@opensecurity/zonzon-core 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/http-handler.js +2 -2
  2. package/dist/schema.js +2 -0
  3. package/dist/sni-proxy.js +5 -5
  4. package/dist/types.d.ts +2 -0
  5. package/package.json +1 -1
package/dist/http-handler.js CHANGED
@@ -58,11 +58,11 @@ export class HttpHandler {
58
58
  server = null;
59
59
  circuitBreakers = new Map();
60
60
  activeConnections = new Set();
61
- constructor(dnsServer, config, port = 80) {
61
+ constructor(dnsServer, config, port) {
62
62
  this.dnsServer = dnsServer;
63
63
  this.proxyService = new HttpProxyService();
64
- this.port = port;
65
64
  this.config = config;
65
+ this.port = config.httpPort ?? port ?? 80;
66
66
  }
67
67
  getCircuitBreaker(upstream) {
68
68
  if (!this.circuitBreakers.has(upstream)) {
package/dist/schema.js CHANGED
@@ -63,6 +63,8 @@ const ControlPlaneSchema = z.object({
63
63
  });
64
64
  const ServerConfigSchema = z.object({
65
65
  port: z.coerce.number().int().min(1).max(65535).default(53),
66
+ httpPort: z.coerce.number().int().min(1).max(65535).optional(),
67
+ httpsPort: z.coerce.number().int().min(1).max(65535).optional(),
66
68
  fallbackDns: Ipv4Schema.optional(),
67
69
  firewall: FirewallSchema.optional(),
68
70
  controlPlane: ControlPlaneSchema.optional(),
package/dist/sni-proxy.js CHANGED
@@ -7,9 +7,9 @@ export class SniProxyService {
7
7
  config;
8
8
  server = null;
9
9
  activeConnections = new Set();
10
- constructor(config, port = 443) {
10
+ constructor(config, port) {
11
11
  this.config = config;
12
- this.port = port;
12
+ this.port = config.httpsPort ?? port ?? 443;
13
13
  }
14
14
  extractSNI(data) {
15
15
  try {
@@ -73,7 +73,7 @@ export class SniProxyService {
73
73
  isHandled = true;
74
74
  const sni = this.extractSNI(buffer);
75
75
  if (!sni) {
76
- audit.http(clientIp, "TLS", "UNKNOWN", ":443", 400, "Dropped: No SNI detected");
76
+ audit.http(clientIp, "TLS", "UNKNOWN", `:${this.port}`, 400, "Dropped: No SNI detected");
77
77
  clientSocket.destroy();
78
78
  return;
79
79
  }
@@ -90,7 +90,7 @@ export class SniProxyService {
90
90
  if (firewallEngine.evaluateIp(targetIp, this.config.firewall) === "DENY") {
91
91
  throw new Error(`Target IP ${targetIp} blocked by Firewall policy`);
92
92
  }
93
- audit.http(clientIp, "TLS-SNI", sni, ":443", 200, `Tunneled to ${targetIp}`);
93
+ audit.http(clientIp, "TLS-SNI", sni, `:${this.port}`, 200, `Tunneled to ${targetIp}`);
94
94
  const srvSocket = net.connect(443, targetIp, () => {
95
95
  srvSocket.write(buffer);
96
96
  clientSocket.pipe(srvSocket);
@@ -105,7 +105,7 @@ export class SniProxyService {
105
105
  });
106
106
  }
107
107
  catch (err) {
108
- audit.http(clientIp, "TLS-SNI", sni, ":443", 403, `Blocked: ${err.message}`);
108
+ audit.http(clientIp, "TLS-SNI", sni, `:${this.port}`, 403, `Blocked: ${err.message}`);
109
109
  clientSocket.destroy();
110
110
  }
111
111
  });
package/dist/types.d.ts CHANGED
@@ -68,6 +68,8 @@ export interface ControlPlaneConfig {
68
68
  }
69
69
  export interface ServerConfig {
70
70
  port: number;
71
+ httpPort?: number;
72
+ httpsPort?: number;
71
73
  fallbackDns?: string;
72
74
  firewall?: FirewallConfig;
73
75
  controlPlane?: ControlPlaneConfig;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@opensecurity/zonzon-core",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "description": "core routing, dns, and firewall engine",
5
5
  "type": "module",
6
6
  "author": "Lucian BLETAN <neuraluc@gmail.com>",