@push.rocks/smartproxy 19.6.13 → 19.6.14

package/ts/proxies/smart-proxy/route-connection-handler.ts

@@ -1,6 +1,7 @@
 import * as plugins from '../../plugins.js';
 import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
 import { logger } from '../../core/utils/logger.js';
+import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
 // Route checking functions have been removed
 import type { IRouteConfig, IRouteAction } from './models/route-types.js';
 import type { IRouteContext } from '../../core/models/route-context.js';
@@ -563,12 +564,20 @@ export class RouteConnectionHandler {
         );
 
         if (!isIPAllowed) {
-          logger.log('warn', `IP ${remoteIP} blocked by route security for route ${route.name || 'unnamed'} (connection: ${connectionId})`, {
-            connectionId,
-            remoteIP,
-            routeName: route.name || 'unnamed',
-            component: 'route-handler'
-          });
+          // Deduplicated logging for route IP blocks
+          connectionLogDeduplicator.log(
+            'ip-rejected',
+            'warn',
+            `IP blocked by route security`,
+            {
+              connectionId,
+              remoteIP,
+              routeName: route.name || 'unnamed',
+              reason: 'route-ip-blocked',
+              component: 'route-handler'
+            },
+            remoteIP
+          );
           socket.end();
           this.smartProxy.connectionManager.cleanupConnection(record, 'route_ip_blocked');
           return;
@@ -577,14 +586,28 @@ export class RouteConnectionHandler {
 
       // Check max connections per route
       if (route.security.maxConnections !== undefined) {
-        // TODO: Implement per-route connection tracking
-        // For now, log that this feature is not yet implemented
-        if (this.smartProxy.settings.enableDetailedLogging) {
-          logger.log('warn', `Route ${route.name} has maxConnections=${route.security.maxConnections} configured but per-route connection limits are not yet implemented`, {
-            connectionId,
-            routeName: route.name,
-            component: 'route-handler'
-          });
+        const routeId = route.id || route.name || 'unnamed';
+        const currentConnections = this.smartProxy.connectionManager.getConnectionCountByRoute(routeId);
+        
+        if (currentConnections >= route.security.maxConnections) {
+          // Deduplicated logging for route connection limits
+          connectionLogDeduplicator.log(
+            'connection-rejected',
+            'warn',
+            `Route connection limit reached`,
+            {
+              connectionId,
+              routeName: route.name,
+              currentConnections,
+              maxConnections: route.security.maxConnections,
+              reason: 'route-limit',
+              component: 'route-handler'
+            },
+            `route-limit-${route.name}`
+          );
+          socket.end();
+          this.smartProxy.connectionManager.cleanupConnection(record, 'route_connection_limit');
+          return;
         }
       }
 
@@ -642,6 +665,10 @@ export class RouteConnectionHandler {
     
     // Store the route config in the connection record for metrics and other uses
     record.routeConfig = route;
+    record.routeId = route.id || route.name || 'unnamed';
+    
+    // Track connection by route
+    this.smartProxy.connectionManager.trackConnectionByRoute(record.routeId, record.id);
 
     // Check if this route uses NFTables for forwarding
     if (action.forwardingEngine === 'nftables') {
@@ -960,6 +987,10 @@ export class RouteConnectionHandler {
     
     // Store the route config in the connection record for metrics and other uses
     record.routeConfig = route;
+    record.routeId = route.id || route.name || 'unnamed';
+    
+    // Track connection by route
+    this.smartProxy.connectionManager.trackConnectionByRoute(record.routeId, record.id);
     
     if (!route.action.socketHandler) {
       logger.log('error', 'socket-handler action missing socketHandler function', {

package/ts/proxies/smart-proxy/security-manager.ts

@@ -1,5 +1,7 @@
 import * as plugins from '../../plugins.js';
 import type { SmartProxy } from './smart-proxy.js';
+import { logger } from '../../core/utils/logger.js';
+import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
 
 /**
  * Handles security aspects like IP tracking, rate limiting, and authorization
@@ -7,8 +9,12 @@ import type { SmartProxy } from './smart-proxy.js';
 export class SecurityManager {
   private connectionsByIP: Map<string, Set<string>> = new Map();
   private connectionRateByIP: Map<string, number[]> = new Map();
+  private cleanupInterval: NodeJS.Timeout | null = null;
 
-  constructor(private smartProxy: SmartProxy) {}
+  constructor(private smartProxy: SmartProxy) {
+    // Start periodic cleanup every 60 seconds
+    this.startPeriodicCleanup();
+  }
   
   /**
    * Get connections count by IP
@@ -164,7 +170,76 @@ export class SecurityManager {
    * Clears all IP tracking data (for shutdown)
    */
   public clearIPTracking(): void {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
     this.connectionsByIP.clear();
     this.connectionRateByIP.clear();
   }
+  
+  /**
+   * Start periodic cleanup of expired data
+   */
+  private startPeriodicCleanup(): void {
+    this.cleanupInterval = setInterval(() => {
+      this.performCleanup();
+    }, 60000); // Run every minute
+    
+    // Unref the timer so it doesn't keep the process alive
+    if (this.cleanupInterval.unref) {
+      this.cleanupInterval.unref();
+    }
+  }
+  
+  /**
+   * Perform cleanup of expired rate limits and empty IP entries
+   */
+  private performCleanup(): void {
+    const now = Date.now();
+    const minute = 60 * 1000;
+    let cleanedRateLimits = 0;
+    let cleanedIPs = 0;
+    
+    // Clean up expired rate limit timestamps
+    for (const [ip, timestamps] of this.connectionRateByIP.entries()) {
+      const validTimestamps = timestamps.filter(time => now - time < minute);
+      
+      if (validTimestamps.length === 0) {
+        // No valid timestamps, remove the IP entry
+        this.connectionRateByIP.delete(ip);
+        cleanedRateLimits++;
+      } else if (validTimestamps.length < timestamps.length) {
+        // Some timestamps expired, update with valid ones
+        this.connectionRateByIP.set(ip, validTimestamps);
+      }
+    }
+    
+    // Clean up IPs with no active connections
+    for (const [ip, connections] of this.connectionsByIP.entries()) {
+      if (connections.size === 0) {
+        this.connectionsByIP.delete(ip);
+        cleanedIPs++;
+      }
+    }
+    
+    // Log cleanup stats if anything was cleaned
+    if (cleanedRateLimits > 0 || cleanedIPs > 0) {
+      if (this.smartProxy.settings.enableDetailedLogging) {
+        connectionLogDeduplicator.log(
+          'ip-cleanup',
+          'debug',
+          'IP tracking cleanup completed',
+          {
+            cleanedRateLimits,
+            cleanedIPs,
+            remainingIPs: this.connectionsByIP.size,
+            remainingRateLimits: this.connectionRateByIP.size,
+            component: 'security-manager'
+          },
+          'periodic-cleanup'
+        );
+      }
+    }
+  }
 }

package/ts/proxies/smart-proxy/smart-proxy.ts

@@ -1,5 +1,6 @@
 import * as plugins from '../../plugins.js';
 import { logger } from '../../core/utils/logger.js';
+import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
 
 // Importing required components
 import { ConnectionManager } from './connection-manager.js';
@@ -515,6 +516,9 @@ export class SmartProxy extends plugins.EventEmitter {
     
     // Stop metrics collector
     this.metricsCollector.stop();
+    
+    // Flush any pending deduplicated logs
+    connectionLogDeduplicator.flushAll();
 
     logger.log('info', 'SmartProxy shutdown complete.');
   }