@push.rocks/smartproxy 12.0.0 → 13.1.2

package/dist_ts/proxies/network-proxy/websocket-handler.js

@@ -0,0 +1,188 @@
+import * as plugins from '../../plugins.js';
+import { createLogger } from './models/types.js';
+import { ConnectionPool } from './connection-pool.js';
+import { ProxyRouter } from '../../http/router/index.js';
+/**
+ * Handles WebSocket connections and proxying
+ */
+export class WebSocketHandler {
+    constructor(options, connectionPool, router) {
+        this.options = options;
+        this.connectionPool = connectionPool;
+        this.router = router;
+        this.heartbeatInterval = null;
+        this.wsServer = null;
+        this.logger = createLogger(options.logLevel || 'info');
+    }
+    /**
+     * Initialize WebSocket server on an existing HTTPS server
+     */
+    initialize(server) {
+        // Create WebSocket server
+        this.wsServer = new plugins.ws.WebSocketServer({
+            server: server,
+            clientTracking: true
+        });
+        // Handle WebSocket connections
+        this.wsServer.on('connection', (wsIncoming, req) => {
+            this.handleWebSocketConnection(wsIncoming, req);
+        });
+        // Start the heartbeat interval
+        this.startHeartbeat();
+        this.logger.info('WebSocket handler initialized');
+    }
+    /**
+     * Start the heartbeat interval to check for inactive WebSocket connections
+     */
+    startHeartbeat() {
+        // Clean up existing interval if any
+        if (this.heartbeatInterval) {
+            clearInterval(this.heartbeatInterval);
+        }
+        // Set up the heartbeat interval (check every 30 seconds)
+        this.heartbeatInterval = setInterval(() => {
+            if (!this.wsServer || this.wsServer.clients.size === 0) {
+                return; // Skip if no active connections
+            }
+            this.logger.debug(`WebSocket heartbeat check for ${this.wsServer.clients.size} clients`);
+            this.wsServer.clients.forEach((ws) => {
+                const wsWithHeartbeat = ws;
+                if (wsWithHeartbeat.isAlive === false) {
+                    this.logger.debug('Terminating inactive WebSocket connection');
+                    return wsWithHeartbeat.terminate();
+                }
+                wsWithHeartbeat.isAlive = false;
+                wsWithHeartbeat.ping();
+            });
+        }, 30000);
+        // Make sure the interval doesn't keep the process alive
+        if (this.heartbeatInterval.unref) {
+            this.heartbeatInterval.unref();
+        }
+    }
+    /**
+     * Handle a new WebSocket connection
+     */
+    handleWebSocketConnection(wsIncoming, req) {
+        try {
+            // Initialize heartbeat tracking
+            wsIncoming.isAlive = true;
+            wsIncoming.lastPong = Date.now();
+            // Handle pong messages to track liveness
+            wsIncoming.on('pong', () => {
+                wsIncoming.isAlive = true;
+                wsIncoming.lastPong = Date.now();
+            });
+            // Find target configuration based on request
+            const proxyConfig = this.router.routeReq(req);
+            if (!proxyConfig) {
+                this.logger.warn(`No proxy configuration for WebSocket host: ${req.headers.host}`);
+                wsIncoming.close(1008, 'No proxy configuration for this host');
+                return;
+            }
+            // Get destination target using round-robin if multiple targets
+            const destination = this.connectionPool.getNextTarget(proxyConfig.destinationIps, proxyConfig.destinationPorts[0]);
+            // Build target URL
+            const protocol = req.socket.encrypted ? 'wss' : 'ws';
+            const targetUrl = `${protocol}://${destination.host}:${destination.port}${req.url}`;
+            this.logger.debug(`WebSocket connection from ${req.socket.remoteAddress} to ${targetUrl}`);
+            // Create headers for outgoing WebSocket connection
+            const headers = {};
+            // Copy relevant headers from incoming request
+            for (const [key, value] of Object.entries(req.headers)) {
