@push.rocks/smartproxy 11.0.0 → 13.1.2

package/dist_ts/proxies/smart-proxy/domain-config-manager.js

@@ -0,0 +1,255 @@
+import * as plugins from '../../plugins.js';
+import { ForwardingHandlerFactory } from '../../forwarding/factory/forwarding-factory.js';
+/**
+ * Manages domain configurations and target selection
+ */
+export class DomainConfigManager {
+    constructor(settings) {
+        this.settings = settings;
+        // Track round-robin indices for domain configs
+        this.domainTargetIndices = new Map();
+        // Cache forwarding handlers for each domain config
+        this.forwardingHandlers = new Map();
+    }
+    /**
+     * Updates the domain configurations
+     */
+    updateDomainConfigs(newDomainConfigs) {
+        this.settings.domainConfigs = newDomainConfigs;
+        // Reset target indices for removed configs
+        const currentConfigSet = new Set(newDomainConfigs);
+        for (const [config] of this.domainTargetIndices) {
+            if (!currentConfigSet.has(config)) {
+                this.domainTargetIndices.delete(config);
+            }
+        }
+        // Clear handlers for removed configs and create handlers for new configs
+        const handlersToRemove = [];
+        for (const [config] of this.forwardingHandlers) {
+            if (!currentConfigSet.has(config)) {
+                handlersToRemove.push(config);
+            }
+        }
+        // Remove handlers that are no longer needed
+        for (const config of handlersToRemove) {
+            this.forwardingHandlers.delete(config);
+        }
+        // Create handlers for new configs
+        for (const config of newDomainConfigs) {
+            if (!this.forwardingHandlers.has(config)) {
+                try {
+                    const handler = this.createForwardingHandler(config);
+                    this.forwardingHandlers.set(config, handler);
+                }
+                catch (err) {
+                    console.log(`Error creating forwarding handler for domain ${config.domains.join(', ')}: ${err}`);
+                }
+            }
+        }
+    }
+    /**
+     * Get all domain configurations
+     */
+    getDomainConfigs() {
+        return this.settings.domainConfigs;
+    }
+    /**
+     * Find domain config matching a server name
+     */
+    findDomainConfig(serverName) {
+        if (!serverName)
+            return undefined;
+        return this.settings.domainConfigs.find((config) => config.domains.some((d) => plugins.minimatch(serverName, d)));
+    }
+    /**
+     * Find domain config for a specific port
+     */
+    findDomainConfigForPort(port) {
+        return this.settings.domainConfigs.find((domain) => {
+            const portRanges = domain.forwarding?.advanced?.portRanges;
+            return portRanges &&
+                portRanges.length > 0 &&
+                this.isPortInRanges(port, portRanges);
+        });
+    }
+    /**
+     * Check if a port is within any of the given ranges
+     */
+    isPortInRanges(port, ranges) {
+        return ranges.some((range) => port >= range.from && port <= range.to);
+    }
+    /**
+     * Get target IP with round-robin support
+     */
+    getTargetIP(domainConfig) {
+        const targetHosts = Array.isArray(domainConfig.forwarding.target.host)
+            ? domainConfig.forwarding.target.host
+            : [domainConfig.forwarding.target.host];
+        if (targetHosts.length > 0) {
+            const currentIndex = this.domainTargetIndices.get(domainConfig) || 0;
+            const ip = targetHosts[currentIndex % targetHosts.length];
+            this.domainTargetIndices.set(domainConfig, currentIndex + 1);
+            return ip;
+        }
+        return this.settings.targetIP || 'localhost';
+    }
+    /**
+     * Get target host with round-robin support (for tests)
+     * This is just an alias for getTargetIP for easier test compatibility
+     */
+    getTargetHost(domainConfig) {
+        return this.getTargetIP(domainConfig);
+    }
+    /**
+     * Get target port from domain config
+     */
+    getTargetPort(domainConfig, defaultPort) {
+        return domainConfig.forwarding.target.port || defaultPort;
+    }
+    /**
+     * Checks if a domain should use NetworkProxy
+     */
+    shouldUseNetworkProxy(domainConfig) {
+        const forwardingType = this.getForwardingType(domainConfig);
+        return forwardingType === 'https-terminate-to-http' ||
