication
-* Local server authentication
-* Referrer spoofing (pretend that request came from target origin)
-* CORS bypass
-* HTTP proxy support
+* Remote server authentication.
+* Local server authentication.
+* Referrer spoofing (pretend that request came from target origin).
+* CORS bypass.
+* HTTP proxy support.
 * Adds `Access-Control-Expose-Headers` to allow browser inspect headers.
+* Debug TLS connections via `SSLKEYLOGFILE`.
 
 ## Usage
 
diff --git a/bin/main.dart b/bin/main.dart
@@ -96,6 +96,14 @@ void main(List<String> arguments) async {
     ..badCertificateCallback = (cert, host, port) =>
       trustedRoots.contains(String.fromCharCodes(cert.sha1));
 
+  // Allow SSL debugging
+  if (config.sslKeyLogFile case final path?) {
+    final keyLog = File(path)
+      ..createSync(recursive: true);
+    client.keyLog = (line) =>
+      keyLog.writeAsStringSync(line, mode: FileMode.append);
+  }
+
   // Apply HTTP proxy
   if (config.proxy case final Uri proxy) {
     final credentials = proxy.httpClientCredentials;
@@ -127,7 +135,8 @@ void main(List<String> arguments) async {
       response
         ..contentLength = 0
         ..statusCode = HttpStatus.ok
-        ..close();
+        ..close()
+        .ignore();
       return;
     }
 
@@ -141,7 +150,8 @@ void main(List<String> arguments) async {
           ..headers.add(HttpHeaders.wwwAuthenticateHeader, 'Basic realm=Protected')
           ..headers.contentType = ContentType.text
           ..write('PROXY///ERROR///UNAUTHORIZED')
-          ..close();
+          ..close()
+          .ignore();
         return;
       }
     }
@@ -159,11 +169,6 @@ void main(List<String> arguments) async {
       .then((requestToRemote) async {
         requestToRemote.followRedirects = false;
 
-        // Remote server auth
-        final remoteBasicAuth = config.remote.basicAuth;
-        if (remoteBasicAuth != null)
-          requestToRemote.headers.add(HttpHeaders.authorizationHeader, remoteBasicAuth);
-
         request.headers.forEach((headerName, headerValues) {
           // Filter out headers
           if (!headersNotToForwardToRemote.contains(headerName)) {
@@ -181,14 +186,19 @@ void main(List<String> arguments) async {
           }
         });
 
+        // Remote server auth
+        final remoteBasicAuth = config.remote.basicAuth;
+        if (remoteBasicAuth != null)
+          requestToRemote.headers.set(HttpHeaders.authorizationHeader, remoteBasicAuth);
+
         // If there's content pipe request body
         if (request.contentLength > 0)
           await requestToRemote.addStream(request);
 
         return requestToRemote.close();
       })
       .then(
-        (remoteResponse) async {
+        (remoteResponse) {
           stdout.writeln('[$requestId] Remote response: ${remoteResponse.statusCode}');
           remoteResponse.headers.forEach((headerName, headerValues) {
             // Filter out headers
@@ -240,8 +250,10 @@ void main(List<String> arguments) async {
             ..headers.contentType = ContentType.text
             ..writeln('PROXY///ERROR///INTERNAL')
             ..write(error)
-            ..close();
+            ..close()
+            .ignore();
         },
-      );
+      )
+      .ignore();
   });
 }
diff --git a/lib/config.dart b/lib/config.dart
@@ -7,13 +7,17 @@ class Config {
     required this.local,
     required this.remote,
     this.proxy,
+    this.sslKeyLogFile,
   });
 
   factory Config.load(String? path) {
     if (path != null && File(path).existsSync())
       dotenv.load([ path, ]);
 
     final proxy = getUri('HTTP_PROXY', true);
+
+    final sslKeyLogFile = getString('SSLKEYLOGFILE');
+
     final local = getUri('LOCAL')
       ?? Uri.http('127.0.0.1:8080');
 
@@ -22,12 +26,14 @@ class Config {
 
     return Config._(
       proxy: proxy,
+      sslKeyLogFile: sslKeyLogFile,
       local: local,
       remote: remote,
     );
   }
 
   final Uri? proxy;
+  final String? sslKeyLogFile;
   final Uri local;
   final Uri remote;
 
diff --git a/pubspec.yaml b/pubspec.yaml
@@ -2,7 +2,7 @@ publish_to: none
 
 name: dev_mirror
 description: Development proxy for accessing private APIs.
-version: 1.2.1
+version: 1.3.0
 homepage: https://github.com/Zekfad/dev-mirror
 
 environment:
diff --git a/workspace.code-workspace b/workspace.code-workspace
@@ -9,4 +9,15 @@
 			"dart-code.dart-code",
 		],
 	},
+	"launch": {
+		"version": "0.2.0",
+		"configurations": [
+			{
+				"name": "Dart",
+				"type": "dart",
+				"request": "launch",
+				"program": "bin/main.dart",
+			},
+		],
+	},
 }