+                if (value && typeof value === 'string' &&
+                    key.toLowerCase() !== 'connection' &&
+                    key.toLowerCase() !== 'upgrade' &&
+                    key.toLowerCase() !== 'sec-websocket-key' &&
+                    key.toLowerCase() !== 'sec-websocket-version') {
+                    headers[key] = value;
+                }
+            }
+            // Override host header if needed
+            if (proxyConfig.rewriteHostHeader) {
+                headers['host'] = `${destination.host}:${destination.port}`;
+            }
+            // Create outgoing WebSocket connection
+            const wsOutgoing = new plugins.wsDefault(targetUrl, {
+                headers: headers,
+                followRedirects: true
+            });
+            // Handle connection errors
+            wsOutgoing.on('error', (err) => {
+                this.logger.error(`WebSocket target connection error: ${err.message}`);
+                if (wsIncoming.readyState === wsIncoming.OPEN) {
+                    wsIncoming.close(1011, 'Internal server error');
+                }
+            });
+            // Handle outgoing connection open
+            wsOutgoing.on('open', () => {
+                // Forward incoming messages to outgoing connection
+                wsIncoming.on('message', (data, isBinary) => {
+                    if (wsOutgoing.readyState === wsOutgoing.OPEN) {
+                        wsOutgoing.send(data, { binary: isBinary });
+                    }
+                });
+                // Forward outgoing messages to incoming connection
+                wsOutgoing.on('message', (data, isBinary) => {
+                    if (wsIncoming.readyState === wsIncoming.OPEN) {
+                        wsIncoming.send(data, { binary: isBinary });
+                    }
+                });
+                // Handle closing of connections
+                wsIncoming.on('close', (code, reason) => {
+                    this.logger.debug(`WebSocket client connection closed: ${code} ${reason}`);
+                    if (wsOutgoing.readyState === wsOutgoing.OPEN) {
+                        wsOutgoing.close(code, reason);
+                    }
+                });
+                wsOutgoing.on('close', (code, reason) => {
+                    this.logger.debug(`WebSocket target connection closed: ${code} ${reason}`);
+                    if (wsIncoming.readyState === wsIncoming.OPEN) {
+                        wsIncoming.close(code, reason);
+                    }
+                });
+                this.logger.debug(`WebSocket connection established: ${req.headers.host} -> ${destination.host}:${destination.port}`);
+            });
+        }
+        catch (error) {
+            this.logger.error(`Error handling WebSocket connection: ${error.message}`);
+            if (wsIncoming.readyState === wsIncoming.OPEN) {
+                wsIncoming.close(1011, 'Internal server error');
+            }
+        }
+    }
+    /**
+     * Get information about active WebSocket connections
+     */
+    getConnectionInfo() {
+        return {
+            activeConnections: this.wsServer ? this.wsServer.clients.size : 0
+        };
+    }
+    /**
+     * Shutdown the WebSocket handler
+     */
+    shutdown() {
+        // Stop heartbeat interval
+        if (this.heartbeatInterval) {
+            clearInterval(this.heartbeatInterval);
+            this.heartbeatInterval = null;
+        }
+        // Close all WebSocket connections
+        if (this.wsServer) {
+            this.logger.info(`Closing ${this.wsServer.clients.size} WebSocket connections`);
+            for (const client of this.wsServer.clients) {
+                try {
+                    client.terminate();
+                }
+                catch (error) {
+                    this.logger.error('Error terminating WebSocket client', error);
+                }
+            }
+            // Close the server
+            this.wsServer.close();
+            this.wsServer = null;
