@mt-tl/server 0.1.0

package/dist/transport/framing.js

@@ -0,0 +1,212 @@
+import { createDecipheriv } from 'node:crypto';
+import CRC32 from 'crc-32';
+import { noopLogger } from '@mt-tl/tl';
+import { calculatePadding } from '../crypto/dh.js';
+function looksLikeTcpFullStreamStart(buf) {
+    const len = buf.readUInt32LE(0);
+    if (len > 65536 || buf.length < len)
+        return false;
+    return buf.readUInt32LE(len - 8) === 0;
+}
+export class Framing {
+    log;
+    mode;
+    inner;
+    /** Plaintext queue from which inner packets are read. */
+    queue = Buffer.alloc(0);
+    /** Pre-detection accumulation. */
+    detectBuf = Buffer.alloc(0);
+    sequenceIn = 0;
+    sequenceOut = 0;
+    decryptor;
+    encryptor;
+    constructor(log = noopLogger) {
+        this.log = log;
+    }
+    /** Feed received bytes; returns any complete packets that became available. */
+    feed(chunk) {
+        if (this.mode === undefined) {
+            this.detectBuf = Buffer.concat([this.detectBuf, chunk]);
+            if (!this.detect())
+                return [];
+        }
+        else if (this.mode === 'obfuscated') {
+            this.queue = Buffer.concat([this.queue, this.decryptor.update(chunk)]);
+        }
+        else {
+            this.queue = Buffer.concat([this.queue, chunk]);
+        }
+        return this.drain();
+    }
+    /** Frame an outgoing packet for the negotiated mode. */
+    frame(packet) {
+        const eff = this.effectiveMode();
+        const framed = this.frameInner(eff, packet);
+        return this.mode === 'obfuscated' ? this.encryptor.update(framed) : framed;
+    }
+    effectiveMode() {
+        if (this.mode === 'obfuscated')
+            return this.inner;
+        return this.mode;
+    }
+    detect() {
+        const buf = this.detectBuf;
+        if (buf.length < 4)
+            return false;
+        if (buf.readUInt8(0) === 0xef) {
+            this.mode = 'abridged';
+            this.queue = Buffer.from(buf.subarray(1));
+            return true;
+        }
+        if (buf.readUInt32LE(0) === 0xeeeeeeee) {
+            this.mode = 'intermediate';
+            this.queue = Buffer.from(buf.subarray(4));
+            return true;
+        }
+        if (buf.length < 8)
+            return false;
+        if (buf.readUInt32LE(4) === 0 || looksLikeTcpFullStreamStart(buf)) {
+            this.mode = 'full';
+            this.queue = Buffer.from(buf);
+            return true;
+        }
+        if (buf.length < 64)
+            return false;
+        // Obfuscated: 64-byte header sets up AES-CTR streams.
+        const header = Buffer.from(buf.subarray(0, 64));
+        const rev = Buffer.from(header).reverse();
+        this.decryptor = createDecipheriv('aes-256-ctr', header.subarray(8, 40), header.subarray(40, 56));
+        this.encryptor = createDecipheriv('aes-256-ctr', rev.subarray(8, 40), rev.subarray(40, 56));
+        const decHeader = this.decryptor.update(header);
+        if (this.log.isLevelEnabled('trace')) {
+            this.log.trace('framing.obfuscated', {
+                tag: decHeader.subarray(56, 60).toString('hex'),
+                rawHead: header.subarray(0, 16).toString('hex'),
+                decHead: decHeader.subarray(0, 16).toString('hex'),
+            });
+        }
+        switch (decHeader[56]) {
+            case 0xdd:
+            case 0xee:
+                this.inner = 'intermediate';
+                break;
+            case 0xef:
+                this.inner = 'abridged';
+                break;
+            default:
+                throw new Error(`obfuscated: cannot determine inner mode (tag ${decHeader.subarray(56, 60).toString('hex')})`);
+        }
+        this.mode = 'obfuscated';
+        this.queue = this.decryptor.update(Buffer.from(buf.subarray(64)));
