npm - @push.rocks/smartproxy - Versions diffs - 15.0.2 → 16.0.2 - Mend

@push.rocks/smartproxy 15.0.2 → 16.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist_ts/00_commitinfo_data.js +1 -1
package/dist_ts/certificate/index.d.ts +10 -4
package/dist_ts/certificate/index.js +5 -7
package/dist_ts/certificate/models/certificate-types.d.ts +35 -15
package/dist_ts/certificate/providers/cert-provisioner.d.ts +41 -15
package/dist_ts/certificate/providers/cert-provisioner.js +201 -41
package/dist_ts/forwarding/config/forwarding-types.d.ts +40 -76
package/dist_ts/forwarding/config/forwarding-types.js +19 -18
package/dist_ts/forwarding/config/index.d.ts +4 -2
package/dist_ts/forwarding/config/index.js +5 -3
package/dist_ts/forwarding/handlers/base-handler.js +3 -1
package/dist_ts/forwarding/index.d.ts +5 -6
package/dist_ts/forwarding/index.js +3 -3
package/dist_ts/http/models/http-types.js +1 -1
package/dist_ts/http/port80/acme-interfaces.d.ts +30 -0
package/dist_ts/http/port80/acme-interfaces.js +46 -1
package/dist_ts/http/port80/port80-handler.d.ts +17 -2
package/dist_ts/http/port80/port80-handler.js +49 -11
package/dist_ts/proxies/smart-proxy/models/interfaces.d.ts +2 -61
package/dist_ts/proxies/smart-proxy/models/interfaces.js +5 -4
package/dist_ts/proxies/smart-proxy/models/route-types.d.ts +118 -4
package/dist_ts/proxies/smart-proxy/network-proxy-bridge.d.ts +70 -4
package/dist_ts/proxies/smart-proxy/network-proxy-bridge.js +193 -43
package/dist_ts/proxies/smart-proxy/route-connection-handler.d.ts +2 -5
package/dist_ts/proxies/smart-proxy/route-connection-handler.js +25 -146
package/dist_ts/proxies/smart-proxy/route-helpers/index.d.ts +7 -0
package/dist_ts/proxies/smart-proxy/route-helpers/index.js +9 -0
package/dist_ts/proxies/smart-proxy/route-helpers.d.ts +54 -1
package/dist_ts/proxies/smart-proxy/route-helpers.js +102 -1
package/dist_ts/proxies/smart-proxy/route-manager.d.ts +3 -9
package/dist_ts/proxies/smart-proxy/route-manager.js +3 -115
package/dist_ts/proxies/smart-proxy/smart-proxy.d.ts +72 -10
package/dist_ts/proxies/smart-proxy/smart-proxy.js +135 -268
package/dist_ts/proxies/smart-proxy/timeout-manager.js +3 -3
package/dist_ts/proxies/smart-proxy/utils/index.d.ts +12 -0
package/dist_ts/proxies/smart-proxy/utils/index.js +19 -0
package/dist_ts/proxies/smart-proxy/utils/route-helpers.d.ts +174 -0
package/dist_ts/proxies/smart-proxy/utils/route-helpers.js +332 -0
package/dist_ts/proxies/smart-proxy/utils/route-migration-utils.d.ts +51 -0
package/dist_ts/proxies/smart-proxy/utils/route-migration-utils.js +124 -0
package/dist_ts/proxies/smart-proxy/utils/route-patterns.d.ts +131 -0
package/dist_ts/proxies/smart-proxy/utils/route-patterns.js +217 -0
package/dist_ts/proxies/smart-proxy/utils/route-utils.d.ts +79 -0
package/dist_ts/proxies/smart-proxy/utils/route-utils.js +266 -0
package/dist_ts/proxies/smart-proxy/utils/route-validators.d.ts +73 -0
package/dist_ts/proxies/smart-proxy/utils/route-validators.js +242 -0
package/package.json +1 -1
package/readme.md +139 -111
package/readme.plan.md +164 -312
package/ts/00_commitinfo_data.ts +1 -1
package/ts/certificate/index.ts +17 -9
package/ts/certificate/models/certificate-types.ts +37 -16
package/ts/certificate/providers/cert-provisioner.ts +247 -54
