@push.rocks/smartproxy 25.17.9 → 26.0.0

package/ts/detection/detectors/http-detector.ts

@@ -1,127 +0,0 @@
-/**
- * HTTP Protocol Detector
- * 
- * Simplified HTTP detection using the new architecture
- */
-
-import type { IProtocolDetector } from '../models/interfaces.js';
-import type { IDetectionResult, IDetectionOptions } from '../models/detection-types.js';
-import type { IProtocolDetectionResult, IConnectionContext } from '../../protocols/common/types.js';
-import type { THttpMethod } from '../../protocols/http/index.js';
-import { QuickProtocolDetector } from './quick-detector.js';
-import { RoutingExtractor } from './routing-extractor.js';
-import { DetectionFragmentManager } from '../utils/fragment-manager.js';
-import { HttpParser } from '../../protocols/http/parser.js';
-
-/**
- * Simplified HTTP detector
- */
-export class HttpDetector implements IProtocolDetector {
-  private quickDetector = new QuickProtocolDetector();
-  private fragmentManager: DetectionFragmentManager;
-  
-  constructor(fragmentManager?: DetectionFragmentManager) {
-    this.fragmentManager = fragmentManager || new DetectionFragmentManager();
-  }
-  
-  /**
-   * Check if buffer can be handled by this detector
-   */
-  canHandle(buffer: Buffer): boolean {
-    const result = this.quickDetector.quickDetect(buffer);
-    return result.protocol === 'http' && result.confidence > 50;
-  }
-  
-  /**
-   * Get minimum bytes needed for detection
-   */
-  getMinimumBytes(): number {
-    return 4; // "GET " minimum
-  }
-  
-  /**
-   * Detect HTTP protocol from buffer
-   */
-  detect(buffer: Buffer, options?: IDetectionOptions): IDetectionResult | null {
-    // Quick detection first
-    const quickResult = this.quickDetector.quickDetect(buffer);
-    
-    if (quickResult.protocol !== 'http' || quickResult.confidence < 50) {
-      return null;
-    }
-    
-    // Check if we have complete headers first
-    const headersEnd = buffer.indexOf('\r\n\r\n');
-    const isComplete = headersEnd !== -1;
-    
-    // Extract routing information
-    const routing = RoutingExtractor.extract(buffer, 'http');
-    
-    // Extract headers if requested and we have complete headers
-    let headers: Record<string, string> | undefined;
-    if (options?.extractFullHeaders && isComplete) {
-      const headerSection = buffer.slice(0, headersEnd).toString();
-      const lines = headerSection.split('\r\n');
-      if (lines.length > 1) {
-        // Skip the request line and parse headers
-        headers = HttpParser.parseHeaders(lines.slice(1));
-      }
-    }
-    
-    // If we don't need full headers and we have complete headers, we can return early
-    if (quickResult.confidence >= 95 && !options?.extractFullHeaders && isComplete) {
-      return {
-        protocol: 'http',
-        connectionInfo: { 
-          protocol: 'http',
-          method: quickResult.metadata?.method as THttpMethod,
-          domain: routing?.domain,
-          path: routing?.path
-        },
-        isComplete: true
-      };
-    }
-    
-    return {
-      protocol: 'http',
-      connectionInfo: {
-        protocol: 'http',
-        domain: routing?.domain,
-        path: routing?.path,
-        method: quickResult.metadata?.method as THttpMethod,
-        headers: headers
-      },
-      isComplete,
-      bytesNeeded: isComplete ? undefined : buffer.length + 512 // Need more for headers
-    };
-  }
-  
-  /**
-   * Handle fragmented detection
-   */
-  detectWithContext(
-    buffer: Buffer,
-    context: IConnectionContext,
-    options?: IDetectionOptions
-  ): IDetectionResult | null {
-    const handler = this.fragmentManager.getHandler('http');
-    const connectionId = DetectionFragmentManager.createConnectionId(context);
-    
-    // Add fragment
-    const result = handler.addFragment(connectionId, buffer);
-    
-    if (result.error) {
-      handler.complete(connectionId);
-      return null;
-    }
-    
-    // Try detection on accumulated buffer
-    const detectResult = this.detect(result.buffer!, options);
-    
-    if (detectResult && detectResult.isComplete) {
-      handler.complete(connectionId);
-    }
-    
-    return detectResult;
-  }
-}