+        if (this.log.isLevelEnabled('trace')) {
+            this.log.trace('framing.detected', {
+                mode: this.mode,
+                inner: this.inner,
+                queued: this.queue.length,
+            });
+        }
+        return true;
+    }
+    drain() {
+        const out = [];
+        for (;;) {
+            const p = this.readOne();
+            if (p === undefined)
+                break;
+            out.push(p);
+        }
+        return out;
+    }
+    readOne() {
+        switch (this.effectiveMode()) {
+            case 'abridged':
+                return this.readAbridged();
+            case 'intermediate':
+                return this.readIntermediate();
+            case 'full':
+                return this.readFull();
+        }
+    }
+    readAbridged() {
+        const q = this.queue;
+        if (q.length < 1)
+            return undefined;
+        let len = q.readUInt8(0);
+        let shift = 1;
+        if (len === 0x7f) {
+            if (q.length < 4)
+                return undefined;
+            len = (q.readUInt8(1) | (q.readUInt8(2) << 8) | (q.readUInt8(3) << 16)) << 2;
+            shift = 4;
+        }
+        else {
+            len <<= 2;
+        }
+        if (q.length < len + shift)
+            return undefined;
+        const packet = Buffer.from(q.subarray(shift, shift + len));
+        this.queue = q.subarray(shift + len);
+        return packet;
+    }
+    readIntermediate() {
+        const q = this.queue;
+        if (q.length < 4)
+            return undefined;
+        const len = q.readUInt32LE(0);
+        if (q.length < len + 4)
+            return undefined;
+        const packet = Buffer.from(q.subarray(4, 4 + len));
+        this.queue = q.subarray(4 + len);
+        return packet;
+    }
+    readFull() {
+        // Standard tcp_full layout: [len(4)][seq(4)][payload][crc(4)], len = payload + 12.
+        const q = this.queue;
+        if (q.length < 4)
+            return undefined;
+        const len = q.readUInt32LE(0);
+        if (len < 12 || q.length < len)
+            return undefined;
+        const seqNo = q.readUInt32LE(4);
+        if (seqNo !== this.sequenceIn) {
+            throw new Error(`tcp_full: wrong sequence ${seqNo}, expected ${this.sequenceIn}`);
+        }
+        this.sequenceIn++;
+        const packet = Buffer.from(q.subarray(8, len - 4));
+        this.queue = q.subarray(len);
+        return packet;
+    }
+    frameInner(mode, packet) {
+        switch (mode) {
+            case 'abridged': {
+                const pad = Buffer.alloc(calculatePadding(packet.length, 4));
+                const lenValue = (packet.length + pad.length) / 4;
+                const lenB = lenValue < 127
+                    ? Buffer.from([lenValue])
+                    : Buffer.from([
+                        0x7f,
+                        lenValue & 0xff,
+                        (lenValue >> 8) & 0xff,
+                        (lenValue >> 16) & 0xff,
+                    ]);
+                return Buffer.concat([lenB, packet, pad]);
+            }
+            case 'intermediate': {
+                const lenB = Buffer.alloc(4);
+                lenB.writeUInt32LE(packet.length, 0);
+                return Buffer.concat([lenB, packet]);
+            }
+            case 'full': {
+                const lenB = Buffer.alloc(4);
+                lenB.writeUInt32LE(packet.length + 12, 0);
+                const seqB = Buffer.alloc(4);
+                seqB.writeUInt32LE(this.sequenceOut++, 0);
+                const body = Buffer.concat([lenB, seqB, packet]);
+                const crc = Buffer.alloc(4);
+                crc.writeUInt32LE(CRC32.buf(body) >>> 0, 0);
+                return Buffer.concat([body, crc]);
+            }
+        }
+    }
+}
+//# sourceMappingURL=framing.js.map

package/dist/transport/framing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"framing.js","sourceRoot":"","sources":["../../src/transport/framing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,MAAM,QAAQ,CAAA;AAC1B,OAAO,EAAE,UAAU,EAAe,MAAM,WAAW,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAgBlD,SAAS,2BAA2B,CAAC,GAAW;IAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAC/B,IAAI,GAAG,GAAG,KAAK,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAA;IACjD,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA;AAC1C,CAAC;AAED,MAAM,OAAO,OAAO;IAYa;IAX7B,IAAI,CAAO;IACH,KAAK,CAAY;IACzB,yDAAyD;IACjD,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC/B,kCAAkC;IAC1B,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC3B,UAAU,GAAG,CAAC,CAAA;IACd,WAAW,GAAG,CAAC,CAAA;IACf,SAAS,CAAW;IACpB,SAAS,CAAW;IAE5B,YAA6B,MAAc,UAAU;QAAxB,QAAG,GAAH,GAAG,CAAqB;IAAG,CAAC;IAEzD,+EAA+E;IAC/E,IAAI,CAAC,KAAa;QACd,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAA;YACvD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;gBAAE,OAAO,EAAE,CAAA;QACjC,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,SAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3E,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;QACnD,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,EAAE,CAAA;IACvB,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,MAAc;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QAC3C,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;IAC/E,CAAC;IAEO,aAAa;QACjB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,IAAI,CAAC,KAAM,CAAA;QAClD,OAAO,IAAI,CAAC,IAAiB,CAAA;IACjC,CAAC;IAEO,MAAM;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAA;QAC1B,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAA;QAEhC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAA;YACtB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;YACzC,OAAO,IAAI,CAAA;QACf,CAAC;QACD,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACrC,IAAI,CAAC,IAAI,GAAG,cAAc,CAAA;YAC1B,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;YACzC,OAAO,IAAI,CAAA;QACf,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAA;QAChC,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,2BAA2B,CAAC,GAAG,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,IAAI,GAAG,MAAM,CAAA;YAClB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC7B,OAAO,IAAI,CAAA;QACf,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,KAAK,CAAA;QAEjC,sDAAsD;QACtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;QAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,CAAA;QACzC,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;QACjG,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;QAC3F,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAC/C,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAC/C,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;aACrD,CAAC,CAAA;QACN,CAAC;QACD,QAAQ,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;YACpB,KAAK,IAAI,CAAC;YACV,KAAK,IAAI;gBACL,IAAI,CAAC,KAAK,GAAG,cAAc,CAAA;gBAC3B,MAAK;YACT,KAAK,IAAI;gBACL,IAAI,CAAC,KAAK,GAAG,UAAU,CAAA;gBACvB,MAAK;YACT;gBACI,MAAM,IAAI,KAAK,CACX,gDAAgD,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAChG,CAAA;QACT,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,YAAY,CAAA;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACjE,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE;gBAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;aAC5B,CAAC,CAAA;QACN,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAEO,KAAK;QACT,MAAM,GAAG,GAAa,EAAE,CAAA;QACxB,SAAS,CAAC;YACN,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;YACxB,IAAI,CAAC,KAAK,SAAS;gBAAE,MAAK;YAC1B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACf,CAAC;QACD,OAAO,GAAG,CAAA;IACd,CAAC;IAEO,OAAO;QACX,QAAQ,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC3B,KAAK,UAAU;gBACX,OAAO,IAAI,CAAC,YAAY,EAAE,CAAA;YAC9B,KAAK,cAAc;gBACf,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAClC,KAAK,MAAM;gBACP,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAA;QAC9B,CAAC;IACL,CAAC;IAEO,YAAY;QAChB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAA;QACpB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAClC,IAAI,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QACxB,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,SAAS,CAAA;YAClC,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA;YAC5E,KAAK,GAAG,CAAC,CAAA;QACb,CAAC;aAAM,CAAC;YACJ,GAAG,KAAK,CAAC,CAAA;QACb,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG,GAAG,KAAK;YAAE,OAAO,SAAS,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,GAAG,CAAC,CAAC,CAAA;QAC1D,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,CAAA;QACpC,OAAO,MAAM,CAAA;IACjB,CAAC;IAEO,gBAAgB;QACpB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAA;QACpB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAClC,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QACxC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;QAClD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,GAAG,CAAC,CAAA;QAChC,OAAO,MAAM,CAAA;IACjB,CAAC;IAEO,QAAQ;QACZ,mFAAmF;QACnF,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAA;QACpB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAClC,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,SAAS,CAAA;QAChD,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,KAAK,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,cAAc,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACrF,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;QAClD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC5B,OAAO,MAAM,CAAA;IACjB,CAAC;IAEO,UAAU,CAAC,IAAe,EAAE,MAAc;QAC9C,QAAQ,IAAI,EAAE,CAAC;YACX,KAAK,UAAU,CAAC,CAAC,CAAC;gBACd,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;gBAC5D,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBACjD,MAAM,IAAI,GACN,QAAQ,GAAG,GAAG;oBACV,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;oBACzB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;wBACR,IAAI;wBACJ,QAAQ,GAAG,IAAI;wBACf,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI;wBACtB,CAAC,QAAQ,IAAI,EAAE,CAAC,GAAG,IAAI;qBAC1B,CAAC,CAAA;gBACZ,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;YAC7C,CAAC;YACD,KAAK,cAAc,CAAC,CAAC,CAAC;gBAClB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC5B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;gBACpC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;YACxC,CAAC;YACD,KAAK,MAAM,CAAC,CAAC,CAAC;gBACV,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC5B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA;gBACzC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC5B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAA;gBACzC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;gBAChD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC3B,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;YACrC,CAAC;QACL,CAAC;IACL,CAAC;CACJ"}

