@httptoolkit/httpolyglot 2.2.2 → 3.0.0

package/LICENSE

@@ -1,4 +1,7 @@
+MIT License
+
 Copyright 2014 Brian White. All rights reserved.
+Copyright (c) 2019-2025 HTTP Toolkit
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to

package/README.md

@@ -12,11 +12,13 @@ Forked from the original [`httpolyglot`](https://github.com/mscdex/httpolyglot)
 * Dropping support for very old versions of Node (and thereby simplifying the code somewhat)
 * Converting to TypeScript
 * Event subscription support (subscribe to `server.on(x, ...)` to hear about `x` from _all_ internal servers - HTTP/2, HTTP/1, TLS and net)
+* Adding support for SOCKS connections
+* Adding support for custom handling of unknown protocols
 
 Requirements
 ============
 
-* [node.js](http://nodejs.org/) -- v12.0.0 or newer
+* [node.js](http://nodejs.org/) -- v20 or newer
 
 
 Install
@@ -31,12 +33,14 @@ Examples
 * Simple usage:
 
 ```javascript
-const httpolyglot = require('@httptoolkit/httpolyglot');
-const fs = require('fs');
+import * as httpolyglot from '@httptoolkit/httpolyglot';
+import * as fs from 'fs';
 
 httpolyglot.createServer({
-  key: fs.readFileSync('server.key'),
-  cert: fs.readFileSync('server.crt')
+  tls: {
+    key: fs.readFileSync('server.key'),
+    cert: fs.readFileSync('server.crt')
+  }
 }, function(req, res) {
   res.writeHead(200, { 'Content-Type': 'text/plain' });
   res.end((req.socket.encrypted ? 'HTTPS' : 'HTTP') + ' Connection!');
@@ -49,12 +53,14 @@ httpolyglot.createServer({
 * Simple redirect of all http connections to https:
 
 ```javascript
-const httpolyglot = require('@httptoolkit/httpolyglot');
-const fs = require('fs');
+import * as httpolyglot from '@httptoolkit/httpolyglot';
+import * as fs from 'fs';
 
 httpolyglot.createServer({
-  key: fs.readFileSync('server.key'),
-  cert: fs.readFileSync('server.crt')
+  tls: {
+    key: fs.readFileSync('server.key'),
+    cert: fs.readFileSync('server.crt')
+  }
 }, function(req, res) {
   if (!req.socket.encrypted) {
     res.writeHead(301, { 'Location': 'https://localhost:9000' });
@@ -72,14 +78,17 @@ httpolyglot.createServer({
 API
 ===
 
-Exports
--------
+* **createServer**([< _object_ >config, ]< _function_ >requestListener) - _Server_ - Creates and returns a new Server instance.
+
+If no config is provided, this server handles HTTP/1 & HTTP/2 in plain text on the same port.
 
-* **Server** - A class similar to https.Server (except instances have `setTimeout()` from http.Server).
+If a config is provided, it can contain:
 
-* **createServer**(< _object_ >tlsConfig[, < _function_ >requestListener]) - _Server_ - Creates and returns a new Server instance.
+- `tls` - Either TLS configuration options for [`tls.createServer`](https://nodejs.org/api/tls.html#tlscreateserveroptions-secureconnectionlistener), or an existing `tls.Server` instance. Setting this option enables TLS, so that HTTP/1 & HTTP/2 are accepted over both plain-text & encrypted (HTTPS) connections on the same port. If configuration options are provided, Httpolyglot will handle TLS automatically. If a server is provided, the connection will be passed to it (by emitting the `connection` event) and Httpolyglot will wait for the server to emit `secureConnection` (the default TLS server event) to handle the content within.
+- `socks` - A `net.Server` instance, which will handle any incoming SOCKS connections. If this is provided, SOCKSv4 and SOCKSv5 connections will be emitted as `connection` events on this server. If not, all SOCKS connections will be treated like any other unknown protocol.
+- `unknownProtocol` - A `net.Server` instance, which will handle any unknown protocols. If this is provided, unrecognized protocols will be emitted as `connection` events on this server. If it's not provided, these connections will be passed to the HTTP server by default, which will typically result in a `clientError` event and a 400 HTTP response being sent to the client.
 
 How it Works
 ============
 
-TLS and HTTP connections are easy to distinguish based on the first byte sent by clients trying to connect. See [this comment](https://github.com/mscdex/httpolyglot/issues/3#issuecomment-173680155) for more information.
+TLS, HTTP, HTTP/2, SOCKS and other connections are easy to distinguish based on the first byte sent by clients trying to connect. See [this comment](https://github.com/mscdex/httpolyglot/issues/3#issuecomment-173680155) for more information.

