@push.rocks/smartproxy 19.5.18 → 19.5.20

package/ts/core/routing/route-utils.ts

@@ -0,0 +1,88 @@
+/**
+ * Route matching utilities for SmartProxy components
+ * 
+ * This file provides utility functions that use the unified matchers
+ * and additional route-specific utilities.
+ */
+
+import { DomainMatcher, PathMatcher, IpMatcher, HeaderMatcher } from './matchers/index.js';
+import { RouteSpecificity } from './specificity.js';
+import type { IRouteSpecificity } from './types.js';
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
+
+
+/**
+ * Match domains from a route against a given domain
+ * 
+ * @param domains Array or single domain pattern to match against
+ * @param domain Domain to match
+ * @returns Whether the domain matches any of the patterns
+ */
+export function matchRouteDomain(domains: string | string[] | undefined, domain: string | undefined): boolean {
+  // If no domains specified in the route, match all domains
+  if (!domains) {
+    return true;
+  }
+
+  // If no domain in the request, can't match domain-specific routes
+  if (!domain) {
+    return false;
+  }
+  
+  const patterns = Array.isArray(domains) ? domains : [domains];
+  return patterns.some(pattern => DomainMatcher.match(pattern, domain));
+}
+
+
+
+/**
+ * Calculate route specificity score
+ * Higher score means more specific matching criteria
+ * 
+ * @param match Match criteria to evaluate
+ * @returns Numeric specificity score
+ */
+export function calculateRouteSpecificity(match: {
+  domains?: string | string[];
+  path?: string;
+  clientIp?: string[];
+  tlsVersion?: string[];
+  headers?: Record<string, string | RegExp>;
+}): number {
+  let score = 0;
+  
+  // Path specificity using PathMatcher
+  if (match.path) {
+    score += PathMatcher.calculateSpecificity(match.path);
+  }
+  
+  // Domain specificity using DomainMatcher
+  if (match.domains) {
+    const domains = Array.isArray(match.domains) ? match.domains : [match.domains];
+    // Use the highest specificity among all domains
+    const domainScore = Math.max(...domains.map(d => DomainMatcher.calculateSpecificity(d)));
+    score += domainScore;
+  }
+  
+  // Headers specificity using HeaderMatcher
+  if (match.headers) {
+    const stringHeaders: Record<string, string> = {};
+    for (const [key, value] of Object.entries(match.headers)) {
+      stringHeaders[key] = value instanceof RegExp ? value.source : value;
+    }
+    score += HeaderMatcher.calculateSpecificity(stringHeaders);
+  }
+  
+  // Client IP adds some specificity
+  if (match.clientIp && match.clientIp.length > 0) {
+    // Use the first IP pattern for specificity
+    score += IpMatcher.calculateSpecificity(match.clientIp[0]);
+  }
+  
+  // TLS version adds minimal specificity
+  if (match.tlsVersion && match.tlsVersion.length > 0) {
+    score += match.tlsVersion.length * 10;
+  }
+  
+  return score;
+}

