@push.rocks/smartproxy 23.0.0 → 23.1.1

package/dist_ts/proxies/smart-proxy/route-orchestrator.js

@@ -1,204 +0,0 @@
-import { logger } from '../../core/utils/logger.js';
-import { RouteValidator } from './utils/route-validator.js';
-import { Mutex } from './utils/mutex.js';
-/**
- * Orchestrates route updates and coordination between components
- * Extracted from SmartProxy to reduce class complexity
- */
-export class RouteOrchestrator {
-    constructor(portManager, routeManager, httpProxyBridge, nftablesManager, certManager, logger) {
-        this.certManager = null;
-        this.portManager = portManager;
-        this.routeManager = routeManager;
-        this.httpProxyBridge = httpProxyBridge;
-        this.nftablesManager = nftablesManager;
-        this.certManager = certManager;
-        this.logger = logger;
-        this.routeUpdateLock = new Mutex();
-    }
-    /**
-     * Set or update certificate manager reference
-     */
-    setCertManager(certManager) {
-        this.certManager = certManager;
-    }
-    /**
-     * Get certificate manager reference
-     */
-    getCertManager() {
-        return this.certManager;
-    }
-    /**
-     * Update routes with validation and coordination
-     */
-    async updateRoutes(oldRoutes, newRoutes, options = {}) {
-        return this.routeUpdateLock.runExclusive(async () => {
-            // Validate route configurations
-            const validation = RouteValidator.validateRoutes(newRoutes);
-            if (!validation.valid) {
-                RouteValidator.logValidationErrors(validation.errors);
-                throw new Error(`Route validation failed: ${validation.errors.size} route(s) have errors`);
-            }
-            // Track port usage before and after updates
-            const oldPortUsage = this.updatePortUsageMap(oldRoutes);
-            const newPortUsage = this.updatePortUsageMap(newRoutes);
-            // Get the lists of currently listening ports and new ports needed
-            const currentPorts = new Set(this.portManager.getListeningPorts());
-            const newPortsSet = new Set(newPortUsage.keys());
-            // Log the port usage for debugging
-            this.logger.debug(`Current listening ports: ${Array.from(currentPorts).join(', ')}`);
-            this.logger.debug(`Ports needed for new routes: ${Array.from(newPortsSet).join(', ')}`);
-            // Find orphaned ports - ports that no longer have any routes
-            const orphanedPorts = this.findOrphanedPorts(oldPortUsage, newPortUsage);
-            // Find new ports that need binding (only ports that we aren't already listening on)
-            const newBindingPorts = Array.from(newPortsSet).filter(p => !currentPorts.has(p));
-            // Check for ACME challenge port to give it special handling
-            const acmePort = options.acmePort || 80;
-            const acmePortNeeded = newPortsSet.has(acmePort);
-            const acmePortListed = newBindingPorts.includes(acmePort);
-            if (acmePortNeeded && acmePortListed) {
-                this.logger.info(`Adding ACME challenge port ${acmePort} to routes`);
-            }
-            // Update NFTables routes
-            await this.updateNfTablesRoutes(oldRoutes, newRoutes);
-            // Update routes in RouteManager
-            this.routeManager.updateRoutes(newRoutes);
-            // Release orphaned ports first to free resources
-            if (orphanedPorts.length > 0) {
-                this.logger.info(`Releasing ${orphanedPorts.length} orphaned ports: ${orphanedPorts.join(', ')}`);
-                await this.portManager.removePorts(orphanedPorts);
-            }
-            // Add new ports if needed
-            if (newBindingPorts.length > 0) {
-                this.logger.info(`Binding to ${newBindingPorts.length} new ports: ${newBindingPorts.join(', ')}`);
-                // Handle port binding with improved error recovery
-                try {
-                    await this.portManager.addPorts(newBindingPorts);
-                }
-                catch (error) {
-                    // Special handling for port binding errors
-                    if (error.code === 'EADDRINUSE') {
-                        const port = error.port || newBindingPorts[0];
-                        const isAcmePort = port === acmePort;
-                        if (isAcmePort) {
-                            this.logger.warn(`Could not bind to ACME challenge port ${port}. It may be in use by another application.`);
-                            // Re-throw with more helpful message
-                            throw new Error(`ACME challenge port ${port} is already in use by another application. ` +
-                                `Configure a different port in settings.acme.port (e.g., 8080) or free up port ${port}.`);
-                        }
-                    }
-                    // Re-throw the original error for other cases
-                    throw error;
-                }
-            }
-            // If HttpProxy is initialized, resync the configurations
-            if (this.httpProxyBridge.getHttpProxy()) {
-                await this.httpProxyBridge.syncRoutesToHttpProxy(newRoutes);
-            }
-            // Update certificate manager if needed
-            let newCertManager;
-            let newChallengeRouteActive = options.globalChallengeRouteActive || false;
-            if (this.certManager && options.createCertificateManager) {
-                const existingAcmeOptions = this.certManager.getAcmeOptions();
-                const existingState = this.certManager.getState();
-                // Store global state before stopping
-                newChallengeRouteActive = existingState.challengeRouteActive;
-                // Keep certificate manager routes in sync before stopping
-                this.certManager.setRoutes(newRoutes);
-                await this.certManager.stop();
-                // Verify the challenge route has been properly removed
-                if (options.verifyChallengeRouteRemoved) {
-                    await options.verifyChallengeRouteRemoved();
-                }
-                // Create new certificate manager with preserved state
-                newCertManager = await options.createCertificateManager(newRoutes, './certs', existingAcmeOptions, { challengeRouteActive: newChallengeRouteActive });
-                this.certManager = newCertManager;
-            }
-            return {
-                portUsageMap: newPortUsage,
-                newChallengeRouteActive,
-                newCertManager
-            };
-        });
-    }
-    /**
-     * Update port usage map based on the provided routes
-     */
-    updatePortUsageMap(routes) {
-        const portUsage = new Map();
-        for (const route of routes) {
-            // Get the ports for this route
-            const portsConfig = Array.isArray(route.match.ports)
-                ? route.match.ports
-                : [route.match.ports];
-            // Expand port range objects to individual port numbers
-            const expandedPorts = [];
-            for (const portConfig of portsConfig) {
-                if (typeof portConfig === 'number') {
-                    expandedPorts.push(portConfig);
-                }
-                else if (typeof portConfig === 'object' && 'from' in portConfig && 'to' in portConfig) {
-                    // Expand the port range
-                    for (let p = portConfig.from; p <= portConfig.to; p++) {
-                        expandedPorts.push(p);
-                    }
-                }
-            }
-            // Use route name if available, otherwise generate a unique ID
-            const routeName = route.name || `unnamed_${Math.random().toString(36).substring(2, 9)}`;
-            // Add each port to the usage map
-            for (const port of expandedPorts) {
-                if (!portUsage.has(port)) {
-                    portUsage.set(port, new Set());
-                }
-                portUsage.get(port).add(routeName);
-            }
-        }
-        // Log port usage for debugging
-        for (const [port, routes] of portUsage.entries()) {
-            this.logger.debug(`Port ${port} is used by ${routes.size} routes: ${Array.from(routes).join(', ')}`);
-        }
-        return portUsage;
-    }
-    /**
-     * Find ports that have no routes in the new configuration
-     */
-    findOrphanedPorts(oldUsage, newUsage) {
-        const orphanedPorts = [];
-        for (const [port, routes] of oldUsage.entries()) {
-            if (!newUsage.has(port) || newUsage.get(port).size === 0) {
-                orphanedPorts.push(port);
-            }
-        }
-        return orphanedPorts;
-    }
-    /**
-     * Update NFTables routes
-     */
-    async updateNfTablesRoutes(oldRoutes, newRoutes) {
-        // Get existing routes that use NFTables and update them
-        const oldNfTablesRoutes = oldRoutes.filter(r => r.action.forwardingEngine === 'nftables');
-        const newNfTablesRoutes = newRoutes.filter(r => r.action.forwardingEngine === 'nftables');
-        // Update existing NFTables routes
-        for (const oldRoute of oldNfTablesRoutes) {
-            const newRoute = newNfTablesRoutes.find(r => r.name === oldRoute.name);
-            if (!newRoute) {
-                // Route was removed
-                await this.nftablesManager.deprovisionRoute(oldRoute);
-            }
-            else {
-                // Route was updated
-                await this.nftablesManager.updateRoute(oldRoute, newRoute);
-            }
-        }
-        // Add new NFTables routes
-        for (const newRoute of newNfTablesRoutes) {
-            const oldRoute = oldNfTablesRoutes.find(r => r.name === newRoute.name);
-            if (!oldRoute) {
-                // New route
-                await this.nftablesManager.provisionRoute(newRoute);
-            }
-        }
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUtb3JjaGVzdHJhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvcHJveGllcy9zbWFydC1wcm94eS9yb3V0ZS1vcmNoZXN0cmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBR3BELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM1RCxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFPekM7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLGlCQUFpQjtJQVM1QixZQUNFLFdBQXdCLEVBQ3hCLFlBQTBCLEVBQzFCLGVBQWdDLEVBQ2hDLGVBQWdDLEVBQ2hDLFdBQW9DLEVBQ3BDLE1BQWU7UUFUVCxnQkFBVyxHQUE0QixJQUFJLENBQUM7UUFXbEQsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDL0IsSUFBSSxDQUFDLFlBQVksR0FBRyxZQUFZLENBQUM7UUFDakMsSUFBSSxDQUFDLGVBQWUsR0FBRyxlQUFlLENBQUM7UUFDdkMsSUFBSSxDQUFDLGVBQWUsR0FBRyxlQUFlLENBQUM7UUFDdkMsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDL0IsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRDs7T0FFRztJQUNJLGNBQWMsQ0FBQyxXQUFvQztRQUN4RCxJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxjQUFjO1FBQ25CLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQztJQUMxQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsWUFBWSxDQUN2QixTQUF5QixFQUN6QixTQUF5QixFQUN6QixVQVlJLEVBQUU7UUFNTixPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ2xELGdDQUFnQztZQUNoQyxNQUFNLFVBQVUsR0FBRyxjQUFjLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3RCLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQ3RELE1BQU0sSUFBSSxLQUFLLENBQUMsNEJBQTRCLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxDQUFDO1lBQzdGLENBQUM7WUFFRCw0Q0FBNEM7WUFDNUMsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUV4RCxrRUFBa0U7WUFDbEUsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDLENBQUM7WUFDbkUsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFFakQsbUNBQW1DO1lBQ25DLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLDRCQUE0QixLQUFLLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDckYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUV4Riw2REFBNkQ7WUFDN0QsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxZQUFZLENBQUMsQ0FBQztZQUV6RSxvRkFBb0Y7WUFDcEYsTUFBTSxlQUFlLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUVsRiw0REFBNEQ7WUFDNUQsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7WUFDeEMsTUFBTSxjQUFjLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUNqRCxNQUFNLGNBQWMsR0FBRyxlQUFlLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRTFELElBQUksY0FBYyxJQUFJLGNBQWMsRUFBRSxDQUFDO2dCQUNyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw4QkFBOEIsUUFBUSxZQUFZLENBQUMsQ0FBQztZQUN2RSxDQUFDO1lBRUQseUJBQXlCO1lBQ3pCLE1BQU0sSUFBSSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztZQUV0RCxnQ0FBZ0M7WUFDaEMsSUFBSSxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFMUMsaURBQWlEO1lBQ2pELElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDN0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsYUFBYSxhQUFhLENBQUMsTUFBTSxvQkFBb0IsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQ2xHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDcEQsQ0FBQztZQUVELDBCQUEwQjtZQUMxQixJQUFJLGVBQWUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsZUFBZSxDQUFDLE1BQU0sZUFBZSxlQUFlLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFFbEcsbURBQW1EO2dCQUNuRCxJQUFJLENBQUM7b0JBQ0gsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUMsQ0FBQztnQkFDbkQsQ0FBQztnQkFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO29CQUNmLDJDQUEyQztvQkFDM0MsSUFBSyxLQUFhLENBQUMsSUFBSSxLQUFLLFlBQVksRUFBRSxDQUFDO3dCQUN6QyxNQUFNLElBQUksR0FBSSxLQUFhLENBQUMsSUFBSSxJQUFJLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQzt3QkFDdkQsTUFBTSxVQUFVLEdBQUcsSUFBSSxLQUFLLFFBQVEsQ0FBQzt3QkFFckMsSUFBSSxVQUFVLEVBQUUsQ0FBQzs0QkFDZixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx5Q0FBeUMsSUFBSSw0Q0FBNEMsQ0FBQyxDQUFDOzRCQUU1RyxxQ0FBcUM7NEJBQ3JDLE1BQU0sSUFBSSxLQUFLLENBQ2IsdUJBQXVCLElBQUksNkNBQTZDO2dDQUN4RSxpRkFBaUYsSUFBSSxHQUFHLENBQ3pGLENBQUM7d0JBQ0osQ0FBQztvQkFDSCxDQUFDO29CQUVELDhDQUE4QztvQkFDOUMsTUFBTSxLQUFLLENBQUM7Z0JBQ2QsQ0FBQztZQUNILENBQUM7WUFFRCx5REFBeUQ7WUFDekQsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLFlBQVksRUFBRSxFQUFFLENBQUM7Z0JBQ3hDLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxxQkFBcUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUM5RCxDQUFDO1lBRUQsdUNBQXVDO1lBQ3ZDLElBQUksY0FBNEMsQ0FBQztZQUNqRCxJQUFJLHVCQUF1QixHQUFHLE9BQU8sQ0FBQywwQkFBMEIsSUFBSSxLQUFLLENBQUM7WUFFMUUsSUFBSSxJQUFJLENBQUMsV0FBVyxJQUFJLE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO2dCQUN6RCxNQUFNLG1CQUFtQixHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLENBQUM7Z0JBQzlELE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxFQUFFLENBQUM7Z0JBRWxELHFDQUFxQztnQkFDckMsdUJBQXVCLEdBQUcsYUFBYSxDQUFDLG9CQUFvQixDQUFDO2dCQUU3RCwwREFBMEQ7Z0JBQzFELElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUV0QyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBRTlCLHVEQUF1RDtnQkFDdkQsSUFBSSxPQUFPLENBQUMsMkJBQTJCLEVBQUUsQ0FBQztvQkFDeEMsTUFBTSxPQUFPLENBQUMsMkJBQTJCLEVBQUUsQ0FBQztnQkFDOUMsQ0FBQztnQkFFRCxzREFBc0Q7Z0JBQ3RELGNBQWMsR0FBRyxNQUFNLE9BQU8sQ0FBQyx3QkFBd0IsQ0FDckQsU0FBUyxFQUNULFNBQVMsRUFDVCxtQkFBbUIsRUFDbkIsRUFBRSxvQkFBb0IsRUFBRSx1QkFBdUIsRUFBRSxDQUNsRCxDQUFDO2dCQUVGLElBQUksQ0FBQyxXQUFXLEdBQUcsY0FBYyxDQUFDO1lBQ3BDLENBQUM7WUFFRCxPQUFPO2dCQUNMLFlBQVksRUFBRSxZQUFZO2dCQUMxQix1QkFBdUI7Z0JBQ3ZCLGNBQWM7YUFDZixDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxrQkFBa0IsQ0FBQyxNQUFzQjtRQUM5QyxNQUFNLFNBQVMsR0FBRyxJQUFJLEdBQUcsRUFBdUIsQ0FBQztRQUVqRCxLQUFLLE1BQU0sS0FBSyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQzNCLCtCQUErQjtZQUMvQixNQUFNLFdBQVcsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO2dCQUNsRCxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLO2dCQUNuQixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBRXhCLHVEQUF1RDtZQUN2RCxNQUFNLGFBQWEsR0FBYSxFQUFFLENBQUM7WUFDbkMsS0FBSyxNQUFNLFVBQVUsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDckMsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUUsQ0FBQztvQkFDbkMsYUFBYSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztnQkFDakMsQ0FBQztxQkFBTSxJQUFJLE9BQU8sVUFBVSxLQUFLLFFBQVEsSUFBSSxNQUFNLElBQUksVUFBVSxJQUFJLElBQUksSUFBSSxVQUFVLEVBQUUsQ0FBQztvQkFDeEYsd0JBQXdCO29CQUN4QixLQUFLLElBQUksQ0FBQyxHQUFHLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQzt3QkFDdEQsYUFBYSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDeEIsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztZQUVELDhEQUE4RDtZQUM5RCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsSUFBSSxJQUFJLFdBQVcsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFFeEYsaUNBQWlDO1lBQ2pDLEtBQUssTUFBTSxJQUFJLElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ2pDLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7b0JBQ3pCLFNBQVMsQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLElBQUksR0FBRyxFQUFFLENBQUMsQ0FBQztnQkFDakMsQ0FBQztnQkFDRCxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBRSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUN0QyxDQUFDO1FBQ0gsQ0FBQztRQUVELCtCQUErQjtRQUMvQixLQUFLLE1BQU0sQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksU0FBUyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDakQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsUUFBUSxJQUFJLGVBQWUsTUFBTSxDQUFDLElBQUksWUFBWSxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdkcsQ0FBQztRQUVELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFRDs7T0FFRztJQUNLLGlCQUFpQixDQUFDLFFBQWtDLEVBQUUsUUFBa0M7UUFDOUYsTUFBTSxhQUFhLEdBQWEsRUFBRSxDQUFDO1FBRW5DLEtBQUssTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxRQUFRLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUNoRCxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxRQUFRLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBRSxDQUFDLElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDMUQsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMzQixDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxTQUF5QixFQUFFLFNBQXlCO1FBQ3JGLHdEQUF3RDtRQUN4RCxNQUFNLGlCQUFpQixHQUFHLFNBQVMsQ0FBQyxNQUFNLENBQ3hDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsS0FBSyxVQUFVLENBQzlDLENBQUM7UUFFRixNQUFNLGlCQUFpQixHQUFHLFNBQVMsQ0FBQyxNQUFNLENBQ3hDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsS0FBSyxVQUFVLENBQzlDLENBQUM7UUFFRixrQ0FBa0M7UUFDbEMsS0FBSyxNQUFNLFFBQVEsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sUUFBUSxHQUFHLGlCQUFpQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEtBQUssUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRXZFLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDZCxvQkFBb0I7Z0JBQ3BCLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN4RCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sb0JBQW9CO2dCQUNwQixNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztZQUM3RCxDQUFDO1FBQ0gsQ0FBQztRQUVELDBCQUEwQjtRQUMxQixLQUFLLE1BQU0sUUFBUSxJQUFJLGlCQUFpQixFQUFFLENBQUM7WUFDekMsTUFBTSxRQUFRLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksS0FBSyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFdkUsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO2dCQUNkLFlBQVk7Z0JBQ1osTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN0RCxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRiJ9

package/dist_ts/proxies/smart-proxy/rust-binary-locator.d.ts

@@ -1,23 +0,0 @@
-/**
- * Locates the RustProxy binary using a priority-ordered search strategy:
- * 1. SMARTPROXY_RUST_BINARY environment variable
- * 2. Platform-specific optional npm package
- * 3. Local development build at ./rust/target/release/rustproxy
- * 4. System PATH
- */
-export declare class RustBinaryLocator {
-    private cachedPath;
-    /**
-     * Find the RustProxy binary path.
-     * Returns null if no binary is available.
-     */
-    findBinary(): Promise<string | null>;
-    /**
-     * Clear the cached binary path (e.g., after a failed launch).
-     */
-    clearCache(): void;
-    private searchBinary;
-    private findPlatformPackageBinary;
-    private isExecutable;
-    private findInPath;
-}

package/dist_ts/proxies/smart-proxy/rust-binary-locator.js

@@ -1,104 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { logger } from '../../core/utils/logger.js';
-/**
- * Locates the RustProxy binary using a priority-ordered search strategy:
- * 1. SMARTPROXY_RUST_BINARY environment variable
- * 2. Platform-specific optional npm package
- * 3. Local development build at ./rust/target/release/rustproxy
- * 4. System PATH
- */
-export class RustBinaryLocator {
-    constructor() {
-        this.cachedPath = null;
-    }
-    /**
-     * Find the RustProxy binary path.
-     * Returns null if no binary is available.
-     */
-    async findBinary() {
-        if (this.cachedPath !== null) {
-            return this.cachedPath;
-        }
-        const path = await this.searchBinary();
-        this.cachedPath = path;
-        return path;
-    }
-    /**
-     * Clear the cached binary path (e.g., after a failed launch).
