npm - @push.rocks/smartproxy - Versions diffs - 21.1.7 → 22.6.0 - Mend

@push.rocks/smartproxy 21.1.7 → 22.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/ts/proxies/smart-proxy/route-orchestrator.ts DELETED Viewed

@@ -1,297 +0,0 @@
-import { logger } from '../../core/utils/logger.js';
-import type { IRouteConfig } from './models/route-types.js';
-import type { ILogger } from '../http-proxy/models/types.js';
-import { RouteValidator } from './utils/route-validator.js';
-import { Mutex } from './utils/mutex.js';
-import type { PortManager } from './port-manager.js';
-import type { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
-import type { HttpProxyBridge } from './http-proxy-bridge.js';
-import type { NFTablesManager } from './nftables-manager.js';
-import type { SmartCertManager } from './certificate-manager.js';
-/**
- * Orchestrates route updates and coordination between components
- * Extracted from SmartProxy to reduce class complexity
- */
-export class RouteOrchestrator {
-  private routeUpdateLock: Mutex;
-  private portManager: PortManager;
-  private routeManager: RouteManager;
-  private httpProxyBridge: HttpProxyBridge;
-  private nftablesManager: NFTablesManager;
-  private certManager: SmartCertManager | null = null;
-  private logger: ILogger;
-  constructor(
-    portManager: PortManager,
-    routeManager: RouteManager,
-    httpProxyBridge: HttpProxyBridge,
-    nftablesManager: NFTablesManager,
-    certManager: SmartCertManager | null,
-    logger: ILogger
-  ) {
-    this.portManager = portManager;
-    this.routeManager = routeManager;
-    this.httpProxyBridge = httpProxyBridge;
-    this.nftablesManager = nftablesManager;
-    this.certManager = certManager;
-    this.logger = logger;
-    this.routeUpdateLock = new Mutex();
-  }
-  /**
-   * Set or update certificate manager reference
-   */
-  public setCertManager(certManager: SmartCertManager | null): void {
-    this.certManager = certManager;
-  }
-  /**
-   * Get certificate manager reference
-   */
-  public getCertManager(): SmartCertManager | null {
-    return this.certManager;
-  }
-  /**
-   * Update routes with validation and coordination
-   */
-  public async updateRoutes(
-    oldRoutes: IRouteConfig[],
-    newRoutes: IRouteConfig[],
-    options: {
-      acmePort?: number;
-      acmeOptions?: any;
-      acmeState?: any;
-      globalChallengeRouteActive?: boolean;
-      createCertificateManager?: (
-        routes: IRouteConfig[],
-        certStore: string,
-        acmeOptions?: any,
-        initialState?: any
-      ) => Promise<SmartCertManager>;
-      verifyChallengeRouteRemoved?: () => Promise<void>;
-    } = {}
-  ): Promise<{
-    portUsageMap: Map<number, Set<string>>;
-    newChallengeRouteActive: boolean;
-    newCertManager?: SmartCertManager;
-  }> {
-    return this.routeUpdateLock.runExclusive(async () => {
-      // Validate route configurations
-      const validation = RouteValidator.validateRoutes(newRoutes);
-      if (!validation.valid) {
-        RouteValidator.logValidationErrors(validation.errors);
-        throw new Error(`Route validation failed: ${validation.errors.size} route(s) have errors`);
-      }
-      // Track port usage before and after updates
-      const oldPortUsage = this.updatePortUsageMap(oldRoutes);
-      const newPortUsage = this.updatePortUsageMap(newRoutes);
-      // Get the lists of currently listening ports and new ports needed
-      const currentPorts = new Set(this.portManager.getListeningPorts());
-      const newPortsSet = new Set(newPortUsage.keys());
-      // Log the port usage for debugging
-      this.logger.debug(`Current listening ports: ${Array.from(currentPorts).join(', ')}`);
-      this.logger.debug(`Ports needed for new routes: ${Array.from(newPortsSet).join(', ')}`);
-      // Find orphaned ports - ports that no longer have any routes
-      const orphanedPorts = this.findOrphanedPorts(oldPortUsage, newPortUsage);
