@push.rocks/smartproxy 25.17.10 → 26.1.0

package/dist_ts/core/utils/shared-security-manager.js

@@ -1,362 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { isIPAuthorized, checkMaxConnections, checkConnectionRate, trackConnection, removeConnection, cleanupExpiredRateLimits, parseBasicAuthHeader, normalizeIP } from './security-utils.js';
-/**
- * Shared SecurityManager for use across proxy components
- * Handles IP tracking, rate limiting, and authentication
- */
-export class SharedSecurityManager {
-    /**
-     * Create a new SharedSecurityManager
-     *
-     * @param options - Configuration options
-     * @param logger - Logger instance
-     */
-    constructor(options, logger) {
-        this.logger = logger;
-        // IP connection tracking
-        this.connectionsByIP = new Map();
-        // Route-specific rate limiting
-        this.rateLimits = new Map();
-        // Cache IP filtering results to avoid constant regex matching
-        this.ipFilterCache = new Map();
-        // Cache cleanup interval
-        this.cleanupInterval = null;
-        this.maxConnectionsPerIP = options.maxConnectionsPerIP || 100;
-        this.connectionRateLimitPerMinute = options.connectionRateLimitPerMinute || 300;
-        // Set up logger with defaults if not provided
-        this.logger = logger || {
-            info: console.log,
-            warn: console.warn,
-            error: console.error
-        };
-        // Set up cache cleanup interval
-        const cleanupInterval = options.cleanupIntervalMs || 60000; // Default: 1 minute
-        this.cleanupInterval = setInterval(() => {
-            this.cleanupCaches();
-        }, cleanupInterval);
-        // Don't keep the process alive just for cleanup
-        if (this.cleanupInterval.unref) {
-            this.cleanupInterval.unref();
-        }
-    }
-    /**
-     * Get connections count by IP
-     *
-     * @param ip - The IP address to check
-     * @returns Number of connections from this IP
-     */
-    getConnectionCountByIP(ip) {
-        // Check all normalized variants of the IP
-        const variants = normalizeIP(ip);
-        for (const variant of variants) {
-            const info = this.connectionsByIP.get(variant);
-            if (info) {
-                return info.connections.size;
-            }
-        }
-        return 0;
-    }
-    /**
-     * Track connection by IP
-     *
-     * @param ip - The IP address to track
-     * @param connectionId - The connection ID to associate
-     */
-    trackConnectionByIP(ip, connectionId) {
-        // Check if any variant already exists
-        const variants = normalizeIP(ip);
-        let existingKey = null;
-        for (const variant of variants) {
-            if (this.connectionsByIP.has(variant)) {
-                existingKey = variant;
-                break;
-            }
-        }
-        // Use existing key or the original IP
-        trackConnection(existingKey || ip, connectionId, this.connectionsByIP);
-    }
-    /**
-     * Remove connection tracking for an IP
-     *
-     * @param ip - The IP address to update
-     * @param connectionId - The connection ID to remove
-     */
-    removeConnectionByIP(ip, connectionId) {
-        // Check all variants to find where the connection is tracked
-        const variants = normalizeIP(ip);
-        for (const variant of variants) {
-            if (this.connectionsByIP.has(variant)) {
-                removeConnection(variant, connectionId, this.connectionsByIP);
-                break;
-            }
-        }
-    }
-    /**
-     * Check if IP is authorized based on route security settings
-     *
-     * @param ip - The IP address to check
-     * @param allowedIPs - List of allowed IP patterns
-     * @param blockedIPs - List of blocked IP patterns
-     * @returns Whether the IP is authorized
-     */
-    isIPAuthorized(ip, allowedIPs = ['*'], blockedIPs = []) {
-        return isIPAuthorized(ip, allowedIPs, blockedIPs);
-    }
-    /**
-     * Validate IP against rate limits and connection limits
-     *
-     * @param ip - The IP address to validate
-     * @returns Result with allowed status and reason if blocked
-     */
-    validateIP(ip) {
-        // Check connection count limit
-        const connectionResult = checkMaxConnections(ip, this.connectionsByIP, this.maxConnectionsPerIP);
-        if (!connectionResult.allowed) {
-            return connectionResult;
-        }
-        // Check connection rate limit
-        const rateResult = checkConnectionRate(ip, this.connectionsByIP, this.connectionRateLimitPerMinute);
-        if (!rateResult.allowed) {
-            return rateResult;
-        }
-        return { allowed: true };
-    }
-    /**
-     * Atomically validate an IP and track the connection if allowed.
