@push.rocks/smartproxy 20.0.1 → 21.1.0

package/ts/protocols/proxy/parser.ts

@@ -0,0 +1,183 @@
+/**
+ * PROXY Protocol Parser
+ * Implementation of HAProxy PROXY protocol v1 (text format)
+ * Spec: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
+ */
+
+import type { IProxyInfo, IProxyParseResult, TProxyProtocol } from './types.js';
+
+/**
+ * PROXY protocol parser
+ */
+export class ProxyProtocolParser {
+  static readonly PROXY_V1_SIGNATURE = 'PROXY ';
+  static readonly MAX_HEADER_LENGTH = 107; // Max length for v1 header
+  static readonly HEADER_TERMINATOR = '\r\n';
+  
+  /**
+   * Parse PROXY protocol v1 header from buffer
+   * Returns proxy info and remaining data after header
+   */
+  static parse(data: Buffer): IProxyParseResult {
+    // Check if buffer starts with PROXY signature
+    if (!data.toString('ascii', 0, 6).startsWith(this.PROXY_V1_SIGNATURE)) {
+      return {
+        proxyInfo: null,
+        remainingData: data
+      };
+    }
+    
+    // Find header terminator
+    const headerEndIndex = data.indexOf(this.HEADER_TERMINATOR);
+    if (headerEndIndex === -1) {
+      // Header incomplete, need more data
+      if (data.length > this.MAX_HEADER_LENGTH) {
+        // Header too long, invalid
+        throw new Error('PROXY protocol header exceeds maximum length');
+      }
+      return {
+        proxyInfo: null,
+        remainingData: data
+      };
+    }
+    
+    // Extract header line
+    const headerLine = data.toString('ascii', 0, headerEndIndex);
+    const remainingData = data.slice(headerEndIndex + 2); // Skip \r\n
+    
+    // Parse header
+    const parts = headerLine.split(' ');
+    
+    if (parts.length < 2) {
+      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
+    }
+    
+    const [signature, protocol] = parts;
+    
+    // Validate protocol
+    if (!['TCP4', 'TCP6', 'UNKNOWN'].includes(protocol)) {
+      throw new Error(`Invalid PROXY protocol: ${protocol}`);
+    }
+    
+    // For UNKNOWN protocol, ignore addresses
+    if (protocol === 'UNKNOWN') {
+      return {
+        proxyInfo: {
+          protocol: 'UNKNOWN',
+          sourceIP: '',
+          sourcePort: 0,
+          destinationIP: '',
+          destinationPort: 0
+        },
+        remainingData
+      };
+    }
+    
+    // For TCP4/TCP6, we need all 6 parts
+    if (parts.length !== 6) {
+      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
+    }
+    
+    const [, , srcIP, dstIP, srcPort, dstPort] = parts;
+    
+    // Validate and parse ports
+    const sourcePort = parseInt(srcPort, 10);
+    const destinationPort = parseInt(dstPort, 10);
+    
+    if (isNaN(sourcePort) || sourcePort < 0 || sourcePort > 65535) {
+      throw new Error(`Invalid source port: ${srcPort}`);
+    }
+    
+    if (isNaN(destinationPort) || destinationPort < 0 || destinationPort > 65535) {
+      throw new Error(`Invalid destination port: ${dstPort}`);
+    }
+    
+    // Validate IP addresses
+    const protocolType = protocol as TProxyProtocol;
+    if (!this.isValidIP(srcIP, protocolType)) {
+      throw new Error(`Invalid source IP for ${protocol}: ${srcIP}`);
+    }
+    
+    if (!this.isValidIP(dstIP, protocolType)) {
+      throw new Error(`Invalid destination IP for ${protocol}: ${dstIP}`);
+    }
+    
+    return {
+      proxyInfo: {
+        protocol: protocolType,
+        sourceIP: srcIP,
+        sourcePort,
+        destinationIP: dstIP,
+        destinationPort
+      },
+      remainingData
+    };
+  }
+  
+  /**
+   * Generate PROXY protocol v1 header
+   */
+  static generate(info: IProxyInfo): Buffer {
+    if (info.protocol === 'UNKNOWN') {
+      return Buffer.from(`PROXY UNKNOWN\r\n`, 'ascii');
+    }
+    
+    const header = `PROXY ${info.protocol} ${info.sourceIP} ${info.destinationIP} ${info.sourcePort} ${info.destinationPort}\r\n`;
+    
+    if (header.length > this.MAX_HEADER_LENGTH) {
+      throw new Error('Generated PROXY protocol header exceeds maximum length');
+    }
+    
+    return Buffer.from(header, 'ascii');
+  }
+  
+  /**
+   * Validate IP address format
+   */
+  static isValidIP(ip: string, protocol: TProxyProtocol): boolean {
+    if (protocol === 'TCP4') {
+      return this.isIPv4(ip);
+    } else if (protocol === 'TCP6') {
+      return this.isIPv6(ip);
+    }
+    return false;
+  }
+  
+  /**
+   * Check if string is valid IPv4
+   */
+  static isIPv4(ip: string): boolean {
+    const parts = ip.split('.');
+    if (parts.length !== 4) return false;
+    
+    for (const part of parts) {
+      const num = parseInt(part, 10);
+      if (isNaN(num) || num < 0 || num > 255 || part !== num.toString()) {
+        return false;
+      }
+    }
+    return true;
+  }
+  
+  /**
+   * Check if string is valid IPv6
+   */
+  static isIPv6(ip: string): boolean {
+    // Basic IPv6 validation
+    const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;
+    return ipv6Regex.test(ip);
+  }
+  
+  /**
+   * Create a connection ID string for tracking
+   */
+  static createConnectionId(connectionInfo: {
+    sourceIp?: string;
+    sourcePort?: number;
+    destIp?: string;
+    destPort?: number;
+  }): string {
+    const { sourceIp, sourcePort, destIp, destPort } = connectionInfo;
+    return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
+  }
+}

