@push.rocks/smartproxy 16.0.2 → 16.0.4

package/ts/proxies/smart-proxy/index.ts

@@ -20,15 +20,5 @@ export { NetworkProxyBridge } from './network-proxy-bridge.js';
 export { RouteManager } from './route-manager.js';
 export { RouteConnectionHandler } from './route-connection-handler.js';
 
-// Export route helpers for configuration
-export {
-  createRoute,
-  createHttpRoute,
-  createHttpsRoute,
-  createPassthroughRoute,
-  createRedirectRoute,
-  createHttpToHttpsRedirect,
-  createBlockRoute,
-  createLoadBalancerRoute,
-  createHttpsServer
-} from './route-helpers.js';
+// Export all helper functions from the utils directory
+export * from './utils/index.js';

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -33,10 +33,8 @@ export interface ISmartProxyOptions {
   // The unified configuration array (required)
   routes: IRouteConfig[];
 
-  // Port range configuration
-  globalPortRanges?: Array<{ from: number; to: number }>;
-  forwardAllGlobalRanges?: boolean;
-  preserveSourceIP?: boolean;
+  // Port configuration
+  preserveSourceIP?: boolean;  // Preserve client IP when forwarding
 
   // Global/default settings
   defaults?: {
@@ -140,6 +138,11 @@ export interface IConnectionRecord {
   hasReceivedInitialData: boolean; // Whether initial data has been received
   routeConfig?: IRouteConfig; // Associated route config for this connection
 
+  // Target information (for dynamic port/host mapping)
+  targetHost?: string; // Resolved target host
+  targetPort?: number; // Resolved target port
+  tlsVersion?: string; // TLS version (for routing context)
+
   // Keep-alive tracking
   hasKeepAlive: boolean; // Whether keep-alive is enabled for this connection
   inactivityWarningIssued?: boolean; // Whether an inactivity warning has been issued

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -34,13 +34,42 @@ export interface IRouteMatch {
   headers?: Record<string, string | RegExp>; // Match specific HTTP headers
 }
 
+/**
+ * Context provided to port and host mapping functions
+ */
+export interface IRouteContext {
+  // Connection information
+  port: number;          // The matched incoming port
+  domain?: string;       // The domain from SNI or Host header
+  clientIp: string;      // The client's IP address
+  serverIp: string;      // The server's IP address
+  path?: string;         // URL path (for HTTP connections)
+  query?: string;        // Query string (for HTTP connections)
+  headers?: Record<string, string>; // HTTP headers (for HTTP connections)
+
+  // TLS information
+  isTls: boolean;        // Whether the connection is TLS
+  tlsVersion?: string;   // TLS version if applicable
+
+  // Route information
+  routeName?: string;    // The name of the matched route
+  routeId?: string;      // The ID of the matched route
+
+  // Target information (resolved from dynamic mapping)
+  targetHost?: string | string[];   // The resolved target host(s)
+  targetPort?: number;   // The resolved target port
+
+  // Additional properties
+  timestamp: number;     // The request timestamp
+  connectionId: string;  // Unique connection identifier
+}
+
 /**
  * Target configuration for forwarding
  */
 export interface IRouteTarget {
-  host: string | string[];  // Support single host or round-robin
-  port: number;
-  preservePort?: boolean;   // Use incoming port as target port
+  host: string | string[] | ((context: IRouteContext) => string | string[]);  // Host or hosts with optional function for dynamic resolution
+  port: number | 'preserve' | ((context: IRouteContext) => number);  // Port with optional function for dynamic mapping (use 'preserve' to keep the incoming port)
 }
 
 /**
@@ -78,7 +107,8 @@ export interface IRouteAuthentication {
   oauthClientId?: string;
   oauthClientSecret?: string;
   oauthRedirectUri?: string;
-  [key: string]: any;  // Allow additional auth-specific options
+  // Specific options for different auth types
+  options?: Record<string, unknown>;
 }
 
 /**
@@ -115,6 +145,16 @@ export interface IRouteTestResponse {
   body: string;
 }
 