package/ts/core/routing/specificity.ts

@@ -0,0 +1,141 @@
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
+import type { IRouteSpecificity } from './types.js';
+import { DomainMatcher, PathMatcher, IpMatcher, HeaderMatcher } from './matchers/index.js';
+
+/**
+ * Unified route specificity calculator
+ * Provides consistent specificity scoring across all routing components
+ */
+export class RouteSpecificity {
+  /**
+   * Calculate the total specificity score for a route
+   * Higher scores indicate more specific routes that should match first
+   */
+  static calculate(route: IRouteConfig): IRouteSpecificity {
+    const specificity: IRouteSpecificity = {
+      pathSpecificity: 0,
+      domainSpecificity: 0,
+      ipSpecificity: 0,
+      headerSpecificity: 0,
+      tlsSpecificity: 0,
+      totalScore: 0
+    };
+
+    // Path specificity
+    if (route.match.path) {
+      specificity.pathSpecificity = PathMatcher.calculateSpecificity(route.match.path);
+    }
+
+    // Domain specificity
+    if (route.match.domains) {
+      const domains = Array.isArray(route.match.domains) 
+        ? route.match.domains 
+        : [route.match.domains];
+      
+      // Use the highest specificity among all domains
+      specificity.domainSpecificity = Math.max(
+        ...domains.map(d => DomainMatcher.calculateSpecificity(d))
+      );
+    }
+
+    // IP specificity (clientIp is an array of IPs)
+    if (route.match.clientIp && route.match.clientIp.length > 0) {
+      // Use the first IP pattern for specificity calculation
+      specificity.ipSpecificity = IpMatcher.calculateSpecificity(route.match.clientIp[0]);
+    }
+
+    // Header specificity (convert RegExp values to strings)
+    if (route.match.headers) {
+      const stringHeaders: Record<string, string> = {};
+      for (const [key, value] of Object.entries(route.match.headers)) {
+        stringHeaders[key] = value instanceof RegExp ? value.source : value;
+      }
+      specificity.headerSpecificity = HeaderMatcher.calculateSpecificity(stringHeaders);
+    }
+
+    // TLS version specificity
+    if (route.match.tlsVersion && route.match.tlsVersion.length > 0) {
+      specificity.tlsSpecificity = route.match.tlsVersion.length * 10;
+    }
+
+    // Calculate total score with weights
+    specificity.totalScore = 
+      specificity.pathSpecificity * 3 +      // Path is most important
+      specificity.domainSpecificity * 2 +    // Domain is second
+      specificity.ipSpecificity * 1.5 +      // IP is moderately important
+      specificity.headerSpecificity * 1 +    // Headers are less important
+      specificity.tlsSpecificity * 0.5;     // TLS is least important
+
+    return specificity;
+  }
+
+  /**
+   * Compare two routes and determine which is more specific
+   * @returns positive if route1 is more specific, negative if route2 is more specific, 0 if equal
+   */
+  static compare(route1: IRouteConfig, route2: IRouteConfig): number {
+    const spec1 = this.calculate(route1);
+    const spec2 = this.calculate(route2);
+
+    // First compare by total score
+    if (spec1.totalScore !== spec2.totalScore) {
+      return spec1.totalScore - spec2.totalScore;
+    }
+
+    // If total scores are equal, compare by individual components
+    // Path is most important tiebreaker
+    if (spec1.pathSpecificity !== spec2.pathSpecificity) {
+      return spec1.pathSpecificity - spec2.pathSpecificity;
+    }
+
+    // Then domain
+    if (spec1.domainSpecificity !== spec2.domainSpecificity) {
+      return spec1.domainSpecificity - spec2.domainSpecificity;
+    }
+
+    // Then IP
+    if (spec1.ipSpecificity !== spec2.ipSpecificity) {
+      return spec1.ipSpecificity - spec2.ipSpecificity;
+    }
+
+    // Then headers
+    if (spec1.headerSpecificity !== spec2.headerSpecificity) {
+      return spec1.headerSpecificity - spec2.headerSpecificity;
+    }
+
+    // Finally TLS
+    return spec1.tlsSpecificity - spec2.tlsSpecificity;
+  }
+
+  /**
+   * Sort routes by specificity (most specific first)
+   */
+  static sort(routes: IRouteConfig[]): IRouteConfig[] {
+    return [...routes].sort((a, b) => this.compare(b, a));
+  }
+
+  /**
+   * Find the most specific route from a list
+   */
+  static findMostSpecific(routes: IRouteConfig[]): IRouteConfig | null {
+    if (routes.length === 0) return null;
+    
+    return routes.reduce((most, current) => 
+      this.compare(current, most) > 0 ? current : most
+    );
+  }
+
+  /**
+   * Check if a route has any matching criteria
+   */
+  static hasMatchCriteria(route: IRouteConfig): boolean {
+    const match = route.match;
+    return !!(
+      match.domains ||
+      match.path ||
+      match.clientIp?.length ||
+      match.headers ||
+      match.tlsVersion?.length
+    );
+  }
+}

