feat: enable global wildcard proxying and enhance cloudflare-proxy with undici and fetch support

cloudflare-proxy.js

@@ -1,11 +1,14 @@
 /**
  * Cloudflare Proxy: Transparent Fix for Blocked Domains
  *
- * Patches https.request/http.request to redirect traffic for blocked hosts
- * through a Cloudflare Worker proxy.
+ * Patches https.request/http.request and undici/fetch to redirect traffic
+ * for blocked hosts through a Cloudflare Worker proxy.
  */
 "use strict";
 
+// Always log that we are loaded
+console.log("🦞 Cloudflare Proxy: Transparent redirector active");
+
 const https = require("https");
 const http = require("http");
 
@@ -18,10 +21,9 @@ if (
   PROXY_URL = `https://${PROXY_URL}`;
 }
 
-const DEBUG = process.env.CLOUDFLARE_PROXY_DEBUG === "true";
+const DEBUG = process.env.CLOUDFLARE_PROXY_DEBUG === "true" || true;
 const PROXY_SHARED_SECRET = (process.env.CLOUDFLARE_PROXY_SECRET || "").trim();
-// Default to wildcard mode so Google, WhatsApp, Telegram, Discord, and other
-// outbound integrations all work unless they are HF-internal hosts.
+// Default to wildcard mode to ensure all blocked external traffic is caught
 const PROXY_DOMAINS = process.env.CLOUDFLARE_PROXY_DOMAINS || "*";
 const BLOCKED_DOMAINS = PROXY_DOMAINS.split(",")
   .map((domain) => domain.trim())
@@ -127,19 +129,29 @@ if (PROXY_URL) {
     https.request = patch(originalHttpsRequest, "https");
     http.request = patch(originalHttpRequest, "http");
 
+    // Patch global fetch
     if (originalFetch) {
       globalThis.fetch = async function patchedFetch(input, init) {
         const request = input instanceof Request ? input : null;
-        const url =
-          request
-            ? new URL(request.url)
-            : input instanceof URL
-              ? input
-              : new URL(String(input));
+        const urlStr = request ? request.url : String(input);
+        
+        let url;
+        try {
+          url = new URL(urlStr);
+        } catch (e) {
+          return originalFetch(input, init);
+        }
 
         const hostname = url.hostname;
         const shouldProxy = shouldProxyHost(hostname);
-        const headers = new Headers(request ? request.headers : init?.headers || {});
+        
+        let headers;
+        if (request) {
+            headers = new Headers(request.headers);
+        } else {
+            headers = new Headers(init?.headers || {});
+        }
+
         const alreadyProxied =
           headers.has("x-target-host") || headers.has("X-Target-Host");
 
@@ -161,15 +173,14 @@ if (PROXY_URL) {
         const proxiedUrl = new URL(url.pathname + url.search, proxy);
 
         if (request) {
-          return originalFetch(
-            new Request(proxiedUrl, {
-              method: request.method,
-              headers,
-              body: request.body,
-              redirect: request.redirect,
-              duplex: "half",
-            }),
-          );
+          const newInit = {
+            method: request.method,
+            headers,
+            body: request.body,
+            redirect: request.redirect,
+            duplex: "half",
+          };
+          return originalFetch(new Request(proxiedUrl, newInit));
         }
 
         return originalFetch(proxiedUrl, {
@@ -179,23 +190,92 @@ if (PROXY_URL) {
       };
     }
 