package/dist/index.d.ts

@@ -2,61 +2,59 @@
 /// <reference types="node" />
 /// <reference types="node" />
 /// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
 import * as net from 'net';
 import * as tls from 'tls';
 import * as http from 'http';
 import * as https from 'https';
-declare module 'net' {
-    interface Socket {
-        /**
-         * Only preserved for types backward compat - always undefined in new releases.
-         *
-         * @deprecated
-         */
-        __httpPeekedData?: Buffer;
-    }
-}
-export declare class Server extends net.Server {
-    private _httpServer;
-    private _http2Server;
-    private _tlsServer;
+export interface HttpolyglotOptions {
     /**
-     * Create an Httpolyglot instance with just a request listener to support plain-text
-     * HTTP & HTTP/2 on the same port, with incoming TLS connections being closed immediately.
+     * Enable support for incoming TLS connections. If a TLS configuration is provided, this will
+     * be used to instantiate a TLS server to handle the connections. If a TLS server is provided,
+     * then all incoming TLS connections will be emitted as 'connection' events on the given
+     * TLS server, and all 'secureConnection' events coming from the TLS server will be handled
+     * according to the connection type detected on that socket.
      */
-    constructor(requestListener: http.RequestListener);
+    tls?: https.ServerOptions | tls.Server;
     /**
-     * Call with a full TLS configuration to create a TLS+HTTP+HTTP/2 server, which can
-     * support all protocols on the same port.
+     * A SOCKS server instance. This will allow incoming SOCKS connections, which will
+     * be emitted as 'connection' events on this server.
      */
-    constructor(config: https.ServerOptions, requestListener: http.RequestListener);
+    socks?: net.Server;
     /**
-     * Pass an existing TLS server, instead of TLS configuration, to create a TLS+HTTP+HTTP/2
-     * server. All incoming TLS requests will be emitted as 'connection' events on the given
-     * TLS server, and all 'secureConnection' events coming from the TLS server will be
-     * handled according to the connection type detected on that socket.
+     * A custom handler for unknown protocols. If provided, any unrecognized protocol sockets will
+     * be emitted on this server as 'connection' events. If not provided, the default behavior is to
+     * pass the socket to the HTTP server, which will typically reject the connection as
+     * unparseable, with a 400 response.
      */
-    constructor(tlsServer: tls.Server, requestListener: http.RequestListener);
+    unknownProtocol?: net.Server;
+}
+declare class Server extends net.Server {
+    private _httpServer;
+    private _http2Server;
+    private _tlsServer;
+    private _socksHandler;
+    private _unknownProtocolHandler;
+    constructor(config: HttpolyglotOptions, requestListener: http.RequestListener);
     private connectionListener;
     private tlsListener;
     private http2Listener;
 }
+export type { Server };
 /**
  * Create an Httpolyglot instance with just a request listener to support plain-text
  * HTTP & HTTP/2 on the same port, with incoming TLS connections being closed immediately.
  */
 export declare function createServer(requestListener: http.RequestListener): Server;
 /**
- * Create an instance with a full TLS configuration to create a TLS+HTTP+HTTP/2 server, which can
- * support all protocols on the same port.
+ * Create an Httpolyglot server with advanced configuration, to enable TLS and/or SOCKS
+ * connections containing HTTP, accepting all protocols on the same port.
+ *
+ * The options can contain:
+ * - `tls`: A TLS configuration object, or an existing TLS server. If a TLS server is provided,
+ *   all incoming TLS connections will be emitted as 'connection' events on the given TLS server,
+ *   and all 'secureConnection' events coming from the TLS server will be handled according to
+ *   the connection type (HTTP/1 or HTTP/2) detected on that socket.
+ * - `socks`: A SOCKS server instance. This will allow incoming SOCKS connections, which will
+ *   be emitted as 'connection' events on this server.
  */
-export declare function createServer(tlsConfig: https.ServerOptions, requestListener: http.RequestListener): Server;
-/**
-* Create an instance around an existing TLS server, instead of TLS configuration, to create a
-* TLS+HTTP+HTTP/2 server with custom TLS handling. All incoming TLS requests will be emitted as
-* 'connection' events on the given TLS server, and all 'secureConnection' events coming from the
-* TLS server will be handled according to the connection type detected on that socket.
-*/
-export declare function createServer(tlsServer: tls.Server, requestListener: http.RequestListener): Server;
+export declare function createServer(config: HttpolyglotOptions, requestListener: http.RequestListener): Server;