package/ts/forwarding/config/forwarding-types.ts +79 -107
package/ts/forwarding/config/index.ts +4 -2
package/ts/forwarding/handlers/base-handler.ts +4 -2
package/ts/forwarding/index.ts +3 -2
package/ts/http/models/http-types.ts +0 -1
package/ts/http/port80/acme-interfaces.ts +84 -0
package/ts/http/port80/port80-handler.ts +61 -15
package/ts/proxies/smart-proxy/models/interfaces.ts +7 -64
package/ts/proxies/smart-proxy/models/route-types.ts +152 -22
package/ts/proxies/smart-proxy/network-proxy-bridge.ts +226 -55
package/ts/proxies/smart-proxy/route-connection-handler.ts +36 -205
package/ts/proxies/smart-proxy/route-helpers/index.ts +9 -0
package/ts/proxies/smart-proxy/route-helpers.ts +165 -11
package/ts/proxies/smart-proxy/route-manager.ts +3 -130
package/ts/proxies/smart-proxy/smart-proxy.ts +157 -329
package/ts/proxies/smart-proxy/timeout-manager.ts +2 -2
package/ts/proxies/smart-proxy/utils/index.ts +40 -0
package/ts/proxies/smart-proxy/utils/route-helpers.ts +455 -0
package/ts/proxies/smart-proxy/utils/route-migration-utils.ts +165 -0
package/ts/proxies/smart-proxy/utils/route-patterns.ts +309 -0
package/ts/proxies/smart-proxy/utils/route-utils.ts +330 -0
package/ts/proxies/smart-proxy/utils/route-validators.ts +269 -0
package/ts/forwarding/config/domain-config.ts +0 -28
package/ts/forwarding/config/domain-manager.ts +0 -283
package/ts/proxies/smart-proxy/connection-handler.ts +0 -1240
package/ts/proxies/smart-proxy/port-range-manager.ts +0 -211
/package/ts/proxies/smart-proxy/{domain-config-manager.ts → domain-config-manager.ts.bak} +0 -0

package/ts/certificate/providers/cert-provisioner.ts CHANGED Viewed

@@ -1,63 +1,112 @@
 import * as plugins from '../../plugins.js';
-import type { IDomainConfig } from '../../forwarding/config/domain-config.js';
-import type { ICertificateData, IDomainForwardConfig, IDomainOptions } from '../models/certificate-types.js';
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
+import type { ICertificateData, IRouteForwardConfig, IDomainOptions } from '../models/certificate-types.js';
 import { Port80HandlerEvents, CertProvisionerEvents } from '../events/certificate-events.js';
 import { Port80Handler } from '../../http/port80/port80-handler.js';
-// We need to define this interface until we migrate NetworkProxyBridge
+// Interface for NetworkProxyBridge
 interface INetworkProxyBridge {
   applyExternalCertificate(certData: ICertificateData): void;
 }
-// This will be imported after NetworkProxyBridge is migrated
-// import type { NetworkProxyBridge } from '../../proxies/smart-proxy/network-proxy-bridge.js';
-// For backward compatibility
-export type TSmartProxyCertProvisionObject = plugins.tsclass.network.ICert | 'http01';
 /**
  * Type for static certificate provisioning
  */
 export type TCertProvisionObject = plugins.tsclass.network.ICert | 'http01' | 'dns01';
+/**
+ * Interface for routes that need certificates
+ */
+interface ICertRoute {
+  domain: string;
+  route: IRouteConfig;
+  tlsMode: 'terminate' | 'terminate-and-reencrypt';
+}
 /**
  * CertProvisioner manages certificate provisioning and renewal workflows,
  * unifying static certificates and HTTP-01 challenges via Port80Handler.
+ *
+ * This class directly works with route configurations instead of converting to domain configs.