-     */
-    clearCache() {
-        this.cachedPath = null;
-    }
-    async searchBinary() {
-        // 1. Environment variable override
-        const envPath = process.env.SMARTPROXY_RUST_BINARY;
-        if (envPath) {
-            if (await this.isExecutable(envPath)) {
-                logger.log('info', `RustProxy binary found via SMARTPROXY_RUST_BINARY: ${envPath}`, { component: 'rust-locator' });
-                return envPath;
-            }
-            logger.log('warn', `SMARTPROXY_RUST_BINARY set but not executable: ${envPath}`, { component: 'rust-locator' });
-        }
-        // 2. Platform-specific optional npm package
-        const platformBinary = await this.findPlatformPackageBinary();
-        if (platformBinary) {
-            logger.log('info', `RustProxy binary found in platform package: ${platformBinary}`, { component: 'rust-locator' });
-            return platformBinary;
-        }
-        // 3. Local development build
-        const localPaths = [
-            plugins.path.resolve(process.cwd(), 'rust/target/release/rustproxy'),
-            plugins.path.resolve(process.cwd(), 'rust/target/debug/rustproxy'),
-        ];
-        for (const localPath of localPaths) {
-            if (await this.isExecutable(localPath)) {
-                logger.log('info', `RustProxy binary found at local path: ${localPath}`, { component: 'rust-locator' });
-                return localPath;
-            }
-        }
-        // 4. System PATH
-        const systemPath = await this.findInPath('rustproxy');
-        if (systemPath) {
-            logger.log('info', `RustProxy binary found in system PATH: ${systemPath}`, { component: 'rust-locator' });
-            return systemPath;
-        }
-        logger.log('error', 'No RustProxy binary found. Set SMARTPROXY_RUST_BINARY, install the platform package, or build with: cd rust && cargo build --release', { component: 'rust-locator' });
-        return null;
-    }
-    async findPlatformPackageBinary() {
-        const platform = process.platform;
-        const arch = process.arch;
-        const packageName = `@push.rocks/smartproxy-${platform}-${arch}`;
-        try {
-            // Try to resolve the platform-specific package
-            const packagePath = require.resolve(`${packageName}/rustproxy`);
-            if (await this.isExecutable(packagePath)) {
-                return packagePath;
-            }
-        }
-        catch {
-            // Package not installed - expected for development
-        }
-        return null;
-    }
-    async isExecutable(filePath) {
-        try {
-            await plugins.fs.promises.access(filePath, plugins.fs.constants.X_OK);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    async findInPath(binaryName) {
-        const pathDirs = (process.env.PATH || '').split(plugins.path.delimiter);
-        for (const dir of pathDirs) {
-            const fullPath = plugins.path.join(dir, binaryName);
-            if (await this.isExecutable(fullPath)) {
-                return fullPath;
-            }
-        }
-        return null;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicnVzdC1iaW5hcnktbG9jYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Byb3hpZXMvc21hcnQtcHJveHkvcnVzdC1iaW5hcnktbG9jYXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBQzVDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUVwRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLE9BQU8saUJBQWlCO0lBQTlCO1FBQ1UsZUFBVSxHQUFrQixJQUFJLENBQUM7SUFvRzNDLENBQUM7SUFsR0M7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLFVBQVU7UUFDckIsSUFBSSxJQUFJLENBQUMsVUFBVSxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdCLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztRQUN6QixDQUFDO1FBRUQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDdkMsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUM7UUFDdkIsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxVQUFVO1FBQ2YsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUM7SUFDekIsQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZO1FBQ3hCLG1DQUFtQztRQUNuQyxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLHNCQUFzQixDQUFDO1FBQ25ELElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixJQUFJLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNyQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxzREFBc0QsT0FBTyxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDbkgsT0FBTyxPQUFPLENBQUM7WUFDakIsQ0FBQztZQUNELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGtEQUFrRCxPQUFPLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDO1FBQ2pILENBQUM7UUFFRCw0Q0FBNEM7UUFDNUMsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMseUJBQXlCLEVBQUUsQ0FBQztRQUM5RCxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ25CLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLCtDQUErQyxjQUFjLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDO1lBQ25ILE9BQU8sY0FBYyxDQUFDO1FBQ3hCLENBQUM7UUFFRCw2QkFBNkI7UUFDN0IsTUFBTSxVQUFVLEdBQUc7WUFDakIsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxFQUFFLCtCQUErQixDQUFDO1lBQ3BFLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsRUFBRSw2QkFBNkIsQ0FBQztTQUNuRSxDQUFDO1FBQ0YsS0FBSyxNQUFNLFNBQVMsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNuQyxJQUFJLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUN2QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx5Q0FBeUMsU0FBUyxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDeEcsT0FBTyxTQUFTLENBQUM7WUFDbkIsQ0FBQztRQUNILENBQUM7UUFFRCxpQkFBaUI7UUFDakIsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3RELElBQUksVUFBVSxFQUFFLENBQUM7WUFDZixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwwQ0FBMEMsVUFBVSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLENBQUMsQ0FBQztZQUMxRyxPQUFPLFVBQVUsQ0FBQztRQUNwQixDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsc0lBQXNJLEVBQUUsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLENBQUMsQ0FBQztRQUMzTCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTyxLQUFLLENBQUMseUJBQXlCO1FBQ3JDLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDbEMsTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQztRQUMxQixNQUFNLFdBQVcsR0FBRywwQkFBMEIsUUFBUSxJQUFJLElBQUksRUFBRSxDQUFDO1FBRWpFLElBQUksQ0FBQztZQUNILCtDQUErQztZQUMvQyxNQUFNLFdBQVcsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsV0FBVyxZQUFZLENBQUMsQ0FBQztZQUNoRSxJQUFJLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO2dCQUN6QyxPQUFPLFdBQVcsQ0FBQztZQUNyQixDQUFDO1FBQ0gsQ0FBQztRQUFDLE1BQU0sQ0FBQztZQUNQLG1EQUFtRDtRQUNyRCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU8sS0FBSyxDQUFDLFlBQVksQ0FBQyxRQUFnQjtRQUN6QyxJQUFJLENBQUM7WUFDSCxNQUFNLE9BQU8sQ0FBQyxFQUFFLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDdEUsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQUMsTUFBTSxDQUFDO1lBQ1AsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVLENBQUMsVUFBa0I7UUFDekMsTUFBTSxRQUFRLEdBQUcsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUN4RSxLQUFLLE1BQU0sR0FBRyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQzNCLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxVQUFVLENBQUMsQ0FBQztZQUNwRCxJQUFJLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUN0QyxPQUFPLFFBQVEsQ0FBQztZQUNsQixDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztDQUNGIn0=

package/dist_ts/proxies/smart-proxy/security-manager.d.ts

@@ -1,74 +0,0 @@
-import type { SmartProxy } from './smart-proxy.js';
-/**
- * Handles security aspects like IP tracking, rate limiting, and authorization
- * for SmartProxy. This is a lightweight wrapper that uses shared utilities.
