@push.rocks/smartproxy 19.5.19 → 19.5.20

package/ts/core/routing/route-utils.ts

@@ -0,0 +1,88 @@
+/**
+ * Route matching utilities for SmartProxy components
+ * 
+ * This file provides utility functions that use the unified matchers
+ * and additional route-specific utilities.
+ */
+
+import { DomainMatcher, PathMatcher, IpMatcher, HeaderMatcher } from './matchers/index.js';
+import { RouteSpecificity } from './specificity.js';
+import type { IRouteSpecificity } from './types.js';
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
+
+
+/**
+ * Match domains from a route against a given domain
+ * 
+ * @param domains Array or single domain pattern to match against
+ * @param domain Domain to match
+ * @returns Whether the domain matches any of the patterns
+ */
+export function matchRouteDomain(domains: string | string[] | undefined, domain: string | undefined): boolean {
+  // If no domains specified in the route, match all domains
+  if (!domains) {
+    return true;
+  }
+
+  // If no domain in the request, can't match domain-specific routes
+  if (!domain) {
+    return false;
+  }
+  
+  const patterns = Array.isArray(domains) ? domains : [domains];
+  return patterns.some(pattern => DomainMatcher.match(pattern, domain));
+}
+
+
+
+/**
+ * Calculate route specificity score
+ * Higher score means more specific matching criteria
+ * 
+ * @param match Match criteria to evaluate
+ * @returns Numeric specificity score
+ */
+export function calculateRouteSpecificity(match: {
+  domains?: string | string[];
+  path?: string;
+  clientIp?: string[];
+  tlsVersion?: string[];
+  headers?: Record<string, string | RegExp>;
+}): number {
+  let score = 0;
+  
+  // Path specificity using PathMatcher
+  if (match.path) {
+    score += PathMatcher.calculateSpecificity(match.path);
+  }
+  
+  // Domain specificity using DomainMatcher
+  if (match.domains) {
+    const domains = Array.isArray(match.domains) ? match.domains : [match.domains];
+    // Use the highest specificity among all domains
+    const domainScore = Math.max(...domains.map(d => DomainMatcher.calculateSpecificity(d)));
+    score += domainScore;
+  }
+  
+  // Headers specificity using HeaderMatcher
+  if (match.headers) {
+    const stringHeaders: Record<string, string> = {};
+    for (const [key, value] of Object.entries(match.headers)) {
+      stringHeaders[key] = value instanceof RegExp ? value.source : value;
+    }
+    score += HeaderMatcher.calculateSpecificity(stringHeaders);
+  }
+  
+  // Client IP adds some specificity
+  if (match.clientIp && match.clientIp.length > 0) {
+    // Use the first IP pattern for specificity
+    score += IpMatcher.calculateSpecificity(match.clientIp[0]);
+  }
+  
+  // TLS version adds minimal specificity
+  if (match.tlsVersion && match.tlsVersion.length > 0) {
+    score += match.tlsVersion.length * 10;
+  }
+  
+  return score;
+}