  */
 export class CertProvisioner extends plugins.EventEmitter {
-  private domainConfigs: IDomainConfig[];
+  private routeConfigs: IRouteConfig[];
+  private certRoutes: ICertRoute[] = [];
   private port80Handler: Port80Handler;
   private networkProxyBridge: INetworkProxyBridge;
   private certProvisionFunction?: (domain: string) => Promise<TCertProvisionObject>;
-  private forwardConfigs: IDomainForwardConfig[];
+  private routeForwards: IRouteForwardConfig[];
   private renewThresholdDays: number;
   private renewCheckIntervalHours: number;
   private autoRenew: boolean;
   private renewManager?: plugins.taskbuffer.TaskManager;
   // Track provisioning type per domain
-  private provisionMap: Map<string, 'http01' | 'dns01' | 'static'>;
+  private provisionMap: Map<string, { type: 'http01' | 'dns01' | 'static', routeRef?: ICertRoute }>;
+  /**
+   * Extract routes that need certificates
+   * @param routes Route configurations
+   */
+  private extractCertificateRoutesFromRoutes(routes: IRouteConfig[]): ICertRoute[] {
+    const certRoutes: ICertRoute[] = [];
+    // Process all HTTPS routes that need certificates
+    for (const route of routes) {
+      // Only process routes with TLS termination that need certificates
+      if (route.action.type === 'forward' &&
+          route.action.tls &&
+          (route.action.tls.mode === 'terminate' || route.action.tls.mode === 'terminate-and-reencrypt') &&
+          route.match.domains) {
+        // Extract domains from the route
+        const domains = Array.isArray(route.match.domains)
+          ? route.match.domains
+          : [route.match.domains];
+        // For each domain in the route, create a certRoute entry
+        for (const domain of domains) {
+          // Skip wildcard domains that can't use ACME unless we have a certProvider
+          if (domain.includes('*') && (!this.certProvisionFunction || this.certProvisionFunction.length === 0)) {
+            console.warn(`Skipping wildcard domain that requires a certProvisionFunction: ${domain}`);
+            continue;
+          }
+          certRoutes.push({
+            domain,
+            route,
+            tlsMode: route.action.tls.mode
+          });
+        }
+      }
+    }
+    return certRoutes;
+  }
   /**
-   * @param domainConfigs Array of domain configuration objects
+   * Constructor for CertProvisioner
+   *
+   * @param routeConfigs Array of route configurations
    * @param port80Handler HTTP-01 challenge handler instance
    * @param networkProxyBridge Bridge for applying external certificates
    * @param certProvider Optional callback returning a static cert or 'http01'
    * @param renewThresholdDays Days before expiry to trigger renewals
    * @param renewCheckIntervalHours Interval in hours to check for renewals
    * @param autoRenew Whether to automatically schedule renewals
-   * @param forwardConfigs Domain forwarding configurations for ACME challenges
+   * @param routeForwards Route-specific forwarding configs for ACME challenges
    */
   constructor(
-    domainConfigs: IDomainConfig[],
+    routeConfigs: IRouteConfig[],
     port80Handler: Port80Handler,
     networkProxyBridge: INetworkProxyBridge,
     certProvider?: (domain: string) => Promise<TCertProvisionObject>,
     renewThresholdDays: number = 30,
     renewCheckIntervalHours: number = 24,
     autoRenew: boolean = true,
-    forwardConfigs: IDomainForwardConfig[] = []
+    routeForwards: IRouteForwardConfig[] = []
   ) {
     super();
-    this.domainConfigs = domainConfigs;
+    this.routeConfigs = routeConfigs;
     this.port80Handler = port80Handler;
     this.networkProxyBridge = networkProxyBridge;
     this.certProvisionFunction = certProvider;
@@ -65,7 +114,10 @@ export class CertProvisioner extends plugins.EventEmitter {
     this.renewCheckIntervalHours = renewCheckIntervalHours;
     this.autoRenew = autoRenew;
     this.provisionMap = new Map();
-    this.forwardConfigs = forwardConfigs;
+    this.routeForwards = routeForwards;
+    // Extract certificate routes during instantiation
+    this.certRoutes = this.extractCertificateRoutesFromRoutes(routeConfigs);
   }
   /**
@@ -75,11 +127,11 @@ export class CertProvisioner extends plugins.EventEmitter {
     // Subscribe to Port80Handler certificate events
     this.setupEventSubscriptions();
-    // Apply external forwarding for ACME challenges
+    // Apply route forwarding for ACME challenges
     this.setupForwardingConfigs();
-    // Initial provisioning for all domains
-    await this.provisionAllDomains();
+    // Initial provisioning for all domains in routes
+    await this.provisionAllCertificates();
     // Schedule renewals if enabled
     if (this.autoRenew) {
@@ -91,13 +143,36 @@ export class CertProvisioner extends plugins.EventEmitter {
    * Set up event subscriptions for certificate events
    */
   private setupEventSubscriptions(): void {
-    // We need to reimplement subscribeToPort80Handler here
     this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_ISSUED, (data: ICertificateData) => {
-      this.emit(CertProvisionerEvents.CERTIFICATE_ISSUED, { ...data, source: 'http01', isRenewal: false });
+      // Add route reference if we have it
+      const routeRef = this.findRouteForDomain(data.domain);
+      const enhancedData: ICertificateData = {
+        ...data,
+        source: 'http01',
+        isRenewal: false,
+        routeReference: routeRef ? {
+          routeId: routeRef.route.name,
+          routeName: routeRef.route.name
+        } : undefined
+      };
+      this.emit(CertProvisionerEvents.CERTIFICATE_ISSUED, enhancedData);
     });
     this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_RENEWED, (data: ICertificateData) => {
-      this.emit(CertProvisionerEvents.CERTIFICATE_RENEWED, { ...data, source: 'http01', isRenewal: true });
+      // Add route reference if we have it
+      const routeRef = this.findRouteForDomain(data.domain);
+      const enhancedData: ICertificateData = {
+        ...data,
+        source: 'http01',
+        isRenewal: true,
+        routeReference: routeRef ? {
+          routeId: routeRef.route.name,
+          routeName: routeRef.route.name
+        } : undefined
+      };
+      this.emit(CertProvisionerEvents.CERTIFICATE_RENEWED, enhancedData);
     });
     this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_FAILED, (error) => {
@@ -105,38 +180,45 @@ export class CertProvisioner extends plugins.EventEmitter {
     });
   }
+  /**
+   * Find a route for a given domain
+   */
+  private findRouteForDomain(domain: string): ICertRoute | undefined {
+    return this.certRoutes.find(certRoute => certRoute.domain === domain);
+  }
   /**
    * Set up forwarding configurations for the Port80Handler
    */
   private setupForwardingConfigs(): void {
-    for (const config of this.forwardConfigs) {
+    for (const config of this.routeForwards) {
       const domainOptions: IDomainOptions = {
         domainName: config.domain,
         sslRedirect: config.sslRedirect || false,
         acmeMaintenance: false,
-        forward: config.forwardConfig,
-        acmeForward: config.acmeForwardConfig
+        forward: config.target ? {
+          ip: config.target.host,
+          port: config.target.port
+        } : undefined
       };
       this.port80Handler.addDomain(domainOptions);
     }
   }
   /**
-   * Provision certificates for all configured domains
+   * Provision certificates for all routes that need them
    */
-  private async provisionAllDomains(): Promise<void> {
-    const domains = this.domainConfigs.flatMap(cfg => cfg.domains);
-    for (const domain of domains) {
-      await this.provisionDomain(domain);
+  private async provisionAllCertificates(): Promise<void> {
+    for (const certRoute of this.certRoutes) {
+      await this.provisionCertificateForRoute(certRoute);
     }
   }
   /**
-   * Provision a certificate for a single domain
-   * @param domain Domain to provision
+   * Provision a certificate for a route
    */
-  private async provisionDomain(domain: string): Promise<void> {
+  private async provisionCertificateForRoute(certRoute: ICertRoute): Promise<void> {
+    const { domain, route } = certRoute;
     const isWildcard = domain.includes('*');
     let provision: TCertProvisionObject = 'http01';
@@ -145,7 +227,7 @@ export class CertProvisioner extends plugins.EventEmitter {
       try {
         provision = await this.certProvisionFunction(domain);
       } catch (err) {
-        console.error(`certProvider error for ${domain}:`, err);
+        console.error(`certProvider error for ${domain} on route ${route.name || 'unnamed'}:`, err);
       }
     } else if (isWildcard) {
       // No certProvider: cannot handle wildcard without DNS-01 support
@@ -153,6 +235,12 @@ export class CertProvisioner extends plugins.EventEmitter {
       return;
     }
+    // Store the route reference with the provision type
+    this.provisionMap.set(domain, {
+      type: provision === 'http01' || provision === 'dns01' ? provision : 'static',
+      routeRef: certRoute
+    });
     // Handle different provisioning methods
     if (provision === 'http01') {
       if (isWildcard) {
@@ -160,19 +248,21 @@ export class CertProvisioner extends plugins.EventEmitter {
         return;
       }
-      this.provisionMap.set(domain, 'http01');
       this.port80Handler.addDomain({
         domainName: domain,
         sslRedirect: true,
-        acmeMaintenance: true
+        acmeMaintenance: true,
+        routeReference: {
+          routeId: route.name || domain,
+          routeName: route.name
+        }
       });
     } else if (provision === 'dns01') {
       // DNS-01 challenges would be handled by the certProvisionFunction
-      this.provisionMap.set(domain, 'dns01');
       // DNS-01 handling would go here if implemented
+      console.log(`DNS-01 challenge type set for ${domain}`);
     } else {
       // Static certificate (e.g., DNS-01 provisioned or user-provided)
-      this.provisionMap.set(domain, 'static');
       const certObj = provision as plugins.tsclass.network.ICert;
       const certData: ICertificateData = {
         domain: certObj.domainName,
@@ -180,7 +270,11 @@ export class CertProvisioner extends plugins.EventEmitter {
         privateKey: certObj.privateKey,
         expiryDate: new Date(certObj.validUntil),
         source: 'static',
-        isRenewal: false
+        isRenewal: false,
+        routeReference: {
+          routeId: route.name || domain,
+          routeName: route.name
+        }
       };
       this.networkProxyBridge.applyExternalCertificate(certData);
@@ -210,12 +304,12 @@ export class CertProvisioner extends plugins.EventEmitter {
    * Perform renewals for all domains that need it
    */
   private async performRenewals(): Promise<void> {
-    for (const [domain, type] of this.provisionMap.entries()) {
+    for (const [domain, info] of this.provisionMap.entries()) {
       // Skip wildcard domains for HTTP-01 challenges
-      if (domain.includes('*') && type === 'http01') continue;
+      if (domain.includes('*') && info.type === 'http01') continue;
       try {
-        await this.renewDomain(domain, type);
+        await this.renewCertificateForDomain(domain, info.type, info.routeRef);
       } catch (err) {
         console.error(`Renewal error for ${domain}:`, err);
       }
@@ -226,8 +320,13 @@ export class CertProvisioner extends plugins.EventEmitter {
    * Renew a certificate for a specific domain
    * @param domain Domain to renew
    * @param provisionType Type of provisioning for this domain
+   * @param certRoute The route reference for this domain
    */
-  private async renewDomain(domain: string, provisionType: 'http01' | 'dns01' | 'static'): Promise<void> {
+  private async renewCertificateForDomain(
+    domain: string,
+    provisionType: 'http01' | 'dns01' | 'static',
+    certRoute?: ICertRoute
+  ): Promise<void> {
     if (provisionType === 'http01') {
       await this.port80Handler.renewCertificate(domain);
     } else if ((provisionType === 'static' || provisionType === 'dns01') && this.certProvisionFunction) {
@@ -235,13 +334,19 @@ export class CertProvisioner extends plugins.EventEmitter {
       if (provision !== 'http01' && provision !== 'dns01') {
         const certObj = provision as plugins.tsclass.network.ICert;
+        const routeRef = certRoute?.route;
         const certData: ICertificateData = {
           domain: certObj.domainName,
           certificate: certObj.publicKey,
           privateKey: certObj.privateKey,
           expiryDate: new Date(certObj.validUntil),
           source: 'static',
-          isRenewal: true
+          isRenewal: true,
+          routeReference: routeRef ? {
+            routeId: routeRef.name || domain,
+            routeName: routeRef.name
+          } : undefined
         };
         this.networkProxyBridge.applyExternalCertificate(certData);
@@ -261,10 +366,14 @@ export class CertProvisioner extends plugins.EventEmitter {
   /**
    * Request a certificate on-demand for the given domain.
+   * This will look for a matching route configuration and provision accordingly.
