@push.rocks/smartproxy 22.4.2 → 23.0.0

package/ts/proxies/smart-proxy/socket-handler-server.ts

@@ -0,0 +1,279 @@
+import * as plugins from '../../plugins.js';
+import { logger } from '../../core/utils/logger.js';
+import type { IRouteConfig, IRouteContext } from './models/route-types.js';
+import type { RoutePreprocessor } from './route-preprocessor.js';
+
+/**
+ * Unix domain socket server that receives relayed connections from the Rust proxy.
+ *
+ * When Rust encounters a route of type `socket-handler`, it connects to this
+ * Unix socket, sends a JSON metadata line, then proxies the raw TCP bytes.
+ * This server reads the metadata, finds the original JS handler, builds an
+ * IRouteContext, and hands the socket to the handler.
+ */
+export class SocketHandlerServer {
+  private server: plugins.net.Server | null = null;
+  private socketPath: string;
+  private preprocessor: RoutePreprocessor;
+  private activeSockets = new Set<plugins.net.Socket>();
+
+  constructor(preprocessor: RoutePreprocessor) {
+    this.preprocessor = preprocessor;
+    this.socketPath = `/tmp/smartproxy-relay-${process.pid}.sock`;
+  }
+
+  /**
+   * The Unix socket path this server listens on.
+   */
+  public getSocketPath(): string {
+    return this.socketPath;
+  }
+
+  /**
+   * Start listening for relayed connections from Rust.
+   */
+  public async start(): Promise<void> {
+    // Clean up stale socket file
+    try {
+      await plugins.fs.promises.unlink(this.socketPath);
+    } catch {
+      // Ignore if doesn't exist
+    }
+
+    return new Promise<void>((resolve, reject) => {
+      this.server = plugins.net.createServer((socket) => {
+        this.activeSockets.add(socket);
+        socket.on('close', () => this.activeSockets.delete(socket));
+        this.handleConnection(socket);
+      });
+
+      this.server.on('error', (err) => {
+        logger.log('error', `SocketHandlerServer error: ${err.message}`, { component: 'socket-handler-server' });
+      });
+
+      this.server.listen(this.socketPath, () => {
+        logger.log('info', `SocketHandlerServer listening on ${this.socketPath}`, { component: 'socket-handler-server' });
+        resolve();
+      });
+
+      this.server.on('error', reject);
+    });
+  }
+
+  /**
+   * Stop the server and clean up.
+   */
+  public async stop(): Promise<void> {
+    // Destroy all active connections first
+    for (const socket of this.activeSockets) {
+      socket.destroy();
+    }
+    this.activeSockets.clear();
+
+    if (this.server) {
+      return new Promise<void>((resolve) => {
+        this.server!.close(() => {
+          this.server = null;
+          // Clean up socket file
+          plugins.fs.unlink(this.socketPath, () => resolve());
+        });
+      });
+    }
+  }
+
+  /**
+   * Handle an incoming relayed connection from Rust.
+   *
+   * Protocol: Rust sends a single JSON line with metadata, then raw bytes follow.
+   * JSON format: { "routeKey": "my-route", "remoteIP": "1.2.3.4", "remotePort": 12345,
+   *                "localPort": 443, "isTLS": true, "domain": "example.com" }
+   */
+  private handleConnection(socket: plugins.net.Socket): void {
+    let metadataBuffer = '';
+    let metadataParsed = false;
+
+    const onData = (chunk: Buffer) => {
+      if (metadataParsed) return;
+
+      metadataBuffer += chunk.toString('utf8');
+      const newlineIndex = metadataBuffer.indexOf('\n');
+
+      if (newlineIndex === -1) {
+        // Haven't received full metadata line yet
+        if (metadataBuffer.length > 8192) {
+          logger.log('error', 'Socket handler metadata too large, closing', { component: 'socket-handler-server' });
+          socket.destroy();
+        }
+        return;
+      }
+
+      metadataParsed = true;
+      socket.removeListener('data', onData);
+      socket.pause(); // Prevent data loss between handler removal and pipe setup
+
+      const metadataJson = metadataBuffer.slice(0, newlineIndex);
+      const remainingData = metadataBuffer.slice(newlineIndex + 1);
+
+      let metadata: any;
+      try {
+        metadata = JSON.parse(metadataJson);
+      } catch {
+        logger.log('error', `Invalid socket handler metadata JSON: ${metadataJson.slice(0, 200)}`, { component: 'socket-handler-server' });
+        socket.destroy();
+        return;
+      }
+
+      this.dispatchToHandler(socket, metadata, remainingData);
+    };
+
+    socket.on('data', onData);
+    socket.on('error', (err) => {
+      logger.log('error', `Socket handler relay error: ${err.message}`, { component: 'socket-handler-server' });
+    });
+  }
+
+  /**
+   * Dispatch a relayed connection to the appropriate JS handler.
+   */
+  private dispatchToHandler(socket: plugins.net.Socket, metadata: any, remainingData: string): void {
+    const routeKey = metadata.routeKey as string;
+    if (!routeKey) {
