CalvinBackup/donutbrowser
1
0
Fork 0
mirror of https://github.com/zhom/donutbrowser.git synced 2026-06-07 23:43:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: dns block lists

Browse Source
This commit is contained in:
zhom
2026-03-31 14:21:31 +04:00
parent cb8093fbde
commit 35723de96a
39 changed files with 1880 additions and 579 deletions
Download Patch File Download Diff File Expand all files Collapse all files
next-env.d.ts
Vendored
+1 -1
View File
@@ -1,6 +1,6 @@
/// <reference types="next" />
/// <reference types="next/image-types/global" />
import "./.next/types/routes.d.ts";
import "./dist/dev/types/routes.d.ts";
// NOTE: This file should not be edited
// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
src-tauri/src/api_server.rs
+1
View File
@@ -611,6 +611,7 @@ async fn create_profile(
wayfern_config,
request.group_id.clone(),
false,
None,
)
.await
{
src-tauri/src/app_dirs.rs
+5
View File
@@ -104,6 +104,10 @@ pub fn extensions_dir() -> PathBuf {
data_dir().join("extensions")
}
pub fn dns_blocklist_dir() -> PathBuf {
cache_dir().join("dns_blocklists")
}
#[cfg(test)]
thread_local! {
static TEST_DATA_DIR: std::cell::RefCell<Option<PathBuf>> = const { std::cell::RefCell::new(None) };
@@ -188,6 +192,7 @@ mod tests {
assert!(proxy_workers_dir().ends_with("proxy_workers"));
assert!(vpn_dir().ends_with("vpn"));
assert!(extensions_dir().ends_with("extensions"));
assert!(dns_blocklist_dir().ends_with("dns_blocklists"));
}
#[test]
src-tauri/src/auto_updater.rs
+1
View File
@@ -699,6 +699,7 @@ mod tests {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
}
}
src-tauri/src/bin/proxy_server.rs
+15 -1
View File
@@ -152,6 +152,11 @@ async fn main() {
Arg::new("bypass-rules")
.long("bypass-rules")
.help("JSON array of bypass rules (hostnames, IPs, or regex patterns)"),
)
.arg(
Arg::new("blocklist-file")
.long("blocklist-file")
.help("Path to DNS blocklist file (one domain per line)"),
),
)
.subcommand(
@@ -235,8 +240,17 @@ async fn main() {
.get_one::<String>("bypass-rules")
.and_then(|s| serde_json::from_str(s).ok())
.unwrap_or_default();
let blocklist_file = start_matches.get_one::<String>("blocklist-file").cloned();
match start_proxy_process_with_profile(upstream_url, port, profile_id, bypass_rules).await {
match start_proxy_process_with_profile(
upstream_url,
port,
profile_id,
bypass_rules,
blocklist_file,
)
.await
{
Ok(config) => {
// Output the configuration as JSON for the Rust side to parse
// Use println! here because this needs to go to stdout for parsing
src-tauri/src/browser.rs
+1
View File
@@ -1216,6 +1216,7 @@ mod tests {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
let path = profile.get_profile_data_path(&profiles_dir);
src-tauri/src/browser_runner.rs
+30
View File
@@ -38,6 +38,26 @@ impl BrowserRunner {
crate::app_dirs::binaries_dir()
}
/// Resolve the DNS blocklist level to a cached file path.
/// If a level is set but the cache is missing, fetches on demand (blocks until done).
async fn resolve_blocklist_file(
profile: &crate::profile::BrowserProfile,
) -> Result<Option<String>, String> {
let Some(ref level_str) = profile.dns_blocklist else {
return Ok(None);
};
let Some(level) = crate::dns_blocklist::BlocklistLevel::parse_level(level_str) else {
return Ok(None);
};
if level == crate::dns_blocklist::BlocklistLevel::None {
return Ok(None);
}
let path = crate::dns_blocklist::BlocklistManager::ensure_cached(level)
.await
.map_err(|e| format!("Failed to fetch DNS blocklist: {e}"))?;
Ok(Some(path.to_string_lossy().to_string()))
}
/// Refresh cloud proxy credentials if the profile uses a cloud or cloud-derived proxy,
/// then resolve the proxy settings with profile-specific sid for sticky sessions.
/// Resolve proxy settings for a profile, returning an error for dynamic proxy failures.
@@ -168,6 +188,7 @@ impl BrowserRunner {
// Start the proxy and get local proxy settings
// If proxy startup fails, DO NOT launch Camoufox - it requires local proxy
let profile_id_str = profile.id.to_string();
let blocklist_file = Self::resolve_blocklist_file(profile).await?;
let local_proxy = PROXY_MANAGER
.start_proxy(
app_handle.clone(),
@@ -175,6 +196,7 @@ impl BrowserRunner {
0, // Use 0 as temporary PID, will be updated later
Some(&profile_id_str),
profile.proxy_bypass_rules.clone(),
blocklist_file,
)
.await
.map_err(|e| {
@@ -427,6 +449,7 @@ impl BrowserRunner {
// Start the proxy and get local proxy settings
// If proxy startup fails, DO NOT launch Wayfern - it requires local proxy
let profile_id_str = profile.id.to_string();
let blocklist_file = Self::resolve_blocklist_file(profile).await?;
let local_proxy = PROXY_MANAGER
.start_proxy(
app_handle.clone(),
@@ -434,6 +457,7 @@ impl BrowserRunner {
0, // Use 0 as temporary PID, will be updated later
Some(&profile_id_str),
profile.proxy_bypass_rules.clone(),
blocklist_file,
)
.await
.map_err(|e| {
@@ -751,6 +775,9 @@ impl BrowserRunner {
let profile_id_str = profile.id.to_string();
// Start local proxy - if this fails, DO NOT launch browser
let blocklist_file = Self::resolve_blocklist_file(profile)
.await
.map_err(|e| -> Box<dyn std::error::Error + Send + Sync> { e.into() })?;
let internal_proxy = PROXY_MANAGER
.start_proxy(
app_handle.clone(),
@@ -758,6 +785,7 @@ impl BrowserRunner {
temp_pid,
Some(&profile_id_str),
profile.proxy_bypass_rules.clone(),
blocklist_file,
)
.await
.map_err(|e| {
@@ -2280,6 +2308,7 @@ pub async fn launch_browser_profile(
// Always start a local proxy, even if there's no upstream proxy
// This allows for traffic monitoring and future features
let blocklist_file = BrowserRunner::resolve_blocklist_file(&profile_for_launch).await?;
match PROXY_MANAGER
.start_proxy(
app_handle.clone(),
@@ -2287,6 +2316,7 @@ pub async fn launch_browser_profile(
temp_pid,
Some(&profile_id_str),
profile_for_launch.proxy_bypass_rules.clone(),
blocklist_file,
)
.await
{
src-tauri/src/dns_blocklist.rs
+343
View File
@@ -0,0 +1,343 @@
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use std::time::{Duration, SystemTime};
use crate::app_dirs;
const REFRESH_INTERVAL: Duration = Duration::from_secs(43200); // 12 hours
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
#[serde(rename_all = "snake_case")]
pub enum BlocklistLevel {
#[default]
None,
Light,
Normal,
Pro,
ProPlus,
Ultimate,
}
impl BlocklistLevel {
pub fn parse_level(s: &str) -> Option<Self> {
match s {
"light" => Some(Self::Light),
"normal" => Some(Self::Normal),
"pro" => Some(Self::Pro),
"pro_plus" => Some(Self::ProPlus),
"ultimate" => Some(Self::Ultimate),
"none" => Some(Self::None),
_ => None,
}
}
pub fn as_str(&self) -> &'static str {
match self {
Self::None => "none",
Self::Light => "light",
Self::Normal => "normal",
Self::Pro => "pro",
Self::ProPlus => "pro_plus",
Self::Ultimate => "ultimate",
}
}
pub fn display_name(&self) -> &'static str {
match self {
Self::None => "None",
Self::Light => "Light",
Self::Normal => "Normal",
Self::Pro => "Pro",
Self::ProPlus => "Pro++",
Self::Ultimate => "Ultimate",
}
}
pub fn url(&self) -> Option<&'static str> {
match self {
Self::None => None,
Self::Light => {
Some("https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/light.txt")
}
Self::Normal => {
Some("https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/multi.txt")
}
Self::Pro => Some("https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/pro.txt"),
Self::ProPlus => {
Some("https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/pro.plus.txt")
}
Self::Ultimate => {
Some("https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/ultimate.txt")
}
}
}
pub fn filename(&self) -> Option<&'static str> {
match self {
Self::None => None,
Self::Light => Some("light.txt"),
Self::Normal => Some("multi.txt"),
Self::Pro => Some("pro.txt"),
Self::ProPlus => Some("pro.plus.txt"),
Self::Ultimate => Some("ultimate.txt"),
}
}
pub fn all_downloadable() -> &'static [BlocklistLevel] {
&[
Self::Light,
Self::Normal,
Self::Pro,
Self::ProPlus,
Self::Ultimate,
]
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BlocklistCacheStatus {
pub level: String,
pub display_name: String,
pub entry_count: usize,
pub file_size_bytes: u64,