package/ts/core/routing/specificity.ts

@@ -0,0 +1,141 @@
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
+import type { IRouteSpecificity } from './types.js';
+import { DomainMatcher, PathMatcher, IpMatcher, HeaderMatcher } from './matchers/index.js';
+
+/**
+ * Unified route specificity calculator
+ * Provides consistent specificity scoring across all routing components
+ */
+export class RouteSpecificity {
+  /**
+   * Calculate the total specificity score for a route
+   * Higher scores indicate more specific routes that should match first
+   */
+  static calculate(route: IRouteConfig): IRouteSpecificity {
+    const specificity: IRouteSpecificity = {
+      pathSpecificity: 0,
+      domainSpecificity: 0,
+      ipSpecificity: 0,
+      headerSpecificity: 0,
+      tlsSpecificity: 0,
+      totalScore: 0
+    };
+
+    // Path specificity
+    if (route.match.path) {
+      specificity.pathSpecificity = PathMatcher.calculateSpecificity(route.match.path);
+    }
+
+    // Domain specificity
+    if (route.match.domains) {
+      const domains = Array.isArray(route.match.domains) 
+        ? route.match.domains 
+        : [route.match.domains];
+      
+      // Use the highest specificity among all domains
+      specificity.domainSpecificity = Math.max(
+        ...domains.map(d => DomainMatcher.calculateSpecificity(d))
+      );
+    }
+
+    // IP specificity (clientIp is an array of IPs)
+    if (route.match.clientIp && route.match.clientIp.length > 0) {
+      // Use the first IP pattern for specificity calculation
+      specificity.ipSpecificity = IpMatcher.calculateSpecificity(route.match.clientIp[0]);
+    }
+
+    // Header specificity (convert RegExp values to strings)
+    if (route.match.headers) {
+      const stringHeaders: Record<string, string> = {};
+      for (const [key, value] of Object.entries(route.match.headers)) {
+        stringHeaders[key] = value instanceof RegExp ? value.source : value;
+      }
+      specificity.headerSpecificity = HeaderMatcher.calculateSpecificity(stringHeaders);
+    }
+
+    // TLS version specificity
+    if (route.match.tlsVersion && route.match.tlsVersion.length > 0) {
+      specificity.tlsSpecificity = route.match.tlsVersion.length * 10;
+    }
+
+    // Calculate total score with weights
+    specificity.totalScore = 
+      specificity.pathSpecificity * 3 +      // Path is most important
+      specificity.domainSpecificity * 2 +    // Domain is second
+      specificity.ipSpecificity * 1.5 +      // IP is moderately important
+      specificity.headerSpecificity * 1 +    // Headers are less important
+      specificity.tlsSpecificity * 0.5;     // TLS is least important
+
+    return specificity;
+  }
+
+  /**
+   * Compare two routes and determine which is more specific
+   * @returns positive if route1 is more specific, negative if route2 is more specific, 0 if equal
+   */
+  static compare(route1: IRouteConfig, route2: IRouteConfig): number {
+    const spec1 = this.calculate(route1);
+    const spec2 = this.calculate(route2);
+
+    // First compare by total score
+    if (spec1.totalScore !== spec2.totalScore) {
+      return spec1.totalScore - spec2.totalScore;
+    }
+
+    // If total scores are equal, compare by individual components
+    // Path is most important tiebreaker
+    if (spec1.pathSpecificity !== spec2.pathSpecificity) {
+      return spec1.pathSpecificity - spec2.pathSpecificity;
+    }
+
+    // Then domain
+    if (spec1.domainSpecificity !== spec2.domainSpecificity) {
+      return spec1.domainSpecificity - spec2.domainSpecificity;
+    }
+
+    // Then IP
+    if (spec1.ipSpecificity !== spec2.ipSpecificity) {
+      return spec1.ipSpecificity - spec2.ipSpecificity;
+    }
+
+    // Then headers
+    if (spec1.headerSpecificity !== spec2.headerSpecificity) {
+      return spec1.headerSpecificity - spec2.headerSpecificity;
+    }
+
+    // Finally TLS
+    return spec1.tlsSpecificity - spec2.tlsSpecificity;
+  }
+
+  /**
+   * Sort routes by specificity (most specific first)
+   */
+  static sort(routes: IRouteConfig[]): IRouteConfig[] {
+    return [...routes].sort((a, b) => this.compare(b, a));
+  }
+
+  /**
+   * Find the most specific route from a list
+   */
+  static findMostSpecific(routes: IRouteConfig[]): IRouteConfig | null {
+    if (routes.length === 0) return null;
+    
+    return routes.reduce((most, current) => 
+      this.compare(current, most) > 0 ? current : most
+    );
+  }
+
+  /**
+   * Check if a route has any matching criteria
+   */
+  static hasMatchCriteria(route: IRouteConfig): boolean {
+    const match = route.match;
+    return !!(
+      match.domains ||
+      match.path ||
+      match.clientIp?.length ||
+      match.headers ||
+      match.tlsVersion?.length
+    );
+  }
+}

package/ts/core/routing/types.ts

@@ -0,0 +1,49 @@
+/**
+ * Core routing types used throughout the routing system
+ */
+
+export interface IPathMatchResult {
+  matches: boolean;
+  params?: Record<string, string>;
+  pathMatch?: string;
+  pathRemainder?: string;
+}
+
+export interface IRouteMatchResult {
+  matches: boolean;
+  score: number;
+  specificity: number;
+  matchedCriteria: string[];
+}
+
+export interface IDomainMatchOptions {
+  allowWildcards?: boolean;
+  caseInsensitive?: boolean;
+}
+
+export interface IIpMatchOptions {
+  allowCidr?: boolean;
+  allowRanges?: boolean;
+}
+
+export interface IHeaderMatchOptions {
+  caseInsensitive?: boolean;
+  exactMatch?: boolean;
+}
+
+export interface IRouteSpecificity {
+  pathSpecificity: number;
+  domainSpecificity: number;
+  ipSpecificity: number;
+  headerSpecificity: number;
+  tlsSpecificity: number;
+  totalScore: number;
+}
+
+export interface IMatcher<T = any, O = any> {
+  match(pattern: string, value: string, options?: O): T | boolean;
+}
+
+export interface IAsyncMatcher<T = any, O = any> {
+  match(pattern: string, value: string, options?: O): Promise<T | boolean>;
+}