package/dist/index.js

@@ -1,61 +1,99 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createServer = exports.Server = void 0;
+exports.createServer = void 0;
 const net = require("net");
 const tls = require("tls");
 const http = require("http");
 const http2 = require("http2");
 const events_1 = require("events");
+// 0x16 first byte is very unlikely to be a false positive as TLS is so widely used & intermediated
+const isTls = (data) => data[0] === 0x16; // SSLv3+ or TLS handshake
+// H2 hello is effectively guaranteed not to be a false positive, as it's very so specific, but we
+// need to wait for the full message to confirm this.
+const HTTP2_PREFACE = Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n');
+const couldBeHttp2 = (data) => data[0] === HTTP2_PREFACE[0];
+const isHttp2 = (data) => data.subarray(0, HTTP2_PREFACE.length).equals(HTTP2_PREFACE);
+const H1_METHOD_PREFIXES = http.METHODS.map(m => m + ' ');
+const H1_LONGEST_PREFIX = Math.max(...H1_METHOD_PREFIXES.map(m => m.length));
+const couldBeHttp1 = (initialData) => {
+    const initialString = initialData.subarray(0, H1_LONGEST_PREFIX).toString('utf8');
+    for (let method of H1_METHOD_PREFIXES) {
+        const comparisonLength = Math.min(method.length, initialString.length);
+        if (initialString.slice(0, comparisonLength) === method.slice(0, comparisonLength)) {
+            return true;
+        }
+    }
+    return false;
+};
+// [0x4, 0x1|0x2] for SOCKS v4 seems fairly reliable. Some other protocols (Cassandra's CQL) use
+// the first byte for versions similarly, but shouldn't conflict in practice AFAICT, and no
+// other popular protocols actively match 0x4 that I can see.
+const isSocksV4 = (data) => {
+    return data[0] === 0x04 && // Start of SOCKS v4 client hello
+        (data.byteLength > 1 && (data[1] === 0x1 || data[1] === 0x2)); // Any command sent is valid
+};
+// [0x5, len, len-bytes-of-auth-methods]. 0x5 doesn't have any visible conflicts either, and
+// using len as a max-expected-length check should keep that fairly tight too.
+const isSocksV5 = (data) => {
+    return data[0] === 0x05 && // Start of SOCKS v5 client hello
+        (data.byteLength > 1 && // If auth method length is present, it's non-zero and could match
+            data[1] > 0 && // (i.e. message isn't longer than it should be)
+            data.byteLength <= 2 + data[1]);
+};
+const isSocks = (data) => isSocksV4(data) || isSocksV5(data);
 function onError(err) { }
-const TLS_HANDSHAKE_BYTE = 0x16; // SSLv3+ or TLS handshake
-const HTTP2_PREFACE = 'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n';
-const HTTP2_PREFACE_BUFFER = Buffer.from(HTTP2_PREFACE);
-const NODE_MAJOR_VERSION = parseInt(process.version.slice(1).split('.')[0], 10);
 class Server extends net.Server {
-    constructor(configOrServerOrListener, listener) {
+    _httpServer;
+    _http2Server;
+    _tlsServer;
+    _socksHandler;
+    _unknownProtocolHandler;
+    constructor(configOrListener, listener) {
         // We just act as a plain TCP server, accepting and examing
         // each connection, then passing it to the right subserver.
         super((socket) => this.connectionListener(socket));
-        let tlsConfig;
-        let tlsServer;
+        let config = {};
         let requestListener;
-        if (typeof configOrServerOrListener === 'function') {
-            requestListener = configOrServerOrListener;
-            tlsConfig = undefined;
-        }
-        else if (configOrServerOrListener instanceof tls.Server) {
-            tlsServer = configOrServerOrListener;
-            requestListener = listener;
+        if (typeof configOrListener === 'function') {
+            requestListener = configOrListener;
         }
         else {
-            tlsConfig = configOrServerOrListener;
+            config = configOrListener;
             requestListener = listener;
         }
         // We bind the request listener, so 'this' always refers to us, not each subserver.
         // This means 'this' is consistent (and this.close() works).
-        // Use `Function.prototype.bind` directly as frameworks like Express generate 
+        // Use `Function.prototype.bind` directly as frameworks like Express generate
         // methods from `http.METHODS`, and `BIND` is an included HTTP method.
         const boundListener = Function.prototype.bind.call(requestListener, this);
         // Create subservers for each supported protocol:
         this._httpServer = new http.Server(boundListener);
         this._http2Server = http2.createServer({}, boundListener);
-        if (tlsServer) {
-            // If we've been given a preconfigured TLS server, we use that directly, and
-            // subscribe to connections there
-            this._tlsServer = tlsServer;
-            this._tlsServer.on('secureConnection', this.tlsListener.bind(this));
-        }
-        else if (typeof tlsConfig === 'object') {
-            // If we have TLS config, create a TLS server, which will pass sockets to
-            // the relevant subserver once the TLS connection is set up.
-            this._tlsServer = new tls.Server(tlsConfig, this.tlsListener.bind(this));
+        if (config.tls) {
+            if (config.tls instanceof tls.Server) {
+                // If we've been given a preconfigured TLS server, we use that directly, and
+                // subscribe to connections there
+                this._tlsServer = config.tls;
+                this._tlsServer.on('secureConnection', this.tlsListener.bind(this));
+            }
+            else {
+                // If we have TLS config, create a TLS server, which will pass sockets to
+                // the relevant subserver once the TLS connection is set up.
+                this._tlsServer = new tls.Server(config.tls, this.tlsListener.bind(this));
+            }
         }
         else {
-            // Fake server that rejects all connections:
+            // Fake TLS server that rejects all connections:
             this._tlsServer = new events_1.EventEmitter();
             this._tlsServer.on('connection', (socket) => socket.destroy());
         }
+        this._socksHandler = config.socks;
+        this._unknownProtocolHandler = config.unknownProtocol;
         const subServers = [this._httpServer, this._http2Server, this._tlsServer];
+        if (this._socksHandler)
+            subServers.push(this._socksHandler);
+        if (this._unknownProtocolHandler)
+            subServers.push(this._unknownProtocolHandler);
         // Proxy all event listeners setup onto the subservers, so any
         // subscriptions on this server are fed from all the subservers
         this.on('newListener', function (eventName, listener) {
@@ -81,21 +119,28 @@ class Server extends net.Server {
         else {
             socket.removeListener('error', onError);
             // Put the peeked data back into the socket
-            const firstByte = data[0];
             socket.unshift(data);
             // Pass the socket to the correct subserver:
-            if (firstByte === TLS_HANDSHAKE_BYTE) {
+            if (isTls(data)) {
                 // TLS sockets don't allow half open
                 socket.allowHalfOpen = false;
                 this._tlsServer.emit('connection', socket);
             }
+            else if (this._socksHandler && isSocks(data)) {
+                this._socksHandler.emit('connection', socket);
+            }
             else {
-                if (firstByte === HTTP2_PREFACE_BUFFER[0]) {
+                if (couldBeHttp2(data)) {
                     // The connection _might_ be HTTP/2. To confirm, we need to keep
                     // reading until we get the whole stream:
                     this.http2Listener(socket);
                 }
+                else if (this._unknownProtocolHandler && !couldBeHttp1(data)) {
+                    this._unknownProtocolHandler.emit('connection', socket);
+                }
                 else {
+                    // We pass everything else to the HTTP server, which can handle requests
+                    // and/or reject unparseable client-error connections as it sees fit.
                     this._httpServer.emit('connection', socket);
                 }
             }
@@ -117,22 +162,15 @@ class Server extends net.Server {
         const h2Server = this._http2Server;
         const newData = socket.read() || Buffer.from([]);
         const data = pastData ? Buffer.concat([pastData, newData]) : newData;
-        if (data.length >= HTTP2_PREFACE_BUFFER.length) {
+        if (data.length >= HTTP2_PREFACE.length) {
             socket.unshift(data);
-            if (data.slice(0, HTTP2_PREFACE_BUFFER.length).equals(HTTP2_PREFACE_BUFFER)) {
+            if (isHttp2(data)) {
                 // We have a full match for the preface - it's definitely HTTP/2.
                 // For HTTP/2 we hit issues when passing non-socket streams (like H2 streams for proxying H2-over-H2).
-                if (NODE_MAJOR_VERSION <= 12) {
-                    // For Node 12 and older, we need a (later deprecated) stream wrapper:
-                    const StreamWrapper = require('_stream_wrap');
-                    socket = new StreamWrapper(socket);
-                }
-                else {
-                    // For newer node, we can fix this with a quick patch here:
-                    const socketWithInternals = socket;
-                    if (socketWithInternals._handle) {
-                        socketWithInternals._handle.isStreamBase = false;
-                    }
+                // Setting isStreamBase to false is an effective workaround for this in Node 14+
+                const socketWithInternals = socket;
+                if (socketWithInternals._handle) {
+                    socketWithInternals._handle.isStreamBase = false;
                 }
                 h2Server.emit('connection', socket);
                 return;
@@ -142,7 +180,7 @@ class Server extends net.Server {
                 return;
             }
         }
-        else if (!data.equals(HTTP2_PREFACE_BUFFER.slice(0, data.length))) {
+        else if (!data.equals(HTTP2_PREFACE.slice(0, data.length))) {
             socket.unshift(data);
             // Haven't finished the preface length, but something doesn't match already
             h1Server.emit('connection', socket);
@@ -156,9 +194,18 @@ class Server extends net.Server {
         });
     }
 }
-exports.Server = Server;
-function createServer(configOrServerOrListener, listener) {
-    return new Server(configOrServerOrListener, listener);
+function createServer(configOrListener, listener) {
+    let config;
+    let requestListener;
+    if (typeof configOrListener === 'function') {
+        config = {};
+        requestListener = configOrListener;
+    }
+    else {
+        config = configOrListener;
+        requestListener = listener;
+    }
+    return new Server(config, requestListener);
 }
 exports.createServer = createServer;
 ;