package/dist/transport/proxy-protocol.d.ts

@@ -0,0 +1,23 @@
+export type ProxyParse = 
+/** A complete header. `sourceIp` is undefined for UNKNOWN/LOCAL/UNSPEC (use the socket address). */
+{
+    status: 'done';
+    sourceIp?: string;
+    consumed: number;
+}
+/** Need more bytes — the buffer is a valid prefix of a header so far. */
+ | {
+    status: 'incomplete';
+}
+/** No PROXY header — treat the bytes as the start of the MTProto stream. */
+ | {
+    status: 'absent';
+};
+/**
+ * Inspects the start of a freshly-accepted TCP stream for a PROXY-protocol
+ * header. Returns `done` (with the parsed source IP and how many bytes the header
+ * occupied), `incomplete` (call again with more bytes), or `absent` (no header —
+ * the bytes are the MTProto stream itself).
+ */
+export declare function parseProxyHeader(buf: Buffer): ProxyParse;
+//# sourceMappingURL=proxy-protocol.d.ts.map

package/dist/transport/proxy-protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-protocol.d.ts","sourceRoot":"","sources":["../../src/transport/proxy-protocol.ts"],"names":[],"mappings":"AAeA,MAAM,MAAM,UAAU;AAClB,oGAAoG;AAClG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE;AACzD,yEAAyE;GACvE;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE;AAC1B,4EAA4E;GAC1E;IAAE,MAAM,EAAE,QAAQ,CAAA;CAAE,CAAA;AAE1B;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAyBxD"}

package/dist/transport/proxy-protocol.js

@@ -0,0 +1,108 @@
+// PROXY protocol (HAProxy) header parsing for the raw-TCP carrier. When a TCP
+// load balancer / proxy sits in front, it prepends a small header announcing the
+// real client address before the MTProto byte stream. We parse it (v1 text and
+// v2 binary) so `RpcContext.ip` reflects the client, not the proxy. Only used
+// when `trustProxy` is set — the spec assumes a trusted proxy always prepends it.
+// Ref: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
+/** 12-byte v2 signature: `\r\n\r\n\0\r\nQUIT\n`. */
+const V2_SIG = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a, 0x00, 0x0d, 0x0a, 0x51, 0x55, 0x49, 0x54, 0x0a]);
+/** v1 lines start with `PROXY ` and are at most 107 bytes incl. CRLF. */
+const V1_PREFIX = Buffer.from('PROXY ');
+const V1_MAX = 107;
+/** Cap buffered bytes while a header is still incomplete (guards a slow/malicious peer). */
+const MAX_HEADER = 1024;
+/**
+ * Inspects the start of a freshly-accepted TCP stream for a PROXY-protocol
+ * header. Returns `done` (with the parsed source IP and how many bytes the header
+ * occupied), `incomplete` (call again with more bytes), or `absent` (no header —
+ * the bytes are the MTProto stream itself).
+ */
+export function parseProxyHeader(buf) {
+    if (buf.length === 0)
+        return { status: 'incomplete' };
+    const b0 = buf[0];
+    // v2 — binary, begins with 0x0D.
+    if (b0 === 0x0d) {
+        const n = Math.min(buf.length, V2_SIG.length);
+        for (let i = 0; i < n; i++)
+            if (buf[i] !== V2_SIG[i])
+                return { status: 'absent' };
+        if (buf.length < 16)
+            return buf.length > MAX_HEADER ? { status: 'absent' } : { status: 'incomplete' };
+        return parseV2(buf);
+    }
+    // v1 — text, begins with 'P' (0x50) of "PROXY ".
+    if (b0 === 0x50) {
+        const crlf = buf.indexOf('\r\n');
+        if (crlf === -1) {
+            if (buf.length > V1_MAX)
+                return { status: 'absent' };
+            const n = Math.min(buf.length, V1_PREFIX.length);
+            for (let i = 0; i < n; i++)
+                if (buf[i] !== V1_PREFIX[i])
+                    return { status: 'absent' };
+            return { status: 'incomplete' };
+        }
+        return parseV1(buf.toString('latin1', 0, crlf), crlf + 2);
+    }
+    return { status: 'absent' };
+}
+function parseV1(line, consumed) {
+    // "PROXY TCP4 <src> <dst> <srcPort> <dstPort>" | "PROXY UNKNOWN ..."
+    const parts = line.split(' ');
+    if (parts[0] !== 'PROXY')
+        return { status: 'absent' };
+    if (parts[1] === 'TCP4' || parts[1] === 'TCP6')
+        return { status: 'done', sourceIp: parts[2], consumed };
+    return { status: 'done', consumed }; // UNKNOWN — no announced address
+}
+function parseV2(buf) {
+    const cmd = buf[12] & 0x0f; // 0 = LOCAL (health check), 1 = PROXY
+    const family = buf[13] >> 4; // 1 = AF_INET, 2 = AF_INET6
+    const addrLen = buf.readUInt16BE(14);
+    const total = 16 + addrLen;
+    if (buf.length < total)
+        return total > MAX_HEADER ? { status: 'absent' } : { status: 'incomplete' };
+    let sourceIp;
+    if (cmd === 0x1) {
+        if (family === 0x1 && addrLen >= 12) {
+            sourceIp = `${buf[16]}.${buf[17]}.${buf[18]}.${buf[19]}`;
+        }
+        else if (family === 0x2 && addrLen >= 36) {
+            sourceIp = formatIpv6(buf.subarray(16, 32));
+        }
+    }
+    return { status: 'done', sourceIp, consumed: total };
+}
+/** 16 bytes → a compressed IPv6 string (longest run of zero groups → `::`). */
+function formatIpv6(b) {
+    const groups = [];
+    for (let i = 0; i < 16; i += 2)
+        groups.push((b[i] << 8) | b[i + 1]);
+    // Find the longest run of zero groups to compress.
+    let bestStart = -1;
+    let bestLen = 0;
+    let curStart = -1;
+    let curLen = 0;
+    for (let i = 0; i < 8; i++) {
+        if (groups[i] === 0) {
+            if (curStart === -1)
+                curStart = i;
+            curLen++;
+            if (curLen > bestLen) {
+                bestLen = curLen;
+                bestStart = curStart;
+            }
+        }
+        else {
+            curStart = -1;
+            curLen = 0;
+        }
+    }
+    if (bestLen < 2)
+        return groups.map(g => g.toString(16)).join(':');
+    const head = groups.slice(0, bestStart).map(g => g.toString(16));
+    const tail = groups.slice(bestStart + bestLen).map(g => g.toString(16));
+    return `${head.join(':')}::${tail.join(':')}`;
+}
+//# sourceMappingURL=proxy-protocol.js.map

package/dist/transport/proxy-protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-protocol.js","sourceRoot":"","sources":["../../src/transport/proxy-protocol.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,iFAAiF;AACjF,+EAA+E;AAC/E,8EAA8E;AAC9E,kFAAkF;AAClF,mEAAmE;AAEnE,oDAAoD;AACpD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;AACpG,yEAAyE;AACzE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,4FAA4F;AAC5F,MAAM,UAAU,GAAG,IAAI,CAAA;AAUvB;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAA;IACrD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAE,CAAA;IAElB,iCAAiC;IACjC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QACd,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;YAAE,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC;gBAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;QACjF,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAA;QACrG,OAAO,OAAO,CAAC,GAAG,CAAC,CAAA;IACvB,CAAC;IAED,iDAAiD;IACjD,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC;YACd,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM;gBAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;YACpD,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;YAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC;oBAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;YACpF,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAA;QACnC,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAA;IAC7D,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;AAC/B,CAAC;AAED,SAAS,OAAO,CAAC,IAAY,EAAE,QAAgB;IAC3C,qEAAqE;IACrE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO;QAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;IACrD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAA;IACvG,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA,CAAC,iCAAiC;AACzE,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IACxB,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,CAAE,GAAG,IAAI,CAAA,CAAC,sCAAsC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,EAAE,CAAE,IAAI,CAAC,CAAA,CAAC,4BAA4B;IACzD,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;IACpC,MAAM,KAAK,GAAG,EAAE,GAAG,OAAO,CAAA;IAC1B,IAAI,GAAG,CAAC,MAAM,GAAG,KAAK;QAAE,OAAO,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAA;IAEnG,IAAI,QAA4B,CAAA;IAChC,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QACd,IAAI,MAAM,KAAK,GAAG,IAAI,OAAO,IAAI,EAAE,EAAE,CAAC;YAClC,QAAQ,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE,CAAA;QAC5D,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,IAAI,OAAO,IAAI,EAAE,EAAE,CAAC;YACzC,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;QAC/C,CAAC;IACL,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;AACxD,CAAC;AAED,+EAA+E;AAC/E,SAAS,UAAU,CAAC,CAAS;IACzB,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAA;IACrE,mDAAmD;IACnD,IAAI,SAAS,GAAG,CAAC,CAAC,CAAA;IAClB,IAAI,OAAO,GAAG,CAAC,CAAA;IACf,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAA;IACjB,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACzB,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAClB,IAAI,QAAQ,KAAK,CAAC,CAAC;gBAAE,QAAQ,GAAG,CAAC,CAAA;YACjC,MAAM,EAAE,CAAA;YACR,IAAI,MAAM,GAAG,OAAO,EAAE,CAAC;gBACnB,OAAO,GAAG,MAAM,CAAA;gBAChB,SAAS,GAAG,QAAQ,CAAA;YACxB,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,QAAQ,GAAG,CAAC,CAAC,CAAA;YACb,MAAM,GAAG,CAAC,CAAA;QACd,CAAC;IACL,CAAC;IACD,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjE,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;IAChE,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;IACvE,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;AACjD,CAAC"}

