npm - @push.rocks/smartproxy - Versions diffs - 19.3.2 → 19.3.3 - Mend

@push.rocks/smartproxy 19.3.2 → 19.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/dist_ts/classes.pp.portrangemanager.js DELETED Viewed

@@ -1,179 +0,0 @@
-/**
- * Manages port ranges and port-based configuration
- */
-export class PortRangeManager {
-    constructor(settings) {
-        this.settings = settings;
-    }
-    /**
-     * Get all ports that should be listened on
-     */
-    getListeningPorts() {
-        const listeningPorts = new Set();
-        // Always include the main fromPort
-        listeningPorts.add(this.settings.fromPort);
-        // Add ports from global port ranges if defined
-        if (this.settings.globalPortRanges && this.settings.globalPortRanges.length > 0) {
-            for (const range of this.settings.globalPortRanges) {
-                for (let port = range.from; port <= range.to; port++) {
-                    listeningPorts.add(port);
-                }
-            }
-        }
-        return listeningPorts;
-    }
-    /**
-     * Check if a port should use NetworkProxy for forwarding
-     */
-    shouldUseNetworkProxy(port) {
-        return !!this.settings.useNetworkProxy && this.settings.useNetworkProxy.includes(port);
-    }
-    /**
-     * Check if port should use global forwarding
-     */
-    shouldUseGlobalForwarding(port) {
-        return (!!this.settings.forwardAllGlobalRanges &&
-            this.isPortInGlobalRanges(port));
-    }
-    /**
-     * Check if a port is in global ranges
-     */
-    isPortInGlobalRanges(port) {
-        return (this.settings.globalPortRanges &&
-            this.isPortInRanges(port, this.settings.globalPortRanges));
-    }
-    /**
-     * Check if a port falls within the specified ranges
-     */
-    isPortInRanges(port, ranges) {
-        return ranges.some((range) => port >= range.from && port <= range.to);
-    }
-    /**
-     * Get forwarding port for a specific listening port
-     * This determines what port to connect to on the target
-     */
-    getForwardingPort(listeningPort) {
-        // If using global forwarding, forward to the original port
-        if (this.settings.forwardAllGlobalRanges && this.isPortInGlobalRanges(listeningPort)) {
-            return listeningPort;
-        }
-        // Otherwise use the configured toPort
-        return this.settings.toPort;
-    }
-    /**
-     * Find domain-specific port ranges that include a given port
-     */
-    findDomainPortRange(port) {
-        for (let i = 0; i < this.settings.domainConfigs.length; i++) {
-            const domain = this.settings.domainConfigs[i];
-            if (domain.portRanges) {
-                for (const range of domain.portRanges) {
-                    if (port >= range.from && port <= range.to) {
-                        return { domainIndex: i, range };
-                    }
-                }
-            }
-        }
-        return undefined;
-    }
-    /**
-     * Get a list of all configured ports
-     * This includes the fromPort, NetworkProxy ports, and ports from all ranges
-     */
-    getAllConfiguredPorts() {
-        const ports = new Set();
-        // Add main listening port
-        ports.add(this.settings.fromPort);
-        // Add NetworkProxy port if configured
-        if (this.settings.networkProxyPort) {
-            ports.add(this.settings.networkProxyPort);
-        }
-        // Add NetworkProxy ports
-        if (this.settings.useNetworkProxy) {
-            for (const port of this.settings.useNetworkProxy) {
-                ports.add(port);
-            }
-        }
-        // Add ACME HTTP challenge port if enabled
-        if (this.settings.acme?.enabled && this.settings.acme.port) {
-            ports.add(this.settings.acme.port);
-        }
-        // Add global port ranges
-        if (this.settings.globalPortRanges) {
-            for (const range of this.settings.globalPortRanges) {
-                for (let port = range.from; port <= range.to; port++) {
-                    ports.add(port);
-                }
-            }
-        }
-        // Add domain-specific port ranges
-        for (const domain of this.settings.domainConfigs) {
-            if (domain.portRanges) {
-                for (const range of domain.portRanges) {
-                    for (let port = range.from; port <= range.to; port++) {
-                        ports.add(port);
-                    }
-                }
-            }
-            // Add domain-specific NetworkProxy port if configured