-     * This prevents race conditions where concurrent connections could bypass per-IP limits.
-     *
-     * @param ip - The IP address to validate
-     * @param connectionId - The connection ID to track if validation passes
-     * @returns Object with validation result and reason
-     */
-    validateAndTrackIP(ip, connectionId) {
-        // Check connection count limit BEFORE tracking
-        const connectionResult = checkMaxConnections(ip, this.connectionsByIP, this.maxConnectionsPerIP);
-        if (!connectionResult.allowed) {
-            return connectionResult;
-        }
-        // Check connection rate limit
-        const rateResult = checkConnectionRate(ip, this.connectionsByIP, this.connectionRateLimitPerMinute);
-        if (!rateResult.allowed) {
-            return rateResult;
-        }
-        // Validation passed - immediately track to prevent race conditions
-        this.trackConnectionByIP(ip, connectionId);
-        return { allowed: true };
-    }
-    /**
-     * Check if a client is allowed to access a specific route
-     *
-     * @param route - The route to check
-     * @param context - The request context
-     * @param routeConnectionCount - Current connection count for this route (optional)
-     * @returns Whether access is allowed
-     */
-    isAllowed(route, context, routeConnectionCount) {
-        if (!route.security) {
-            return true; // No security restrictions
-        }
-        // --- IP filtering ---
-        if (!this.isClientIpAllowed(route, context.clientIp)) {
-            this.logger?.debug?.(`IP ${context.clientIp} is blocked for route ${route.name || 'unnamed'}`);
-            return false;
-        }
-        // --- Route-level connection limit ---
-        if (route.security.maxConnections !== undefined && routeConnectionCount !== undefined) {
-            if (routeConnectionCount >= route.security.maxConnections) {
-                this.logger?.debug?.(`Route connection limit (${route.security.maxConnections}) exceeded for route ${route.name || 'unnamed'}`);
-                return false;
-            }
-        }
-        // --- Rate limiting ---
-        if (route.security.rateLimit?.enabled && !this.isWithinRateLimit(route, context)) {
-            this.logger?.debug?.(`Rate limit exceeded for route ${route.name || 'unnamed'}`);
-            return false;
-        }
-        return true;
-    }
-    /**
-     * Check if a client IP is allowed for a route
-     *
-     * @param route - The route to check
-     * @param clientIp - The client IP
-     * @returns Whether the IP is allowed
-     */
-    isClientIpAllowed(route, clientIp) {
-        if (!route.security) {
-            return true; // No security restrictions
-        }
-        const routeId = route.id || route.name || 'unnamed';
-        // Check cache first
-        if (!this.ipFilterCache.has(routeId)) {
-            this.ipFilterCache.set(routeId, new Map());
-        }
-        const routeCache = this.ipFilterCache.get(routeId);
-        if (routeCache.has(clientIp)) {
-            return routeCache.get(clientIp);
-        }
-        // Check IP against route security settings
-        const ipAllowList = route.security.ipAllowList;
-        const ipBlockList = route.security.ipBlockList;
-        const allowed = this.isIPAuthorized(clientIp, ipAllowList, ipBlockList);
-        // Cache the result
-        routeCache.set(clientIp, allowed);
-        return allowed;
-    }
-    /**
-     * Check if request is within rate limit
-     *
-     * @param route - The route to check
-     * @param context - The request context
-     * @returns Whether the request is within rate limit
-     */
-    isWithinRateLimit(route, context) {
-        if (!route.security?.rateLimit?.enabled) {
-            return true;
-        }
-        const rateLimit = route.security.rateLimit;
-        const routeId = route.id || route.name || 'unnamed';
-        // Determine rate limit key (by IP, path, or header)
