@push.rocks/smartproxy 20.0.0 → 21.0.0

package/ts/index.ts

@@ -32,7 +32,6 @@ export * from './core/models/common-types.js';
 export type { IAcmeOptions } from './proxies/smart-proxy/models/interfaces.js';
 
 // Modular exports for new architecture
-export * as forwarding from './forwarding/index.js';
 // Certificate module has been removed - use SmartCertManager instead
 export * as tls from './tls/index.js';
 export * as routing from './routing/index.js';

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -16,7 +16,6 @@ export interface IAcmeOptions {
   routeForwards?: any[];
 }
 import type { IRouteConfig } from './route-types.js';
-import type { TForwardingType } from '../../../forwarding/config/forwarding-types.js';
 
 /**
  * Provision object for static or HTTP-01 certificate

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -1,6 +1,5 @@
 import * as plugins from '../../../plugins.js';
 // Certificate types removed - use local definition
-import type { TForwardingType } from '../../../forwarding/config/forwarding-types.js';
 import type { PortRange } from '../../../proxies/nftables-proxy/models/interfaces.js';
 import type { IRouteContext } from '../../../core/models/route-context.js';
 

package/ts/proxies/smart-proxy/utils/index.ts

@@ -14,23 +14,12 @@ export * from './route-validators.js';
 // Export route utilities for route operations
 export * from './route-utils.js';
 
-// Export route patterns with renamed exports to avoid conflicts
-import {
-  createWebSocketRoute as createWebSocketPatternRoute,
-  createLoadBalancerRoute as createLoadBalancerPatternRoute,
-  createApiGatewayRoute,
-  addRateLimiting,
-  addBasicAuth,
-  addJwtAuth
-} from './route-patterns.js';
-
+// Export additional functions from route-helpers that weren't already exported
 export {
-  createWebSocketPatternRoute,
-  createLoadBalancerPatternRoute,
   createApiGatewayRoute,
   addRateLimiting,
   addBasicAuth,
   addJwtAuth
-};
+} from './route-helpers.js';
 
 // Migration utilities have been removed as they are no longer needed

package/ts/proxies/smart-proxy/utils/route-helpers.ts

@@ -20,6 +20,7 @@
 
 import * as plugins from '../../../plugins.js';
 import type { IRouteConfig, IRouteMatch, IRouteAction, IRouteTarget, TPortRange, IRouteContext } from '../models/route-types.js';
+import { mergeRouteConfigs } from './route-utils.js';
 
 /**
  * Create an HTTP-only route configuration
@@ -211,26 +212,62 @@ export function createCompleteHttpsServer(
 /**
  * Create a load balancer route (round-robin between multiple backend hosts)
  * @param domains Domain(s) to match
- * @param hosts Array of backend hosts to load balance between
- * @param port Backend port
- * @param options Additional route options
+ * @param backendsOrHosts Array of backend servers OR array of host strings (legacy)
+ * @param portOrOptions Port number (legacy) OR options object
+ * @param options Additional route options (legacy)
  * @returns Route configuration object
  */
 export function createLoadBalancerRoute(
   domains: string | string[],
-  hosts: string[],
-  port: number,
-  options: {
+  backendsOrHosts: Array<{ host: string; port: number }> | string[],
+  portOrOptions?: number | {
     tls?: {
       mode: 'passthrough' | 'terminate' | 'terminate-and-reencrypt';
       certificate?: 'auto' | { key: string; cert: string };
     };
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    algorithm?: 'round-robin' | 'least-connections' | 'ip-hash';
+    healthCheck?: {
+      path: string;
+      interval: number;
+      timeout: number;
+      unhealthyThreshold: number;
+      healthyThreshold: number;
+    };
     [key: string]: any;
-  } = {}
+  },
+  options?: {
+    tls?: {
+      mode: 'passthrough' | 'terminate' | 'terminate-and-reencrypt';
+      certificate?: 'auto' | { key: string; cert: string };
+    };
+    [key: string]: any;
+  }
 ): IRouteConfig {
+  // Handle legacy signature: (domains, hosts[], port, options)
+  let backends: Array<{ host: string; port: number }>;
+  let finalOptions: any;
+  
+  if (Array.isArray(backendsOrHosts) && backendsOrHosts.length > 0 && typeof backendsOrHosts[0] === 'string') {
+    // Legacy signature
+    const hosts = backendsOrHosts as string[];
+    const port = portOrOptions as number;
+    backends = hosts.map(host => ({ host, port }));
+    finalOptions = options || {};
+  } else {
+    // New signature
+    backends = backendsOrHosts as Array<{ host: string; port: number }>;
+    finalOptions = (portOrOptions as any) || {};
+  }
+  
+  // Extract hosts and ensure all backends use the same port
+  const port = backends[0].port;
+  const hosts = backends.map(backend => backend.host);
+  
   // Create route match
   const match: IRouteMatch = {
-    ports: options.match?.ports || (options.tls ? 443 : 80),
+    ports: finalOptions.match?.ports || (finalOptions.tls || finalOptions.useTls ? 443 : 80),
     domains
   };
 
@@ -247,10 +284,18 @@ export function createLoadBalancerRoute(
   };
 
   // Add TLS configuration if provided
-  if (options.tls) {
+  if (finalOptions.tls || finalOptions.useTls) {
     action.tls = {
-      mode: options.tls.mode,
-      certificate: options.tls.certificate || 'auto'
+      mode: finalOptions.tls?.mode || 'terminate',
+      certificate: finalOptions.tls?.certificate || finalOptions.certificate || 'auto'
+    };
+  }
+
+  // Add load balancing options
+  if (finalOptions.algorithm || finalOptions.healthCheck) {
+    action.loadBalancing = {
+      algorithm: finalOptions.algorithm || 'round-robin',
+      healthCheck: finalOptions.healthCheck
     };
   }
 
@@ -258,8 +303,8 @@ export function createLoadBalancerRoute(
   return {
     match,
     action,
-    name: options.name || `Load Balancer for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
-    ...options
+    name: finalOptions.name || `Load Balancer for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
+    ...finalOptions
   };
 }
 
@@ -339,16 +384,26 @@ export function createApiRoute(
 /**
  * Create a WebSocket route configuration
  * @param domains Domain(s) to match
- * @param wsPath WebSocket path (e.g., "/ws")
- * @param target Target WebSocket server host and port
- * @param options Additional route options
+ * @param targetOrPath Target server OR WebSocket path (legacy)
+ * @param targetOrOptions Target server (legacy) OR options
+ * @param options Additional route options (legacy)
  * @returns Route configuration object
  */
 export function createWebSocketRoute(
   domains: string | string[],
-  wsPath: string,
-  target: { host: string | string[]; port: number },
-  options: {
+  targetOrPath: { host: string | string[]; port: number } | string,
+  targetOrOptions?: { host: string | string[]; port: number } | {
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    path?: string;
+    httpPort?: number | number[];
+    httpsPort?: number | number[];
+    pingInterval?: number;
+    pingTimeout?: number;
+    name?: string;
+    [key: string]: any;
+  },
+  options?: {
     useTls?: boolean;
     certificate?: 'auto' | { key: string; cert: string };
     httpPort?: number | number[];
@@ -357,16 +412,33 @@ export function createWebSocketRoute(
     pingTimeout?: number;
     name?: string;
     [key: string]: any;
-  } = {}
+  }
 ): IRouteConfig {
+  // Handle different signatures
+  let target: { host: string | string[]; port: number };
+  let wsPath: string;
+  let finalOptions: any;
+  
+  if (typeof targetOrPath === 'string') {
+    // Legacy signature: (domains, path, target, options)
+    wsPath = targetOrPath;
+    target = targetOrOptions as { host: string | string[]; port: number };
+    finalOptions = options || {};
+  } else {
+    // New signature: (domains, target, options)
+    target = targetOrPath;
+    finalOptions = (targetOrOptions as any) || {};
+    wsPath = finalOptions.path || '/ws';
+  }
+  
   // Normalize WebSocket path
   const normalizedPath = wsPath.startsWith('/') ? wsPath : `/${wsPath}`;
 
   // Create route match
   const match: IRouteMatch = {
-    ports: options.useTls
-      ? (options.httpsPort || 443)
-      : (options.httpPort || 80),
+    ports: finalOptions.useTls
+      ? (finalOptions.httpsPort || 443)
+      : (finalOptions.httpPort || 80),
     domains,
     path: normalizedPath
   };
@@ -377,16 +449,16 @@ export function createWebSocketRoute(
     targets: [target],
     websocket: {
       enabled: true,
-      pingInterval: options.pingInterval || 30000, // 30 seconds
-      pingTimeout: options.pingTimeout || 5000    // 5 seconds
+      pingInterval: finalOptions.pingInterval || 30000, // 30 seconds
+      pingTimeout: finalOptions.pingTimeout || 5000    // 5 seconds
     }
   };
 