-      // Find new ports that need binding (only ports that we aren't already listening on)
-      const newBindingPorts = Array.from(newPortsSet).filter(p => !currentPorts.has(p));
-      // Check for ACME challenge port to give it special handling
-      const acmePort = options.acmePort || 80;
-      const acmePortNeeded = newPortsSet.has(acmePort);
-      const acmePortListed = newBindingPorts.includes(acmePort);
-      if (acmePortNeeded && acmePortListed) {
-        this.logger.info(`Adding ACME challenge port ${acmePort} to routes`);
-      }
-      // Update NFTables routes
-      await this.updateNfTablesRoutes(oldRoutes, newRoutes);
-      // Update routes in RouteManager
-      this.routeManager.updateRoutes(newRoutes);
-      // Release orphaned ports first to free resources
-      if (orphanedPorts.length > 0) {
-        this.logger.info(`Releasing ${orphanedPorts.length} orphaned ports: ${orphanedPorts.join(', ')}`);
-        await this.portManager.removePorts(orphanedPorts);
-      }
-      // Add new ports if needed
-      if (newBindingPorts.length > 0) {
-        this.logger.info(`Binding to ${newBindingPorts.length} new ports: ${newBindingPorts.join(', ')}`);
-        // Handle port binding with improved error recovery
-        try {
-          await this.portManager.addPorts(newBindingPorts);
-        } catch (error) {
-          // Special handling for port binding errors
-          if ((error as any).code === 'EADDRINUSE') {
-            const port = (error as any).port || newBindingPorts[0];
-            const isAcmePort = port === acmePort;
-            if (isAcmePort) {
-              this.logger.warn(`Could not bind to ACME challenge port ${port}. It may be in use by another application.`);
-              // Re-throw with more helpful message
-              throw new Error(
-                `ACME challenge port ${port} is already in use by another application. ` +
-                `Configure a different port in settings.acme.port (e.g., 8080) or free up port ${port}.`
-              );
-            }
-          }
-          // Re-throw the original error for other cases
-          throw error;
-        }
-      }
-      // If HttpProxy is initialized, resync the configurations
-      if (this.httpProxyBridge.getHttpProxy()) {
-        await this.httpProxyBridge.syncRoutesToHttpProxy(newRoutes);
-      }
-      // Update certificate manager if needed
-      let newCertManager: SmartCertManager | undefined;
-      let newChallengeRouteActive = options.globalChallengeRouteActive || false;
-      if (this.certManager && options.createCertificateManager) {
-        const existingAcmeOptions = this.certManager.getAcmeOptions();
-        const existingState = this.certManager.getState();
-        // Store global state before stopping
-        newChallengeRouteActive = existingState.challengeRouteActive;
-        // Keep certificate manager routes in sync before stopping
-        this.certManager.setRoutes(newRoutes);
-        await this.certManager.stop();
-        // Verify the challenge route has been properly removed
-        if (options.verifyChallengeRouteRemoved) {
-          await options.verifyChallengeRouteRemoved();
-        }
-        // Create new certificate manager with preserved state
-        newCertManager = await options.createCertificateManager(
-          newRoutes,
-          './certs',
-          existingAcmeOptions,
-          { challengeRouteActive: newChallengeRouteActive }
-        );
-        this.certManager = newCertManager;
-      }
-      return {
-        portUsageMap: newPortUsage,
-        newChallengeRouteActive,
-        newCertManager
-      };
-    });
-  }
-  /**
-   * Update port usage map based on the provided routes
-   */
-  public updatePortUsageMap(routes: IRouteConfig[]): Map<number, Set<string>> {
-    const portUsage = new Map<number, Set<string>>();
-    for (const route of routes) {
-      // Get the ports for this route
-      const portsConfig = Array.isArray(route.match.ports)
-        ? route.match.ports
-        : [route.match.ports];
-      // Expand port range objects to individual port numbers
-      const expandedPorts: number[] = [];
-      for (const portConfig of portsConfig) {
-        if (typeof portConfig === 'number') {
-          expandedPorts.push(portConfig);
-        } else if (typeof portConfig === 'object' && 'from' in portConfig && 'to' in portConfig) {
-          // Expand the port range
-          for (let p = portConfig.from; p <= portConfig.to; p++) {
-            expandedPorts.push(p);
-          }
-        }
-      }
-      // Use route name if available, otherwise generate a unique ID
-      const routeName = route.name || `unnamed_${Math.random().toString(36).substring(2, 9)}`;
-      // Add each port to the usage map
-      for (const port of expandedPorts) {
-        if (!portUsage.has(port)) {
-          portUsage.set(port, new Set());
-        }
-        portUsage.get(port)!.add(routeName);
-      }
-    }
-    // Log port usage for debugging
-    for (const [port, routes] of portUsage.entries()) {
-      this.logger.debug(`Port ${port} is used by ${routes.size} routes: ${Array.from(routes).join(', ')}`);
-    }
-    return portUsage;
-  }
-  /**
-   * Find ports that have no routes in the new configuration
-   */
-  private findOrphanedPorts(oldUsage: Map<number, Set<string>>, newUsage: Map<number, Set<string>>): number[] {
-    const orphanedPorts: number[] = [];
-    for (const [port, routes] of oldUsage.entries()) {
-      if (!newUsage.has(port) || newUsage.get(port)!.size === 0) {
-        orphanedPorts.push(port);
-      }
-    }
-    return orphanedPorts;
-  }
-  /**
-   * Update NFTables routes
-   */
-  private async updateNfTablesRoutes(oldRoutes: IRouteConfig[], newRoutes: IRouteConfig[]): Promise<void> {
-    // Get existing routes that use NFTables and update them
-    const oldNfTablesRoutes = oldRoutes.filter(
-      r => r.action.forwardingEngine === 'nftables'
-    );
-    const newNfTablesRoutes = newRoutes.filter(
-      r => r.action.forwardingEngine === 'nftables'
-    );
-    // Update existing NFTables routes
-    for (const oldRoute of oldNfTablesRoutes) {
-      const newRoute = newNfTablesRoutes.find(r => r.name === oldRoute.name);
-      if (!newRoute) {
-        // Route was removed
-        await this.nftablesManager.deprovisionRoute(oldRoute);
-      } else {
-        // Route was updated
-        await this.nftablesManager.updateRoute(oldRoute, newRoute);
-      }
-    }
-    // Add new NFTables routes
-    for (const newRoute of newNfTablesRoutes) {
-      const oldRoute = oldNfTablesRoutes.find(r => r.name === newRoute.name);
-      if (!oldRoute) {
-        // New route
-        await this.nftablesManager.provisionRoute(newRoute);
-      }
-    }
-  }
-}

package/ts/proxies/smart-proxy/security-manager.ts DELETED Viewed

@@ -1,257 +0,0 @@
-import * as plugins from '../../plugins.js';
-import type { SmartProxy } from './smart-proxy.js';
-import { logger } from '../../core/utils/logger.js';
-import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
-/**
- * Handles security aspects like IP tracking, rate limiting, and authorization
- */
-export class SecurityManager {
-  private connectionsByIP: Map<string, Set<string>> = new Map();
-  private connectionRateByIP: Map<string, number[]> = new Map();
-  private cleanupInterval: NodeJS.Timeout | null = null;
-  constructor(private smartProxy: SmartProxy) {
-    // Start periodic cleanup every 60 seconds
-    this.startPeriodicCleanup();
-  }
-  /**
-   * Get connections count by IP
-   */
-  public getConnectionCountByIP(ip: string): number {
-    return this.connectionsByIP.get(ip)?.size || 0;
-  }
-  /**
-   * Check and update connection rate for an IP
-   * @returns true if within rate limit, false if exceeding limit
-   */
-  public checkConnectionRate(ip: string): boolean {