pub last_updated: Option<u64>,
pub is_fresh: bool,
pub is_cached: bool,
}
pub struct BlocklistManager;
lazy_static::lazy_static! {
static ref HTTP_CLIENT: reqwest::Client = reqwest::Client::builder()
.timeout(Duration::from_secs(60))
.build()
.expect("Failed to create HTTP client");
}
impl BlocklistManager {
pub fn instance() -> &'static BlocklistManager {
&BLOCKLIST_MANAGER
}
fn cache_dir() -> PathBuf {
app_dirs::dns_blocklist_dir()
}
pub fn cached_file_path(level: BlocklistLevel) -> Option<PathBuf> {
level.filename().map(|f| Self::cache_dir().join(f))
}
pub fn is_cache_fresh(level: BlocklistLevel) -> bool {
let Some(path) = Self::cached_file_path(level) else {
return false;
};
if !path.exists() {
return false;
}
match std::fs::metadata(&path).and_then(|m| m.modified()) {
Ok(modified) => SystemTime::now()
.duration_since(modified)
.map(|age| age < REFRESH_INTERVAL)
.unwrap_or(false),
Err(_) => false,
}
}
pub async fn fetch_blocklist(level: BlocklistLevel) -> Result<PathBuf, String> {
let url = level
.url()
.ok_or_else(|| format!("No URL for level {:?}", level))?;
let path =
Self::cached_file_path(level).ok_or_else(|| format!("No filename for level {:?}", level))?;
let cache_dir = Self::cache_dir();
std::fs::create_dir_all(&cache_dir).map_err(|e| format!("Failed to create cache dir: {e}"))?;
log::info!(
"[dns-blocklist] Fetching {} from {}",
level.display_name(),
url
);
let response = HTTP_CLIENT
.get(url)
.send()
.await
.map_err(|e| format!("Failed to fetch blocklist: {e}"))?;
if !response.status().is_success() {
return Err(format!("HTTP {} when fetching {}", response.status(), url));
}
let body = response
.text()
.await
.map_err(|e| format!("Failed to read response body: {e}"))?;
// Write atomically: write to temp file, then rename
let tmp_path = path.with_extension("tmp");
std::fs::write(&tmp_path, &body).map_err(|e| format!("Failed to write blocklist: {e}"))?;
std::fs::rename(&tmp_path, &path).map_err(|e| format!("Failed to rename blocklist: {e}"))?;
let entry_count = body
.lines()
.filter(|l| !l.starts_with('#') && !l.trim().is_empty())
.count();
log::info!(
"[dns-blocklist] Cached {} ({} domains)",
level.display_name(),
entry_count
);
Ok(path)
}
pub async fn ensure_cached(level: BlocklistLevel) -> Result<PathBuf, String> {
if let Some(path) = Self::cached_file_path(level) {
if path.exists() {
return Ok(path);
}
}
Self::fetch_blocklist(level).await
}
pub async fn refresh_all_stale(&self) {
for &level in BlocklistLevel::all_downloadable() {
if !Self::is_cache_fresh(level) {
if let Err(e) = Self::fetch_blocklist(level).await {
log::error!(
"[dns-blocklist] Failed to refresh {}: {e}",
level.display_name()
);
let _ = crate::events::emit(
"dns-blocklist-refresh-failed",
serde_json::json!({
"level": level.as_str(),
"error": e,
}),
);
}
}
}
}
pub fn get_blocklist_file_path(level: BlocklistLevel) -> Option<PathBuf> {
Self::cached_file_path(level).filter(|p| p.exists())
}
pub fn get_cache_status() -> Vec<BlocklistCacheStatus> {
BlocklistLevel::all_downloadable()
.iter()
.map(|&level| {
let path = Self::cached_file_path(level);
let metadata = path.as_ref().and_then(|p| std::fs::metadata(p).ok());
let is_cached = metadata.is_some();
let entry_count = if is_cached {
path
.as_ref()
.and_then(|p| std::fs::read_to_string(p).ok())
.map(|content| {
content
.lines()
.filter(|l| !l.starts_with('#') && !l.trim().is_empty())
.count()
})
.unwrap_or(0)
} else {
0
};
let file_size_bytes = metadata.as_ref().map(|m| m.len()).unwrap_or(0);
let last_updated = metadata
.as_ref()
.and_then(|m| m.modified().ok())
.and_then(|t| t.duration_since(SystemTime::UNIX_EPOCH).ok())
.map(|d| d.as_secs());
BlocklistCacheStatus {
level: level.as_str().to_string(),
display_name: level.display_name().to_string(),
entry_count,
file_size_bytes,
last_updated,
is_fresh: Self::is_cache_fresh(level),
is_cached,
}
})
.collect()
}
}
lazy_static::lazy_static! {
static ref BLOCKLIST_MANAGER: BlocklistManager = BlocklistManager;
}
// Tauri commands
#[tauri::command]
pub async fn get_dns_blocklist_cache_status() -> Result<Vec<BlocklistCacheStatus>, String> {
Ok(BlocklistManager::get_cache_status())
}
#[tauri::command]
pub async fn refresh_dns_blocklists() -> Result<(), String> {
for &level in BlocklistLevel::all_downloadable() {
BlocklistManager::fetch_blocklist(level).await?;
}
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_level_roundtrip() {
for &level in BlocklistLevel::all_downloadable() {
let s = level.as_str();
let parsed = BlocklistLevel::parse_level(s);
assert_eq!(parsed, Some(level), "Roundtrip failed for {s}");
}
assert_eq!(
BlocklistLevel::parse_level("none"),
Some(BlocklistLevel::None)
);
}
#[test]
fn test_level_urls_all_present() {
for &level in BlocklistLevel::all_downloadable() {
assert!(
level.url().is_some(),
"{} should have a URL",
level.as_str()
);
assert!(
level.filename().is_some(),
"{} should have a filename",
level.as_str()
);
}
assert!(BlocklistLevel::None.url().is_none());
assert!(BlocklistLevel::None.filename().is_none());
}
#[test]
fn test_cache_status_returns_all_levels() {
let statuses = BlocklistManager::get_cache_status();
assert_eq!(statuses.len(), 5);
assert_eq!(statuses[0].level, "light");
assert_eq!(statuses[1].level, "normal");
assert_eq!(statuses[2].level, "pro");
assert_eq!(statuses[3].level, "pro_plus");
assert_eq!(statuses[4].level, "ultimate");
}
#[test]
fn test_cache_fresh_returns_false_when_missing() {
assert!(!BlocklistManager::is_cache_fresh(BlocklistLevel::Light));
assert!(!BlocklistManager::is_cache_fresh(BlocklistLevel::None));
}
}
src-tauri/src/ephemeral_dirs.rs
+1
View File
@@ -277,6 +277,7 @@ mod tests {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
}
}
src-tauri/src/lib.rs
+20 -3
View File
@@ -19,6 +19,7 @@ mod browser_version_manager;
pub mod camoufox;
mod camoufox_manager;
mod default_browser;
pub mod dns_blocklist;
mod downloaded_browsers_registry;
mod downloader;
mod ephemeral_dirs;
@@ -65,9 +66,9 @@ use browser_runner::{
use profile::manager::{
check_browser_status, clone_profile, create_browser_profile_new, delete_profile,
list_browser_profiles, rename_profile, update_camoufox_config, update_profile_note,
update_profile_proxy, update_profile_proxy_bypass_rules, update_profile_tags, update_profile_vpn,
update_wayfern_config,
list_browser_profiles, rename_profile, update_camoufox_config, update_profile_dns_blocklist,
update_profile_note, update_profile_proxy, update_profile_proxy_bypass_rules,
update_profile_tags, update_profile_vpn, update_wayfern_config,
};
use browser_version_manager::{
@@ -1132,6 +1133,7 @@ async fn generate_sample_fingerprint(
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
if browser == "camoufox" {
@@ -1462,6 +1464,17 @@ pub fn run() {
}
});
// DNS blocklist refresh task (every 12 hours)
tauri::async_runtime::spawn(async move {
let manager = dns_blocklist::BlocklistManager::instance();
let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(43200));
interval.tick().await; // Skip the immediate first tick
loop {
interval.tick().await;
manager.refresh_all_stale().await;
}
});
tauri::async_runtime::spawn(async move {
let updater = app_auto_updater::AppAutoUpdater::instance();
let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(3 * 60 * 60));
@@ -1805,6 +1818,7 @@ pub fn run() {
update_profile_tags,
update_profile_note,
update_profile_proxy_bypass_rules,
update_profile_dns_blocklist,
check_browser_status,
kill_browser_profile,
rename_profile,
@@ -1952,6 +1966,9 @@ pub fn run() {
synchronizer::stop_sync_session,
synchronizer::remove_sync_follower,
synchronizer::get_sync_sessions,
// DNS blocklist commands
dns_blocklist::get_dns_blocklist_cache_status,
dns_blocklist::refresh_dns_blocklists,
])
.build(tauri::generate_context!())
.expect("error while building tauri application")
src-tauri/src/mcp_server.rs
+89
View File
@@ -1009,6 +1009,36 @@ impl McpServer {
"required": ["profile_id", "rules"]
}),
},
McpTool {
name: "update_profile_dns_blocklist".to_string(),
description:
"Update the DNS blocklist level for a profile. Blocks ads, trackers, and malware domains at the proxy level."
.to_string(),
input_schema: serde_json::json!({
"type": "object",
"properties": {
"profile_id": {
"type": "string",
"description": "The UUID of the profile to update"
},
"level": {
"type": "string",
"enum": ["none", "light", "normal", "pro", "pro_plus", "ultimate"],
"description": "DNS blocklist level. 'none' disables blocking."
}
},
"required": ["profile_id", "level"]
}),
},
McpTool {
name: "get_dns_blocklist_status".to_string(),
description: "Get the cache status of all DNS blocklist tiers including entry counts and freshness.".to_string(),
input_schema: serde_json::json!({
"type": "object",
"properties": {},
"required": []
}),
},
McpTool {
name: "list_extensions".to_string(),
description: "List all managed browser extensions. Requires Pro subscription.".to_string(),
@@ -1482,6 +1512,9 @@ impl McpServer {
.handle_update_profile_proxy_bypass_rules(&arguments)
.await
}
// DNS blocklist management
"update_profile_dns_blocklist" => self.handle_update_profile_dns_blocklist(&arguments).await,
"get_dns_blocklist_status" => self.handle_get_dns_blocklist_status().await,
// Extension management
"list_extensions" => self.handle_list_extensions().await,
"list_extension_groups" => self.handle_list_extension_groups().await,
@@ -1806,6 +1839,7 @@ impl McpServer {
let mut profile = ProfileManager::instance()
.create_profile_with_group(
app_handle, name, browser, version, "stable", proxy_id, None, None, None, group_id, false,
None,
)
.await
.map_err(|e| McpError {
@@ -3119,6 +3153,61 @@ impl McpServer {
}))
}
async fn handle_update_profile_dns_blocklist(
&self,
arguments: &serde_json::Value,
) -> Result<serde_json::Value, McpError> {
let profile_id = arguments
.get("profile_id")
.and_then(|v| v.as_str())
.ok_or_else(|| McpError {
code: -32602,
message: "Missing profile_id".to_string(),
})?;
let level = arguments
.get("level")
.and_then(|v| v.as_str())
.ok_or_else(|| McpError {
code: -32602,
message: "Missing level".to_string(),
})?;
let dns_blocklist = if level == "none" {
None
} else {
Some(level.to_string())
};
let profile = ProfileManager::instance()
.update_profile_dns_blocklist(profile_id, dns_blocklist)
.map_err(|e| McpError {
code: -32000,
message: format!("Failed to update DNS blocklist: {e}"),
})?;
Ok(serde_json::json!({
"content": [{
"type": "text",
"text": format!(
"DNS blocklist updated for profile '{}': {}",
profile.name,
level
)
}]
}))
}
async fn handle_get_dns_blocklist_status(&self) -> Result<serde_json::Value, McpError> {
let statuses = crate::dns_blocklist::BlocklistManager::get_cache_status();
Ok(serde_json::json!({
"content": [{
"type": "text",
"text": serde_json::to_string_pretty(&statuses).unwrap_or_default()
}]
}))
}
async fn handle_list_extensions(&self) -> Result<serde_json::Value, McpError> {
if !CLOUD_AUTH.has_active_paid_subscription().await {
return Err(McpError {
src-tauri/src/profile/manager.rs
+44
View File
@@ -50,6 +50,7 @@ impl ProfileManager {
wayfern_config: Option<WayfernConfig>,
group_id: Option<String>,
ephemeral: bool,
dns_blocklist: Option<String>,
) -> Result<BrowserProfile, Box<dyn std::error::Error>> {
if proxy_id.is_some() && vpn_id.is_some() {
return Err("Cannot set both proxy_id and vpn_id".into());
@@ -158,6 +159,7 @@ impl ProfileManager {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
match self
@@ -257,6 +259,7 @@ impl ProfileManager {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
match self
@@ -310,6 +313,7 @@ impl ProfileManager {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist,
};
// Save profile info
@@ -760,6 +764,30 @@ impl ProfileManager {
Ok(profile)
}
pub fn update_profile_dns_blocklist(
&self,
profile_id: &str,
dns_blocklist: Option<String>,
) -> Result<BrowserProfile, Box<dyn std::error::Error>> {
let profile_uuid =
uuid::Uuid::parse_str(profile_id).map_err(|_| format!("Invalid profile ID: {profile_id}"))?;
let profiles = self.list_profiles()?;
let mut profile = profiles
.into_iter()
.find(|p| p.id == profile_uuid)
.ok_or_else(|| format!("Profile with ID '{profile_id}' not found"))?;
profile.dns_blocklist = dns_blocklist;
self.save_profile(&profile)?;
if let Err(e) = events::emit_empty("profiles-changed") {
log::warn!("Warning: Failed to emit profiles-changed event: {e}");
}
Ok(profile)
}
pub fn delete_multiple_profiles(
&self,
app_handle: &tauri::AppHandle,
@@ -902,6 +930,7 @@ impl ProfileManager {
proxy_bypass_rules: source.proxy_bypass_rules,
created_by_id: None,
created_by_email: None,
dns_blocklist: source.dns_blocklist,
};
self.save_profile(&new_profile)?;
@@ -1957,6 +1986,7 @@ pub async fn create_browser_profile_with_group(
wayfern_config: Option<WayfernConfig>,
group_id: Option<String>,
ephemeral: bool,
dns_blocklist: Option<String>,
) -> Result<BrowserProfile, String> {
let profile_manager = ProfileManager::instance();
profile_manager
@@ -1972,6 +2002,7 @@ pub async fn create_browser_profile_with_group(
wayfern_config,
group_id,
ephemeral,
dns_blocklist,
)
.await
.map_err(|e| format!("Failed to create profile: {e}"))
@@ -2047,6 +2078,17 @@ pub fn update_profile_proxy_bypass_rules(
.map_err(|e| format!("Failed to update proxy bypass rules: {e}"))
}
#[tauri::command]
pub fn update_profile_dns_blocklist(
profile_id: String,
dns_blocklist: Option<String>,
) -> Result<BrowserProfile, String> {
let profile_manager = ProfileManager::instance();
profile_manager
.update_profile_dns_blocklist(&profile_id, dns_blocklist)
.map_err(|e| format!("Failed to update DNS blocklist: {e}"))
}
#[tauri::command]
pub async fn check_browser_status(
app_handle: tauri::AppHandle,
@@ -2085,6 +2127,7 @@ pub async fn create_browser_profile_new(
wayfern_config: Option<WayfernConfig>,
group_id: Option<String>,
ephemeral: Option<bool>,
dns_blocklist: Option<String>,
) -> Result<BrowserProfile, String> {
let fingerprint_os = camoufox_config
.as_ref()
@@ -2112,6 +2155,7 @@ pub async fn create_browser_profile_new(
wayfern_config,
group_id,
ephemeral.unwrap_or(false),
dns_blocklist,
)
.await
}
src-tauri/src/profile/types.rs
+2
View File
@@ -65,6 +65,8 @@ pub struct BrowserProfile {
pub created_by_id: Option<String>,
#[serde(default)]
pub created_by_email: Option<String>,
#[serde(default)]
pub dns_blocklist: Option<String>,
}
pub fn default_release_type() -> String {
src-tauri/src/profile_importer.rs
+3
View File
@@ -582,6 +582,7 @@ impl ProfileImporter {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
match self
@@ -660,6 +661,7 @@ impl ProfileImporter {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
match self
@@ -709,6 +711,7 @@ impl ProfileImporter {
proxy_bypass_rules: Vec::new(),
created_by_id: None,
created_by_email: None,
dns_blocklist: None,
};
self.profile_manager.save_profile(&profile)?;
src-tauri/src/proxy_manager.rs
+17
View File
@@ -77,6 +77,7 @@ pub struct ProxyInfo {
pub local_port: u16,
// Optional profile ID to which this proxy instance is logically tied
pub profile_id: Option<String>,
pub blocklist_file: Option<String>,
}
// Proxy check result cache
@@ -1675,6 +1676,7 @@ impl ProxyManager {
browser_pid: u32,
profile_id: Option<&str>,
bypass_rules: Vec<String>,
blocklist_file: Option<String>,
) -> Result<ProxySettings, String> {
if let Some(name) = profile_id {
// Check if we have an active proxy recorded for this profile
@@ -1802,6 +1804,11 @@ impl ProxyManager {
proxy_cmd = proxy_cmd.arg("--bypass-rules").arg(rules_json);
}
// Add blocklist file path if provided
if let Some(ref path) = blocklist_file {
proxy_cmd = proxy_cmd.arg("--blocklist-file").arg(path);
}
// Execute the command and wait for it to complete
// The donut-proxy binary should start the worker and then exit
let output = proxy_cmd
@@ -1847,6 +1854,7 @@ impl ProxyManager {
.unwrap_or_else(|| "DIRECT".to_string()),
local_port,
profile_id: profile_id.map(|s| s.to_string()),
blocklist_file: blocklist_file.clone(),
};
// Wait for the local proxy port to be ready to accept connections
@@ -2345,6 +2353,7 @@ mod tests {
upstream_type: "http".to_string(),
local_port: (8000 + i) as u16,
profile_id: None,
blocklist_file: None,
};
// Add proxy
@@ -2671,6 +2680,7 @@ mod tests {
upstream_type: "http".to_string(),
local_port: port,
profile_id: profile_id.map(|s| s.to_string()),
blocklist_file: None,
}
}
@@ -2898,6 +2908,7 @@ mod tests {
pid: Some(live_pid),
profile_id: None,
bypass_rules: Vec::new(),
blocklist_file: None,
};
let dead_config = ProxyConfig {
id: dead_id.clone(),
@@ -2908,6 +2919,7 @@ mod tests {
pid: Some(dead_pid),
profile_id: None,
bypass_rules: Vec::new(),
blocklist_file: None,
};
save_proxy_config(&live_config).unwrap();
@@ -2946,6 +2958,7 @@ mod tests {
pid: Some(12345),
profile_id: Some("prof_abc".to_string()),
bypass_rules: vec!["*.local".to_string(), "192.168.*".to_string()],
blocklist_file: None,
};
// Save
@@ -3064,6 +3077,7 @@ mod tests {
upstream_type: "http".to_string(),
local_port: 9201,
profile_id: Some("profile_alpha".to_string()),
blocklist_file: None,
};
let info_b = ProxyInfo {
id: "px_shared_b".to_string(),
@@ -3073,6 +3087,7 @@ mod tests {
upstream_type: "http".to_string(),
local_port: 9202,
profile_id: Some("profile_beta".to_string()),
blocklist_file: None,
};
pm.insert_active_proxy(3001, info_a);
@@ -3260,6 +3275,7 @@ mod tests {
pid: Some(dead_pid),
profile_id: None,
bypass_rules: Vec::new(),
blocklist_file: None,
};
save_proxy_config(&config).unwrap();
@@ -3432,6 +3448,7 @@ mod tests {
upstream_type: ptype.to_string(),
local_port: 9300 + i as u16,
profile_id: Some(format!("profile_{ptype}")),
blocklist_file: None,
};
pm.insert_active_proxy(4000 + i as u32, info);
}
src-tauri/src/proxy_runner.rs
+4 -2
View File
@@ -12,7 +12,7 @@ pub async fn start_proxy_process(
upstream_url: Option<String>,
port: Option<u16>,
) -> Result<ProxyConfig, Box<dyn std::error::Error>> {
start_proxy_process_with_profile(upstream_url, port, None, Vec::new()).await
start_proxy_process_with_profile(upstream_url, port, None, Vec::new(), None).await
}
pub async fn start_proxy_process_with_profile(
@@ -20,6 +20,7 @@ pub async fn start_proxy_process_with_profile(
port: Option<u16>,
profile_id: Option<String>,
bypass_rules: Vec<String>,
blocklist_file: Option<String>,
) -> Result<ProxyConfig, Box<dyn std::error::Error>> {
let id = generate_proxy_id();
let upstream = upstream_url.unwrap_or_else(|| "DIRECT".to_string());
@@ -33,7 +34,8 @@ pub async fn start_proxy_process_with_profile(
let config = ProxyConfig::new(id.clone(), upstream, Some(local_port))
.with_profile_id(profile_id.clone())
.with_bypass_rules(bypass_rules);
.with_bypass_rules(bypass_rules)
.with_blocklist_file(blocklist_file);
save_proxy_config(&config)?;
// Log profile_id for debugging
src-tauri/src/proxy_server.rs
+217 -7
View File
@@ -7,6 +7,7 @@ use hyper::service::service_fn;
use hyper::{Method, Request, Response, StatusCode};
use hyper_util::rt::TokioIo;
use regex_lite::Regex;
use std::collections::HashSet;
use std::convert::Infallible;
use std::io;
use std::net::SocketAddr;
@@ -51,6 +52,58 @@ impl BypassMatcher {
}
}
#[derive(Clone)]
pub struct BlocklistMatcher {
domains: Arc<HashSet<String>>,
}
impl Default for BlocklistMatcher {
fn default() -> Self {
Self::new()
}
}
impl BlocklistMatcher {
pub fn new() -> Self {
Self {
domains: Arc::new(HashSet::new()),
}
}
pub fn from_file(path: &str) -> Result<Self, Box<dyn std::error::Error>> {
let content = std::fs::read_to_string(path)?;
let domains: HashSet<String> = content
.lines()
.filter(|line| !line.starts_with('#') && !line.trim().is_empty())
.map(|line| line.trim().to_lowercase())
.collect();
log::info!("[blocklist] Loaded {} domains from {}", domains.len(), path);
Ok(Self {
domains: Arc::new(domains),
})
}
pub fn is_blocked(&self, host: &str) -> bool {
if self.domains.is_empty() {
return false;
}
let host_lower = host.to_lowercase();
// Exact match
if self.domains.contains(host_lower.as_str()) {
return true;
}
// Suffix matching: check parent domains (like uBlock)
let mut start = 0;
while let Some(dot_pos) = host_lower[start..].find('.') {
start += dot_pos + 1;
if self.domains.contains(&host_lower[start..]) {
return true;
}
}
false
}
}
/// Wrapper stream that counts bytes read and written
struct CountingStream<S> {
inner: S,
@@ -167,20 +220,22 @@ async fn handle_request(
req: Request<hyper::body::Incoming>,
upstream_url: Option<String>,
bypass_matcher: BypassMatcher,
blocklist_matcher: BlocklistMatcher,
) -> Result<Response<Full<Bytes>>, Infallible> {
// Handle CONNECT method for HTTPS tunneling
if req.method() == Method::CONNECT {
return handle_connect(req, upstream_url, bypass_matcher).await;
return handle_connect(req, upstream_url, bypass_matcher, blocklist_matcher).await;
}
// Handle regular HTTP requests
handle_http(req, upstream_url, bypass_matcher).await
handle_http(req, upstream_url, bypass_matcher, blocklist_matcher).await
}
async fn handle_connect(
req: Request<hyper::body::Incoming>,
upstream_url: Option<String>,
bypass_matcher: BypassMatcher,
blocklist_matcher: BlocklistMatcher,
) -> Result<Response<Full<Bytes>>, Infallible> {
let authority = req.uri().authority().cloned();
@@ -196,6 +251,14 @@ async fn handle_connect(
(&target_addr[..], 443)
};
// Block if domain is in the DNS blocklist (before any connection)
if blocklist_matcher.is_blocked(target_host) {
log::debug!("[blocklist] Blocked CONNECT to {}", target_host);
let mut response = Response::new(Full::new(Bytes::from("Blocked by DNS blocklist")));
*response.status_mut() = StatusCode::FORBIDDEN;
return Ok(response);
}
// If no upstream proxy, or bypass rule matches, connect directly
if upstream_url.is_none()
|| upstream_url
@@ -711,6 +774,7 @@ async fn handle_http(
req: Request<hyper::body::Incoming>,
upstream_url: Option<String>,
bypass_matcher: BypassMatcher,
blocklist_matcher: BlocklistMatcher,
) -> Result<Response<Full<Bytes>>, Infallible> {
// Extract domain for traffic tracking
let domain = req
@@ -719,6 +783,14 @@ async fn handle_http(
.map(|h| h.to_string())
.unwrap_or_else(|| "unknown".to_string());
// Block if domain is in the DNS blocklist (before any connection)
if blocklist_matcher.is_blocked(&domain) {
log::debug!("[blocklist] Blocked HTTP request to {}", domain);
let mut response = Response::new(Full::new(Bytes::from("Blocked by DNS blocklist")));
*response.status_mut() = StatusCode::FORBIDDEN;
return Ok(response);
}
log::error!(
"DEBUG: Handling HTTP request: {} {} (host: {:?})",
req.method(),
@@ -888,6 +960,7 @@ pub async fn handle_proxy_connection(
mut stream: tokio::net::TcpStream,
upstream_url: Option<String>,
bypass_matcher: BypassMatcher,
blocklist_matcher: BlocklistMatcher,
) {
let _ = stream.set_nodelay(true);
@@ -942,8 +1015,14 @@ pub async fn handle_proxy_connection(
}
}
let _ =
handle_connect_from_buffer(stream, full_request, upstream_url, bypass_matcher).await;
let _ = handle_connect_from_buffer(
stream,
full_request,
upstream_url,
bypass_matcher,
blocklist_matcher,
)
.await;
return;
}
@@ -955,8 +1034,14 @@ pub async fn handle_proxy_connection(
inner: stream,
};
let io = TokioIo::new(prepended_reader);
let service =
service_fn(move |req| handle_request(req, upstream_url.clone(), bypass_matcher.clone()));