+            forwardingType === 'https-terminate-to-https';
+    }
+    /**
+     * Gets the NetworkProxy port for a domain
+     */
+    getNetworkProxyPort(domainConfig) {
+        // First check if we should use NetworkProxy at all
+        if (!this.shouldUseNetworkProxy(domainConfig)) {
+            return undefined;
+        }
+        return domainConfig.forwarding.advanced?.networkProxyPort || this.settings.networkProxyPort;
+    }
+    /**
+     * Get effective allowed and blocked IPs for a domain
+     *
+     * This method combines domain-specific security rules from the forwarding configuration
+     * with global security defaults when necessary.
+     */
+    getEffectiveIPRules(domainConfig) {
+        // Start with empty arrays
+        const allowedIPs = [];
+        const blockedIPs = [];
+        // Add IPs from forwarding security settings if available
+        if (domainConfig.forwarding?.security?.allowedIps) {
+            allowedIPs.push(...domainConfig.forwarding.security.allowedIps);
+        }
+        else {
+            // If no allowed IPs are specified in forwarding config and global defaults exist, use them
+            if (this.settings.defaultAllowedIPs && this.settings.defaultAllowedIPs.length > 0) {
+                allowedIPs.push(...this.settings.defaultAllowedIPs);
+            }
+            else {
+                // Default to allow all if no specific rules
+                allowedIPs.push('*');
+            }
+        }
+        // Add blocked IPs from forwarding security settings if available
+        if (domainConfig.forwarding?.security?.blockedIps) {
+            blockedIPs.push(...domainConfig.forwarding.security.blockedIps);
+        }
+        // Always add global blocked IPs, even if domain has its own rules
+        // This ensures that global blocks take precedence
+        if (this.settings.defaultBlockedIPs && this.settings.defaultBlockedIPs.length > 0) {
+            // Add only unique IPs that aren't already in the list
+            for (const ip of this.settings.defaultBlockedIPs) {
+                if (!blockedIPs.includes(ip)) {
+                    blockedIPs.push(ip);
+                }
+            }
+        }
+        return {
+            allowedIPs,
+            blockedIPs
+        };
+    }
+    /**
+     * Get connection timeout for a domain
+     */
+    getConnectionTimeout(domainConfig) {
+        if (domainConfig?.forwarding.advanced?.timeout) {
+            return domainConfig.forwarding.advanced.timeout;
+        }
+        return this.settings.maxConnectionLifetime || 86400000; // 24 hours default
+    }
+    /**
+     * Creates a forwarding handler for a domain configuration
+     */
+    createForwardingHandler(domainConfig) {
+        // Create a new handler using the factory
+        const handler = ForwardingHandlerFactory.createHandler(domainConfig.forwarding);
+        // Initialize the handler
+        handler.initialize().catch(err => {
+            console.log(`Error initializing forwarding handler for ${domainConfig.domains.join(', ')}: ${err}`);
+        });
+        return handler;
+    }
+    /**
+     * Gets a forwarding handler for a domain config
+     * If no handler exists, creates one
+     */
+    getForwardingHandler(domainConfig) {
+        // If we already have a handler, return it
+        if (this.forwardingHandlers.has(domainConfig)) {
+            return this.forwardingHandlers.get(domainConfig);
+        }
+        // Otherwise create a new handler
+        const handler = this.createForwardingHandler(domainConfig);
+        this.forwardingHandlers.set(domainConfig, handler);
+        return handler;
+    }
+    /**
+     * Gets the forwarding type for a domain config
+     */
+    getForwardingType(domainConfig) {
+        if (!domainConfig?.forwarding)
+            return undefined;
+        return domainConfig.forwarding.type;
+    }
+    /**
+     * Checks if the forwarding type requires TLS termination
+     */
+    requiresTlsTermination(domainConfig) {
+        if (!domainConfig)
+            return false;
+        const forwardingType = this.getForwardingType(domainConfig);
+        return forwardingType === 'https-terminate-to-http' ||
+            forwardingType === 'https-terminate-to-https';
+    }
+    /**
+     * Checks if the forwarding type supports HTTP
+     */
+    supportsHttp(domainConfig) {
+        if (!domainConfig)
+            return false;
+        const forwardingType = this.getForwardingType(domainConfig);