package/ts/protocols/proxy/types.ts

@@ -0,0 +1,53 @@
+/**
+ * PROXY Protocol Type Definitions
+ * Based on HAProxy PROXY protocol specification
+ */
+
+/**
+ * PROXY protocol version
+ */
+export type TProxyProtocolVersion = 'v1' | 'v2';
+
+/**
+ * Connection protocol type
+ */
+export type TProxyProtocol = 'TCP4' | 'TCP6' | 'UNKNOWN';
+
+/**
+ * Interface representing parsed PROXY protocol information
+ */
+export interface IProxyInfo {
+  protocol: TProxyProtocol;
+  sourceIP: string;
+  sourcePort: number;
+  destinationIP: string;
+  destinationPort: number;
+}
+
+/**
+ * Interface for parse result including remaining data
+ */
+export interface IProxyParseResult {
+  proxyInfo: IProxyInfo | null;
+  remainingData: Buffer;
+}
+
+/**
+ * PROXY protocol v2 header format
+ */
+export interface IProxyV2Header {
+  signature: Buffer;
+  versionCommand: number;
+  family: number;
+  length: number;
+}
+
+/**
+ * Connection information for PROXY protocol
+ */
+export interface IProxyConnectionInfo {
+  sourceIp?: string;
+  sourcePort?: number;
+  destIp?: string;
+  destPort?: number;
+}

package/ts/{tls → protocols/tls}/alerts/tls-alert.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../../plugins.js';
+import * as plugins from '../../../plugins.js';
 import { TlsAlertLevel, TlsAlertDescription, TlsVersion } from '../utils/tls-utils.js';
 