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2Vic29ja2V0LWhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL25ldHdvcmstcHJveHkvd2Vic29ja2V0LWhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUM1QyxPQUFPLEVBQXlFLFlBQVksRUFBNEIsTUFBTSxtQkFBbUIsQ0FBQztBQUNsSixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDdEQsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBRXpEOztHQUVHO0FBQ0gsTUFBTSxPQUFPLGdCQUFnQjtJQUszQixZQUNVLE9BQTZCLEVBQzdCLGNBQThCLEVBQzlCLE1BQW1CO1FBRm5CLFlBQU8sR0FBUCxPQUFPLENBQXNCO1FBQzdCLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixXQUFNLEdBQU4sTUFBTSxDQUFhO1FBUHJCLHNCQUFpQixHQUEwQixJQUFJLENBQUM7UUFDaEQsYUFBUSxHQUFzQyxJQUFJLENBQUM7UUFRekQsSUFBSSxDQUFDLE1BQU0sR0FBRyxZQUFZLENBQUMsT0FBTyxDQUFDLFFBQVEsSUFBSSxNQUFNLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxVQUFVLENBQUMsTUFBNEI7UUFDNUMsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxPQUFPLENBQUMsRUFBRSxDQUFDLGVBQWUsQ0FBQztZQUM3QyxNQUFNLEVBQUUsTUFBTTtZQUNkLGNBQWMsRUFBRSxJQUFJO1NBQ3JCLENBQUMsQ0FBQztRQUVILCtCQUErQjtRQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxVQUFtQyxFQUFFLEdBQWlDLEVBQUUsRUFBRTtZQUN4RyxJQUFJLENBQUMseUJBQXlCLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ2xELENBQUMsQ0FBQyxDQUFDO1FBRUgsK0JBQStCO1FBQy9CLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUV0QixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7T0FFRztJQUNLLGNBQWM7UUFDcEIsb0NBQW9DO1FBQ3BDLElBQUksSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDM0IsYUFBYSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3hDLENBQUM7UUFFRCx5REFBeUQ7UUFDekQsSUFBSSxDQUFDLGlCQUFpQixHQUFHLFdBQVcsQ0FBQyxHQUFHLEVBQUU7WUFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUN2RCxPQUFPLENBQUMsZ0NBQWdDO1lBQzFDLENBQUM7WUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxpQ0FBaUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxVQUFVLENBQUMsQ0FBQztZQUV6RixJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFxQixFQUFFLEVBQUU7Z0JBQ3RELE1BQU0sZUFBZSxHQUFHLEVBQTZCLENBQUM7Z0JBRXRELElBQUksZUFBZSxDQUFDLE9BQU8sS0FBSyxLQUFLLEVBQUUsQ0FBQztvQkFDdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztvQkFDL0QsT0FBTyxlQUFlLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3JDLENBQUM7Z0JBRUQsZUFBZSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUM7Z0JBQ2hDLGVBQWUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN6QixDQUFDLENBQUMsQ0FBQztRQUNMLENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUVWLHdEQUF3RDtRQUN4RCxJQUFJLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNqQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDakMsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLHlCQUF5QixDQUFDLFVBQW1DLEVBQUUsR0FBaUM7UUFDdEcsSUFBSSxDQUFDO1lBQ0gsZ0NBQWdDO1lBQ2hDLFVBQVUsQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDO1lBQzFCLFVBQVUsQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWpDLHlDQUF5QztZQUN6QyxVQUFVLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUU7Z0JBQ3pCLFVBQVUsQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDO2dCQUMxQixVQUFVLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNuQyxDQUFDLENBQUMsQ0FBQztZQUVILDZDQUE2QztZQUM3QyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUU5QyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7Z0JBQ2pCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDhDQUE4QyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7Z0JBQ25GLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLHNDQUFzQyxDQUFDLENBQUM7Z0JBQy9ELE9BQU87WUFDVCxDQUFDO1lBRUQsK0RBQStEO1lBQy9ELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsYUFBYSxDQUNuRCxXQUFXLENBQUMsY0FBYyxFQUMxQixXQUFXLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQ2hDLENBQUM7WUFFRixtQkFBbUI7WUFDbkIsTUFBTSxRQUFRLEdBQUksR0FBRyxDQUFDLE1BQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQzlELE1BQU0sU0FBUyxHQUFHLEdBQUcsUUFBUSxNQUFNLFdBQVcsQ0FBQyxJQUFJLElBQUksV0FBVyxDQUFDLElBQUksR0FBRyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7WUFFcEYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsNkJBQTZCLEdBQUcsQ0FBQyxNQUFNLENBQUMsYUFBYSxPQUFPLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFFM0YsbURBQW1EO1lBQ25ELE1BQU0sT0FBTyxHQUE4QixFQUFFLENBQUM7WUFFOUMsOENBQThDO1lBQzlDLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUN2RCxJQUFJLEtBQUssSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRO29CQUNsQyxHQUFHLENBQUMsV0FBVyxFQUFFLEtBQUssWUFBWTtvQkFDbEMsR0FBRyxDQUFDLFdBQVcsRUFBRSxLQUFLLFNBQVM7b0JBQy9CLEdBQUcsQ0FBQyxXQUFXLEVBQUUsS0FBSyxtQkFBbUI7b0JBQ3pDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsS0FBSyx1QkFBdUIsRUFBRSxDQUFDO29CQUNsRCxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDO2dCQUN2QixDQUFDO1lBQ0gsQ0FBQztZQUVELGlDQUFpQztZQUNqQyxJQUFLLFdBQW1DLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDM0QsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEdBQUcsV0FBVyxDQUFDLElBQUksSUFBSSxXQUFXLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDOUQsQ0FBQztZQUVELHVDQUF1QztZQUN2QyxNQUFNLFVBQVUsR0FBRyxJQUFJLE9BQU8sQ0FBQyxTQUFTLENBQUMsU0FBUyxFQUFFO2dCQUNsRCxPQUFPLEVBQUUsT0FBTztnQkFDaEIsZUFBZSxFQUFFLElBQUk7YUFDdEIsQ0FBQyxDQUFDO1lBRUgsMkJBQTJCO1lBQzNCLFVBQVUsQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7Z0JBQzdCLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHNDQUFzQyxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDdkUsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDOUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsdUJBQXVCLENBQUMsQ0FBQztnQkFDbEQsQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1lBRUgsa0NBQWtDO1lBQ2xDLFVBQVUsQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEdBQUcsRUFBRTtnQkFDekIsbURBQW1EO2dCQUNuRCxVQUFVLENBQUMsRUFBRSxDQUFDLFNBQVMsRUFBRSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUUsRUFBRTtvQkFDMUMsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQzt3QkFDOUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztvQkFDOUMsQ0FBQztnQkFDSCxDQUFDLENBQUMsQ0FBQztnQkFFSCxtREFBbUQ7Z0JBQ25ELFVBQVUsQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxFQUFFO29CQUMxQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLEtBQUssVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO3dCQUM5QyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsQ0FBQyxDQUFDO29CQUM5QyxDQUFDO2dCQUNILENBQUMsQ0FBQyxDQUFDO2dCQUVILGdDQUFnQztnQkFDaEMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFLEVBQUU7b0JBQ3RDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHVDQUF1QyxJQUFJLElBQUksTUFBTSxFQUFFLENBQUMsQ0FBQztvQkFDM0UsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQzt3QkFDOUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7b0JBQ2pDLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFLEVBQUU7b0JBQ3RDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHVDQUF1QyxJQUFJLElBQUksTUFBTSxFQUFFLENBQUMsQ0FBQztvQkFDM0UsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQzt3QkFDOUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7b0JBQ2pDLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMscUNBQXFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsSUFBSSxPQUFPLFdBQVcsQ0FBQyxJQUFJLElBQUksV0FBVyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDeEgsQ0FBQyxDQUFDLENBQUM7UUFFTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHdDQUF3QyxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUMzRSxJQUFJLFVBQVUsQ0FBQyxVQUFVLEtBQUssVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUM5QyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSx1QkFBdUIsQ0FBQyxDQUFDO1lBQ2xELENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ksaUJBQWlCO1FBQ3RCLE9BQU87WUFDTCxpQkFBaUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDbEUsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNJLFFBQVE7UUFDYiwwQkFBMEI7UUFDMUIsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUMzQixhQUFhLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDdEMsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksQ0FBQztRQUNoQyxDQUFDO1FBRUQsa0NBQWtDO1FBQ2xDLElBQUksSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSx3QkFBd0IsQ0FBQyxDQUFDO1lBRWhGLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDM0MsSUFBSSxDQUFDO29CQUNILE1BQU0sQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDckIsQ0FBQztnQkFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO29CQUNmLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLG9DQUFvQyxFQUFFLEtBQUssQ0FBQyxDQUFDO2dCQUNqRSxDQUFDO1lBQ0gsQ0FBQztZQUVELG1CQUFtQjtZQUNuQixJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3RCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDO1FBQ3ZCLENBQUM7SUFDSCxDQUFDO0NBQ0YifQ==

