@push.rocks/smartproxy 10.2.0 → 12.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/common/port80-adapter.d.ts +11 -0
- package/dist_ts/common/port80-adapter.js +61 -0
- package/dist_ts/examples/forwarding-example.d.ts +1 -0
- package/dist_ts/examples/forwarding-example.js +96 -0
- package/dist_ts/index.d.ts +1 -0
- package/dist_ts/index.js +3 -1
- package/dist_ts/smartproxy/classes.pp.connectionhandler.js +179 -30
- package/dist_ts/smartproxy/classes.pp.domainconfigmanager.d.ts +39 -0
- package/dist_ts/smartproxy/classes.pp.domainconfigmanager.js +172 -20
- package/dist_ts/smartproxy/classes.pp.interfaces.d.ts +3 -11
- package/dist_ts/smartproxy/classes.pp.portrangemanager.js +17 -10
- package/dist_ts/smartproxy/classes.pp.securitymanager.d.ts +19 -2
- package/dist_ts/smartproxy/classes.pp.securitymanager.js +27 -4
- package/dist_ts/smartproxy/classes.pp.timeoutmanager.js +3 -3
- package/dist_ts/smartproxy/classes.smartproxy.js +45 -13
- package/dist_ts/smartproxy/forwarding/domain-config.d.ts +12 -0
- package/dist_ts/smartproxy/forwarding/domain-config.js +12 -0
- package/dist_ts/smartproxy/forwarding/domain-manager.d.ts +86 -0
- package/dist_ts/smartproxy/forwarding/domain-manager.js +241 -0
- package/dist_ts/smartproxy/forwarding/forwarding.factory.d.ts +24 -0
- package/dist_ts/smartproxy/forwarding/forwarding.factory.js +137 -0
- package/dist_ts/smartproxy/forwarding/forwarding.handler.d.ts +55 -0
- package/dist_ts/smartproxy/forwarding/forwarding.handler.js +94 -0
- package/dist_ts/smartproxy/forwarding/http.handler.d.ts +25 -0
- package/dist_ts/smartproxy/forwarding/http.handler.js +123 -0
- package/dist_ts/smartproxy/forwarding/https-passthrough.handler.d.ts +24 -0
- package/dist_ts/smartproxy/forwarding/https-passthrough.handler.js +154 -0
- package/dist_ts/smartproxy/forwarding/https-terminate-to-http.handler.d.ts +36 -0
- package/dist_ts/smartproxy/forwarding/https-terminate-to-http.handler.js +229 -0
- package/dist_ts/smartproxy/forwarding/https-terminate-to-https.handler.d.ts +35 -0
- package/dist_ts/smartproxy/forwarding/https-terminate-to-https.handler.js +254 -0
- package/dist_ts/smartproxy/forwarding/index.d.ts +16 -0
- package/dist_ts/smartproxy/forwarding/index.js +23 -0
- package/dist_ts/smartproxy/types/forwarding.types.d.ts +104 -0
- package/dist_ts/smartproxy/types/forwarding.types.js +50 -0
- package/package.json +2 -2
- package/readme.md +158 -8
- package/readme.plan.md +471 -42
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/common/port80-adapter.ts +87 -0
- package/ts/index.ts +3 -0
- package/ts/smartproxy/classes.pp.connectionhandler.ts +231 -44
- package/ts/smartproxy/classes.pp.domainconfigmanager.ts +198 -24
- package/ts/smartproxy/classes.pp.interfaces.ts +3 -11
- package/ts/smartproxy/classes.pp.portrangemanager.ts +17 -10
- package/ts/smartproxy/classes.pp.securitymanager.ts +29 -5
- package/ts/smartproxy/classes.pp.timeoutmanager.ts +3 -3
- package/ts/smartproxy/classes.smartproxy.ts +68 -15
- package/ts/smartproxy/forwarding/domain-config.ts +28 -0
- package/ts/smartproxy/forwarding/domain-manager.ts +283 -0
- package/ts/smartproxy/forwarding/forwarding.factory.ts +155 -0
- package/ts/smartproxy/forwarding/forwarding.handler.ts +127 -0
- package/ts/smartproxy/forwarding/http.handler.ts +140 -0
- package/ts/smartproxy/forwarding/https-passthrough.handler.ts +182 -0
- package/ts/smartproxy/forwarding/https-terminate-to-http.handler.ts +264 -0
- package/ts/smartproxy/forwarding/https-terminate-to-https.handler.ts +292 -0
- package/ts/smartproxy/forwarding/index.ts +52 -0
- package/ts/smartproxy/types/forwarding.types.ts +162 -0
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as plugins from '../plugins.js';
|
|
2
|
+
import { ForwardingHandlerFactory } from './forwarding/forwarding.factory.js';
|
|
2
3
|
/**
|
|
3
4
|
* Manages domain configurations and target selection
|
|
4
5
|
*/
|
|
@@ -7,6 +8,8 @@ export class DomainConfigManager {
|
|
|
7
8
|
this.settings = settings;
|
|
8
9
|
// Track round-robin indices for domain configs
|
|
9
10
|
this.domainTargetIndices = new Map();
|
|
11
|
+
// Cache forwarding handlers for each domain config
|
|
12
|
+
this.forwardingHandlers = new Map();
|
|
10
13
|
}
|
|
11
14
|
/**
|
|
12
15
|
* Updates the domain configurations
|
|
@@ -20,6 +23,29 @@ export class DomainConfigManager {
|
|
|
20
23
|
this.domainTargetIndices.delete(config);
|
|
21
24
|
}
|
|
22
25
|
}
|
|
26
|
+
// Clear handlers for removed configs and create handlers for new configs
|
|
27
|
+
const handlersToRemove = [];
|
|
28
|
+
for (const [config] of this.forwardingHandlers) {
|
|
29
|
+
if (!currentConfigSet.has(config)) {
|
|
30
|
+
handlersToRemove.push(config);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
// Remove handlers that are no longer needed
|
|
34
|
+
for (const config of handlersToRemove) {
|
|
35
|
+
this.forwardingHandlers.delete(config);
|
|
36
|
+
}
|
|
37
|
+
// Create handlers for new configs
|
|
38
|
+
for (const config of newDomainConfigs) {
|
|
39
|
+
if (!this.forwardingHandlers.has(config)) {
|
|
40
|
+
try {
|
|
41
|
+
const handler = this.createForwardingHandler(config);
|
|
42
|
+
this.forwardingHandlers.set(config, handler);
|
|
43
|
+
}
|
|
44
|
+
catch (err) {
|
|
45
|
+
