@opensecurity/zonzon-core 0.1.2 → 0.1.3

package/src/env.d.ts

@@ -1 +0,0 @@
-/// <reference types="node" />

package/src/firewall.ts

@@ -1,66 +0,0 @@
-import * as net from "net";
-import { FirewallConfig } from "./types.js";
-
-export class FirewallEngine {
-  private ipToInt(ip: string): number {
-    return ip.split('.').reduce((int, octet) => (int << 8) + parseInt(octet, 10), 0) >>> 0;
-  }
-
-  private matchCidr(ip: string, cidr: string): boolean {
-    try {
-      const [range, bits] = cidr.split('/');
-      const mask = bits ? ~(Math.pow(2, 32 - parseInt(bits, 10)) - 1) : 0xFFFFFFFF;
-      return (this.ipToInt(ip) & mask) === (this.ipToInt(range) & mask);
-    } catch {
-      return false;
-    }
-  }
-
-  private matchDomain(domain: string, pattern: string): boolean {
-    if (pattern === "*") return true; 
-    const normDomain = domain.toLowerCase().replace(/\.$/, "");
-    const normPattern = pattern.toLowerCase().replace(/\.$/, "");
-    
-    if (normPattern === normDomain) return true;
-    if (normPattern.startsWith("*.")) {
-      const suffix = normPattern.slice(2);
-      return normDomain === suffix || normDomain.endsWith("." + suffix);
-    }
-    return false;
-  }
-
-  public evaluateIp(ip: string, fw?: FirewallConfig): "ALLOW" | "DENY" {
-    if (!fw) return "ALLOW"; 
-    if (!net.isIPv4(ip)) return "DENY"; 
-
-    if (fw.blocklist_ips && fw.blocklist_ips.includes(ip)) return "DENY";
-
-    for (const range of fw.blocklist_ranges || []) {
-      if (this.matchCidr(ip, range)) return "DENY";
-    }
-
-    if (fw.allowlist_ips && fw.allowlist_ips.includes(ip)) return "ALLOW";
-
-    for (const range of fw.allowlist_ranges || []) {
-      if (this.matchCidr(ip, range)) return "ALLOW";
-    }
-
-    return fw.defaultPolicy === "allow" ? "ALLOW" : "DENY";
-  }
-
-  public evaluateDomain(domain: string, fw?: FirewallConfig): "ALLOW" | "DENY" {
-    if (!fw) return "ALLOW";
-
-    for (const pattern of fw.blocklist_domains || []) {
-      if (this.matchDomain(domain, pattern)) return "DENY";
-    }
-
-    for (const pattern of fw.allowlist_domains || []) {
-      if (this.matchDomain(domain, pattern)) return "ALLOW";
-    }
-
-    return fw.defaultPolicy === "allow" ? "ALLOW" : "DENY";
-  }
-}
-
-export const firewallEngine = new FirewallEngine();

package/src/http-body-forwarding-integration.test.ts

@@ -1,357 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "assert";
-import * as http from "http";
-
-describe("HTTP Body Forwarding Integration", () => {
-  let upstreamServer: http.Server;
-  let receivedBodies: string[] = [];
-
-  const TEST_PORT = 19876; 
-  const PROXY_PORT = 19877; 
-
-  function startUpstreamServer(): Promise<number> {
-    return new Promise((resolve) => {
-      upstreamServer = http.createServer((req: http.IncomingMessage, res: http.ServerResponse) => {
-        if (req.method !== "GET" && req.method !== "HEAD") {
-          const chunks: Buffer[] = [];
-          req.on("data", (chunk: Buffer) => {
-            chunks.push(chunk);
-          });
-          req.on("end", () => {
-            const body = Buffer.concat(chunks).toString("utf-8");
-            if (body.length > 0) {
-              receivedBodies.push(body);
-            }
-            res.writeHead(200, { "Content-Type": "text/plain" });
-            res.end(`upstream ${req.method} body size: ${Buffer.concat(chunks).length}`);
-          });
-        } else {
-          res.writeHead(200, { "Content-Type": "text/plain" });
-          res.end("GET/HEAD received");
-        }
-      });
-
-      upstreamServer.listen(TEST_PORT, "127.0.0.1", () => {
-        resolve(TEST_PORT);
-      });
-    });
-  }
-
-  function stopUpstreamServer(): Promise<void> {
-    return new Promise((resolve) => {
-      if (upstreamServer) {
-        upstreamServer.close(() => resolve());
-      } else {
-        resolve();
-      }
-    });
-  }
-
-  function sendPostRequest(url: string, body: string): Promise<{ status: number; response: string }> {
-    return new Promise((resolve, reject) => {
-      const parsed = new URL(url);
-      const postData = Buffer.from(body);
-
-      const options = {
-        hostname: "127.0.0.1",
-        port: parsed.port ? parseInt(parsed.port, 10) : PROXY_PORT,
-        path: parsed.pathname + parsed.search,
-        method: "POST",
-        headers: {
-          Host: parsed.hostname,
-          "Content-Type": "text/plain",
-          "Content-Length": postData.length,
-        },
-      };
-
-      const req = http.request(options, (res: http.IncomingMessage) => {
-        let responseBody = "";
-        res.on("data", (chunk: Buffer) => {
-          responseBody += chunk.toString();
-        });
-        res.on("end", () => {
-          resolve({ status: res.statusCode || 500, response: responseBody });
-        });
-      });
-
-      req.on("error", reject);
-      req.write(postData);
-      req.end();
-    });
-  }
-
-  function sendPutRequest(url: string, body: string): Promise<{ status: number; response: string }> {
-    return new Promise((resolve, reject) => {
-      const parsed = new URL(url);
-      const putData = Buffer.from(body);
-
-      const options = {
-        hostname: "127.0.0.1",
-        port: parsed.port ? parseInt(parsed.port, 10) : PROXY_PORT,
-        path: parsed.pathname + parsed.search,
-        method: "PUT",
-        headers: {
-          Host: parsed.hostname,
-          "Content-Type": "text/plain",
-          "Content-Length": putData.length,
-        },
-      };
-
-      const req = http.request(options, (res: http.IncomingMessage) => {
-        let responseBody = "";
-        res.on("data", (chunk: Buffer) => {
-          responseBody += chunk.toString();
-        });
-        res.on("end", () => {
-          resolve({ status: res.statusCode || 500, response: responseBody });
-        });
-      });
-
-      req.on("error", reject);
-      req.write(putData);
-      req.end();
-    });
-  }
-
-  function get(url: string): Promise<{ status: number; response: string }> {
-    return new Promise((resolve, reject) => {
-      const parsed = new URL(url);
-
-      const req = http.request({
-        hostname: "127.0.0.1",
-        port: parsed.port ? parseInt(parsed.port, 10) : PROXY_PORT,
-        path: parsed.pathname + parsed.search,
-        method: "GET",
-        headers: { Host: parsed.hostname },
-      }, (res: http.IncomingMessage) => {
-        let responseBody = "";
-        res.on("data", (chunk: Buffer) => {
-          responseBody += chunk.toString();
-        });
-        res.on("end", () => {
-          resolve({ status: res.statusCode || 500, response: responseBody });
-        });
-      });
-
-      req.on("error", reject);
-      req.end();
-    });
-  }
-
-  it("forwards POST body to upstream when forwardRequestBody is enabled", async () => {
-    const { DevDnsServer } = await import("./dns-service.js");
-    const { HttpHandler } = await import("./http-handler.js");
-
-    receivedBodies = [];
-    const port = await startUpstreamServer();
-
-    try {
-      const config: any = {
-        port: 53,
-        hosts: {
-          "app.loop": {
-            records: [{ type: "A", address: "127.0.0.1" }],
-            http_proxy: {
-              enabled: true,
-              upstream: `http://127.0.0.1:${port}`,
-              headers: {},
-              forwardRequestBody: true,
-            },
-          },
-        },
-      };
-
-      const dnsServer = new DevDnsServer(config);
-      const handler = new HttpHandler(dnsServer, config, PROXY_PORT);
-      await handler.start();
-
-      try {
-        await new Promise<void>((resolve) => setTimeout(resolve, 100));
-
-        const bodyContent = "hello world test payload";
-        const result = await sendPostRequest(`http://app.loop/test`, bodyContent);
-
-        assert.strictEqual(result.status, 200);
-        assert.ok(receivedBodies.length > 0);
-        assert.strictEqual(receivedBodies[0], bodyContent);
-      } finally {
-        await handler.stop();
-      }
-    } finally {
-      await stopUpstreamServer();
-    }
-  });
-
-  it("forwards PUT body to upstream when forwardRequestBody is enabled", async () => {
-    const { DevDnsServer } = await import("./dns-service.js");
-    const { HttpHandler } = await import("./http-handler.js");
-
-    receivedBodies = [];
-    const port = await startUpstreamServer();
-
-    try {
-      const config: any = {
-        port: 53,
-        hosts: {
-          "app.loop": {
-            records: [{ type: "A", address: "127.0.0.1" }],
-            http_proxy: {
-              enabled: true,
-              upstream: `http://127.0.0.1:${port}`,
-              headers: {},
-              forwardRequestBody: true,
-            },
-          },
-        },
-      };
-
-      const dnsServer = new DevDnsServer(config);
-      const handler = new HttpHandler(dnsServer, config, PROXY_PORT);
-      await handler.start();
-
-      try {
-        await new Promise<void>((resolve) => setTimeout(resolve, 100));
-
-        const bodyContent = '{"key":"value","count":42}';
-        const result = await sendPutRequest(`http://app.loop/api/update`, bodyContent);
-
-        assert.strictEqual(result.status, 200);
-        assert.ok(receivedBodies.length > 0);
-        assert.strictEqual(receivedBodies[0], bodyContent);
-      } finally {
-        await handler.stop();
-      }
-    } finally {
-      await stopUpstreamServer();
-    }
-  });
-
-  it("does not forward body for GET requests even when forwarding is enabled", async () => {
-    const { DevDnsServer } = await import("./dns-service.js");
-    const { HttpHandler } = await import("./http-handler.js");
-
-    receivedBodies = [];
-    const port = await startUpstreamServer();
-
-    try {
-      const config: any = {
-        port: 53,
-        hosts: {
-          "app.loop": {
-            records: [{ type: "A", address: "127.0.0.1" }],
-            http_proxy: {
-              enabled: true,
-              upstream: `http://127.0.0.1:${port}`,
-              headers: {},
-              forwardRequestBody: true,
-            },
-          },
-        },
-      };
-
-      const dnsServer = new DevDnsServer(config);
-      const handler = new HttpHandler(dnsServer, config, PROXY_PORT);
-      await handler.start();
-
-      try {
-        await new Promise<void>((resolve) => setTimeout(resolve, 100));
-
-        const result = await get("http://app.loop/data");
-
-        assert.strictEqual(result.status, 200);
-        assert.strictEqual(receivedBodies.length, 0);
-      } finally {
-        await handler.stop();
-      }
-    } finally {
-      await stopUpstreamServer();
-    }
-  });
-
-  it("rejects oversized body with 413 when forwarding is enabled", async () => {
-    const { DevDnsServer } = await import("./dns-service.js");
-    const { HttpHandler } = await import("./http-handler.js");
-
-    receivedBodies = [];
-    const port = await startUpstreamServer();
-
-    try {
-      const config: any = {
-        port: 53,
-        hosts: {
-          "app.loop": {
-            records: [{ type: "A", address: "127.0.0.1" }],
-            http_proxy: {
-              enabled: true,
-              upstream: `http://127.0.0.1:${port}`,
-              headers: {},
-              forwardRequestBody: true,
-              maxRequestBodyBytes: 100, 
-            },
-          },
-        },
-      };
-
-      const dnsServer = new DevDnsServer(config);
-      const handler = new HttpHandler(dnsServer, config, PROXY_PORT);
-      await handler.start();
-
-      try {
-        await new Promise<void>((resolve) => setTimeout(resolve, 100));
-
-        const largeBody = "x".repeat(200);
-        const result = await sendPostRequest(`http://app.loop/upload`, largeBody);
-
-        assert.strictEqual(result.status, 413);
-        assert.strictEqual(receivedBodies.length, 0);
-      } finally {
-        await handler.stop();
-      }
-    } finally {
-      await stopUpstreamServer();
-    }
-  });
-
-  it("does not forward body when forwardRequestBody is disabled", async () => {
-    const { DevDnsServer } = await import("./dns-service.js");
-    const { HttpHandler } = await import("./http-handler.js");
-
-    receivedBodies = [];
-    const port = await startUpstreamServer();
-
-    try {
-      const config: any = {
-        port: 53,
-        hosts: {
-          "app.loop": {
-            records: [{ type: "A", address: "127.0.0.1" }],
-            http_proxy: {
-              enabled: true,
-              upstream: `http://127.0.0.1:${port}`,
-              headers: {},
-              forwardRequestBody: false, 
-            },
-          },
-        },
-      };
-
-      const dnsServer = new DevDnsServer(config);
-      const handler = new HttpHandler(dnsServer, config, PROXY_PORT);
-      await handler.start();
-
-      try {
-        await new Promise<void>((resolve) => setTimeout(resolve, 100));
-
-        const bodyContent = "this should not be forwarded";
-        const result = await sendPostRequest(`http://app.loop/submit`, bodyContent);
-
-        assert.strictEqual(result.status, 200);
-        assert.strictEqual(receivedBodies.length, 0);
-      } finally {
-        await handler.stop();
-      }
-    } finally {
-      await stopUpstreamServer();
-    }
-  });
-});

package/src/http-body-forwarding.test.ts

@@ -1,101 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "assert";
-import { HttpProxyService } from "./http-proxy.js";
-import { HostConfig } from "./types.js";
-
-function makeBodyForwardingConfig(): HostConfig {
-  return {
-    records: [{ type: "A", address: "127.0.0.1" }],
-    http_proxy: {
-      enabled: true,
-      upstream: "http://upstream.example.com",
-      headers: { "X-Forward-Body": "true" },
-    },
-    redirect: undefined,
-  };
-}
-
-describe("HttpProxyService - Body Forwarding Configuration", () => {
-  const proxy = new HttpProxyService();
-
-  it("accepts host config with body forwarding enabled", () => {
-    const config: HostConfig & { http_proxy?: { enabled?: boolean; upstream?: string; headers?: Record<string, string>; forwardRequestBody?: boolean } } = {
-      records: [{ type: "A", address: "127.0.0.1" }],
-      http_proxy: {
-        enabled: true,
-        upstream: "http://upstream.example.com",
-        headers: {},
-        forwardRequestBody: true,
-      },
-    };
-
-    assert.strictEqual(config.http_proxy?.forwardRequestBody, true);
-  });
-
-  it("defaults body forwarding to false when not specified", () => {
-    const config = makeBodyForwardingConfig();
-    assert.ok(!config.http_proxy?.forwardRequestBody);
-  });
-
-  it("rejects body forwarding when proxy is disabled", () => {
-    const config: HostConfig & { http_proxy?: { enabled?: boolean; upstream?: string; headers?: Record<string, string>; forwardRequestBody?: boolean } } = {
-      records: [{ type: "A", address: "127.0.0.1" }],
-      http_proxy: {
-        enabled: false,
-        upstream: "",
-        headers: {},
-        forwardRequestBody: true,
-      },
-    };
-
-    assert.strictEqual(config.http_proxy?.enabled, false);
-  });
-});
-
-describe("HttpProxyService - Body Forwarding Header", () => {
-  const proxy = new HttpProxyService();
-
-  it("injects X-Forwarded-Body header when body forwarding is enabled", () => {
-    const config: HostConfig & { http_proxy?: { enabled?: boolean; upstream?: string; headers?: Record<string, string>; forwardRequestBody?: boolean } } = makeBodyForwardingConfig();
-    config.http_proxy!.forwardRequestBody = true;
-
-    const request = {
-      hostname: "app.loop",
-      originalUrl: "/api/submit",
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: Buffer.from('{"key":"value"}'),
-    };
-
-    const result = proxy.getUpstreamHeaders(config, request as any);
-    assert.ok("X-Body-Forwarded" in result.upstreamHeaders || "X-Body-Size" in result.upstreamHeaders);
-  });
-
-  it("does not inject body forwarding header when disabled", () => {
-    const config: HostConfig & { http_proxy?: { enabled?: boolean; upstream?: string; headers?: Record<string, string>; forwardRequestBody?: boolean } } = makeBodyForwardingConfig();
-    config.http_proxy!.forwardRequestBody = false;
-
-    const request = {
-      hostname: "app.loop",
-      originalUrl: "/api/submit",
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-    };
-
-    const result = proxy.getUpstreamHeaders(config, request as any);
-    assert.ok(!("X-Body-Forwarded" in result.upstreamHeaders));
-  });
-});
-
-describe("HttpProxyService - Body size validation", () => {
-  const proxy = new HttpProxyService();
-
-  it("limits forwarded body size to configured maximum", () => {
-    const largeBody = Buffer.alloc(10 * 1024 * 1024, "x"); 
-    assert.ok(largeBody.length > 5 * 1024 * 1024);
-    assert.doesNotThrow(() => {
-      const config: HostConfig & { http_proxy?: { enabled?: boolean; upstream?: string; headers?: Record<string, string>; forwardRequestBody?: boolean; maxRequestBodyBytes?: number } } = makeBodyForwardingConfig();
-      config.http_proxy!.forwardRequestBody = true;
-    });
-  });
-});