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,2BAA2B;AAC3B,2BAA2B;AAC3B,6BAA6B;AAE7B,+BAA+B;AAE/B,mCAAsC;AAatC,SAAS,OAAO,CAAC,GAAQ,IAAG,CAAC;AAE7B,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,0BAA0B;AAC3D,MAAM,aAAa,GAAG,kCAAkC,CAAC;AACzD,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AAExD,MAAM,kBAAkB,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAIhF,MAAa,MAAO,SAAQ,GAAG,CAAC,MAAM;IAuBpC,YACE,wBAGwB,EACxB,QAA+B;QAE/B,2DAA2D;QAC3D,2DAA2D;QAC3D,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,IAAI,SAA0C,CAAC;QAC/C,IAAI,SAAiC,CAAC;QACtC,IAAI,eAAqC,CAAC;QAE1C,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE;YAClD,eAAe,GAAG,wBAAwB,CAAC;YAC3C,SAAS,GAAG,SAAS,CAAC;SACvB;aAAM,IAAI,wBAAwB,YAAY,GAAG,CAAC,MAAM,EAAE;YACzD,SAAS,GAAG,wBAAwB,CAAC;YACrC,eAAe,GAAG,QAAS,CAAC;SAC7B;aAAM;YACL,SAAS,GAAG,wBAAwB,CAAC;YACrC,eAAe,GAAG,QAAS,CAAC;SAC7B;QAED,mFAAmF;QACnF,4DAA4D;QAC5D,8EAA8E;QAC9E,sEAAsE;QACtE,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;QAE1E,iDAAiD;QACjD,IAAI,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,aAAqC,CAAC,CAAC;QAElF,IAAI,SAAS,EAAE;YACb,4EAA4E;YAC5E,iCAAiC;YACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;YAC5B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,yEAAyE;YACzE,4DAA4D;YAC5D,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;SAC1E;aAAM;YACL,4CAA4C;YAC5C,IAAI,CAAC,UAAU,GAAG,IAAI,qBAAY,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;SAChE;QAED,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAE1E,8DAA8D;QAC9D,+DAA+D;QAC/D,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,SAAS,EAAE,QAAQ;YAClD,UAAU,CAAC,OAAO,CAAC,UAAU,SAAS;gBACpC,SAAS,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,gBAAgB,EAAE,UAAU,SAAS,EAAE,QAAQ;YACrD,UAAU,CAAC,OAAO,CAAC,UAAU,SAAS;gBACpC,SAAS,CAAC,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAChD,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,kBAAkB,CAAC,MAAkB;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE3B,IAAI,IAAI,KAAK,IAAI,EAAE;YACjB,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAE5B,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE;gBAC3B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;SACJ;aAAM;YACL,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAExC,2CAA2C;YAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAErB,4CAA4C;YAC5C,IAAI,SAAS,KAAK,kBAAkB,EAAE;gBACpC,oCAAoC;gBACpC,MAAM,CAAC,aAAa,GAAG,KAAK,CAAC;gBAC7B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;aAC5C;iBAAM;gBACL,IAAI,SAAS,KAAK,oBAAoB,CAAC,CAAC,CAAC,EAAE;oBACzC,gEAAgE;oBAChE,yCAAyC;oBACzC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;iBAC5B;qBAAM;oBACL,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;iBAC7C;aACF;SACF;IACH,CAAC;IAEO,WAAW,CAAC,SAAwB;QAC1C,IACE,SAAS,CAAC,YAAY,KAAK,KAAK,IAAI,sBAAsB;YAC1D,SAAS,CAAC,YAAY,KAAK,UAAU,IAAI,8BAA8B;YACvE,SAAS,CAAC,YAAY,KAAK,UAAU,CAAC,8CAA8C;UACpF;YACA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;SAChD;aAAM;YACL,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;SACjD;IACH,CAAC;IAEO,aAAa,CAAC,MAAkB,EAAE,QAAiB;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC;QAEnC,MAAM,OAAO,GAAW,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAErE,IAAI,IAAI,CAAC,MAAM,IAAI,oBAAoB,CAAC,MAAM,EAAE;YAC9C,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE;gBAC3E,iEAAiE;gBAEjE,sGAAsG;gBACtG,IAAI,kBAAkB,IAAI,EAAE,EAAE;oBAC5B,sEAAsE;oBACtE,MAAM,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC9C,MAAM,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;iBACpC;qBAAM;oBACL,2DAA2D;oBAC3D,MAAM,mBAAmB,GAAG,MAAkD,CAAC;oBAC/E,IAAI,mBAAmB,CAAC,OAAO,EAAE;wBAC/B,mBAAmB,CAAC,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC;qBAClD;iBACF;gBAED,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBACpC,OAAO;aACR;iBAAM;gBACL,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBACpC,OAAO;aACR;SACF;aAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE;YACnE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrB,2EAA2E;YAC3E,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACpC,OAAO;SACR;QAED,oEAAoE;QACpE,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAtLD,wBAsLC;AAmBD,SAAgB,YAAY,CAAC,wBAGf,EACZ,QAA+B;IAE/B,OAAO,IAAI,MAAM,CAAC,wBAA+B,EAAE,QAAe,CAAC,CAAC;AACtE,CAAC;AAPD,oCAOC;AAAA,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,2BAA2B;AAC3B,2BAA2B;AAC3B,6BAA6B;AAE7B,+BAA+B;AAE/B,mCAAsC;AAGtC,mGAAmG;AACnG,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,0BAA0B;AAE5E,kGAAkG;AAClG,qDAAqD;AACrD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;AACtE,MAAM,YAAY,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;AACpE,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;AAE/F,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AAC1D,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7E,MAAM,YAAY,GAAG,CAAC,WAAmB,EAAE,EAAE;IACzC,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClF,KAAK,IAAI,MAAM,IAAI,kBAAkB,EAAE;QACnC,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QACvE,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE;YAChF,OAAO,IAAI,CAAC;SACf;KACJ;IACD,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,gGAAgG;AAChG,2FAA2F;AAC3F,6DAA6D;AAC7D,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,EAAE;IACjC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,iCAAiC;QAC1D,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,4BAA4B;AAC/F,CAAC,CAAA;AACD,4FAA4F;AAC5F,8EAA8E;AAC9E,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,EAAE;IACjC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,iCAAiC;QAC1D,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,IAAI,kEAAkE;YACtF,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAS,gDAAgD;YACpE,IAAI,CAAC,UAAU,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CACjC,CAAC;AACN,CAAC,CAAA