From de3ba93a6196059c19a0468d1bba0769f810c0d2 Mon Sep 17 00:00:00 2001
From: OttoMao <ottomao@gmail.com>
Date: Thu, 22 Jan 2015 10:16:19 +0800
Subject: [PATCH] update https features

---
 CHANGELOG           |  7 +++++--
 README.md           |  4 ++--
 bin.js              | 23 ++++++++++-------------
 lib/rule_default.js | 17 +++++++++++------
 package.json        |  2 +-
 proxy.js            |  5 +++++
 6 files changed, 34 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1f4d51f..8e60dcd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,11 +1,14 @@
+22 Jan 2015: anyproxy 3.1.0:
+
+    * will NOT intercept https request by default. Use ``anyproxy --intercept`` to turn on this feature.
+
 12 Jan 2015: anyproxy 3.0.4:
 
     * show anyproxy version by --version
 
 12 Jan 2015: anyproxy 3.0.3:
 
-    * Bugfix: https throttle 
-
+    * Bugfix: https throttle
 
 9 Jan 2015: anyproxy 3.0.2:
 
diff --git a/README.md b/README.md
index 43419e8..e1573a8 100644
--- a/README.md
+++ b/README.md
@@ -81,8 +81,8 @@ After configuring rootCA, anyproxy could help to decrypt https requests, whose a
 * you should trust this rootCA on all of your clients.
 
 #### to intercept(decrypt) https requests
-* start your anyproxy as normal. When rootCA is generated, it will intercept all the https requests for you automatically.
-* if you get a warning like 'unsafe connection', please check if the root CA is correctly trusted .
+* start your anyproxy by ``anyproxy --intercept``. When rootCA exists, it will intercept(decrypt) all the https requests for you.
+* if you meet with a warning like 'unsafe connection', please check if the root CA is correctly trusted by your operation system.
 
 #### to start an https proxy
 * ``anyproxy --type https --host my.domain.com``
diff --git a/bin.js b/bin.js
index 43b5256..9b7f39b 100644
--- a/bin.js
+++ b/bin.js
@@ -6,7 +6,6 @@ var program     = require('commander'),
     fs          = require("fs"),
     packageInfo = require("./package.json");
 
-
 program
     .version(packageInfo.version)
     .option('-u, --host [value]', 'hostname for https proxy, localhost for default')
@@ -16,6 +15,7 @@ program
     .option('-r, --rule [value]', 'path for rule file,')
     .option('-g, --root [value]', 'generate root CA')
     .option('-l, --throttle [value]', 'throttle speed in kb/s (kbyte / sec)')
+    .option('-i, --intercept', 'intercept(decrypt) https requests when root CA exists')
     .option('-c, --clear', 'clear all the tmp certificates')
     .parse(process.argv);
 
@@ -46,16 +46,13 @@ if(program.clear){
     }
 
     new proxy.proxyServer({
-        type     : program.type,
-        port     : program.port,
-        hostname : program.host,
-        dbFile   : program.file,
-        throttle : program.throttle,
-        rule     : ruleModule,
-        disableWebInterface:false
+        type                : program.type,
+        port                : program.port,
+        hostname            : program.host,
+        dbFile              : program.file,
+        throttle            : program.throttle,
+        rule                : ruleModule,
+        disableWebInterface : false,    
+        interceptHttps      : program.intercept
     });
-}
-
-
-
-
+}
\ No newline at end of file
diff --git a/lib/rule_default.js b/lib/rule_default.js
index 09ee670..22169d1 100644
--- a/lib/rule_default.js
+++ b/lib/rule_default.js
@@ -1,10 +1,11 @@
-var isRootCAFileExists = require("./certMgr.js").isRootCAFileExists();
+var isRootCAFileExists = require("./certMgr.js").isRootCAFileExists(),
+    interceptFlag = false;
 
 module.exports = {
     summary:function(){
         var tip = "the default rule for anyproxy, support : CORS. ";
-        if(isRootCAFileExists){
-            tip += "\nRoot CA exists, will intercept all https requests.";
+        if(!isRootCAFileExists){
+            tip += "\nRoot CA does not exist, will not intercept any https requests.";
         }
         return tip;
     },
@@ -53,14 +54,14 @@ module.exports = {
     },
 
     shouldInterceptHttpsReq:function(req){
-        // return false;
-        return isRootCAFileExists;
+        return interceptFlag;
     },
 
     //[beta]
     //fetch entire traffic data
     fetchTrafficData: function(id,info){},
 
+    //[internal]
     customMenu:[
         {
             name    :"test",
@@ -69,7 +70,11 @@ module.exports = {
             name    :"second-test",
             handler :function(){}
         }
-    ]
+    ],
+
+    setInterceptFlag:function(flag){
+        interceptFlag = flag && isRootCAFileExists;
+    }
 
 };
 
diff --git a/package.json b/package.json
index 2902498..968034a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "anyproxy",
-  "version": "3.0.4",
+  "version": "3.1.0",
   "description": "A fully configurable proxy in NodeJS, which can handle HTTPS requests perfectly.",
   "main": "proxy.js",
   "bin": {
diff --git a/proxy.js b/proxy.js
index 291f6aa..9c6e414 100644
--- a/proxy.js
+++ b/proxy.js
@@ -60,6 +60,7 @@ try{
 //option.dbFile        : null(default)
 //option.throttle      : null(default) 
 //option.disableWebInterface
+//option.interceptHttps ,internal param for https
 function proxyServer(option){
     option = option || {};
 
@@ -79,6 +80,10 @@ function proxyServer(option){
         GLOBAL.recorder = new Recorder();
     }
 
+    if(!!option.interceptHttps){
+        default_rule.setInterceptFlag(true);
+    }
+
     if(option.throttle){
         console.log("throttle :" + option.throttle + "kb/s");
         GLOBAL._throttle = new ThrottleGroup({rate: 1024 * parseInt(option.throttle) }); // rate - byte/sec