 /**

package/ts/protocols/tls/index.ts

@@ -0,0 +1,37 @@
+/**
+ * TLS Protocol Module
+ * Contains generic TLS protocol knowledge including parsers, constants, and utilities
+ */
+
+// Export all sub-modules
+export * from './alerts/index.js';
+export * from './sni/index.js';
+export * from './utils/index.js';
+
+// Re-export main utilities and types for convenience
+export { 
+  TlsUtils,
+  TlsRecordType,
+  TlsHandshakeType,
+  TlsExtensionType,
+  TlsAlertLevel,
+  TlsAlertDescription,
+  TlsVersion
+} from './utils/tls-utils.js';
+export { TlsAlert } from './alerts/tls-alert.js';
+export { ClientHelloParser } from './sni/client-hello-parser.js';
+export { SniExtraction } from './sni/sni-extraction.js';
+
+// Export tlsVersionToString helper
+export function tlsVersionToString(major: number, minor: number): string | null {
+  if (major === 0x03) {
+    switch (minor) {
+      case 0x00: return 'SSLv3';
+      case 0x01: return 'TLSv1.0';
+      case 0x02: return 'TLSv1.1';
+      case 0x03: return 'TLSv1.2';
+      case 0x04: return 'TLSv1.3';
+    }
+  }
+  return null;
+}

package/ts/protocols/tls/sni/index.ts

@@ -0,0 +1,6 @@
+/**
+ * TLS SNI (Server Name Indication) protocol utilities
+ */
+
+export * from './client-hello-parser.js';
+export * from './sni-extraction.js';

package/ts/{tls → protocols/tls}/utils/tls-utils.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../../plugins.js';
+import * as plugins from '../../../plugins.js';
 
 /**
  * TLS record types as defined in various RFCs

package/ts/protocols/websocket/constants.ts

@@ -0,0 +1,60 @@
+/**
+ * WebSocket Protocol Constants
+ * Based on RFC 6455
+ */
+
+/**
+ * WebSocket opcode types
+ */
+export enum WebSocketOpcode {
+  CONTINUATION = 0x0,
+  TEXT = 0x1,
+  BINARY = 0x2,
+  CLOSE = 0x8,
+  PING = 0x9,
+  PONG = 0xa,
+}
+
+/**
+ * WebSocket close codes
+ */
+export enum WebSocketCloseCode {
+  NORMAL_CLOSURE = 1000,
+  GOING_AWAY = 1001,
+  PROTOCOL_ERROR = 1002,
+  UNSUPPORTED_DATA = 1003,
+  NO_STATUS_RECEIVED = 1005,
+  ABNORMAL_CLOSURE = 1006,
+  INVALID_FRAME_PAYLOAD_DATA = 1007,
+  POLICY_VIOLATION = 1008,
+  MESSAGE_TOO_BIG = 1009,
+  MISSING_EXTENSION = 1010,
+  INTERNAL_ERROR = 1011,
+  SERVICE_RESTART = 1012,
+  TRY_AGAIN_LATER = 1013,
+  BAD_GATEWAY = 1014,
+  TLS_HANDSHAKE = 1015,
+}
+
+/**
+ * WebSocket protocol version
+ */
+export const WEBSOCKET_VERSION = 13;
+
+/**
+ * WebSocket magic string for handshake
+ */
+export const WEBSOCKET_MAGIC_STRING = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11';
+
+/**
+ * WebSocket headers
+ */
+export const WEBSOCKET_HEADERS = {
+  UPGRADE: 'upgrade',
+  CONNECTION: 'connection',
+  SEC_WEBSOCKET_KEY: 'sec-websocket-key',
+  SEC_WEBSOCKET_VERSION: 'sec-websocket-version',
+  SEC_WEBSOCKET_ACCEPT: 'sec-websocket-accept',
+  SEC_WEBSOCKET_PROTOCOL: 'sec-websocket-protocol',
+  SEC_WEBSOCKET_EXTENSIONS: 'sec-websocket-extensions',
+} as const;

package/ts/protocols/websocket/index.ts

@@ -0,0 +1,8 @@
+/**
+ * WebSocket Protocol Module
+ * WebSocket protocol utilities and constants
+ */
+
+export * from './constants.js';
+export * from './types.js';
+export * from './utils.js';