- */
-export declare class SecurityManager {
-    private smartProxy;
-    private connectionsByIP;
-    private connectionRateByIP;
-    private cleanupInterval;
-    constructor(smartProxy: SmartProxy);
-    /**
-     * Get connections count by IP (checks normalized variants)
-     */
-    getConnectionCountByIP(ip: string): number;
-    /**
-     * Check and update connection rate for an IP
-     * @returns true if within rate limit, false if exceeding limit
-     */
-    checkConnectionRate(ip: string): boolean;
-    /**
-     * Track connection by IP
-     */
-    trackConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Remove connection tracking for an IP
-     */
-    removeConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Check if an IP is authorized using security rules
-     *
-     * This method is used to determine if an IP is allowed to connect, based on security
-     * rules configured in the route configuration. The allowed and blocked IPs are
-     * typically derived from route.security.ipAllowList and ipBlockList.
-     *
-     * @param ip - The IP address to check
-     * @param allowedIPs - Array of allowed IP patterns from security.ipAllowList
-     * @param blockedIPs - Array of blocked IP patterns from security.ipBlockList
-     * @returns true if IP is authorized, false if blocked
-     */
-    isIPAuthorized(ip: string, allowedIPs: string[], blockedIPs?: string[]): boolean;
-    /**
-     * Check if IP should be allowed considering connection rate and max connections
-     * @returns Object with result and reason
-     */
-    validateIP(ip: string): {
-        allowed: boolean;
-        reason?: string;
-    };
-    /**
-     * Atomically validate an IP and track the connection if allowed.
-     * This prevents race conditions where concurrent connections could bypass per-IP limits.
-     *
-     * @param ip - The IP address to validate
-     * @param connectionId - The connection ID to track if validation passes
-     * @returns Object with validation result and reason
-     */
-    validateAndTrackIP(ip: string, connectionId: string): {
-        allowed: boolean;
-        reason?: string;
-    };
-    /**
-     * Clears all IP tracking data (for shutdown)
-     */
-    clearIPTracking(): void;
-    /**
-     * Start periodic cleanup of expired data
-     */
-    private startPeriodicCleanup;
-    /**
-     * Perform cleanup of expired rate limits and empty IP entries
-     */
-    private performCleanup;
-}

package/dist_ts/proxies/smart-proxy/security-manager.js

@@ -1,227 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
-import { isIPAuthorized, normalizeIP } from '../../core/utils/security-utils.js';
-/**
- * Handles security aspects like IP tracking, rate limiting, and authorization
- * for SmartProxy. This is a lightweight wrapper that uses shared utilities.
- */
-export class SecurityManager {
-    constructor(smartProxy) {
-        this.smartProxy = smartProxy;
-        this.connectionsByIP = new Map();
-        this.connectionRateByIP = new Map();
-        this.cleanupInterval = null;
-        // Start periodic cleanup every 60 seconds
-        this.startPeriodicCleanup();
-    }
-    /**
-     * Get connections count by IP (checks normalized variants)
-     */
-    getConnectionCountByIP(ip) {
-        // Check all normalized variants of the IP
-        const variants = normalizeIP(ip);
-        for (const variant of variants) {
-            const connections = this.connectionsByIP.get(variant);
-            if (connections) {
-                return connections.size;
-            }
-        }
-        return 0;
-    }
-    /**
-     * Check and update connection rate for an IP
-     * @returns true if within rate limit, false if exceeding limit
-     */
-    checkConnectionRate(ip) {
-        const now = Date.now();
-        const minute = 60 * 1000;
-        // Find existing rate tracking (check normalized variants)
-        const variants = normalizeIP(ip);
-        let existingKey = null;
-        for (const variant of variants) {
-            if (this.connectionRateByIP.has(variant)) {
-                existingKey = variant;
-                break;
-            }
-        }
-        const key = existingKey || ip;
-        if (!this.connectionRateByIP.has(key)) {
-            this.connectionRateByIP.set(key, [now]);
-            return true;
-        }
-        // Get timestamps and filter out entries older than 1 minute
-        const timestamps = this.connectionRateByIP.get(key).filter((time) => now - time < minute);
-        timestamps.push(now);
-        this.connectionRateByIP.set(key, timestamps);
-        // Check if rate exceeds limit
-        return timestamps.length <= this.smartProxy.settings.connectionRateLimitPerMinute;
-    }
-    /**
-     * Track connection by IP
-     */
-    trackConnectionByIP(ip, connectionId) {
-        // Check if any variant already exists
-        const variants = normalizeIP(ip);
-        let existingKey = null;
-        for (const variant of variants) {
-            if (this.connectionsByIP.has(variant)) {
-                existingKey = variant;
-                break;
-            }
-        }
-        const key = existingKey || ip;
-        if (!this.connectionsByIP.has(key)) {
-            this.connectionsByIP.set(key, new Set());
-        }
-        this.connectionsByIP.get(key).add(connectionId);
-    }
-    /**
-     * Remove connection tracking for an IP
-     */
-    removeConnectionByIP(ip, connectionId) {
-        // Check all variants to find where the connection is tracked
-        const variants = normalizeIP(ip);
-        for (const variant of variants) {
-            if (this.connectionsByIP.has(variant)) {
-                const connections = this.connectionsByIP.get(variant);
-                connections.delete(connectionId);
-                if (connections.size === 0) {
-                    this.connectionsByIP.delete(variant);
-                }
-                break;
-            }
-        }
-    }
-    /**
-     * Check if an IP is authorized using security rules
-     *
-     * This method is used to determine if an IP is allowed to connect, based on security
-     * rules configured in the route configuration. The allowed and blocked IPs are
-     * typically derived from route.security.ipAllowList and ipBlockList.
