@push.rocks/smartproxy 19.5.4 → 19.5.5

package/ts/proxies/nftables-proxy/nftables-proxy.ts

@@ -3,6 +3,8 @@ import { promisify } from 'util';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
+import { delay } from '../../core/utils/async-utils.js';
+import { AsyncFileSystem } from '../../core/utils/fs-utils.js';
 import {
   NftBaseError,
   NftValidationError,
@@ -208,7 +210,7 @@ export class NfTablesProxy {
         
         // Wait before retry, unless it's the last attempt
         if (i < maxRetries - 1) {
-          await new Promise(resolve => setTimeout(resolve, retryDelayMs));
+          await delay(retryDelayMs);
         }
       }
     }
@@ -218,8 +220,13 @@ export class NfTablesProxy {
 
   /**
    * Execute system command synchronously with multiple attempts
+   * @deprecated This method blocks the event loop and should be avoided. Use executeWithRetry instead.
+   * WARNING: This method contains a busy wait loop that will block the entire Node.js event loop!
    */
   private executeWithRetrySync(command: string, maxRetries = 3, retryDelayMs = 1000): string {
+    // Log deprecation warning
+    console.warn('[DEPRECATION WARNING] executeWithRetrySync blocks the event loop and should not be used. Consider using the async executeWithRetry method instead.');
+    
     let lastError: Error | undefined;
     
     for (let i = 0; i < maxRetries; i++) {
@@ -231,10 +238,12 @@ export class NfTablesProxy {
         
         // Wait before retry, unless it's the last attempt
         if (i < maxRetries - 1) {
-          // A naive sleep in sync context
+          // CRITICAL: This busy wait loop blocks the entire event loop!
+          // This is a temporary fallback for sync contexts only.
+          // TODO: Remove this method entirely and make all callers async
           const waitUntil = Date.now() + retryDelayMs;
           while (Date.now() < waitUntil) {
-            // busy wait - not great, but this is a fallback method
+            // Busy wait - blocks event loop
           }
         }
       }
@@ -243,6 +252,26 @@ export class NfTablesProxy {
     throw new NftExecutionError(`Failed after ${maxRetries} attempts: ${lastError?.message || 'Unknown error'}`);
   }
 
+  /**
+   * Execute nftables commands with a temporary file
+   * This helper handles the common pattern of writing rules to a temp file,
+   * executing nftables with the file, and cleaning up
+   */
+  private async executeWithTempFile(rulesetContent: string): Promise<void> {
+    await AsyncFileSystem.writeFile(this.tempFilePath, rulesetContent);
+    
+    try {
+      await this.executeWithRetry(
+        `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
+        this.settings.maxRetries,
+        this.settings.retryDelayMs
+      );
+    } finally {
+      // Always clean up the temp file
+      await AsyncFileSystem.remove(this.tempFilePath);
+    }
+  }
+
   /**
    * Checks if nftables is available and the required modules are loaded
    */
@@ -545,15 +574,8 @@ export class NfTablesProxy {
       
       // Only write and apply if we have rules to add
       if (rulesetContent) {
-        // Write the ruleset to a temporary file
-        fs.writeFileSync(this.tempFilePath, rulesetContent);
-        
-        // Apply the ruleset
-        await this.executeWithRetry(
-          `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-          this.settings.maxRetries,
-          this.settings.retryDelayMs
-        );
+        // Apply the ruleset using the helper
+        await this.executeWithTempFile(rulesetContent);
         
         this.log('info', `Added source IP filter rules for ${family}`);
         
@@ -566,9 +588,6 @@ export class NfTablesProxy {
             await this.verifyRuleApplication(rule);
           }
         }
-        
-        // Remove the temporary file
-        fs.unlinkSync(this.tempFilePath);
       }
       
       return true;
@@ -663,13 +682,7 @@ export class NfTablesProxy {
         
         // Apply the rules if we have any
         if (rulesetContent) {
-          fs.writeFileSync(this.tempFilePath, rulesetContent);
-          
-          await this.executeWithRetry(
-            `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-            this.settings.maxRetries,
-            this.settings.retryDelayMs
-          );
+          await this.executeWithTempFile(rulesetContent);
           
           this.log('info', `Added advanced NAT rules for ${family}`);
           
@@ -682,9 +695,6 @@ export class NfTablesProxy {
               await this.verifyRuleApplication(rule);
             }
           }
-          
-          // Remove the temporary file
-          fs.unlinkSync(this.tempFilePath);
         }
       }
       
@@ -816,15 +826,8 @@ export class NfTablesProxy {
       
       // Apply the ruleset if we have any rules
       if (rulesetContent) {
-        // Write to temporary file
-        fs.writeFileSync(this.tempFilePath, rulesetContent);
-        
-        // Apply the ruleset
-        await this.executeWithRetry(
-          `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-          this.settings.maxRetries,
-          this.settings.retryDelayMs
-        );
+        // Apply the ruleset using the helper
+        await this.executeWithTempFile(rulesetContent);
         
         this.log('info', `Added port forwarding rules for ${family}`);
         
@@ -837,9 +840,6 @@ export class NfTablesProxy {
             await this.verifyRuleApplication(rule);
           }
         }
-        
-        // Remove temporary file
-        fs.unlinkSync(this.tempFilePath);
       }
       
       return true;
@@ -931,15 +931,7 @@ export class NfTablesProxy {
       
       // Apply the ruleset if we have any rules
       if (rulesetContent) {
-        // Write to temporary file
-        fs.writeFileSync(this.tempFilePath, rulesetContent);
-        
-        // Apply the ruleset
-        await this.executeWithRetry(
-          `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-          this.settings.maxRetries,
-          this.settings.retryDelayMs
-        );
+        await this.executeWithTempFile(rulesetContent);
         
         this.log('info', `Added port forwarding rules for ${family}`);
         
@@ -952,9 +944,6 @@ export class NfTablesProxy {
             await this.verifyRuleApplication(rule);
           }
         }
-        
-        // Remove temporary file
-        fs.unlinkSync(this.tempFilePath);
       }
       
       return true;
@@ -1027,15 +1016,8 @@ export class NfTablesProxy {
       
       // Apply the ruleset if we have any rules
       if (rulesetContent) {
-        // Write to temporary file
-        fs.writeFileSync(this.tempFilePath, rulesetContent);
-        
-        // Apply the ruleset
-        await this.executeWithRetry(
-          `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-          this.settings.maxRetries,
-          this.settings.retryDelayMs
-        );
+        // Apply the ruleset using the helper
+        await this.executeWithTempFile(rulesetContent);
         
         this.log('info', `Added QoS rules for ${family}`);
         
@@ -1048,9 +1030,6 @@ export class NfTablesProxy {
             await this.verifyRuleApplication(rule);
           }
         }
-        
-        // Remove temporary file
-        fs.unlinkSync(this.tempFilePath);
       }
       
       return true;
@@ -1615,25 +1594,27 @@ export class NfTablesProxy {
       // Apply the ruleset if we have any rules to delete
       if (rulesetContent) {
         // Write to temporary file
-        fs.writeFileSync(this.tempFilePath, rulesetContent);
-        
-        // Apply the ruleset
-        await this.executeWithRetry(
-          `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
-          this.settings.maxRetries,
-          this.settings.retryDelayMs
-        );
-        
-        this.log('info', 'Removed all added rules');
-        
-        // Mark all rules as removed
-        this.rules.forEach(rule => {
-          rule.added = false;
-          rule.verified = false;
-        });
+        await AsyncFileSystem.writeFile(this.tempFilePath, rulesetContent);
         
-        // Remove temporary file
-        fs.unlinkSync(this.tempFilePath);
+        try {
+          // Apply the ruleset
+          await this.executeWithRetry(
+            `${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
+            this.settings.maxRetries,
+            this.settings.retryDelayMs
+          );
+          
+          this.log('info', 'Removed all added rules');
+          
+          // Mark all rules as removed
+          this.rules.forEach(rule => {
+            rule.added = false;
+            rule.verified = false;
+          });
+        } finally {
+          // Remove temporary file
+          await AsyncFileSystem.remove(this.tempFilePath);
+        }
       }
       
       // Clean up IP sets if we created any
@@ -1862,8 +1843,12 @@ export class NfTablesProxy {
 
   /**
    * Synchronous version of cleanSlate
+   * @deprecated This method blocks the event loop and should be avoided. Use cleanSlate() instead.
+   * WARNING: This method uses execSync which blocks the entire Node.js event loop!
    */
   public static cleanSlateSync(): void {
+    console.warn('[DEPRECATION WARNING] cleanSlateSync blocks the event loop and should not be used. Consider using the async cleanSlate() method instead.');
+    
     try {
       // Check for rules with our comment pattern
       const stdout = execSync(`${NfTablesProxy.NFT_CMD} list ruleset`).toString();

package/ts/proxies/smart-proxy/cert-store.ts

@@ -1,36 +1,34 @@
 import * as plugins from '../../plugins.js';
+import { AsyncFileSystem } from '../../core/utils/fs-utils.js';
 import type { ICertificateData } from './certificate-manager.js';
 
 export class CertStore {
   constructor(private certDir: string) {}
   
   public async initialize(): Promise<void> {
-    await plugins.smartfile.fs.ensureDirSync(this.certDir);
+    await AsyncFileSystem.ensureDir(this.certDir);
   }
   
   public async getCertificate(routeName: string): Promise<ICertificateData | null> {
     const certPath = this.getCertPath(routeName);
     const metaPath = `${certPath}/meta.json`;
     
-    if (!await plugins.smartfile.fs.fileExistsSync(metaPath)) {
+    if (!await AsyncFileSystem.exists(metaPath)) {
       return null;
     }
     
     try {
-      const metaFile = await plugins.smartfile.SmartFile.fromFilePath(metaPath);
-      const meta = JSON.parse(metaFile.contents.toString());
+      const meta = await AsyncFileSystem.readJSON(metaPath);
       
-      const certFile = await plugins.smartfile.SmartFile.fromFilePath(`${certPath}/cert.pem`);
-      const cert = certFile.contents.toString();
-      
-      const keyFile = await plugins.smartfile.SmartFile.fromFilePath(`${certPath}/key.pem`);
-      const key = keyFile.contents.toString();
+      const [cert, key] = await Promise.all([
+        AsyncFileSystem.readFile(`${certPath}/cert.pem`),
+        AsyncFileSystem.readFile(`${certPath}/key.pem`)
+      ]);
       
       let ca: string | undefined;
       const caPath = `${certPath}/ca.pem`;
-      if (await plugins.smartfile.fs.fileExistsSync(caPath)) {
-        const caFile = await plugins.smartfile.SmartFile.fromFilePath(caPath);
-        ca = caFile.contents.toString();
+      if (await AsyncFileSystem.exists(caPath)) {
+        ca = await AsyncFileSystem.readFile(caPath);
       }
       
       return {
@@ -51,14 +49,18 @@ export class CertStore {
     certData: ICertificateData
   ): Promise<void> {
     const certPath = this.getCertPath(routeName);
-    await plugins.smartfile.fs.ensureDirSync(certPath);
+    await AsyncFileSystem.ensureDir(certPath);
     
-    // Save certificate files
-    await plugins.smartfile.memory.toFs(certData.cert, `${certPath}/cert.pem`);
-    await plugins.smartfile.memory.toFs(certData.key, `${certPath}/key.pem`);
+    // Save certificate files in parallel
+    const savePromises = [
+      AsyncFileSystem.writeFile(`${certPath}/cert.pem`, certData.cert),
+      AsyncFileSystem.writeFile(`${certPath}/key.pem`, certData.key)
+    ];
     
     if (certData.ca) {
-      await plugins.smartfile.memory.toFs(certData.ca, `${certPath}/ca.pem`);
+      savePromises.push(
+        AsyncFileSystem.writeFile(`${certPath}/ca.pem`, certData.ca)
+      );
     }
     
     // Save metadata
@@ -68,13 +70,17 @@ export class CertStore {
       savedAt: new Date().toISOString()
     };
     
-    await plugins.smartfile.memory.toFs(JSON.stringify(meta, null, 2), `${certPath}/meta.json`);
+    savePromises.push(
+      AsyncFileSystem.writeJSON(`${certPath}/meta.json`, meta)
+    );
+    
+    await Promise.all(savePromises);
   }
   
   public async deleteCertificate(routeName: string): Promise<void> {
     const certPath = this.getCertPath(routeName);
-    if (await plugins.smartfile.fs.fileExistsSync(certPath)) {
-      await plugins.smartfile.fs.removeManySync([certPath]);
+    if (await AsyncFileSystem.isDirectory(certPath)) {
+      await AsyncFileSystem.removeDir(certPath);
     }
   }