package/ts/protocols/websocket/types.ts

@@ -0,0 +1,53 @@
+/**
+ * WebSocket Protocol Type Definitions
+ */
+
+import type { WebSocketOpcode, WebSocketCloseCode } from './constants.js';
+
+/**
+ * WebSocket frame header
+ */
+export interface IWebSocketFrameHeader {
+  fin: boolean;
+  rsv1: boolean;
+  rsv2: boolean;
+  rsv3: boolean;
+  opcode: WebSocketOpcode;
+  masked: boolean;
+  payloadLength: number;
+  maskingKey?: Buffer;
+}
+
+/**
+ * WebSocket frame
+ */
+export interface IWebSocketFrame {
+  header: IWebSocketFrameHeader;
+  payload: Buffer;
+}
+
+/**
+ * WebSocket close frame payload
+ */
+export interface IWebSocketClosePayload {
+  code: WebSocketCloseCode;
+  reason?: string;
+}
+
+/**
+ * WebSocket handshake request headers
+ */
+export interface IWebSocketHandshakeHeaders {
+  upgrade: string;
+  connection: string;
+  'sec-websocket-key': string;
+  'sec-websocket-version': string;
+  'sec-websocket-protocol'?: string;
+  'sec-websocket-extensions'?: string;
+  [key: string]: string | undefined;
+}
+
+/**
+ * Type for WebSocket raw data (matching ws library)
+ */
+export type RawData = Buffer | ArrayBuffer | Buffer[] | any;

package/ts/protocols/websocket/utils.ts

@@ -0,0 +1,98 @@
+/**
+ * WebSocket Protocol Utilities
+ */
+
+import * as crypto from 'crypto';
+import { WEBSOCKET_MAGIC_STRING } from './constants.js';
+import type { RawData } from './types.js';
+
+/**
+ * Get the length of a WebSocket message regardless of its type
+ * (handles all possible WebSocket message data types)
+ */
+export function getMessageSize(data: RawData): number {
+  if (typeof data === 'string') {
+    // For string data, get the byte length
+    return Buffer.from(data, 'utf8').length;
+  } else if (data instanceof Buffer) {
+    // For Node.js Buffer
+    return data.length;
+  } else if (data instanceof ArrayBuffer) {
+    // For ArrayBuffer
+    return data.byteLength;
+  } else if (Array.isArray(data)) {
+    // For array of buffers, sum their lengths
+    return data.reduce((sum, chunk) => {
+      if (chunk instanceof Buffer) {
+        return sum + chunk.length;
+      } else if (chunk instanceof ArrayBuffer) {
+        return sum + chunk.byteLength;
+      }
+      return sum;
+    }, 0);
+  } else {
+    // For other types, try to determine the size or return 0
+    try {
+      return Buffer.from(data).length;
+    } catch (e) {
+      return 0;
+    }
+  }
+}
+
+/**
+ * Convert any raw WebSocket data to Buffer for consistent handling
+ */
+export function toBuffer(data: RawData): Buffer {
+  if (typeof data === 'string') {
+    return Buffer.from(data, 'utf8');
+  } else if (data instanceof Buffer) {
+    return data;
+  } else if (data instanceof ArrayBuffer) {
+    return Buffer.from(data);
+  } else if (Array.isArray(data)) {
+    // For array of buffers, concatenate them
+    return Buffer.concat(data.map(chunk => {
+      if (chunk instanceof Buffer) {
+        return chunk;
+      } else if (chunk instanceof ArrayBuffer) {
+        return Buffer.from(chunk);
+      }
+      return Buffer.from(chunk);
+    }));
+  } else {
+    // For other types, try to convert to Buffer or return empty Buffer
+    try {
+      return Buffer.from(data);
+    } catch (e) {
+      return Buffer.alloc(0);
+    }
+  }
+}
+
+/**
+ * Generate WebSocket accept key from client key
+ */
+export function generateAcceptKey(clientKey: string): string {
+  const hash = crypto.createHash('sha1');
+  hash.update(clientKey + WEBSOCKET_MAGIC_STRING);
+  return hash.digest('base64');
+}
+
+/**
+ * Validate WebSocket upgrade request
+ */
+export function isWebSocketUpgrade(headers: Record<string, string>): boolean {
+  const upgrade = headers['upgrade'];
+  const connection = headers['connection'];
+  
+  return upgrade?.toLowerCase() === 'websocket' && 
+         connection?.toLowerCase().includes('upgrade');
+}
+
+/**
+ * Generate random WebSocket key for client handshake
+ */
+export function generateWebSocketKey(): string {
+  return crypto.randomBytes(16).toString('base64');
+}

package/ts/proxies/http-proxy/models/http-types.ts

@@ -1,4 +1,6 @@
 import * as plugins from '../../../plugins.js';
+// Import from protocols for consistent status codes
+import { HttpStatus as ProtocolHttpStatus, getStatusText as getProtocolStatusText } from '../../../protocols/http/index.js';
 
 /**
  * HTTP-specific event types
@@ -10,34 +12,33 @@ export enum HttpEvents {
   REQUEST_ERROR = 'request-error',
 }
 
-/**
- * HTTP status codes as an enum for better type safety
- */
-export enum HttpStatus {
-  OK = 200,
-  MOVED_PERMANENTLY = 301,
-  FOUND = 302,
-  TEMPORARY_REDIRECT = 307,
-  PERMANENT_REDIRECT = 308,
-  BAD_REQUEST = 400,
-  UNAUTHORIZED = 401,
-  FORBIDDEN = 403,
-  NOT_FOUND = 404,
-  METHOD_NOT_ALLOWED = 405,
-  REQUEST_TIMEOUT = 408,
-  TOO_MANY_REQUESTS = 429,
-  INTERNAL_SERVER_ERROR = 500,
-  NOT_IMPLEMENTED = 501,
-  BAD_GATEWAY = 502,
-  SERVICE_UNAVAILABLE = 503,
-  GATEWAY_TIMEOUT = 504,
-}
+
+// Re-export for backward compatibility with subset of commonly used codes
+export const HttpStatus = {
+  OK: ProtocolHttpStatus.OK,
+  MOVED_PERMANENTLY: ProtocolHttpStatus.MOVED_PERMANENTLY,
+  FOUND: ProtocolHttpStatus.FOUND,
+  TEMPORARY_REDIRECT: ProtocolHttpStatus.TEMPORARY_REDIRECT,
+  PERMANENT_REDIRECT: ProtocolHttpStatus.PERMANENT_REDIRECT,
+  BAD_REQUEST: ProtocolHttpStatus.BAD_REQUEST,
+  UNAUTHORIZED: ProtocolHttpStatus.UNAUTHORIZED,
+  FORBIDDEN: ProtocolHttpStatus.FORBIDDEN,
+  NOT_FOUND: ProtocolHttpStatus.NOT_FOUND,
+  METHOD_NOT_ALLOWED: ProtocolHttpStatus.METHOD_NOT_ALLOWED,
+  REQUEST_TIMEOUT: ProtocolHttpStatus.REQUEST_TIMEOUT,
+  TOO_MANY_REQUESTS: ProtocolHttpStatus.TOO_MANY_REQUESTS,
+  INTERNAL_SERVER_ERROR: ProtocolHttpStatus.INTERNAL_SERVER_ERROR,
+  NOT_IMPLEMENTED: ProtocolHttpStatus.NOT_IMPLEMENTED,
+  BAD_GATEWAY: ProtocolHttpStatus.BAD_GATEWAY,
+  SERVICE_UNAVAILABLE: ProtocolHttpStatus.SERVICE_UNAVAILABLE,
+  GATEWAY_TIMEOUT: ProtocolHttpStatus.GATEWAY_TIMEOUT,
+} as const;
 