;AACD,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC;AAErE,SAAS,OAAO,CAAC,GAAQ,IAAG,CAAC;AA6B7B,MAAM,MAAO,SAAQ,GAAG,CAAC,MAAM;IAErB,WAAW,CAAc;IACzB,YAAY,CAAoB;IAChC,UAAU,CAAe;IACzB,aAAa,CAA2B;IACxC,uBAAuB,CAA2B;IAG1D,YACE,gBAEwB,EACxB,QAA+B;QAE/B,2DAA2D;QAC3D,2DAA2D;QAC3D,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,IAAI,MAAM,GAAuB,EAAE,CAAC;QACpC,IAAI,eAAqC,CAAC;QAE1C,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE;YAC1C,eAAe,GAAG,gBAAgB,CAAC;SACpC;aAAM;YACL,MAAM,GAAG,gBAAgB,CAAC;YAC1B,eAAe,GAAG,QAAS,CAAC;SAC7B;QAED,mFAAmF;QACnF,4DAA4D;QAC5D,6EAA6E;QAC7E,sEAAsE;QACtE,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;QAE1E,iDAAiD;QACjD,IAAI,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,aAAqC,CAAC,CAAC;QAElF,IAAI,MAAM,CAAC,GAAG,EAAE;YACd,IAAI,MAAM,CAAC,GAAG,YAAY,GAAG,CAAC,MAAM,EAAE;gBACpC,4EAA4E;gBAC5E,iCAAiC;gBACjC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC;gBAC7B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aACrE;iBAAM;gBACL,yEAAyE;gBACzE,4DAA4D;gBAC5D,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC3E;SACF;aAAM;YACL,gDAAgD;YAChD,IAAI,CAAC,UAAU,GAAG,IAAI,qBAAY,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;SAChE;QAED,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC;QAClC,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,eAAe,CAAC;QAEtD,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1E,IAAI,IAAI,CAAC,aAAa;YAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAI,IAAI,CAAC,uBAAuB;YAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAEhF,8DAA8D;QAC9D,+DAA+D;QAC/D,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,SAAS,EAAE,QAAQ;YAClD,UAAU,CAAC,OAAO,CAAC,UAAU,SAAS;gBACpC,SAAS,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,gBAAgB,EAAE,UAAU,SAAS,EAAE,QAAQ;YACrD,UAAU,CAAC,OAAO,CAAC,UAAU,SAAS;gBACpC,SAAS,CAAC,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAChD,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,kBAAkB,CAAC,MAAkB;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE3B,IAAI,IAAI,KAAK,IAAI,EAAE;YACjB,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAE5B,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE;gBAC3B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;SACJ;aAAM;YACL,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAExC,2CAA2C;YAC3C,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAErB,4CAA4C;YAC5C,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE;gBACf,oCAAoC;gBACpC,MAAM,CAAC,aAAa,GAAG,KAAK,CAAC;gBAC7B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;aAC5C;iBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC9C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;aAC/C;iBAAM;gBACL,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE;oBACtB,gEAAgE;oBAChE,yCAAyC;oBACzC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;iBAC5B;qBAAM,IAAI,IAAI,CAAC,uBAAuB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE;oBAC9D,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;iBACzD;qBAAM;oBACL,wEAAwE;oBACxE,qEAAqE;oBACrE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;iBAC7C;aACF;SACF;IACH,CAAC;IAEO,WAAW,CAAC,SAAwB;QAC1C,IACE,SAAS,CAAC,YAAY,KAAK,KAAK,IAAI,sBAAsB;YAC1D,SAAS,CAAC,YAAY,KAAK,UAAU,IAAI,8BAA8B;YACvE,SAAS,CAAC,YAAY,KAAK,UAAU,CAAC,8CAA8C;UACpF;YACA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;SAChD;aAAM;YACL,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;SACjD;IACH,CAAC;IAEO,aAAa,CAAC,MAAkB,EAAE,QAAiB;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC;QAEnC,MAAM,OAAO,GAAW,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAErE,IAAI,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE;YACvC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrB,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE;gBACjB,iEAAiE;gBAEjE,sGAAsG;gBACtG,gFAAgF;gBAChF,MAAM,mBAAmB,GAAG,MAAkD,CAAC;gBAC/E,IAAI,mBAAmB,CAAC,OAAO,EAAE;oBAC/B,mBAAmB,CAAC,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC;iBAClD;gBAED,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBACpC,OAAO;aACR;iBAAM;gBACL,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBACpC,OAAO;aACR;SACF;aAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE;YAC5D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrB,2EAA2E;YAC3E,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACpC,OAAO;SACR;QAED,oEAAoE;QACpE,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAsBD,SAAgB,YAAY,CAAC,gBAEL,EACtB,QAA+B;IAE/B,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAE1C,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE;QAC1C,MAAM,GAAG,EAAE,CAAA;QACX,eAAe,GAAG,gBAAgB,CAAC;KACpC;SAAM;QACL,MAAM,GAAG,gBAAgB,CAAC;QAC1B,eAAe,GAAG,QAAS,CAAC;KAC7B;IAED,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAC7C,CAAC;AAjBD,oCAiBC;AAAA,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@httptoolkit/httpolyglot",
-  "version": "2.2.2",
-  "author": "Tim Perry <pimterry@gmail.com>",
+  "version": "3.0.0",
+  "author": "Tim Perry <tim@httptoolkit.com>",
   "description": "Serve http and https connections over the same port with node.js",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,7 +17,7 @@
     "test": "mocha -r ts-node/register 'test/**/*.spec.ts'"
   },
   "engines": {
-    "node": ">=12.0.0"
+    "node": ">=20.0.0"
   },
   "keywords": [
     "http",
@@ -26,12 +26,7 @@
     "multiplex",
     "polyglot"
   ],
-  "licenses": [
-    {
-      "type": "MIT",
-      "url": "http://github.com/httptoolkit/httpolyglot/raw/master/LICENSE"
-    }
-  ],
+  "license": "MIT",
   "repository": {
     "type": "git",
     "url": "http://github.com/httptoolkit/httpolyglot.git"
@@ -45,6 +40,7 @@
     "chai": "^4.3.4",
     "mocha": "^9.1.1",
     "rimraf": "^3.0.2",
+    "socks": "^2.8.4",
     "ts-node": "^10.2.1",
     "typescript": "^4.4.2"
   }