package/ts/core/utils/index.ts

@@ -5,8 +5,6 @@
 export * from './validation-utils.js';
 export * from './ip-utils.js';
 export * from './template-utils.js';
-export * from './route-manager.js';
-export * from './route-utils.js';
 export * from './security-utils.js';
 export * from './shared-security-manager.js';
 export * from './websocket-utils.js';

package/ts/core/utils/security-utils.ts

@@ -1,9 +1,5 @@
 import * as plugins from '../../plugins.js';
-import { 
-  matchIpPattern, 
-  ipToNumber,
-  matchIpCidr
-} from './route-utils.js';
+import { IpMatcher } from '../routing/matchers/ip.js';
 
 /**
  * Security utilities for IP validation, rate limiting, 
@@ -90,7 +86,7 @@ export function isIPAuthorized(
   // First check if IP is blocked - blocked IPs take precedence
   if (blockedIPs.length > 0) {
     for (const pattern of blockedIPs) {
-      if (matchIpPattern(pattern, ip)) {
+      if (IpMatcher.match(pattern, ip)) {
         return false;
       }
     }
@@ -104,7 +100,7 @@ export function isIPAuthorized(
   // Then check if IP is allowed in the explicit allow list
   if (allowedIPs.length > 0) {
     for (const pattern of allowedIPs) {
-      if (matchIpPattern(pattern, ip)) {
+      if (IpMatcher.match(pattern, ip)) {
         return true;
       }
     }

package/ts/index.ts

@@ -2,28 +2,18 @@
  * SmartProxy main module exports
  */
 
-// Legacy exports (to maintain backward compatibility)
-// Migrated to the new proxies structure
+// NFTables proxy exports
 export * from './proxies/nftables-proxy/index.js';
 
-// Export HttpProxy elements selectively to avoid RouteManager ambiguity
+// Export HttpProxy elements
 export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './proxies/http-proxy/index.js';
 export type { IMetricsTracker, MetricsTracker } from './proxies/http-proxy/index.js';
-// Export models except IAcmeOptions to avoid conflict
 export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './proxies/http-proxy/models/types.js';
-export { RouteManager as HttpProxyRouteManager } from './proxies/http-proxy/models/types.js';
-
-// Backward compatibility exports (deprecated)
-export { HttpProxy as NetworkProxy } from './proxies/http-proxy/index.js';
-export type { IHttpProxyOptions as INetworkProxyOptions } from './proxies/http-proxy/models/types.js';
-export { HttpProxyBridge as NetworkProxyBridge } from './proxies/smart-proxy/index.js';
-
-// Certificate and Port80 modules have been removed - use SmartCertManager instead
-// Redirect module has been removed - use route-based redirects instead
+export { SharedRouteManager as HttpProxyRouteManager } from './core/routing/route-manager.js';
 
 // Export SmartProxy elements selectively to avoid RouteManager ambiguity
 export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler, SmartCertManager } from './proxies/smart-proxy/index.js';
-export { RouteManager } from './proxies/smart-proxy/route-manager.js';
+export { SharedRouteManager as RouteManager } from './core/routing/route-manager.js';
 // Export smart-proxy models
 export type { ISmartProxyOptions, IConnectionRecord, IRouteConfig, IRouteMatch, IRouteAction, IRouteTls, IRouteContext } from './proxies/smart-proxy/models/index.js';
 export type { TSmartProxyCertProvisionObject } from './proxies/smart-proxy/models/interfaces.js';

package/ts/proxies/http-proxy/http-proxy.ts

@@ -1,13 +1,11 @@
 import * as plugins from '../../plugins.js';
 import {
   createLogger,
-  RouteManager,
-  convertLegacyConfigToRouteConfig
 } from './models/types.js';
+import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
 import type {
   IHttpProxyOptions,
-  ILogger,
-  IReverseProxyConfig
+  ILogger
 } from './models/types.js';
 import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext, IHttpRouteContext } from '../../core/models/route-context.js';
@@ -16,8 +14,7 @@ import { CertificateManager } from './certificate-manager.js';
 import { ConnectionPool } from './connection-pool.js';
 import { RequestHandler, type IMetricsTracker } from './request-handler.js';
 import { WebSocketHandler } from './websocket-handler.js';
-import { ProxyRouter } from '../../routing/router/index.js';
-import { RouteRouter } from '../../routing/router/route-router.js';
+import { HttpRouter } from '../../routing/router/index.js';
 import { cleanupSocket } from '../../core/utils/socket-utils.js';
 import { FunctionCache } from './function-cache.js';
 
