@push.rocks/smartproxy 20.0.1 → 21.1.0

package/ts/proxies/smart-proxy/utils/route-helpers.ts

@@ -20,6 +20,8 @@
 
 import * as plugins from '../../../plugins.js';
 import type { IRouteConfig, IRouteMatch, IRouteAction, IRouteTarget, TPortRange, IRouteContext } from '../models/route-types.js';
+import { mergeRouteConfigs } from './route-utils.js';
+import { ProtocolDetector, HttpDetector } from '../../../detection/index.js';
 
 /**
  * Create an HTTP-only route configuration
@@ -211,26 +213,62 @@ export function createCompleteHttpsServer(
 /**
  * Create a load balancer route (round-robin between multiple backend hosts)
  * @param domains Domain(s) to match
- * @param hosts Array of backend hosts to load balance between
- * @param port Backend port
- * @param options Additional route options
+ * @param backendsOrHosts Array of backend servers OR array of host strings (legacy)
+ * @param portOrOptions Port number (legacy) OR options object
+ * @param options Additional route options (legacy)
  * @returns Route configuration object
  */
 export function createLoadBalancerRoute(
   domains: string | string[],
-  hosts: string[],
-  port: number,
-  options: {
+  backendsOrHosts: Array<{ host: string; port: number }> | string[],
+  portOrOptions?: number | {
     tls?: {
       mode: 'passthrough' | 'terminate' | 'terminate-and-reencrypt';
       certificate?: 'auto' | { key: string; cert: string };
     };
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    algorithm?: 'round-robin' | 'least-connections' | 'ip-hash';
+    healthCheck?: {
+      path: string;
+      interval: number;
+      timeout: number;
+      unhealthyThreshold: number;
+      healthyThreshold: number;
+    };
     [key: string]: any;
-  } = {}
+  },
+  options?: {
+    tls?: {
+      mode: 'passthrough' | 'terminate' | 'terminate-and-reencrypt';
+      certificate?: 'auto' | { key: string; cert: string };
+    };
+    [key: string]: any;
+  }
 ): IRouteConfig {
+  // Handle legacy signature: (domains, hosts[], port, options)
+  let backends: Array<{ host: string; port: number }>;
+  let finalOptions: any;
+  
+  if (Array.isArray(backendsOrHosts) && backendsOrHosts.length > 0 && typeof backendsOrHosts[0] === 'string') {
+    // Legacy signature
+    const hosts = backendsOrHosts as string[];
+    const port = portOrOptions as number;
+    backends = hosts.map(host => ({ host, port }));
+    finalOptions = options || {};
+  } else {
+    // New signature
+    backends = backendsOrHosts as Array<{ host: string; port: number }>;
+    finalOptions = (portOrOptions as any) || {};
+  }
+  
+  // Extract hosts and ensure all backends use the same port
+  const port = backends[0].port;
+  const hosts = backends.map(backend => backend.host);
+  
   // Create route match
   const match: IRouteMatch = {
-    ports: options.match?.ports || (options.tls ? 443 : 80),
+    ports: finalOptions.match?.ports || (finalOptions.tls || finalOptions.useTls ? 443 : 80),
     domains
   };
 
@@ -247,10 +285,18 @@ export function createLoadBalancerRoute(
   };
 
   // Add TLS configuration if provided
-  if (options.tls) {
+  if (finalOptions.tls || finalOptions.useTls) {
     action.tls = {
-      mode: options.tls.mode,
-      certificate: options.tls.certificate || 'auto'
+      mode: finalOptions.tls?.mode || 'terminate',
+      certificate: finalOptions.tls?.certificate || finalOptions.certificate || 'auto'
+    };
+  }
+
+  // Add load balancing options
+  if (finalOptions.algorithm || finalOptions.healthCheck) {
+    action.loadBalancing = {
+      algorithm: finalOptions.algorithm || 'round-robin',
+      healthCheck: finalOptions.healthCheck
     };
   }
 
@@ -258,8 +304,8 @@ export function createLoadBalancerRoute(
   return {
     match,
     action,
-    name: options.name || `Load Balancer for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
-    ...options
+    name: finalOptions.name || `Load Balancer for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
+    ...finalOptions
   };
 }
 
@@ -339,34 +385,61 @@ export function createApiRoute(
 /**
  * Create a WebSocket route configuration
  * @param domains Domain(s) to match
- * @param wsPath WebSocket path (e.g., "/ws")
- * @param target Target WebSocket server host and port
- * @param options Additional route options
+ * @param targetOrPath Target server OR WebSocket path (legacy)
+ * @param targetOrOptions Target server (legacy) OR options
+ * @param options Additional route options (legacy)
  * @returns Route configuration object
  */
 export function createWebSocketRoute(
   domains: string | string[],
-  wsPath: string,
-  target: { host: string | string[]; port: number },
-  options: {
+  targetOrPath: { host: string | string[]; port: number } | string,
+  targetOrOptions?: { host: string | string[]; port: number } | {
     useTls?: boolean;
     certificate?: 'auto' | { key: string; cert: string };
+    path?: string;
     httpPort?: number | number[];
     httpsPort?: number | number[];
     pingInterval?: number;
     pingTimeout?: number;
     name?: string;
     [key: string]: any;
-  } = {}
+  },
+  options?: {
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    httpPort?: number | number[];
+    httpsPort?: number | number[];
+    pingInterval?: number;
+    pingTimeout?: number;
+    name?: string;
+    [key: string]: any;
+  }
 ): IRouteConfig {
+  // Handle different signatures
+  let target: { host: string | string[]; port: number };
+  let wsPath: string;
+  let finalOptions: any;
+  
+  if (typeof targetOrPath === 'string') {
+    // Legacy signature: (domains, path, target, options)
+    wsPath = targetOrPath;
+    target = targetOrOptions as { host: string | string[]; port: number };
+    finalOptions = options || {};
+  } else {
+    // New signature: (domains, target, options)
+    target = targetOrPath;
+    finalOptions = (targetOrOptions as any) || {};
+    wsPath = finalOptions.path || '/ws';
+  }
+  
   // Normalize WebSocket path
   const normalizedPath = wsPath.startsWith('/') ? wsPath : `/${wsPath}`;
 
   // Create route match
   const match: IRouteMatch = {
-    ports: options.useTls
-      ? (options.httpsPort || 443)
-      : (options.httpPort || 80),
+    ports: finalOptions.useTls
+      ? (finalOptions.httpsPort || 443)
+      : (finalOptions.httpPort || 80),
     domains,
     path: normalizedPath
   };
@@ -377,16 +450,16 @@ export function createWebSocketRoute(
     targets: [target],
     websocket: {
       enabled: true,
-      pingInterval: options.pingInterval || 30000, // 30 seconds
-      pingTimeout: options.pingTimeout || 5000    // 5 seconds
+      pingInterval: finalOptions.pingInterval || 30000, // 30 seconds
+      pingTimeout: finalOptions.pingTimeout || 5000    // 5 seconds
     }
   };
 
   // Add TLS configuration if using HTTPS
-  if (options.useTls) {
+  if (finalOptions.useTls) {
     action.tls = {
       mode: 'terminate',
-      certificate: options.certificate || 'auto'
+      certificate: finalOptions.certificate || 'auto'
     };
   }
 
@@ -394,9 +467,9 @@ export function createWebSocketRoute(
   return {
     match,
     action,
-    name: options.name || `WebSocket Route ${normalizedPath} for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
-    priority: options.priority || 100, // Higher priority for WebSocket routes
-    ...options
+    name: finalOptions.name || `WebSocket Route ${normalizedPath} for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
+    priority: finalOptions.priority || 100, // Higher priority for WebSocket routes
+    ...finalOptions
   };
 }
 
@@ -884,83 +957,91 @@ export const SocketHandlers = {
   
   /**
    * HTTP redirect handler
+   * Now uses the centralized detection module for HTTP parsing
    */
   httpRedirect: (locationTemplate: string, statusCode: number = 301) => (socket: plugins.net.Socket, context: IRouteContext) => {
-    let buffer = '';
+    const connectionId = ProtocolDetector.createConnectionId({
+      socketId: context.connectionId || `${Date.now()}-${Math.random()}`
+    });
     
-    socket.once('data', (data) => {
-      buffer += data.toString();
-      
-      const lines = buffer.split('\r\n');
-      const requestLine = lines[0];
-      const [method, path] = requestLine.split(' ');
-      
-      const domain = context.domain || 'localhost';
-      const port = context.port;
+    socket.once('data', async (data) => {
+      // Use detection module for parsing
+      const detectionResult = await ProtocolDetector.detectWithConnectionTracking(
+        data,
+        connectionId,
+        { extractFullHeaders: false } // We only need method and path
+      );
       
-      let finalLocation = locationTemplate
-        .replace('{domain}', domain)
-        .replace('{port}', String(port))
-        .replace('{path}', path)
-        .replace('{clientIp}', context.clientIp);
-      
-      const message = `Redirecting to ${finalLocation}`;
-      const response = [
-        `HTTP/1.1 ${statusCode} ${statusCode === 301 ? 'Moved Permanently' : 'Found'}`,
-        `Location: ${finalLocation}`,
-        'Content-Type: text/plain',
-        `Content-Length: ${message.length}`,
-        'Connection: close',
-        '',
-        message
-      ].join('\r\n');
+      if (detectionResult.protocol === 'http' && detectionResult.connectionInfo.path) {
+        const method = detectionResult.connectionInfo.method || 'GET';
+        const path = detectionResult.connectionInfo.path || '/';
+        
+        const domain = context.domain || 'localhost';
+        const port = context.port;
+        
+        let finalLocation = locationTemplate
+          .replace('{domain}', domain)
+          .replace('{port}', String(port))
+          .replace('{path}', path)
+          .replace('{clientIp}', context.clientIp);
+        
+        const message = `Redirecting to ${finalLocation}`;
+        const response = [
+          `HTTP/1.1 ${statusCode} ${statusCode === 301 ? 'Moved Permanently' : 'Found'}`,
+          `Location: ${finalLocation}`,
+          'Content-Type: text/plain',
+          `Content-Length: ${message.length}`,
+          'Connection: close',
+          '',
+          message
+        ].join('\r\n');
+        
+        socket.write(response);
+      } else {
+        // Not a valid HTTP request, close connection
+        socket.write('HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n');
+      }
       
-      socket.write(response);
       socket.end();
+      // Clean up detection state
+      ProtocolDetector.cleanupConnections();
     });
   },
   
   /**
    * HTTP server handler for ACME challenges and other HTTP needs
+   * Now uses the centralized detection module for HTTP parsing
    */
   httpServer: (handler: (req: { method: string; url: string; headers: Record<string, string>; body?: string }, res: { status: (code: number) => void; header: (name: string, value: string) => void; send: (data: string) => void; end: () => void }) => void) => (socket: plugins.net.Socket, context: IRouteContext) => {
-    let buffer = '';
     let requestParsed = false;
+    const connectionId = ProtocolDetector.createConnectionId({
+      socketId: context.connectionId || `${Date.now()}-${Math.random()}`
+    });
     
-    socket.on('data', (data) => {
+    const processData = async (data: Buffer) => {
       if (requestParsed) return; // Only handle the first request
       
-      buffer += data.toString();
+      // Use HttpDetector for parsing
+      const detectionResult = await ProtocolDetector.detectWithConnectionTracking(
+        data,
+        connectionId,
+        { extractFullHeaders: true }
+      );
       
-      // Check if we have a complete HTTP request
-      const headerEndIndex = buffer.indexOf('\r\n\r\n');
-      if (headerEndIndex === -1) return; // Need more data
+      if (detectionResult.protocol !== 'http' || !detectionResult.isComplete) {
+        // Not a complete HTTP request yet
+        return;
+      }
       
       requestParsed = true;
+      const connInfo = detectionResult.connectionInfo;
       
-      // Parse the HTTP request
-      const headerPart = buffer.substring(0, headerEndIndex);
-      const bodyPart = buffer.substring(headerEndIndex + 4);
-      
-      const lines = headerPart.split('\r\n');
-      const [method, url] = lines[0].split(' ');
-      
-      const headers: Record<string, string> = {};
-      for (let i = 1; i < lines.length; i++) {
-        const colonIndex = lines[i].indexOf(':');
-        if (colonIndex > 0) {
-          const name = lines[i].substring(0, colonIndex).trim().toLowerCase();
-          const value = lines[i].substring(colonIndex + 1).trim();
-          headers[name] = value;
-        }
-      }
-      
-      // Create request object
+      // Create request object from detection result
       const req = {
-        method: method || 'GET',
-        url: url || '/',
-        headers,
-        body: bodyPart
+        method: connInfo.method || 'GET',
+        url: connInfo.path || '/',
+        headers: connInfo.headers || {},
+        body: detectionResult.remainingBuffer?.toString() || ''
       };
       
       // Create response object
@@ -1021,12 +1102,168 @@ export const SocketHandlers = {
           res.send('Internal Server Error');
         }
       }
-    });
+    };
+    
+    socket.on('data', processData);
     
     socket.on('error', () => {
       if (!requestParsed) {
         socket.end();
       }
     });
+    
+    socket.on('close', () => {
+      // Clean up detection state
+      ProtocolDetector.cleanupConnections();
+    });
   }
 };
+
+/**
+ * Create an API Gateway route pattern
+ * @param domains Domain(s) to match
+ * @param apiBasePath Base path for API endpoints (e.g., '/api')
+ * @param target Target host and port
+ * @param options Additional route options
+ * @returns API route configuration
+ */
+export function createApiGatewayRoute(
+  domains: string | string[],
+  apiBasePath: string,
+  target: { host: string | string[]; port: number },
+  options: {
+    useTls?: boolean;
+    certificate?: 'auto' | { key: string; cert: string };
+    addCorsHeaders?: boolean;
+    [key: string]: any;
+  } = {}
+): IRouteConfig {
+  // Normalize apiBasePath to ensure it starts with / and doesn't end with /
+  const normalizedPath = apiBasePath.startsWith('/') 
+    ? apiBasePath 
+    : `/${apiBasePath}`;
+  
+  // Add wildcard to path to match all API endpoints
+  const apiPath = normalizedPath.endsWith('/') 
+    ? `${normalizedPath}*` 
+    : `${normalizedPath}/*`;
+  
+  // Create base route
+  const baseRoute = options.useTls
+    ? createHttpsTerminateRoute(domains, target, {
+        certificate: options.certificate || 'auto'
+      })
+    : createHttpRoute(domains, target);
+  
+  // Add API-specific configurations
+  const apiRoute: Partial<IRouteConfig> = {
+    match: {
+      ...baseRoute.match,
+      path: apiPath
+    },
+    name: options.name || `API Gateway: ${apiPath} -> ${Array.isArray(target.host) ? target.host.join(', ') : target.host}:${target.port}`,
+    priority: options.priority || 100 // Higher priority for specific path matching
+  };
+  
+  // Add CORS headers if requested
+  if (options.addCorsHeaders) {
+    apiRoute.headers = {
+      response: {
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
+        'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+        'Access-Control-Max-Age': '86400'
+      }
+    };
+  }
+  
+  return mergeRouteConfigs(baseRoute, apiRoute);
+}
+
+/**
+ * Create a rate limiting route pattern
+ * @param baseRoute Base route to add rate limiting to
+ * @param rateLimit Rate limiting configuration
+ * @returns Route with rate limiting
+ */
+export function addRateLimiting(
+  baseRoute: IRouteConfig,
+  rateLimit: {
+    maxRequests: number;
+    window: number; // Time window in seconds
+    keyBy?: 'ip' | 'path' | 'header';
+    headerName?: string; // Required if keyBy is 'header'
+    errorMessage?: string;
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      rateLimit: {
+        enabled: true,
+        maxRequests: rateLimit.maxRequests,
+        window: rateLimit.window,
+        keyBy: rateLimit.keyBy || 'ip',
+        headerName: rateLimit.headerName,
+        errorMessage: rateLimit.errorMessage || 'Rate limit exceeded. Please try again later.'
+      }
+    }
+  });
+}
+
+/**
+ * Create a basic authentication route pattern
+ * @param baseRoute Base route to add authentication to
+ * @param auth Authentication configuration
+ * @returns Route with basic authentication
+ */
+export function addBasicAuth(
+  baseRoute: IRouteConfig,
+  auth: {
+    users: Array<{ username: string; password: string }>;
+    realm?: string;
+    excludePaths?: string[];
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      basicAuth: {
+        enabled: true,
+        users: auth.users,
+        realm: auth.realm || 'Restricted Area',
+        excludePaths: auth.excludePaths || []
+      }
+    }
+  });
+}
+
+/**
+ * Create a JWT authentication route pattern
+ * @param baseRoute Base route to add JWT authentication to
+ * @param jwt JWT authentication configuration
+ * @returns Route with JWT authentication
+ */
+export function addJwtAuth(
+  baseRoute: IRouteConfig,
+  jwt: {
+    secret: string;
+    algorithm?: string;
+    issuer?: string;
+    audience?: string;
+    expiresIn?: number; // Time in seconds
+    excludePaths?: string[];
+  }
+): IRouteConfig {
+  return mergeRouteConfigs(baseRoute, {
+    security: {
+      jwtAuth: {
+        enabled: true,
+        secret: jwt.secret,
+        algorithm: jwt.algorithm || 'HS256',
+        issuer: jwt.issuer,
+        audience: jwt.audience,
+        expiresIn: jwt.expiresIn,
+        excludePaths: jwt.excludePaths || []
+      }
+    }
+  });
+}

package/ts/tls/index.ts

@@ -1,22 +1,18 @@
 /**
- * TLS module providing SNI extraction, TLS alerts, and other TLS-related utilities
+ * TLS module for smartproxy
+ * Re-exports protocol components and provides smartproxy-specific functionality
  */
 