package/src/index.ts

@@ -6,54 +6,88 @@ import * as http2 from 'http2';
 
 import { EventEmitter } from 'events';
 
-declare module 'net' {
-  interface Socket {
-    /**
-     * Only preserved for types backward compat - always undefined in new releases.
-     *
-     * @deprecated
-     */
-    __httpPeekedData?: Buffer;
-  }
-}
 
-function onError(err: any) {}
+// 0x16 first byte is very unlikely to be a false positive as TLS is so widely used & intermediated
+const isTls = (data: Buffer) => data[0] === 0x16; // SSLv3+ or TLS handshake
 
-const TLS_HANDSHAKE_BYTE = 0x16; // SSLv3+ or TLS handshake
-const HTTP2_PREFACE = 'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n';
-const HTTP2_PREFACE_BUFFER = Buffer.from(HTTP2_PREFACE);
+// H2 hello is effectively guaranteed not to be a false positive, as it's very so specific, but we
+// need to wait for the full message to confirm this.
+const HTTP2_PREFACE = Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n');
+const couldBeHttp2 = (data: Buffer) => data[0] === HTTP2_PREFACE[0];
+const isHttp2 = (data: Buffer) => data.subarray(0, HTTP2_PREFACE.length).equals(HTTP2_PREFACE);
 
-const NODE_MAJOR_VERSION = parseInt(process.version.slice(1).split('.')[0], 10);
+const H1_METHOD_PREFIXES = http.METHODS.map(m => m + ' ');
+const H1_LONGEST_PREFIX = Math.max(...H1_METHOD_PREFIXES.map(m => m.length));
+const couldBeHttp1 = (initialData: Buffer) => {
+    const initialString = initialData.subarray(0, H1_LONGEST_PREFIX).toString('utf8');
+    for (let method of H1_METHOD_PREFIXES) {
+        const comparisonLength = Math.min(method.length, initialString.length);
+        if (initialString.slice(0, comparisonLength) === method.slice(0, comparisonLength)) {
+            return true;
+        }
+    }
+    return false;
+};
 
-type Http2Listener = (request: http2.Http2ServerRequest, response: http2.Http2ServerResponse) => void;
+// [0x4, 0x1|0x2] for SOCKS v4 seems fairly reliable. Some other protocols (Cassandra's CQL) use
+// the first byte for versions similarly, but shouldn't conflict in practice AFAICT, and no
+// other popular protocols actively match 0x4 that I can see.
+const isSocksV4 = (data: Buffer) => {
+  return data[0] === 0x04 && // Start of SOCKS v4 client hello
+    (data.byteLength > 1 && (data[1] === 0x1 || data[1] === 0x2)); // Any command sent is valid
+}
+// [0x5, len, len-bytes-of-auth-methods]. 0x5 doesn't have any visible conflicts either, and
+// using len as a max-expected-length check should keep that fairly tight too.
+const isSocksV5 = (data: Buffer) => {
+  return data[0] === 0x05 && // Start of SOCKS v5 client hello
+    (data.byteLength > 1 && // If auth method length is present, it's non-zero and could match
+        data[1] > 0 &&      // (i.e. message isn't longer than it should be)
+        data.byteLength <= 2 + data[1]
+    );
+}
+const isSocks = (data: Buffer) => isSocksV4(data) || isSocksV5(data);
 