+        // HTTP-only always supports HTTP
+        if (forwardingType === 'http-only')
+            return true;
+        // For termination types, check the HTTP settings
+        if (forwardingType === 'https-terminate-to-http' ||
+            forwardingType === 'https-terminate-to-https') {
+            // HTTP is supported by default for termination types
+            return domainConfig.forwarding?.http?.enabled !== false;
+        }
+        // HTTPS-passthrough doesn't support HTTP
+        return false;
+    }
+    /**
+     * Checks if HTTP requests should be redirected to HTTPS
+     */
+    shouldRedirectToHttps(domainConfig) {
+        if (!domainConfig?.forwarding)
+            return false;
+        // Only check for redirect if HTTP is enabled
+        if (this.supportsHttp(domainConfig)) {
+            return !!domainConfig.forwarding.http?.redirectToHttps;
+        }
+        return false;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9tYWluLWNvbmZpZy1tYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvcHJveGllcy9zbWFydC1wcm94eS9kb21haW4tY29uZmlnLW1hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUk1QyxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxnREFBZ0QsQ0FBQztBQUUxRjs7R0FFRztBQUNILE1BQU0sT0FBTyxtQkFBbUI7SUFPOUIsWUFBb0IsUUFBNEI7UUFBNUIsYUFBUSxHQUFSLFFBQVEsQ0FBb0I7UUFOaEQsK0NBQStDO1FBQ3ZDLHdCQUFtQixHQUErQixJQUFJLEdBQUcsRUFBRSxDQUFDO1FBRXBFLG1EQUFtRDtRQUMzQyx1QkFBa0IsR0FBMEMsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUUzQixDQUFDO0lBRXBEOztPQUVHO0lBQ0ksbUJBQW1CLENBQUMsZ0JBQWlDO1FBQzFELElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxHQUFHLGdCQUFnQixDQUFDO1FBRS9DLDJDQUEyQztRQUMzQyxNQUFNLGdCQUFnQixHQUFHLElBQUksR0FBRyxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDbkQsS0FBSyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDaEQsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUNsQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzFDLENBQUM7UUFDSCxDQUFDO1FBRUQseUVBQXlFO1FBQ3pFLE1BQU0sZ0JBQWdCLEdBQW9CLEVBQUUsQ0FBQztRQUM3QyxLQUFLLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUMvQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQ2xDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNoQyxDQUFDO1FBQ0gsQ0FBQztRQUVELDRDQUE0QztRQUM1QyxLQUFLLE1BQU0sTUFBTSxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN6QyxDQUFDO1FBRUQsa0NBQWtDO1FBQ2xDLEtBQUssTUFBTSxNQUFNLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUN6QyxJQUFJLENBQUM7b0JBQ0gsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDLE1BQU0sQ0FBQyxDQUFDO29CQUNyRCxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FBQztnQkFDL0MsQ0FBQztnQkFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO29CQUNiLE9BQU8sQ0FBQyxHQUFHLENBQUMsZ0RBQWdELE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBQ25HLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7T0FFRztJQUNJLGdCQUFnQixDQUFDLFVBQWtCO1FBQ3hDLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFFbEMsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUNqRCxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FDN0QsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNJLHVCQUF1QixDQUFDLElBQVk7UUFDekMsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQ3JDLENBQUMsTUFBTSxFQUFFLEVBQUU7WUFDVCxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxFQUFFLFFBQVEsRUFBRSxVQUFVLENBQUM7WUFDM0QsT0FBTyxVQUFVO2dCQUNWLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQztnQkFDckIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFDL0MsQ0FBQyxDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxjQUFjLENBQUMsSUFBWSxFQUFFLE1BQTJDO1FBQzdFLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxJQUFJLElBQUksSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN4RSxDQUFDO0lBRUQ7O09BRUc7SUFDSSxXQUFXLENBQUMsWUFBMkI7UUFDNUMsTUFBTSxXQUFXLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7WUFDcEUsQ0FBQyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUk7WUFDckMsQ0FBQyxDQUFDLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFMUMsSUFBSSxXQUFXLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzNCLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3JFLE1BQU0sRUFBRSxHQUFHLFdBQVcsQ0FBQyxZQUFZLEdBQUcsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzFELElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLFlBQVksR0FBRyxDQUFDLENBQUMsQ0FBQztZQUM3RCxPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUSxJQUFJLFdBQVcsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksYUFBYSxDQUFDLFlBQTJCO1FBQzlDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxhQUFhLENBQUMsWUFBMkIsRUFBRSxXQUFtQjtRQUNuRSxPQUFPLFlBQVksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksSUFBSSxXQUFXLENBQUM7SUFDNUQsQ0FBQztJQUVEOztPQUVHO0lBQ0kscUJBQXFCLENBQUMsWUFBMkI7UUFDdEQsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQzVELE9BQU8sY0FBYyxLQUFLLHlCQUF5QjtZQUM1QyxjQUFjLEtBQUssMEJBQTBCLENBQUM7SUFDdkQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksbUJBQW1CLENBQUMsWUFBMkI7UUFDcEQsbURBQW1EO1FBQ25ELElBQUksQ0FBQyxJQUFJLENBQUMscUJBQXFCLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUM5QyxPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO1FBRUQsT0FBTyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxnQkFBZ0IsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDO0lBQzlGLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLG1CQUFtQixDQUFDLFlBQTJCO1FBSXBELDBCQUEwQjtRQUMxQixNQUFNLFVBQVUsR0FBYSxFQUFFLENBQUM7UUFDaEMsTUFBTSxVQUFVLEdBQWEsRUFBRSxDQUFDO1FBRWhDLHlEQUF5RDtRQUN6RCxJQUFJLFlBQVksQ0FBQyxVQUFVLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ2xELFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUNsRSxDQUFDO2FBQU0sQ0FBQztZQUNOLDJGQUEyRjtZQUMzRixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ2xGLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDdEQsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLDRDQUE0QztnQkFDNUMsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUN2QixDQUFDO1FBQ0gsQ0FBQztRQUVELGlFQUFpRTtRQUNqRSxJQUFJLFlBQVksQ0FBQyxVQUFVLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ2xELFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBRUQsa0VBQWtFO1FBQ2xFLGtEQUFrRDtRQUNsRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEYsc0RBQXNEO1lBQ3RELEtBQUssTUFBTSxFQUFFLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO2dCQUNqRCxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO29CQUM3QixVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUN0QixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPO1lBQ0wsVUFBVTtZQUNWLFVBQVU7U0FDWCxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksb0JBQW9CLENBQUMsWUFBNEI7UUFDdEQsSUFBSSxZQUFZLEVBQUUsVUFBVSxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUMvQyxPQUFPLFlBQVksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQztRQUNsRCxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixJQUFJLFFBQVEsQ0FBQyxDQUFDLG1CQUFtQjtJQUM3RSxDQUFDO0lBRUQ7O09BRUc7SUFDSyx1QkFBdUIsQ0FBQyxZQUEyQjtRQUN6RCx5Q0FBeUM7UUFDekMsTUFBTSxPQUFPLEdBQUcsd0JBQXdCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUVoRix5QkFBeUI7UUFDekIsT0FBTyxDQUFDLFVBQVUsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsRUFBRTtZQUMvQixPQUFPLENBQUMsR0FBRyxDQUFDLDZDQUE2QyxZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ3RHLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVEOzs7T0FHRztJQUNJLG9CQUFvQixDQUFDLFlBQTJCO1FBQ3JELDBDQUEwQztRQUMxQyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUM5QyxPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFFLENBQUM7UUFDcEQsQ0FBQztRQUVELGlDQUFpQztRQUNqQyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDM0QsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFbkQsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksaUJBQWlCLENBQUMsWUFBNEI7UUFDbkQsSUFBSSxDQUFDLFlBQVksRUFBRSxVQUFVO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFDaEQsT0FBTyxZQUFZLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQztJQUN0QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxzQkFBc0IsQ0FBQyxZQUE0QjtRQUN4RCxJQUFJLENBQUMsWUFBWTtZQUFFLE9BQU8sS0FBSyxDQUFDO1FBRWhDLE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM1RCxPQUFPLGNBQWMsS0FBSyx5QkFBeUI7WUFDNUMsY0FBYyxLQUFLLDBCQUEwQixDQUFDO0lBQ3ZELENBQUM7SUFFRDs7T0FFRztJQUNJLFlBQVksQ0FBQyxZQUE0QjtRQUM5QyxJQUFJLENBQUMsWUFBWTtZQUFFLE9BQU8sS0FBSyxDQUFDO1FBRWhDLE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUU1RCxpQ0FBaUM7UUFDakMsSUFBSSxjQUFjLEtBQUssV0FBVztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBRWhELGlEQUFpRDtRQUNqRCxJQUFJLGNBQWMsS0FBSyx5QkFBeUI7WUFDNUMsY0FBYyxLQUFLLDBCQUEwQixFQUFFLENBQUM7WUFDbEQscURBQXFEO1lBQ3JELE9BQU8sWUFBWSxDQUFDLFVBQVUsRUFBRSxJQUFJLEVBQUUsT0FBTyxLQUFLLEtBQUssQ0FBQztRQUMxRCxDQUFDO1FBRUQseUNBQXlDO1FBQ3pDLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVEOztPQUVHO0lBQ0kscUJBQXFCLENBQUMsWUFBNEI7UUFDdkQsSUFBSSxDQUFDLFlBQVksRUFBRSxVQUFVO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFNUMsNkNBQTZDO1FBQzdDLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLGVBQWUsQ0FBQztRQUN6RCxDQUFDO1FBRUQsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0NBQ0YifQ==

