@push.rocks/smartproxy 19.6.17 → 20.0.0

package/ts/proxies/http-proxy/request-handler.ts

@@ -10,7 +10,7 @@ import { ConnectionPool } from './connection-pool.js';
 import { ContextCreator } from './context-creator.js';
 import { HttpRequestHandler } from './http-request-handler.js';
 import { Http2RequestHandler } from './http2-request-handler.js';
-import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
+import type { IRouteConfig, IRouteTarget } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext, IHttpRouteContext } from '../../core/models/route-context.js';
 import { toBaseContext } from '../../core/models/route-context.js';
 import { TemplateUtils } from '../../core/utils/template-utils.js';
@@ -99,6 +99,80 @@ export class RequestHandler {
     return { ...this.defaultHeaders };
   }
   
+  /**
+   * Select the appropriate target from the targets array based on sub-matching criteria
+   */
+  private selectTarget(
+    targets: IRouteTarget[],
+    context: {
+      port: number;
+      path?: string;
+      headers?: Record<string, string>;
+      method?: string;
+    }
+  ): IRouteTarget | null {
+    // Sort targets by priority (higher first)
+    const sortedTargets = [...targets].sort((a, b) => (b.priority || 0) - (a.priority || 0));
+    
+    // Find the first matching target
+    for (const target of sortedTargets) {
+      if (!target.match) {
+        // No match criteria means this is a default/fallback target
+        return target;
+      }
+      
+      // Check port match
+      if (target.match.ports && !target.match.ports.includes(context.port)) {
+        continue;
+      }
+      
+      // Check path match (supports wildcards)
+      if (target.match.path && context.path) {
+        const pathPattern = target.match.path.replace(/\*/g, '.*');
+        const pathRegex = new RegExp(`^${pathPattern}$`);
+        if (!pathRegex.test(context.path)) {
+          continue;
+        }
+      }
+      
+      // Check method match
+      if (target.match.method && context.method && !target.match.method.includes(context.method)) {
+        continue;
+      }
+      
+      // Check headers match
+      if (target.match.headers && context.headers) {
+        let headersMatch = true;
+        for (const [key, pattern] of Object.entries(target.match.headers)) {
+          const headerValue = context.headers[key.toLowerCase()];
+          if (!headerValue) {
+            headersMatch = false;
+            break;
+          }
+          
+          if (pattern instanceof RegExp) {
+            if (!pattern.test(headerValue)) {
+              headersMatch = false;
+              break;
+            }
+          } else if (headerValue !== pattern) {
+            headersMatch = false;
+            break;
+          }
+        }
+        if (!headersMatch) {
+          continue;
+        }
+      }
+      
+      // All criteria matched
+      return target;
+    }
+    
+    // No matching target found, return the first target without match criteria (default)
+    return sortedTargets.find(t => !t.match) || null;
+  }
+  
   /**
    * Apply CORS headers to response if configured
    * Implements Phase 5.5: Context-aware CORS handling
@@ -480,17 +554,31 @@ export class RequestHandler {
       }
     }
 
-    // If we found a matching route with function-based targets, use it
-    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.target) {
+    // If we found a matching route with forward action, select appropriate target
+    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.targets && matchingRoute.action.targets.length > 0) {
       this.logger.debug(`Found matching route: ${matchingRoute.name || 'unnamed'}`);
 
+      // Select the appropriate target from the targets array
+      const selectedTarget = this.selectTarget(matchingRoute.action.targets, {
+        port: routeContext.port,
+        path: routeContext.path,
+        headers: routeContext.headers,
+        method: routeContext.method
+      });
+
+      if (!selectedTarget) {
+        this.logger.error(`No matching target found for route ${matchingRoute.name}`);
+        req.socket.end();
+        return;
+      }
+
       // Extract target information, resolving functions if needed
       let targetHost: string | string[];
       let targetPort: number;
 
       try {
         // Check function cache for host and resolve or use cached value
-        if (typeof matchingRoute.action.target.host === 'function') {
+        if (typeof selectedTarget.host === 'function') {
           // Generate a function ID for caching (use route name or ID if available)
           const functionId = `host-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -502,7 +590,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached host value for ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedHost = matchingRoute.action.target.host(toBaseContext(routeContext));
+              const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
               targetHost = resolvedHost;
 
               // Cache the result
@@ -511,16 +599,16 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedHost = matchingRoute.action.target.host(routeContext);
+            const resolvedHost = selectedTarget.host(routeContext);
             targetHost = resolvedHost;
             this.logger.debug(`Resolved function-based host to: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           }
         } else {
-          targetHost = matchingRoute.action.target.host;
+          targetHost = selectedTarget.host;
         }
 
         // Check function cache for port and resolve or use cached value
-        if (typeof matchingRoute.action.target.port === 'function') {
+        if (typeof selectedTarget.port === 'function') {
           // Generate a function ID for caching
           const functionId = `port-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -532,7 +620,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached port value for ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedPort = matchingRoute.action.target.port(toBaseContext(routeContext));
+              const resolvedPort = selectedTarget.port(toBaseContext(routeContext));
               targetPort = resolvedPort;
 
               // Cache the result
@@ -541,12 +629,12 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedPort = matchingRoute.action.target.port(routeContext);
+            const resolvedPort = selectedTarget.port(routeContext);
             targetPort = resolvedPort;
             this.logger.debug(`Resolved function-based port to: ${resolvedPort}`);
           }
         } else {
-          targetPort = matchingRoute.action.target.port === 'preserve' ? routeContext.port : matchingRoute.action.target.port as number;
+          targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
         }
 
         // Select a single host if an array was provided
@@ -626,17 +714,32 @@ export class RequestHandler {
       }
     }
 
-    // If we found a matching route with function-based targets, use it
-    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.target) {
+    // If we found a matching route with forward action, select appropriate target
+    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.targets && matchingRoute.action.targets.length > 0) {
       this.logger.debug(`Found matching route for HTTP/2 request: ${matchingRoute.name || 'unnamed'}`);
 
+      // Select the appropriate target from the targets array
+      const selectedTarget = this.selectTarget(matchingRoute.action.targets, {
+        port: routeContext.port,
+        path: routeContext.path,
+        headers: routeContext.headers,
+        method: routeContext.method
+      });
+
+      if (!selectedTarget) {
+        this.logger.error(`No matching target found for route ${matchingRoute.name}`);
+        stream.respond({ ':status': 502 });
+        stream.end();
+        return;
+      }
+
       // Extract target information, resolving functions if needed
       let targetHost: string | string[];
       let targetPort: number;
 
       try {
         // Check function cache for host and resolve or use cached value
-        if (typeof matchingRoute.action.target.host === 'function') {
+        if (typeof selectedTarget.host === 'function') {
           // Generate a function ID for caching (use route name or ID if available)
           const functionId = `host-http2-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -648,7 +751,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached host value for HTTP/2: ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedHost = matchingRoute.action.target.host(toBaseContext(routeContext));
+              const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
               targetHost = resolvedHost;
 
               // Cache the result
@@ -657,16 +760,16 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedHost = matchingRoute.action.target.host(routeContext);
+            const resolvedHost = selectedTarget.host(routeContext);
             targetHost = resolvedHost;
             this.logger.debug(`Resolved HTTP/2 function-based host to: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           }
         } else {
-          targetHost = matchingRoute.action.target.host;
+          targetHost = selectedTarget.host;
         }
 
         // Check function cache for port and resolve or use cached value
-        if (typeof matchingRoute.action.target.port === 'function') {
+        if (typeof selectedTarget.port === 'function') {
           // Generate a function ID for caching
           const functionId = `port-http2-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -678,7 +781,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached port value for HTTP/2: ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedPort = matchingRoute.action.target.port(toBaseContext(routeContext));
+              const resolvedPort = selectedTarget.port(toBaseContext(routeContext));
               targetPort = resolvedPort;
 
               // Cache the result
@@ -687,12 +790,12 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedPort = matchingRoute.action.target.port(routeContext);
+            const resolvedPort = selectedTarget.port(routeContext);
             targetPort = resolvedPort;
             this.logger.debug(`Resolved HTTP/2 function-based port to: ${resolvedPort}`);
           }
         } else {
-          targetPort = matchingRoute.action.target.port === 'preserve' ? routeContext.port : matchingRoute.action.target.port as number;
+          targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
         }
 
         // Select a single host if an array was provided

package/ts/proxies/http-proxy/websocket-handler.ts

@@ -3,7 +3,7 @@ import '../../core/models/socket-augmentation.js';
 import { type IHttpProxyOptions, type IWebSocketWithHeartbeat, type ILogger, createLogger } from './models/types.js';
 import { ConnectionPool } from './connection-pool.js';
 import { HttpRouter } from '../../routing/router/index.js';
-import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
+import type { IRouteConfig, IRouteTarget } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext } from '../../core/models/route-context.js';
 import { toBaseContext } from '../../core/models/route-context.js';
 import { ContextCreator } from './context-creator.js';
@@ -53,6 +53,80 @@ export class WebSocketHandler {
     this.securityManager.setRoutes(routes);
   }
   