-    if (DEBUG) {
-      if (PROXY_ALL) {
-        console.log(
-          "[cloudflare-proxy] Transparent proxy active in wildcard mode",
-        );
-      } else {
-        console.log(
-          `[cloudflare-proxy] Transparent proxy active for: ${BLOCKED_DOMAINS.join(", ")}`,
-        );
+    // Comprehensive undici patching via require interception
+    const Module = require("module");
+    const originalRequire = Module.prototype.require;
+    Module.prototype.require = function (id) {
+      const exports = originalRequire.apply(this, arguments);
+      if (id === "undici" || id.endsWith("/undici/index.js") || id.endsWith("/undici/lib/index.js")) {
+        // Patch undici.fetch
+        if (exports.fetch && !exports.fetch._patched) {
+          const origUndiciFetch = exports.fetch;
+          exports.fetch = async function (input, init) {
+            return globalThis.fetch(input, init);
+          };
+          exports.fetch._patched = true;
+          if (DEBUG) console.log("[cloudflare-proxy] Patched undici.fetch");
+        }
+        
+        // Patch undici.request
+        if (exports.request && !exports.request._patched) {
+           const origUndiciRequest = exports.request;
+           exports.request = async function(url, options) {
+               let parsedUrl;
+               try {
+                   parsedUrl = new URL(url);
+               } catch(e) {
+                   return origUndiciRequest.apply(this, arguments);
+               }
+               
+               if (shouldProxyHost(parsedUrl.hostname)) {
+                   if (DEBUG) console.log(`[cloudflare-proxy] Redirecting undici.request://${parsedUrl.hostname} -> ${proxy.hostname}`);
+                   const headers = options?.headers || {};
+                   headers["x-target-host"] = parsedUrl.hostname;
+                   if (PROXY_SHARED_SECRET) headers["x-proxy-key"] = PROXY_SHARED_SECRET;
+                   
+                   const proxiedUrl = new URL(parsedUrl.pathname + parsedUrl.search, proxy);
+                   return origUndiciRequest.call(this, proxiedUrl, {
+                       ...options,
+                       headers
+                   });
+               }
+               return origUndiciRequest.apply(this, arguments);
+           };
+           exports.request._patched = true;
+           if (DEBUG) console.log("[cloudflare-proxy] Patched undici.request");
+        }
+
+        // Patch undici.Dispatcher to catch low-level calls (Pool, Client, etc.)
+        if (exports.Dispatcher && exports.Dispatcher.prototype.dispatch && !exports.Dispatcher.prototype.dispatch._patched) {
+            const origDispatch = exports.Dispatcher.prototype.dispatch;
+            exports.Dispatcher.prototype.dispatch = function(options, handler) {
+                const origin = options.origin ? String(options.origin) : "";
+                let hostname = "";
+                try {
+                    hostname = new URL(origin).hostname;
+                } catch(e) {
+                    hostname = origin.split(':')[0];
+                }
+
+                if (shouldProxyHost(hostname)) {
+                    if (DEBUG) console.log(`[cloudflare-proxy] Redirecting undici dispatch: ${hostname}${options.path} -> ${proxy.hostname}`);
+                    
+                    if (Array.isArray(options.headers)) {
+                        options.headers.push("x-target-host", hostname);
+                        if (PROXY_SHARED_SECRET) options.headers.push("x-proxy-key", PROXY_SHARED_SECRET);
+                    } else {
+                        options.headers = options.headers || {};
+                        options.headers["x-target-host"] = hostname;
+                        if (PROXY_SHARED_SECRET) options.headers["x-proxy-key"] = PROXY_SHARED_SECRET;
+                    }
+                    
+                    options.origin = `https://${proxy.hostname}`;
+                }
+                return origDispatch.call(this, options, handler);
+            };
+            exports.Dispatcher.prototype.dispatch._patched = true;
+            if (DEBUG) console.log("[cloudflare-proxy] Patched undici.Dispatcher.prototype.dispatch");
+        }
       }
+      return exports;
+    };
+
+    if (DEBUG) {
       console.log(`[cloudflare-proxy] Target proxy: ${proxy.hostname}`);
+      console.log(`[cloudflare-proxy] Proxying: ${PROXY_ALL ? "ALL (except internal)" : BLOCKED_DOMAINS.join(", ")}`);
     }
   } catch (error) {
-    if (DEBUG) {
-      console.error(
-        `[cloudflare-proxy] Failed to initialize: ${error.message}`,
-      );
-    }
+    console.error(`[cloudflare-proxy] Failed to initialize: ${error.message}`);
   }
 }
+

start.sh

@@ -157,11 +157,13 @@ CLOUDFLARE_WORKERS_TOKEN="${CLOUDFLARE_WORKERS_TOKEN:-${CLOUDFLARE_API_TOKEN:-}}
 export CLOUDFLARE_WORKERS_TOKEN
 CF_PROXY_ENV_FILE="/tmp/huggingclaw-cloudflare-proxy.env"
 if [ -n "${CLOUDFLARE_WORKERS_TOKEN:-}" ] || [ -n "${CLOUDFLARE_PROXY_URL:-}" ]; then
-  export CLOUDFLARE_PROXY_DOMAINS="${CLOUDFLARE_PROXY_DOMAINS:-api.telegram.org,web.whatsapp.com}"
+  export CLOUDFLARE_PROXY_DOMAINS="${CLOUDFLARE_PROXY_DOMAINS:-*}"
+  export CLOUDFLARE_PROXY_DEBUG="${CLOUDFLARE_PROXY_DEBUG:-true}"
   echo "☁️ Preparing Cloudflare outbound proxy..."
   python3 /home/node/app/cloudflare-proxy-setup.py || true
   if [ -f "$CF_PROXY_ENV_FILE" ]; then
     . "$CF_PROXY_ENV_FILE"
+    echo "  ✅ Proxy environment loaded: ${CLOUDFLARE_PROXY_URL:-none}"
   fi
 fi
 
@@ -360,8 +362,8 @@ if [ -n "${TELEGRAM_BOT_TOKEN:-}" ]; then
     | .channels.telegram.botToken = $token
     | .channels.telegram.commands.native = false
     | .channels.telegram.timeoutSeconds = 60
-    | .channels.telegram.network.autoSelectFamily = false
-    | .channels.telegram.network.dnsResultOrder = "ipv4first"
+    # | .channels.telegram.network.autoSelectFamily = false
+    # | .channels.telegram.network.dnsResultOrder = "ipv4first"
     | .channels.telegram.retry = {
         "attempts": 5,
         "minDelayMs": 800,