+      logger.log('error', 'Socket handler relay missing routeKey', { component: 'socket-handler-server' });
+      socket.destroy();
+      return;
+    }
+
+    const originalRoute = this.preprocessor.getOriginalRoute(routeKey);
+    if (!originalRoute) {
+      logger.log('error', `No handler found for route: ${routeKey}`, { component: 'socket-handler-server' });
+      socket.destroy();
+      return;
+    }
+
+    // Build route context
+    const context: IRouteContext = {
+      port: metadata.localPort || 0,
+      domain: metadata.domain,
+      clientIp: metadata.remoteIP || 'unknown',
+      serverIp: '0.0.0.0',
+      path: metadata.path,
+      isTls: metadata.isTLS || false,
+      tlsVersion: metadata.tlsVersion,
+      routeName: originalRoute.name,
+      routeId: originalRoute.id,
+      timestamp: Date.now(),
+      connectionId: metadata.connectionId || `relay-${Date.now()}`,
+    };
+
+    // If there was remaining data after the metadata line, push it back
+    if (remainingData.length > 0) {
+      socket.unshift(Buffer.from(remainingData, 'utf8'));
+    }
+
+    const handler = originalRoute.action.socketHandler;
+    if (handler) {
+      // Route has an explicit socket handler callback
+      try {
+        const result = handler(socket, context);
+        // If the handler is async, wait for it to finish setup before resuming.
+        // This prevents data loss when async handlers need to do work before
+        // attaching their `data` listeners.
+        if (result && typeof (result as any).then === 'function') {
+          (result as any).then(() => {
+            socket.resume();
+          }).catch((err: any) => {
+            logger.log('error', `Async socket handler rejected for route ${routeKey}: ${err.message}`, { component: 'socket-handler-server' });
+            socket.destroy();
+          });
+        } else {
+          // Synchronous handler — listeners are already attached, safe to resume.
+          socket.resume();
+        }
+      } catch (err: any) {
+        logger.log('error', `Socket handler threw for route ${routeKey}: ${err.message}`, { component: 'socket-handler-server' });
+        socket.destroy();
+      }
+      return;
+    }
+
+    // Route has dynamic host/port functions - resolve and forward
+    if (originalRoute.action.targets && originalRoute.action.targets.length > 0) {
+      this.forwardDynamicRoute(socket, originalRoute, context);
+      return;
+    }
+
+    logger.log('error', `Route ${routeKey} has no socketHandler and no targets`, { component: 'socket-handler-server' });
+    socket.destroy();
+  }
+
+  /**
+   * Forward a connection to a dynamically resolved target.
+   * Used for routes with function-based host/port that Rust cannot handle.
+   */
+  private forwardDynamicRoute(socket: plugins.net.Socket, route: IRouteConfig, context: IRouteContext): void {
+    const targets = route.action.targets!;
+    // Pick a target (round-robin would be ideal, but simple random for now)
+    const target = targets[Math.floor(Math.random() * targets.length)];
+
+    // Resolve host
+    let host: string;
+    if (typeof target.host === 'function') {
+      try {
+        const result = target.host(context);
+        host = Array.isArray(result) ? result[Math.floor(Math.random() * result.length)] : result;
+      } catch (err: any) {
+        logger.log('error', `Dynamic host function failed: ${err.message}`, { component: 'socket-handler-server' });
+        socket.destroy();
+        return;
+      }
+    } else if (typeof target.host === 'string') {
+      host = target.host;
+    } else if (Array.isArray(target.host)) {
+      host = target.host[Math.floor(Math.random() * target.host.length)];
+    } else {
+      host = 'localhost';
+    }
+
+    // Resolve port
+    let port: number;
+    if (typeof target.port === 'function') {
+      try {
+        port = target.port(context);
+      } catch (err: any) {
+        logger.log('error', `Dynamic port function failed: ${err.message}`, { component: 'socket-handler-server' });
+        socket.destroy();
+        return;
+      }
+    } else if (typeof target.port === 'number') {
+      port = target.port;
+    } else {
+      port = context.port;
+    }
+
+    logger.log('debug', `Dynamic forward: ${context.clientIp} -> ${host}:${port}`, { component: 'socket-handler-server' });
+
+    // Connect to the resolved target
+    const backend = plugins.net.connect(port, host, () => {
+      // Pipe bidirectionally
+      socket.pipe(backend);
+      backend.pipe(socket);
+    });
+
+    backend.on('error', (err) => {
+      logger.log('error', `Dynamic forward backend error: ${err.message}`, { component: 'socket-handler-server' });
+      socket.destroy();
+    });
+
+    socket.on('error', () => {
+      backend.destroy();
+    });
+
+    socket.on('close', () => {
+      backend.destroy();
+    });
+
+    backend.on('close', () => {
+      socket.destroy();
+    });
+  }
+}