+  /**
+   * Select the appropriate target from the targets array based on sub-matching criteria
+   */
+  private selectTarget(
+    targets: IRouteTarget[],
+    context: {
+      port: number;
+      path?: string;
+      headers?: Record<string, string>;
+      method?: string;
+    }
+  ): IRouteTarget | null {
+    // Sort targets by priority (higher first)
+    const sortedTargets = [...targets].sort((a, b) => (b.priority || 0) - (a.priority || 0));
+    
+    // Find the first matching target
+    for (const target of sortedTargets) {
+      if (!target.match) {
+        // No match criteria means this is a default/fallback target
+        return target;
+      }
+      
+      // Check port match
+      if (target.match.ports && !target.match.ports.includes(context.port)) {
+        continue;
+      }
+      
+      // Check path match (supports wildcards)
+      if (target.match.path && context.path) {
+        const pathPattern = target.match.path.replace(/\*/g, '.*');
+        const pathRegex = new RegExp(`^${pathPattern}$`);
+        if (!pathRegex.test(context.path)) {
+          continue;
+        }
+      }
+      
+      // Check method match
+      if (target.match.method && context.method && !target.match.method.includes(context.method)) {
+        continue;
+      }
+      
+      // Check headers match
+      if (target.match.headers && context.headers) {
+        let headersMatch = true;
+        for (const [key, pattern] of Object.entries(target.match.headers)) {
+          const headerValue = context.headers[key.toLowerCase()];
+          if (!headerValue) {
+            headersMatch = false;
+            break;
+          }
+          
+          if (pattern instanceof RegExp) {
+            if (!pattern.test(headerValue)) {
+              headersMatch = false;
+              break;
+            }
+          } else if (headerValue !== pattern) {
+            headersMatch = false;
+            break;
+          }
+        }
+        if (!headersMatch) {
+          continue;
+        }
+      }
+      
+      // All criteria matched
+      return target;
+    }
+    
+    // No matching target found, return the first target without match criteria (default)
+    return sortedTargets.find(t => !t.match) || null;
+  }
+  
   /**
    * Initialize WebSocket server on an existing HTTPS server
    */
@@ -146,9 +220,23 @@ export class WebSocketHandler {
       let destination: { host: string; port: number };
 
       // If we found a route with the modern router, use it
-      if (route && route.action.type === 'forward' && route.action.target) {
+      if (route && route.action.type === 'forward' && route.action.targets && route.action.targets.length > 0) {
         this.logger.debug(`Found matching WebSocket route: ${route.name || 'unnamed'}`);
 
+        // Select the appropriate target from the targets array
+        const selectedTarget = this.selectTarget(route.action.targets, {
+          port: routeContext.port,
+          path: routeContext.path,
+          headers: routeContext.headers,
+          method: routeContext.method
+        });
+
+        if (!selectedTarget) {
+          this.logger.error(`No matching target found for route ${route.name}`);
+          wsIncoming.close(1003, 'No matching target');
+          return;
+        }
+
         // Check if WebSockets are enabled for this route
         if (route.action.websocket?.enabled === false) {
           this.logger.debug(`WebSockets are disabled for route: ${route.name || 'unnamed'}`);
@@ -192,20 +280,20 @@ export class WebSocketHandler {
 
         try {
           // Resolve host if it's a function
-          if (typeof route.action.target.host === 'function') {
-            const resolvedHost = route.action.target.host(toBaseContext(routeContext));
+          if (typeof selectedTarget.host === 'function') {
+            const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
             targetHost = resolvedHost;
             this.logger.debug(`Resolved function-based host for WebSocket: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           } else {
-            targetHost = route.action.target.host;
+            targetHost = selectedTarget.host;
           }
 
           // Resolve port if it's a function
-          if (typeof route.action.target.port === 'function') {
-            targetPort = route.action.target.port(toBaseContext(routeContext));
+          if (typeof selectedTarget.port === 'function') {
+            targetPort = selectedTarget.port(toBaseContext(routeContext));
             this.logger.debug(`Resolved function-based port for WebSocket: ${targetPort}`);
           } else {
-            targetPort = route.action.target.port === 'preserve' ? routeContext.port : route.action.target.port as number;
+            targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
           }
 
           // Select a single host if an array was provided

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -46,11 +46,36 @@ export interface IRouteMatch {
 
