Add home bypass mode for the Mac client

2026-05-19 13:47:53 +03:00
parent d02dbe10de
commit c6352d781f
10 changed files with 199 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -15,6 +15,8 @@ curl -fsSL https://git.dokops.ru/dokril/vpn-proxy/raw/branch/master/scripts/inst
 - UI: `http://127.0.0.1:3456`
 - HTTP/SOCKS proxy: `127.0.0.1:8080`

+В Mac UI есть **Домашний режим**. Когда он включён, приложения по-прежнему используют `127.0.0.1:8080`, но весь proxy-трафик идёт напрямую без VPN.
+
 Ручной запуск из checkout:

 ```bash
--- a/src/server/clientSettings.js
+++ b/src/server/clientSettings.js
@@ -0,0 +1,43 @@
+import fs from "node:fs";
+import path from "node:path";
+import { settings } from "./config.js";
+
+const DEFAULT_CLIENT_SETTINGS = {
+  homeBypassEnabled: false,
+};
+
+function readJson(filePath, fallback) {
+  try {
+    if (!fs.existsSync(filePath)) return fallback;
+    return JSON.parse(fs.readFileSync(filePath, "utf8"));
+  } catch {
+    return fallback;
+  }
+}
+
+function writeJson(filePath, value) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf8");
+}
+
+export function normalizeClientSettings(input = {}) {
+  return {
+    homeBypassEnabled: Boolean(input.homeBypassEnabled),
+  };
+}
+
+export function readClientSettings() {
+  return normalizeClientSettings({
+    ...DEFAULT_CLIENT_SETTINGS,
+    ...readJson(settings.clientSettingsPath, {}),
+  });
+}
+
+export function writeClientSettings(input) {
+  const normalized = normalizeClientSettings({
+    ...readClientSettings(),
+    ...(input && typeof input === "object" ? input : {}),
+  });
+  writeJson(settings.clientSettingsPath, normalized);
+  return normalized;
+}
--- a/src/server/config.js
+++ b/src/server/config.js
@@ -16,6 +16,7 @@ export const settings = {
  statePath: path.join(dataDir, "state.json"),
  customRulesPath: path.join(dataDir, "custom-rules.json"),
  customRuleSetsPath: path.join(dataDir, "custom-rule-sets.json"),
+  clientSettingsPath: path.join(dataDir, "client-settings.json"),
  devicesPath: path.join(dataDir, "devices.json"),
  deviceRulesPath: path.join(dataDir, "device-rules.json"),
  subscriptionCachePath: path.join(dataDir, "subscription-cache.json"),
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -17,6 +17,10 @@ import {
  readDeviceProfiles,
  writeDeviceProfiles,
 } from "./devices.js";
+import {
+  readClientSettings,
+  writeClientSettings,
+} from "./clientSettings.js";
 import { matchRoute, detectRuleConflicts } from "./routeMatcher.js";
 import { tcpPing, resolveHost } from "./ping.js";

@@ -602,6 +606,7 @@ function publicState() {
    proxyBindIp: settings.bindIp,
    tproxyPort: settings.appMode === "gateway" ? settings.tproxyPort : null,
    routingRuDirect: settings.routingRuDirect,
+    clientSettings: readClientSettings(),
    configExists: fs.existsSync(settings.configPath),
    singboxRunning: Boolean(singboxProcess),
    singboxStartedAt,
@@ -924,6 +929,33 @@ async function handleApi(req, res) {
    });
  }

+  if (req.method === "GET" && req.url === "/api/client-settings") {
+    return sendJson(res, 200, {
+      success: true,
+      clientSettings: readClientSettings(),
+    });
+  }
+
+  if (req.method === "PUT" && req.url === "/api/client-settings") {
+    const body = await readBody(req);
+    const clientSettings = writeClientSettings(body.clientSettings || body);
+    const prevState = readJson(settings.statePath, {});
+
+    if (
+      settings.appMode === "client" &&
+      prevState.selectedTag &&
+      readJson(settings.subscriptionCachePath, null)?.config
+    ) {
+      await applySelectedServer(prevState.selectedTag);
+    }
+
+    return sendJson(res, 200, {
+      success: true,
+      clientSettings,
+      singboxRunning: Boolean(singboxProcess),
+    });
+  }
+
  if (req.method === "GET" && req.url === "/api/rule-sets") {
    return sendJson(res, 200, {
      success: true,
--- a/src/server/singbox.js
+++ b/src/server/singbox.js
@@ -7,6 +7,7 @@ import {
  normalizeCidr,
  readDeviceProfiles,
 } from "./devices.js";
+import { readClientSettings } from "./clientSettings.js";

 const PROXY_TYPES = new Set([
  "vless",
@@ -259,7 +260,11 @@ export function buildGatewayConfig(

  const customRuleSets = readCustomRuleSets();
  const clientMode = settings.appMode === "client";
-  const proxyOnlyRules = [{ inbound: [MIXED_INBOUND], outbound: vpnOutbound.tag }];
+  const clientSettings = clientMode ? readClientSettings() : null;
+  const clientOutbound = clientSettings?.homeBypassEnabled
+    ? "direct"
+    : vpnOutbound.tag;
+  const proxyOnlyRules = [{ inbound: [MIXED_INBOUND], outbound: clientOutbound }];
  const inbounds = [
    ...(clientMode
      ? []
--- a/src/web/App.jsx
+++ b/src/web/App.jsx
@@ -33,6 +33,9 @@ function App() {
    proxyDefaultMode: 'vpn',
    devices: [],
  });
+  const [clientSettings, setClientSettings] = useState({
+    homeBypassEnabled: false,
+  });
  const [selectedTag, setSelectedTag] = useState('');
  const [pendingTag, setPendingTag] = useState('');
  const [busy, setBusy] = useState(false);
@@ -78,6 +81,7 @@ function App() {
      proxyDefaultMode: 'vpn',
      devices: data.devices || [],
    });
+    setClientSettings(data.clientSettings || { homeBypassEnabled: false });
    setSelectedTag((prev) => prev || data.selectedTag || '');
    setPendingTag((prev) => prev || data.selectedTag || '');
  }
@@ -261,6 +265,14 @@ function App() {
    saveDevicesConfig(nextConfig);
  }

+  async function saveClientSettings(nextSettings) {
+    return withBusy(null, async () => {
+      const data = await api.clientSettings.save(nextSettings);
+      setClientSettings(data.clientSettings || { homeBypassEnabled: false });
+      await loadState();
+    }, { quiet: true });
+  }
+
  // === Rules CRUD ===
  function emptyRule() {
    return {
@@ -404,6 +416,8 @@ function App() {
                servers={servers}
                pendingTag={pendingTag}
                setPendingTag={setPendingTag}
+                clientSettings={clientSettings}
+                onSaveClientSettings={saveClientSettings}
                onFetchSubscription={fetchSubscription}
                onApply={applyServer}
                onRestart={restartSingbox}
--- a/src/web/api.js
+++ b/src/web/api.js
@@ -44,6 +44,15 @@ export const api = {
      }),
  },

+  clientSettings: {
+    get: () => request("/api/client-settings"),
+    save: (clientSettings) =>
+      request("/api/client-settings", {
+        method: "PUT",
+        body: JSON.stringify({ clientSettings }),
+      }),
+  },
+
  ruleSets: {
    get: () => request("/api/rule-sets"),
    save: (ruleSets) =>
--- a/src/web/components/ClientOverviewPage.jsx
+++ b/src/web/components/ClientOverviewPage.jsx
@@ -25,6 +25,7 @@ function CopyField({ label, value }) {
 }

 function ClientHero({ state, status, activeServer }) {
+  const homeBypass = Boolean(state?.clientSettings?.homeBypassEnabled);
  const cfg = {
    running: {
      title: 'Локальный proxy работает',
@@ -57,6 +58,15 @@ function ClientHero({ state, status, activeServer }) {
      kind: 'neutral',
    },
  }[status] || {};
+  const view = homeBypass
+    ? {
+        ...cfg,
+        title: 'Домашний режим: VPN выключен',
+        hint: 'Локальный proxy работает напрямую',
+        badge: 'Напрямую',
+        kind: 'info',
+      }
+    : cfg;

  const userInfo = state?.userInfo;
  const traffic = userInfo
@@ -66,14 +76,14 @@ function ClientHero({ state, status, activeServer }) {
  return (
    <section className="client-hero">
      <div className="client-hero-main">
-        <span className={`badge ${cfg.kind}`}>{cfg.badge}</span>
-        <h1>{cfg.title}</h1>
-        <p>{cfg.hint}</p>
+        <span className={`badge ${view.kind}`}>{view.badge}</span>
+        <h1>{view.title}</h1>
+        <p>{view.hint}</p>
      </div>
      <div className="client-hero-meta">
        <div>
          <small className="muted">Активный сервер</small>
-          <strong>{activeServer ? `${flagFor(activeServer)} ${activeServer.tag}` : state?.selectedTag || 'Не выбран'}</strong>
+          <strong>{homeBypass ? 'Не используется дома' : activeServer ? `${flagFor(activeServer)} ${activeServer.tag}` : state?.selectedTag || 'Не выбран'}</strong>
        </div>
        <div>
          <small className="muted">Трафик</small>
@@ -101,6 +111,7 @@ function ClientSetup({
 }) {
  const selected = pendingTag || state?.selectedTag || '';
  const canApply = selected && selected !== state?.selectedTag;
+  const homeBypass = Boolean(state?.clientSettings?.homeBypassEnabled);

  return (
    <div className="card client-setup">
@@ -146,7 +157,9 @@ function ClientSetup({
          </button>
        </div>
        <small className="field-hint">
-          В Mac-клиенте весь трафик, который приложение отправит в proxy, идёт через выбранный VPN.