package/dist_ts/proxies/nftables-proxy/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * NfTablesProxy implementation
+ */
+export * from './nftables-proxy.js';
+export * from './models/index.js';

package/dist_ts/proxies/nftables-proxy/index.js

@@ -0,0 +1,6 @@
+/**
+ * NfTablesProxy implementation
+ */
+export * from './nftables-proxy.js';
+export * from './models/index.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsY0FBYyxxQkFBcUIsQ0FBQztBQUNwQyxjQUFjLG1CQUFtQixDQUFDIn0=

package/dist_ts/proxies/nftables-proxy/models/errors.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Custom error classes for better error handling
+ */
+export declare class NftBaseError extends Error {
+    constructor(message: string);
+}
+export declare class NftValidationError extends NftBaseError {
+    constructor(message: string);
+}
+export declare class NftExecutionError extends NftBaseError {
+    constructor(message: string);
+}
+export declare class NftResourceError extends NftBaseError {
+    constructor(message: string);
+}

package/dist_ts/proxies/nftables-proxy/models/errors.js

@@ -0,0 +1,28 @@
+/**
+ * Custom error classes for better error handling
+ */
+export class NftBaseError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'NftBaseError';
+    }
+}
+export class NftValidationError extends NftBaseError {
+    constructor(message) {
+        super(message);
+        this.name = 'NftValidationError';
+    }
+}
+export class NftExecutionError extends NftBaseError {
+    constructor(message) {
+        super(message);
+        this.name = 'NftExecutionError';
+    }
+}
+export class NftResourceError extends NftBaseError {
+    constructor(message) {
+        super(message);
+        this.name = 'NftResourceError';
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJveGllcy9uZnRhYmxlcy1wcm94eS9tb2RlbHMvZXJyb3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFlBQWEsU0FBUSxLQUFLO0lBQ3JDLFlBQVksT0FBZTtRQUN6QixLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDZixJQUFJLENBQUMsSUFBSSxHQUFHLGNBQWMsQ0FBQztJQUM3QixDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sa0JBQW1CLFNBQVEsWUFBWTtJQUNsRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxvQkFBb0IsQ0FBQztJQUNuQyxDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8saUJBQWtCLFNBQVEsWUFBWTtJQUNqRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxtQkFBbUIsQ0FBQztJQUNsQyxDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sZ0JBQWlCLFNBQVEsWUFBWTtJQUNoRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxrQkFBa0IsQ0FBQztJQUNqQyxDQUFDO0NBQ0YifQ==

package/dist_ts/proxies/nftables-proxy/models/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Export all models
+ */
+export * from './interfaces.js';
+export * from './errors.js';

package/dist_ts/proxies/nftables-proxy/models/index.js

@@ -0,0 +1,6 @@
+/**
+ * Export all models
+ */
+export * from './interfaces.js';
+export * from './errors.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L21vZGVscy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsY0FBYyxhQUFhLENBQUMifQ==

package/dist_ts/proxies/nftables-proxy/models/interfaces.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Interfaces for NfTablesProxy
+ */
+/**
+ * Represents a port range for forwarding
+ */
+export interface PortRange {
+    from: number;
+    to: number;
+}
+export type IPortRange = PortRange;
+/**
+ * Settings for NfTablesProxy.
+ */
+export interface NfTableProxyOptions {
+    fromPort: number | PortRange | Array<number | PortRange>;
+    toPort: number | PortRange | Array<number | PortRange>;
+    toHost?: string;
+    preserveSourceIP?: boolean;
+    deleteOnExit?: boolean;
+    protocol?: 'tcp' | 'udp' | 'all';
+    enableLogging?: boolean;
+    ipv6Support?: boolean;
+    logFormat?: 'plain' | 'json';
+    allowedSourceIPs?: string[];
+    bannedSourceIPs?: string[];
+    useIPSets?: boolean;
+    forceCleanSlate?: boolean;
+    tableName?: string;
+    maxRetries?: number;
+    retryDelayMs?: number;
+    useAdvancedNAT?: boolean;
+    qos?: {
+        enabled: boolean;
+        maxRate?: string;
+        priority?: number;
+        markConnections?: boolean;
+    };
+    netProxyIntegration?: {
+        enabled: boolean;
+        redirectLocalhost?: boolean;
+        sslTerminationPort?: number;
+    };
+}
+export type INfTableProxySettings = NfTableProxyOptions;
+/**
+ * Interface for status reporting
+ */
+export interface NfTablesStatus {
+    active: boolean;
+    ruleCount: {
+        total: number;
+        added: number;
+        verified: number;
+    };
+    tablesConfigured: {
+        family: string;
+        tableName: string;
+    }[];
+    metrics: {
+        forwardedConnections?: number;
+        activeConnections?: number;
+        bytesForwarded?: {
+            sent: number;
+            received: number;
+        };
+    };
+    qosEnabled?: boolean;
+    ipSetsConfigured?: {
+        name: string;
+        elementCount: number;
+        type: string;
+    }[];
+}
+export type INfTablesStatus = NfTablesStatus;