+   *
    * @param domain Domain name to provision
    */
   public async requestCertificate(domain: string): Promise<void> {
     const isWildcard = domain.includes('*');
+    // Find matching route
+    const certRoute = this.findRouteForDomain(domain);
     // Determine provisioning method
     let provision: TCertProvisionObject = 'http01';
@@ -283,7 +392,6 @@ export class CertProvisioner extends plugins.EventEmitter {
       await this.port80Handler.renewCertificate(domain);
     } else if (provision === 'dns01') {
       // DNS-01 challenges would be handled by external mechanisms
-      // This is a placeholder for future implementation
       console.log(`DNS-01 challenge requested for ${domain}`);
     } else {
       // Static certificate (e.g., DNS-01 provisioned) supports wildcards
@@ -294,7 +402,11 @@ export class CertProvisioner extends plugins.EventEmitter {
         privateKey: certObj.privateKey,
         expiryDate: new Date(certObj.validUntil),
         source: 'static',
-        isRenewal: false
+        isRenewal: false,
+        routeReference: certRoute ? {
+          routeId: certRoute.route.name || domain,
+          routeName: certRoute.route.name
+        } : undefined
       };
       this.networkProxyBridge.applyExternalCertificate(certData);
@@ -304,23 +416,104 @@ export class CertProvisioner extends plugins.EventEmitter {
   /**
    * Add a new domain for certificate provisioning
+   *
    * @param domain Domain to add
    * @param options Domain configuration options
    */
   public async addDomain(domain: string, options?: {
     sslRedirect?: boolean;
     acmeMaintenance?: boolean;
+    routeId?: string;
+    routeName?: string;
   }): Promise<void> {
     const domainOptions: IDomainOptions = {
       domainName: domain,
-      sslRedirect: options?.sslRedirect || true,
-      acmeMaintenance: options?.acmeMaintenance || true
+      sslRedirect: options?.sslRedirect ?? true,
+      acmeMaintenance: options?.acmeMaintenance ?? true,
+      routeReference: {
+        routeId: options?.routeId,
+        routeName: options?.routeName
+      }
     };
     this.port80Handler.addDomain(domainOptions);
-    await this.provisionDomain(domain);
+    // Find matching route or create a generic one
+    const existingRoute = this.findRouteForDomain(domain);
+    if (existingRoute) {
+      await this.provisionCertificateForRoute(existingRoute);
+    } else {
+      // We don't have a route, just provision the domain
+      const isWildcard = domain.includes('*');
+      let provision: TCertProvisionObject = 'http01';
+      if (this.certProvisionFunction) {
+        provision = await this.certProvisionFunction(domain);
+      } else if (isWildcard) {
+        throw new Error(`Cannot request certificate for wildcard domain without certProvisionFunction: ${domain}`);
+      }
+      this.provisionMap.set(domain, {
+        type: provision === 'http01' || provision === 'dns01' ? provision : 'static'
+      });
+      if (provision !== 'http01' && provision !== 'dns01') {
+        const certObj = provision as plugins.tsclass.network.ICert;
+        const certData: ICertificateData = {
+          domain: certObj.domainName,
+          certificate: certObj.publicKey,
+          privateKey: certObj.privateKey,
+          expiryDate: new Date(certObj.validUntil),
+          source: 'static',
+          isRenewal: false,
+          routeReference: {
+            routeId: options?.routeId,
+            routeName: options?.routeName
+          }
+        };
+        this.networkProxyBridge.applyExternalCertificate(certData);
+        this.emit(CertProvisionerEvents.CERTIFICATE_ISSUED, certData);
+      }
+    }
+  }
+  /**
+   * Update routes with new configurations
+   * This replaces all existing routes with new ones and re-provisions certificates as needed
+   *
+   * @param newRoutes New route configurations to use
+   */
+  public async updateRoutes(newRoutes: IRouteConfig[]): Promise<void> {
+    // Store the new route configs
+    this.routeConfigs = newRoutes;
+    // Extract new certificate routes
+    const newCertRoutes = this.extractCertificateRoutesFromRoutes(newRoutes);
+    // Find domains that no longer need certificates
+    const oldDomains = new Set(this.certRoutes.map(r => r.domain));
+    const newDomains = new Set(newCertRoutes.map(r => r.domain));
+    // Domains to remove
+    const domainsToRemove = [...oldDomains].filter(d => !newDomains.has(d));
+    // Remove obsolete domains from provision map
+    for (const domain of domainsToRemove) {
+      this.provisionMap.delete(domain);
+    }
+    // Update the cert routes
+    this.certRoutes = newCertRoutes;
+    // Provision certificates for new routes
+    for (const certRoute of newCertRoutes) {
+      if (!oldDomains.has(certRoute.domain)) {
+        await this.provisionCertificateForRoute(certRoute);
+      }
+    }
   }
 }
-// For backward compatibility
-export { CertProvisioner as CertificateProvisioner }
+// Type alias for backward compatibility
+export type TSmartProxyCertProvisionObject = TCertProvisionObject;