-        let key = context.clientIp; // Default to IP
-        if (rateLimit.keyBy === 'path' && context.path) {
-            key = `${context.clientIp}:${context.path}`;
-        }
-        else if (rateLimit.keyBy === 'header' && rateLimit.headerName && context.headers) {
-            const headerValue = context.headers[rateLimit.headerName.toLowerCase()];
-            if (headerValue) {
-                key = `${context.clientIp}:${headerValue}`;
-            }
-        }
-        // Get or create rate limit tracking for this route
-        if (!this.rateLimits.has(routeId)) {
-            this.rateLimits.set(routeId, new Map());
-        }
-        const routeLimits = this.rateLimits.get(routeId);
-        const now = Date.now();
-        // Get or create rate limit tracking for this key
-        let limit = routeLimits.get(key);
-        if (!limit || limit.expiry < now) {
-            // Create new rate limit or reset expired one
-            limit = {
-                count: 1,
-                expiry: now + (rateLimit.window * 1000)
-            };
-            routeLimits.set(key, limit);
-            return true;
-        }
-        // Increment the counter
-        limit.count++;
-        // Check if rate limit is exceeded
-        return limit.count <= rateLimit.maxRequests;
-    }
-    /**
-     * Validate HTTP Basic Authentication
-     *
-     * @param route - The route to check
-     * @param authHeader - The Authorization header
-     * @returns Whether authentication is valid
-     */
-    validateBasicAuth(route, authHeader) {
-        // Skip if basic auth not enabled for route
-        if (!route.security?.basicAuth?.enabled) {
-            return true;
-        }
-        // No auth header means auth failed
-        if (!authHeader) {
-            return false;
-        }
-        // Parse auth header
-        const credentials = parseBasicAuthHeader(authHeader);
-        if (!credentials) {
-            return false;
-        }
-        // Check credentials against configured users
-        const { username, password } = credentials;
-        const users = route.security.basicAuth.users;
-        return users.some(user => user.username === username && user.password === password);
-    }
-    /**
-     * Verify a JWT token against route configuration
-     *
-     * @param route - The route to verify the token for
-     * @param token - The JWT token to verify
-     * @returns True if the token is valid, false otherwise
-     */
-    verifyJwtToken(route, token) {
-        if (!route.security?.jwtAuth?.enabled) {
-            return true;
-        }
-        try {
-            const jwtAuth = route.security.jwtAuth;
-            // Verify structure (header.payload.signature)
-            const parts = token.split('.');
-            if (parts.length !== 3) {
-                return false;
-            }
-            // Decode payload
-            const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
-            // Check expiration
-            if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) {
-                return false;
-            }
-            // Check issuer
-            if (jwtAuth.issuer && payload.iss !== jwtAuth.issuer) {
-                return false;
-            }
-            // Check audience
-            if (jwtAuth.audience && payload.aud !== jwtAuth.audience) {
-                return false;
-            }
-            // Note: In a real implementation, you'd also verify the signature
-            // using the secret and algorithm specified in jwtAuth.
-            // This requires a proper JWT library for cryptographic verification.
-            return true;
-        }
-        catch (err) {
-            this.logger?.error?.(`Error verifying JWT: ${err}`);
-            return false;
-        }
-    }
-    /**
-     * Clean up caches to prevent memory leaks
-     */
-    cleanupCaches() {
-        // Clean up rate limits
-        cleanupExpiredRateLimits(this.rateLimits, this.logger);
-        // Clean up IP connection tracking
-        let cleanedIPs = 0;
-        for (const [ip, info] of this.connectionsByIP.entries()) {
-            // Remove IPs with no active connections and no recent timestamps
-            if (info.connections.size === 0 && info.timestamps.length === 0) {
-                this.connectionsByIP.delete(ip);
-                cleanedIPs++;
-            }
-        }
-        if (cleanedIPs > 0 && this.logger?.debug) {
-            this.logger.debug(`Cleaned up ${cleanedIPs} IPs with no active connections`);
-        }
-        // IP filter cache doesn't need cleanup (tied to routes)
-    }
-    /**
-     * Clear all IP tracking data (for shutdown)
-     */
-    clearIPTracking() {
-        this.connectionsByIP.clear();
-        this.rateLimits.clear();
-        this.ipFilterCache.clear();
-        if (this.cleanupInterval) {
-            clearInterval(this.cleanupInterval);
-            this.cleanupInterval = null;
-        }
-    }
-    /**
-     * Update routes for security checking
-     *
-     * @param routes - New routes to use
-     */
-    setRoutes(routes) {
-        // Only clear the IP filter cache - route-specific
-        this.ipFilterCache.clear();
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2hhcmVkLXNlY3VyaXR5LW1hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9jb3JlL3V0aWxzL3NoYXJlZC1zZWN1cml0eS1tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFRNUMsT0FBTyxFQUNMLGNBQWMsRUFDZCxtQkFBbUIsRUFDbkIsbUJBQW1CLEVBQ25CLGVBQWUsRUFDZixnQkFBZ0IsRUFDaEIsd0JBQXdCLEVBQ3hCLG9CQUFvQixFQUNwQixXQUFXLEVBQ1osTUFBTSxxQkFBcUIsQ0FBQztBQUU3Qjs7O0dBR0c7QUFDSCxNQUFNLE9BQU8scUJBQXFCO0lBaUJoQzs7Ozs7T0FLRztJQUNILFlBQVksT0FLWCxFQUFVLE1BQXdCO1FBQXhCLFdBQU0sR0FBTixNQUFNLENBQWtCO1FBM0JuQyx5QkFBeUI7UUFDakIsb0JBQWUsR0FBbUMsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUVwRSwrQkFBK0I7UUFDdkIsZUFBVSxHQUE2QyxJQUFJLEdBQUcsRUFBRSxDQUFDO1FBRXpFLDhEQUE4RDtRQUN0RCxrQkFBYSxHQUFzQyxJQUFJLEdBQUcsRUFBRSxDQUFDO1FBTXJFLHlCQUF5QjtRQUNqQixvQkFBZSxHQUEwQixJQUFJLENBQUM7UUFjcEQsSUFBSSxDQUFDLG1CQUFtQixHQUFHLE9BQU8sQ0FBQyxtQkFBbUIsSUFBSSxHQUFHLENBQUM7UUFDOUQsSUFBSSxDQUFDLDRCQUE0QixHQUFHLE9BQU8sQ0FBQyw0QkFBNEIsSUFBSSxHQUFHLENBQUM7UUFFaEYsOENBQThDO1FBQzlDLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxJQUFJO1lBQ3RCLElBQUksRUFBRSxPQUFPLENBQUMsR0FBRztZQUNqQixJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUk7WUFDbEIsS0FBSyxFQUFFLE9BQU8sQ0FBQyxLQUFLO1NBQ3JCLENBQUM7UUFFRixnQ0FBZ0M7UUFDaEMsTUFBTSxlQUFlLEdBQUcsT0FBTyxDQUFDLGlCQUFpQixJQUFJLEtBQUssQ0FBQyxDQUFDLG9CQUFvQjtRQUNoRixJQUFJLENBQUMsZUFBZSxHQUFHLFdBQVcsQ0FBQyxHQUFHLEVBQUU7WUFDdEMsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3ZCLENBQUMsRUFBRSxlQUFlLENBQUMsQ0FBQztRQUVwQixnREFBZ0Q7UUFDaEQsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQy9CLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDL0IsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLHNCQUFzQixDQUFDLEVBQVU7UUFDdEMsMENBQTBDO1FBQzFDLE1BQU0sUUFBUSxHQUFHLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNqQyxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQy9DLElBQUksSUFBSSxFQUFFLENBQUM7Z0JBQ1QsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQztZQUMvQixDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sQ0FBQyxDQUFDO0lBQ1gsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3pELHNDQUFzQztRQUN0QyxNQUFNLFFBQVEsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDakMsSUFBSSxXQUFXLEdBQWtCLElBQUksQ0FBQztRQUV0QyxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQy9CLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDdEMsV0FBVyxHQUFHLE9BQU8sQ0FBQztnQkFDdEIsTUFBTTtZQUNSLENBQUM7UUFDSCxDQUFDO1FBRUQsc0NBQXNDO1FBQ3RDLGVBQWUsQ0FBQyxXQUFXLElBQUksRUFBRSxFQUFFLFlBQVksRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksb0JBQW9CLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQzFELDZEQUE2RDtRQUM3RCxNQUFNLFFBQVEsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFakMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ3RDLGdCQUFnQixDQUFDLE9BQU8sRUFBRSxZQUFZLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO2dCQUM5RCxNQUFNO1lBQ1IsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNJLGNBQWMsQ0FDbkIsRUFBVSxFQUNWLGFBQXVCLENBQUMsR0FBRyxDQUFDLEVBQzVCLGFBQXVCLEVBQUU7UUFFekIsT0FBTyxjQUFjLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxVQUFVLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxVQUFVLENBQUMsRUFBVTtRQUMxQiwrQkFBK0I7UUFDL0IsTUFBTSxnQkFBZ0IsR0FBRyxtQkFBbUIsQ0FDMUMsRUFBRSxFQUNGLElBQUksQ0FBQyxlQUFlLEVBQ3BCLElBQUksQ0FBQyxtQkFBbUIsQ0FDekIsQ0FBQztRQUNGLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUM5QixPQUFPLGdCQUFnQixDQUFDO1FBQzFCLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsTUFBTSxVQUFVLEdBQUcsbUJBQW1CLENBQ3BDLEVBQUUsRUFDRixJQUFJLENBQUMsZUFBZSxFQUNwQixJQUFJLENBQUMsNEJBQTRCLENBQ2xDLENBQUM7UUFDRixJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3hCLE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ksa0JBQWtCLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3hELCtDQUErQztRQUMvQyxNQUFNLGdCQUFnQixHQUFHLG1CQUFtQixDQUMxQyxFQUFFLEVBQ0YsSUFBSSxDQUFDLGVBQWUsRUFDcEIsSUFBSSxDQUFDLG1CQUFtQixDQUN6QixDQUFDO1FBQ0YsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzlCLE9BQU8sZ0JBQWdCLENBQUM7UUFDMUIsQ0FBQztRQUVELDhCQUE4QjtRQUM5QixNQUFNLFVBQVUsR0FBRyxtQkFBbUIsQ0FDcEMsRUFBRSxFQUNGLElBQUksQ0FBQyxlQUFlLEVBQ3BCLElBQUksQ0FBQyw0QkFBNEIsQ0FDbEMsQ0FBQztRQUNGLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDeEIsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztRQUVELG1FQUFtRTtRQUNuRSxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRTNDLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSSxTQUFTLENBQUMsS0FBbUIsRUFBRSxPQUFzQixFQUFFLG9CQUE2QjtRQUN6RixJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3BCLE9BQU8sSUFBSSxDQUFDLENBQUMsMkJBQTJCO1FBQzFDLENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsSUFBSSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDckQsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsQ0FBQyxNQUFNLE9BQU8sQ0FBQyxRQUFRLHlCQUF5QixLQUFLLENBQUMsSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDL0YsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsdUNBQXVDO1FBQ3ZDLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxjQUFjLEtBQUssU0FBUyxJQUFJLG9CQUFvQixLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3RGLElBQUksb0JBQW9CLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxjQUFjLEVBQUUsQ0FBQztnQkFDMUQsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsQ0FBQywyQkFBMkIsS0FBSyxDQUFDLFFBQVEsQ0FBQyxjQUFjLHdCQUF3QixLQUFLLENBQUMsSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDLENBQUM7Z0JBQ2hJLE9BQU8sS0FBSyxDQUFDO1lBQ2YsQ0FBQztRQUNILENBQUM7UUFFRCx3QkFBd0I7UUFDeEIsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDakYsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsQ0FBQyxpQ0FBaUMsS0FBSyxDQUFDLElBQUksSUFBSSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ2pGLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNLLGlCQUFpQixDQUFDLEtBQW1CLEVBQUUsUUFBZ0I7UUFDN0QsSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNwQixPQUFPLElBQUksQ0FBQyxDQUFDLDJCQUEyQjtRQUMxQyxDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLEVBQUUsSUFBSSxLQUFLLENBQUMsSUFBSSxJQUFJLFNBQVMsQ0FBQztRQUVwRCxvQkFBb0I7UUFDcEIsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDckMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLElBQUksR0FBRyxFQUFFLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFFLENBQUM7UUFDcEQsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDN0IsT0FBTyxVQUFVLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBRSxDQUFDO1FBQ25DLENBQUM7UUFFRCwyQ0FBMkM7UUFDM0MsTUFBTSxXQUFXLEdBQUcsS0FBSyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUM7UUFDL0MsTUFBTSxXQUFXLEdBQUcsS0FBSyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUM7UUFFL0MsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBRXhFLG1CQUFtQjtRQUNuQixVQUFVLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUVsQyxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ssaUJBQWlCLENBQUMsS0FBbUIsRUFBRSxPQUFzQjtRQUNuRSxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDeEMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7UUFDM0MsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLEVBQUUsSUFBSSxLQUFLLENBQUMsSUFBSSxJQUFJLFNBQVMsQ0FBQztRQUVwRCxvREFBb0Q7UUFDcEQsSUFBSSxHQUFHLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLGdCQUFnQjtRQUU1QyxJQUFJLFNBQVMsQ0FBQyxLQUFLLEtBQUssTUFBTSxJQUFJLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUMvQyxHQUFHLEdBQUcsR0FBRyxPQUFPLENBQUMsUUFBUSxJQUFJLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUM5QyxDQUFDO2FBQU0sSUFBSSxTQUFTLENBQUMsS0FBSyxLQUFLLFFBQVEsSUFBSSxTQUFTLENBQUMsVUFBVSxJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuRixNQUFNLFdBQVcsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztZQUN4RSxJQUFJLFdBQVcsRUFBRSxDQUFDO2dCQUNoQixHQUFHLEdBQUcsR0FBRyxPQUFPLENBQUMsUUFBUSxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQzdDLENBQUM7UUFDSCxDQUFDO1FBRUQsbURBQW1EO1FBQ25ELElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2xDLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDMUMsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBRSxDQUFDO1FBQ2xELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUV2QixpREFBaUQ7UUFDakQsSUFBSSxLQUFLLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNqQyxJQUFJLENBQUMsS0FBSyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsR0FBRyxFQUFFLENBQUM7WUFDakMsNkNBQTZDO1lBQzdDLEtBQUssR0FBRztnQkFDTixLQUFLLEVBQUUsQ0FBQztnQkFDUixNQUFNLEVBQUUsR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUM7YUFDeEMsQ0FBQztZQUNGLFdBQVcsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQzVCLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELHdCQUF3QjtRQUN4QixLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFZCxrQ0FBa0M7UUFDbEMsT0FBTyxLQUFLLENBQUMsS0FBSyxJQUFJLFNBQVMsQ0FBQyxXQUFXLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLGlCQUFpQixDQUFDLEtBQW1CLEVBQUUsVUFBbUI7UUFDL0QsMkNBQTJDO1FBQzNDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUN4QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCxtQ0FBbUM7UUFDbkMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELG9CQUFvQjtRQUNwQixNQUFNLFdBQVcsR0FBRyxvQkFBb0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUNyRCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakIsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsNkNBQTZDO1FBQzdDLE1BQU0sRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLEdBQUcsV0FBVyxDQUFDO1FBQzNDLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQztRQUU3QyxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FDdkIsSUFBSSxDQUFDLFFBQVEsS0FBSyxRQUFRLElBQUksSUFBSSxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ3pELENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksY0FBYyxDQUFDLEtBQW1CLEVBQUUsS0FBYTtRQUN0RCxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDdEMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUM7WUFFdkMsOENBQThDO1lBQzlDLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDL0IsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUN2QixPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxpQkFBaUI7WUFDakIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRXZFLG1CQUFtQjtZQUNuQixJQUFJLE9BQU8sQ0FBQyxHQUFHLElBQUksT0FBTyxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDO2dCQUMvRCxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxlQUFlO1lBQ2YsSUFBSSxPQUFPLENBQUMsTUFBTSxJQUFJLE9BQU8sQ0FBQyxHQUFHLEtBQUssT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNyRCxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxpQkFBaUI7WUFDakIsSUFBSSxPQUFPLENBQUMsUUFBUSxJQUFJLE9BQU8sQ0FBQyxHQUFHLEtBQUssT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO2dCQUN6RCxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxrRUFBa0U7WUFDbEUsdURBQXVEO1lBQ3ZELHFFQUFxRTtZQUVyRSxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsQ0FBQyx3QkFBd0IsR0FBRyxFQUFFLENBQUMsQ0FBQztZQUNwRCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxhQUFhO1FBQ25CLHVCQUF1QjtRQUN2Qix3QkFBd0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV2RCxrQ0FBa0M7UUFDbEMsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO1FBQ25CLEtBQUssTUFBTSxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDeEQsaUVBQWlFO1lBQ2pFLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUNoRSxJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDaEMsVUFBVSxFQUFFLENBQUM7WUFDZixDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksVUFBVSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxDQUFDO1lBQ3pDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsVUFBVSxpQ0FBaUMsQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCx3REFBd0Q7SUFDMUQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksZUFBZTtRQUNwQixJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDeEIsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUUzQixJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN6QixhQUFhLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ3BDLElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1FBQzlCLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLFNBQVMsQ0FBQyxNQUFzQjtRQUNyQyxrREFBa0Q7UUFDbEQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUM3QixDQUFDO0NBQ0YifQ==

package/dist_ts/core/utils/socket-utils.d.ts

@@ -1,63 +0,0 @@
-import * as plugins from '../../plugins.js';
-export interface CleanupOptions {
-    immediate?: boolean;
-    allowDrain?: boolean;
-    gracePeriod?: number;
-}
-export interface SafeSocketOptions {
-    port: number;
-    host: string;
-    onError?: (error: Error) => void;
-    onConnect?: () => void;
-    timeout?: number;
-}
-/**
- * Safely cleanup a socket by removing all listeners and destroying it
- * @param socket The socket to cleanup
- * @param socketName Optional name for logging
- * @param options Cleanup options
- */
-export declare function cleanupSocket(socket: plugins.net.Socket | plugins.tls.TLSSocket | null, socketName?: string, options?: CleanupOptions): Promise<void>;
-/**
- * Create independent cleanup handlers for paired sockets that support half-open connections
- * @param clientSocket The client socket
- * @param serverSocket The server socket
- * @param onBothClosed Callback when both sockets are closed
- * @returns Independent cleanup functions for each socket
- */
-export declare function createIndependentSocketHandlers(clientSocket: plugins.net.Socket | plugins.tls.TLSSocket, serverSocket: plugins.net.Socket | plugins.tls.TLSSocket, onBothClosed: (reason: string) => void, options?: {
-    enableHalfOpen?: boolean;
-}): {
-    cleanupClient: (reason: string) => Promise<void>;
-    cleanupServer: (reason: string) => Promise<void>;
-};
-/**
- * Setup socket error and close handlers with proper cleanup
- * @param socket The socket to setup handlers for
- * @param handleClose The cleanup function to call
- * @param handleTimeout Optional custom timeout handler
- * @param errorPrefix Optional prefix for error messages
- */
-export declare function setupSocketHandlers(socket: plugins.net.Socket | plugins.tls.TLSSocket, handleClose: (reason: string) => void, handleTimeout?: (socket: plugins.net.Socket | plugins.tls.TLSSocket) => void, errorPrefix?: string): void;
-/**
- * Setup bidirectional data forwarding between two sockets with proper cleanup
- * @param clientSocket The client/incoming socket
- * @param serverSocket The server/outgoing socket
- * @param handlers Object containing optional handlers for data and cleanup
- * @returns Cleanup functions for both sockets
- */
-export declare function setupBidirectionalForwarding(clientSocket: plugins.net.Socket | plugins.tls.TLSSocket, serverSocket: plugins.net.Socket | plugins.tls.TLSSocket, handlers: {
-    onClientData?: (chunk: Buffer) => void;
-    onServerData?: (chunk: Buffer) => void;
-    onCleanup: (reason: string) => void;
-    enableHalfOpen?: boolean;
-}): {
-    cleanupClient: (reason: string) => Promise<void>;
-    cleanupServer: (reason: string) => Promise<void>;
-};
-/**
- * Create a socket with immediate error handling to prevent crashes
- * @param options Socket creation options
- * @returns The created socket
- */
-export declare function createSocketWithErrorHandler(options: SafeSocketOptions): plugins.net.Socket;