-// Export TLS alert functionality
-export * from './alerts/tls-alert.js';
+// Re-export all protocol components from protocols/tls
+export * from '../protocols/tls/index.js';
 
-// Export SNI handling
+// Export smartproxy-specific SNI handler
 export * from './sni/sni-handler.js';
-export * from './sni/sni-extraction.js';
-export * from './sni/client-hello-parser.js';
-
-// Export TLS utilities
-export * from './utils/tls-utils.js';
 
 // Create a namespace for SNI utilities
 import { SniHandler } from './sni/sni-handler.js';
-import { SniExtraction } from './sni/sni-extraction.js';
-import { ClientHelloParser } from './sni/client-hello-parser.js';
+import { SniExtraction } from '../protocols/tls/sni/sni-extraction.js';
+import { ClientHelloParser } from '../protocols/tls/sni/client-hello-parser.js';
 
 // Export utility objects for convenience
 export const SNI = {
@@ -30,4 +26,4 @@ export const SNI = {
   // Convenience functions
   extractSNI: SniHandler.extractSNI,
   processTlsPacket: SniHandler.processTlsPacket,
-};
+};

package/ts/tls/sni/sni-handler.ts

@@ -4,15 +4,15 @@ import {
   TlsHandshakeType,
   TlsExtensionType,
   TlsUtils
-} from '../utils/tls-utils.js';
+} from '../../protocols/tls/utils/tls-utils.js';
 import {
   ClientHelloParser,
   type LoggerFunction
-} from './client-hello-parser.js';
+} from '../../protocols/tls/sni/client-hello-parser.js';
 import {
   SniExtraction,
   type ConnectionInfo
-} from './sni-extraction.js';
+} from '../../protocols/tls/sni/sni-extraction.js';
 
 /**
  * SNI (Server Name Indication) handler for TLS connections.

package/ts/forwarding/config/forwarding-types.ts

@@ -1,76 +0,0 @@
-import type * as plugins from '../../plugins.js';
-
-/**
- * The primary forwarding types supported by SmartProxy
- * Used for configuration compatibility
- */
-export type TForwardingType =
-  | 'http-only'                // HTTP forwarding only (no HTTPS)
-  | 'https-passthrough'        // Pass-through TLS traffic (SNI forwarding)
-  | 'https-terminate-to-http'  // Terminate TLS and forward to HTTP backend
-  | 'https-terminate-to-https'; // Terminate TLS and forward to HTTPS backend
-
-/**
- * Event types emitted by forwarding handlers
- */
-export enum ForwardingHandlerEvents {
-  CONNECTED = 'connected',
-  DISCONNECTED = 'disconnected',
-  ERROR = 'error',
-  DATA_FORWARDED = 'data-forwarded',
-  HTTP_REQUEST = 'http-request',
-  HTTP_RESPONSE = 'http-response',
-  CERTIFICATE_NEEDED = 'certificate-needed',
-  CERTIFICATE_LOADED = 'certificate-loaded'
-}
-
-/**
- * Base interface for forwarding handlers
- */
-export interface IForwardingHandler extends plugins.EventEmitter {
-  initialize(): Promise<void>;
-  handleConnection(socket: plugins.net.Socket): void;
-  handleHttpRequest(req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse): void;
-}
-
-// Route-based helpers are now available directly from route-patterns.ts
-import {
-  createHttpRoute,
-  createHttpsTerminateRoute,
-  createHttpsPassthroughRoute,
-  createHttpToHttpsRedirect,
-  createCompleteHttpsServer,
-  createLoadBalancerRoute
-} from '../../proxies/smart-proxy/utils/route-patterns.js';
-
-export {
-  createHttpRoute,
-  createHttpsTerminateRoute,
-  createHttpsPassthroughRoute,
-  createHttpToHttpsRedirect,
-  createCompleteHttpsServer,
-  createLoadBalancerRoute
-};
-
-// Note: Legacy helper functions have been removed
-// Please use the route-based helpers instead:
-// - createHttpRoute
-// - createHttpsTerminateRoute
-// - createHttpsPassthroughRoute
-// - createHttpToHttpsRedirect
-import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
-
-// For backward compatibility, kept only the basic configuration interface
-export interface IForwardConfig {
-  type: TForwardingType;
-  target: {
-    host: string | string[];
-    port: number | 'preserve' | ((ctx: any) => number);
-  };
-  http?: any;
-  https?: any;
-  acme?: any;
-  security?: any;
-  advanced?: any;
-  [key: string]: any;
-}