package/dist_ts/proxies/smart-proxy/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * SmartProxy implementation
+ */
+export * from './models/index.js';
+export { SmartProxy } from './smart-proxy.js';
+export { ConnectionManager } from './connection-manager.js';
+export { SecurityManager } from './security-manager.js';
+export { DomainConfigManager } from './domain-config-manager.js';
+export { TimeoutManager } from './timeout-manager.js';
+export { TlsManager } from './tls-manager.js';
+export { NetworkProxyBridge } from './network-proxy-bridge.js';
+export { PortRangeManager } from './port-range-manager.js';
+export { ConnectionHandler } from './connection-handler.js';

package/dist_ts/proxies/smart-proxy/index.js

@@ -0,0 +1,17 @@
+/**
+ * SmartProxy implementation
+ */
+// Re-export models
+export * from './models/index.js';
+// Export the main SmartProxy class
+export { SmartProxy } from './smart-proxy.js';
+// Export supporting classes
+export { ConnectionManager } from './connection-manager.js';
+export { SecurityManager } from './security-manager.js';
+export { DomainConfigManager } from './domain-config-manager.js';
+export { TimeoutManager } from './timeout-manager.js';
+export { TlsManager } from './tls-manager.js';
+export { NetworkProxyBridge } from './network-proxy-bridge.js';
+export { PortRangeManager } from './port-range-manager.js';
+export { ConnectionHandler } from './connection-handler.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsbUJBQW1CO0FBQ25CLGNBQWMsbUJBQW1CLENBQUM7QUFFbEMsbUNBQW1DO0FBQ25DLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxrQkFBa0IsQ0FBQztBQUU5Qyw0QkFBNEI7QUFDNUIsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDNUQsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ3hELE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQ2pFLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUN0RCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFDOUMsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFDL0QsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDM0QsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0seUJBQXlCLENBQUMifQ==

