npm - @push.rocks/smartproxy - Versions diffs - 21.1.7 → 22.6.0 - Mend

@push.rocks/smartproxy 21.1.7 → 22.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/ts/00_commitinfo_data.ts CHANGED Viewed

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '21.1.7',
+  version: '22.6.0',
   description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
 }

package/ts/core/utils/shared-security-manager.ts CHANGED Viewed

@@ -148,31 +148,66 @@ export class SharedSecurityManager {
   /**
    * Validate IP against rate limits and connection limits
-   *
+   *
    * @param ip - The IP address to validate
    * @returns Result with allowed status and reason if blocked
    */
   public validateIP(ip: string): IIpValidationResult {
     // Check connection count limit
     const connectionResult = checkMaxConnections(
-      ip,
-      this.connectionsByIP,
+      ip,
+      this.connectionsByIP,
       this.maxConnectionsPerIP
     );
     if (!connectionResult.allowed) {
       return connectionResult;
     }
     // Check connection rate limit
     const rateResult = checkConnectionRate(
-      ip,
-      this.connectionsByIP,
+      ip,
+      this.connectionsByIP,
       this.connectionRateLimitPerMinute
     );
     if (!rateResult.allowed) {
       return rateResult;
     }
+    return { allowed: true };
+  }
+  /**
+   * Atomically validate an IP and track the connection if allowed.
+   * This prevents race conditions where concurrent connections could bypass per-IP limits.
+   *
+   * @param ip - The IP address to validate
+   * @param connectionId - The connection ID to track if validation passes
+   * @returns Object with validation result and reason
+   */
+  public validateAndTrackIP(ip: string, connectionId: string): IIpValidationResult {
+    // Check connection count limit BEFORE tracking
+    const connectionResult = checkMaxConnections(
+      ip,
+      this.connectionsByIP,
+      this.maxConnectionsPerIP
+    );
+    if (!connectionResult.allowed) {
+      return connectionResult;
+    }
+    // Check connection rate limit
+    const rateResult = checkConnectionRate(
+      ip,
+      this.connectionsByIP,
+      this.connectionRateLimitPerMinute
+    );
+    if (!rateResult.allowed) {
+      return rateResult;
+    }
+    // Validation passed - immediately track to prevent race conditions
+    this.trackConnectionByIP(ip, connectionId);
     return { allowed: true };
   }
@@ -304,7 +339,7 @@ export class SharedSecurityManager {
   /**
    * Validate HTTP Basic Authentication
-   *
+   *
    * @param route - The route to check
    * @param authHeader - The Authorization header
    * @returns Whether authentication is valid
@@ -314,26 +349,76 @@ export class SharedSecurityManager {
     if (!route.security?.basicAuth?.enabled) {
       return true;
     }
     // No auth header means auth failed
     if (!authHeader) {
       return false;
     }
     // Parse auth header
     const credentials = parseBasicAuthHeader(authHeader);
     if (!credentials) {
       return false;
     }
     // Check credentials against configured users
     const { username, password } = credentials;
     const users = route.security.basicAuth.users;
-    return users.some(user =>
+    return users.some(user =>
       user.username === username && user.password === password
     );
   }
+  /**
+   * Verify a JWT token against route configuration
+   *
+   * @param route - The route to verify the token for
+   * @param token - The JWT token to verify
+   * @returns True if the token is valid, false otherwise
+   */
+  public verifyJwtToken(route: IRouteConfig, token: string): boolean {
+    if (!route.security?.jwtAuth?.enabled) {
+      return true;
+    }
+    try {
+      const jwtAuth = route.security.jwtAuth;
+      // Verify structure (header.payload.signature)
+      const parts = token.split('.');
+      if (parts.length !== 3) {
+        return false;
+      }
+      // Decode payload
+      const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+      // Check expiration
+      if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) {
+        return false;
+      }
+      // Check issuer
+      if (jwtAuth.issuer && payload.iss !== jwtAuth.issuer) {
+        return false;
+      }
+      // Check audience
+      if (jwtAuth.audience && payload.aud !== jwtAuth.audience) {
+        return false;
+      }
+      // Note: In a real implementation, you'd also verify the signature
+      // using the secret and algorithm specified in jwtAuth.
+      // This requires a proper JWT library for cryptographic verification.
+      return true;
+    } catch (err) {
+      this.logger?.error?.(`Error verifying JWT: ${err}`);
+      return false;
+    }
+  }
   /**
    * Clean up caches to prevent memory leaks

package/ts/index.ts CHANGED Viewed

@@ -5,15 +5,10 @@
 // NFTables proxy exports
 export * from './proxies/nftables-proxy/index.js';
-// Export HttpProxy elements
-export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './proxies/http-proxy/index.js';
-export type { IMetricsTracker, MetricsTracker } from './proxies/http-proxy/index.js';
-export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './proxies/http-proxy/models/types.js';
-export { SharedRouteManager as HttpProxyRouteManager } from './core/routing/route-manager.js';
-// Export SmartProxy elements selectively to avoid RouteManager ambiguity
-export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler, SmartCertManager } from './proxies/smart-proxy/index.js';
+// Export SmartProxy elements
+export { SmartProxy } from './proxies/smart-proxy/index.js';
 export { SharedRouteManager as RouteManager } from './core/routing/route-manager.js';
 // Export smart-proxy models
 export type { ISmartProxyOptions, IConnectionRecord, IRouteConfig, IRouteMatch, IRouteAction, IRouteTls, IRouteContext } from './proxies/smart-proxy/models/index.js';
 export type { TSmartProxyCertProvisionObject } from './proxies/smart-proxy/models/interfaces.js';
@@ -22,8 +17,6 @@ export * from './proxies/smart-proxy/utils/index.js';
 // Original: export * from './smartproxy/classes.pp.snihandler.js'
 // Now we export from the new module
 export { SniHandler } from './tls/sni/sni-handler.js';
-// Original: export * from './smartproxy/classes.pp.interfaces.js'
-// Now we export from the new module (selectively to avoid conflicts)
 // Core types and utilities
 export * from './core/models/common-types.js';
@@ -32,8 +25,7 @@ export * from './core/models/common-types.js';
 export type { IAcmeOptions } from './proxies/smart-proxy/models/interfaces.js';
 // Modular exports for new architecture
-// Certificate module has been removed - use SmartCertManager instead
 export * as tls from './tls/index.js';
 export * as routing from './routing/index.js';
 export * as detection from './detection/index.js';
-export * as protocols from './protocols/index.js';
+export * as protocols from './protocols/index.js';

package/ts/protocols/common/fragment-handler.ts CHANGED Viewed

@@ -49,6 +49,10 @@ export class FragmentHandler {
         () => this.cleanup(),
         options.cleanupInterval
       );
+      // Don't let this timer prevent process exit
+      if (this.cleanupTimer.unref) {
+        this.cleanupTimer.unref();
+      }
     }
   }

package/ts/proxies/index.ts CHANGED Viewed

@@ -2,16 +2,8 @@
  * Proxy implementations module
  */
-// Export HttpProxy with selective imports to avoid conflicts
-export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './http-proxy/index.js';
-export type { IMetricsTracker, MetricsTracker } from './http-proxy/index.js';
-// Export http-proxy models except IAcmeOptions
-export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './http-proxy/models/types.js';
-// RouteManager has been unified - use SharedRouteManager from core/routing
-export { SharedRouteManager as HttpProxyRouteManager } from '../core/routing/route-manager.js';
 // Export SmartProxy with selective imports to avoid conflicts
-export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler } from './smart-proxy/index.js';
+export { SmartProxy } from './smart-proxy/index.js';
 export { SharedRouteManager as SmartProxyRouteManager } from '../core/routing/route-manager.js';
 export * from './smart-proxy/utils/index.js';
 // Export smart-proxy models except IAcmeOptions

package/ts/proxies/nftables-proxy/index.ts CHANGED Viewed

@@ -3,3 +3,4 @@
  */
 export * from './nftables-proxy.js';
 export * from './models/index.js';
+export * from './utils/index.js';