-     *
-     * @param ip - The IP address to check
-     * @param allowedIPs - Array of allowed IP patterns from security.ipAllowList
-     * @param blockedIPs - Array of blocked IP patterns from security.ipBlockList
-     * @returns true if IP is authorized, false if blocked
-     */
-    isIPAuthorized(ip, allowedIPs, blockedIPs = []) {
-        return isIPAuthorized(ip, allowedIPs, blockedIPs);
-    }
-    /**
-     * Check if IP should be allowed considering connection rate and max connections
-     * @returns Object with result and reason
-     */
-    validateIP(ip) {
-        // Check connection count limit
-        if (this.smartProxy.settings.maxConnectionsPerIP &&
-            this.getConnectionCountByIP(ip) >= this.smartProxy.settings.maxConnectionsPerIP) {
-            return {
-                allowed: false,
-                reason: `Maximum connections per IP (${this.smartProxy.settings.maxConnectionsPerIP}) exceeded`
-            };
-        }
-        // Check connection rate limit
-        if (this.smartProxy.settings.connectionRateLimitPerMinute &&
-            !this.checkConnectionRate(ip)) {
-            return {
-                allowed: false,
-                reason: `Connection rate limit (${this.smartProxy.settings.connectionRateLimitPerMinute}/min) exceeded`
-            };
-        }
-        return { allowed: true };
-    }
-    /**
-     * Atomically validate an IP and track the connection if allowed.
-     * This prevents race conditions where concurrent connections could bypass per-IP limits.
-     *
-     * @param ip - The IP address to validate
-     * @param connectionId - The connection ID to track if validation passes
-     * @returns Object with validation result and reason
-     */
-    validateAndTrackIP(ip, connectionId) {
-        // Check connection count limit BEFORE tracking
-        if (this.smartProxy.settings.maxConnectionsPerIP &&
-            this.getConnectionCountByIP(ip) >= this.smartProxy.settings.maxConnectionsPerIP) {
-            return {
-                allowed: false,
-                reason: `Maximum connections per IP (${this.smartProxy.settings.maxConnectionsPerIP}) exceeded`
-            };
-        }
-        // Check connection rate limit
-        if (this.smartProxy.settings.connectionRateLimitPerMinute &&
-            !this.checkConnectionRate(ip)) {
-            return {
-                allowed: false,
-                reason: `Connection rate limit (${this.smartProxy.settings.connectionRateLimitPerMinute}/min) exceeded`
-            };
-        }
-        // Validation passed - immediately track to prevent race conditions
-        this.trackConnectionByIP(ip, connectionId);
-        return { allowed: true };
-    }
-    /**
-     * Clears all IP tracking data (for shutdown)
-     */
-    clearIPTracking() {
-        if (this.cleanupInterval) {
-            clearInterval(this.cleanupInterval);
-            this.cleanupInterval = null;
-        }
-        this.connectionsByIP.clear();
-        this.connectionRateByIP.clear();
-    }
-    /**
-     * Start periodic cleanup of expired data
-     */
-    startPeriodicCleanup() {
-        this.cleanupInterval = setInterval(() => {
-            this.performCleanup();
-        }, 60000); // Run every minute
-        // Unref the timer so it doesn't keep the process alive
-        if (this.cleanupInterval.unref) {
-            this.cleanupInterval.unref();
-        }
-    }
-    /**
-     * Perform cleanup of expired rate limits and empty IP entries
-     */
-    performCleanup() {
-        const now = Date.now();
-        const minute = 60 * 1000;
-        let cleanedRateLimits = 0;
-        let cleanedIPs = 0;
-        // Clean up expired rate limit timestamps
-        for (const [ip, timestamps] of this.connectionRateByIP.entries()) {
-            const validTimestamps = timestamps.filter(time => now - time < minute);
-            if (validTimestamps.length === 0) {
-                // No valid timestamps, remove the IP entry
-                this.connectionRateByIP.delete(ip);
-                cleanedRateLimits++;
-            }
-            else if (validTimestamps.length < timestamps.length) {
-                // Some timestamps expired, update with valid ones
-                this.connectionRateByIP.set(ip, validTimestamps);
-            }
-        }
-        // Clean up IPs with no active connections
-        for (const [ip, connections] of this.connectionsByIP.entries()) {
-            if (connections.size === 0) {
-                this.connectionsByIP.delete(ip);
-                cleanedIPs++;
-            }
-        }
-        // Log cleanup stats if anything was cleaned
-        if (cleanedRateLimits > 0 || cleanedIPs > 0) {
-            if (this.smartProxy.settings.enableDetailedLogging) {
-                connectionLogDeduplicator.log('ip-cleanup', 'debug', 'IP tracking cleanup completed', {
-                    cleanedRateLimits,
-                    cleanedIPs,
-                    remainingIPs: this.connectionsByIP.size,
-                    remainingRateLimits: this.connectionRateByIP.size,
-                    component: 'security-manager'
-                }, 'periodic-cleanup');
-            }
-        }
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Byb3hpZXMvc21hcnQtcHJveHkvc2VjdXJpdHktbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBRTVDLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLHNDQUFzQyxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFFakY7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFLMUIsWUFBb0IsVUFBc0I7UUFBdEIsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUpsQyxvQkFBZSxHQUE2QixJQUFJLEdBQUcsRUFBRSxDQUFDO1FBQ3RELHVCQUFrQixHQUEwQixJQUFJLEdBQUcsRUFBRSxDQUFDO1FBQ3RELG9CQUFlLEdBQTBCLElBQUksQ0FBQztRQUdwRCwwQ0FBMEM7UUFDMUMsSUFBSSxDQUFDLG9CQUFvQixFQUFFLENBQUM7SUFDOUIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksc0JBQXNCLENBQUMsRUFBVTtRQUN0QywwQ0FBMEM7UUFDMUMsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDdEQsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDaEIsT0FBTyxXQUFXLENBQUMsSUFBSSxDQUFDO1lBQzFCLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxDQUFDLENBQUM7SUFDWCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVTtRQUNuQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUV6QiwwREFBMEQ7UUFDMUQsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksV0FBVyxHQUFrQixJQUFJLENBQUM7UUFDdEMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDekMsV0FBVyxHQUFHLE9BQU8sQ0FBQztnQkFDdEIsTUFBTTtZQUNSLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUcsV0FBVyxJQUFJLEVBQUUsQ0FBQztRQUU5QixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3RDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztZQUN4QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCw0REFBNEQ7UUFDNUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEdBQUcsR0FBRyxJQUFJLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFDM0YsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNyQixJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxVQUFVLENBQUMsQ0FBQztRQUU3Qyw4QkFBOEI7UUFDOUIsT0FBTyxVQUFVLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLDRCQUE2QixDQUFDO0lBQ3JGLENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUN6RCxzQ0FBc0M7UUFDdEMsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksV0FBVyxHQUFrQixJQUFJLENBQUM7UUFFdEMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ3RDLFdBQVcsR0FBRyxPQUFPLENBQUM7Z0JBQ3RCLE1BQU07WUFDUixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sR0FBRyxHQUFHLFdBQVcsSUFBSSxFQUFFLENBQUM7UUFDOUIsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbkMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksR0FBRyxFQUFFLENBQUMsQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFFLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7T0FFRztJQUNJLG9CQUFvQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUMxRCw2REFBNkQ7UUFDN0QsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRWpDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUN0QyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUUsQ0FBQztnQkFDdkQsV0FBVyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDakMsSUFBSSxXQUFXLENBQUMsSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUMzQixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDdkMsQ0FBQztnQkFDRCxNQUFNO1lBQ1IsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxjQUFjLENBQUMsRUFBVSxFQUFFLFVBQW9CLEVBQUUsYUFBdUIsRUFBRTtRQUMvRSxPQUFPLGNBQWMsQ0FBQyxFQUFFLEVBQUUsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7O09BR0c7SUFDSSxVQUFVLENBQUMsRUFBVTtRQUMxQiwrQkFBK0I7UUFDL0IsSUFDRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUI7WUFDNUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixFQUMvRSxDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsK0JBQStCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixZQUFZO2FBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLElBQ0UsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTRCO1lBQ3JELENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQyxFQUM3QixDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsMEJBQTBCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLDRCQUE0QixnQkFBZ0I7YUFDeEcsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ksa0JBQWtCLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3hELCtDQUErQztRQUMvQyxJQUNFLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUM1QyxJQUFJLENBQUMsc0JBQXNCLENBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLEVBQy9FLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwrQkFBK0IsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLFlBQVk7YUFDaEcsQ0FBQztRQUNKLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsSUFDRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyw0QkFBNEI7WUFDckQsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxDQUFDLEVBQzdCLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwwQkFBMEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTRCLGdCQUFnQjthQUN4RyxDQUFDO1FBQ0osQ0FBQztRQUVELG1FQUFtRTtRQUNuRSxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRTNDLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVEOztPQUVHO0lBQ0ksZUFBZTtRQUNwQixJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN6QixhQUFhLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ3BDLElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1FBQzlCLENBQUM7UUFDRCxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7O09BRUc7SUFDSyxvQkFBb0I7UUFDMUIsSUFBSSxDQUFDLGVBQWUsR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFO1lBQ3RDLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUN4QixDQUFDLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxtQkFBbUI7UUFFOUIsdURBQXVEO1FBQ3ZELElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUMvQixJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQy9CLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxjQUFjO1FBQ3BCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUN2QixNQUFNLE1BQU0sR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBQ3pCLElBQUksaUJBQWlCLEdBQUcsQ0FBQyxDQUFDO1FBQzFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztRQUVuQix5Q0FBeUM7UUFDekMsS0FBSyxNQUFNLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQ2pFLE1BQU0sZUFBZSxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxHQUFHLE1BQU0sQ0FBQyxDQUFDO1lBRXZFLElBQUksZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDakMsMkNBQTJDO2dCQUMzQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUNuQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ3RCLENBQUM7aUJBQU0sSUFBSSxlQUFlLENBQUMsTUFBTSxHQUFHLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDdEQsa0RBQWtEO2dCQUNsRCxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxlQUFlLENBQUMsQ0FBQztZQUNuRCxDQUFDO1FBQ0gsQ0FBQztRQUVELDBDQUEwQztRQUMxQyxLQUFLLE1BQU0sQ0FBQyxFQUFFLEVBQUUsV0FBVyxDQUFDLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQy9ELElBQUksV0FBVyxDQUFDLElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQ2hDLFVBQVUsRUFBRSxDQUFDO1lBQ2YsQ0FBQztRQUNILENBQUM7UUFFRCw0Q0FBNEM7UUFDNUMsSUFBSSxpQkFBaUIsR0FBRyxDQUFDLElBQUksVUFBVSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzVDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztnQkFDbkQseUJBQXlCLENBQUMsR0FBRyxDQUMzQixZQUFZLEVBQ1osT0FBTyxFQUNQLCtCQUErQixFQUMvQjtvQkFDRSxpQkFBaUI7b0JBQ2pCLFVBQVU7b0JBQ1YsWUFBWSxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSTtvQkFDdkMsbUJBQW1CLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLElBQUk7b0JBQ2pELFNBQVMsRUFBRSxrQkFBa0I7aUJBQzlCLEVBQ0Qsa0JBQWtCLENBQ25CLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRiJ9