@push.rocks/smartproxy 19.5.19 → 19.5.20

package/ts/proxies/smart-proxy/connection-manager.ts

@@ -5,6 +5,7 @@ import { TimeoutManager } from './timeout-manager.js';
 import { logger } from '../../core/utils/logger.js';
 import { LifecycleComponent } from '../../core/utils/lifecycle-component.js';
 import { cleanupSocket } from '../../core/utils/socket-utils.js';
+import { WrappedSocket } from '../../core/models/wrapped-socket.js';
 
 /**
  * Manages connection lifecycle, tracking, and cleanup with performance optimizations
@@ -53,8 +54,9 @@ export class ConnectionManager extends LifecycleComponent {
   
   /**
    * Create and track a new connection
+   * Accepts either a regular net.Socket or a WrappedSocket for transparent PROXY protocol support
    */
-  public createConnection(socket: plugins.net.Socket): IConnectionRecord | null {
+  public createConnection(socket: plugins.net.Socket | WrappedSocket): IConnectionRecord | null {
     // Enforce connection limit
     if (this.connectionRecords.size >= this.maxConnections) {
       logger.log('warn', `Connection limit reached (${this.maxConnections}). Rejecting new connection.`, {
@@ -282,22 +284,26 @@ export class ConnectionManager extends LifecycleComponent {
       const cleanupPromises: Promise<void>[] = [];
       
       if (record.incoming) {
+        // Extract underlying socket if it's a WrappedSocket
+        const incomingSocket = record.incoming instanceof WrappedSocket ? record.incoming.socket : record.incoming;
         if (!record.incoming.writable || record.incoming.destroyed) {
           // Socket is not active, clean up immediately
-          cleanupPromises.push(cleanupSocket(record.incoming, `${record.id}-incoming`, { immediate: true }));
+          cleanupPromises.push(cleanupSocket(incomingSocket, `${record.id}-incoming`, { immediate: true }));
         } else {
           // Socket is still active, allow graceful cleanup
-          cleanupPromises.push(cleanupSocket(record.incoming, `${record.id}-incoming`, { allowDrain: true, gracePeriod: 5000 }));
+          cleanupPromises.push(cleanupSocket(incomingSocket, `${record.id}-incoming`, { allowDrain: true, gracePeriod: 5000 }));
         }
       }
       
       if (record.outgoing) {
+        // Extract underlying socket if it's a WrappedSocket
+        const outgoingSocket = record.outgoing instanceof WrappedSocket ? record.outgoing.socket : record.outgoing;
         if (!record.outgoing.writable || record.outgoing.destroyed) {
           // Socket is not active, clean up immediately
-          cleanupPromises.push(cleanupSocket(record.outgoing, `${record.id}-outgoing`, { immediate: true }));
+          cleanupPromises.push(cleanupSocket(outgoingSocket, `${record.id}-outgoing`, { immediate: true }));
         } else {
           // Socket is still active, allow graceful cleanup
-          cleanupPromises.push(cleanupSocket(record.outgoing, `${record.id}-outgoing`, { allowDrain: true, gracePeriod: 5000 }));
+          cleanupPromises.push(cleanupSocket(outgoingSocket, `${record.id}-outgoing`, { allowDrain: true, gracePeriod: 5000 }));
         }
       }
       
@@ -570,11 +576,13 @@ export class ConnectionManager extends LifecycleComponent {
           const shutdownPromises: Promise<void>[] = [];
           
           if (record.incoming) {
-            shutdownPromises.push(cleanupSocket(record.incoming, `${record.id}-incoming-shutdown`, { immediate: true }));
+            const incomingSocket = record.incoming instanceof WrappedSocket ? record.incoming.socket : record.incoming;
+            shutdownPromises.push(cleanupSocket(incomingSocket, `${record.id}-incoming-shutdown`, { immediate: true }));
           }
 
           if (record.outgoing) {
-            shutdownPromises.push(cleanupSocket(record.outgoing, `${record.id}-outgoing-shutdown`, { immediate: true }));
+            const outgoingSocket = record.outgoing instanceof WrappedSocket ? record.outgoing.socket : record.outgoing;
+            shutdownPromises.push(cleanupSocket(outgoingSocket, `${record.id}-outgoing-shutdown`, { immediate: true }));
           }
           
           // Don't wait for shutdown cleanup in this batch processing

package/ts/proxies/smart-proxy/http-proxy-bridge.ts

@@ -3,6 +3,7 @@ import { HttpProxy } from '../http-proxy/index.js';
 import { setupBidirectionalForwarding } from '../../core/utils/socket-utils.js';
 import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
 import type { IRouteConfig } from './models/route-types.js';
+import { WrappedSocket } from '../../core/models/wrapped-socket.js';
 
 export class HttpProxyBridge {
   private httpProxy: HttpProxy | null = null;
@@ -98,7 +99,7 @@ export class HttpProxyBridge {
    */
   public async forwardToHttpProxy(
     connectionId: string,
-    socket: plugins.net.Socket,
+    socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     initialChunk: Buffer,
     httpProxyPort: number,
@@ -125,7 +126,10 @@ export class HttpProxyBridge {
     }
     
     // Use centralized bidirectional forwarding
-    setupBidirectionalForwarding(socket, proxySocket, {
+    // Extract underlying socket if it's a WrappedSocket
+    const underlyingSocket = socket instanceof WrappedSocket ? socket.socket : socket;
+    
+    setupBidirectionalForwarding(underlyingSocket, proxySocket, {
       onClientData: (chunk) => {
         // Update stats if needed
         if (record) {

package/ts/proxies/smart-proxy/index.ts

@@ -17,7 +17,7 @@ export { TlsManager } from './tls-manager.js';
 export { HttpProxyBridge } from './http-proxy-bridge.js';
 
 // Export route-based components
-export { RouteManager } from './route-manager.js';
+export { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
 export { RouteConnectionHandler } from './route-connection-handler.js';
 export { NFTablesManager } from './nftables-manager.js';
 

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -1,4 +1,5 @@
 import * as plugins from '../../../plugins.js';
+import type { WrappedSocket } from '../../../core/models/wrapped-socket.js';
 // Certificate types removed - define IAcmeOptions locally
 export interface IAcmeOptions {
   enabled?: boolean;
@@ -34,6 +35,11 @@ export interface ISmartProxyOptions {
   // Port configuration
   preserveSourceIP?: boolean;  // Preserve client IP when forwarding
 
+  // PROXY protocol configuration
+  proxyIPs?: string[];  // List of trusted proxy IPs that can send PROXY protocol
+  acceptProxyProtocol?: boolean;  // Global option to accept PROXY protocol (defaults based on proxyIPs)
+  sendProxyProtocol?: boolean;  // Global option to send PROXY protocol to all targets
+
   // Global/default settings
   defaults?: {
     target?: {
@@ -128,8 +134,8 @@ export interface ISmartProxyOptions {
  */
 export interface IConnectionRecord {
   id: string; // Unique connection identifier
-  incoming: plugins.net.Socket;
-  outgoing: plugins.net.Socket | null;
+  incoming: plugins.net.Socket | WrappedSocket;
+  outgoing: plugins.net.Socket | WrappedSocket | null;
   incomingStartTime: number;
   outgoingStartTime?: number;
   outgoingClosedTime?: number;

package/ts/proxies/smart-proxy/route-connection-handler.ts

@@ -2,14 +2,17 @@ import * as plugins from '../../plugins.js';
 import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
 import { logger } from '../../core/utils/logger.js';
 // Route checking functions have been removed
-import type { IRouteConfig, IRouteAction, IRouteContext } from './models/route-types.js';
+import type { IRouteConfig, IRouteAction } from './models/route-types.js';
+import type { IRouteContext } from '../../core/models/route-context.js';
 import { ConnectionManager } from './connection-manager.js';
 import { SecurityManager } from './security-manager.js';
 import { TlsManager } from './tls-manager.js';
 import { HttpProxyBridge } from './http-proxy-bridge.js';
 import { TimeoutManager } from './timeout-manager.js';
-import { RouteManager } from './route-manager.js';
+import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
 import { cleanupSocket, createIndependentSocketHandlers, setupSocketHandlers, createSocketWithErrorHandler, setupBidirectionalForwarding } from '../../core/utils/socket-utils.js';
+import { WrappedSocket } from '../../core/models/wrapped-socket.js';
+import { getUnderlyingSocket } from '../../core/models/socket-types.js';
 
 /**
  * Handles new connection processing and setup logic with support for route-based configuration
@@ -80,39 +83,52 @@ export class RouteConnectionHandler {
     const remoteIP = socket.remoteAddress || '';
     const localPort = socket.localPort || 0;
 
+    // Always wrap the socket to prepare for potential PROXY protocol
+    const wrappedSocket = new WrappedSocket(socket);
+    
+    // If this is from a trusted proxy, log it
+    if (this.settings.proxyIPs?.includes(remoteIP)) {
+      logger.log('debug', `Connection from trusted proxy ${remoteIP}, PROXY protocol parsing will be enabled`, {
+        remoteIP,
+        component: 'route-handler'
+      });
+    }
+
     // Validate IP against rate limits and connection limits
-    const ipValidation = this.securityManager.validateIP(remoteIP);
+    // Note: For wrapped sockets, this will use the underlying socket IP until PROXY protocol is parsed
+    const ipValidation = this.securityManager.validateIP(wrappedSocket.remoteAddress || '');
     if (!ipValidation.allowed) {
-      logger.log('warn', `Connection rejected`, { remoteIP, reason: ipValidation.reason, component: 'route-handler' });
-      cleanupSocket(socket, `rejected-${ipValidation.reason}`, { immediate: true });
+      logger.log('warn', `Connection rejected`, { remoteIP: wrappedSocket.remoteAddress, reason: ipValidation.reason, component: 'route-handler' });
+      cleanupSocket(wrappedSocket.socket, `rejected-${ipValidation.reason}`, { immediate: true });
       return;
     }
 
-    // Create a new connection record
-    const record = this.connectionManager.createConnection(socket);
+    // Create a new connection record with the wrapped socket
+    const record = this.connectionManager.createConnection(wrappedSocket);
     if (!record) {
       // Connection was rejected due to limit - socket already destroyed by connection manager
       return;
     }
     const connectionId = record.id;
 
-    // Apply socket optimizations
-    socket.setNoDelay(this.settings.noDelay);
+    // Apply socket optimizations (apply to underlying socket)
+    const underlyingSocket = wrappedSocket.socket;
+    underlyingSocket.setNoDelay(this.settings.noDelay);
 
     // Apply keep-alive settings if enabled
     if (this.settings.keepAlive) {
-      socket.setKeepAlive(true, this.settings.keepAliveInitialDelay);
+      underlyingSocket.setKeepAlive(true, this.settings.keepAliveInitialDelay);
       record.hasKeepAlive = true;
 
       // Apply enhanced TCP keep-alive options if enabled
       if (this.settings.enableKeepAliveProbes) {
         try {
           // These are platform-specific and may not be available
-          if ('setKeepAliveProbes' in socket) {
-            (socket as any).setKeepAliveProbes(10);
+          if ('setKeepAliveProbes' in underlyingSocket) {
+            (underlyingSocket as any).setKeepAliveProbes(10);
           }
-          if ('setKeepAliveInterval' in socket) {
-            (socket as any).setKeepAliveInterval(1000);
+          if ('setKeepAliveInterval' in underlyingSocket) {
+            (underlyingSocket as any).setKeepAliveInterval(1000);
           }
         } catch (err) {
           // Ignore errors - these are optional enhancements
@@ -150,19 +166,19 @@ export class RouteConnectionHandler {
     }
 
     // Handle the connection - wait for initial data to determine if it's TLS
-    this.handleInitialData(socket, record);
+    this.handleInitialData(wrappedSocket, record);
   }
 
   /**
    * Handle initial data from a connection to determine routing
    */
-  private handleInitialData(socket: plugins.net.Socket, record: IConnectionRecord): void {
+  private handleInitialData(socket: plugins.net.Socket | WrappedSocket, record: IConnectionRecord): void {
     const connectionId = record.id;
     const localPort = record.localPort;
     let initialDataReceived = false;
 
     // Check if any routes on this port require TLS handling
-    const allRoutes = this.routeManager.getAllRoutes();
+    const allRoutes = this.routeManager.getRoutes();
     const needsTlsHandling = allRoutes.some(route => {
       // Check if route matches this port
       const matchesPort = this.routeManager.getRoutesForPort(localPort).includes(route);
@@ -176,9 +192,11 @@ export class RouteConnectionHandler {
 
     // If no routes require TLS handling and it's not port 443, route immediately
     if (!needsTlsHandling && localPort !== 443) {
+      // Extract underlying socket for socket-utils functions
+      const underlyingSocket = getUnderlyingSocket(socket);
       // Set up proper socket handlers for immediate routing
       setupSocketHandlers(
-        socket,
+        underlyingSocket,
         (reason) => {
           // Only cleanup if connection hasn't been fully established
           // Check if outgoing connection exists and is connected
@@ -370,7 +388,7 @@ export class RouteConnectionHandler {
    * Route the connection based on match criteria
    */
   private routeConnection(
-    socket: plugins.net.Socket,
+    socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     serverName: string,
     initialChunk?: Buffer
@@ -385,15 +403,21 @@ export class RouteConnectionHandler {
     // For HTTP proxy ports without TLS, skip domain check since domain info comes from HTTP headers
     const skipDomainCheck = isHttpProxyPort && !record.isTLS;
 
-    // Find matching route
-    const routeMatch = this.routeManager.findMatchingRoute({
+    // Create route context for matching
+    const routeContext: IRouteContext = {
       port: localPort,
-      domain: serverName,
+      domain: skipDomainCheck ? undefined : serverName, // Skip domain if HTTP proxy without TLS
       clientIp: remoteIP,
+      serverIp: socket.localAddress || '',
       path: undefined, // We don't have path info at this point
+      isTls: record.isTLS,
       tlsVersion: undefined, // We don't extract TLS version yet
-      skipDomainCheck: skipDomainCheck,
-    });
+      timestamp: Date.now(),
+      connectionId: record.id
+    };
+
+    // Find matching route
+    const routeMatch = this.routeManager.findMatchingRoute(routeContext);
 
     if (!routeMatch) {
       logger.log('warn', `No route found for ${serverName || 'connection'} on port ${localPort} (connection: ${connectionId})`, {
@@ -552,7 +576,7 @@ export class RouteConnectionHandler {
    * Handle a forward action for a route
    */
   private handleForwardAction(
-    socket: plugins.net.Socket,
+    socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     route: IRouteConfig,
     initialChunk?: Buffer
@@ -869,7 +893,7 @@ export class RouteConnectionHandler {
    * Handle a socket-handler action for a route
    */
   private async handleSocketHandlerAction(
-    socket: plugins.net.Socket,
+    socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     route: IRouteConfig,
     initialChunk?: Buffer
@@ -933,8 +957,9 @@ export class RouteConnectionHandler {
     });
     
     try {
-      // Call the handler with socket AND context
-      const result = route.action.socketHandler(socket, routeContext);
+      // Call the handler with the appropriate socket (extract underlying if needed)
+      const handlerSocket = getUnderlyingSocket(socket);
+      const result = route.action.socketHandler(handlerSocket, routeContext);
       
       // Handle async handlers properly
       if (result instanceof Promise) {
@@ -988,7 +1013,7 @@ export class RouteConnectionHandler {
    * Sets up a direct connection to the target
    */
   private setupDirectConnection(
-    socket: plugins.net.Socket,
+    socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     serverName?: string,
     initialChunk?: Buffer,
@@ -1138,7 +1163,10 @@ export class RouteConnectionHandler {
         }
 
         // Use centralized bidirectional forwarding setup
-        setupBidirectionalForwarding(socket, targetSocket, {
+        // Extract underlying sockets for socket-utils functions
+        const incomingSocket = getUnderlyingSocket(socket);
+        
+        setupBidirectionalForwarding(incomingSocket, targetSocket, {
           onClientData: (chunk) => {
             record.bytesReceived += chunk.length;
             this.timeoutManager.updateActivity(record);

package/ts/proxies/smart-proxy/smart-proxy.ts

@@ -8,7 +8,7 @@ import { TlsManager } from './tls-manager.js';
 import { HttpProxyBridge } from './http-proxy-bridge.js';
 import { TimeoutManager } from './timeout-manager.js';
 import { PortManager } from './port-manager.js';
-import { RouteManager } from './route-manager.js';
+import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
 import { RouteConnectionHandler } from './route-connection-handler.js';
 import { NFTablesManager } from './nftables-manager.js';
 
@@ -162,8 +162,20 @@ export class SmartProxy extends plugins.EventEmitter {
       this.timeoutManager
     );
     
-    // Create the route manager
-    this.routeManager = new RouteManager(this.settings);
+    // Create the route manager with SharedRouteManager API
+    // Create a logger adapter to match ILogger interface
+    const loggerAdapter = {
+      debug: (message: string, data?: any) => logger.log('debug', message, data),
+      info: (message: string, data?: any) => logger.log('info', message, data),
+      warn: (message: string, data?: any) => logger.log('warn', message, data),
+      error: (message: string, data?: any) => logger.log('error', message, data)
+    };
+    
+    this.routeManager = new RouteManager({
+      logger: loggerAdapter,
+      enableDetailedLogging: this.settings.enableDetailedLogging,
+      routes: this.settings.routes
+    });
 
     
     // Create other required components

package/ts/proxies/smart-proxy/utils/route-utils.ts

@@ -92,6 +92,8 @@ export function mergeRouteConfigs(
   return mergedRoute;
 }
 
+import { DomainMatcher, PathMatcher, HeaderMatcher } from '../../../core/routing/matchers/index.js';
+
 /**
  * Check if a route matches a domain
  * @param route The route to check
@@ -107,14 +109,7 @@ export function routeMatchesDomain(route: IRouteConfig, domain: string): boolean
     ? route.match.domains 
     : [route.match.domains];
   
-  return domains.some(d => {
-    // Handle wildcard domains
-    if (d.startsWith('*.')) {
-      const suffix = d.substring(2);
-      return domain.endsWith(suffix) && domain.split('.').length > suffix.split('.').length;
-    }
-    return d.toLowerCase() === domain.toLowerCase();
-  });
+  return domains.some(d => DomainMatcher.match(d, domain));
 }
 
 /**
@@ -160,28 +155,7 @@ export function routeMatchesPath(route: IRouteConfig, path: string): boolean {
     return true; // No path specified means it matches any path
   }
   
-  // Handle exact path
-  if (route.match.path === path) {
-    return true;
-  }
-  
-  // Handle path prefix with trailing slash (e.g., /api/)
-  if (route.match.path.endsWith('/') && path.startsWith(route.match.path)) {
-    return true;
-  }
-  
-  // Handle exact path match without trailing slash
-  if (!route.match.path.endsWith('/') && path === route.match.path) {
-    return true;
-  }
-  
-  // Handle wildcard paths (e.g., /api/*)
-  if (route.match.path.endsWith('*')) {
-    const prefix = route.match.path.slice(0, -1);
-    return path.startsWith(prefix);
-  }
-  
-  return false;
+  return PathMatcher.match(route.match.path, path).matches;
 }
 
 /**
@@ -198,25 +172,13 @@ export function routeMatchesHeaders(
     return true; // No headers specified means it matches any headers
   }
   
-  // Check each header in the route's match criteria
-  return Object.entries(route.match.headers).every(([key, value]) => {
-    // If the header isn't present in the request, it doesn't match
-    if (!headers[key]) {
-      return false;
-    }
-    
-    // Handle exact match
-    if (typeof value === 'string') {
-      return headers[key] === value;
-    }
-    
-    // Handle regex match
-    if (value instanceof RegExp) {
-      return value.test(headers[key]);
-    }
-    
-    return false;
-  });
+  // Convert RegExp patterns to strings for HeaderMatcher
+  const stringHeaders: Record<string, string> = {};
+  for (const [key, value] of Object.entries(route.match.headers)) {
+    stringHeaders[key] = value instanceof RegExp ? value.source : value;
+  }
+  
+  return HeaderMatcher.matchAll(stringHeaders, headers);
 }
 
 /**