+          {homeBypass
+            ? 'Домашний режим включён: proxy-трафик сейчас идёт напрямую без VPN.'
+            : 'В Mac-клиенте весь трафик, который приложение отправит в proxy, идёт через выбранный VPN.'}
        </small>
      </div>
    </div>
@@ -174,12 +187,43 @@ function ProxyCard({ state }) {
  );
 }

+function HomeBypassCard({ settings, busy, onSave }) {
+  const enabled = Boolean(settings?.homeBypassEnabled);
+
+  return (
+    <div className="card">
+      <div className="card-header">
+        <h2>Домашний режим</h2>
+        <span className={`badge ${enabled ? 'info' : 'neutral'}`}>
+          {enabled ? 'Напрямую' : 'Через VPN'}
+        </span>
+      </div>
+      <p className="muted">
+        Включайте дома: приложения продолжают использовать <code>127.0.0.1:8080</code>, но VPN не используется.
+      </p>
+      <label className="switch-row">
+        <span>
+          <strong>Я дома</strong>
+          <small>{enabled ? 'Весь proxy-трафик идёт напрямую' : 'Весь proxy-трафик идёт через VPN'}</small>
+        </span>
+        <input
+          type="checkbox"
+          checked={enabled}
+          disabled={busy}
+          onChange={(e) => onSave({ ...settings, homeBypassEnabled: e.target.checked })}
+        />
+      </label>
+    </div>
+  );
+}
+
 function ClientFlow({ state, activeServer }) {
+  const homeBypass = Boolean(state?.clientSettings?.homeBypassEnabled);
  const steps = [
    { label: 'Mac', value: 'приложения' },
    { label: 'Локальный proxy', value: `127.0.0.1:${state?.proxyPort || 8080}` },
-    { label: 'VPN-сервер', value: activeServer?.tag || state?.selectedTag || 'не выбран' },
-    { label: 'Интернет', value: state?.singboxRunning ? 'через VPN' : 'ожидает' },
+    { label: homeBypass ? 'Домашняя сеть' : 'VPN-сервер', value: homeBypass ? 'напрямую' : activeServer?.tag || state?.selectedTag || 'не выбран' },
+    { label: 'Интернет', value: state?.singboxRunning ? homeBypass ? 'без VPN' : 'через VPN' : 'ожидает' },
  ];

  return (
@@ -222,6 +266,8 @@ export function ClientOverviewPage({
  servers,
  pendingTag,
  setPendingTag,
+  clientSettings,
+  onSaveClientSettings,
  onFetchSubscription,
  onApply,
  onRestart,
@@ -243,6 +289,9 @@ export function ClientOverviewPage({
      />
      <div className="grid-2">
        <ProxyCard state={state} />
+        <HomeBypassCard settings={clientSettings} busy={busy} onSave={onSaveClientSettings} />
+      </div>
+      <div className="grid-2">
        <ClientActions
          state={state}
          busy={busy}
--- a/src/web/styles.css
+++ b/src/web/styles.css
@@ -888,6 +888,28 @@ code, .mono {
  flex-direction: column;
  gap: var(--space-4);
 }
+.switch-row {
+  margin-top: var(--space-4);
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: var(--space-4);
+  padding: var(--space-3);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-input);
+  background: var(--surface-2);
+}
+.switch-row span {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+.switch-row input {
+  width: 44px;
+  height: 24px;
+  flex: 0 0 44px;
+  accent-color: var(--accent);
+}
 .copy-field {
  display: flex;
  align-items: center;
--- a/test/server/singbox-client-mode.test.js
+++ b/test/server/singbox-client-mode.test.js
@@ -45,3 +45,17 @@ test("client mode routes mixed proxy fallback to the selected VPN", () => {
    { inbound: ["mixed-in"], outbound: "test-vpn" },
  ]);
 });
+
+test("client home bypass routes the local proxy directly", () => {
+  fs.writeFileSync(
+    path.join(process.env.DATA_DIR, "client-settings.json"),
+    JSON.stringify({ homeBypassEnabled: true }),
+  );
+
+  const config = buildGatewayConfig(subscriptionConfig, "test-vpn");
+
+  assert.deepEqual(config.route.rule_set, []);
+  assert.deepEqual(config.route.rules, [
+    { inbound: ["mixed-in"], outbound: "direct" },
+  ]);
+});