replace doh-proxy with dnscrypt-proxy (#10, #33), also fix IPs in #30

URenko · May 7, 2019 · 2ab63f2 · 2ab63f2
1 parent 1a9a85d
commit 2ab63f2
Show file tree

Hide file tree

Showing 7 changed files with 686 additions and 287 deletions.
diff --git a/.gitignore b/.gitignore
@@ -107,4 +107,7 @@ python/
 CERT/
 hosts
 *.exe
-config.json
+config.json
+/dnscrypt/*
+!/dnscrypt/cloaking-rules.txt
+!/dnscrypt/dnscrypt-proxy.toml
diff --git a/accesser.py b/accesser.py
@@ -16,7 +16,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-__version__ = '0.6.1'
+__version__ = '0.6.2'
 
 import os, re, sys
 import random
@@ -106,8 +106,7 @@ def parse_host(self, forward=False):
                     host, port = path.split(':')
                     if '443' == port:
                         self.host = host
-                        with DNS_lock:
-                            self.remote_ip = DNSLookup(host)
+                        self.remote_ip = DNSquery(host)
                 if 'GET' == command:
                     self.http_redirect(path)
             elif 'POST' == command:
@@ -251,14 +250,6 @@ def shutdown(self):
     def server_close(self):
         self.server.server_close()
 
-def DNSLookup(name):
-    if name in DNScache:
-        return DNScache[name]
-    else:
-        res = DNSquery(name)
-        DNScache[name] = res
-        return res
-
 def update_checker():
     with request.urlopen('https://github.com/URenko/Accesser/releases/latest') as f:
         v2 = f.geturl().rsplit('/', maxsplit=1)[-1][1:].split('.')
@@ -276,21 +267,24 @@ def update_checker():
     if setting.config['webui']:
         webbrowser.open('http://localhost:7654/')
 
-    DNScache = setting.config['hosts'].copy()
-    DNS_lock = threading.Lock()
-    if setting.config['DNS']:
-        DNSresolver = Resolver(configure=False)
-        if 'SYSTEM' != setting.config['DNS'].upper():
-            DNSresolver.read_resolv_conf(setting.config['DNS'])
-        else:
-            if sys.platform == 'win32':
-                DNSresolver.read_registry()
-            else:
-                DNSresolver.read_resolv_conf('/etc/resolv.conf')
-        DNSquery = lambda x:DNSresolver.query(x, 'A')[0].to_text()
+    DNSresolver = Resolver(configure=False)
+    if not setting.config['DNS']['dnscrypt-proxy']:
+        DNSresolver.nameservers = [setting.config['DNS']['nameserver']]
+        DNSresolver.port = int(setting.config['DNS']['port'])
     else:
-        from utils import DoH
-        DNSquery = DoH.DNSquery
+        # Launch dnscrypt-proxy in the `./dnscrypt`.
+        # And use `127.0.0.1:53000` in default.
+        DNSresolver.nameservers = ['127.0.0.1']
+        DNSresolver.port = 53000
+        dnscrypt_dir = os.path.join(basepath, 'dnscrypt')
+        if hasattr(subprocess, 'STARTUPINFO'):
+            si = subprocess.STARTUPINFO()
+            si.dwFlags |= subprocess.STARTF_USESHOWWINDOW
+        else:
+            si = None
+        subprocess.Popen([os.path.join(dnscrypt_dir, 'dnscrypt-proxy'),'-child','-logfile','dnscrypt-proxy.log'], stdin=subprocess.PIPE, stderr=subprocess.PIPE \
+               , startupinfo=si, env=os.environ)
+    DNSquery = lambda x:DNSresolver.query(x, 'A')[0].to_text()
 
     importca.import_ca()
 