package/ts/routing/index.ts

@@ -2,8 +2,8 @@
  * Routing functionality module
  */
 
-// Export types and models from HttpProxy
-export * from '../proxies/http-proxy/models/http-types.js';
+// Export types and models
+export * from './models/http-types.js';
 
 // Export router functionality
 export * from './router/index.js';

package/ts/routing/models/http-types.ts

@@ -1,6 +1,149 @@
 /**
- * This file re-exports HTTP types from the HttpProxy module
- * for backward compatibility. All HTTP types are now consolidated
- * in the HttpProxy module.
+ * HTTP types for routing module.
+ * These were previously in http-proxy and are now self-contained here.
  */
-export * from '../../proxies/http-proxy/models/http-types.js';
+import * as plugins from '../../plugins.js';
+import { HttpStatus as ProtocolHttpStatus, getStatusText as getProtocolStatusText } from '../../protocols/http/index.js';
+
+/**
+ * HTTP-specific event types
+ */
+export enum HttpEvents {
+  REQUEST_RECEIVED = 'request-received',
+  REQUEST_FORWARDED = 'request-forwarded',
+  REQUEST_HANDLED = 'request-handled',
+  REQUEST_ERROR = 'request-error',
+}
+
+// Re-export for backward compatibility with subset of commonly used codes
+export const HttpStatus = {
+  OK: ProtocolHttpStatus.OK,
+  MOVED_PERMANENTLY: ProtocolHttpStatus.MOVED_PERMANENTLY,
+  FOUND: ProtocolHttpStatus.FOUND,
+  TEMPORARY_REDIRECT: ProtocolHttpStatus.TEMPORARY_REDIRECT,
+  PERMANENT_REDIRECT: ProtocolHttpStatus.PERMANENT_REDIRECT,
+  BAD_REQUEST: ProtocolHttpStatus.BAD_REQUEST,
+  UNAUTHORIZED: ProtocolHttpStatus.UNAUTHORIZED,
+  FORBIDDEN: ProtocolHttpStatus.FORBIDDEN,
+  NOT_FOUND: ProtocolHttpStatus.NOT_FOUND,
+  METHOD_NOT_ALLOWED: ProtocolHttpStatus.METHOD_NOT_ALLOWED,
+  REQUEST_TIMEOUT: ProtocolHttpStatus.REQUEST_TIMEOUT,
+  TOO_MANY_REQUESTS: ProtocolHttpStatus.TOO_MANY_REQUESTS,
+  INTERNAL_SERVER_ERROR: ProtocolHttpStatus.INTERNAL_SERVER_ERROR,
+  NOT_IMPLEMENTED: ProtocolHttpStatus.NOT_IMPLEMENTED,
+  BAD_GATEWAY: ProtocolHttpStatus.BAD_GATEWAY,
+  SERVICE_UNAVAILABLE: ProtocolHttpStatus.SERVICE_UNAVAILABLE,
+  GATEWAY_TIMEOUT: ProtocolHttpStatus.GATEWAY_TIMEOUT,
+} as const;
+
+/**
+ * Base error class for HTTP-related errors
+ */
+export class HttpError extends Error {
+  constructor(message: string, public readonly statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
+    super(message);
+    this.name = 'HttpError';
+  }
+}
+
+/**
+ * Error related to certificate operations
+ */
+export class CertificateError extends HttpError {
+  constructor(
+    message: string,
+    public readonly domain: string,
+    public readonly isRenewal: boolean = false
+  ) {
+    super(`${message} for domain ${domain}${isRenewal ? ' (renewal)' : ''}`, HttpStatus.INTERNAL_SERVER_ERROR);
+    this.name = 'CertificateError';
+  }
+}
+
+/**
+ * Error related to server operations
+ */
+export class ServerError extends HttpError {
+  constructor(message: string, public readonly code?: string, statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
+    super(message, statusCode);
+    this.name = 'ServerError';
+  }
+}
+
+/**
+ * Error for bad requests
+ */
+export class BadRequestError extends HttpError {
+  constructor(message: string) {
+    super(message, HttpStatus.BAD_REQUEST);
+    this.name = 'BadRequestError';
+  }
+}
+
+/**
+ * Error for not found resources
+ */
+export class NotFoundError extends HttpError {
+  constructor(message: string = 'Resource not found') {
+    super(message, HttpStatus.NOT_FOUND);
+    this.name = 'NotFoundError';
+  }
+}
+
+/**
+ * Redirect configuration for HTTP requests
+ */
+export interface IRedirectConfig {
+  source: string;
+  destination: string;
+  type: number;
+  preserveQuery?: boolean;
+}
+
+/**
+ * HTTP router configuration
+ */
+export interface IRouterConfig {
+  routes: Array<{
+    path: string;
+    method?: string;
+    handler: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void | Promise<void>;
+  }>;
+  notFoundHandler?: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
+  errorHandler?: (error: Error, req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
+}
+
+/**
+ * HTTP request method types
+ */
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS' | 'CONNECT' | 'TRACE';
+
+/**
+ * Helper function to get HTTP status text
+ */
+export function getStatusText(status: number): string {
+  return getProtocolStatusText(status as ProtocolHttpStatus);
+}
+
+// Legacy interfaces for backward compatibility
+export interface IDomainOptions {
+  domainName: string;
+  sslRedirect: boolean;
+  acmeMaintenance: boolean;
+  forward?: { ip: string; port: number };
+  acmeForward?: { ip: string; port: number };
+}
+
+export interface IDomainCertificate {
+  options: IDomainOptions;
+  certObtained: boolean;
+  obtainingInProgress: boolean;
+  certificate?: string;
+  privateKey?: string;
+  expiryDate?: Date;
+  lastRenewalAttempt?: Date;
+}
+
+// Backward compatibility exports
+export { HttpError as Port80HandlerError };
+export { CertificateError as CertError };

package/dist_ts/proxies/nftables-proxy/index.d.ts

@@ -1,6 +0,0 @@
-/**
- * NfTablesProxy implementation
- */
-export * from './nftables-proxy.js';
-export * from './models/index.js';
-export * from './utils/index.js';

package/dist_ts/proxies/nftables-proxy/index.js

@@ -1,7 +0,0 @@
-/**
- * NfTablesProxy implementation
- */
-export * from './nftables-proxy.js';
-export * from './models/index.js';
-export * from './utils/index.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsY0FBYyxxQkFBcUIsQ0FBQztBQUNwQyxjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsa0JBQWtCLENBQUMifQ==

package/dist_ts/proxies/nftables-proxy/models/errors.d.ts

@@ -1,15 +0,0 @@
-/**
- * Custom error classes for better error handling
- */
-export declare class NftBaseError extends Error {
-    constructor(message: string);
-}
-export declare class NftValidationError extends NftBaseError {
-    constructor(message: string);
-}
-export declare class NftExecutionError extends NftBaseError {
-    constructor(message: string);
-}
-export declare class NftResourceError extends NftBaseError {
-    constructor(message: string);
-}

package/dist_ts/proxies/nftables-proxy/models/errors.js

@@ -1,28 +0,0 @@
-/**
- * Custom error classes for better error handling
- */
-export class NftBaseError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = 'NftBaseError';
-    }
-}
-export class NftValidationError extends NftBaseError {
-    constructor(message) {
-        super(message);
-        this.name = 'NftValidationError';
-    }
-}
-export class NftExecutionError extends NftBaseError {
-    constructor(message) {
-        super(message);
-        this.name = 'NftExecutionError';
-    }
-}
-export class NftResourceError extends NftBaseError {
-    constructor(message) {
-        super(message);
-        this.name = 'NftResourceError';
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJveGllcy9uZnRhYmxlcy1wcm94eS9tb2RlbHMvZXJyb3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFlBQWEsU0FBUSxLQUFLO0lBQ3JDLFlBQVksT0FBZTtRQUN6QixLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDZixJQUFJLENBQUMsSUFBSSxHQUFHLGNBQWMsQ0FBQztJQUM3QixDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sa0JBQW1CLFNBQVEsWUFBWTtJQUNsRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxvQkFBb0IsQ0FBQztJQUNuQyxDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8saUJBQWtCLFNBQVEsWUFBWTtJQUNqRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxtQkFBbUIsQ0FBQztJQUNsQyxDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sZ0JBQWlCLFNBQVEsWUFBWTtJQUNoRCxZQUFZLE9BQWU7UUFDekIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2YsSUFBSSxDQUFDLElBQUksR0FBRyxrQkFBa0IsQ0FBQztJQUNqQyxDQUFDO0NBQ0YifQ==

package/dist_ts/proxies/nftables-proxy/models/index.d.ts

@@ -1,5 +0,0 @@
-/**
- * Export all models
- */
-export * from './interfaces.js';
-export * from './errors.js';

package/dist_ts/proxies/nftables-proxy/models/index.js

@@ -1,6 +0,0 @@
-/**
- * Export all models
- */
-export * from './interfaces.js';
-export * from './errors.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm94aWVzL25mdGFibGVzLXByb3h5L21vZGVscy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsY0FBYyxhQUFhLENBQUMifQ==

package/dist_ts/proxies/nftables-proxy/models/interfaces.d.ts

@@ -1,75 +0,0 @@
-/**
- * Interfaces for NfTablesProxy
- */
-/**
- * Represents a port range for forwarding
- */
-export interface PortRange {
-    from: number;
-    to: number;
-}
-export type IPortRange = PortRange;
-/**
- * Settings for NfTablesProxy.
- */
-export interface NfTableProxyOptions {
-    fromPort: number | PortRange | Array<number | PortRange>;
-    toPort: number | PortRange | Array<number | PortRange>;
-    toHost?: string;
-    preserveSourceIP?: boolean;
-    deleteOnExit?: boolean;
-    protocol?: 'tcp' | 'udp' | 'all';
-    enableLogging?: boolean;
-    ipv6Support?: boolean;
-    logFormat?: 'plain' | 'json';
-    ipAllowList?: string[];
-    ipBlockList?: string[];
-    useIPSets?: boolean;
-    forceCleanSlate?: boolean;
-    tableName?: string;
-    maxRetries?: number;
-    retryDelayMs?: number;
-    useAdvancedNAT?: boolean;
-    qos?: {
-        enabled: boolean;
-        maxRate?: string;
-        priority?: number;
-        markConnections?: boolean;
-    };
-    netProxyIntegration?: {
-        enabled: boolean;
-        redirectLocalhost?: boolean;
-        sslTerminationPort?: number;
-    };
-}
-export type INfTableProxySettings = NfTableProxyOptions;
-/**
- * Interface for status reporting
- */
-export interface NfTablesStatus {
-    active: boolean;
-    ruleCount: {
-        total: number;
-        added: number;
-        verified: number;
-    };
-    tablesConfigured: {
-        family: string;
-        tableName: string;
-    }[];
-    metrics: {
-        forwardedConnections?: number;
-        activeConnections?: number;
-        bytesForwarded?: {
-            sent: number;
-            received: number;
-        };
-    };
-    qosEnabled?: boolean;
-    ipSetsConfigured?: {
-        name: string;
-        elementCount: number;
-        type: string;
-    }[];
-}
-export type INfTablesStatus = NfTablesStatus;

package/dist_ts/proxies/nftables-proxy/models/interfaces.js

@@ -1,5 +0,0 @@
-/**
- * Interfaces for NfTablesProxy
- */
-export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL3Byb3hpZXMvbmZ0YWJsZXMtcHJveHkvbW9kZWxzL2ludGVyZmFjZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUcifQ==