@push.rocks/smartproxy 25.17.10 → 26.1.0

package/dist_ts/core/utils/security-utils.d.ts

@@ -1,111 +0,0 @@
-/**
- * Security utilities for IP validation, rate limiting,
- * authentication, and other security features
- */
-/**
- * Result of IP validation
- */
-export interface IIpValidationResult {
-    allowed: boolean;
-    reason?: string;
-}
-/**
- * IP connection tracking information
- */
-export interface IIpConnectionInfo {
-    connections: Set<string>;
-    timestamps: number[];
-    ipVariants: string[];
-}
-/**
- * Rate limit tracking
- */
-export interface IRateLimitInfo {
-    count: number;
-    expiry: number;
-}
-/**
- * Logger interface for security utilities
- */
-export interface ISecurityLogger {
-    info: (message: string, ...args: any[]) => void;
-    warn: (message: string, ...args: any[]) => void;
-    error: (message: string, ...args: any[]) => void;
-    debug?: (message: string, ...args: any[]) => void;
-}
-/**
- * Normalize IP addresses for comparison
- * Handles IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
- *
- * @param ip IP address to normalize
- * @returns Array of equivalent IP representations
- */
-export declare function normalizeIP(ip: string): string[];
-/**
- * Check if an IP is authorized based on allow and block lists
- *
- * @param ip - The IP address to check
- * @param allowedIPs - Array of allowed IP patterns
- * @param blockedIPs - Array of blocked IP patterns
- * @returns Whether the IP is authorized
- */
-export declare function isIPAuthorized(ip: string, allowedIPs?: string[], blockedIPs?: string[]): boolean;
-/**
- * Check if an IP exceeds maximum connections
- *
- * @param ip - The IP address to check
- * @param ipConnectionsMap - Map of IPs to connection info
- * @param maxConnectionsPerIP - Maximum allowed connections per IP
- * @returns Result with allowed status and reason if blocked
- */
-export declare function checkMaxConnections(ip: string, ipConnectionsMap: Map<string, IIpConnectionInfo>, maxConnectionsPerIP: number): IIpValidationResult;
-/**
- * Check if an IP exceeds connection rate limit
- *
- * @param ip - The IP address to check
- * @param ipConnectionsMap - Map of IPs to connection info
- * @param rateLimit - Maximum connections per minute
- * @returns Result with allowed status and reason if blocked
- */
-export declare function checkConnectionRate(ip: string, ipConnectionsMap: Map<string, IIpConnectionInfo>, rateLimit: number): IIpValidationResult;
-/**
- * Track a connection for an IP
- *
- * @param ip - The IP address
- * @param connectionId - The connection ID to track
- * @param ipConnectionsMap - Map of IPs to connection info
- */
-export declare function trackConnection(ip: string, connectionId: string, ipConnectionsMap: Map<string, IIpConnectionInfo>): void;
-/**
- * Remove connection tracking for an IP
- *
- * @param ip - The IP address
- * @param connectionId - The connection ID to remove
- * @param ipConnectionsMap - Map of IPs to connection info
- */
-export declare function removeConnection(ip: string, connectionId: string, ipConnectionsMap: Map<string, IIpConnectionInfo>): void;
-/**
- * Clean up expired rate limits
- *
- * @param rateLimits - Map of rate limits to clean up
- * @param logger - Logger for debug messages
- */
-export declare function cleanupExpiredRateLimits(rateLimits: Map<string, Map<string, IRateLimitInfo>>, logger?: ISecurityLogger): void;
-/**
- * Generate basic auth header value from username and password
- *
- * @param username - The username
- * @param password - The password
- * @returns Base64 encoded basic auth string
- */
-export declare function generateBasicAuthHeader(username: string, password: string): string;
-/**
- * Parse basic auth header
- *
- * @param authHeader - The Authorization header value
- * @returns Username and password, or null if invalid
- */
-export declare function parseBasicAuthHeader(authHeader: string): {
-    username: string;
-    password: string;
-} | null;

package/dist_ts/core/utils/security-utils.js

@@ -1,212 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { IpMatcher } from '../routing/matchers/ip.js';
-/**
- * Normalize IP addresses for comparison
- * Handles IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
- *
- * @param ip IP address to normalize
- * @returns Array of equivalent IP representations
- */
-export function normalizeIP(ip) {
-    if (!ip)