-            if (domain.useNetworkProxy && domain.networkProxyPort) {
-                ports.add(domain.networkProxyPort);
-            }
-        }
-        return Array.from(ports);
-    }
-    /**
-     * Validate port configuration
-     * Returns array of warning messages
-     */
-    validateConfiguration() {
-        const warnings = [];
-        // Check for overlapping port ranges
-        const portMappings = new Map();
-        // Track global port ranges
-        if (this.settings.globalPortRanges) {
-            for (const range of this.settings.globalPortRanges) {
-                for (let port = range.from; port <= range.to; port++) {
-                    if (!portMappings.has(port)) {
-                        portMappings.set(port, []);
-                    }
-                    portMappings.get(port).push('Global Port Range');
-                }
-            }
-        }
-        // Track domain-specific port ranges
-        for (const domain of this.settings.domainConfigs) {
-            if (domain.portRanges) {
-                for (const range of domain.portRanges) {
-                    for (let port = range.from; port <= range.to; port++) {
-                        if (!portMappings.has(port)) {
-                            portMappings.set(port, []);
-                        }
-                        portMappings.get(port).push(`Domain: ${domain.domains.join(', ')}`);
-                    }
-                }
-            }
-        }
-        // Check for ports with multiple mappings
-        for (const [port, mappings] of portMappings.entries()) {
-            if (mappings.length > 1) {
-                warnings.push(`Port ${port} has multiple mappings: ${mappings.join(', ')}`);
-            }
-        }
-        // Check if main ports are used elsewhere
-        if (portMappings.has(this.settings.fromPort) && portMappings.get(this.settings.fromPort).length > 0) {
-            warnings.push(`Main listening port ${this.settings.fromPort} is also used in port ranges`);
-        }
-        if (this.settings.networkProxyPort && portMappings.has(this.settings.networkProxyPort)) {
-            warnings.push(`NetworkProxy port ${this.settings.networkProxyPort} is also used in port ranges`);
-        }
-        // Check ACME port
-        if (this.settings.acme?.enabled && this.settings.acme.port) {
-            if (portMappings.has(this.settings.acme.port)) {
-                warnings.push(`ACME HTTP challenge port ${this.settings.acme.port} is also used in port ranges`);
-            }
-        }
-        return warnings;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5wb3J0cmFuZ2VtYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvY2xhc3Nlcy5wcC5wb3J0cmFuZ2VtYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBOztHQUVHO0FBQ0gsTUFBTSxPQUFPLGdCQUFnQjtJQUMzQixZQUFvQixRQUE0QjtRQUE1QixhQUFRLEdBQVIsUUFBUSxDQUFvQjtJQUFHLENBQUM7SUFFcEQ7O09BRUc7SUFDSSxpQkFBaUI7UUFDdEIsTUFBTSxjQUFjLEdBQUcsSUFBSSxHQUFHLEVBQVUsQ0FBQztRQUV6QyxtQ0FBbUM7UUFDbkMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRTNDLCtDQUErQztRQUMvQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDaEYsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLENBQUM7Z0JBQ25ELEtBQUssSUFBSSxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksRUFBRSxJQUFJLElBQUksS0FBSyxDQUFDLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFBRSxDQUFDO29CQUNyRCxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUMzQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLGNBQWMsQ0FBQztJQUN4QixDQUFDO0lBRUQ7O09BRUc7SUFDSSxxQkFBcUIsQ0FBQyxJQUFZO1FBQ3ZDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN6RixDQUFDO0lBRUQ7O09BRUc7SUFDSSx5QkFBeUIsQ0FBQyxJQUFZO1FBQzNDLE9BQU8sQ0FDTCxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxzQkFBc0I7WUFDdEMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUNoQyxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksb0JBQW9CLENBQUMsSUFBWTtRQUN0QyxPQUFPLENBQ0wsSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0I7WUFDOUIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUMxRCxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksY0FBYyxDQUFDLElBQVksRUFBRSxNQUEyQztRQUM3RSxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLElBQUksSUFBSSxLQUFLLENBQUMsSUFBSSxJQUFJLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVEOzs7T0FHRztJQUNJLGlCQUFpQixDQUFDLGFBQXFCO1FBQzVDLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsc0JBQXNCLElBQUksSUFBSSxDQUFDLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUM7WUFDckYsT0FBTyxhQUFhLENBQUM7UUFDdkIsQ0FBQztRQUVELHNDQUFzQztRQUN0QyxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO0lBQzlCLENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLElBQVk7UUFJckMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQzVELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzlDLElBQUksTUFBTSxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUN0QixLQUFLLE1BQU0sS0FBSyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztvQkFDdEMsSUFBSSxJQUFJLElBQUksS0FBSyxDQUFDLElBQUksSUFBSSxJQUFJLElBQUksS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDO3dCQUMzQyxPQUFPLEVBQUUsV0FBVyxFQUFFLENBQUMsRUFBRSxLQUFLLEVBQUUsQ0FBQztvQkFDbkMsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0kscUJBQXFCO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7UUFFaEMsMEJBQTBCO1FBQzFCLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUVsQyxzQ0FBc0M7UUFDdEMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDbkMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDNUMsQ0FBQztRQUVELHlCQUF5QjtRQUN6QixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDbEMsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsRUFBRSxDQUFDO2dCQUNqRCxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ2xCLENBQUM7UUFDSCxDQUFDO1FBRUQsMENBQTBDO1FBQzFDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsT0FBTyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzNELEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDckMsQ0FBQztRQUVELHlCQUF5QjtRQUN6QixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQyxLQUFLLE1BQU0sS0FBSyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkQsS0FBSyxJQUFJLElBQUksR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFLENBQUM7b0JBQ3JELEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ2xCLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELGtDQUFrQztRQUNsQyxLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakQsSUFBSSxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ3RCLEtBQUssTUFBTSxLQUFLLElBQUksTUFBTSxDQUFDLFVBQVUsRUFBRSxDQUFDO29CQUN0QyxLQUFLLElBQUksSUFBSSxHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQzt3QkFDckQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDbEIsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztZQUVELHNEQUFzRDtZQUN0RCxJQUFJLE1BQU0sQ0FBQyxlQUFlLElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLENBQUM7Z0JBQ3RELEtBQUssQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDckMsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDM0IsQ0FBQztJQUVEOzs7T0FHRztJQUNJLHFCQUFxQjtRQUMxQixNQUFNLFFBQVEsR0FBYSxFQUFFLENBQUM7UUFFOUIsb0NBQW9DO1FBQ3BDLE1BQU0sWUFBWSxHQUFHLElBQUksR0FBRyxFQUFvQixDQUFDO1FBRWpELDJCQUEyQjtRQUMzQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQyxLQUFLLE1BQU0sS0FBSyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkQsS0FBSyxJQUFJLElBQUksR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLElBQUksSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFLENBQUM7b0JBQ3JELElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7d0JBQzVCLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO29CQUM3QixDQUFDO29CQUNELFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFFLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUM7Z0JBQ3BELENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELG9DQUFvQztRQUNwQyxLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakQsSUFBSSxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ3RCLEtBQUssTUFBTSxLQUFLLElBQUksTUFBTSxDQUFDLFVBQVUsRUFBRSxDQUFDO29CQUN0QyxLQUFLLElBQUksSUFBSSxHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQzt3QkFDckQsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQzs0QkFDNUIsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7d0JBQzdCLENBQUM7d0JBQ0QsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUUsQ0FBQyxJQUFJLENBQUMsV0FBVyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7b0JBQ3ZFLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQseUNBQXlDO1FBQ3pDLEtBQUssTUFBTSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsSUFBSSxZQUFZLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUN0RCxJQUFJLFFBQVEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hCLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxJQUFJLDJCQUEyQixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUM5RSxDQUFDO1FBQ0gsQ0FBQztRQUVELHlDQUF5QztRQUN6QyxJQUFJLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFFLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3JHLFFBQVEsQ0FBQyxJQUFJLENBQUMsdUJBQXVCLElBQUksQ0FBQyxRQUFRLENBQUMsUUFBUSw4QkFBOEIsQ0FBQyxDQUFDO1FBQzdGLENBQUM7UUFFRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLElBQUksWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztZQUN2RixRQUFRLENBQUMsSUFBSSxDQUFDLHFCQUFxQixJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQiw4QkFBOEIsQ0FBQyxDQUFDO1FBQ25HLENBQUM7UUFFRCxrQkFBa0I7UUFDbEIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxPQUFPLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDM0QsSUFBSSxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQzlDLFFBQVEsQ0FBQyxJQUFJLENBQUMsNEJBQTRCLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksOEJBQThCLENBQUMsQ0FBQztZQUNuRyxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7Q0FDRiJ9

package/dist_ts/classes.pp.securitymanager.d.ts DELETED Viewed

@@ -1,47 +0,0 @@
-import type { IPortProxySettings } from './classes.pp.interfaces.js';
-/**
- * Handles security aspects like IP tracking, rate limiting, and authorization
- */
-export declare class SecurityManager {
-    private settings;
-    private connectionsByIP;
-    private connectionRateByIP;
-    constructor(settings: IPortProxySettings);
-    /**
-     * Get connections count by IP
-     */
-    getConnectionCountByIP(ip: string): number;
-    /**
-     * Check and update connection rate for an IP
-     * @returns true if within rate limit, false if exceeding limit
-     */
-    checkConnectionRate(ip: string): boolean;
-    /**
-     * Track connection by IP
-     */
-    trackConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Remove connection tracking for an IP
-     */
-    removeConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Check if an IP is allowed using glob patterns
-     */
-    isIPAuthorized(ip: string, allowedIPs: string[], blockedIPs?: string[]): boolean;
-    /**
-     * Check if the IP matches any of the glob patterns
-     */
-    private isGlobIPMatch;
-    /**
-     * Check if IP should be allowed considering connection rate and max connections
-     * @returns Object with result and reason
-     */
-    validateIP(ip: string): {
-        allowed: boolean;
-        reason?: string;
-    };
-    /**
-     * Clears all IP tracking data (for shutdown)
-     */
-    clearIPTracking(): void;
-}

package/dist_ts/classes.pp.securitymanager.js DELETED Viewed

@@ -1,126 +0,0 @@
-import * as plugins from './plugins.js';
-/**
- * Handles security aspects like IP tracking, rate limiting, and authorization
- */
-export class SecurityManager {
-    constructor(settings) {
-        this.settings = settings;
-        this.connectionsByIP = new Map();
-        this.connectionRateByIP = new Map();
-    }
-    /**
-     * Get connections count by IP
-     */
-    getConnectionCountByIP(ip) {
-        return this.connectionsByIP.get(ip)?.size || 0;
-    }
-    /**
-     * Check and update connection rate for an IP
-     * @returns true if within rate limit, false if exceeding limit
-     */
-    checkConnectionRate(ip) {
-        const now = Date.now();
-        const minute = 60 * 1000;
-        if (!this.connectionRateByIP.has(ip)) {
-            this.connectionRateByIP.set(ip, [now]);
-            return true;
-        }
-        // Get timestamps and filter out entries older than 1 minute
-        const timestamps = this.connectionRateByIP.get(ip).filter((time) => now - time < minute);
-        timestamps.push(now);
-        this.connectionRateByIP.set(ip, timestamps);
-        // Check if rate exceeds limit
-        return timestamps.length <= this.settings.connectionRateLimitPerMinute;
-    }
-    /**
-     * Track connection by IP
-     */
-    trackConnectionByIP(ip, connectionId) {
-        if (!this.connectionsByIP.has(ip)) {
-            this.connectionsByIP.set(ip, new Set());
-        }
-        this.connectionsByIP.get(ip).add(connectionId);
-    }
-    /**
-     * Remove connection tracking for an IP
-     */
-    removeConnectionByIP(ip, connectionId) {
-        if (this.connectionsByIP.has(ip)) {
-            const connections = this.connectionsByIP.get(ip);
-            connections.delete(connectionId);
-            if (connections.size === 0) {
-                this.connectionsByIP.delete(ip);
-            }
-        }
-    }
-    /**
-     * Check if an IP is allowed using glob patterns
-     */
-    isIPAuthorized(ip, allowedIPs, blockedIPs = []) {
-        // Skip IP validation if allowedIPs is empty
-        if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) {
-            return true;
-        }
-        // First check if IP is blocked
-        if (blockedIPs.length > 0 && this.isGlobIPMatch(ip, blockedIPs)) {
-            return false;
-        }
-        // Then check if IP is allowed
-        return this.isGlobIPMatch(ip, allowedIPs);
-    }
-    /**
-     * Check if the IP matches any of the glob patterns
-     */
-    isGlobIPMatch(ip, patterns) {
-        if (!ip || !patterns || patterns.length === 0)