@@ -299,7 +293,4 @@ def update_checker():
     cert_lock = threading.Lock()
 
     threading.Thread(target=proxy.start, args=(setting.config['server']['address'],setting.config['server']['port'])).start()
-    if not setting.config['DNS']:
-        DoH.init().run_forever()
-    else:
-        asyncio.get_event_loop().run_forever()
+    asyncio.get_event_loop().run_forever()
diff --git a/config.json.default b/config.json.default
@@ -8,7 +8,11 @@
 	"port": 7655
   },
   "check_hostname": true,
-  "DNS": null,
+  "DNS": {
+    "dnscrypt-proxy": true,
+    "nameserver": "127.0.0.1",
+    "port": 53
+  },
   "webui": true,
   "http_redirect": {
     "pixiv.net/": "www.pixiv.net/",
@@ -21,113 +25,9 @@
     "sketch.pixiv.net": "pixivsketch.net",
 	"cdn1-smallimg.phncdn.com": "pabbp.com"
   },
-  "hosts": {
-    "www.instagram.com": "31.13.82.174",
-    "www.whatsapp.com": "157.240.22.53",
-    "static.whatsapp.net": "157.240.22.53",
-	"www.bbc.com": "151.101.8.81",
-	"fig.bbc.co.uk": "212.58.244.115",
-	"www.bbc.co.uk": "212.58.244.69",
-	"static.bbci.co.uk": "104.118.112.225",
-	"static.bbci.co.uk": "23.59.2.139",
-	"nav.files.bbci.co.uk": "104.76.83.32",
-	"ichef.bbci.co.uk": "23.42.122.193",
-	"m.files.bbci.co.uk": "23.73.186.251",
-	"feeds.bbci.co.uk": "104.124.234.244",
-	"mybbc.files.bbci.co.uk": "23.13.157.61",
-	"polling.bbc.co.uk": "23.66.206.133",
-	"search.files.bbci.co.uk": "104.72.213.225",
-	"a.files.bbci.co.uk": "95.101.92.111",
-	"gel.files.bbci.co.uk": "95.101.15.42",
-	"emp.bbc.com": "104.103.150.125",
-	"news.bbcimg.co.uk": "23.53.213.148",
-	"mybbc-analytics.files.bbci.co.uk": "23.201.173.230",
-	"ssl.bbc.co.uk": "212.58.244.114",
-    "push.api.bbci.co.uk": "54.72.23.188",
-    "search-suggest.api.bbci.co.uk": "52.17.153.208",
-    "ess.api.bbci.co.uk": "34.246.1.31",
-    "session.bbc.com": "212.58.249.134",
-    "account.bbc.com": "212.58.244.92",
-    "open.live.bbc.co.uk": "212.58.244.78",
-    "db.tt": "162.125.248.2",
-    "www.dropbox.com": "162.125.69.1",
-    "www.dualstack.dropbox-dns.com": "162.125.67.1",
-    "api.dropbox.com": "162.125.5.7",
-    "api.dualstack.dropbox-dns.com": "162.125.5.7",
-    "api.dropboxapi.com": "162.125.5.7",
-    "api-d.dropbox.com": "162.125.33.7",
-    "api.v.dropbox.com": "162.125.34.7",
-    "api-notify.dropbox.com": "162.125.34.7",
-    "aem.dropbox.com": "99.84.239.58",
-    "api-content.dropbox.com": "162.125.82.8",
-    "api-content-photos.dropbox.com": "162.125.82.5",
-    "blogs.dropbox.com": "13.35.8.95",
-    "block.dropbox.com": "162.125.17.132",
-    "block.v.dropbox.com": "162.125.17.5",
-    "bolt.dropbox.com": "162.125.18.133",
-    "client.dropbox.com": "162.125.65.3",
-    "client-cf.dropbox.com": "162.125.65.3",
-    "client.v.dropbox.com": "162.125.32.137",
-    "client-lb.dropbox.com": "162.125.80.3",
-    "client-web.dropbox.com": "162.125.80.3",
-    "d.dropbox.com": "162.125.32.135",
-    "d.v.dropbox.com": "162.125.32.135",
-    "dl.dropbox.com": "162.125.83.6",
-    "dl-web.dropbox.com": "162.125.83.6",
-    "dl-doc.dropbox.com": "162.125.83.6",
-    "dl-debug.dropbox.com": "54.236.121.227",
-    "forums.dropbox.com": "13.35.8.71",
-    "linux.dropbox.com": "13.35.99.72",
-    "m.dropbox.com": "162.125.80.2",
-    "marketing.dropbox.com": "54.230.173.117",
-    "photos.dropbox.com": "162.125.66.5",
-    "photos-1.dropbox.com": "162.125.83.5",
-    "photos-2.dropbox.com": "162.125.83.5",
-    "photos-3.dropbox.com": "162.125.83.5",
-    "photos-4.dropbox.com": "162.125.83.5",
-    "photos-5.dropbox.com": "162.125.83.5",
-    "photos-6.dropbox.com": "162.125.83.5",
-    "photos-thumb.dropbox.com": "162.125.83.5",
-    "photos-thumb.x.dropbox.com": "162.125.18.129",
-    "paper.dropbox.com": "54.153.81.237",
-    "status.dropbox.com": "54.230.173.90",
-    "snapengage.dropbox.com": "54.230.173.29",
-    "dl.dropboxusercontent.com": "162.125.7.6",
-    "www.dropboxstatic.com": "162.125.33.9",
-    "cfl.dropboxstatic.com": "104.16.100.29",
-    "cf.dropboxstatic.com": "54.230.175.68",
-    "dbxlocal.dropboxstatic.com": "162.125.33.9",
-    "log.getdropbox.com": "162.125.82.2",
-	"ci.phncdn.com": "152.195.33.132",
-	"cv.phncdn.com": "152.195.33.132",
-	"cs.phncdn.com": "152.195.33.132",
-	"di.phncdn.com": "205.185.208.142",
-	"ev.phncdn.com": "208.99.84.114",
-	"www.wikipedia.org": "198.35.26.96",
-	"zh.wikipedia.org": "198.35.26.96",
-	"en.wikipedia.org": "198.35.26.96",
-	"ja.wikipedia.org": "198.35.26.96",
-	"zh-yue.wikipedia.org": "198.35.26.96",
-	"gan.wikipedia.org": "198.35.26.96",
-	"wuu.wikipedia.org": "198.35.26.96",
-	"zh-min-nan.wikipedia.org": "198.35.26.96",
-	"cdo.wikipedia.org": "198.35.26.96",
-	"hak.wikipedia.org": "198.35.26.96",
-	"bo.wikipedia.org": "198.35.26.96",
-	"ug.wikipedia.org": "198.35.26.96",
-	"zh-classical.wikipedia.org": "198.35.26.96",
-	"es.wikipedia.org": "198.35.26.96",
-	"de.wikipedia.org": "198.35.26.96",
-	"ru.wikipedia.org": "198.35.26.96",
-	"fr.wikipedia.org": "198.35.26.96",
-	"it.wikipedia.org": "198.35.26.96",
-	"pt.wikipedia.org": "198.35.26.96",
-	"pl.wikipedia.org": "198.35.26.96"
-  },
-  "hosts_ipv6": {},
   "content_fix": {
     "accounts.pixiv.net": {
       "\"pixivAccount.captchaType\":\"KCaptcha\"": "\"pixivAccount.captchaType\":\"ReCaptcha\""
     }
   }
-}
+}
diff --git a/dnscrypt/cloaking-rules.txt b/dnscrypt/cloaking-rules.txt
@@ -0,0 +1,125 @@
+################################
+#        Cloaking rules        #
+################################
+
+# The following example rules force "safe" (without adult content) search
+# results from Google, Bing and YouTube.
+#
+# This has to be enabled with the `cloaking_rules` parameter in the main
+# configuration file
+
+
+www.google.*             forcesafesearch.google.com
+
+www.bing.com             strict.bing.com
+
+www.youtube.com          restrictmoderate.youtube.com
+m.youtube.com            restrictmoderate.youtube.com
+youtubei.googleapis.com  restrictmoderate.youtube.com
+youtube.googleapis.com   restrictmoderate.youtube.com
+www.youtube-nocookie.com restrictmoderate.youtube.com
+
+localhost                127.0.0.1
+localhost                ::1
+
+www.instagram.com        31.13.82.174
+www.whatsapp.com         157.240.22.53
+static.whatsapp.net      157.240.22.53
+www.bbc.com              151.101.8.81
+fig.bbc.co.uk            212.58.244.115
+www.bbc.co.uk            212.58.244.69
+static.bbci.co.uk        104.118.112.225
+static.bbci.co.uk        23.59.2.139
+nav.files.bbci.co.uk     104.76.83.32
+ichef.bbci.co.uk         23.42.122.193
+m.files.bbci.co.uk       23.73.186.251
+feeds.bbci.co.uk         125.56.212.236
+mybbc.files.bbci.co.uk   23.13.157.61
+polling.bbc.co.uk        23.66.206.133
+search.files.bbci.co.uk  104.72.213.225
+a.files.bbci.co.uk       95.101.92.111
+gel.files.bbci.co.uk     95.101.15.42
+emp.bbc.com              104.103.150.125
+news.bbcimg.co.uk        23.53.213.148
+mybbc-analytics.files.bbci.co.uk 23.201.173.230
+ssl.bbc.co.uk            212.58.244.114
+push.api.bbci.co.uk      54.72.23.188
+search-suggest.api.bbci.co.uk 52.31.189.25
+ess.api.bbci.co.uk       34.245.252.9
+session.bbc.com          212.58.249.134
+account.bbc.com          212.58.244.92
+open.live.bbc.co.uk      212.58.244.78
+db.tt                    162.125.248.2
+www.dropbox.com          162.125.69.1
+www.dualstack.dropbox-dns.com 162.125.67.1
+api.dropbox.com          162.125.5.7
+api.dualstack.dropbox-dns.com 162.125.5.7
+api.dropboxapi.com       162.125.5.7
+api-d.dropbox.com        162.125.33.7
+api.v.dropbox.com        162.125.34.7
+api-notify.dropbox.com   162.125.34.7
+aem.dropbox.com          99.84.239.58
+api-content.dropbox.com  162.125.82.8
+api-content-photos.dropbox.com 162.125.82.5
+blogs.dropbox.com        13.35.8.95
+block.dropbox.com        162.125.17.132
+block.v.dropbox.com      162.125.17.5
+bolt.dropbox.com         162.125.18.133
+client.dropbox.com       162.125.65.3
+client-cf.dropbox.com    162.125.65.3
+client.v.dropbox.com     162.125.32.137
+client-lb.dropbox.com    162.125.80.3
+client-web.dropbox.com   162.125.80.3
+d.dropbox.com            162.125.32.135
+d.v.dropbox.com          162.125.32.135
+dl.dropbox.com           162.125.83.6
+dl-web.dropbox.com       162.125.83.6
+dl-doc.dropbox.com       162.125.83.6
+dl-debug.dropbox.com     54.236.121.227
+forums.dropbox.com       13.35.8.71
+linux.dropbox.com        13.35.99.72
+m.dropbox.com            162.125.80.2
+marketing.dropbox.com    54.230.173.117
+photos.dropbox.com       162.125.66.5
+photos-1.dropbox.com     162.125.83.5
+photos-2.dropbox.com     162.125.83.5
+photos-3.dropbox.com     162.125.83.5
+photos-4.dropbox.com     162.125.83.5
+photos-5.dropbox.com     162.125.83.5
+photos-6.dropbox.com     162.125.83.5
+photos-thumb.dropbox.com 162.125.83.5
+photos-thumb.x.dropbox.com 162.125.18.129
+paper.dropbox.com        54.153.81.237
+status.dropbox.com       54.230.173.90
+snapengage.dropbox.com   54.230.173.29
+dl.dropboxusercontent.com 162.125.7.6
+www.dropboxstatic.com    162.125.33.9
+cfl.dropboxstatic.com    104.16.100.29
+cf.dropboxstatic.com     54.230.175.68
+dbxlocal.dropboxstatic.com 162.125.33.9
+log.getdropbox.com       162.125.82.2
+ci.phncdn.com            152.195.33.132
+cv.phncdn.com            152.195.33.132
+cs.phncdn.com            152.195.33.132
+di.phncdn.com            205.185.208.142
+ev.phncdn.com            208.99.84.114
+www.wikipedia.org        198.35.26.96
+zh.wikipedia.org         198.35.26.96
+en.wikipedia.org         198.35.26.96
+ja.wikipedia.org         198.35.26.96
+zh-yue.wikipedia.org     198.35.26.96
+gan.wikipedia.org        198.35.26.96
+wuu.wikipedia.org        198.35.26.96
+zh-min-nan.wikipedia.org 198.35.26.96
+cdo.wikipedia.org        198.35.26.96
+hak.wikipedia.org        198.35.26.96
+bo.wikipedia.org         198.35.26.96
+ug.wikipedia.org         198.35.26.96
+zh-classical.wikipedia.org 198.35.26.96
+es.wikipedia.org         198.35.26.96
+de.wikipedia.org         198.35.26.96
+ru.wikipedia.org         198.35.26.96
+fr.wikipedia.org         198.35.26.96
+it.wikipedia.org         198.35.26.96
+pt.wikipedia.org         198.35.26.96
+pl.wikipedia.org         198.35.26.96