@@ -43,8 +40,7 @@ export class HttpProxy implements IMetricsTracker {
   private connectionPool: ConnectionPool;
   private requestHandler: RequestHandler;
   private webSocketHandler: WebSocketHandler;
-  private legacyRouter = new ProxyRouter(); // Legacy router for backward compatibility
-  private router = new RouteRouter(); // New modern router
+  private router = new HttpRouter(); // Unified HTTP router
   private routeManager: RouteManager;
   private functionCache: FunctionCache;
   
@@ -87,7 +83,6 @@ export class HttpProxy implements IMetricsTracker {
       // Defaults for SmartProxy integration
       connectionPoolSize: optionsArg.connectionPoolSize || 50,
       portProxyIntegration: optionsArg.portProxyIntegration || false,
-      useExternalPort80Handler: optionsArg.useExternalPort80Handler || false,
       // Backend protocol (http1 or http2)
       backendProtocol: optionsArg.backendProtocol || 'http1',
       // Default ACME options
@@ -107,7 +102,11 @@ export class HttpProxy implements IMetricsTracker {
     this.logger = createLogger(this.options.logLevel);
 
     // Initialize route manager
-    this.routeManager = new RouteManager(this.logger);
+    this.routeManager = new RouteManager({
+      logger: this.logger,
+      enableDetailedLogging: this.options.logLevel === 'debug',
+      routes: []
+    });
 
     // Initialize function cache
     this.functionCache = new FunctionCache(this.logger, {
@@ -121,15 +120,13 @@ export class HttpProxy implements IMetricsTracker {
     this.requestHandler = new RequestHandler(
       this.options,
       this.connectionPool,
-      this.legacyRouter, // Still use legacy router for backward compatibility
       this.routeManager,
       this.functionCache,
-      this.router // Pass the new modern router as well
+      this.router
     );
     this.webSocketHandler = new WebSocketHandler(
       this.options,
       this.connectionPool,
-      this.legacyRouter,
       this.routes // Pass current routes to WebSocketHandler
     );
 
@@ -429,65 +426,13 @@ export class HttpProxy implements IMetricsTracker {
       }
     }
 
-    // Create legacy proxy configs for the router
-    // This is only needed for backward compatibility with ProxyRouter
-    
-    const defaultPort = 443; // Default port for HTTPS when using 'preserve'
-    // and will be removed in the future
-    const legacyConfigs: IReverseProxyConfig[] = [];
-
-    for (const domain of currentHostnames) {
-      // Find route for this domain
-      const route = routes.find(r => {
-        const domains = Array.isArray(r.match.domains) ? r.match.domains : [r.match.domains];
-        return domains.includes(domain);
-      });
-
-      if (!route || route.action.type !== 'forward' || !route.action.target) {
-        continue;
-      }
-
-      // Skip routes with function-based targets - we'll handle them during request processing
-      if (typeof route.action.target.host === 'function' || typeof route.action.target.port === 'function') {
-        this.logger.info(`Domain ${domain} uses function-based targets - will be handled at request time`);
-        continue;
-      }
-
-      // Extract static target information
-      const targetHosts = Array.isArray(route.action.target.host)
-        ? route.action.target.host
-        : [route.action.target.host];
-
-      // Handle 'preserve' port value
-      const targetPort = route.action.target.port === 'preserve' ? defaultPort : route.action.target.port;
-
-      // Get certificate information
-      const certData = certificateUpdates.get(domain);
-      const defaultCerts = this.certificateManager.getDefaultCertificates();
-
-      legacyConfigs.push({
-        hostName: domain,
-        destinationIps: targetHosts,
-        destinationPorts: [targetPort],
-        privateKey: certData?.key || defaultCerts.key,
-        publicKey: certData?.cert || defaultCerts.cert
-      });
-    }
-
-    // Update the router with legacy configs
-    // Handle both old and new router interfaces
-    if (typeof this.router.setRoutes === 'function') {
-      this.router.setRoutes(routes);
-    } else if (typeof this.router.setNewProxyConfigs === 'function') {
-      this.router.setNewProxyConfigs(legacyConfigs);
-    } else {
-      this.logger.warn('Router has no recognized configuration method');
-    }
+    // Update the router with new routes
+    this.router.setRoutes(routes);
 
     // Update WebSocket handler with new routes
     this.webSocketHandler.setRoutes(routes);
 
-    this.logger.info(`Route configuration updated with ${routes.length} routes and ${legacyConfigs.length} proxy configs`);
+    this.logger.info(`Route configuration updated with ${routes.length} routes`);
   }
 
   // Legacy methods have been removed.