package/dist_ts/proxies/smart-proxy/models/index.d.ts

@@ -0,0 +1,4 @@
+/**
+ * SmartProxy models
+ */
+export * from './interfaces.js';

package/dist_ts/proxies/smart-proxy/models/index.js

@@ -0,0 +1,5 @@
+/**
+ * SmartProxy models
+ */
+export * from './interfaces.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L21vZGVscy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILGNBQWMsaUJBQWlCLENBQUMifQ==

package/dist_ts/proxies/smart-proxy/models/interfaces.d.ts

@@ -0,0 +1,107 @@
+import * as plugins from '../../../plugins.js';
+import type { IForwardConfig } from '../../../forwarding/config/forwarding-types.js';
+/**
+ * Provision object for static or HTTP-01 certificate
+ */
+export type TSmartProxyCertProvisionObject = plugins.tsclass.network.ICert | 'http01';
+/**
+ * Domain configuration with forwarding configuration
+ */
+export interface IDomainConfig {
+    domains: string[];
+    forwarding: IForwardConfig;
+}
+/**
+ * Configuration options for the SmartProxy
+ */
+import type { IAcmeOptions } from '../../../certificate/models/certificate-types.js';
+export interface ISmartProxyOptions {
+    fromPort: number;
+    toPort: number;
+    targetIP?: string;
+    domainConfigs: IDomainConfig[];
+    sniEnabled?: boolean;
+    defaultAllowedIPs?: string[];
+    defaultBlockedIPs?: string[];
+    preserveSourceIP?: boolean;
+    pfx?: Buffer;
+    key?: string | Buffer | Array<Buffer | string>;
+    passphrase?: string;
+    cert?: string | Buffer | Array<string | Buffer>;
+    ca?: string | Buffer | Array<string | Buffer>;
+    ciphers?: string;
+    honorCipherOrder?: boolean;
+    rejectUnauthorized?: boolean;
+    secureProtocol?: string;
+    servername?: string;
+    minVersion?: string;
+    maxVersion?: string;
+    initialDataTimeout?: number;
+    socketTimeout?: number;
+    inactivityCheckInterval?: number;
+    maxConnectionLifetime?: number;
+    inactivityTimeout?: number;
+    gracefulShutdownTimeout?: number;
+    globalPortRanges: Array<{
+        from: number;
+        to: number;
+    }>;
+    forwardAllGlobalRanges?: boolean;
+    noDelay?: boolean;
+    keepAlive?: boolean;
+    keepAliveInitialDelay?: number;
+    maxPendingDataSize?: number;
+    disableInactivityCheck?: boolean;
+    enableKeepAliveProbes?: boolean;
+    enableDetailedLogging?: boolean;
+    enableTlsDebugLogging?: boolean;
+    enableRandomizedTimeouts?: boolean;
+    allowSessionTicket?: boolean;
+    maxConnectionsPerIP?: number;
+    connectionRateLimitPerMinute?: number;
+    keepAliveTreatment?: 'standard' | 'extended' | 'immortal';
+    keepAliveInactivityMultiplier?: number;
+    extendedKeepAliveLifetime?: number;
+    useNetworkProxy?: number[];
+    networkProxyPort?: number;
+    acme?: IAcmeOptions;
+    /**
+     * Optional certificate provider callback. Return 'http01' to use HTTP-01 challenges,
+     * or a static certificate object for immediate provisioning.
+     */
+    certProvisionFunction?: (domain: string) => Promise<TSmartProxyCertProvisionObject>;
+}
+/**
+ * Enhanced connection record
+ */
+export interface IConnectionRecord {
+    id: string;
+    incoming: plugins.net.Socket;
+    outgoing: plugins.net.Socket | null;
+    incomingStartTime: number;
+    outgoingStartTime?: number;
+    outgoingClosedTime?: number;
+    lockedDomain?: string;
+    connectionClosed: boolean;
+    cleanupTimer?: NodeJS.Timeout;
+    alertFallbackTimeout?: NodeJS.Timeout;
+    lastActivity: number;
+    pendingData: Buffer[];
+    pendingDataSize: number;
+    bytesReceived: number;
+    bytesSent: number;
+    remoteIP: string;
+    localPort: number;
+    isTLS: boolean;
+    tlsHandshakeComplete: boolean;
+    hasReceivedInitialData: boolean;
+    domainConfig?: IDomainConfig;
+    hasKeepAlive: boolean;
+    inactivityWarningIssued?: boolean;
+    incomingTerminationReason?: string | null;
+    outgoingTerminationReason?: string | null;
+    usingNetworkProxy?: boolean;
+    renegotiationHandler?: (chunk: Buffer) => void;
+    isBrowserConnection?: boolean;
+    domainSwitches?: number;
+}

