@push.rocks/smartproxy 22.4.2 → 22.6.0

package/ts/proxies/smart-proxy/timeout-manager.ts

@@ -1,196 +0,0 @@
-import type { IConnectionRecord } from './models/interfaces.js';
-import type { SmartProxy } from './smart-proxy.js';
-
-/**
- * Manages timeouts and inactivity tracking for connections
- */
-export class TimeoutManager {
-  constructor(private smartProxy: SmartProxy) {}
-  
-  /**
-   * Ensure timeout values don't exceed Node.js max safe integer
-   */
-  public ensureSafeTimeout(timeout: number): number {
-    const MAX_SAFE_TIMEOUT = 2147483647; // Maximum safe value (2^31 - 1)
-    return Math.min(Math.floor(timeout), MAX_SAFE_TIMEOUT);
-  }
-  
-  /**
-   * Generate a slightly randomized timeout to prevent thundering herd
-   */
-  public randomizeTimeout(baseTimeout: number, variationPercent: number = 5): number {
-    const safeBaseTimeout = this.ensureSafeTimeout(baseTimeout);
-    const variation = safeBaseTimeout * (variationPercent / 100);
-    return this.ensureSafeTimeout(
-      safeBaseTimeout + Math.floor(Math.random() * variation * 2) - variation
-    );
-  }
-  
-  /**
-   * Update connection activity timestamp
-   */
-  public updateActivity(record: IConnectionRecord): void {
-    record.lastActivity = Date.now();
-
-    // Clear any inactivity warning
-    if (record.inactivityWarningIssued) {
-      record.inactivityWarningIssued = false;
-    }
-  }
-
-  /**
-   * Calculate effective inactivity timeout based on connection type
-   */
-  public getEffectiveInactivityTimeout(record: IConnectionRecord): number {
-    let effectiveTimeout = this.smartProxy.settings.inactivityTimeout || 14400000; // 4 hours default
-    
-    // For immortal keep-alive connections, use an extremely long timeout
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'immortal') {
-      return Number.MAX_SAFE_INTEGER;
-    }
-    
-    // For extended keep-alive connections, apply multiplier
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'extended') {
-      const multiplier = this.smartProxy.settings.keepAliveInactivityMultiplier || 6;
-      effectiveTimeout = effectiveTimeout * multiplier;
-    }
-    
-    return this.ensureSafeTimeout(effectiveTimeout);
-  }
-  
-  /**
-   * Calculate effective max lifetime based on connection type
-   */
-  public getEffectiveMaxLifetime(record: IConnectionRecord): number {
-    // Use route-specific timeout if available from the routeConfig
-    const baseTimeout = record.routeConfig?.action.advanced?.timeout ||
-                        this.smartProxy.settings.maxConnectionLifetime ||
-                        86400000; // 24 hours default
-    
-    // For immortal keep-alive connections, use an extremely long lifetime
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'immortal') {
-      return Number.MAX_SAFE_INTEGER;
-    }
-    
-    // For extended keep-alive connections, use the extended lifetime setting
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'extended') {
-      return this.ensureSafeTimeout(
-        this.smartProxy.settings.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000 // 7 days default
-      );
-    }
-    
-    // Apply randomization if enabled
-    if (this.smartProxy.settings.enableRandomizedTimeouts) {
-      return this.randomizeTimeout(baseTimeout);
-    }
-    
-    return this.ensureSafeTimeout(baseTimeout);
-  }
-  
-  /**
-   * Setup connection timeout
-   * @returns The cleanup timer
-   */
-  public setupConnectionTimeout(
-    record: IConnectionRecord,
-    onTimeout: (record: IConnectionRecord, reason: string) => void
-  ): NodeJS.Timeout | null {
-    // Clear any existing timer
-    if (record.cleanupTimer) {
-      clearTimeout(record.cleanupTimer);
-    }
-    
-    // Skip timeout for immortal keep-alive connections
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'immortal') {
-      return null;
-    }
-    
-    // Calculate effective timeout
-    const effectiveLifetime = this.getEffectiveMaxLifetime(record);
-    
-    // Set up the timeout
-    const timer = setTimeout(() => {
-      // Call the provided callback
-      onTimeout(record, 'connection_timeout');
-    }, effectiveLifetime);
-    
-    // Make sure timeout doesn't keep the process alive
-    if (timer.unref) {
-      timer.unref();
-    }
-    
-    return timer;
-  }
-  
-  /**
-   * Check for inactivity on a connection
-   * @returns Object with check results
-   */
-  public checkInactivity(record: IConnectionRecord): {
-    isInactive: boolean;
-    shouldWarn: boolean;
-    inactivityTime: number;
-    effectiveTimeout: number;
-  } {
-    // Skip for connections with inactivity check disabled
-    if (this.smartProxy.settings.disableInactivityCheck) {
-      return {
-        isInactive: false,
-        shouldWarn: false,
-        inactivityTime: 0,
-        effectiveTimeout: 0
-      };
-    }
-    
-    // Skip for immortal keep-alive connections
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'immortal') {
-      return {
-        isInactive: false,
-        shouldWarn: false,
-        inactivityTime: 0,
-        effectiveTimeout: 0
-      };
-    }
-    
-    const now = Date.now();
-    const inactivityTime = now - record.lastActivity;
-    const effectiveTimeout = this.getEffectiveInactivityTimeout(record);
-    
-    // Check if inactive
-    const isInactive = inactivityTime > effectiveTimeout;
-    
-    // For keep-alive connections, we should warn first
-    const shouldWarn = record.hasKeepAlive && 
-                       isInactive && 
-                       !record.inactivityWarningIssued;
-    
-    return {
-      isInactive,
-      shouldWarn,
-      inactivityTime,
-      effectiveTimeout
-    };
-  }
-  
-  /**
-   * Apply socket timeout settings
-   */
-  public applySocketTimeouts(record: IConnectionRecord): void {
-    // Skip for immortal keep-alive connections
-    if (record.hasKeepAlive && this.smartProxy.settings.keepAliveTreatment === 'immortal') {
-      // Disable timeouts completely for immortal connections
-      record.incoming.setTimeout(0);
-      if (record.outgoing) {
-        record.outgoing.setTimeout(0);
-      }
-      return;
-    }
-    
-    // Apply normal timeouts
-    const timeout = this.ensureSafeTimeout(this.smartProxy.settings.socketTimeout || 3600000); // 1 hour default
-    record.incoming.setTimeout(timeout);
-    if (record.outgoing) {
-      record.outgoing.setTimeout(timeout);
-    }
-  }
-}

package/ts/proxies/smart-proxy/tls-manager.ts

@@ -1,171 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { SniHandler } from '../../tls/sni/sni-handler.js';
-import { ProtocolDetector, TlsDetector } from '../../detection/index.js';
-import type { SmartProxy } from './smart-proxy.js';
-
-/**
- * Interface for connection information used for SNI extraction
- */
-interface IConnectionInfo {
-  sourceIp: string;
-  sourcePort: number;
-  destIp: string;
-  destPort: number;
-}
-
-/**
- * Manages TLS-related operations including SNI extraction and validation
- */
-export class TlsManager {
-  constructor(private smartProxy: SmartProxy) {}
-  
-  /**
-   * Check if a data chunk appears to be a TLS handshake
-   */
-  public isTlsHandshake(chunk: Buffer): boolean {
-    return SniHandler.isTlsHandshake(chunk);
-  }
-  
-  /**
-   * Check if a data chunk appears to be a TLS ClientHello
-   */
-  public isClientHello(chunk: Buffer): boolean {
-    return SniHandler.isClientHello(chunk);
-  }
-  
-  /**
-   * Extract Server Name Indication (SNI) from TLS handshake
-   */
-  public extractSNI(
-    chunk: Buffer, 
-    connInfo: IConnectionInfo, 
-    previousDomain?: string
-  ): string | undefined {
-    // Use the SniHandler to process the TLS packet
-    return SniHandler.processTlsPacket(
-      chunk,
-      connInfo,
-      this.smartProxy.settings.enableTlsDebugLogging || false,
-      previousDomain
-    );
-  }
-  
-/**
-   * Check for SNI mismatch during renegotiation
-   */
-  public checkRenegotiationSNI(
-    chunk: Buffer,
-    connInfo: IConnectionInfo,
-    expectedDomain: string,
-    connectionId: string
-  ): { hasMismatch: boolean; extractedSNI?: string } {
-    // Only process if this looks like a TLS ClientHello
-    if (!this.isClientHello(chunk)) {
-      return { hasMismatch: false };
-    }
-    
-    try {
-      // Extract SNI with renegotiation support
-      const newSNI = SniHandler.extractSNIWithResumptionSupport(
-        chunk,
-        connInfo,
-        this.smartProxy.settings.enableTlsDebugLogging || false
-      );
-
-      // Skip if no SNI was found
-      if (!newSNI) return { hasMismatch: false };
-
-      // Check for SNI mismatch
-      if (newSNI !== expectedDomain) {
-        if (this.smartProxy.settings.enableTlsDebugLogging) {
-          console.log(
-            `[${connectionId}] Renegotiation with different SNI: ${expectedDomain} -> ${newSNI}. ` +
-            `Terminating connection - SNI domain switching is not allowed.`
-          );
-        }
-        return { hasMismatch: true, extractedSNI: newSNI };
-      } else if (this.smartProxy.settings.enableTlsDebugLogging) {
-        console.log(
-          `[${connectionId}] Renegotiation detected with same SNI: ${newSNI}. Allowing.`
-        );
-      }
-    } catch (err) {
-      console.log(
-        `[${connectionId}] Error processing ClientHello: ${err}. Allowing connection to continue.`
-      );
-    }
-    
-    return { hasMismatch: false };
-  }
-  
-  /**
-   * Create a renegotiation handler function for a connection
-   */
-  public createRenegotiationHandler(
-    connectionId: string,
-    lockedDomain: string,
-    connInfo: IConnectionInfo,
-    onMismatch: (connectionId: string, reason: string) => void
-  ): (chunk: Buffer) => void {
-    return (chunk: Buffer) => {
-      const result = this.checkRenegotiationSNI(chunk, connInfo, lockedDomain, connectionId);
-      if (result.hasMismatch) {
-        onMismatch(connectionId, 'sni_mismatch');
-      }
-    };
-  }
-  
-  /**
-   * Analyze TLS connection for browser fingerprinting
-   * This helps identify browser vs non-browser connections
-   */
-  public analyzeClientHello(chunk: Buffer): { 
-    isBrowserConnection: boolean; 
-    isRenewal: boolean;
-    hasSNI: boolean;
-  } {
-    // Default result
-    const result = { 
-      isBrowserConnection: false, 
-      isRenewal: false,
-      hasSNI: false
-    };
-    
-    try {
-      // Check if it's a ClientHello
-      if (!this.isClientHello(chunk)) {
-        return result;
-      }
-      
-      // Check for session resumption
-      const resumptionInfo = SniHandler.hasSessionResumption(
-        chunk,
-        this.smartProxy.settings.enableTlsDebugLogging || false
-      );
-      
-      // Extract SNI
-      const sni = SniHandler.extractSNI(
-        chunk,
-        this.smartProxy.settings.enableTlsDebugLogging || false
-      );
-      
-      // Update result
-      result.isRenewal = resumptionInfo.isResumption;
-      result.hasSNI = !!sni;
-      
-      // Browsers typically:
-      // 1. Send SNI extension
-      // 2. Have a variety of extensions (ALPN, etc.)
-      // 3. Use standard cipher suites
-      // ...more complex heuristics could be implemented here
-      
-      // Simple heuristic: presence of SNI suggests browser
-      result.isBrowserConnection = !!sni; 
-      
-      return result;
-    } catch (err) {
-      console.log(`Error analyzing ClientHello: ${err}`);
-      return result;
-    }
-  }
-}