+/**
+ * URL rewriting configuration
+ */
+export interface IRouteUrlRewrite {
+  pattern: string;            // RegExp pattern to match in URL
+  target: string;             // Replacement pattern (supports template variables like {domain})
+  flags?: string;             // RegExp flags like 'g' for global replacement
+  onlyRewritePath?: boolean;  // Only apply to path, not query string
+}
+
 /**
  * Advanced options for route actions
  */
@@ -124,6 +164,7 @@ export interface IRouteAdvanced {
   keepAlive?: boolean;
   staticFiles?: IRouteStaticFiles;
   testResponse?: IRouteTestResponse;
+  urlRewrite?: IRouteUrlRewrite; // URL rewriting configuration
   // Additional advanced options would go here
 }
 
@@ -131,10 +172,15 @@ export interface IRouteAdvanced {
  * WebSocket configuration
  */
 export interface IRouteWebSocket {
-  enabled: boolean;
-  pingInterval?: number;
-  pingTimeout?: number;
-  maxPayloadSize?: number;
+  enabled: boolean;                   // Whether WebSockets are enabled for this route
+  pingInterval?: number;              // Interval for sending ping frames (ms)
+  pingTimeout?: number;               // Timeout for pong response (ms)
+  maxPayloadSize?: number;            // Maximum message size in bytes
+  customHeaders?: Record<string, string>; // Custom headers for WebSocket handshake
+  subprotocols?: string[];            // Supported subprotocols
+  rewritePath?: string;               // Path rewriting for WebSocket connections
+  allowedOrigins?: string[];          // Allowed origins for WebSocket connections
+  authenticateRequest?: boolean;      // Whether to apply route security to WebSocket connections
 }
 
 /**
@@ -181,6 +227,12 @@ export interface IRouteAction {
 
   // Advanced options
   advanced?: IRouteAdvanced;
+  
+  // Additional options for backend-specific settings
+  options?: {
+    backendProtocol?: 'http1' | 'http2';
+    [key: string]: any;
+  };
 }
 
 /**
@@ -219,12 +271,27 @@ export interface IRouteSecurity {
   ipBlockList?: string[];
 }
 
+/**
+ * CORS configuration for a route
+ */
+export interface IRouteCors {
+  enabled: boolean;                     // Whether CORS is enabled for this route
+  allowOrigin?: string | string[];      // Allowed origins (*,domain.com,[domain1,domain2])
+  allowMethods?: string;                // Allowed methods (GET,POST,etc.)
+  allowHeaders?: string;                // Allowed headers
+  allowCredentials?: boolean;           // Whether to allow credentials
+  exposeHeaders?: string;               // Headers to expose to the client
+  maxAge?: number;                      // Preflight cache duration in seconds
+  preflight?: boolean;                  // Whether to respond to preflight requests
+}
+
 /**
  * Headers configuration
  */
 export interface IRouteHeaders {
-  request?: Record<string, string>;
-  response?: Record<string, string>;
+  request?: Record<string, string>;     // Headers to add/modify for requests to backend
+  response?: Record<string, string>;    // Headers to add/modify for responses to client
+  cors?: IRouteCors;                    // CORS configuration
 }
 
 /**

package/ts/proxies/smart-proxy/network-proxy-bridge.ts

@@ -1,7 +1,6 @@
 import * as plugins from '../../plugins.js';
 import { NetworkProxy } from '../network-proxy/index.js';
 import { Port80Handler } from '../../http/port80/port80-handler.js';
-import { Port80HandlerEvents } from '../../core/models/common-types.js';
 import { subscribeToPort80Handler } from '../../core/utils/event-utils.js';
 import type { ICertificateData } from '../../certificate/models/certificate-types.js';
 import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
@@ -11,8 +10,8 @@ import type { IRouteConfig } from './models/route-types.js';
  * Manages NetworkProxy integration for TLS termination
  *
  * NetworkProxyBridge connects SmartProxy with NetworkProxy to handle TLS termination.
- * It directly maps route configurations to NetworkProxy configuration format and manages
- * certificate provisioning through Port80Handler when ACME is enabled.
+ * It directly passes route configurations to NetworkProxy and manages the physical
+ * connection piping between SmartProxy and NetworkProxy for TLS termination.
  *
  * It is used by SmartProxy for routes that have:
  * - TLS mode of 'terminate' or 'terminate-and-reencrypt'
@@ -49,7 +48,7 @@ export class NetworkProxyBridge {
    */
   public async initialize(): Promise<void> {
     if (!this.networkProxy && this.settings.useNetworkProxy && this.settings.useNetworkProxy.length > 0) {
-      // Configure NetworkProxy options based on PortProxy settings
+      // Configure NetworkProxy options based on SmartProxy settings
       const networkProxyOptions: any = {
         port: this.settings.networkProxyPort!,
         portProxyIntegration: true,
@@ -57,7 +56,6 @@ export class NetworkProxyBridge {
         useExternalPort80Handler: !!this.port80Handler // Use Port80Handler if available
       };
 
-
       this.networkProxy = new NetworkProxy(networkProxyOptions);
 
       console.log(`Initialized NetworkProxy on port ${this.settings.networkProxyPort}`);
@@ -80,29 +78,8 @@ export class NetworkProxyBridge {
 
     console.log(`Received certificate for ${data.domain} from Port80Handler, updating NetworkProxy`);
 
-    try {
-      // Find existing config for this domain
-      const existingConfigs = this.networkProxy.getProxyConfigs()
-        .filter(config => config.hostName === data.domain);
-
-      if (existingConfigs.length > 0) {
-        // Update existing configs with new certificate
-        for (const config of existingConfigs) {
-          config.privateKey = data.privateKey;
-          config.publicKey = data.certificate;
-        }
-
-        // Apply updated configs
-        this.networkProxy.updateProxyConfigs(existingConfigs)
-          .then(() => console.log(`Updated certificate for ${data.domain} in NetworkProxy`))
-          .catch(err => console.log(`Error updating certificate in NetworkProxy: ${err}`));
-      } else {
-        // Create a new config for this domain
-        console.log(`No existing config found for ${data.domain}, creating new config in NetworkProxy`);
-      }
-    } catch (err) {
-      console.log(`Error handling certificate event: ${err}`);
-    }
+    // Apply certificate directly to NetworkProxy
+    this.networkProxy.updateCertificate(data.domain, data.certificate, data.privateKey);
   }
 
   /**
@@ -113,7 +90,9 @@ export class NetworkProxyBridge {
       console.log(`NetworkProxy not initialized: cannot apply external certificate for ${data.domain}`);
       return;
     }
-    this.handleCertificateEvent(data);
+    
+    // Apply certificate directly to NetworkProxy
+    this.networkProxy.updateCertificate(data.domain, data.certificate, data.privateKey);
   }
   
   /**
@@ -155,92 +134,6 @@ export class NetworkProxyBridge {
     }
   }
   
-  /**
-   * Register domains from routes with Port80Handler for certificate management
-   *
-   * Extracts domains from routes that require TLS termination and registers them
-   * with the Port80Handler for certificate issuance and renewal.
-   *
-   * @param routes The route configurations to extract domains from
-   */
-  public registerDomainsWithPort80Handler(routes: IRouteConfig[]): void {
-    if (!this.port80Handler) {
-      console.log('Cannot register domains - Port80Handler not initialized');
-      return;
-    }
-
-    // Extract domains from routes that require TLS termination
-    const domainsToRegister = new Set<string>();
-
-    for (const route of routes) {
-      // Skip routes without domains or TLS configuration
-      if (!route.match.domains || !route.action.tls) continue;
-
-      // Only register domains for routes that terminate TLS
-      if (route.action.tls.mode !== 'terminate' && route.action.tls.mode !== 'terminate-and-reencrypt') continue;
-
-      // Extract domains from route
-      const domains = Array.isArray(route.match.domains)
-        ? route.match.domains
-        : [route.match.domains];
-
-      // Add each domain to the set (avoiding duplicates)
-      for (const domain of domains) {
-        // Skip wildcards
-        if (domain.includes('*')) {
-          console.log(`Skipping wildcard domain for ACME: ${domain}`);
-          continue;
-        }
-
-        domainsToRegister.add(domain);
-      }
-    }
-
-    // Register each unique domain with Port80Handler
-    for (const domain of domainsToRegister) {
-      try {
-        this.port80Handler.addDomain({
-          domainName: domain,
-          sslRedirect: true,
-          acmeMaintenance: true,
-          // Include route reference if we can find it
-          routeReference: this.findRouteReferenceForDomain(domain, routes)
-        });
-
-        console.log(`Registered domain with Port80Handler: ${domain}`);
-      } catch (err) {
-        console.log(`Error registering domain ${domain} with Port80Handler: ${err}`);
-      }
-    }
-  }
-
-  /**
-   * Finds the route reference for a given domain
-   *
-   * @param domain The domain to find a route reference for
-   * @param routes The routes to search
-   * @returns The route reference if found, undefined otherwise
-   */
-  private findRouteReferenceForDomain(domain: string, routes: IRouteConfig[]): { routeId?: string; routeName?: string } | undefined {
-    // Find the first route that matches this domain
-    for (const route of routes) {
-      if (!route.match.domains) continue;
-
-      const domains = Array.isArray(route.match.domains)
-        ? route.match.domains
-        : [route.match.domains];
-
-      if (domains.includes(domain)) {
-        return {
-          routeId: undefined, // No explicit IDs in our current routes
-          routeName: route.name
-        };
-      }
-    }
-
-    return undefined;
-  }
-  
   /**
    * Forwards a TLS connection to a NetworkProxy for handling
    */
@@ -305,7 +198,6 @@ export class NetworkProxyBridge {
       socket.pipe(proxySocket);
       proxySocket.pipe(socket);
 
-      // Update activity on data transfer (caller should handle this)
       if (this.settings.enableDetailedLogging) {
         console.log(`[${connectionId}] TLS connection successfully forwarded to NetworkProxy`);
       }
@@ -315,13 +207,8 @@ export class NetworkProxyBridge {
   /**
    * Synchronizes routes to NetworkProxy
    *
-   * This method directly maps route configurations to NetworkProxy format and updates
-   * the NetworkProxy with these configurations. It handles:
-   *
-   * - Extracting domain, target, and certificate information from routes
-   * - Converting TLS mode settings to NetworkProxy configuration
-   * - Applying security and advanced settings
-   * - Registering domains for ACME certificate provisioning when needed
+   * This method directly passes route configurations to NetworkProxy without any
+   * intermediate conversion. NetworkProxy natively understands route configurations.
    *
    * @param routes The route configurations to sync to NetworkProxy
    */
@@ -332,140 +219,22 @@ export class NetworkProxyBridge {
     }
 
     try {
-      // Get SSL certificates from assets
-      // Import fs directly since it's not in plugins
-      const fs = await import('fs');
-
-      let defaultCertPair;
-      try {
-        defaultCertPair = {
-          key: fs.readFileSync('assets/certs/key.pem', 'utf8'),
-          cert: fs.readFileSync('assets/certs/cert.pem', 'utf8'),
-        };
-      } catch (certError) {
-        console.log(`Warning: Could not read default certificates: ${certError}`);
-        console.log(
-          'Using empty certificate placeholders - ACME will generate proper certificates if enabled'
+      // Filter only routes that are applicable to NetworkProxy (TLS termination)
+      const networkProxyRoutes = routes.filter(route => {
+        return (
+          route.action.type === 'forward' &&
+          route.action.tls &&
+          (route.action.tls.mode === 'terminate' || route.action.tls.mode === 'terminate-and-reencrypt')
         );
+      });
 
-        // Use empty placeholders - NetworkProxy will use its internal defaults
-        // or ACME will generate proper ones if enabled
-        defaultCertPair = {
-          key: '',
-          cert: '',
-        };
-      }
-
-      // Map routes directly to NetworkProxy configs
-      const proxyConfigs = this.mapRoutesToNetworkProxyConfigs(routes, defaultCertPair);
-
-      // Update the proxy configs
-      await this.networkProxy.updateProxyConfigs(proxyConfigs);
-      console.log(`Synced ${proxyConfigs.length} configurations to NetworkProxy`);
-
-      // Register domains with Port80Handler for certificate issuance
-      if (this.port80Handler) {
-        this.registerDomainsWithPort80Handler(routes);
-      }
+      // Pass routes directly to NetworkProxy
+      await this.networkProxy.updateRouteConfigs(networkProxyRoutes);
+      console.log(`Synced ${networkProxyRoutes.length} routes directly to NetworkProxy`);
     } catch (err) {
       console.log(`Error syncing routes to NetworkProxy: ${err}`);
     }
   }
-
-  /**
-   * Map routes directly to NetworkProxy configuration format
-   *
-   * This method directly maps route configurations to NetworkProxy's format
-   * without any intermediate domain-based representation. It processes each route
-   * and creates appropriate NetworkProxy configs for domains that require TLS termination.
-   *
-   * @param routes Array of route configurations to map
-   * @param defaultCertPair Default certificate to use if no custom certificate is specified
-   * @returns Array of NetworkProxy configurations
-   */
-  public mapRoutesToNetworkProxyConfigs(
-    routes: IRouteConfig[],
-    defaultCertPair: { key: string; cert: string }
-  ): plugins.tsclass.network.IReverseProxyConfig[] {
-    const configs: plugins.tsclass.network.IReverseProxyConfig[] = [];
-
-    for (const route of routes) {
-      // Skip routes without domains
-      if (!route.match.domains) continue;
-
-      // Skip non-forward routes
-      if (route.action.type !== 'forward') continue;
-
-      // Skip routes without TLS configuration
-      if (!route.action.tls || !route.action.target) continue;
-
-      // Skip routes that don't require TLS termination
-      if (route.action.tls.mode !== 'terminate' && route.action.tls.mode !== 'terminate-and-reencrypt') continue;
-
-      // Get domains from route
-      const domains = Array.isArray(route.match.domains)
-        ? route.match.domains
-        : [route.match.domains];
-
-      // Create a config for each domain
-      for (const domain of domains) {
-        // Get certificate
-        let certKey = defaultCertPair.key;
-        let certCert = defaultCertPair.cert;
-
-        // Use custom certificate if specified
-        if (route.action.tls.certificate !== 'auto' && typeof route.action.tls.certificate === 'object') {
-          certKey = route.action.tls.certificate.key;
-          certCert = route.action.tls.certificate.cert;
-        }
-
-        // Determine target hosts and ports
-        const targetHosts = Array.isArray(route.action.target.host)
-          ? route.action.target.host
-          : [route.action.target.host];
-
-        const targetPort = route.action.target.port;
-
-        // Create the NetworkProxy config
-        const config: plugins.tsclass.network.IReverseProxyConfig = {
-          hostName: domain,
-          privateKey: certKey,
-          publicKey: certCert,
-          destinationIps: targetHosts,
-          destinationPorts: [targetPort]
-          // Note: We can't include additional metadata as it's not supported in the interface
-        };
-
-        configs.push(config);
-      }
-    }
-
-    return configs;
-  }
-
-  /**
-   * @deprecated This method is kept for backward compatibility.
-   * Use mapRoutesToNetworkProxyConfigs() instead.
-   */
-  public convertRoutesToNetworkProxyConfigs(
-    routes: IRouteConfig[],
-    defaultCertPair: { key: string; cert: string }
-  ): plugins.tsclass.network.IReverseProxyConfig[] {
-    return this.mapRoutesToNetworkProxyConfigs(routes, defaultCertPair);
-  }
-
-  /**
-   * @deprecated This method is deprecated and will be removed in a future version.
-   * Use syncRoutesToNetworkProxy() instead.
-   *
-   * This legacy method exists only for backward compatibility and
-   * simply forwards to syncRoutesToNetworkProxy().
-   */
-  public async syncDomainConfigsToNetworkProxy(): Promise<void> {
-    console.log('DEPRECATED: Method syncDomainConfigsToNetworkProxy will be removed in a future version.');
-    console.log('Please use syncRoutesToNetworkProxy() instead for direct route-based configuration.');
-    await this.syncRoutesToNetworkProxy(this.settings.routes || []);
-  }
   
   /**
    * Request a certificate for a specific domain
@@ -496,12 +265,6 @@ export class NetworkProxyBridge {
           domainOptions.routeReference = {
             routeName
           };
-        } else {
-          // Try to find a route reference from the current routes
-          const routeReference = this.findRouteReferenceForDomain(domain, this.settings.routes || []);
-          if (routeReference) {
-            domainOptions.routeReference = routeReference;
-          }
         }
 
         // Register the domain for certificate issuance