-    const now = Date.now();
-    const minute = 60 * 1000;
-    if (!this.connectionRateByIP.has(ip)) {
-      this.connectionRateByIP.set(ip, [now]);
-      return true;
-    }
-    // Get timestamps and filter out entries older than 1 minute
-    const timestamps = this.connectionRateByIP.get(ip)!.filter((time) => now - time < minute);
-    timestamps.push(now);
-    this.connectionRateByIP.set(ip, timestamps);
-    // Check if rate exceeds limit
-    return timestamps.length <= this.smartProxy.settings.connectionRateLimitPerMinute!;
-  }
-  /**
-   * Track connection by IP
-   */
-  public trackConnectionByIP(ip: string, connectionId: string): void {
-    if (!this.connectionsByIP.has(ip)) {
-      this.connectionsByIP.set(ip, new Set());
-    }
-    this.connectionsByIP.get(ip)!.add(connectionId);
-  }
-  /**
-   * Remove connection tracking for an IP
-   */
-  public removeConnectionByIP(ip: string, connectionId: string): void {
-    if (this.connectionsByIP.has(ip)) {
-      const connections = this.connectionsByIP.get(ip)!;
-      connections.delete(connectionId);
-      if (connections.size === 0) {
-        this.connectionsByIP.delete(ip);
-      }
-    }
-  }
-  /**
-   * Check if an IP is authorized using security rules
-   *
-   * This method is used to determine if an IP is allowed to connect, based on security
-   * rules configured in the route configuration. The allowed and blocked IPs are
-   * typically derived from route.security.ipAllowList and ipBlockList.
-   *
-   * @param ip - The IP address to check
-   * @param allowedIPs - Array of allowed IP patterns from security.ipAllowList
-   * @param blockedIPs - Array of blocked IP patterns from security.ipBlockList
-   * @returns true if IP is authorized, false if blocked
-   */
-  public isIPAuthorized(ip: string, allowedIPs: string[], blockedIPs: string[] = []): boolean {
-    // Skip IP validation if allowedIPs is empty
-    if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) {
-      return true;
-    }
-    // First check if IP is blocked - blocked IPs take precedence
-    if (blockedIPs.length > 0 && this.isGlobIPMatch(ip, blockedIPs)) {
-      return false;
-    }
-    // Then check if IP is allowed
-    return this.isGlobIPMatch(ip, allowedIPs);
-  }
-  /**
-   * Check if the IP matches any of the glob patterns from security configuration
-   *
-   * This method checks IP addresses against glob patterns and handles IPv4/IPv6 normalization.
-   * It's used to implement IP filtering based on the route.security configuration.
-   *
-   * @param ip - The IP address to check
-   * @param patterns - Array of glob patterns from security.ipAllowList or ipBlockList
-   * @returns true if IP matches any pattern, false otherwise
-   */
-  private isGlobIPMatch(ip: string, patterns: string[]): boolean {
-    if (!ip || !patterns || patterns.length === 0) return false;
-    // Handle IPv4/IPv6 normalization for proper matching
-    const normalizeIP = (ip: string): string[] => {
-      if (!ip) return [];
-      // Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
-      if (ip.startsWith('::ffff:')) {
-        const ipv4 = ip.slice(7);
-        return [ip, ipv4];
-      }
-      // Handle IPv4 addresses by also checking IPv4-mapped form
-      if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-        return [ip, `::ffff:${ip}`];
-      }
-      return [ip];
-    };
-    // Normalize the IP being checked
-    const normalizedIPVariants = normalizeIP(ip);
-    if (normalizedIPVariants.length === 0) return false;
-    // Expand shorthand patterns and normalize IPs for consistent comparison
-    const expandShorthand = (pattern: string): string => {
-      // Expand shorthand IP patterns like '192.168.*' to '192.168.*.*'
-      if (pattern.includes('*') && !pattern.includes(':')) {
-        const parts = pattern.split('.');
-        while (parts.length < 4) {
-          parts.push('*');