-        return [];
-    // Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
-    if (ip.startsWith('::ffff:')) {
-        const ipv4 = ip.slice(7);
-        return [ip, ipv4];
-    }
-    // Handle IPv4 addresses by also checking IPv4-mapped form
-    if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-        return [ip, `::ffff:${ip}`];
-    }
-    return [ip];
-}
-/**
- * Check if an IP is authorized based on allow and block lists
- *
- * @param ip - The IP address to check
- * @param allowedIPs - Array of allowed IP patterns
- * @param blockedIPs - Array of blocked IP patterns
- * @returns Whether the IP is authorized
- */
-export function isIPAuthorized(ip, allowedIPs = ['*'], blockedIPs = []) {
-    // Skip IP validation if no rules
-    if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) {
-        return true;
-    }
-    // First check if IP is blocked - blocked IPs take precedence
-    if (blockedIPs.length > 0) {
-        for (const pattern of blockedIPs) {
-            if (IpMatcher.match(pattern, ip)) {
-                return false;
-            }
-        }
-    }
-    // If allowed IPs list has wildcard, all non-blocked IPs are allowed
-    if (allowedIPs.includes('*')) {
-        return true;
-    }
-    // Then check if IP is allowed in the explicit allow list
-    if (allowedIPs.length > 0) {
-        for (const pattern of allowedIPs) {
-            if (IpMatcher.match(pattern, ip)) {
-                return true;
-            }
-        }
-        // If allowedIPs is specified but no match, deny access
-        return false;
-    }
-    // Default allow if no explicit allow list
-    return true;
-}
-/**
- * Check if an IP exceeds maximum connections
- *
- * @param ip - The IP address to check
- * @param ipConnectionsMap - Map of IPs to connection info
- * @param maxConnectionsPerIP - Maximum allowed connections per IP
- * @returns Result with allowed status and reason if blocked
- */
-export function checkMaxConnections(ip, ipConnectionsMap, maxConnectionsPerIP) {
-    if (!ipConnectionsMap.has(ip)) {
-        return { allowed: true };
-    }
-    const connectionCount = ipConnectionsMap.get(ip).connections.size;
-    if (connectionCount >= maxConnectionsPerIP) {
-        return {
-            allowed: false,
-            reason: `Maximum connections per IP (${maxConnectionsPerIP}) exceeded`
-        };
-    }
-    return { allowed: true };
-}
-/**
- * Check if an IP exceeds connection rate limit
- *
- * @param ip - The IP address to check
- * @param ipConnectionsMap - Map of IPs to connection info
- * @param rateLimit - Maximum connections per minute
- * @returns Result with allowed status and reason if blocked
- */
-export function checkConnectionRate(ip, ipConnectionsMap, rateLimit) {
-    const now = Date.now();
-    const minute = 60 * 1000;
-    // Get or create connection info
-    if (!ipConnectionsMap.has(ip)) {
-        const info = {
-            connections: new Set(),
-            timestamps: [now],
-            ipVariants: normalizeIP(ip)
-        };
-        ipConnectionsMap.set(ip, info);
-        return { allowed: true };
-    }
-    // Get timestamps and filter out entries older than 1 minute
-    const info = ipConnectionsMap.get(ip);
-    const timestamps = info.timestamps.filter(time => now - time < minute);
-    timestamps.push(now);
-    info.timestamps = timestamps;
-    // Check if rate exceeds limit
-    if (timestamps.length > rateLimit) {
-        return {
-            allowed: false,
-            reason: `Connection rate limit (${rateLimit}/min) exceeded`
-        };
-    }
-    return { allowed: true };
-}
-/**
- * Track a connection for an IP
- *
- * @param ip - The IP address
- * @param connectionId - The connection ID to track
- * @param ipConnectionsMap - Map of IPs to connection info
- */
-export function trackConnection(ip, connectionId, ipConnectionsMap) {
-    if (!ipConnectionsMap.has(ip)) {
-        ipConnectionsMap.set(ip, {
-            connections: new Set([connectionId]),
-            timestamps: [Date.now()],
-            ipVariants: normalizeIP(ip)
-        });
-        return;
-    }
-    const info = ipConnectionsMap.get(ip);
-    info.connections.add(connectionId);
-}
-/**
- * Remove connection tracking for an IP
- *
- * @param ip - The IP address
- * @param connectionId - The connection ID to remove
- * @param ipConnectionsMap - Map of IPs to connection info
- */
-export function removeConnection(ip, connectionId, ipConnectionsMap) {
-    if (!ipConnectionsMap.has(ip))
-        return;
-    const info = ipConnectionsMap.get(ip);
-    info.connections.delete(connectionId);
-    if (info.connections.size === 0) {
-        ipConnectionsMap.delete(ip);
-    }
-}
-/**
- * Clean up expired rate limits
- *
- * @param rateLimits - Map of rate limits to clean up
- * @param logger - Logger for debug messages
- */
-export function cleanupExpiredRateLimits(rateLimits, logger) {
-    const now = Date.now();
-    let totalRemoved = 0;
-    for (const [routeId, routeLimits] of rateLimits.entries()) {
-        let removed = 0;
-        for (const [key, limit] of routeLimits.entries()) {
-            if (limit.expiry < now) {
-                routeLimits.delete(key);
-                removed++;
-                totalRemoved++;
-            }
-        }
-        if (removed > 0 && logger?.debug) {
-            logger.debug(`Cleaned up ${removed} expired rate limits for route ${routeId}`);
-        }
-    }
-    if (totalRemoved > 0 && logger?.info) {
-        logger.info(`Cleaned up ${totalRemoved} expired rate limits total`);
-    }
-}
-/**
- * Generate basic auth header value from username and password
- *
- * @param username - The username
- * @param password - The password
- * @returns Base64 encoded basic auth string
- */
-export function generateBasicAuthHeader(username, password) {
-    return `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
-}
-/**
- * Parse basic auth header
- *
- * @param authHeader - The Authorization header value
- * @returns Username and password, or null if invalid
- */
-export function parseBasicAuthHeader(authHeader) {
-    if (!authHeader || !authHeader.startsWith('Basic ')) {
-        return null;
-    }
-    try {
-        const base64 = authHeader.slice(6); // Remove 'Basic '
-        const decoded = Buffer.from(base64, 'base64').toString();
-        const [username, password] = decoded.split(':');
-        if (!username || !password) {
-            return null;
-        }
-        return { username, password };
-    }
-    catch (err) {
-        return null;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktdXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9jb3JlL3V0aWxzL3NlY3VyaXR5LXV0aWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBMEN0RDs7Ozs7O0dBTUc7QUFDSCxNQUFNLFVBQVUsV0FBVyxDQUFDLEVBQVU7SUFDcEMsSUFBSSxDQUFDLEVBQUU7UUFBRSxPQUFPLEVBQUUsQ0FBQztJQUVuQix1REFBdUQ7SUFDdkQsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDN0IsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN6QixPQUFPLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ3BCLENBQUM7SUFFRCwwREFBMEQ7SUFDMUQsSUFBSSx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUN2QyxPQUFPLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ2QsQ0FBQztBQUVEOzs7Ozs7O0dBT0c7QUFDSCxNQUFNLFVBQVUsY0FBYyxDQUM1QixFQUFVLEVBQ1YsYUFBdUIsQ0FBQyxHQUFHLENBQUMsRUFDNUIsYUFBdUIsRUFBRTtJQUV6QixpQ0FBaUM7SUFDakMsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNoRSxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCw2REFBNkQ7SUFDN0QsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzFCLEtBQUssTUFBTSxPQUFPLElBQUksVUFBVSxFQUFFLENBQUM7WUFDakMsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELG9FQUFvRTtJQUNwRSxJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUM3QixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCx5REFBeUQ7SUFDekQsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzFCLEtBQUssTUFBTSxPQUFPLElBQUksVUFBVSxFQUFFLENBQUM7WUFDakMsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxPQUFPLElBQUksQ0FBQztZQUNkLENBQUM7UUFDSCxDQUFDO1FBQ0QsdURBQXVEO1FBQ3ZELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVELDBDQUEwQztJQUMxQyxPQUFPLElBQUksQ0FBQztBQUNkLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxVQUFVLG1CQUFtQixDQUNqQyxFQUFVLEVBQ1YsZ0JBQWdELEVBQ2hELG1CQUEyQjtJQUUzQixJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDOUIsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsTUFBTSxlQUFlLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUM7SUFFbkUsSUFBSSxlQUFlLElBQUksbUJBQW1CLEVBQUUsQ0FBQztRQUMzQyxPQUFPO1lBQ0wsT0FBTyxFQUFFLEtBQUs7WUFDZCxNQUFNLEVBQUUsK0JBQStCLG1CQUFtQixZQUFZO1NBQ3ZFLENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztBQUMzQixDQUFDO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sVUFBVSxtQkFBbUIsQ0FDakMsRUFBVSxFQUNWLGdCQUFnRCxFQUNoRCxTQUFpQjtJQUVqQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7SUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUV6QixnQ0FBZ0M7SUFDaEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxHQUFzQjtZQUM5QixXQUFXLEVBQUUsSUFBSSxHQUFHLEVBQUU7WUFDdEIsVUFBVSxFQUFFLENBQUMsR0FBRyxDQUFDO1lBQ2pCLFVBQVUsRUFBRSxXQUFXLENBQUMsRUFBRSxDQUFDO1NBQzVCLENBQUM7UUFDRixnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVELDREQUE0RDtJQUM1RCxNQUFNLElBQUksR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFFLENBQUM7SUFDdkMsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxHQUFHLE1BQU0sQ0FBQyxDQUFDO0lBQ3ZFLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDckIsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFFN0IsOEJBQThCO0lBQzlCLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxTQUFTLEVBQUUsQ0FBQztRQUNsQyxPQUFPO1lBQ0wsT0FBTyxFQUFFLEtBQUs7WUFDZCxNQUFNLEVBQUUsMEJBQTBCLFNBQVMsZ0JBQWdCO1NBQzVELENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztBQUMzQixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLGVBQWUsQ0FDN0IsRUFBVSxFQUNWLFlBQW9CLEVBQ3BCLGdCQUFnRDtJQUVoRCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDOUIsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRTtZQUN2QixXQUFXLEVBQUUsSUFBSSxHQUFHLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNwQyxVQUFVLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDeEIsVUFBVSxFQUFFLFdBQVcsQ0FBQyxFQUFFLENBQUM7U0FDNUIsQ0FBQyxDQUFDO1FBQ0gsT0FBTztJQUNULENBQUM7SUFFRCxNQUFNLElBQUksR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFFLENBQUM7SUFDdkMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUM7QUFDckMsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNILE1BQU0sVUFBVSxnQkFBZ0IsQ0FDOUIsRUFBVSxFQUNWLFlBQW9CLEVBQ3BCLGdCQUFnRDtJQUVoRCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUFFLE9BQU87SUFFdEMsTUFBTSxJQUFJLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDO0lBQ3ZDLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBRXRDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDaEMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzlCLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFVBQVUsd0JBQXdCLENBQ3RDLFVBQW9ELEVBQ3BELE1BQXdCO0lBRXhCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztJQUN2QixJQUFJLFlBQVksR0FBRyxDQUFDLENBQUM7SUFFckIsS0FBSyxNQUFNLENBQUMsT0FBTyxFQUFFLFdBQVcsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQzFELElBQUksT0FBTyxHQUFHLENBQUMsQ0FBQztRQUNoQixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLElBQUksV0FBVyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDakQsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLEdBQUcsRUFBRSxDQUFDO2dCQUN2QixXQUFXLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUN4QixPQUFPLEVBQUUsQ0FBQztnQkFDVixZQUFZLEVBQUUsQ0FBQztZQUNqQixDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksT0FBTyxHQUFHLENBQUMsSUFBSSxNQUFNLEVBQUUsS0FBSyxFQUFFLENBQUM7WUFDakMsTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLE9BQU8sa0NBQWtDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDakYsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLFlBQVksR0FBRyxDQUFDLElBQUksTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDO1FBQ3JDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxZQUFZLDRCQUE0QixDQUFDLENBQUM7SUFDdEUsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLFVBQVUsdUJBQXVCLENBQUMsUUFBZ0IsRUFBRSxRQUFnQjtJQUN4RSxPQUFPLFNBQVMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsSUFBSSxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO0FBQzlFLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sVUFBVSxvQkFBb0IsQ0FDbEMsVUFBa0I7SUFFbEIsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNwRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsa0JBQWtCO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3pELE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUVoRCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDM0IsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsT0FBTyxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsQ0FBQztJQUNoQyxDQUFDO0lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztRQUNiLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztBQUNILENBQUMifQ==

package/dist_ts/core/utils/shared-security-manager.d.ts

@@ -1,128 +0,0 @@
-import type { IRouteConfig, IRouteContext } from '../../proxies/smart-proxy/models/route-types.js';
-import type { IIpValidationResult, ISecurityLogger } from './security-utils.js';
-/**
- * Shared SecurityManager for use across proxy components
- * Handles IP tracking, rate limiting, and authentication
- */
-export declare class SharedSecurityManager {
-    private logger?;
-    private connectionsByIP;
-    private rateLimits;
-    private ipFilterCache;
-    private maxConnectionsPerIP;
-    private connectionRateLimitPerMinute;
-    private cleanupInterval;
-    /**
-     * Create a new SharedSecurityManager
-     *
-     * @param options - Configuration options
-     * @param logger - Logger instance
-     */
-    constructor(options: {
-        maxConnectionsPerIP?: number;
-        connectionRateLimitPerMinute?: number;
-        cleanupIntervalMs?: number;
-        routes?: IRouteConfig[];
-    }, logger?: ISecurityLogger);
-    /**
-     * Get connections count by IP
-     *
-     * @param ip - The IP address to check
-     * @returns Number of connections from this IP
-     */
-    getConnectionCountByIP(ip: string): number;
-    /**
-     * Track connection by IP
-     *
-     * @param ip - The IP address to track
-     * @param connectionId - The connection ID to associate
-     */
-    trackConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Remove connection tracking for an IP
-     *
-     * @param ip - The IP address to update
-     * @param connectionId - The connection ID to remove
-     */
-    removeConnectionByIP(ip: string, connectionId: string): void;
-    /**
-     * Check if IP is authorized based on route security settings
-     *
-     * @param ip - The IP address to check
-     * @param allowedIPs - List of allowed IP patterns
-     * @param blockedIPs - List of blocked IP patterns
-     * @returns Whether the IP is authorized
-     */
-    isIPAuthorized(ip: string, allowedIPs?: string[], blockedIPs?: string[]): boolean;
-    /**
-     * Validate IP against rate limits and connection limits
-     *
-     * @param ip - The IP address to validate
-     * @returns Result with allowed status and reason if blocked
-     */
-    validateIP(ip: string): IIpValidationResult;
-    /**
-     * Atomically validate an IP and track the connection if allowed.
-     * This prevents race conditions where concurrent connections could bypass per-IP limits.
-     *
-     * @param ip - The IP address to validate
-     * @param connectionId - The connection ID to track if validation passes
-     * @returns Object with validation result and reason
-     */
-    validateAndTrackIP(ip: string, connectionId: string): IIpValidationResult;
-    /**
-     * Check if a client is allowed to access a specific route
-     *
-     * @param route - The route to check
-     * @param context - The request context
-     * @param routeConnectionCount - Current connection count for this route (optional)
-     * @returns Whether access is allowed
-     */
-    isAllowed(route: IRouteConfig, context: IRouteContext, routeConnectionCount?: number): boolean;
-    /**
-     * Check if a client IP is allowed for a route
-     *
-     * @param route - The route to check
-     * @param clientIp - The client IP
-     * @returns Whether the IP is allowed
-     */
-    private isClientIpAllowed;
-    /**
-     * Check if request is within rate limit
-     *
-     * @param route - The route to check
-     * @param context - The request context
-     * @returns Whether the request is within rate limit
-     */
-    private isWithinRateLimit;
-    /**
-     * Validate HTTP Basic Authentication
-     *
-     * @param route - The route to check
-     * @param authHeader - The Authorization header
-     * @returns Whether authentication is valid
-     */
-    validateBasicAuth(route: IRouteConfig, authHeader?: string): boolean;
-    /**
-     * Verify a JWT token against route configuration
-     *
-     * @param route - The route to verify the token for
-     * @param token - The JWT token to verify
-     * @returns True if the token is valid, false otherwise
-     */
-    verifyJwtToken(route: IRouteConfig, token: string): boolean;
-    /**
-     * Clean up caches to prevent memory leaks
-     */
-    private cleanupCaches;
-    /**
-     * Clear all IP tracking data (for shutdown)
-     */
-    clearIPTracking(): void;
-    /**
-     * Update routes for security checking
-     *
-     * @param routes - New routes to use
-     */
-    setRoutes(routes: IRouteConfig[]): void;
-}