-            return false;
-        const normalizeIP = (ip) => {
-            if (!ip)
-                return [];
-            if (ip.startsWith('::ffff:')) {
-                const ipv4 = ip.slice(7);
-                return [ip, ipv4];
-            }
-            if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-                return [ip, `::ffff:${ip}`];
-            }
-            return [ip];
-        };
-        const normalizedIPVariants = normalizeIP(ip);
-        if (normalizedIPVariants.length === 0)
-            return false;
-        const expandedPatterns = patterns.flatMap(normalizeIP);
-        return normalizedIPVariants.some((ipVariant) => expandedPatterns.some((pattern) => plugins.minimatch(ipVariant, pattern)));
-    }
-    /**
-     * Check if IP should be allowed considering connection rate and max connections
-     * @returns Object with result and reason
-     */
-    validateIP(ip) {
-        // Check connection count limit
-        if (this.settings.maxConnectionsPerIP &&
-            this.getConnectionCountByIP(ip) >= this.settings.maxConnectionsPerIP) {
-            return {
-                allowed: false,
-                reason: `Maximum connections per IP (${this.settings.maxConnectionsPerIP}) exceeded`
-            };
-        }
-        // Check connection rate limit
-        if (this.settings.connectionRateLimitPerMinute &&
-            !this.checkConnectionRate(ip)) {
-            return {
-                allowed: false,
-                reason: `Connection rate limit (${this.settings.connectionRateLimitPerMinute}/min) exceeded`
-            };
-        }
-        return { allowed: true };
-    }
-    /**
-     * Clears all IP tracking data (for shutdown)
-     */
-    clearIPTracking() {
-        this.connectionsByIP.clear();
-        this.connectionRateByIP.clear();
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC5zZWN1cml0eW1hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9jbGFzc2VzLnBwLnNlY3VyaXR5bWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGNBQWMsQ0FBQztBQUd4Qzs7R0FFRztBQUNILE1BQU0sT0FBTyxlQUFlO0lBSTFCLFlBQW9CLFFBQTRCO1FBQTVCLGFBQVEsR0FBUixRQUFRLENBQW9CO1FBSHhDLG9CQUFlLEdBQTZCLElBQUksR0FBRyxFQUFFLENBQUM7UUFDdEQsdUJBQWtCLEdBQTBCLElBQUksR0FBRyxFQUFFLENBQUM7SUFFWCxDQUFDO0lBRXBEOztPQUVHO0lBQ0ksc0JBQXNCLENBQUMsRUFBVTtRQUN0QyxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLElBQUksSUFBSSxDQUFDLENBQUM7SUFDakQsQ0FBQztJQUVEOzs7T0FHRztJQUNJLG1CQUFtQixDQUFDLEVBQVU7UUFDbkMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sTUFBTSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFekIsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUNyQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDdkMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsNERBQTREO1FBQzVELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBQzFGLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDckIsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFNUMsOEJBQThCO1FBQzlCLE9BQU8sVUFBVSxDQUFDLE1BQU0sSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLDRCQUE2QixDQUFDO0lBQzFFLENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUN6RCxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUNsQyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzFDLENBQUM7UUFDRCxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUUsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksb0JBQW9CLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQzFELElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUNqQyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUUsQ0FBQztZQUNsRCxXQUFXLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ2pDLElBQUksV0FBVyxDQUFDLElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDbEMsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxjQUFjLENBQUMsRUFBVSxFQUFFLFVBQW9CLEVBQUUsYUFBdUIsRUFBRTtRQUMvRSw0Q0FBNEM7UUFDNUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUNoRSxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCwrQkFBK0I7UUFDL0IsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsRUFBRSxVQUFVLENBQUMsRUFBRSxDQUFDO1lBQ2hFLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELDhCQUE4QjtRQUM5QixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7T0FFRztJQUNLLGFBQWEsQ0FBQyxFQUFVLEVBQUUsUUFBa0I7UUFDbEQsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUU1RCxNQUFNLFdBQVcsR0FBRyxDQUFDLEVBQVUsRUFBWSxFQUFFO1lBQzNDLElBQUksQ0FBQyxFQUFFO2dCQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ25CLElBQUksRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLElBQUksR0FBRyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUN6QixPQUFPLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ3BCLENBQUM7WUFDRCxJQUFJLHlCQUF5QixDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUN2QyxPQUFPLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM5QixDQUFDO1lBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2QsQ0FBQyxDQUFDO1FBRUYsTUFBTSxvQkFBb0IsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDN0MsSUFBSSxvQkFBb0IsQ0FBQyxNQUFNLEtBQUssQ0FBQztZQUFFLE9BQU8sS0FBSyxDQUFDO1FBRXBELE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUN2RCxPQUFPLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQzdDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FDMUUsQ0FBQztJQUNKLENBQUM7SUFFRDs7O09BR0c7SUFDSSxVQUFVLENBQUMsRUFBVTtRQUMxQiwrQkFBK0I7UUFDL0IsSUFDRSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUNqQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsRUFDcEUsQ0FBQztZQUNELE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsTUFBTSxFQUFFLCtCQUErQixJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQixZQUFZO2FBQ3JGLENBQUM7UUFDSixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLElBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyw0QkFBNEI7WUFDMUMsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxDQUFDLEVBQzdCLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwwQkFBMEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyw0QkFBNEIsZ0JBQWdCO2FBQzdGLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxlQUFlO1FBQ3BCLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEtBQUssRUFBRSxDQUFDO0lBQ2xDLENBQUM7Q0FDRiJ9

package/dist_ts/classes.pp.snihandler.d.ts DELETED Viewed

@@ -1,153 +0,0 @@
-import { Buffer } from 'buffer';
-/**
- * SNI (Server Name Indication) handler for TLS connections.
- * Provides robust extraction of SNI values from TLS ClientHello messages
- * with support for fragmented packets, TLS 1.3 resumption, Chrome-specific
- * connection behaviors, and tab hibernation/reactivation scenarios.
- */
-export declare class SniHandler {
-    private static readonly TLS_HANDSHAKE_RECORD_TYPE;
-    private static readonly TLS_APPLICATION_DATA_TYPE;
-    private static readonly TLS_CLIENT_HELLO_HANDSHAKE_TYPE;
-    private static readonly TLS_SNI_EXTENSION_TYPE;
-    private static readonly TLS_SESSION_TICKET_EXTENSION_TYPE;
-    private static readonly TLS_SNI_HOST_NAME_TYPE;
-    private static readonly TLS_PSK_EXTENSION_TYPE;
-    private static readonly TLS_PSK_KE_MODES_EXTENSION_TYPE;
-    private static readonly TLS_EARLY_DATA_EXTENSION_TYPE;
-    private static fragmentedBuffers;
-    private static fragmentTimeout;
-    /**
-     * Checks if a buffer contains a TLS handshake message (record type 22)
-     * @param buffer - The buffer to check
-     * @returns true if the buffer starts with a TLS handshake record type
-     */
-    static isTlsHandshake(buffer: Buffer): boolean;
-    /**
-     * Checks if a buffer contains TLS application data (record type 23)
-     * @param buffer - The buffer to check
-     * @returns true if the buffer starts with a TLS application data record type
-     */
-    static isTlsApplicationData(buffer: Buffer): boolean;
-    /**
-     * Creates a connection ID based on source/destination information
-     * Used to track fragmented ClientHello messages across multiple packets
-     *
-     * @param connectionInfo - Object containing connection identifiers (IP/port)
-     * @returns A string ID for the connection
-     */
-    static createConnectionId(connectionInfo: {
-        sourceIp?: string;
-        sourcePort?: number;
-        destIp?: string;
-        destPort?: number;
-    }): string;
-    /**
-     * Handles potential fragmented ClientHello messages by buffering and reassembling
-     * TLS record fragments that might span multiple TCP packets.
-     *
-     * @param buffer - The current buffer fragment
-     * @param connectionId - Unique identifier for the connection
-     * @param enableLogging - Whether to enable logging
-     * @returns A complete buffer if reassembly is successful, or undefined if more fragments are needed
-     */
-    static handleFragmentedClientHello(buffer: Buffer, connectionId: string, enableLogging?: boolean): Buffer | undefined;
-    /**
-     * Checks if a buffer contains a TLS ClientHello message
-     * @param buffer - The buffer to check
-     * @returns true if the buffer appears to be a ClientHello message
-     */
-    static isClientHello(buffer: Buffer): boolean;
-    /**
-     * Checks if a ClientHello message contains session resumption indicators
-     * such as session tickets or PSK (Pre-Shared Key) extensions.
-     *
-     * @param buffer - The buffer containing a ClientHello message
-     * @param enableLogging - Whether to enable logging
-     * @returns Object containing details about session resumption and SNI presence
-     */
-    static hasSessionResumption(buffer: Buffer, enableLogging?: boolean): {
-        isResumption: boolean;
-        hasSNI: boolean;
-    };
-    /**
-     * Detects characteristics of a tab reactivation TLS handshake
-     * These often have specific patterns in Chrome and other browsers
-     *
-     * @param buffer - The buffer containing a ClientHello message
-     * @param enableLogging - Whether to enable logging
-     * @returns true if this appears to be a tab reactivation handshake
-     */
-    static isTabReactivationHandshake(buffer: Buffer, enableLogging?: boolean): boolean;
-    /**
-     * Extracts the SNI (Server Name Indication) from a TLS ClientHello message.
-     * Implements robust parsing with support for session resumption edge cases.
-     *
-     * @param buffer - The buffer containing the TLS ClientHello message
-     * @param enableLogging - Whether to enable detailed debug logging
-     * @returns The extracted server name or undefined if not found
-     */
-    static extractSNI(buffer: Buffer, enableLogging?: boolean): string | undefined;
-    /**
-     * Attempts to extract SNI from the PSK extension in a TLS 1.3 ClientHello.
-     *
-     * In TLS 1.3, when a client attempts to resume a session, it may include
-     * the server name in the PSK identity hint rather than in the SNI extension.
-     *
-     * @param buffer - The buffer containing the TLS ClientHello message
-     * @param enableLogging - Whether to enable detailed debug logging
-     * @returns The extracted server name or undefined if not found
-     */
-    static extractSNIFromPSKExtension(buffer: Buffer, enableLogging?: boolean): string | undefined;
-    /**
-     * Checks if the buffer contains TLS 1.3 early data (0-RTT)
-     * @param buffer - The buffer to check
-     * @param enableLogging - Whether to enable logging
-     * @returns true if early data is detected
-     */
-    static hasEarlyData(buffer: Buffer, enableLogging?: boolean): boolean;
-    /**
-     * Attempts to extract SNI from an initial ClientHello packet and handles
-     * session resumption edge cases more robustly than the standard extraction.
-     *
-     * This method handles:
-     * 1. Standard SNI extraction
-     * 2. TLS 1.3 PSK-based resumption (Chrome, Firefox, etc.)
-     * 3. Session ticket-based resumption
-     * 4. Fragmented ClientHello messages
-     * 5. TLS 1.3 Early Data (0-RTT)
-     * 6. Chrome's connection racing behaviors
-     *
-     * @param buffer - The buffer containing the TLS ClientHello message
-     * @param connectionInfo - Optional connection information for fragment handling
-     * @param enableLogging - Whether to enable detailed debug logging
-     * @returns The extracted server name or undefined if not found
-     */
-    static extractSNIWithResumptionSupport(buffer: Buffer, connectionInfo?: {
-        sourceIp?: string;
-        sourcePort?: number;
-        destIp?: string;
-        destPort?: number;
-    }, enableLogging?: boolean): string | undefined;
-    /**
-     * Main entry point for SNI extraction that handles all edge cases.
-     * This should be called for each TLS packet received from a client.
-     *
-     * The method uses connection tracking to handle fragmented ClientHello
-     * messages and various TLS 1.3 behaviors, including Chrome's connection
-     * racing patterns and tab reactivation behaviors.
-     *
-     * @param buffer - The buffer containing TLS data
-     * @param connectionInfo - Connection metadata (IPs and ports)
-     * @param enableLogging - Whether to enable detailed debug logging
-     * @param cachedSni - Optional cached SNI from previous connections (for racing detection)
-     * @returns The extracted server name or undefined if not found or more data needed
-     */
-    static processTlsPacket(buffer: Buffer, connectionInfo: {
-        sourceIp: string;
-        sourcePort: number;
-        destIp: string;
-        destPort: number;
-        timestamp?: number;
-    }, enableLogging?: boolean, cachedSni?: string): string | undefined;
-}