   // Add TLS configuration if using HTTPS
-  if (options.useTls) {
+  if (finalOptions.useTls) {
     action.tls = {
       mode: 'terminate',
-      certificate: options.certificate || 'auto'
+      certificate: finalOptions.certificate || 'auto'
     };
   }
 
@@ -394,9 +466,9 @@ export function createWebSocketRoute(
   return {
     match,
     action,
-    name: options.name || `WebSocket Route ${normalizedPath} for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
-    priority: options.priority || 100, // Higher priority for WebSocket routes
-    ...options
+    name: finalOptions.name || `WebSocket Route ${normalizedPath} for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
+    priority: finalOptions.priority || 100, // Higher priority for WebSocket routes
+    ...finalOptions
   };
 }
 
@@ -1030,3 +1102,152 @@ export const SocketHandlers = {
     });
   }
 };
+
+/**
+ * Create an API Gateway route pattern
+ * @param domains Domain(s) to match
+ * @param apiBasePath Base path for API endpoints (e.g., '/api')
+ * @param target Target host and port
+ * @param options Additional route options
+ * @returns API route configuration
+ */
+export function createApiGatewayRoute(
+  domains: string | string[],
+  apiBasePath: string,
+  target: { host: string | string[]; port: number },
+  options: {
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    addCorsHeaders?: boolean;
+    [key: string]: any;
+  } = {}
+): IRouteConfig {
+  // Normalize apiBasePath to ensure it starts with / and doesn't end with /
+  const normalizedPath = apiBasePath.startsWith('/') 
+    ? apiBasePath 
+    : `/${apiBasePath}`;
+  
+  // Add wildcard to path to match all API endpoints
+  const apiPath = normalizedPath.endsWith('/') 
+    ? `${normalizedPath}*` 
+    : `${normalizedPath}/*`;
+  
+  // Create base route
+  const baseRoute = options.useTls
+    ? createHttpsTerminateRoute(domains, target, {
+        certificate: options.certificate || 'auto'
+      })
+    : createHttpRoute(domains, target);
+  
+  // Add API-specific configurations
+  const apiRoute: Partial<IRouteConfig> = {
+    match: {
+      ...baseRoute.match,
+      path: apiPath
+    },
+    name: options.name || `API Gateway: ${apiPath} -> ${Array.isArray(target.host) ? target.host.join(', ') : target.host}:${target.port}`,
+    priority: options.priority || 100 // Higher priority for specific path matching
+  };
+  
+  // Add CORS headers if requested
+  if (options.addCorsHeaders) {
+    apiRoute.headers = {
+      response: {
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
+        'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+        'Access-Control-Max-Age': '86400'
+      }
+    };
+  }
+  
+  return mergeRouteConfigs(baseRoute, apiRoute);
+}
+
+/**
+ * Create a rate limiting route pattern
+ * @param baseRoute Base route to add rate limiting to
+ * @param rateLimit Rate limiting configuration
+ * @returns Route with rate limiting
+ */
+export function addRateLimiting(
+  baseRoute: IRouteConfig,
+  rateLimit: {
+    maxRequests: number;
+    window: number; // Time window in seconds
+    keyBy?: 'ip' | 'path' | 'header';
+    headerName?: string; // Required if keyBy is 'header'
+    errorMessage?: string;
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      rateLimit: {
+        enabled: true,
+        maxRequests: rateLimit.maxRequests,
+        window: rateLimit.window,
+        keyBy: rateLimit.keyBy || 'ip',
+        headerName: rateLimit.headerName,
+        errorMessage: rateLimit.errorMessage || 'Rate limit exceeded. Please try again later.'
+      }
+    }
+  });
+}
+
+/**
+ * Create a basic authentication route pattern
+ * @param baseRoute Base route to add authentication to
+ * @param auth Authentication configuration
+ * @returns Route with basic authentication
+ */
+export function addBasicAuth(
+  baseRoute: IRouteConfig,
+  auth: {
+    users: Array<{ username: string; password: string }>;
+    realm?: string;
+    excludePaths?: string[];
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      basicAuth: {
+        enabled: true,
+        users: auth.users,
+        realm: auth.realm || 'Restricted Area',
+        excludePaths: auth.excludePaths || []
+      }
+    }
+  });
+}
+
+/**
+ * Create a JWT authentication route pattern
+ * @param baseRoute Base route to add JWT authentication to
+ * @param jwt JWT authentication configuration
+ * @returns Route with JWT authentication
+ */
+export function addJwtAuth(
+  baseRoute: IRouteConfig,
+  jwt: {
+    secret: string;
+    algorithm?: string;
+    issuer?: string;
+    audience?: string;
+    expiresIn?: number; // Time in seconds
+    excludePaths?: string[];
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      jwtAuth: {
+        enabled: true,
+        secret: jwt.secret,
+        algorithm: jwt.algorithm || 'HS256',
+        issuer: jwt.issuer,
+        audience: jwt.audience,
+        expiresIn: jwt.expiresIn,
+        excludePaths: jwt.excludePaths || []
+      }
+    }
+  });
+}