let service = service_fn(move |req| {
handle_request(
req,
upstream_url.clone(),
bypass_matcher.clone(),
blocklist_matcher.clone(),
)
});
let _ = http1::Builder::new().serve_connection(io, service).await;
}
@@ -1128,6 +1213,17 @@ pub async fn run_proxy_server(config: ProxyConfig) -> Result<(), Box<dyn std::er
});
let bypass_matcher = BypassMatcher::new(&config.bypass_rules);
let blocklist_matcher = if let Some(ref path) = config.blocklist_file {
match BlocklistMatcher::from_file(path) {
Ok(m) => m,
Err(e) => {
log::error!("[blocklist] Failed to load from {}: {}", path, e);
BlocklistMatcher::new()
}
}
} else {
BlocklistMatcher::new()
};
// Keep the runtime alive with an infinite loop
// This ensures the process doesn't exit even if there are no active connections
@@ -1136,8 +1232,9 @@ pub async fn run_proxy_server(config: ProxyConfig) -> Result<(), Box<dyn std::er
Ok((stream, _peer_addr)) => {
let upstream = upstream_url.clone();
let matcher = bypass_matcher.clone();
let blocker = blocklist_matcher.clone();
tokio::task::spawn(async move {
handle_proxy_connection(stream, upstream, matcher).await;
handle_proxy_connection(stream, upstream, matcher, blocker).await;
});
}
Err(e) => {
@@ -1155,6 +1252,7 @@ async fn handle_connect_from_buffer(
request_buffer: Vec<u8>,
upstream_url: Option<String>,
bypass_matcher: BypassMatcher,
blocklist_matcher: BlocklistMatcher,
) -> Result<(), Box<dyn std::error::Error>> {
// Parse the CONNECT request from the buffer
let request_str = String::from_utf8_lossy(&request_buffer);
@@ -1185,6 +1283,15 @@ async fn handle_connect_from_buffer(
(target, 443)
};
// Block if domain is in the DNS blocklist (before any connection)
if blocklist_matcher.is_blocked(target_host) {
log::debug!("[blocklist] Blocked CONNECT tunnel to {}", target_host);
let _ = client_stream
.write_all(b"HTTP/1.1 403 Forbidden\r\nContent-Length: 24\r\n\r\nBlocked by DNS blocklist")
.await;
return Ok(());
}
// Record domain access in traffic tracker
let domain = target_host.to_string();
if let Some(tracker) = get_traffic_tracker() {
@@ -1362,3 +1469,106 @@ async fn handle_connect_from_buffer(
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
use std::io::Write;
#[test]
fn test_blocklist_exact_match() {
let mut matcher = BlocklistMatcher::new();
let mut domains = HashSet::new();
domains.insert("example.com".to_string());
domains.insert("tracker.net".to_string());
matcher.domains = Arc::new(domains);
assert!(matcher.is_blocked("example.com"));
assert!(matcher.is_blocked("tracker.net"));
assert!(!matcher.is_blocked("safe.com"));
}
#[test]
fn test_blocklist_subdomain_match() {
let mut matcher = BlocklistMatcher::new();
let mut domains = HashSet::new();
domains.insert("example.com".to_string());
matcher.domains = Arc::new(domains);
assert!(matcher.is_blocked("foo.example.com"));
assert!(matcher.is_blocked("bar.baz.example.com"));
assert!(matcher.is_blocked("a.b.c.example.com"));
}
#[test]
fn test_blocklist_no_false_positives() {
let mut matcher = BlocklistMatcher::new();
let mut domains = HashSet::new();
domains.insert("example.com".to_string());
matcher.domains = Arc::new(domains);
// "notexample.com" should NOT match "example.com"
assert!(!matcher.is_blocked("notexample.com"));
assert!(!matcher.is_blocked("myexample.com"));
// But subdomain should
assert!(matcher.is_blocked("sub.example.com"));
}
#[test]
fn test_blocklist_empty_blocks_nothing() {
let matcher = BlocklistMatcher::new();
assert!(!matcher.is_blocked("anything.com"));
assert!(!matcher.is_blocked("example.com"));
}
#[test]
fn test_blocklist_case_insensitive() {
let mut matcher = BlocklistMatcher::new();
let mut domains = HashSet::new();
domains.insert("example.com".to_string());
matcher.domains = Arc::new(domains);
assert!(matcher.is_blocked("EXAMPLE.COM"));
assert!(matcher.is_blocked("Example.Com"));
assert!(matcher.is_blocked("FOO.EXAMPLE.COM"));
}
#[test]
fn test_blocklist_from_file() {
let mut tmpfile = tempfile::NamedTempFile::new().unwrap();
writeln!(tmpfile, "# This is a comment").unwrap();
writeln!(tmpfile).unwrap();
writeln!(tmpfile, "tracker.example.com").unwrap();
writeln!(tmpfile, "ads.network.com").unwrap();
writeln!(tmpfile, "# Another comment").unwrap();
writeln!(tmpfile, "malware.site").unwrap();
tmpfile.flush().unwrap();
let matcher = BlocklistMatcher::from_file(tmpfile.path().to_str().unwrap()).unwrap();
assert!(matcher.is_blocked("tracker.example.com"));
assert!(matcher.is_blocked("ads.network.com"));
assert!(matcher.is_blocked("malware.site"));
assert!(matcher.is_blocked("sub.malware.site"));
assert!(!matcher.is_blocked("safe.com"));
// Comments and empty lines should be skipped: 3 domains loaded
assert_eq!(matcher.domains.len(), 3);
}
#[test]
fn test_blocklist_comments_skipped() {
let mut tmpfile = tempfile::NamedTempFile::new().unwrap();
writeln!(tmpfile, "# Title: HaGeZi's Light DNS Blocklist").unwrap();
writeln!(tmpfile, "# Description: test").unwrap();
writeln!(tmpfile, "# Version: 2026.0330.0928.01").unwrap();
writeln!(tmpfile).unwrap();
writeln!(tmpfile, "domain1.com").unwrap();
writeln!(tmpfile, "domain2.com").unwrap();
tmpfile.flush().unwrap();
let matcher = BlocklistMatcher::from_file(tmpfile.path().to_str().unwrap()).unwrap();
assert_eq!(matcher.domains.len(), 2);
assert!(matcher.is_blocked("domain1.com"));
assert!(matcher.is_blocked("domain2.com"));
}
}
src-tauri/src/proxy_storage.rs
+8
View File
@@ -14,6 +14,8 @@ pub struct ProxyConfig {
pub profile_id: Option<String>,
#[serde(default)]
pub bypass_rules: Vec<String>,
#[serde(default)]
pub blocklist_file: Option<String>,
}
impl ProxyConfig {
@@ -27,6 +29,7 @@ impl ProxyConfig {
pid: None,
profile_id: None,
bypass_rules: Vec::new(),
blocklist_file: None,
}
}
@@ -39,6 +42,11 @@ impl ProxyConfig {
self.bypass_rules = bypass_rules;
self
}
pub fn with_blocklist_file(mut self, blocklist_file: Option<String>) -> Self {
self.blocklist_file = blocklist_file;
self
}
}
pub fn get_storage_dir() -> PathBuf {
src/app/layout.tsx
+2 -19
View File
@@ -1,14 +1,7 @@
"use client";
import { Geist, Geist_Mono } from "next/font/google";
import "@/styles/globals.css";
import "flag-icons/css/flag-icons.min.css";
import { useEffect } from "react";
import { I18nProvider } from "@/components/i18n-provider";
import { CustomThemeProvider } from "@/components/theme-provider";
import { Toaster } from "@/components/ui/sonner";
import { TooltipProvider } from "@/components/ui/tooltip";
import { WindowDragArea } from "@/components/window-drag-area";
import { setupLogging } from "@/lib/logger";
import { ClientProviders } from "@/components/client-providers";
const geistSans = Geist({
variable: "--font-geist-sans",
@@ -25,22 +18,12 @@ export default function RootLayout({
}: Readonly<{
children: React.ReactNode;
}>) {
useEffect(() => {
void setupLogging();
}, []);
return (
<html lang="en" suppressHydrationWarning>
<body
className={`${geistSans.variable} ${geistMono.variable} antialiased overflow-hidden bg-background`}
>
<I18nProvider>
<CustomThemeProvider>
<WindowDragArea />
<TooltipProvider>{children}</TooltipProvider>
<Toaster />
</CustomThemeProvider>
</I18nProvider>
<ClientProviders>{children}</ClientProviders>
</body>
</html>
);
src/app/page.tsx
+2
View File
@@ -515,6 +515,7 @@ export default function Home() {
groupId?: string;
extensionGroupId?: string;
ephemeral?: boolean;
dnsBlocklist?: string;
}) => {
try {
const profile = await invoke<BrowserProfile>(
@@ -532,6 +533,7 @@ export default function Home() {
profileData.groupId ??
(selectedGroupId !== "default" ? selectedGroupId : undefined),
ephemeral: profileData.ephemeral,
dnsBlocklist: profileData.dnsBlocklist,
},
);
src/components/bandwidth-mini-chart.tsx
+6 -1
View File
@@ -68,7 +68,12 @@ export function BandwidthMiniChart({
)}
>
<div className="flex-1 h-3 pointer-events-none">
<ResponsiveContainer width="100%" height="100%">
<ResponsiveContainer
width="100%"
height="100%"
minWidth={1}
minHeight={1}
>
<AreaChart
data={chartData}
margin={{ top: 0, right: 0, bottom: 0, left: 0 }}
src/components/client-providers.tsx
+25
View File
@@ -0,0 +1,25 @@
"use client";
import { useEffect } from "react";
import { I18nProvider } from "@/components/i18n-provider";
import { CustomThemeProvider } from "@/components/theme-provider";
import { Toaster } from "@/components/ui/sonner";
import { TooltipProvider } from "@/components/ui/tooltip";
import { WindowDragArea } from "@/components/window-drag-area";
import { setupLogging } from "@/lib/logger";
export function ClientProviders({ children }: { children: React.ReactNode }) {
useEffect(() => {
void setupLogging();
}, []);
return (
<I18nProvider>
<CustomThemeProvider>
<WindowDragArea />
<TooltipProvider>{children}</TooltipProvider>
<Toaster />
</CustomThemeProvider>
</I18nProvider>
);
}
src/components/create-profile-dialog.tsx
+42
View File
@@ -84,6 +84,7 @@ interface CreateProfileDialogProps {
groupId?: string;
extensionGroupId?: string;
ephemeral?: boolean;
dnsBlocklist?: string;
}) => Promise<void>;
selectedGroupId?: string;
crossOsUnlocked?: boolean;
@@ -124,6 +125,7 @@ export function CreateProfileDialog({
useState<BrowserTypeString | null>(null);
const [selectedProxyId, setSelectedProxyId] = useState<string>();
const [proxyPopoverOpen, setProxyPopoverOpen] = useState(false);
const [dnsBlocklist, setDnsBlocklist] = useState<string>("");
// Camoufox anti-detect states
const [camoufoxConfig, setCamoufoxConfig] = useState<CamoufoxConfig>(() => ({
@@ -395,6 +397,7 @@ export function CreateProfileDialog({
selectedGroupId !== "default" ? selectedGroupId : undefined,
extensionGroupId: selectedExtensionGroupId,
ephemeral,
dnsBlocklist: dnsBlocklist || undefined,
});
} else {
// Default to Camoufox
@@ -420,6 +423,7 @@ export function CreateProfileDialog({
selectedGroupId !== "default" ? selectedGroupId : undefined,
extensionGroupId: selectedExtensionGroupId,
ephemeral,
dnsBlocklist: dnsBlocklist || undefined,
});
}
} else {
@@ -443,6 +447,7 @@ export function CreateProfileDialog({
releaseType: bestVersion.releaseType,
proxyId: selectedProxyId,
groupId: selectedGroupId !== "default" ? selectedGroupId : undefined,
dnsBlocklist: dnsBlocklist || undefined,
});
}
@@ -1162,6 +1167,43 @@ export function CreateProfileDialog({
)}
</div>
{/* DNS Blocklist */}
<div className="space-y-2">
<Label>{t("dnsBlocklist.title")}</Label>
<Select
value={dnsBlocklist || "none"}
onValueChange={(val) => {
setDnsBlocklist(val === "none" ? "" : val);
}}
>
<SelectTrigger>
<SelectValue
placeholder={t("dnsBlocklist.none")}
/>
</SelectTrigger>
<SelectContent>
<SelectItem value="none">
{t("dnsBlocklist.none")}
</SelectItem>
<SelectItem value="light">
{t("dnsBlocklist.light")}
</SelectItem>
<SelectItem value="normal">
{t("dnsBlocklist.normal")}
</SelectItem>
<SelectItem value="pro">
{t("dnsBlocklist.pro")}
</SelectItem>
<SelectItem value="pro_plus">
{t("dnsBlocklist.proPlus")}
</SelectItem>
<SelectItem value="ultimate">
{t("dnsBlocklist.ultimate")}
</SelectItem>
</SelectContent>
</Select>
</div>
{/* Extension Group */}
{extensionGroups.length > 0 && (
<div className="space-y-2">
src/components/dns-blocklist-dialog.tsx
+147
View File
@@ -0,0 +1,147 @@
"use client";
import { invoke } from "@tauri-apps/api/core";
import { useCallback, useEffect, useState } from "react";
import { useTranslation } from "react-i18next";
import { LuRefreshCw } from "react-icons/lu";
import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button";
import {
Dialog,
DialogContent,
DialogHeader,
DialogTitle,
} from "@/components/ui/dialog";
interface BlocklistCacheStatus {
level: string;
display_name: string;
entry_count: number;
file_size_bytes: number;
last_updated: number | null;
is_fresh: boolean;
is_cached: boolean;
}
interface DnsBlocklistDialogProps {
isOpen: boolean;
onClose: () => void;
}
export function DnsBlocklistDialog({
isOpen,
onClose,
}: DnsBlocklistDialogProps) {
const { t } = useTranslation();
const [statuses, setStatuses] = useState<BlocklistCacheStatus[]>([]);
const [isRefreshing, setIsRefreshing] = useState(false);
const loadStatuses = useCallback(async () => {
try {
const result = await invoke<BlocklistCacheStatus[]>(
"get_dns_blocklist_cache_status",
);
setStatuses(result);
} catch (e) {
console.error("Failed to load blocklist status:", e);
}
}, []);
useEffect(() => {
if (isOpen) {
void loadStatuses();
}
}, [isOpen, loadStatuses]);
const handleRefreshAll = async () => {
setIsRefreshing(true);
try {
await invoke("refresh_dns_blocklists");
await loadStatuses();
} catch (e) {
console.error("Failed to refresh blocklists:", e);
} finally {
setIsRefreshing(false);
}
};
const formatSize = (bytes: number) => {
if (bytes < 1024) return `${bytes} B`;
if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
};
const formatDate = (timestamp: number | null) => {
if (!timestamp) return t("dnsBlocklist.notCached");
return new Date(timestamp * 1000).toLocaleString();
};
return (
<Dialog open={isOpen} onOpenChange={(open) => !open && onClose()}>
<DialogContent className="max-w-md">
<DialogHeader>
<DialogTitle>{t("dnsBlocklist.title")}</DialogTitle>
</DialogHeader>
<p className="text-sm text-muted-foreground">
{t("dnsBlocklist.settingsDescription")}
</p>
<div className="space-y-3">
{statuses.map((status) => (
<div
key={status.level}
className="flex items-center justify-between rounded-md border border-border p-3"
>
<div className="space-y-1">
<div className="flex items-center gap-2">
<span className="text-sm font-medium">
{status.display_name}
</span>
{status.is_cached ? (
status.is_fresh ? (
<Badge variant="default" className="text-[10px] px-1.5">
{t("dnsBlocklist.fresh")}
</Badge>
) : (
<Badge variant="secondary" className="text-[10px] px-1.5">
{t("dnsBlocklist.stale")}
</Badge>
)
) : (
<Badge
variant="outline"
className="text-[10px] px-1.5 text-muted-foreground"
>
{t("dnsBlocklist.notCached")}
</Badge>
)}
</div>
{status.is_cached && (
<div className="text-xs text-muted-foreground">
{status.entry_count.toLocaleString()}{" "}
{t("dnsBlocklist.domains")} &middot;{" "}
{formatSize(status.file_size_bytes)} &middot;{" "}
{formatDate(status.last_updated)}
</div>
)}
</div>
</div>
))}
</div>
<Button
onClick={handleRefreshAll}
disabled={isRefreshing}
variant="outline"
className="w-full"
>
<LuRefreshCw
className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
/>
{t("dnsBlocklist.refreshAll")}
</Button>
</DialogContent>
</Dialog>
);
}
src/components/profile-data-table.tsx
+14
View File
@@ -31,6 +31,7 @@ import {
import { DeleteConfirmationDialog } from "@/components/delete-confirmation-dialog";
import {
ProfileBypassRulesDialog,
ProfileDnsBlocklistDialog,
ProfileInfoDialog,
} from "@/components/profile-info-dialog";
import { Badge } from "@/components/ui/badge";
@@ -934,6 +935,8 @@ export function ProfilesDataTable({
React.useState<BrowserProfile | null>(null);
const [bypassRulesProfile, setBypassRulesProfile] =
React.useState<BrowserProfile | null>(null);
const [dnsBlocklistProfile, setDnsBlocklistProfile] =
React.useState<BrowserProfile | null>(null);
const [launchingProfiles, setLaunchingProfiles] = React.useState<Set<string>>(
new Set(),
);
@@ -2674,6 +2677,9 @@ export function ProfilesDataTable({
onOpenBypassRules={(profile) => {
setBypassRulesProfile(profile);
}}
onOpenDnsBlocklist={(profile) => {
setDnsBlocklistProfile(profile);
}}
onCloneProfile={onCloneProfile}
onLaunchWithSync={onLaunchWithSync}
onDeleteProfile={(profile) => {
@@ -2756,6 +2762,14 @@ export function ProfilesDataTable({
profileId={bypassRulesProfile?.id ?? null}
initialRules={bypassRulesProfile?.proxy_bypass_rules ?? []}
/>
<ProfileDnsBlocklistDialog
isOpen={dnsBlocklistProfile !== null}
onClose={() => {
setDnsBlocklistProfile(null);
}}
profileId={dnsBlocklistProfile?.id ?? null}
currentLevel={dnsBlocklistProfile?.dns_blocklist ?? null}
/>
</>
);
}
src/components/profile-info-dialog.tsx
+107 -3
View File
@@ -17,6 +17,7 @@ import {
LuPuzzle,
LuRefreshCw,
LuSettings,
LuShield,
LuShieldCheck,
LuTrash2,
LuUsers,
@@ -64,6 +65,7 @@ interface ProfileInfoDialogProps {
onOpenCookieManagement?: (profile: BrowserProfile) => void;
onAssignExtensionGroup?: (profileIds: string[]) => void;
onOpenBypassRules?: (profile: BrowserProfile) => void;
onOpenDnsBlocklist?: (profile: BrowserProfile) => void;
onCloneProfile?: (profile: BrowserProfile) => void;
onDeleteProfile?: (profile: BrowserProfile) => void;
onLaunchWithSync?: (profile: BrowserProfile) => void;
@@ -110,6 +112,7 @@ export function ProfileInfoDialog({
onOpenCookieManagement,
onAssignExtensionGroup,
onOpenBypassRules,
onOpenDnsBlocklist,
onCloneProfile,
onDeleteProfile,
onLaunchWithSync,
@@ -315,9 +318,8 @@ export function ProfileInfoDialog({
onClick: () => {
handleAction(() => onAssignExtensionGroup?.([profile.id]));
},
disabled: isDisabled || !crossOsUnlocked,
proBadge: !crossOsUnlocked,
runningBadge: isRunning && crossOsUnlocked,
disabled: isDisabled,
runningBadge: isRunning,
hidden: profile.ephemeral === true,
},
{
@@ -327,6 +329,13 @@ export function ProfileInfoDialog({
handleAction(() => onOpenBypassRules?.(profile));
},
},
{
icon: <LuShield className="w-4 h-4" />,
label: t("dnsBlocklist.title"),
onClick: () => {
handleAction(() => onOpenDnsBlocklist?.(profile));
},
},
{
icon: <LuTrash2 className="w-4 h-4" />,
label: t("profiles.actions.delete"),
@@ -455,6 +464,16 @@ export function ProfileInfoDialog({
: t("profileInfo.values.never")
}
/>
<InfoCard
label={t("dnsBlocklist.title")}
value={
profile.dns_blocklist
? t(
`dnsBlocklist.${profile.dns_blocklist === "pro_plus" ? "proPlus" : profile.dns_blocklist}`,
)
: t("dnsBlocklist.none")
}
/>
</div>
{/* Sync */}
@@ -563,6 +582,91 @@ export function ProfileInfoDialog({
);
}
interface ProfileDnsBlocklistDialogProps {
isOpen: boolean;
onClose: () => void;
profileId: string | null;
currentLevel: string | null;
}
export function ProfileDnsBlocklistDialog({
isOpen,
onClose,
profileId,
currentLevel,
}: ProfileDnsBlocklistDialogProps) {
const { t } = useTranslation();
const [level, setLevel] = React.useState(currentLevel ?? "");
const [isSaving, setIsSaving] = React.useState(false);
React.useEffect(() => {
if (isOpen) {
setLevel(currentLevel ?? "");
}
}, [isOpen, currentLevel]);
const handleSave = async () => {
if (!profileId) return;
setIsSaving(true);
try {
await invoke("update_profile_dns_blocklist", {
profileId,
dnsBlocklist: level || null,
});
onClose();
} catch (err) {
console.error("Failed to update DNS blocklist:", err);
} finally {
setIsSaving(false);
}
};
const options = [
{ value: "", label: t("dnsBlocklist.none") },
{ value: "light", label: t("dnsBlocklist.light") },
{ value: "normal", label: t("dnsBlocklist.normal") },
{ value: "pro", label: t("dnsBlocklist.pro") },
{ value: "pro_plus", label: t("dnsBlocklist.proPlus") },
{ value: "ultimate", label: t("dnsBlocklist.ultimate") },
];
return (
<Dialog open={isOpen} onOpenChange={(open) => !open && onClose()}>
<DialogContent className="max-w-xs">
<DialogHeader>
<DialogTitle>{t("dnsBlocklist.title")}</DialogTitle>
</DialogHeader>
<p className="text-xs text-muted-foreground">
{t("dnsBlocklist.settingsDescription")}
</p>
<div className="space-y-1">
{options.map((option) => (
<button
key={option.value}
type="button"
onClick={() => setLevel(option.value)}
className={`w-full text-left px-3 py-2 rounded-md text-sm transition-colors ${
level === option.value
? "bg-primary/10 text-primary border border-primary/30"
: "hover:bg-accent border border-transparent"
}`}
>
{option.label}
</button>
))}
</div>
<Button
onClick={() => void handleSave()}
disabled={isSaving || level === (currentLevel ?? "")}
className="w-full"
>
{t("common.save", "Save")}
</Button>
</DialogContent>
</Dialog>
);
}
interface ProfileBypassRulesDialogProps {
isOpen: boolean;
onClose: () => void;
src/components/settings-dialog.tsx
+531 -496
View File
File diff suppressed because it is too large Load Diff
src/components/theme-provider.tsx
+74 -43
View File
@@ -1,7 +1,13 @@
"use client";
import { ThemeProvider } from "next-themes";
import { useEffect, useState } from "react";
import {
createContext,
useCallback,
useContext,
useEffect,
useMemo,
useState,
} from "react";
import { applyThemeColors, clearThemeColors } from "@/lib/themes";
interface AppSettings {
@@ -10,43 +16,62 @@ interface AppSettings {
custom_theme?: Record<string, string>;
}
interface ThemeContextValue {
theme: string;
setTheme: (theme: string) => void;
}
const ThemeContext = createContext<ThemeContextValue>({
theme: "system",
setTheme: () => {},
});
export function useTheme() {
return useContext(ThemeContext);
}
interface CustomThemeProviderProps {
children: React.ReactNode;
}
function resolveSystemTheme(): "light" | "dark" {
if (typeof window === "undefined") return "dark";
return window.matchMedia("(prefers-color-scheme: dark)").matches
? "dark"
: "light";
}
function applyClassToHtml(theme: string) {
const resolved = theme === "system" ? resolveSystemTheme() : theme;
const root = document.documentElement;
root.classList.remove("light", "dark");
root.classList.add(resolved);
}
export function CustomThemeProvider({ children }: CustomThemeProviderProps) {
const [isLoading, setIsLoading] = useState(true);
const [defaultTheme, setDefaultTheme] = useState<string>("system");
const [_mounted, setMounted] = useState(false);
const [theme, setThemeState] = useState("system");
useEffect(() => {
setMounted(true);
const setTheme = useCallback((newTheme: string) => {
setThemeState(newTheme);
if (newTheme === "custom") {
applyClassToHtml("dark");
} else {
applyClassToHtml(newTheme);
}
}, []);
// Load initial theme from Tauri settings
useEffect(() => {
const loadTheme = async () => {
try {
// Lazy import to avoid pulling Tauri API on SSR
const { invoke } = await import("@tauri-apps/api/core");
const settings = await invoke<AppSettings>("get_app_settings");
const themeValue = settings?.theme ?? "system";
console.log("[theme-provider] Loaded settings:", {
theme: themeValue,
hasCustomTheme: !!settings?.custom_theme,
customThemeKeys: settings?.custom_theme
? Object.keys(settings.custom_theme).length
: 0,
});
if (
themeValue === "light" ||
themeValue === "dark" ||
themeValue === "system"
) {
setDefaultTheme(themeValue);
} else if (themeValue === "custom") {
setDefaultTheme("dark");
if (themeValue === "custom") {
setThemeState("custom");
applyClassToHtml("dark");
if (
settings.custom_theme &&
Object.keys(settings.custom_theme).length > 0
@@ -57,16 +82,22 @@ export function CustomThemeProvider({ children }: CustomThemeProviderProps) {
console.warn("Failed to apply custom theme variables:", error);
}
}
} else if (
themeValue === "light" ||
themeValue === "dark" ||
themeValue === "system"
) {
setThemeState(themeValue);
applyClassToHtml(themeValue);
} else {
setDefaultTheme("system");
applyClassToHtml("system");
}
} catch (error) {
// Failed to load settings; fall back to system (handled by next-themes)
console.warn(
"Failed to load theme settings; defaulting to system:",
error,
);
setDefaultTheme("system");
applyClassToHtml("system");
} finally {
setIsLoading(false);
}
@@ -75,44 +106,44 @@ export function CustomThemeProvider({ children }: CustomThemeProviderProps) {