-        }
-        return parts.join('.');
-      }
-      return pattern;
-    };
-    const expandedPatterns = patterns.map(expandShorthand).flatMap(normalizeIP);
-    // Check for any match between normalized IP variants and patterns
-    return normalizedIPVariants.some((ipVariant) =>
-      expandedPatterns.some((pattern) => plugins.minimatch(ipVariant, pattern))
-    );
-  }
-  /**
-   * Check if IP should be allowed considering connection rate and max connections
-   * @returns Object with result and reason
-   */
-  public validateIP(ip: string): { allowed: boolean; reason?: string } {
-    // Check connection count limit
-    if (
-      this.smartProxy.settings.maxConnectionsPerIP &&
-      this.getConnectionCountByIP(ip) >= this.smartProxy.settings.maxConnectionsPerIP
-    ) {
-      return {
-        allowed: false,
-        reason: `Maximum connections per IP (${this.smartProxy.settings.maxConnectionsPerIP}) exceeded`
-      };
-    }
-    // Check connection rate limit
-    if (
-      this.smartProxy.settings.connectionRateLimitPerMinute &&
-      !this.checkConnectionRate(ip)
-    ) {
-      return {
-        allowed: false,
-        reason: `Connection rate limit (${this.smartProxy.settings.connectionRateLimitPerMinute}/min) exceeded`
-      };
-    }
-    return { allowed: true };
-  }
-  /**
-   * Clears all IP tracking data (for shutdown)
-   */
-  public clearIPTracking(): void {
-    if (this.cleanupInterval) {
-      clearInterval(this.cleanupInterval);
-      this.cleanupInterval = null;
-    }
-    this.connectionsByIP.clear();
-    this.connectionRateByIP.clear();
-  }
-  /**
-   * Start periodic cleanup of expired data
-   */
-  private startPeriodicCleanup(): void {
-    this.cleanupInterval = setInterval(() => {
-      this.performCleanup();
-    }, 60000); // Run every minute
-    // Unref the timer so it doesn't keep the process alive
-    if (this.cleanupInterval.unref) {
-      this.cleanupInterval.unref();
-    }
-  }
-  /**
-   * Perform cleanup of expired rate limits and empty IP entries
-   */
-  private performCleanup(): void {
-    const now = Date.now();
-    const minute = 60 * 1000;
-    let cleanedRateLimits = 0;
-    let cleanedIPs = 0;
-    // Clean up expired rate limit timestamps
-    for (const [ip, timestamps] of this.connectionRateByIP.entries()) {
-      const validTimestamps = timestamps.filter(time => now - time < minute);
-      if (validTimestamps.length === 0) {
-        // No valid timestamps, remove the IP entry
-        this.connectionRateByIP.delete(ip);
-        cleanedRateLimits++;
-      } else if (validTimestamps.length < timestamps.length) {
-        // Some timestamps expired, update with valid ones
-        this.connectionRateByIP.set(ip, validTimestamps);
-      }
-    }
-    // Clean up IPs with no active connections
-    for (const [ip, connections] of this.connectionsByIP.entries()) {
-      if (connections.size === 0) {
-        this.connectionsByIP.delete(ip);
-        cleanedIPs++;
-      }
-    }
-    // Log cleanup stats if anything was cleaned
-    if (cleanedRateLimits > 0 || cleanedIPs > 0) {
-      if (this.smartProxy.settings.enableDetailedLogging) {
-        connectionLogDeduplicator.log(
-          'ip-cleanup',
-          'debug',
-          'IP tracking cleanup completed',
-          {
-            cleanedRateLimits,
-            cleanedIPs,
-            remainingIPs: this.connectionsByIP.size,
-            remainingRateLimits: this.connectionRateByIP.size,
-            component: 'security-manager'
-          },
-          'periodic-cleanup'
-        );
-      }
-    }
-  }
-}

package/ts/proxies/smart-proxy/throughput-tracker.ts DELETED Viewed

@@ -1,138 +0,0 @@
-import type { IThroughputSample, IThroughputData, IThroughputHistoryPoint } from './models/metrics-types.js';
-/**
- * Tracks throughput data using time-series sampling
- */
-export class ThroughputTracker {
-  private samples: IThroughputSample[] = [];
