From c3ee313f582c1451ef63b5c2925f25e1a0416af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E8=89=AF?= <841369634@qq.com>
Date: Tue, 26 Mar 2024 14:14:03 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20OPTIONS=20=E8=AF=B7?=
 =?UTF-8?q?=E6=B1=82=E6=8B=A6=E6=88=AA=E5=99=A8=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/core/src/config/index.js             | 11 ++--
 .../src/modules/plugin/overwall/config.js     |  1 -
 packages/core/src/modules/proxy/index.js      |  5 --
 .../src/lib/interceptor/impl/req/OPTIONS.js   | 52 +++++++++++++++++++
 .../mitmproxy/src/lib/interceptor/index.js    |  3 ++
 5 files changed, 61 insertions(+), 11 deletions(-)
 create mode 100644 packages/mitmproxy/src/lib/interceptor/impl/req/OPTIONS.js

diff --git a/packages/core/src/config/index.js b/packages/core/src/config/index.js
index f1b8d78..a6f47a3 100644
--- a/packages/core/src/config/index.js
+++ b/packages/core/src/config/index.js
@@ -50,6 +50,11 @@ module.exports = {
       enabled: true
     },
     intercepts: {
+      'www.nbgzjk.cn': {
+        '/.*': {
+          options: true
+        }
+      },
       'github.com': {
         '/.*/.*/releases/download/': {
           redirect: 'gh.api.99988866.xyz/https://github.com',
@@ -226,9 +231,6 @@ module.exports = {
       }
     },
     whiteList: {
-      '*.cn': true,
-      'cn.*': true,
-      '*china*': true,
       '*.dingtalk.com': true,
       '*.apple.com': true,
       '*.microsoft.com': true,
@@ -263,8 +265,7 @@ module.exports = {
         }
       },
       mapping: {
-        '*.github.com': 'quad9',
-        '*.*github*.com': 'quad9',
+        '*github*.com': 'quad9',
         '*.github.io': 'quad9',
         '*.docker.com': 'quad9',
         '*.docker*.com': 'quad9',
diff --git a/packages/core/src/modules/plugin/overwall/config.js b/packages/core/src/modules/plugin/overwall/config.js
index edbafb9..ed5b945 100644
--- a/packages/core/src/modules/plugin/overwall/config.js
+++ b/packages/core/src/modules/plugin/overwall/config.js
@@ -10,7 +10,6 @@ module.exports = {
     }
   },
   targets: {
-    '*.github.com': true,
     '*github*.com': true,
     '*.wikimedia.org': true,
     '*.v2ex.com': true,
diff --git a/packages/core/src/modules/proxy/index.js b/packages/core/src/modules/proxy/index.js
index 3854fff..3a3fbb8 100644
--- a/packages/core/src/modules/proxy/index.js
+++ b/packages/core/src/modules/proxy/index.js
@@ -58,11 +58,6 @@ module.exports = {
     excludeIpList: {
       // region 常用国内可访问域名
 
-      // 中国大陆
-      '*.cn': true,
-      'cn.*': true,
-      '*china*': true,
-
       // 系统之家
       '*.xitongzhijia.net': true,
 
diff --git a/packages/mitmproxy/src/lib/interceptor/impl/req/OPTIONS.js b/packages/mitmproxy/src/lib/interceptor/impl/req/OPTIONS.js
new file mode 100644
index 0000000..09e4a83
--- /dev/null
+++ b/packages/mitmproxy/src/lib/interceptor/impl/req/OPTIONS.js
@@ -0,0 +1,52 @@
+const defaultAllowHeaders = '*'
+const defaultAllowMethods = 'GET,POST,PUT,DELETE,HEAD,OPTIONS,PATCH' // CONNECT、TRACE被认为是不安全的请求，通常不建议允许跨域
+
+function readConfig (config, defaultConfig) {
+  if (config) {
+    if (Object.isArray(config)) {
+      config = config.join(',')
+    }
+  } else {
+    config = defaultConfig
+  }
+  return config
+}
+
+module.exports = {
+  requestIntercept (context, interceptOpt, req, res, ssl, next) {
+    const { rOptions, log } = context
+
+    // 不是 OPTIONS 请求，或请求头中不含 origin 时，跳过当前拦截器
+    if (rOptions.method !== 'OPTIONS' || rOptions.headers.origin == null) {
+      return
+    }
+
+    // 从请求头中获取跨域相关信息；如果不存在，则从配置中获取的值；如果还不存在，则使用默认值
+    const allowHeaders = rOptions.headers['access-control-request-headers'] || readConfig(interceptOpt.optionsAllowHeaders, defaultAllowHeaders)
+    const allowMethods = rOptions.headers['access-control-request-method'] || readConfig(interceptOpt.optionsAllowMethods, defaultAllowMethods)
+
+    const headers = {
+      // 允许跨域
+      'Dev-Sidecar-Interceptor': 'options',
+      'Access-Control-Allow-Origin': rOptions.headers.origin,
+      'Access-Control-Allow-Headers': allowHeaders,
+      'Access-Control-Allow-Methods': allowMethods,
+      'Access-Control-Max-Age': interceptOpt.optionsMaxAge > 0 ? interceptOpt.optionsMaxAge : 2592000, // 默认有效一个月
+      Date: new Date().toUTCString()
+    }
+
+    // 判断是否允许
+    if (interceptOpt.optionsCredentials !== false && interceptOpt.optionsCredentials !== 'false') {
+      headers['Access-Control-Allow-Credentials'] = 'true'
+    }
+
+    res.writeHead(200, headers)
+    res.end()
+
+    log.info('options intercept:', (rOptions.original || rOptions).url)
+    return true // true代表请求结束
+  },
+  is (interceptOpt) {
+    return !!interceptOpt.options
+  }
+}
diff --git a/packages/mitmproxy/src/lib/interceptor/index.js b/packages/mitmproxy/src/lib/interceptor/index.js
index 1f22d76..8f4a722 100644
--- a/packages/mitmproxy/src/lib/interceptor/index.js
+++ b/packages/mitmproxy/src/lib/interceptor/index.js
@@ -1,4 +1,6 @@
 // request interceptor impls
+const OPTIONS = require('./impl/req/OPTIONS.js')
+
 const success = require('./impl/req/success')
 const redirect = require('./impl/req/redirect')
 const abort = require('./impl/req/abort')
@@ -14,6 +16,7 @@ const script = require('./impl/res/script')
 
 module.exports = [
   // request interceptor impls
+  OPTIONS,
   success, redirect, abort,
   cacheReq,
   proxy, sni,