package/dist_ts/proxies/smart-proxy/models/interfaces.js

@@ -0,0 +1,2 @@
+import * as plugins from '../../../plugins.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL3Byb3hpZXMvc21hcnQtcHJveHkvbW9kZWxzL2ludGVyZmFjZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxxQkFBcUIsQ0FBQyJ9

package/dist_ts/proxies/smart-proxy/network-proxy-bridge.d.ts

@@ -0,0 +1,62 @@
+import * as plugins from '../../plugins.js';
+import { NetworkProxy } from '../network-proxy/index.js';
+import { Port80Handler } from '../../http/port80/port80-handler.js';
+import type { ICertificateData } from '../../certificate/models/certificate-types.js';
+import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
+/**
+ * Manages NetworkProxy integration for TLS termination
+ */
+export declare class NetworkProxyBridge {
+    private settings;
+    private networkProxy;
+    private port80Handler;
+    constructor(settings: ISmartProxyOptions);
+    /**
+     * Set the Port80Handler to use for certificate management
+     */
+    setPort80Handler(handler: Port80Handler): void;
+    /**
+     * Initialize NetworkProxy instance
+     */
+    initialize(): Promise<void>;
+    /**
+     * Handle certificate issuance or renewal events
+     */
+    private handleCertificateEvent;
+    /**
+     * Apply an external (static) certificate into NetworkProxy
+     */
+    applyExternalCertificate(data: ICertificateData): void;
+    /**
+     * Get the NetworkProxy instance
+     */
+    getNetworkProxy(): NetworkProxy | null;
+    /**
+     * Get the NetworkProxy port
+     */
+    getNetworkProxyPort(): number;
+    /**
+     * Start NetworkProxy
+     */
+    start(): Promise<void>;
+    /**
+     * Stop NetworkProxy
+     */
+    stop(): Promise<void>;
+    /**
+     * Register domains with Port80Handler
+     */
+    registerDomainsWithPort80Handler(domains: string[]): void;
+    /**
+     * Forwards a TLS connection to a NetworkProxy for handling
+     */
+    forwardToNetworkProxy(connectionId: string, socket: plugins.net.Socket, record: IConnectionRecord, initialData: Buffer, customProxyPort?: number, onError?: (reason: string) => void): void;
+    /**
+     * Synchronizes domain configurations to NetworkProxy
+     */
+    syncDomainConfigsToNetworkProxy(): Promise<void>;
+    /**
+     * Request a certificate for a specific domain
+     */
+    requestCertificate(domain: string): Promise<boolean>;
+}