package/dist/transport/server-common.d.ts

@@ -0,0 +1,27 @@
+import type { Logger } from '@mt-tl/tl';
+import type { Connection } from './connection.js';
+export type PacketHandler = (packet: Buffer, conn: Connection) => void | Promise<void>;
+export interface TransportHandlers {
+    onPacket: PacketHandler;
+    onConnect?: (conn: Connection) => void;
+    onClose?: (conn: Connection) => void;
+}
+export interface TransportOptions {
+    port: number;
+    defaultLayer: number;
+    /**
+     * Trust an upstream proxy for the client address: parse the PROXY-protocol
+     * header on raw TCP, and trust `X-Forwarded-For` on WebSocket. Leave off
+     * (default) when clients connect directly — the headers are spoofable.
+     */
+    trustProxy?: boolean;
+    /** Structured logger; the carrier derives a per-connection child from it. */
+    logger?: Logger;
+}
+/**
+ * Feed a received byte chunk into a connection's framing and enqueue any
+ * complete packets. Shared by the WebSocket and raw-TCP carriers — both deliver
+ * bytes (WS as binary frames, TCP as a stream) to the same stateful framer.
+ */
+export declare function pump(conn: Connection, chunk: Buffer, handlers: TransportHandlers): void;
+//# sourceMappingURL=server-common.d.ts.map

package/dist/transport/server-common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-common.d.ts","sourceRoot":"","sources":["../../src/transport/server-common.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,WAAW,CAAA;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;AAEtF,MAAM,WAAW,iBAAiB;IAC9B,QAAQ,EAAE,aAAa,CAAA;IACvB,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAA;IACtC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAA;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,CAAA;IACpB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;;;GAIG;AACH,wBAAgB,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,GAAG,IAAI,CAmBvF"}

package/dist/transport/server-common.js

@@ -0,0 +1,27 @@
+/**
+ * Feed a received byte chunk into a connection's framing and enqueue any
+ * complete packets. Shared by the WebSocket and raw-TCP carriers — both deliver
+ * bytes (WS as binary frames, TCP as a stream) to the same stateful framer.
+ */
+export function pump(conn, chunk, handlers) {
+    let packets;
+    try {
+        packets = conn.framing.feed(chunk);
+    }
+    catch (err) {
+        // Unframable bytes = a broken/hostile client; drop the connection. Expected
+        // enough to be a warn, not an error (no server fault).
+        conn.log.warn('framing.error', { err: String(err) });
+        conn.close();
+        return;
+    }
+    if (packets.length && conn.log.isLevelEnabled('trace')) {
+        conn.log.trace('framing.packets', {
+            packets: packets.map(p => ({ bytes: p.length, head: p.subarray(0, 8).toString('hex') })),
+        });
+    }
+    for (const packet of packets) {
+        conn.enqueue(() => handlers.onPacket(packet, conn));
+    }
+}
+//# sourceMappingURL=server-common.js.map

package/dist/transport/server-common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-common.js","sourceRoot":"","sources":["../../src/transport/server-common.ts"],"names":[],"mappings":"AAwBA;;;;GAIG;AACH,MAAM,UAAU,IAAI,CAAC,IAAgB,EAAE,KAAa,EAAE,QAA2B;IAC7E,IAAI,OAAiB,CAAA;IACrB,IAAI,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,4EAA4E;QAC5E,uDAAuD;QACvD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACpD,IAAI,CAAC,KAAK,EAAE,CAAA;QACZ,OAAM;IACV,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,EAAE;YAC9B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;SAC3F,CAAC,CAAA;IACN,CAAC;IACD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAA;IACvD,CAAC;AACL,CAAC"}

package/dist/transport/tcp-server.d.ts

@@ -0,0 +1,26 @@
+import { type TransportHandlers, type TransportOptions } from './server-common.js';
+/**
+ * Raw TCP carrier for MTProto, for legacy clients that connect over a plain
+ * socket rather than WebSocket. The byte stream is fed into the same framing as
+ * WS (the framer already reassembles packets across `data` events), so abridged
+ * / intermediate / full / obfuscated transports all work identically here.
+ */
+export declare class MtprotoTcpServer {
+    private readonly options;
+    private readonly handlers;
+    private server?;
+    private lastId;
+    constructor(options: TransportOptions, handlers: TransportHandlers);
+    listen(): Promise<void>;
+    get port(): number;
+    private onConnection;
+    /**
+     * Data handler that strips a leading PROXY-protocol header (when present)
+     * before the byte stream reaches framing, recording the announced client IP
+     * on the connection. Once the header is consumed (or shown absent), all
+     * further bytes pass straight to `pump`.
+     */
+    private proxyAware;
+    close(): void;
+}
+//# sourceMappingURL=tcp-server.d.ts.map

package/dist/transport/tcp-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tcp-server.d.ts","sourceRoot":"","sources":["../../src/transport/tcp-server.ts"],"names":[],"mappings":"AAGA,OAAO,EAAQ,KAAK,iBAAiB,EAAE,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAGxF;;;;;GAKG;AACH,qBAAa,gBAAgB;IAKrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAL7B,OAAO,CAAC,MAAM,CAAC,CAAQ;IACvB,OAAO,CAAC,MAAM,CAAI;gBAGG,OAAO,EAAE,gBAAgB,EACzB,QAAQ,EAAE,iBAAiB;IAGhD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQvB,IAAI,IAAI,IAAI,MAAM,CAGjB;IAED,OAAO,CAAC,YAAY;IAsCpB;;;;;OAKG;IACH,OAAO,CAAC,UAAU;IAoBlB,KAAK,IAAI,IAAI;CAGhB"}

package/dist/transport/tcp-server.js

@@ -0,0 +1,91 @@
+import { createServer } from 'node:net';
+import { noopLogger } from '@mt-tl/tl';
+import { Connection } from './connection.js';
+import { pump } from './server-common.js';
+import { parseProxyHeader } from './proxy-protocol.js';
+/**
+ * Raw TCP carrier for MTProto, for legacy clients that connect over a plain
+ * socket rather than WebSocket. The byte stream is fed into the same framing as
+ * WS (the framer already reassembles packets across `data` events), so abridged
+ * / intermediate / full / obfuscated transports all work identically here.
+ */
+export class MtprotoTcpServer {
+    options;
+    handlers;
+    server;
+    lastId = 0;
+    constructor(options, handlers) {
+        this.options = options;
+        this.handlers = handlers;
+    }
+    listen() {
+        return new Promise((resolve, reject) => {
+            this.server = createServer({ allowHalfOpen: false }, socket => this.onConnection(socket));
+            this.server.once('error', reject);
+            this.server.listen(this.options.port, () => resolve());
+        });
+    }
+    get port() {
+        const addr = this.server?.address();
+        return addr && typeof addr === 'object' ? addr.port : this.options.port;
+    }
+    onConnection(socket) {
+        socket.setNoDelay(true);
+        const id = ++this.lastId;
+        const log = (this.options.logger ?? noopLogger).child({ scope: 'tcp', conn: id });
+        log.info('conn.open', { remote: socket.remoteAddress });
+        const conn = new Connection(id, bytes => {
+            try {
+                socket.write(bytes);
+            }
+            catch {
+                conn.close();
+            }
+        }, () => socket.destroy(), socket.remoteAddress, this.options.defaultLayer, log);
+        this.handlers.onConnect?.(conn);
+        socket.on('data', this.options.trustProxy ? this.proxyAware(conn) : chunk => pump(conn, chunk, this.handlers));
+        socket.on('close', () => {
+            log.info('conn.close');
+            conn.closed = true;
+            this.handlers.onClose?.(conn);
+        });
+        socket.on('error', err => {
+            log.warn('tcp.error', { err: String(err) });
+            conn.close();
+        });
+    }
+    /**
+     * Data handler that strips a leading PROXY-protocol header (when present)
+     * before the byte stream reaches framing, recording the announced client IP
+     * on the connection. Once the header is consumed (or shown absent), all
+     * further bytes pass straight to `pump`.
+     */
+    proxyAware(conn) {
+        let header = Buffer.alloc(0);
+        return (chunk) => {
+            if (header === null)
+                return pump(conn, chunk, this.handlers);
+            header = header.length ? Buffer.concat([header, chunk]) : chunk;
+            const res = parseProxyHeader(header);
+            if (res.status === 'incomplete')
+                return;
+            const buffered = header;
+            header = null; // done parsing; subsequent chunks bypass this path
+            if (res.status === 'done') {
+                if (res.sourceIp)
+                    conn.ctx.remoteAddress = res.sourceIp;
+                const rest = buffered.subarray(res.consumed);
+                if (rest.length)
+                    pump(conn, rest, this.handlers);
+            }
+            else {
+                // No PROXY header — the bytes are the MTProto stream itself.
+                pump(conn, buffered, this.handlers);
+            }
+        };
+    }
+    close() {
+        this.server?.close();
+    }
+}
+//# sourceMappingURL=tcp-server.js.map

package/dist/transport/tcp-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tcp-server.js","sourceRoot":"","sources":["../../src/transport/tcp-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA8C,MAAM,UAAU,CAAA;AACnF,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,IAAI,EAAiD,MAAM,oBAAoB,CAAA;AACxF,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEtD;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IAKJ;IACA;IALb,MAAM,CAAS;IACf,MAAM,GAAG,CAAC,CAAA;IAElB,YACqB,OAAyB,EACzB,QAA2B;QAD3B,YAAO,GAAP,OAAO,CAAkB;QACzB,aAAQ,GAAR,QAAQ,CAAmB;IAC7C,CAAC;IAEJ,MAAM;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAA;YACzF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;YACjC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAA;QAC1D,CAAC,CAAC,CAAA;IACN,CAAC;IAED,IAAI,IAAI;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAA;QACnC,OAAO,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAE,IAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAA;IAC5F,CAAC;IAEO,YAAY,CAAC,MAAc;QAC/B,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;QACvB,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,CAAA;QAExB,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;QACjF,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;QAEvD,MAAM,IAAI,GAAG,IAAI,UAAU,CACvB,EAAE,EACF,KAAK,CAAC,EAAE;YACJ,IAAI,CAAC;gBACD,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YACvB,CAAC;YAAC,MAAM,CAAC;gBACL,IAAI,CAAC,KAAK,EAAE,CAAA;YAChB,CAAC;QACL,CAAC,EACD,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EACtB,MAAM,CAAC,aAAa,EACpB,IAAI,CAAC,OAAO,CAAC,YAAY,EACzB,GAAG,CACN,CAAA;QAED,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,EAAE,CACL,MAAM,EACN,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAC9F,CAAA;QACD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACpB,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;YACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAA;YAClB,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;QACF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;YACrB,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC3C,IAAI,CAAC,KAAK,EAAE,CAAA;QAChB,CAAC,CAAC,CAAA;IACN,CAAC;IAED;;;;;OAKG;IACK,UAAU,CAAC,IAAgB;QAC/B,IAAI,MAAM,GAAkB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3C,OAAO,CAAC,KAAa,EAAE,EAAE;YACrB,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;YAC5D,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;YAC/D,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAA;YACpC,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY;gBAAE,OAAM;YACvC,MAAM,QAAQ,GAAG,MAAM,CAAA;YACvB,MAAM,GAAG,IAAI,CAAA,CAAC,mDAAmD;YACjE,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ;oBAAE,IAAI,CAAC,GAAG,CAAC,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAA;gBACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;gBAC5C,IAAI,IAAI,CAAC,MAAM;oBAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;YACpD,CAAC;iBAAM,CAAC;gBACJ,6DAA6D;gBAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;YACvC,CAAC;QACL,CAAC,CAAA;IACL,CAAC;IAED,KAAK;QACD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAA;IACxB,CAAC;CACJ"}

package/dist/transport/ws-server.d.ts

@@ -0,0 +1,19 @@
+import { type TransportHandlers, type TransportOptions } from './server-common.js';
+export type { PacketHandler, TransportHandlers } from './server-common.js';
+/**
+ * WebSocket carrier for MTProto. Each binary frame is fed into the connection's
+ * transport framing; complete packets are handed to `onPacket` in arrival order.
+ */
+export declare class MtprotoWsServer {
+    private readonly options;
+    private readonly handlers;
+    private wss?;
+    private lastId;
+    constructor(options: TransportOptions, handlers: TransportHandlers);
+    listen(): Promise<void>;
+    /** Bound TCP port (useful when listening on port 0 in tests). */
+    get port(): number;
+    private onConnection;
+    close(): void;
+}
+//# sourceMappingURL=ws-server.d.ts.map

package/dist/transport/ws-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ws-server.d.ts","sourceRoot":"","sources":["../../src/transport/ws-server.ts"],"names":[],"mappings":"AAKA,OAAO,EAAQ,KAAK,iBAAiB,EAAE,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAExF,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAQ1E;;;GAGG;AACH,qBAAa,eAAe;IAKpB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAL7B,OAAO,CAAC,GAAG,CAAC,CAAiB;IAC7B,OAAO,CAAC,MAAM,CAAI;gBAGG,OAAO,EAAE,gBAAgB,EACzB,QAAQ,EAAE,iBAAiB;IAGhD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQvB,iEAAiE;IACjE,IAAI,IAAI,IAAI,MAAM,CAGjB;IAED,OAAO,CAAC,YAAY;IAgDpB,KAAK,IAAI,IAAI;CAGhB"}