 /**
  * Base error class for HTTP-related errors
  */
 export class HttpError extends Error {
-  constructor(message: string, public readonly statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
+  constructor(message: string, public readonly statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
     super(message);
     this.name = 'HttpError';
   }
@@ -61,7 +62,7 @@ export class CertificateError extends HttpError {
  * Error related to server operations
  */
 export class ServerError extends HttpError {
-  constructor(message: string, public readonly code?: string, statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
+  constructor(message: string, public readonly code?: string, statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
     super(message, statusCode);
     this.name = 'ServerError';
   }
@@ -93,7 +94,7 @@ export class NotFoundError extends HttpError {
 export interface IRedirectConfig {
   source: string;           // Source path or pattern
   destination: string;      // Destination URL  
-  type: HttpStatus;         // Redirect status code
+  type: number;             // Redirect status code
   preserveQuery?: boolean;  // Whether to preserve query parameters
 }
 
@@ -115,30 +116,12 @@ export interface IRouterConfig {
  */
 export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS' | 'CONNECT' | 'TRACE';
 
+
 /**
  * Helper function to get HTTP status text
  */
-export function getStatusText(status: HttpStatus): string {
-  const statusTexts: Record<HttpStatus, string> = {
-    [HttpStatus.OK]: 'OK',
-    [HttpStatus.MOVED_PERMANENTLY]: 'Moved Permanently',
-    [HttpStatus.FOUND]: 'Found',
-    [HttpStatus.TEMPORARY_REDIRECT]: 'Temporary Redirect',
-    [HttpStatus.PERMANENT_REDIRECT]: 'Permanent Redirect',
-    [HttpStatus.BAD_REQUEST]: 'Bad Request',
-    [HttpStatus.UNAUTHORIZED]: 'Unauthorized',
-    [HttpStatus.FORBIDDEN]: 'Forbidden',
-    [HttpStatus.NOT_FOUND]: 'Not Found',
-    [HttpStatus.METHOD_NOT_ALLOWED]: 'Method Not Allowed',
-    [HttpStatus.REQUEST_TIMEOUT]: 'Request Timeout',
-    [HttpStatus.TOO_MANY_REQUESTS]: 'Too Many Requests',
-    [HttpStatus.INTERNAL_SERVER_ERROR]: 'Internal Server Error',
-    [HttpStatus.NOT_IMPLEMENTED]: 'Not Implemented',
-    [HttpStatus.BAD_GATEWAY]: 'Bad Gateway',
-    [HttpStatus.SERVICE_UNAVAILABLE]: 'Service Unavailable',
-    [HttpStatus.GATEWAY_TIMEOUT]: 'Gateway Timeout',
-  };
-  return statusTexts[status] || 'Unknown';
+export function getStatusText(status: number): string {
+  return getProtocolStatusText(status as ProtocolHttpStatus);
 }
 
 // Legacy interfaces for backward compatibility

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -16,7 +16,6 @@ export interface IAcmeOptions {
   routeForwards?: any[];
 }
 import type { IRouteConfig } from './route-types.js';
-import type { TForwardingType } from '../../../forwarding/config/forwarding-types.js';
 
 /**
  * Provision object for static or HTTP-01 certificate
@@ -196,4 +195,11 @@ export interface IConnectionRecord {
   
   // NFTables tracking
   nftablesHandled?: boolean; // Whether this connection is being handled by NFTables at kernel level
+  
+  // HTTP-specific information (extracted from protocol detection)
+  httpInfo?: {
+    method?: string;
+    path?: string;
+    headers?: Record<string, string>;
+  };
 }

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -1,6 +1,5 @@
 import * as plugins from '../../../plugins.js';
 // Certificate types removed - use local definition
-import type { TForwardingType } from '../../../forwarding/config/forwarding-types.js';
 import type { PortRange } from '../../../proxies/nftables-proxy/models/interfaces.js';
 import type { IRouteContext } from '../../../core/models/route-context.js';