-  private readonly maxSamples: number;
-  private accumulatedBytesIn: number = 0;
-  private accumulatedBytesOut: number = 0;
-  private lastSampleTime: number = 0;
-  constructor(retentionSeconds: number = 3600) {
-    // Keep samples for the retention period at 1 sample per second
-    this.maxSamples = retentionSeconds;
-  }
-  /**
-   * Record bytes transferred (called on every data transfer)
-   */
-  public recordBytes(bytesIn: number, bytesOut: number): void {
-    this.accumulatedBytesIn += bytesIn;
-    this.accumulatedBytesOut += bytesOut;
-  }
-  /**
-   * Take a sample of accumulated bytes (called every second)
-   */
-  public takeSample(): void {
-    const now = Date.now();
-    // Record accumulated bytes since last sample
-    this.samples.push({
-      timestamp: now,
-      bytesIn: this.accumulatedBytesIn,
-      bytesOut: this.accumulatedBytesOut
-    });
-    // Reset accumulators
-    this.accumulatedBytesIn = 0;
-    this.accumulatedBytesOut = 0;
-    this.lastSampleTime = now;
-    // Maintain circular buffer - remove oldest samples
-    if (this.samples.length > this.maxSamples) {
-      this.samples.shift();
-    }
-  }
-  /**
-   * Get throughput rate over specified window (bytes per second)
-   */
-  public getRate(windowSeconds: number): IThroughputData {
-    if (this.samples.length === 0) {
-      return { in: 0, out: 0 };
-    }
-    const now = Date.now();
-    const windowStart = now - (windowSeconds * 1000);
-    // Find samples within the window
-    const relevantSamples = this.samples.filter(s => s.timestamp > windowStart);
-    if (relevantSamples.length === 0) {
-      return { in: 0, out: 0 };
-    }
-    // Calculate total bytes in window
-    const totalBytesIn = relevantSamples.reduce((sum, s) => sum + s.bytesIn, 0);
-    const totalBytesOut = relevantSamples.reduce((sum, s) => sum + s.bytesOut, 0);
-    // Use actual number of seconds covered by samples for accurate rate
-    const oldestSampleTime = relevantSamples[0].timestamp;
-    const newestSampleTime = relevantSamples[relevantSamples.length - 1].timestamp;
-    const actualSeconds = Math.max(1, (newestSampleTime - oldestSampleTime) / 1000 + 1);
-    return {
-      in: Math.round(totalBytesIn / actualSeconds),
-      out: Math.round(totalBytesOut / actualSeconds)
-    };
-  }
-  /**
-   * Get throughput history for specified duration
-   */
-  public getHistory(durationSeconds: number): IThroughputHistoryPoint[] {
-    const now = Date.now();
-    const startTime = now - (durationSeconds * 1000);
-    // Filter samples within duration
-    const relevantSamples = this.samples.filter(s => s.timestamp > startTime);
-    // Convert to history points with per-second rates
-    const history: IThroughputHistoryPoint[] = [];
-    for (let i = 0; i < relevantSamples.length; i++) {
-      const sample = relevantSamples[i];
-      // For the first sample or samples after gaps, we can't calculate rate
-      if (i === 0 || sample.timestamp - relevantSamples[i - 1].timestamp > 2000) {
-        history.push({
-          timestamp: sample.timestamp,
-          in: sample.bytesIn,
-          out: sample.bytesOut
-        });
-      } else {
-        // Calculate rate based on time since previous sample
-        const prevSample = relevantSamples[i - 1];
-        const timeDelta = (sample.timestamp - prevSample.timestamp) / 1000;
-        history.push({
-          timestamp: sample.timestamp,
-          in: Math.round(sample.bytesIn / timeDelta),
-          out: Math.round(sample.bytesOut / timeDelta)
-        });
-      }
-    }
-    return history;
-  }
-  /**
-   * Clear all samples
-   */
-  public clear(): void {
-    this.samples = [];
-    this.accumulatedBytesIn = 0;
-    this.accumulatedBytesOut = 0;
-    this.lastSampleTime = 0;
-  }
-  /**
-   * Get sample count for debugging
-   */
-  public getSampleCount(): number {
-    return this.samples.length;
-  }
-}