void loadTheme();
}, []);
// Additional effect to ensure custom theme is applied after mount
// Re-apply custom theme after mount
useEffect(() => {
if (!isLoading && _mounted) {
if (!isLoading && theme === "custom") {
const reapplyCustomTheme = async () => {
try {
const { invoke } = await import("@tauri-apps/api/core");
const settings = await invoke<AppSettings>("get_app_settings");
if (settings?.theme === "custom" && settings.custom_theme) {
applyThemeColors(settings.custom_theme);
} else {
clearThemeColors();
}
} catch (error) {
console.warn("Failed to reapply custom theme:", error);
}
};
// Apply after a short delay to ensure CSS has loaded
setTimeout(() => {
void reapplyCustomTheme();
}, 100);
} else if (!isLoading) {
clearThemeColors();
}
}, [isLoading, _mounted]);
}, [isLoading, theme]);
// Listen for system theme changes when in "system" mode
useEffect(() => {
if (theme !== "system") return;
const mq = window.matchMedia("(prefers-color-scheme: dark)");
const handler = () => applyClassToHtml("system");
mq.addEventListener("change", handler);
return () => mq.removeEventListener("change", handler);
}, [theme]);
const value = useMemo(() => ({ theme, setTheme }), [theme, setTheme]);
if (isLoading) {
// Keep UI simple during initial settings load to avoid flicker
return null;
}
return (
<ThemeProvider
attribute="class"
defaultTheme={defaultTheme}
enableSystem={true}
disableTransitionOnChange={false}
>
{children}
</ThemeProvider>
<ThemeContext.Provider value={value}>{children}</ThemeContext.Provider>
);
}
src/components/traffic-details-dialog.tsx
+6 -1
View File
@@ -295,7 +295,12 @@ export function TrafficDetailsDialog({
</div>
<div className="h-[200px] w-full">
<ResponsiveContainer width="100%" height="100%">
<ResponsiveContainer
width="100%"
height="100%"
minWidth={1}
minHeight={1}
>
<AreaChart
data={chartData}
margin={{ top: 10, right: 10, bottom: 0, left: 0 }}
src/components/ui/chart.tsx
+1 -1
View File
@@ -67,7 +67,7 @@ const ChartContainer = React.forwardRef<
{...props}
>
<ChartStyle id={chartId} config={config} />
<RechartsPrimitive.ResponsiveContainer>
<RechartsPrimitive.ResponsiveContainer minWidth={1} minHeight={1}>
{children}
</RechartsPrimitive.ResponsiveContainer>
</div>
src/components/ui/sonner.tsx
+1 -1
View File
@@ -1,7 +1,7 @@
"use client";
import { useTheme } from "next-themes";
import { Toaster as Sonner, type ToasterProps } from "sonner";
import { useTheme } from "@/components/theme-provider";
const Toaster = ({ ...props }: ToasterProps) => {
const { theme = "system" } = useTheme();
src/i18n/locales/en.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "Cookie import is a Pro feature",
"cookieExportLocked": "Cookie export is a Pro feature",
"cookieManagementLocked": "Cookie management is a Pro feature"
},
"dnsBlocklist": {
"title": "DNS Blocklist",
"none": "None",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "DNS blocklists block ads, trackers, and malware domains at the proxy level. Lists are automatically refreshed every 12 hours.",
"manageLists": "Manage DNS Blocklists",
"refreshAll": "Refresh All Lists",
"refreshFailed": "Failed to refresh DNS blocklists",
"domains": "domains",
"fresh": "Fresh",
"stale": "Stale",
"notCached": "Not cached"
}
}
src/i18n/locales/es.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "La importación de cookies es una función Pro",
"cookieExportLocked": "La exportación de cookies es una función Pro",
"cookieManagementLocked": "La gestión de cookies es una función Pro"
},
"dnsBlocklist": {
"title": "Lista de bloqueo DNS",
"none": "Ninguno",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "Las listas de bloqueo DNS bloquean anuncios, rastreadores y dominios de malware a nivel de proxy. Las listas se actualizan automáticamente cada 12 horas.",
"manageLists": "Gestionar listas de bloqueo DNS",
"refreshAll": "Actualizar todas las listas",
"refreshFailed": "Error al actualizar las listas de bloqueo DNS",
"domains": "dominios",
"fresh": "Actualizado",
"stale": "Desactualizado",
"notCached": "Sin caché"
}
}
src/i18n/locales/fr.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "L'importation de cookies est une fonctionnalité Pro",
"cookieExportLocked": "L'exportation de cookies est une fonctionnalité Pro",
"cookieManagementLocked": "La gestion des cookies est une fonctionnalité Pro"
},
"dnsBlocklist": {
"title": "Liste de blocage DNS",
"none": "Aucun",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "Les listes de blocage DNS bloquent les publicités, les traqueurs et les domaines malveillants au niveau du proxy. Les listes sont automatiquement rafraîchies toutes les 12 heures.",
"manageLists": "Gérer les listes de blocage DNS",
"refreshAll": "Rafraîchir toutes les listes",
"refreshFailed": "Échec du rafraîchissement des listes de blocage DNS",
"domains": "domaines",
"fresh": "À jour",
"stale": "Obsolète",
"notCached": "Non mis en cache"
}
}
src/i18n/locales/ja.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "Cookieのインポートはプロ機能です",
"cookieExportLocked": "Cookieのエクスポートはプロ機能です",
"cookieManagementLocked": "Cookie管理はプロ機能です"
},
"dnsBlocklist": {
"title": "DNSブロックリスト",
"none": "なし",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "DNSブロックリストは、プロキシレベルで広告、トラッカー、マルウェアドメインをブロックします。リストは12時間ごとに自動的に更新されます。",
"manageLists": "DNSブロックリストを管理",
"refreshAll": "すべてのリストを更新",
"refreshFailed": "DNSブロックリストの更新に失敗しました",
"domains": "ドメイン",
"fresh": "最新",
"stale": "期限切れ",
"notCached": "キャッシュなし"
}
}
src/i18n/locales/pt.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "A importação de cookies é um recurso Pro",
"cookieExportLocked": "A exportação de cookies é um recurso Pro",
"cookieManagementLocked": "O gerenciamento de cookies é um recurso Pro"
},
"dnsBlocklist": {
"title": "Lista de bloqueio DNS",
"none": "Nenhum",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "As listas de bloqueio DNS bloqueiam anúncios, rastreadores e domínios de malware no nível do proxy. As listas são atualizadas automaticamente a cada 12 horas.",
"manageLists": "Gerenciar listas de bloqueio DNS",
"refreshAll": "Atualizar todas as listas",
"refreshFailed": "Falha ao atualizar as listas de bloqueio DNS",
"domains": "domínios",
"fresh": "Atualizado",
"stale": "Desatualizado",
"notCached": "Sem cache"
}
}
src/i18n/locales/ru.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "Импорт cookies — функция Pro",
"cookieExportLocked": "Экспорт cookies — функция Pro",
"cookieManagementLocked": "Управление cookies — функция Pro"
},
"dnsBlocklist": {
"title": "Список блокировки DNS",
"none": "Нет",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "Списки блокировки DNS блокируют рекламу, трекеры и вредоносные домены на уровне прокси. Списки автоматически обновляются каждые 12 часов.",
"manageLists": "Управление списками блокировки DNS",
"refreshAll": "Обновить все списки",
"refreshFailed": "Не удалось обновить списки блокировки DNS",
"domains": "доменов",
"fresh": "Актуальный",
"stale": "Устаревший",
"notCached": "Не кэшировано"
}
}
src/i18n/locales/zh.json
+17
View File
@@ -858,5 +858,22 @@
"cookieImportLocked": "Cookie 导入是 Pro 功能",
"cookieExportLocked": "Cookie 导出是 Pro 功能",
"cookieManagementLocked": "Cookie 管理是 Pro 功能"
},
"dnsBlocklist": {
"title": "DNS 拦截列表",
"none": "无",
"light": "Light",
"normal": "Normal",
"pro": "Pro",
"proPlus": "Pro++",
"ultimate": "Ultimate",
"settingsDescription": "DNS 拦截列表在代理级别拦截广告、跟踪器和恶意软件域名。列表每 12 小时自动刷新一次。",
"manageLists": "管理 DNS 拦截列表",
"refreshAll": "刷新所有列表",
"refreshFailed": "刷新 DNS 拦截列表失败",
"domains": "个域名",
"fresh": "最新",
"stale": "过期",
"notCached": "未缓存"
}
}
src/types.ts
+1
View File
@@ -35,6 +35,7 @@ export interface BrowserProfile {
proxy_bypass_rules?: string[];
created_by_id?: string;
created_by_email?: string;
dns_blocklist?: string;
}
export interface Extension {