package/ts/core/routing/types.ts

@@ -0,0 +1,49 @@
+/**
+ * Core routing types used throughout the routing system
+ */
+
+export interface IPathMatchResult {
+  matches: boolean;
+  params?: Record<string, string>;
+  pathMatch?: string;
+  pathRemainder?: string;
+}
+
+export interface IRouteMatchResult {
+  matches: boolean;
+  score: number;
+  specificity: number;
+  matchedCriteria: string[];
+}
+
+export interface IDomainMatchOptions {
+  allowWildcards?: boolean;
+  caseInsensitive?: boolean;
+}
+
+export interface IIpMatchOptions {
+  allowCidr?: boolean;
+  allowRanges?: boolean;
+}
+
+export interface IHeaderMatchOptions {
+  caseInsensitive?: boolean;
+  exactMatch?: boolean;
+}
+
+export interface IRouteSpecificity {
+  pathSpecificity: number;
+  domainSpecificity: number;
+  ipSpecificity: number;
+  headerSpecificity: number;
+  tlsSpecificity: number;
+  totalScore: number;
+}
+
+export interface IMatcher<T = any, O = any> {
+  match(pattern: string, value: string, options?: O): T | boolean;
+}
+
+export interface IAsyncMatcher<T = any, O = any> {
+  match(pattern: string, value: string, options?: O): Promise<T | boolean>;
+}

package/ts/core/utils/index.ts

@@ -5,8 +5,6 @@
 export * from './validation-utils.js';
 export * from './ip-utils.js';
 export * from './template-utils.js';
-export * from './route-manager.js';
-export * from './route-utils.js';
 export * from './security-utils.js';
 export * from './shared-security-manager.js';
 export * from './websocket-utils.js';

package/ts/core/utils/security-utils.ts

@@ -1,9 +1,5 @@
 import * as plugins from '../../plugins.js';
-import { 
-  matchIpPattern, 
-  ipToNumber,
-  matchIpCidr
-} from './route-utils.js';
+import { IpMatcher } from '../routing/matchers/ip.js';
 
 /**
  * Security utilities for IP validation, rate limiting, 
@@ -90,7 +86,7 @@ export function isIPAuthorized(
   // First check if IP is blocked - blocked IPs take precedence
   if (blockedIPs.length > 0) {
     for (const pattern of blockedIPs) {
-      if (matchIpPattern(pattern, ip)) {
+      if (IpMatcher.match(pattern, ip)) {
         return false;
       }
     }
@@ -104,7 +100,7 @@ export function isIPAuthorized(
   // Then check if IP is allowed in the explicit allow list
   if (allowedIPs.length > 0) {
     for (const pattern of allowedIPs) {
-      if (matchIpPattern(pattern, ip)) {
+      if (IpMatcher.match(pattern, ip)) {
         return true;
       }
     }

package/ts/core/utils/socket-utils.ts

@@ -67,37 +67,6 @@ export function cleanupSocket(
   });
 }
 
-/**
- * Create a cleanup handler for paired sockets (client and server)
- * @param clientSocket The client socket
- * @param serverSocket The server socket (optional)
- * @param onCleanup Optional callback when cleanup is done
- * @returns A cleanup function that can be called multiple times safely
- * @deprecated Use createIndependentSocketHandlers for better half-open support
- */
-export function createSocketCleanupHandler(
-  clientSocket: plugins.net.Socket | plugins.tls.TLSSocket,
-  serverSocket?: plugins.net.Socket | plugins.tls.TLSSocket | null,
-  onCleanup?: (reason: string) => void
-): (reason: string) => void {
-  let cleanedUp = false;
-  
-  return (reason: string) => {
-    if (cleanedUp) return;
-    cleanedUp = true;
-    
-    // Cleanup both sockets (old behavior - too aggressive)
-    cleanupSocket(clientSocket, 'client', { immediate: true });
-    if (serverSocket) {
-      cleanupSocket(serverSocket, 'server', { immediate: true });
-    }
-    
-    // Call cleanup callback if provided
-    if (onCleanup) {
-      onCleanup(reason);
-    }
-  };
-}
 
 /**
  * Create independent cleanup handlers for paired sockets that support half-open connections
@@ -278,19 +247,6 @@ export function setupBidirectionalForwarding(
   return { cleanupClient, cleanupServer };
 }
 
