@push.rocks/smartproxy 15.0.2 → 16.0.3

package/ts/proxies/smart-proxy/index.ts

@@ -20,15 +20,5 @@ export { NetworkProxyBridge } from './network-proxy-bridge.js';
 export { RouteManager } from './route-manager.js';
 export { RouteConnectionHandler } from './route-connection-handler.js';
 
-// Export route helpers for configuration
-export {
-  createRoute,
-  createHttpRoute,
-  createHttpsRoute,
-  createPassthroughRoute,
-  createRedirectRoute,
-  createHttpToHttpsRedirect,
-  createBlockRoute,
-  createLoadBalancerRoute,
-  createHttpsServer
-} from './route-helpers.js';
+// Export all helper functions from the utils directory
+export * from './utils/index.js';

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -13,64 +13,17 @@ export type TSmartProxyCertProvisionObject = plugins.tsclass.network.ICert | 'ht
  */
 export type IRoutedSmartProxyOptions = ISmartProxyOptions;
 
-/**
- * Legacy domain configuration interface for backward compatibility
- */
-export interface IDomainConfig {
-  domains: string[];
-  forwarding: {
-    type: TForwardingType;
-    target: {
-      host: string | string[];
-      port: number;
-    };
-    acme?: {
-      enabled?: boolean;
-      maintenance?: boolean;
-      production?: boolean;
-      forwardChallenges?: {
-        host: string;
-        port: number;
-        useTls?: boolean;
-      };
-    };
-    http?: {
-      enabled?: boolean;
-      redirectToHttps?: boolean;
-      headers?: Record<string, string>;
-    };
-    https?: {
-      customCert?: {
-        key: string;
-        cert: string;
-      };
-      forwardSni?: boolean;
-    };
-    security?: {
-      allowedIps?: string[];
-      blockedIps?: string[];
-      maxConnections?: number;
-    };
-    advanced?: {
-      portRanges?: Array<{ from: number; to: number }>;
-      networkProxyPort?: number;
-      keepAlive?: boolean;
-      timeout?: number;
-      headers?: Record<string, string>;
-    };
-  };
-}
-
 /**
  * Helper functions for type checking configuration types
  */
 export function isLegacyOptions(options: any): boolean {
-  return !!(options.domainConfigs && options.domainConfigs.length > 0 &&
-           (!options.routes || options.routes.length === 0));
+  // Legacy options are no longer supported
+  return false;
 }
 
 export function isRoutedOptions(options: any): boolean {
-  return !!(options.routes && options.routes.length > 0);
+  // All configurations are now route-based
+  return true;
 }
 
 /**
@@ -80,17 +33,8 @@ export interface ISmartProxyOptions {
   // The unified configuration array (required)
   routes: IRouteConfig[];
 
-  // Legacy options for backward compatibility
-  fromPort?: number;
-  toPort?: number;
-  sniEnabled?: boolean;
-  domainConfigs?: IDomainConfig[];
-  targetIP?: string;
-  defaultAllowedIPs?: string[];
-  defaultBlockedIPs?: string[];
-  globalPortRanges?: Array<{ from: number; to: number }>;
-  forwardAllGlobalRanges?: boolean;
-  preserveSourceIP?: boolean;
+  // Port configuration
+  preserveSourceIP?: boolean;  // Preserve client IP when forwarding
 
   // Global/default settings
   defaults?: {
@@ -99,8 +43,8 @@ export interface ISmartProxyOptions {
       port: number; // Default port to use when not specified in routes
     };
     security?: {
-      allowedIPs?: string[]; // Default allowed IPs
-      blockedIPs?: string[]; // Default blocked IPs
+      allowedIps?: string[]; // Default allowed IPs
+      blockedIps?: string[]; // Default blocked IPs
       maxConnections?: number; // Default max connections
     };
     preserveSourceIP?: boolean; // Default source IP preservation
@@ -184,9 +128,6 @@ export interface IConnectionRecord {
   pendingData: Buffer[]; // Buffer to hold data during connection setup
   pendingDataSize: number; // Track total size of pending data
 
-  // Legacy property for backward compatibility
-  domainConfig?: IDomainConfig;
-
   // Enhanced tracking fields
   bytesReceived: number; // Total bytes received
   bytesSent: number; // Total bytes sent
@@ -197,6 +138,11 @@ export interface IConnectionRecord {
   hasReceivedInitialData: boolean; // Whether initial data has been received
   routeConfig?: IRouteConfig; // Associated route config for this connection
 
+  // Target information (for dynamic port/host mapping)
+  targetHost?: string; // Resolved target host
+  targetPort?: number; // Resolved target port
+  tlsVersion?: string; // TLS version (for routing context)
+
   // Keep-alive tracking
   hasKeepAlive: boolean; // Whether keep-alive is enabled for this connection
   inactivityWarningIssued?: boolean; // Whether an inactivity warning has been issued

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -5,7 +5,7 @@ import type { TForwardingType } from '../../../forwarding/config/forwarding-type
 /**
  * Supported action types for route configurations
  */
-export type TRouteActionType = 'forward' | 'redirect' | 'block';
+export type TRouteActionType = 'forward' | 'redirect' | 'block' | 'static';
 
 /**
  * TLS handling modes for route configurations
@@ -23,23 +23,54 @@ export type TPortRange = number | number[] | Array<{ from: number; to: number }>
 export interface IRouteMatch {
   // Listen on these ports (required)
   ports: TPortRange;
-  
+
   // Optional domain patterns to match (default: all domains)
   domains?: string | string[];
-  
+
   // Advanced matching criteria
   path?: string;           // Match specific paths
   clientIp?: string[];     // Match specific client IPs
   tlsVersion?: string[];   // Match specific TLS versions
+  headers?: Record<string, string | RegExp>; // Match specific HTTP headers
+}
+
+/**
+ * Context provided to port and host mapping functions
+ */
+export interface IRouteContext {
+  // Connection information
+  port: number;          // The matched incoming port
+  domain?: string;       // The domain from SNI or Host header
+  clientIp: string;      // The client's IP address
+  serverIp: string;      // The server's IP address
+  path?: string;         // URL path (for HTTP connections)
+  query?: string;        // Query string (for HTTP connections)
+  headers?: Record<string, string>; // HTTP headers (for HTTP connections)
+
+  // TLS information
+  isTls: boolean;        // Whether the connection is TLS
+  tlsVersion?: string;   // TLS version if applicable
+
+  // Route information
+  routeName?: string;    // The name of the matched route
+  routeId?: string;      // The ID of the matched route
+
+  // Target information (resolved from dynamic mapping)
+  targetHost?: string | string[];   // The resolved target host(s)
+  targetPort?: number;   // The resolved target port
+
+  // Additional properties
+  timestamp: number;     // The request timestamp
+  connectionId: string;  // Unique connection identifier
 }
 
 /**
  * Target configuration for forwarding
  */
 export interface IRouteTarget {
-  host: string | string[];  // Support single host or round-robin
-  port: number;
-  preservePort?: boolean;   // Use incoming port as target port
+  host: string | string[] | ((context: IRouteContext) => string | string[]);  // Host or hosts with optional function for dynamic resolution
+  port: number | ((context: IRouteContext) => number);  // Port with optional function for dynamic mapping
+  preservePort?: boolean;   // Use incoming port as target port (ignored if port is a function)
 }
 
 /**
@@ -61,6 +92,26 @@ export interface IRouteRedirect {
   status: 301 | 302 | 307 | 308;
 }
 
+/**
+ * Authentication options
+ */
+export interface IRouteAuthentication {
+  type: 'basic' | 'digest' | 'oauth' | 'jwt';
+  credentials?: {
+    username: string;
+    password: string;
+  }[];
+  realm?: string;
+  jwtSecret?: string;
+  jwtIssuer?: string;
+  oauthProvider?: string;
+  oauthClientId?: string;
+  oauthClientSecret?: string;
+  oauthRedirectUri?: string;
+  // Specific options for different auth types
+  options?: Record<string, unknown>;
+}
+
 /**
  * Security options for route actions
  */
@@ -68,10 +119,41 @@ export interface IRouteSecurity {
   allowedIps?: string[];
   blockedIps?: string[];
   maxConnections?: number;
-  authentication?: {
-    type: 'basic' | 'digest' | 'oauth';
-    // Auth-specific options would go here
-  };
+  authentication?: IRouteAuthentication;
+}
+
+/**
+ * Static file server configuration
+ */
+export interface IRouteStaticFiles {
+  root: string;
+  index?: string[];
+  headers?: Record<string, string>;
+  directory?: string;
+  indexFiles?: string[];
+  cacheControl?: string;
+  expires?: number;
+  followSymlinks?: boolean;
+  disableDirectoryListing?: boolean;
+}
+
+/**
+ * Test route response configuration
+ */
+export interface IRouteTestResponse {
+  status: number;
+  headers: Record<string, string>;
+  body: string;
+}
+
+/**
+ * URL rewriting configuration
+ */
+export interface IRouteUrlRewrite {
+  pattern: string;            // RegExp pattern to match in URL
+  target: string;             // Replacement pattern (supports template variables like {domain})
+  flags?: string;             // RegExp flags like 'g' for global replacement
+  onlyRewritePath?: boolean;  // Only apply to path, not query string
 }
 
 /**
@@ -81,47 +163,163 @@ export interface IRouteAdvanced {
   timeout?: number;
   headers?: Record<string, string>;
   keepAlive?: boolean;
+  staticFiles?: IRouteStaticFiles;
+  testResponse?: IRouteTestResponse;
+  urlRewrite?: IRouteUrlRewrite; // URL rewriting configuration
   // Additional advanced options would go here
 }
 
+/**
+ * WebSocket configuration
+ */
+export interface IRouteWebSocket {
+  enabled: boolean;                   // Whether WebSockets are enabled for this route
+  pingInterval?: number;              // Interval for sending ping frames (ms)
+  pingTimeout?: number;               // Timeout for pong response (ms)
+  maxPayloadSize?: number;            // Maximum message size in bytes
+  customHeaders?: Record<string, string>; // Custom headers for WebSocket handshake
+  subprotocols?: string[];            // Supported subprotocols
+  rewritePath?: string;               // Path rewriting for WebSocket connections
+  allowedOrigins?: string[];          // Allowed origins for WebSocket connections
+  authenticateRequest?: boolean;      // Whether to apply route security to WebSocket connections
+}
+
+/**
+ * Load balancing configuration
+ */
+export interface IRouteLoadBalancing {
+  algorithm: 'round-robin' | 'least-connections' | 'ip-hash';
+  healthCheck?: {
+    path: string;
+    interval: number;
+    timeout: number;
+    unhealthyThreshold: number;
+    healthyThreshold: number;
+  };
+}
+
 /**
  * Action configuration for route handling
  */
 export interface IRouteAction {
   // Basic routing
   type: TRouteActionType;
-  
+
   // Target for forwarding
   target?: IRouteTarget;
-  
+
   // TLS handling
   tls?: IRouteTls;
-  
+
   // For redirects
   redirect?: IRouteRedirect;
-  
+
+  // For static files
+  static?: IRouteStaticFiles;
+
+  // WebSocket support
+  websocket?: IRouteWebSocket;
+
+  // Load balancing options
+  loadBalancing?: IRouteLoadBalancing;
+
   // Security options
   security?: IRouteSecurity;
-  
+
   // Advanced options
   advanced?: IRouteAdvanced;
+  
+  // Additional options for backend-specific settings
+  options?: {
+    backendProtocol?: 'http1' | 'http2';
+    [key: string]: any;
+  };
+}
+
+/**
+ * Rate limiting configuration
+ */
+export interface IRouteRateLimit {
+  enabled: boolean;
+  maxRequests: number;
+  window: number; // Time window in seconds
+  keyBy?: 'ip' | 'path' | 'header';
+  headerName?: string;
+  errorMessage?: string;
+}
+
+/**
+ * Security features for routes
+ */
+export interface IRouteSecurity {
+  rateLimit?: IRouteRateLimit;
+  basicAuth?: {
+    enabled: boolean;
+    users: Array<{ username: string; password: string }>;
+    realm?: string;
+    excludePaths?: string[];
+  };
+  jwtAuth?: {
+    enabled: boolean;
+    secret: string;
+    algorithm?: string;
+    issuer?: string;
+    audience?: string;
+    expiresIn?: number;
+    excludePaths?: string[];
+  };
+  ipAllowList?: string[];
+  ipBlockList?: string[];
+}
+
+/**
+ * CORS configuration for a route
+ */
+export interface IRouteCors {
+  enabled: boolean;                     // Whether CORS is enabled for this route
+  allowOrigin?: string | string[];      // Allowed origins (*,domain.com,[domain1,domain2])
+  allowMethods?: string;                // Allowed methods (GET,POST,etc.)
+  allowHeaders?: string;                // Allowed headers
+  allowCredentials?: boolean;           // Whether to allow credentials
+  exposeHeaders?: string;               // Headers to expose to the client
+  maxAge?: number;                      // Preflight cache duration in seconds
+  preflight?: boolean;                  // Whether to respond to preflight requests
+}
+
+/**
+ * Headers configuration
+ */
+export interface IRouteHeaders {
+  request?: Record<string, string>;     // Headers to add/modify for requests to backend
+  response?: Record<string, string>;    // Headers to add/modify for responses to client
+  cors?: IRouteCors;                    // CORS configuration
 }
 
 /**
  * The core unified configuration interface
  */
 export interface IRouteConfig {
+  // Unique identifier
+  id?: string;
+
   // What to match
   match: IRouteMatch;
-  
+
   // What to do with matched traffic
   action: IRouteAction;
-  
+
+  // Custom headers
+  headers?: IRouteHeaders;
+
+  // Security features
+  security?: IRouteSecurity;
+
   // Optional metadata
   name?: string;             // Human-readable name for this route
   description?: string;      // Description of the route's purpose
   priority?: number;         // Controls matching order (higher = matched first)
   tags?: string[];           // Arbitrary tags for categorization
+  enabled?: boolean;         // Whether the route is active (default: true)
 }
 
 /**
@@ -130,7 +328,7 @@ export interface IRouteConfig {
 export interface IRoutedSmartProxyOptions {
   // The unified configuration array (required)
   routes: IRouteConfig[];
-  
+
   // Global/default settings
   defaults?: {
     target?: {
@@ -141,10 +339,10 @@ export interface IRoutedSmartProxyOptions {
     tls?: IRouteTls;
     // ...other defaults
   };
-  
+
   // Other global settings remain (acme, etc.)
   acme?: IAcmeOptions;
-  
+
   // Connection timeouts and other global settings
   initialDataTimeout?: number;
   socketTimeout?: number;
@@ -152,13 +350,13 @@ export interface IRoutedSmartProxyOptions {
   maxConnectionLifetime?: number;
   inactivityTimeout?: number;
   gracefulShutdownTimeout?: number;
-  
+
   // Socket optimization settings
   noDelay?: boolean;
   keepAlive?: boolean;
   keepAliveInitialDelay?: number;
   maxPendingDataSize?: number;
-  
+
   // Enhanced features
   disableInactivityCheck?: boolean;
   enableKeepAliveProbes?: boolean;
@@ -166,16 +364,16 @@ export interface IRoutedSmartProxyOptions {
   enableTlsDebugLogging?: boolean;
   enableRandomizedTimeouts?: boolean;
   allowSessionTicket?: boolean;
-  
+
   // Rate limiting and security
   maxConnectionsPerIP?: number;
   connectionRateLimitPerMinute?: number;
-  
+
   // Enhanced keep-alive settings
   keepAliveTreatment?: 'standard' | 'extended' | 'immortal';
   keepAliveInactivityMultiplier?: number;
   extendedKeepAliveLifetime?: number;
-  
+
   /**
    * Optional certificate provider callback. Return 'http01' to use HTTP-01 challenges,
    * or a static certificate object for immediate provisioning.