console.log(`Error creating forwarding handler for domain ${config.domains.join(', ')}: ${err}`);
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
23
49
|
}
|
|
24
50
|
/**
|
|
25
51
|
* Get all domain configurations
|
|
@@ -39,9 +65,12 @@ export class DomainConfigManager {
|
|
|
39
65
|
* Find domain config for a specific port
|
|
40
66
|
*/
|
|
41
67
|
findDomainConfigForPort(port) {
|
|
42
|
-
return this.settings.domainConfigs.find((domain) =>
|
|
43
|
-
domain.portRanges
|
|
44
|
-
|
|
68
|
+
return this.settings.domainConfigs.find((domain) => {
|
|
69
|
+
const portRanges = domain.forwarding?.advanced?.portRanges;
|
|
70
|
+
return portRanges &&
|
|
71
|
+
portRanges.length > 0 &&
|
|
72
|
+
this.isPortInRanges(port, portRanges);
|
|
73
|
+
});
|
|
45
74
|
}
|
|
46
75
|
/**
|
|
47
76
|
* Check if a port is within any of the given ranges
|
|
@@ -53,51 +82,174 @@ export class DomainConfigManager {
|
|
|
53
82
|
* Get target IP with round-robin support
|
|
54
83
|
*/
|
|
55
84
|
getTargetIP(domainConfig) {
|
|
56
|
-
|
|
85
|
+
const targetHosts = Array.isArray(domainConfig.forwarding.target.host)
|
|
86
|
+
? domainConfig.forwarding.target.host
|
|
87
|
+
: [domainConfig.forwarding.target.host];
|
|
88
|
+
if (targetHosts.length > 0) {
|
|
57
89
|
const currentIndex = this.domainTargetIndices.get(domainConfig) || 0;
|
|
58
|
-
const ip =
|
|
90
|
+
const ip = targetHosts[currentIndex % targetHosts.length];
|
|
59
91
|
this.domainTargetIndices.set(domainConfig, currentIndex + 1);
|
|
60
92
|
return ip;
|
|
61
93
|
}
|
|
62
94
|
return this.settings.targetIP || 'localhost';
|
|
63
95
|
}
|
|
96
|
+
/**
|
|
97
|
+
* Get target host with round-robin support (for tests)
|
|
98
|
+
* This is just an alias for getTargetIP for easier test compatibility
|
|
99
|
+
*/
|
|
100
|
+
getTargetHost(domainConfig) {
|
|
101
|
+
return this.getTargetIP(domainConfig);
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Get target port from domain config
|
|
105
|
+
*/
|
|
106
|
+
getTargetPort(domainConfig, defaultPort) {
|
|
107
|
+
return domainConfig.forwarding.target.port || defaultPort;
|
|
108
|
+
}
|
|
64
109
|
/**
|
|
65
110
|
* Checks if a domain should use NetworkProxy
|
|
66
111
|
*/
|
|
67
112
|
shouldUseNetworkProxy(domainConfig) {
|
|
68
|
-
|
|
113
|
+
const forwardingType = this.getForwardingType(domainConfig);
|
|
114
|
+
return forwardingType === 'https-terminate-to-http' ||
|
|
115
|
+
forwardingType === 'https-terminate-to-https';
|
|
69
116
|
}
|
|
70
117
|
/**
|
|
71
118
|
* Gets the NetworkProxy port for a domain
|
|
72
119
|
*/
|
|
73
120
|
getNetworkProxyPort(domainConfig) {
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
121
|
+
// First check if we should use NetworkProxy at all
|
|
122
|
+
if (!this.shouldUseNetworkProxy(domainConfig)) {
|
|
123
|
+
return undefined;
|
|
124
|
+
}
|
|
125
|
+
return domainConfig.forwarding.advanced?.networkProxyPort || this.settings.networkProxyPort;
|
|
77
126
|
}
|
|
78
127
|
/**
|
|
79
128
|
* Get effective allowed and blocked IPs for a domain
|
|
129
|
+
*
|
|
130
|
+
* This method combines domain-specific security rules from the forwarding configuration
|
|
131
|
+
* with global security defaults when necessary.
|
|
80
132
|
*/
|
|
81
133
|
getEffectiveIPRules(domainConfig) {
|
|
134
|
+
// Start with empty arrays
|
|
135
|
+
const allowedIPs = [];
|
|
136
|
+
const blockedIPs = [];
|
|
137
|
+
// Add IPs from forwarding security settings if available
|
|
138
|
+
if (domainConfig.forwarding?.security?.allowedIps) {
|
|
139
|
+
allowedIPs.push(...domainConfig.forwarding.security.allowedIps);
|
|
140
|
+
}
|
|
141
|
+
else {
|
|
142
|
+
// If no allowed IPs are specified in forwarding config and global defaults exist, use them
|
|
143
|
+
if (this.settings.defaultAllowedIPs && this.settings.defaultAllowedIPs.length > 0) {
|
|
144
|
+
allowedIPs.push(...this.settings.defaultAllowedIPs);
|
|
145
|
+
}
|
|
146
|
+
else {
|
|
147
|
+
// Default to allow all if no specific rules
|
|
148
|
+
allowedIPs.push('*');
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
// Add blocked IPs from forwarding security settings if available
|
|
152
|
+
if (domainConfig.forwarding?.security?.blockedIps) {
|
|
153
|
+
blockedIPs.push(...domainConfig.forwarding.security.blockedIps);
|
|
154
|
+
}
|
|
155
|
+
// Always add global blocked IPs, even if domain has its own rules
|
|
156
|
+
// This ensures that global blocks take precedence
|
|
157
|
+
if (this.settings.defaultBlockedIPs && this.settings.defaultBlockedIPs.length > 0) {
|
|
158
|
+
// Add only unique IPs that aren't already in the list
|
|
159
|
+
for (const ip of this.settings.defaultBlockedIPs) {
|
|
160
|
+
if (!blockedIPs.includes(ip)) {
|
|
161
|
+
blockedIPs.push(ip);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
82
165
|
return {
|
|
83
|
-
allowedIPs
|
|
84
|
-
|
|
85
|
-
...(this.settings.defaultAllowedIPs || [])
|
|
86
|
-
],
|
|
87
|
-
blockedIPs: [
|
|
88
|
-
...(domainConfig.blockedIPs || []),
|
|
89
|
-
...(this.settings.defaultBlockedIPs || [])
|
|
90
|
-
]
|
|
166
|
+
allowedIPs,
|
|
167
|
+
blockedIPs
|
|
91
168
|
};
|
|
92
169
|
}
|
|
93
170
|
/**
|
|
94
171
|
* Get connection timeout for a domain
|
|
95
172
|
*/
|
|
96
173
|
getConnectionTimeout(domainConfig) {
|
|
97
|
-
if (domainConfig?.
|
|
98
|
-
return domainConfig.
|
|
174
|
+
if (domainConfig?.forwarding.advanced?.timeout) {
|
|
175
|
+
return domainConfig.forwarding.advanced.timeout;
|
|
99
176
|
}
|
|
100
177
|
return this.settings.maxConnectionLifetime || 86400000; // 24 hours default
|
|
101
178
|
}
|
|
179
|
+
/**
|
|
180
|
+
* Creates a forwarding handler for a domain configuration
|
|
181
|
+
*/
|
|
182
|
+
createForwardingHandler(domainConfig) {
|
|
183
|
+
// Create a new handler using the factory
|
|
184
|
+
const handler = ForwardingHandlerFactory.createHandler(domainConfig.forwarding);
|
|
185
|
+
// Initialize the handler
|
|
186
|
+
handler.initialize().catch(err => {
|
|
187
|
+
console.log(`Error initializing forwarding handler for ${domainConfig.domains.join(', ')}: ${err}`);
|
|
188
|
+
});
|
|
189
|
+
return handler;
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Gets a forwarding handler for a domain config
|
|
193
|
+
* If no handler exists, creates one
|
|
194
|
+
*/
|
|
195
|
+
getForwardingHandler(domainConfig) {
|
|
196
|
+
// If we already have a handler, return it
|
|
197
|
+
if (this.forwardingHandlers.has(domainConfig)) {
|
|
198
|
+
return this.forwardingHandlers.get(domainConfig);
|
|
199
|
+
}
|
|
200
|
+
// Otherwise create a new handler
|
|
201
|
+
const handler = this.createForwardingHandler(domainConfig);
|
|
202
|
+
this.forwardingHandlers.set(domainConfig, handler);
|
|
203
|
+
return handler;
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Gets the forwarding type for a domain config
|
|
207
|
+
*/
|
|
208
|
+
getForwardingType(domainConfig) {
|
|
209
|
+
if (!domainConfig?.forwarding)
|
|
210
|
+
return undefined;
|
|
211
|
+
return domainConfig.forwarding.type;
|
|
212
|
+
}
|
|
213
|
+
/**
|
|
214
|
+
* Checks if the forwarding type requires TLS termination
|
|
215
|
+
*/
|
|
216
|
+
requiresTlsTermination(domainConfig) {
|
|
217
|
+
if (!domainConfig)
|
|
218
|
+
return false;
|
|
219
|
+
const forwardingType = this.getForwardingType(domainConfig);
|
|
220
|
+
return forwardingType === 'https-terminate-to-http' ||
|
|
221
|
+
forwardingType === 'https-terminate-to-https';
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Checks if the forwarding type supports HTTP
|
|
225
|
+
*/
|
|
226
|
+
supportsHttp(domainConfig) {
|
|
227
|
+
if (!domainConfig)
|
|
228
|
+
return false;
|
|
229
|
+
const forwardingType = this.getForwardingType(domainConfig);
|
|
230
|
+
// HTTP-only always supports HTTP
|
|
231
|
+
if (forwardingType === 'http-only')
|
|
232
|
+
return true;
|
|
233
|
+
// For termination types, check the HTTP settings
|
|
234
|
+
if (forwardingType === 'https-terminate-to-http' ||
|
|
235
|
+
forwardingType === 'https-terminate-to-https') {
|
|
236
|
+
// HTTP is supported by default for termination types
|
|
237
|
+
return domainConfig.forwarding?.http?.enabled !== false;
|
|
238
|
+
}
|
|
239
|
+
// HTTPS-passthrough doesn't support HTTP
|
|
240
|
+
return false;
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Checks if HTTP requests should be redirected to HTTPS
|
|
244
|
+
*/
|
|
245
|
+
shouldRedirectToHttps(domainConfig) {
|
|
246
|
+
if (!domainConfig?.forwarding)
|
|
247
|
+
return false;
|
|
248
|
+
// Only check for redirect if HTTP is enabled
|
|
249
|
+
if (this.supportsHttp(domainConfig)) {
|
|
250
|
+
return !!domainConfig.forwarding.http?.redirectToHttps;
|
|
251
|
+
}
|
|
252
|
+
return false;
|
|
253
|
+
}
|
|
102
254
|
}
|
|
103
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
255
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5kb21haW5jb25maWdtYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvc21hcnRwcm94eS9jbGFzc2VzLnBwLmRvbWFpbmNvbmZpZ21hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFHekMsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFFOUU7O0dBRUc7QUFDSCxNQUFNLE9BQU8sbUJBQW1CO0lBTzlCLFlBQW9CLFFBQTRCO1FBQTVCLGFBQVEsR0FBUixRQUFRLENBQW9CO1FBTmhELCtDQUErQztRQUN2Qyx3QkFBbUIsR0FBK0IsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUVwRSxtREFBbUQ7UUFDM0MsdUJBQWtCLEdBQTJDLElBQUksR0FBRyxFQUFFLENBQUM7SUFFNUIsQ0FBQztJQUVwRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLGdCQUFpQztRQUMxRCxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsR0FBRyxnQkFBZ0IsQ0FBQztRQUUvQywyQ0FBMkM7UUFDM0MsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ25ELEtBQUssTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2hELElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDbEMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMxQyxDQUFDO1FBQ0gsQ0FBQztRQUVELHlFQUF5RTtRQUN6RSxNQUFNLGdCQUFnQixHQUFvQixFQUFFLENBQUM7UUFDN0MsS0FBSyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDL0MsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUNsQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDaEMsQ0FBQztRQUNILENBQUM7UUFFRCw0Q0FBNEM7UUFDNUMsS0FBSyxNQUFNLE1BQU0sSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3RDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELGtDQUFrQztRQUNsQyxLQUFLLE1BQU0sTUFBTSxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDekMsSUFBSSxDQUFDO29CQUNILE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztvQkFDckQsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7Z0JBQy9DLENBQUM7Z0JBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztvQkFDYixPQUFPLENBQUMsR0FBRyxDQUFDLGdEQUFnRCxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxHQUFHLEVBQUUsQ0FBQyxDQUFDO2dCQUNuRyxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxnQkFBZ0IsQ0FBQyxVQUFrQjtRQUN4QyxJQUFJLENBQUMsVUFBVTtZQUFFLE9BQU8sU0FBUyxDQUFDO1FBRWxDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FDakQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQzdELENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSx1QkFBdUIsQ0FBQyxJQUFZO1FBQ3pDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUNyQyxDQUFDLE1BQU0sRUFBRSxFQUFFO1lBQ1QsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLFVBQVUsRUFBRSxRQUFRLEVBQUUsVUFBVSxDQUFDO1lBQzNELE9BQU8sVUFBVTtnQkFDVixVQUFVLENBQUMsTUFBTSxHQUFHLENBQUM7Z0JBQ3JCLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQy9DLENBQUMsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksY0FBYyxDQUFDLElBQVksRUFBRSxNQUEyQztRQUM3RSxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLElBQUksSUFBSSxLQUFLLENBQUMsSUFBSSxJQUFJLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVEOztPQUVHO0lBQ0ksV0FBVyxDQUFDLFlBQTJCO1FBQzVDLE1BQU0sV0FBVyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO1lBQ3BFLENBQUMsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJO1lBQ3JDLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRTFDLElBQUksV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMzQixNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNyRSxNQUFNLEVBQUUsR0FBRyxXQUFXLENBQUMsWUFBWSxHQUFHLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMxRCxJQUFJLENBQUMsbUJBQW1CLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxZQUFZLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDN0QsT0FBTyxFQUFFLENBQUM7UUFDWixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsSUFBSSxXQUFXLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7T0FHRztJQUNJLGFBQWEsQ0FBQyxZQUEyQjtRQUM5QyxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYSxDQUFDLFlBQTJCLEVBQUUsV0FBbUI7UUFDbkUsT0FBTyxZQUFZLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLElBQUksV0FBVyxDQUFDO0lBQzVELENBQUM7SUFFRDs7T0FFRztJQUNJLHFCQUFxQixDQUFDLFlBQTJCO1FBQ3RELE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM1RCxPQUFPLGNBQWMsS0FBSyx5QkFBeUI7WUFDNUMsY0FBYyxLQUFLLDBCQUEwQixDQUFDO0lBQ3ZELENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLFlBQTJCO1FBQ3BELG1EQUFtRDtRQUNuRCxJQUFJLENBQUMsSUFBSSxDQUFDLHFCQUFxQixDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDOUMsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELE9BQU8sWUFBWSxDQUFDLFVBQVUsQ0FBQyxRQUFRLEVBQUUsZ0JBQWdCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQztJQUM5RixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxtQkFBbUIsQ0FBQyxZQUEyQjtRQUlwRCwwQkFBMEI7UUFDMUIsTUFBTSxVQUFVLEdBQWEsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sVUFBVSxHQUFhLEVBQUUsQ0FBQztRQUVoQyx5REFBeUQ7UUFDekQsSUFBSSxZQUFZLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQztZQUNsRCxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDbEUsQ0FBQzthQUFNLENBQUM7WUFDTiwyRkFBMkY7WUFDM0YsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNsRixVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1lBQ3RELENBQUM7aUJBQU0sQ0FBQztnQkFDTiw0Q0FBNEM7Z0JBQzVDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDdkIsQ0FBQztRQUNILENBQUM7UUFFRCxpRUFBaUU7UUFDakUsSUFBSSxZQUFZLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQztZQUNsRCxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDbEUsQ0FBQztRQUVELGtFQUFrRTtRQUNsRSxrREFBa0Q7UUFDbEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xGLHNEQUFzRDtZQUN0RCxLQUFLLE1BQU0sRUFBRSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDakQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztvQkFDN0IsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDdEIsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTztZQUNMLFVBQVU7WUFDVixVQUFVO1NBQ1gsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNJLG9CQUFvQixDQUFDLFlBQTRCO1FBQ3RELElBQUksWUFBWSxFQUFFLFVBQVUsQ0FBQyxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDL0MsT0FBTyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUM7UUFDbEQsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsSUFBSSxRQUFRLENBQUMsQ0FBQyxtQkFBbUI7SUFDN0UsQ0FBQztJQUVEOztPQUVHO0lBQ0ssdUJBQXVCLENBQUMsWUFBMkI7UUFDekQseUNBQXlDO1FBQ3pDLE1BQU0sT0FBTyxHQUFHLHdCQUF3QixDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFaEYseUJBQXlCO1FBQ3pCLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEVBQUU7WUFDL0IsT0FBTyxDQUFDLEdBQUcsQ0FBQyw2Q0FBNkMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUMsQ0FBQztRQUN0RyxDQUFDLENBQUMsQ0FBQztRQUVILE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7O09BR0c7SUFDSSxvQkFBb0IsQ0FBQyxZQUEyQjtRQUNyRCwwQ0FBMEM7UUFDMUMsSUFBSSxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDOUMsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBRSxDQUFDO1FBQ3BELENBQUM7UUFFRCxpQ0FBaUM7UUFDakMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQzNELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRW5ELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7T0FFRztJQUNJLGlCQUFpQixDQUFDLFlBQTRCO1FBQ25ELElBQUksQ0FBQyxZQUFZLEVBQUUsVUFBVTtZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQ2hELE9BQU8sWUFBWSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUM7SUFDdEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksc0JBQXNCLENBQUMsWUFBNEI7UUFDeEQsSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUVoQyxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDNUQsT0FBTyxjQUFjLEtBQUsseUJBQXlCO1lBQzVDLGNBQWMsS0FBSywwQkFBMEIsQ0FBQztJQUN2RCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxZQUFZLENBQUMsWUFBNEI7UUFDOUMsSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUVoQyxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFNUQsaUNBQWlDO1FBQ2pDLElBQUksY0FBYyxLQUFLLFdBQVc7WUFBRSxPQUFPLElBQUksQ0FBQztRQUVoRCxpREFBaUQ7UUFDakQsSUFBSSxjQUFjLEtBQUsseUJBQXlCO1lBQzVDLGNBQWMsS0FBSywwQkFBMEIsRUFBRSxDQUFDO1lBQ2xELHFEQUFxRDtZQUNyRCxPQUFPLFlBQVksQ0FBQyxVQUFVLEVBQUUsSUFBSSxFQUFFLE9BQU8sS0FBSyxLQUFLLENBQUM7UUFDMUQsQ0FBQztRQUVELHlDQUF5QztRQUN6QyxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7T0FFRztJQUNJLHFCQUFxQixDQUFDLFlBQTRCO1FBQ3ZELElBQUksQ0FBQyxZQUFZLEVBQUUsVUFBVTtZQUFFLE9BQU8sS0FBSyxDQUFDO1FBRTVDLDZDQUE2QztRQUM3QyxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxlQUFlLENBQUM7UUFDekQsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztDQUNGIn0=
|
|
@@ -1,21 +1,13 @@
|
|
|
1
1
|
import * as plugins from '../plugins.js';
|
|
2
|
+
import type { IForwardConfig } from './forwarding/index.js';
|
|
2
3
|
/**
|
|
3
4
|
* Provision object for static or HTTP-01 certificate
|
|
4
5
|
*/
|
|
5
6
|
export type ISmartProxyCertProvisionObject = plugins.tsclass.network.ICert | 'http01';
|
|
6
|
-
/** Domain configuration with
|
|
7
|
+
/** Domain configuration with forwarding configuration */
|
|
7
8
|
export interface IDomainConfig {
|
|
8
9
|
domains: string[];
|
|
9
|
-
|
|
10
|
-
blockedIPs?: string[];
|
|
11
|
-
targetIPs?: string[];
|
|
12
|
-
portRanges?: Array<{
|
|
13
|
-
from: number;
|
|
14
|
-
to: number;
|
|
15
|
-
}>;
|
|
16
|
-
connectionTimeout?: number;
|
|
17
|
-
useNetworkProxy?: boolean;
|
|
18
|
-
networkProxyPort?: number;
|
|
10
|
+
forwarding: IForwardConfig;
|
|
19
11
|
}
|
|
20
12
|
/** Port proxy settings including global allowed port ranges */
|
|
21
13
|
import type { IAcmeOptions } from '../common/types.js';
|
|
@@ -66,8 +66,10 @@ export class PortRangeManager {
|
|
|
66
66
|
findDomainPortRange(port) {
|
|
67
67
|
for (let i = 0; i < this.settings.domainConfigs.length; i++) {
|
|
68
68
|
const domain = this.settings.domainConfigs[i];
|
|
69
|
-
|
|
70
|
-
|
|
69
|
+
// Get port ranges from forwarding.advanced if available
|
|
70
|
+
const portRanges = domain.forwarding?.advanced?.portRanges;
|
|
71
|
+
if (portRanges && portRanges.length > 0) {
|
|
72
|
+
for (const range of portRanges) {
|
|
71
73
|
if (port >= range.from && port <= range.to) {
|
|
72
74
|
return { domainIndex: i, range };
|
|
73
75
|
}
|
|
@@ -104,16 +106,19 @@ export class PortRangeManager {
|
|
|
104
106
|
}
|
|
105
107
|
// Add domain-specific port ranges
|
|
106
108
|
for (const domain of this.settings.domainConfigs) {
|
|
107
|
-
|
|
108
|
-
|
|
109
|
+
// Get port ranges from forwarding.advanced
|
|
110
|
+
const portRanges = domain.forwarding?.advanced?.portRanges;
|
|
111
|
+
if (portRanges && portRanges.length > 0) {
|
|
112
|
+
for (const range of portRanges) {
|
|
109
113
|
for (let port = range.from; port <= range.to; port++) {
|
|
110
114
|
ports.add(port);
|
|
111
115
|
}
|
|
112
116
|
}
|
|
113
117
|
}
|
|
114
|
-
// Add domain-specific NetworkProxy port if configured
|
|
115
|
-
|
|
116
|
-
|
|
118
|
+
// Add domain-specific NetworkProxy port if configured in forwarding.advanced
|
|
119
|
+
const networkProxyPort = domain.forwarding?.advanced?.networkProxyPort;
|
|
120
|
+
if (networkProxyPort) {
|
|
121
|
+
ports.add(networkProxyPort);
|
|
117
122
|
}
|
|
118
123
|
}
|
|
119
124
|
return Array.from(ports);
|
|
@@ -139,8 +144,10 @@ export class PortRangeManager {
|
|
|
139
144
|
}
|
|
140
145
|
// Track domain-specific port ranges
|
|
141
146
|
for (const domain of this.settings.domainConfigs) {
|
|
142
|
-
|
|
143
|
-
|
|
147
|
+
// Get port ranges from forwarding.advanced
|
|
148
|
+
const portRanges = domain.forwarding?.advanced?.portRanges;
|
|
149
|
+
if (portRanges && portRanges.length > 0) {
|
|
150
|
+
for (const range of portRanges) {
|
|
144
151
|
for (let port = range.from; port <= range.to; port++) {
|
|
145
152
|
if (!portMappings.has(port)) {
|
|
146
153
|
portMappings.set(port, []);
|
|
@@ -166,4 +173,4 @@ export class PortRangeManager {
|
|
|
166
173
|
return warnings;
|
|
167
174
|
}
|
|
168
175
|
}
|
|
169
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
176
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5wb3J0cmFuZ2VtYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvc21hcnRwcm94eS9jbGFzc2VzLnBwLnBvcnRyYW5nZW1hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUE7O0dBRUc7QUFDSCxNQUFNLE9BQU8sZ0JBQWdCO0lBQzNCLFlBQW9CLFFBQTRCO1FBQTVCLGFBQVEsR0FBUixRQUFRLENBQW9CO0lBQUcsQ0FBQztJQUVwRDs7T0FFRztJQUNJLGlCQUFpQjtRQUN0QixNQUFNLGNBQWMsR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBRXpDLG1DQUFtQztRQUNuQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFM0MsK0NBQStDO1FBQy9DLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNoRixLQUFLLE1BQU0sS0FBSyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkQsS0FBSyxJQUFJLElBQUksR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFLENBQUM7b0JBQ3JELGNBQWMsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQzNCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sY0FBYyxDQUFDO0lBQ3hCLENBQUM7SUFFRDs7T0FFRztJQUNJLHFCQUFxQixDQUFDLElBQVk7UUFDdkMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxlQUFlLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3pGLENBQUM7SUFFRDs7T0FFRztJQUNJLHlCQUF5QixDQUFDLElBQVk7UUFDM0MsT0FBTyxDQUNMLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLHNCQUFzQjtZQUN0QyxJQUFJLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQ2hDLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxvQkFBb0IsQ0FBQyxJQUFZO1FBQ3RDLE9BQU8sQ0FDTCxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQjtZQUM5QixJQUFJLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLENBQzFELENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxjQUFjLENBQUMsSUFBWSxFQUFFLE1BQTJDO1FBQzdFLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxJQUFJLElBQUksSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN4RSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksaUJBQWlCLENBQUMsYUFBcUI7UUFDNUMsMkRBQTJEO1FBQzNELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsSUFBSSxJQUFJLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQztZQUNyRixPQUFPLGFBQWEsQ0FBQztRQUN2QixDQUFDO1FBRUQsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7SUFDOUIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksbUJBQW1CLENBQUMsSUFBWTtRQUlyQyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDNUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDOUMsd0RBQXdEO1lBQ3hELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxVQUFVLEVBQUUsUUFBUSxFQUFFLFVBQVUsQ0FBQztZQUMzRCxJQUFJLFVBQVUsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN4QyxLQUFLLE1BQU0sS0FBSyxJQUFJLFVBQVUsRUFBRSxDQUFDO29CQUMvQixJQUFJLElBQUksSUFBSSxLQUFLLENBQUMsSUFBSSxJQUFJLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFLENBQUM7d0JBQzNDLE9BQU8sRUFBRSxXQUFXLEVBQUUsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDO29CQUNuQyxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFRDs7O09BR0c7SUFDSSxxQkFBcUI7UUFDMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBQVUsQ0FBQztRQUVoQywwQkFBMEI7UUFDMUIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRWxDLHNDQUFzQztRQUN0QyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUM1QyxDQUFDO1FBRUQseUJBQXlCO1FBQ3pCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUNsQyxLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxFQUFFLENBQUM7Z0JBQ2pELEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDbEIsQ0FBQztRQUNILENBQUM7UUFHRCx5QkFBeUI7UUFDekIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDbkMsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLENBQUM7Z0JBQ25ELEtBQUssSUFBSSxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksRUFBRSxJQUFJLElBQUksS0FBSyxDQUFDLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFBRSxDQUFDO29CQUNyRCxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUNsQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxrQ0FBa0M7UUFDbEMsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pELDJDQUEyQztZQUMzQyxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxVQUFVLENBQUM7WUFDM0QsSUFBSSxVQUFVLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDeEMsS0FBSyxNQUFNLEtBQUssSUFBSSxVQUFVLEVBQUUsQ0FBQztvQkFDL0IsS0FBSyxJQUFJLElBQUksR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFLENBQUM7d0JBQ3JELEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ2xCLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7WUFFRCw2RUFBNkU7WUFDN0UsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQztZQUN2RSxJQUFJLGdCQUFnQixFQUFFLENBQUM7Z0JBQ3JCLEtBQUssQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztZQUM5QixDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUMzQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0kscUJBQXFCO1FBQzFCLE1BQU0sUUFBUSxHQUFhLEVBQUUsQ0FBQztRQUU5QixvQ0FBb0M7UUFDcEMsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLEVBQW9CLENBQUM7UUFFakQsMkJBQTJCO1FBQzNCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ25DLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO2dCQUNuRCxLQUFLLElBQUksSUFBSSxHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQztvQkFDckQsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQzt3QkFDNUIsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQzdCLENBQUM7b0JBQ0QsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUUsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztnQkFDcEQsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNqRCwyQ0FBMkM7WUFDM0MsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLFVBQVUsRUFBRSxRQUFRLEVBQUUsVUFBVSxDQUFDO1lBQzNELElBQUksVUFBVSxJQUFJLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hDLEtBQUssTUFBTSxLQUFLLElBQUksVUFBVSxFQUFFLENBQUM7b0JBQy9CLEtBQUssSUFBSSxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksRUFBRSxJQUFJLElBQUksS0FBSyxDQUFDLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFBRSxDQUFDO3dCQUNyRCxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDOzRCQUM1QixZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQzt3QkFDN0IsQ0FBQzt3QkFDRCxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBRSxDQUFDLElBQUksQ0FBQyxXQUFXLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztvQkFDdkUsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCx5Q0FBeUM7UUFDekMsS0FBSyxNQUFNLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxJQUFJLFlBQVksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQ3RELElBQUksUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDeEIsUUFBUSxDQUFDLElBQUksQ0FBQyxRQUFRLElBQUksMkJBQTJCLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzlFLENBQUM7UUFDSCxDQUFDO1FBRUQseUNBQXlDO1FBQ3pDLElBQUksWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDckcsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLDhCQUE4QixDQUFDLENBQUM7UUFDN0YsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsSUFBSSxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO1lBQ3ZGLFFBQVEsQ0FBQyxJQUFJLENBQUMscUJBQXFCLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLDhCQUE4QixDQUFDLENBQUM7UUFDbkcsQ0FBQztRQUdELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7Q0FDRiJ9
|
|
@@ -25,11 +25,28 @@ export declare class SecurityManager {
|
|
|
25
25
|
*/
|
|
26
26
|
removeConnectionByIP(ip: string, connectionId: string): void;
|
|
27
27
|
/**
|
|
28
|
-
* Check if an IP is
|
|
28
|
+
* Check if an IP is authorized using forwarding security rules
|
|
29
|
+
*
|
|
30
|
+
* This method is used to determine if an IP is allowed to connect, based on security
|
|
31
|
+
* rules configured in the forwarding configuration. The allowed and blocked IPs are
|
|
32
|
+
* typically derived from domain.forwarding.security.allowedIps and blockedIps through
|
|
33
|
+
* DomainConfigManager.getEffectiveIPRules().
|
|
34
|
+
*
|
|
35
|
+
* @param ip - The IP address to check
|
|
36
|
+
* @param allowedIPs - Array of allowed IP patterns from forwarding.security.allowedIps
|
|
37
|
+
* @param blockedIPs - Array of blocked IP patterns from forwarding.security.blockedIps
|
|
38
|
+
* @returns true if IP is authorized, false if blocked
|
|
29
39
|
*/
|
|
30
40
|
isIPAuthorized(ip: string, allowedIPs: string[], blockedIPs?: string[]): boolean;
|
|
31
41
|
/**
|
|
32
|
-
* Check if the IP matches any of the glob patterns
|
|
42
|
+
* Check if the IP matches any of the glob patterns from security configuration
|
|
43
|
+
*
|
|
44
|
+
* This method checks IP addresses against glob patterns and handles IPv4/IPv6 normalization.
|
|
45
|
+
* It's used to implement IP filtering based on the forwarding.security configuration.
|
|
46
|
+
*
|
|
47
|
+
* @param ip - The IP address to check
|
|
48
|
+
* @param patterns - Array of glob patterns from forwarding.security.allowedIps or blockedIps
|
|
49
|
+
* @returns true if IP matches any pattern, false otherwise
|
|
33
50
|
*/
|
|
34
51
|
private isGlobIPMatch;
|
|
35
52
|
/**
|
|
@@ -54,14 +54,24 @@ export class SecurityManager {
|
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
56
|
/**
|
|
57
|
-
* Check if an IP is
|
|
57
|
+
* Check if an IP is authorized using forwarding security rules
|
|
58
|
+
*
|
|
59
|
+
* This method is used to determine if an IP is allowed to connect, based on security
|
|
60
|
+
* rules configured in the forwarding configuration. The allowed and blocked IPs are
|
|
61
|
+
* typically derived from domain.forwarding.security.allowedIps and blockedIps through
|
|
62
|
+
* DomainConfigManager.getEffectiveIPRules().
|
|
63
|
+
*
|
|
64
|
+
* @param ip - The IP address to check
|
|
65
|
+
* @param allowedIPs - Array of allowed IP patterns from forwarding.security.allowedIps
|
|
66
|
+
* @param blockedIPs - Array of blocked IP patterns from forwarding.security.blockedIps
|
|
67
|
+
* @returns true if IP is authorized, false if blocked
|
|
58
68
|
*/
|
|
59
69
|
isIPAuthorized(ip, allowedIPs, blockedIPs = []) {
|
|
60
70
|
// Skip IP validation if allowedIPs is empty
|
|
61
71
|
if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) {
|
|
62
72
|
return true;
|
|
63
73
|
}
|
|
64
|
-
// First check if IP is blocked
|
|
74
|
+
// First check if IP is blocked - blocked IPs take precedence
|
|
65
75
|
if (blockedIPs.length > 0 && this.isGlobIPMatch(ip, blockedIPs)) {
|
|
66
76
|
return false;
|
|
67
77
|
}
|
|
@@ -69,27 +79,40 @@ export class SecurityManager {
|
|
|
69
79
|
return this.isGlobIPMatch(ip, allowedIPs);
|
|
70
80
|
}
|
|
71
81
|
/**
|
|
72
|
-
* Check if the IP matches any of the glob patterns
|
|
82
|
+
* Check if the IP matches any of the glob patterns from security configuration
|
|
83
|
+
*
|
|
84
|
+
* This method checks IP addresses against glob patterns and handles IPv4/IPv6 normalization.
|
|
85
|
+
* It's used to implement IP filtering based on the forwarding.security configuration.
|
|
86
|
+
*
|
|
87
|
+
* @param ip - The IP address to check
|
|
88
|
+
* @param patterns - Array of glob patterns from forwarding.security.allowedIps or blockedIps
|
|
89
|
+
* @returns true if IP matches any pattern, false otherwise
|
|
73
90
|
*/
|
|
74
91
|
isGlobIPMatch(ip, patterns) {
|
|
75
92
|
if (!ip || !patterns || patterns.length === 0)
|
|
76
93
|
return false;
|
|
94
|
+
// Handle IPv4/IPv6 normalization for proper matching
|
|
77
95
|
const normalizeIP = (ip) => {
|
|
78
96
|
if (!ip)
|
|
79
97
|
return [];
|
|
98
|
+
// Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
|
|
80
99
|
if (ip.startsWith('::ffff:')) {
|
|
81
100
|
const ipv4 = ip.slice(7);
|
|
82
101
|
return [ip, ipv4];
|
|
83
102
|
}
|
|
103
|
+
// Handle IPv4 addresses by also checking IPv4-mapped form
|
|
84
104
|
if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
|
|
85
105
|
return [ip, `::ffff:${ip}`];
|
|
86
106
|
}
|
|
87
107
|
return [ip];
|
|
88
108
|
};
|
|
109
|
+
// Normalize the IP being checked
|
|
89
110
|
const normalizedIPVariants = normalizeIP(ip);
|
|
90
111
|
if (normalizedIPVariants.length === 0)
|
|
91
112
|
return false;
|
|
113
|
+
// Normalize the pattern IPs for consistent comparison
|
|
92
114
|
const expandedPatterns = patterns.flatMap(normalizeIP);
|
|
115
|
+
// Check for any match between normalized IP variants and patterns
|
|
93
116
|
return normalizedIPVariants.some((ipVariant) => expandedPatterns.some((pattern) => plugins.minimatch(ipVariant, pattern)));
|
|
94
117
|
}
|
|
95
118
|
/**
|
|
@@ -123,4 +146,4 @@ export class SecurityManager {
|
|
|
123
146
|
this.connectionRateByIP.clear();
|
|
124
147
|
}
|
|
125
148
|
}
|
|
126
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
149
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5zZWN1cml0eW1hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9zbWFydHByb3h5L2NsYXNzZXMucHAuc2VjdXJpdHltYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDO0FBR3pDOztHQUVHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFJMUIsWUFBb0IsUUFBNEI7UUFBNUIsYUFBUSxHQUFSLFFBQVEsQ0FBb0I7UUFIeEMsb0JBQWUsR0FBNkIsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUN0RCx1QkFBa0IsR0FBMEIsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUVYLENBQUM7SUFFcEQ7O09BRUc7SUFDSSxzQkFBc0IsQ0FBQyxFQUFVO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUUsSUFBSSxJQUFJLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVTtRQUNuQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUV6QixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ3JDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztZQUN2QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCw0REFBNEQ7UUFDNUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEdBQUcsR0FBRyxJQUFJLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFDMUYsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNyQixJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxVQUFVLENBQUMsQ0FBQztRQUU1Qyw4QkFBOEI7UUFDOUIsT0FBTyxVQUFVLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsNEJBQTZCLENBQUM7SUFDMUUsQ0FBQztJQUVEOztPQUVHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3pELElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2xDLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDMUMsQ0FBQztRQUNELElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxvQkFBb0IsQ0FBQyxFQUFVLEVBQUUsWUFBb0I7UUFDMUQsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDO1lBQ2xELFdBQVcsQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDakMsSUFBSSxXQUFXLENBQUMsSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMzQixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNsQyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSSxjQUFjLENBQUMsRUFBVSxFQUFFLFVBQW9CLEVBQUUsYUFBdUIsRUFBRTtRQUMvRSw0Q0FBNEM7UUFDNUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUNoRSxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCw2REFBNkQ7UUFDN0QsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsRUFBRSxVQUFVLENBQUMsRUFBRSxDQUFDO1lBQ2hFLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELDhCQUE4QjtRQUM5QixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSyxhQUFhLENBQUMsRUFBVSxFQUFFLFFBQWtCO1FBQ2xELElBQUksQ0FBQyxFQUFFLElBQUksQ0FBQyxRQUFRLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFNUQscURBQXFEO1FBQ3JELE1BQU0sV0FBVyxHQUFHLENBQUMsRUFBVSxFQUFZLEVBQUU7WUFDM0MsSUFBSSxDQUFDLEVBQUU7Z0JBQUUsT0FBTyxFQUFFLENBQUM7WUFDbkIsdURBQXVEO1lBQ3ZELElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLElBQUksR0FBRyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUN6QixPQUFPLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ3BCLENBQUM7WUFDRCwwREFBMEQ7WUFDMUQsSUFBSSx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztnQkFDdkMsT0FBTyxDQUFDLEVBQUUsRUFBRSxVQUFVLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDOUIsQ0FBQztZQUNELE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNkLENBQUMsQ0FBQztRQUVGLGlDQUFpQztRQUNqQyxNQUFNLG9CQUFvQixHQUFHLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM3QyxJQUFJLG9CQUFvQixDQUFDLE1BQU0sS0FBSyxDQUFDO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFcEQsc0RBQXNEO1FBQ3RELE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUV2RCxrRUFBa0U7UUFDbEUsT0FBTyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUM3QyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQzFFLENBQUM7SUFDSixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksVUFBVSxDQUFDLEVBQVU7UUFDMUIsK0JBQStCO1FBQy9CLElBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUI7WUFDakMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsbUJBQW1CLEVBQ3BFLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwrQkFBK0IsSUFBSSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsWUFBWTthQUNyRixDQUFDO1FBQ0osQ0FBQztRQUVELDhCQUE4QjtRQUM5QixJQUNFLElBQUksQ0FBQyxRQUFRLENBQUMsNEJBQTRCO1lBQzFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQyxFQUM3QixDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsMEJBQTBCLElBQUksQ0FBQyxRQUFRLENBQUMsNEJBQTRCLGdCQUFnQjthQUM3RixDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVEOztPQUVHO0lBQ0ksZUFBZTtRQUNwQixJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUNsQyxDQUFDO0NBQ0YifQ==
|
|
@@ -50,8 +50,8 @@ export class TimeoutManager {
|
|
|
50
50
|
* Calculate effective max lifetime based on connection type
|
|
51
51
|
*/
|
|
52
52
|
getEffectiveMaxLifetime(record) {
|
|
53
|
-
// Use domain-specific timeout if available
|
|
54
|
-
const baseTimeout = record.domainConfig?.
|
|
53
|
+
// Use domain-specific timeout from forwarding.advanced if available
|
|
54
|
+
const baseTimeout = record.domainConfig?.forwarding?.advanced?.timeout ||
|
|
55
55
|
this.settings.maxConnectionLifetime ||
|
|
56
56
|
86400000; // 24 hours default
|
|
57
57
|
// For immortal keep-alive connections, use an extremely long lifetime
|
|
@@ -151,4 +151,4 @@ export class TimeoutManager {
|
|
|
151
151
|
}
|
|
152
152
|
}
|
|
153
153
|
}
|
|
154
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
154
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC50aW1lb3V0bWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzL3NtYXJ0cHJveHkvY2xhc3Nlcy5wcC50aW1lb3V0bWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQTs7R0FFRztBQUNILE1BQU0sT0FBTyxjQUFjO0lBQ3pCLFlBQW9CLFFBQTRCO1FBQTVCLGFBQVEsR0FBUixRQUFRLENBQW9CO0lBQUcsQ0FBQztJQUVwRDs7T0FFRztJQUNJLGlCQUFpQixDQUFDLE9BQWU7UUFDdEMsTUFBTSxnQkFBZ0IsR0FBRyxVQUFVLENBQUMsQ0FBQyxnQ0FBZ0M7UUFDckUsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxnQkFBZ0IsQ0FBQyxXQUFtQixFQUFFLG1CQUEyQixDQUFDO1FBQ3ZFLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM1RCxNQUFNLFNBQVMsR0FBRyxlQUFlLEdBQUcsQ0FBQyxnQkFBZ0IsR0FBRyxHQUFHLENBQUMsQ0FBQztRQUM3RCxPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FDM0IsZUFBZSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLFNBQVMsR0FBRyxDQUFDLENBQUMsR0FBRyxTQUFTLENBQ3hFLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxjQUFjLENBQUMsTUFBeUI7UUFDN0MsTUFBTSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFakMsK0JBQStCO1FBQy9CLElBQUksTUFBTSxDQUFDLHVCQUF1QixFQUFFLENBQUM7WUFDbkMsTUFBTSxDQUFDLHVCQUF1QixHQUFHLEtBQUssQ0FBQztRQUN6QyxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ksNkJBQTZCLENBQUMsTUFBeUI7UUFDNUQsSUFBSSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixJQUFJLFFBQVEsQ0FBQyxDQUFDLGtCQUFrQjtRQUV0RixxRUFBcUU7UUFDckUsSUFBSSxNQUFNLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssVUFBVSxFQUFFLENBQUM7WUFDM0UsT0FBTyxNQUFNLENBQUMsZ0JBQWdCLENBQUM7UUFDakMsQ0FBQztRQUVELHdEQUF3RDtRQUN4RCxJQUFJLE1BQU0sQ0FBQyxZQUFZLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUMzRSxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLDZCQUE2QixJQUFJLENBQUMsQ0FBQztZQUNwRSxnQkFBZ0IsR0FBRyxnQkFBZ0IsR0FBRyxVQUFVLENBQUM7UUFDbkQsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGdCQUFnQixDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksdUJBQXVCLENBQUMsTUFBeUI7UUFDdEQsb0VBQW9FO1FBQ3BFLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxZQUFZLEVBQUUsVUFBVSxFQUFFLFFBQVEsRUFBRSxPQUFPO1lBQ2xELElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCO1lBQ25DLFFBQVEsQ0FBQyxDQUFDLG1CQUFtQjtRQUVqRCxzRUFBc0U7UUFDdEUsSUFBSSxNQUFNLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssVUFBVSxFQUFFLENBQUM7WUFDM0UsT0FBTyxNQUFNLENBQUMsZ0JBQWdCLENBQUM7UUFDakMsQ0FBQztRQUVELHlFQUF5RTtRQUN6RSxJQUFJLE1BQU0sQ0FBQyxZQUFZLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUMzRSxPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FDM0IsSUFBSSxDQUFDLFFBQVEsQ0FBQyx5QkFBeUIsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLGlCQUFpQjthQUNyRixDQUFDO1FBQ0osQ0FBQztRQUVELGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUMzQyxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM1QyxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7T0FHRztJQUNJLHNCQUFzQixDQUMzQixNQUF5QixFQUN6QixTQUE4RDtRQUU5RCwyQkFBMkI7UUFDM0IsSUFBSSxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDeEIsWUFBWSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUNwQyxDQUFDO1FBRUQsOEJBQThCO1FBQzlCLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRS9ELHFCQUFxQjtRQUNyQixNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsR0FBRyxFQUFFO1lBQzVCLDZCQUE2QjtZQUM3QixTQUFTLENBQUMsTUFBTSxFQUFFLG9CQUFvQixDQUFDLENBQUM7UUFDMUMsQ0FBQyxFQUFFLGlCQUFpQixDQUFDLENBQUM7UUFFdEIsbURBQW1EO1FBQ25ELElBQUksS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2hCLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoQixDQUFDO1FBRUQsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksZUFBZSxDQUFDLE1BQXlCO1FBTTlDLHNEQUFzRDtRQUN0RCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztZQUN6QyxPQUFPO2dCQUNMLFVBQVUsRUFBRSxLQUFLO2dCQUNqQixVQUFVLEVBQUUsS0FBSztnQkFDakIsY0FBYyxFQUFFLENBQUM7Z0JBQ2pCLGdCQUFnQixFQUFFLENBQUM7YUFDcEIsQ0FBQztRQUNKLENBQUM7UUFFRCwyQ0FBMkM7UUFDM0MsSUFBSSxNQUFNLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssVUFBVSxFQUFFLENBQUM7WUFDM0UsT0FBTztnQkFDTCxVQUFVLEVBQUUsS0FBSztnQkFDakIsVUFBVSxFQUFFLEtBQUs7Z0JBQ2pCLGNBQWMsRUFBRSxDQUFDO2dCQUNqQixnQkFBZ0IsRUFBRSxDQUFDO2FBQ3BCLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sY0FBYyxHQUFHLEdBQUcsR0FBRyxNQUFNLENBQUMsWUFBWSxDQUFDO1FBQ2pELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLDZCQUE2QixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXBFLG9CQUFvQjtRQUNwQixNQUFNLFVBQVUsR0FBRyxjQUFjLEdBQUcsZ0JBQWdCLENBQUM7UUFFckQsbURBQW1EO1FBQ25ELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxZQUFZO1lBQ25CLFVBQVU7WUFDVixDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQztRQUVuRCxPQUFPO1lBQ0wsVUFBVTtZQUNWLFVBQVU7WUFDVixjQUFjO1lBQ2QsZ0JBQWdCO1NBQ2pCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxtQkFBbUIsQ0FBQyxNQUF5QjtRQUNsRCwyQ0FBMkM7UUFDM0MsSUFBSSxNQUFNLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLEtBQUssVUFBVSxFQUFFLENBQUM7WUFDM0UsdURBQXVEO1lBQ3ZELE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzlCLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO2dCQUNwQixNQUFNLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoQyxDQUFDO1lBQ0QsT0FBTztRQUNULENBQUM7UUFFRCx3QkFBd0I7UUFDeEIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxJQUFJLE9BQU8sQ0FBQyxDQUFDLENBQUMsaUJBQWlCO1FBQ2pHLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3BDLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3BCLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RDLENBQUM7SUFDSCxDQUFDO0NBQ0YifQ==
|