package/ts/forwarding/config/forwarding-types.ts

@@ -1,76 +0,0 @@
-import type * as plugins from '../../plugins.js';
-
-/**
- * The primary forwarding types supported by SmartProxy
- * Used for configuration compatibility
- */
-export type TForwardingType =
-  | 'http-only'                // HTTP forwarding only (no HTTPS)
-  | 'https-passthrough'        // Pass-through TLS traffic (SNI forwarding)
-  | 'https-terminate-to-http'  // Terminate TLS and forward to HTTP backend
-  | 'https-terminate-to-https'; // Terminate TLS and forward to HTTPS backend
-
-/**
- * Event types emitted by forwarding handlers
- */
-export enum ForwardingHandlerEvents {
-  CONNECTED = 'connected',
-  DISCONNECTED = 'disconnected',
-  ERROR = 'error',
-  DATA_FORWARDED = 'data-forwarded',
-  HTTP_REQUEST = 'http-request',
-  HTTP_RESPONSE = 'http-response',
-  CERTIFICATE_NEEDED = 'certificate-needed',
-  CERTIFICATE_LOADED = 'certificate-loaded'
-}
-
-/**
- * Base interface for forwarding handlers
- */
-export interface IForwardingHandler extends plugins.EventEmitter {
-  initialize(): Promise<void>;
-  handleConnection(socket: plugins.net.Socket): void;
-  handleHttpRequest(req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse): void;
-}
-
-// Route-based helpers are now available directly from route-patterns.ts
-import {
-  createHttpRoute,
-  createHttpsTerminateRoute,
-  createHttpsPassthroughRoute,
-  createHttpToHttpsRedirect,
-  createCompleteHttpsServer,
-  createLoadBalancerRoute
-} from '../../proxies/smart-proxy/utils/route-patterns.js';
-
-export {
-  createHttpRoute,
-  createHttpsTerminateRoute,
-  createHttpsPassthroughRoute,
-  createHttpToHttpsRedirect,
-  createCompleteHttpsServer,
-  createLoadBalancerRoute
-};
-
-// Note: Legacy helper functions have been removed
-// Please use the route-based helpers instead:
-// - createHttpRoute
-// - createHttpsTerminateRoute
-// - createHttpsPassthroughRoute
-// - createHttpToHttpsRedirect
-import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
-
-// For backward compatibility, kept only the basic configuration interface
-export interface IForwardConfig {
-  type: TForwardingType;
-  target: {
-    host: string | string[];
-    port: number | 'preserve' | ((ctx: any) => number);
-  };
-  http?: any;
-  https?: any;
-  acme?: any;
-  security?: any;
-  advanced?: any;
-  [key: string]: any;
-}

package/ts/forwarding/config/index.ts

@@ -1,26 +0,0 @@
-/**
- * Forwarding configuration exports
- *
- * Note: The legacy domain-based configuration has been replaced by route-based configuration.
- * See /ts/proxies/smart-proxy/models/route-types.ts for the new route-based configuration.
- */
-
-export type { 
-  TForwardingType,
-  IForwardConfig,
-  IForwardingHandler
-} from './forwarding-types.js';
-
-export { 
-  ForwardingHandlerEvents
-} from './forwarding-types.js';
-
-// Import route helpers from route-patterns instead of deleted route-helpers
-export {
-  createHttpRoute,
-  createHttpsTerminateRoute,
-  createHttpsPassthroughRoute,
-  createHttpToHttpsRedirect,
-  createCompleteHttpsServer,
-  createLoadBalancerRoute
-} from '../../proxies/smart-proxy/utils/route-patterns.js';