-export class Server extends net.Server {
+function onError(err: any) {}
 
-  private _httpServer: http.Server;
-  private _http2Server: http2.Http2Server;
-  private _tlsServer: EventEmitter;
+type Http2Listener = (request: http2.Http2ServerRequest, response: http2.Http2ServerResponse) => void;
 
+export interface HttpolyglotOptions {
   /**
-   * Create an Httpolyglot instance with just a request listener to support plain-text
-   * HTTP & HTTP/2 on the same port, with incoming TLS connections being closed immediately.
+   * Enable support for incoming TLS connections. If a TLS configuration is provided, this will
+   * be used to instantiate a TLS server to handle the connections. If a TLS server is provided,
+   * then all incoming TLS connections will be emitted as 'connection' events on the given
+   * TLS server, and all 'secureConnection' events coming from the TLS server will be handled
+   * according to the connection type detected on that socket.
    */
-  constructor(requestListener: http.RequestListener);
+  tls?: https.ServerOptions | tls.Server;
+
   /**
-   * Call with a full TLS configuration to create a TLS+HTTP+HTTP/2 server, which can
-   * support all protocols on the same port.
+   * A SOCKS server instance. This will allow incoming SOCKS connections, which will
+   * be emitted as 'connection' events on this server.
    */
-  constructor(config: https.ServerOptions, requestListener: http.RequestListener);
+  socks?: net.Server;
+
   /**
-   * Pass an existing TLS server, instead of TLS configuration, to create a TLS+HTTP+HTTP/2
-   * server. All incoming TLS requests will be emitted as 'connection' events on the given
-   * TLS server, and all 'secureConnection' events coming from the TLS server will be
-   * handled according to the connection type detected on that socket.
+   * A custom handler for unknown protocols. If provided, any unrecognized protocol sockets will
+   * be emitted on this server as 'connection' events. If not provided, the default behavior is to
+   * pass the socket to the HTTP server, which will typically reject the connection as
+   * unparseable, with a 400 response.
    */
-  constructor(tlsServer: tls.Server, requestListener: http.RequestListener);
+  unknownProtocol?: net.Server;
+}
+
+class Server extends net.Server {
+
+  private _httpServer: http.Server;
+  private _http2Server: http2.Http2Server;
+  private _tlsServer: EventEmitter;
+  private _socksHandler: EventEmitter | undefined;
+  private _unknownProtocolHandler: EventEmitter | undefined;
+
+  constructor(config: HttpolyglotOptions, requestListener: http.RequestListener);
   constructor(
-    configOrServerOrListener:
-      | https.ServerOptions
-      | tls.Server
+    configOrListener:
+      | HttpolyglotOptions
       | http.RequestListener,
     listener?: http.RequestListener
   ) {
@@ -61,24 +95,19 @@ export class Server extends net.Server {
     // each connection, then passing it to the right subserver.
     super((socket) => this.connectionListener(socket));
 
-    let tlsConfig: https.ServerOptions | undefined;
-    let tlsServer: tls.Server | undefined;
+    let config: HttpolyglotOptions = {};
     let requestListener: http.RequestListener;
 
-    if (typeof configOrServerOrListener === 'function') {
-      requestListener = configOrServerOrListener;
-      tlsConfig = undefined;
-    } else if (configOrServerOrListener instanceof tls.Server) {
-      tlsServer = configOrServerOrListener;
-      requestListener = listener!;
+    if (typeof configOrListener === 'function') {
+      requestListener = configOrListener;
     } else {
-      tlsConfig = configOrServerOrListener;
+      config = configOrListener;
       requestListener = listener!;
     }
 
     // We bind the request listener, so 'this' always refers to us, not each subserver.
     // This means 'this' is consistent (and this.close() works).
-    // Use `Function.prototype.bind` directly as frameworks like Express generate 
+    // Use `Function.prototype.bind` directly as frameworks like Express generate
     // methods from `http.METHODS`, and `BIND` is an included HTTP method.
     const boundListener = Function.prototype.bind.call(requestListener, this);
 
@@ -86,22 +115,29 @@ export class Server extends net.Server {
     this._httpServer = new http.Server(boundListener);
     this._http2Server = http2.createServer({}, boundListener as any as Http2Listener);
 
-    if (tlsServer) {
-      // If we've been given a preconfigured TLS server, we use that directly, and
-      // subscribe to connections there
-      this._tlsServer = tlsServer;
-      this._tlsServer.on('secureConnection', this.tlsListener.bind(this));
-    } else if (typeof tlsConfig === 'object') {
-      // If we have TLS config, create a TLS server, which will pass sockets to
-      // the relevant subserver once the TLS connection is set up.
-      this._tlsServer = new tls.Server(tlsConfig, this.tlsListener.bind(this));
+    if (config.tls) {
+      if (config.tls instanceof tls.Server) {
+        // If we've been given a preconfigured TLS server, we use that directly, and
+        // subscribe to connections there
+        this._tlsServer = config.tls;
+        this._tlsServer.on('secureConnection', this.tlsListener.bind(this));
+      } else {
+        // If we have TLS config, create a TLS server, which will pass sockets to
+        // the relevant subserver once the TLS connection is set up.
+        this._tlsServer = new tls.Server(config.tls, this.tlsListener.bind(this));
+      }
     } else {
-      // Fake server that rejects all connections:
+      // Fake TLS server that rejects all connections:
       this._tlsServer = new EventEmitter();
       this._tlsServer.on('connection', (socket) => socket.destroy());
     }
 
+    this._socksHandler = config.socks;
+    this._unknownProtocolHandler = config.unknownProtocol;
+
     const subServers = [this._httpServer, this._http2Server, this._tlsServer];
+    if (this._socksHandler) subServers.push(this._socksHandler);
+    if (this._unknownProtocolHandler) subServers.push(this._unknownProtocolHandler);
 