-/**
- * Pipe two sockets together with proper cleanup on either end
- * @param socket1 First socket
- * @param socket2 Second socket
- */
-export function pipeSockets(
-  socket1: plugins.net.Socket | plugins.tls.TLSSocket,
-  socket2: plugins.net.Socket | plugins.tls.TLSSocket
-): void {
-  socket1.pipe(socket2);
-  socket2.pipe(socket1);
-}
-
 /**
  * Create a socket with immediate error handling to prevent crashes
  * @param options Socket creation options

package/ts/forwarding/handlers/https-terminate-to-http-handler.ts

@@ -2,7 +2,7 @@ import * as plugins from '../../plugins.js';
 import { ForwardingHandler } from './base-handler.js';
 import type { IForwardConfig } from '../config/forwarding-types.js';
 import { ForwardingHandlerEvents } from '../config/forwarding-types.js';
-import { createSocketCleanupHandler, setupSocketHandlers, createSocketWithErrorHandler } from '../../core/utils/socket-utils.js';
+import { setupSocketHandlers, createSocketWithErrorHandler, setupBidirectionalForwarding } from '../../core/utils/socket-utils.js';
 
 /**
  * Handler for HTTPS termination with HTTP backend
@@ -100,19 +100,30 @@ export class HttpsTerminateToHttpHandler extends ForwardingHandler {
     let backendSocket: plugins.net.Socket | null = null;
     let dataBuffer = Buffer.alloc(0);
     let connectionEstablished = false;
+    let forwardingSetup = false;
     
-    // Create cleanup handler for all sockets
-    const handleClose = createSocketCleanupHandler(tlsSocket, backendSocket, (reason) => {
-      this.emit(ForwardingHandlerEvents.DISCONNECTED, {
-        remoteAddress,
-        reason
-      });
-      dataBuffer = Buffer.alloc(0);
-      connectionEstablished = false;
-    });
+    // Set up initial error handling for TLS socket
+    const tlsCleanupHandler = (reason: string) => {
+      if (!forwardingSetup) {
+        // If forwarding not set up yet, emit disconnected and cleanup
+        this.emit(ForwardingHandlerEvents.DISCONNECTED, {
+          remoteAddress,
+          reason
+        });
+        dataBuffer = Buffer.alloc(0);
+        connectionEstablished = false;
+        
+        if (!tlsSocket.destroyed) {
+          tlsSocket.destroy();
+        }
+        if (backendSocket && !backendSocket.destroyed) {
+          backendSocket.destroy();
+        }
+      }
+      // If forwarding is setup, setupBidirectionalForwarding will handle cleanup
+    };
     
-    // Set up error handling with our cleanup utility
-    setupSocketHandlers(tlsSocket, handleClose, undefined, 'tls');
+    setupSocketHandlers(tlsSocket, tlsCleanupHandler, undefined, 'tls');
     
     // Set timeout
     const timeout = this.getTimeout();
@@ -123,7 +134,7 @@ export class HttpsTerminateToHttpHandler extends ForwardingHandler {
         remoteAddress,
         error: 'TLS connection timeout'
       });
-      handleClose('timeout');
+      tlsCleanupHandler('timeout');
     });
     
     // Handle TLS data
@@ -172,30 +183,33 @@ export class HttpsTerminateToHttpHandler extends ForwardingHandler {
               dataBuffer = Buffer.alloc(0);
             }
             
-            // Set up bidirectional data flow
-            tlsSocket.pipe(backendSocket!);
-            backendSocket!.pipe(tlsSocket);
+            // Now set up bidirectional forwarding with proper cleanup
+            forwardingSetup = true;
+            setupBidirectionalForwarding(tlsSocket, backendSocket!, {
+              onCleanup: (reason) => {
+                this.emit(ForwardingHandlerEvents.DISCONNECTED, {
+                  remoteAddress,
+                  reason
+                });
+                dataBuffer = Buffer.alloc(0);
+                connectionEstablished = false;
+                forwardingSetup = false;
+              },
+              enableHalfOpen: false // Close both when one closes
+            });
           }
         });
         
-        // Update the cleanup handler with the backend socket
-        const newHandleClose = createSocketCleanupHandler(tlsSocket, backendSocket, (reason) => {
-          this.emit(ForwardingHandlerEvents.DISCONNECTED, {
-            remoteAddress,
-            reason
-          });
-          dataBuffer = Buffer.alloc(0);
-          connectionEstablished = false;
-        });
-        
-        // Set up handlers for backend socket
-        setupSocketHandlers(backendSocket, newHandleClose, undefined, 'backend');
-        
+        // Additional error logging for backend socket
         backendSocket.on('error', (error) => {
-          this.emit(ForwardingHandlerEvents.ERROR, {
-            remoteAddress,
-            error: `Target connection error: ${error.message}`
-          });
+          if (!connectionEstablished) {
+            // Connection failed during setup
+            this.emit(ForwardingHandlerEvents.ERROR, {
+              remoteAddress,
+              error: `Target connection error: ${error.message}`
+            });
+          }
+          // If connected, setupBidirectionalForwarding handles cleanup
         });
       }
     });

package/ts/forwarding/handlers/https-terminate-to-https-handler.ts

@@ -2,7 +2,7 @@ import * as plugins from '../../plugins.js';
 import { ForwardingHandler } from './base-handler.js';
 import type { IForwardConfig } from '../config/forwarding-types.js';
 import { ForwardingHandlerEvents } from '../config/forwarding-types.js';
-import { createSocketCleanupHandler, setupSocketHandlers, createSocketWithErrorHandler } from '../../core/utils/socket-utils.js';
+import { setupSocketHandlers, createSocketWithErrorHandler, setupBidirectionalForwarding } from '../../core/utils/socket-utils.js';
 
 /**
  * Handler for HTTPS termination with HTTPS backend
@@ -96,17 +96,26 @@ export class HttpsTerminateToHttpsHandler extends ForwardingHandler {
     
     // Variable to track backend socket
     let backendSocket: plugins.tls.TLSSocket | null = null;
+    let isConnectedToBackend = false;
     
-    // Create cleanup handler for both sockets
-    const handleClose = createSocketCleanupHandler(tlsSocket, backendSocket, (reason) => {
-      this.emit(ForwardingHandlerEvents.DISCONNECTED, {
-        remoteAddress,
-        reason
-      });
-    });
+    // Set up initial error handling for TLS socket
+    const tlsCleanupHandler = (reason: string) => {
+      if (!isConnectedToBackend) {
+        // If backend not connected yet, just emit disconnected event
+        this.emit(ForwardingHandlerEvents.DISCONNECTED, {
+          remoteAddress,
+          reason
+        });
+        
+        // Cleanup TLS socket if needed
+        if (!tlsSocket.destroyed) {
+          tlsSocket.destroy();
+        }
+      }
+      // If connected to backend, setupBidirectionalForwarding will handle cleanup
+    };
     
-    // Set up error handling with our cleanup utility
-    setupSocketHandlers(tlsSocket, handleClose, undefined, 'tls');
+    setupSocketHandlers(tlsSocket, tlsCleanupHandler, undefined, 'tls');
     
     // Set timeout
     const timeout = this.getTimeout();
@@ -117,7 +126,7 @@ export class HttpsTerminateToHttpsHandler extends ForwardingHandler {
         remoteAddress,
         error: 'TLS connection timeout'
       });
-      handleClose('timeout');
+      tlsCleanupHandler('timeout');
     });
     
     // Get the target from configuration
@@ -131,44 +140,55 @@ export class HttpsTerminateToHttpsHandler extends ForwardingHandler {
         // In a real implementation, we would configure TLS options
         rejectUnauthorized: false // For testing only, never use in production
       }, () => {
+        isConnectedToBackend = true;
+        
         this.emit(ForwardingHandlerEvents.DATA_FORWARDED, {
           direction: 'outbound',
           target: `${target.host}:${target.port}`,
           tls: true
         });
         
-        // Set up bidirectional data flow
-        tlsSocket.pipe(backendSocket!);
-        backendSocket!.pipe(tlsSocket);
-      });
-      
-      // Update the cleanup handler with the backend socket
-      const newHandleClose = createSocketCleanupHandler(tlsSocket, backendSocket, (reason) => {
-        this.emit(ForwardingHandlerEvents.DISCONNECTED, {
-          remoteAddress,
-          reason
+        // Set up bidirectional forwarding with proper cleanup
+        setupBidirectionalForwarding(tlsSocket, backendSocket!, {
+          onCleanup: (reason) => {
+            this.emit(ForwardingHandlerEvents.DISCONNECTED, {
+              remoteAddress,
+              reason
+            });
+          },
+          enableHalfOpen: false // Close both when one closes
+        });
+        
+        // Set timeout for backend socket
+        backendSocket!.setTimeout(timeout);
+        
+        backendSocket!.on('timeout', () => {
+          this.emit(ForwardingHandlerEvents.ERROR, {
+            remoteAddress,
+            error: 'Backend connection timeout'
+          });
+          // Let setupBidirectionalForwarding handle the cleanup
         });
       });
       
-      // Set up handlers for backend socket
-      setupSocketHandlers(backendSocket, newHandleClose, undefined, 'backend');
-      
+      // Handle backend connection errors
       backendSocket.on('error', (error) => {
         this.emit(ForwardingHandlerEvents.ERROR, {
           remoteAddress,
           error: `Backend connection error: ${error.message}`
         });
-      });
-      
-      // Set timeout for backend socket
-      backendSocket.setTimeout(timeout);
-      
-      backendSocket.on('timeout', () => {
-        this.emit(ForwardingHandlerEvents.ERROR, {
-          remoteAddress,
-          error: 'Backend connection timeout'
-        });
-        newHandleClose('backend_timeout');
+        
+        if (!isConnectedToBackend) {
+          // Connection failed, clean up TLS socket
+          if (!tlsSocket.destroyed) {
+            tlsSocket.destroy();
+          }
+          this.emit(ForwardingHandlerEvents.DISCONNECTED, {
+            remoteAddress,
+            reason: `backend_connection_failed: ${error.message}`
+          });
+        }
+        // If connected, let setupBidirectionalForwarding handle cleanup
       });
     };
     

package/ts/index.ts

@@ -2,28 +2,18 @@
  * SmartProxy main module exports
  */
 
-// Legacy exports (to maintain backward compatibility)
-// Migrated to the new proxies structure
+// NFTables proxy exports
 export * from './proxies/nftables-proxy/index.js';
 
-// Export HttpProxy elements selectively to avoid RouteManager ambiguity
+// Export HttpProxy elements
 export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './proxies/http-proxy/index.js';
 export type { IMetricsTracker, MetricsTracker } from './proxies/http-proxy/index.js';
-// Export models except IAcmeOptions to avoid conflict
 export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './proxies/http-proxy/models/types.js';
-export { RouteManager as HttpProxyRouteManager } from './proxies/http-proxy/models/types.js';
-
-// Backward compatibility exports (deprecated)
-export { HttpProxy as NetworkProxy } from './proxies/http-proxy/index.js';
-export type { IHttpProxyOptions as INetworkProxyOptions } from './proxies/http-proxy/models/types.js';
-export { HttpProxyBridge as NetworkProxyBridge } from './proxies/smart-proxy/index.js';
-
-// Certificate and Port80 modules have been removed - use SmartCertManager instead
-// Redirect module has been removed - use route-based redirects instead
+export { SharedRouteManager as HttpProxyRouteManager } from './core/routing/route-manager.js';
 
 // Export SmartProxy elements selectively to avoid RouteManager ambiguity
 export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler, SmartCertManager } from './proxies/smart-proxy/index.js';
-export { RouteManager } from './proxies/smart-proxy/route-manager.js';
+export { SharedRouteManager as RouteManager } from './core/routing/route-manager.js';
 // Export smart-proxy models
 export type { ISmartProxyOptions, IConnectionRecord, IRouteConfig, IRouteMatch, IRouteAction, IRouteTls, IRouteContext } from './proxies/smart-proxy/models/index.js';
 export type { TSmartProxyCertProvisionObject } from './proxies/smart-proxy/models/interfaces.js';