package/dist_ts/proxies/nftables-proxy/models/interfaces.js

@@ -0,0 +1,5 @@
+/**
+ * Interfaces for NfTablesProxy
+ */
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL3Byb3hpZXMvbmZ0YWJsZXMtcHJveHkvbW9kZWxzL2ludGVyZmFjZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUcifQ==

package/dist_ts/proxies/nftables-proxy/nftables-proxy.d.ts

@@ -0,0 +1,136 @@
+import type { NfTableProxyOptions, NfTablesStatus } from './models/index.js';
+/**
+ * NfTablesProxy sets up nftables NAT rules to forward TCP traffic.
+ * Enhanced with multi-port support, IPv6, connection tracking, metrics,
+ * and more advanced features.
+ */
+export declare class NfTablesProxy {
+    settings: NfTableProxyOptions;
+    private rules;
+    private ipSets;
+    private ruleTag;
+    private tableName;
+    private tempFilePath;
+    private static NFT_CMD;
+    constructor(settings: NfTableProxyOptions);
+    /**
+     * Validates settings to prevent command injection and ensure valid values
+     */
+    private validateSettings;
+    /**
+     * Normalizes port specifications into an array of port ranges
+     */
+    private normalizePortSpec;
+    /**
+     * Execute a command with retry capability
+     */
+    private executeWithRetry;
+    /**
+     * Execute system command synchronously with multiple attempts
+     */
+    private executeWithRetrySync;
+    /**
+     * Checks if nftables is available and the required modules are loaded
+     */
+    private checkNftablesAvailability;
+    /**
+     * Creates the necessary tables and chains
+     */
+    private setupTablesAndChains;
+    /**
+     * Creates IP sets for efficient filtering of large IP lists
+     */
+    private createIPSet;
+    /**
+     * Adds source IP filtering rules, potentially using IP sets for efficiency
+     */
+    private addSourceIPFilters;
+    /**
+     * Gets a comma-separated list of all ports from a port specification
+     */
+    private getAllPorts;
+    /**
+     * Configures advanced NAT with connection tracking
+     */
+    private setupAdvancedNAT;
+    /**
+     * Adds port forwarding rules
+     */
+    private addPortForwardingRules;
+    /**
+     * Adds port forwarding rules for the case where one toPortRange maps to multiple fromPortRanges
+     */
+    private addPortMappings;
+    /**
+     * Adds port forwarding rules for pairs of fromPortRanges and toPortRanges
+     */
+    private addPortPairMappings;
+    /**
+     * Setup quality of service rules
+     */
+    private addTrafficShaping;
+    /**
+     * Setup NetworkProxy integration rules
+     */
+    private setupNetworkProxyIntegration;
+    /**
+     * Verify that a rule was successfully applied
+     */
+    private verifyRuleApplication;
+    /**
+     * Rolls back rules in case of error during setup
+     */
+    private rollbackRules;
+    /**
+     * Checks if nftables table exists
+     */
+    private tableExists;
+    /**
+     * Get system metrics like connection counts
+     */
+    private getSystemMetrics;
+    /**
+     * Get status of IP sets
+     */
+    private getIPSetStatus;
+    /**
+     * Get detailed status about the current state of the proxy
+     */
+    getStatus(): Promise<NfTablesStatus>;
+    /**
+     * Performs a dry run to see what commands would be executed without actually applying them
+     */
+    dryRun(): Promise<string[]>;
+    /**
+     * Starts the proxy by setting up all nftables rules
+     */
+    start(): Promise<void>;
+    /**
+     * Stops the proxy by removing all added rules
+     */
+    stop(): Promise<void>;
+    /**
+     * Synchronous version of stop, for use in exit handlers
+     */
+    stopSync(): void;
+    /**
+     * Cleans up empty tables
+     */
+    private cleanupEmptyTables;
+    /**
+     * Synchronous version of cleanupEmptyTables
+     */
+    private cleanupEmptyTablesSync;
+    /**
+     * Removes all nftables rules created by this module
+     */
+    static cleanSlate(): Promise<void>;
+    /**
+     * Synchronous version of cleanSlate
+     */
+    static cleanSlateSync(): void;
+    /**
+     * Improved logging with structured output
+     */
+    private log;
+}