 
 /**
- * Target configuration for forwarding
+ * Target-specific match criteria for sub-routing within a route
+ */
+export interface ITargetMatch {
+  ports?: number[];                             // Match specific ports from the route
+  path?: string;                                // Match specific paths (supports wildcards like /api/*)
+  headers?: Record<string, string | RegExp>;    // Match specific HTTP headers
+  method?: string[];                            // Match specific HTTP methods (GET, POST, etc.)
+}
+
+/**
+ * Target configuration for forwarding with sub-matching and overrides
  */
 export interface IRouteTarget {
+  // Optional sub-matching criteria within the route
+  match?: ITargetMatch;
+  
+  // Target destination
   host: string | string[] | ((context: IRouteContext) => string | string[]);  // Host or hosts with optional function for dynamic resolution
   port: number | 'preserve' | ((context: IRouteContext) => number);  // Port with optional function for dynamic mapping (use 'preserve' to keep the incoming port)
+  
+  // Optional target-specific overrides (these override route-level settings)
+  tls?: IRouteTls;                             // Override route-level TLS settings
+  websocket?: IRouteWebSocket;                 // Override route-level WebSocket settings
+  loadBalancing?: IRouteLoadBalancing;         // Override route-level load balancing
+  sendProxyProtocol?: boolean;                 // Override route-level proxy protocol setting
+  headers?: IRouteHeaders;                     // Override route-level headers
+  advanced?: IRouteAdvanced;                   // Override route-level advanced settings
+  
+  // Priority for matching (higher values are checked first, default: 0)
+  priority?: number;
 }
 
 /**
@@ -221,19 +246,20 @@ export interface IRouteAction {
   // Basic routing
   type: TRouteActionType;
 
-  // Target for forwarding
-  target?: IRouteTarget;
+  // Targets for forwarding (array supports multiple targets with sub-matching)
+  // Required for 'forward' action type
+  targets?: IRouteTarget[];
 
-  // TLS handling
+  // TLS handling (default for all targets, can be overridden per target)
   tls?: IRouteTls;
 
-  // WebSocket support
+  // WebSocket support (default for all targets, can be overridden per target)
   websocket?: IRouteWebSocket;
 
-  // Load balancing options
+  // Load balancing options (default for all targets, can be overridden per target)
   loadBalancing?: IRouteLoadBalancing;
 
-  // Advanced options
+  // Advanced options (default for all targets, can be overridden per target)
   advanced?: IRouteAdvanced;
   
   // Additional options for backend-specific settings
@@ -251,7 +277,7 @@ export interface IRouteAction {
   // Socket handler function (when type is 'socket-handler')
   socketHandler?: TSocketHandler;
   
-  // PROXY protocol support
+  // PROXY protocol support (default for all targets, can be overridden per target)
   sendProxyProtocol?: boolean;
 }
 

package/ts/proxies/smart-proxy/nftables-manager.ts

@@ -123,39 +123,43 @@ export class NFTablesManager {
   private createNfTablesOptions(route: IRouteConfig): NfTableProxyOptions {
     const { action } = route;
     
-    // Ensure we have a target
-    if (!action.target) {
-      throw new Error('Route must have a target to use NFTables forwarding');
+    // Ensure we have targets
+    if (!action.targets || action.targets.length === 0) {
+      throw new Error('Route must have targets to use NFTables forwarding');
     }
     
+    // NFTables can only handle a single target, so we use the first target without match criteria
+    // or the first target if all have match criteria
+    const defaultTarget = action.targets.find(t => !t.match) || action.targets[0];
+    
     // Convert port specifications
     const fromPorts = this.expandPortRange(route.match.ports);
     
     // Determine target port
     let toPorts: number | PortRange | Array<number | PortRange>;
     
-    if (action.target.port === 'preserve') {
+    if (defaultTarget.port === 'preserve') {
       // 'preserve' means use the same ports as the source
       toPorts = fromPorts;
-    } else if (typeof action.target.port === 'function') {
+    } else if (typeof defaultTarget.port === 'function') {
       // For function-based ports, we can't determine at setup time
       // Use the "preserve" approach and let NFTables handle it
       toPorts = fromPorts;
     } else {
-      toPorts = action.target.port;
+      toPorts = defaultTarget.port;
     }
     
     // Determine target host
     let toHost: string;
-    if (typeof action.target.host === 'function') {
+    if (typeof defaultTarget.host === 'function') {
       // Can't determine at setup time, use localhost as a placeholder
       // and rely on run-time handling
       toHost = 'localhost';
-    } else if (Array.isArray(action.target.host)) {
+    } else if (Array.isArray(defaultTarget.host)) {
       // Use first host for now - NFTables will do simple round-robin  
-      toHost = action.target.host[0];
+      toHost = defaultTarget.host[0];
     } else {
-      toHost = action.target.host;
+      toHost = defaultTarget.host;
     }
     
     // Create options