     // Proxy all event listeners setup onto the subservers, so any
     // subscriptions on this server are fed from all the subservers
@@ -132,20 +168,25 @@ export class Server extends net.Server {
       socket.removeListener('error', onError);
 
       // Put the peeked data back into the socket
-      const firstByte = data[0];
       socket.unshift(data);
 
       // Pass the socket to the correct subserver:
-      if (firstByte === TLS_HANDSHAKE_BYTE) {
+      if (isTls(data)) {
         // TLS sockets don't allow half open
         socket.allowHalfOpen = false;
         this._tlsServer.emit('connection', socket);
+      } else if (this._socksHandler && isSocks(data)) {
+        this._socksHandler.emit('connection', socket);
       } else {
-        if (firstByte === HTTP2_PREFACE_BUFFER[0]) {
+        if (couldBeHttp2(data)) {
           // The connection _might_ be HTTP/2. To confirm, we need to keep
           // reading until we get the whole stream:
           this.http2Listener(socket);
+        } else if (this._unknownProtocolHandler && !couldBeHttp1(data)) {
+          this._unknownProtocolHandler.emit('connection', socket);
         } else {
+          // We pass everything else to the HTTP server, which can handle requests
+          // and/or reject unparseable client-error connections as it sees fit.
           this._httpServer.emit('connection', socket);
         }
       }
@@ -171,22 +212,16 @@ export class Server extends net.Server {
     const newData: Buffer = socket.read() || Buffer.from([]);
     const data = pastData ? Buffer.concat([pastData, newData]) : newData;
 
-    if (data.length >= HTTP2_PREFACE_BUFFER.length) {
+    if (data.length >= HTTP2_PREFACE.length) {
       socket.unshift(data);
-      if (data.slice(0, HTTP2_PREFACE_BUFFER.length).equals(HTTP2_PREFACE_BUFFER)) {
+      if (isHttp2(data)) {
         // We have a full match for the preface - it's definitely HTTP/2.
 
         // For HTTP/2 we hit issues when passing non-socket streams (like H2 streams for proxying H2-over-H2).
-        if (NODE_MAJOR_VERSION <= 12) {
-          // For Node 12 and older, we need a (later deprecated) stream wrapper:
-          const StreamWrapper = require('_stream_wrap');
-          socket = new StreamWrapper(socket);
-        } else {
-          // For newer node, we can fix this with a quick patch here:
-          const socketWithInternals = socket as { _handle?: { isStreamBase?: boolean } };
-          if (socketWithInternals._handle) {
-            socketWithInternals._handle.isStreamBase = false;
-          }
+        // Setting isStreamBase to false is an effective workaround for this in Node 14+
+        const socketWithInternals = socket as { _handle?: { isStreamBase?: boolean } };
+        if (socketWithInternals._handle) {
+          socketWithInternals._handle.isStreamBase = false;
         }
 
         h2Server.emit('connection', socket);
@@ -195,7 +230,7 @@ export class Server extends net.Server {
         h1Server.emit('connection', socket);
         return;
       }
-    } else if (!data.equals(HTTP2_PREFACE_BUFFER.slice(0, data.length))) {
+    } else if (!data.equals(HTTP2_PREFACE.slice(0, data.length))) {
       socket.unshift(data);
       // Haven't finished the preface length, but something doesn't match already
       h1Server.emit('connection', socket);
@@ -211,28 +246,41 @@ export class Server extends net.Server {
   }
 }
 
+export type { Server };
+
 /**
  * Create an Httpolyglot instance with just a request listener to support plain-text
  * HTTP & HTTP/2 on the same port, with incoming TLS connections being closed immediately.
  */
 export function createServer(requestListener: http.RequestListener): Server;
 /**
- * Create an instance with a full TLS configuration to create a TLS+HTTP+HTTP/2 server, which can
- * support all protocols on the same port.
+ * Create an Httpolyglot server with advanced configuration, to enable TLS and/or SOCKS
+ * connections containing HTTP, accepting all protocols on the same port.
+ *
+ * The options can contain:
+ * - `tls`: A TLS configuration object, or an existing TLS server. If a TLS server is provided,
+ *   all incoming TLS connections will be emitted as 'connection' events on the given TLS server,
+ *   and all 'secureConnection' events coming from the TLS server will be handled according to
+ *   the connection type (HTTP/1 or HTTP/2) detected on that socket.
+ * - `socks`: A SOCKS server instance. This will allow incoming SOCKS connections, which will
+ *   be emitted as 'connection' events on this server.
  */
-export function createServer(tlsConfig: https.ServerOptions, requestListener: http.RequestListener): Server;
-/**
-* Create an instance around an existing TLS server, instead of TLS configuration, to create a
-* TLS+HTTP+HTTP/2 server with custom TLS handling. All incoming TLS requests will be emitted as
-* 'connection' events on the given TLS server, and all 'secureConnection' events coming from the
-* TLS server will be handled according to the connection type detected on that socket.
-*/
-export function createServer(tlsServer: tls.Server, requestListener: http.RequestListener): Server;
-export function createServer(configOrServerOrListener:
-  | https.ServerOptions
-  | http.RequestListener
-  | tls.Server,
+export function createServer(config: HttpolyglotOptions, requestListener: http.RequestListener): Server;
+export function createServer(configOrListener:
+  | HttpolyglotOptions
+  | http.RequestListener,
   listener?: http.RequestListener
 ) {
-  return new Server(configOrServerOrListener as any, listener as any);
+  let config: HttpolyglotOptions;
+  let requestListener: http.RequestListener;
+
+  if (typeof configOrListener === 'function') {
+    config = {}
+    requestListener = configOrListener;
+  } else {
+    config = configOrListener;
+    requestListener = listener!;
+  }
+
+  return new Server(config, requestListener);
 };