package/ts/detection/detectors/quick-detector.ts

@@ -1,148 +0,0 @@
-/**
- * Quick Protocol Detector
- * 
- * Lightweight protocol identification based on minimal bytes
- * No parsing, just identification
- */
-
-import type { IProtocolDetector, IProtocolDetectionResult } from '../../protocols/common/types.js';
-import { TlsRecordType } from '../../protocols/tls/index.js';
-import { HttpParser } from '../../protocols/http/index.js';
-
-/**
- * Quick protocol detector for fast identification
- */
-export class QuickProtocolDetector implements IProtocolDetector {
-  /**
-   * Check if this detector can handle the data
-   */
-  canHandle(data: Buffer): boolean {
-    return data.length >= 1;
-  }
-  
-  /**
-   * Perform quick detection based on first few bytes
-   */
-  quickDetect(data: Buffer): IProtocolDetectionResult {
-    if (data.length === 0) {
-      return {
-        protocol: 'unknown',
-        confidence: 0,
-        requiresMoreData: true
-      };
-    }
-    
-    // Check for TLS
-    const tlsResult = this.checkTls(data);
-    if (tlsResult.confidence > 80) {
-      return tlsResult;
-    }
-    
-    // Check for HTTP
-    const httpResult = this.checkHttp(data);
-    if (httpResult.confidence > 80) {
-      return httpResult;
-    }
-    
-    // Need more data or unknown
-    return {
-      protocol: 'unknown',
-      confidence: 0,
-      requiresMoreData: data.length < 20
-    };
-  }
-  
-  /**
-   * Check if data looks like TLS
-   */
-  private checkTls(data: Buffer): IProtocolDetectionResult {
-    if (data.length < 3) {
-      return {
-        protocol: 'tls',
-        confidence: 0,
-        requiresMoreData: true
-      };
-    }
-    
-    const firstByte = data[0];
-    const secondByte = data[1];
-    
-    // Check for valid TLS record type
-    const validRecordTypes = [
-      TlsRecordType.CHANGE_CIPHER_SPEC,
-      TlsRecordType.ALERT,
-      TlsRecordType.HANDSHAKE,
-      TlsRecordType.APPLICATION_DATA,
-      TlsRecordType.HEARTBEAT
-    ];
-    
-    if (!validRecordTypes.includes(firstByte)) {
-      return {
-        protocol: 'tls',
-        confidence: 0
-      };
-    }
-    
-    // Check TLS version byte (0x03 for all TLS/SSL versions)
-    if (secondByte !== 0x03) {
-      return {
-        protocol: 'tls',
-        confidence: 0
-      };
-    }
-    
-    // High confidence it's TLS
-    return {
-      protocol: 'tls',
-      confidence: 95,
-      metadata: {
-        recordType: firstByte
-      }
-    };
-  }
-  
-  /**
-   * Check if data looks like HTTP
-   */
-  private checkHttp(data: Buffer): IProtocolDetectionResult {
-    if (data.length < 3) {
-      return {
-        protocol: 'http',
-        confidence: 0,
-        requiresMoreData: true
-      };
-    }
-    
-    // Quick check for HTTP methods
-    const start = data.subarray(0, Math.min(10, data.length)).toString('ascii');
-    
-    // Check common HTTP methods
-    const httpMethods = ['GET ', 'POST ', 'PUT ', 'DELETE ', 'HEAD ', 'OPTIONS', 'PATCH ', 'CONNECT', 'TRACE '];
-    for (const method of httpMethods) {
-      if (start.startsWith(method)) {
-        return {
-          protocol: 'http',
-          confidence: 95,
-          metadata: {
-            method: method.trim()
-          }
-        };
-      }
-    }
-    
-    // Check if it might be HTTP but need more data
-    if (HttpParser.isPrintableAscii(data, Math.min(20, data.length))) {
-      // Could be HTTP, but not sure
-      return {
-        protocol: 'http',
-        confidence: 30,
-        requiresMoreData: data.length < 20
-      };
-    }
-    
-    return {
-      protocol: 'http',
-      confidence: 0
-    };
-  }
-}

package/ts/detection/detectors/routing-extractor.ts

@@ -1,147 +0,0 @@
-/**
- * Routing Information Extractor
- * 
- * Extracts minimal routing information from protocols
- * without full parsing
- */
-
-import type { IRoutingInfo, IConnectionContext, TProtocolType } from '../../protocols/common/types.js';
-import { SniExtraction } from '../../protocols/tls/sni/sni-extraction.js';
-import { HttpParser } from '../../protocols/http/index.js';
-
-/**
- * Extracts routing information from protocol data
- */
-export class RoutingExtractor {
-  /**
-   * Extract routing info based on protocol type
-   */
-  static extract(
-    data: Buffer, 
-    protocol: TProtocolType,
-    context?: IConnectionContext
-  ): IRoutingInfo | null {
-    switch (protocol) {
-      case 'tls':
-      case 'https':
-        return this.extractTlsRouting(data, context);
-      
-      case 'http':
-        return this.extractHttpRouting(data);
-      
-      default:
-        return null;
-    }
-  }
-  
-  /**
-   * Extract routing from TLS ClientHello (SNI)
-   */
-  private static extractTlsRouting(
-    data: Buffer,
-    context?: IConnectionContext
-  ): IRoutingInfo | null {
-    try {
-      // Quick SNI extraction without full parsing
-      const sni = SniExtraction.extractSNI(data);
-      
-      if (sni) {
-        return {
-          domain: sni,
-          protocol: 'tls',
-          port: 443  // Default HTTPS port
-        };
-      }
-      
-      return null;
-    } catch (error) {
-      // Extraction failed, return null
-      return null;
-    }
-  }
-  
-  /**
-   * Extract routing from HTTP headers (Host header)
-   */
-  private static extractHttpRouting(data: Buffer): IRoutingInfo | null {
-    try {
-      // Look for first line
-      const firstLineEnd = data.indexOf('\n');
-      if (firstLineEnd === -1) {
-        return null;
-      }
-      
-      // Parse request line
-      const firstLine = data.subarray(0, firstLineEnd).toString('ascii').trim();
-      const requestLine = HttpParser.parseRequestLine(firstLine);
-      
-      if (!requestLine) {
-        return null;
-      }
-      
-      // Look for Host header
-      let pos = firstLineEnd + 1;
-      const maxSearch = Math.min(data.length, 4096); // Don't search too far
-      
-      while (pos < maxSearch) {
-        const lineEnd = data.indexOf('\n', pos);
-        if (lineEnd === -1) break;
-        
-        const line = data.subarray(pos, lineEnd).toString('ascii').trim();
-        
-        // Empty line means end of headers
-        if (line.length === 0) break;
-        
-        // Check for Host header
-        if (line.toLowerCase().startsWith('host:')) {
-          const hostValue = line.substring(5).trim();
-          const domain = HttpParser.extractDomainFromHost(hostValue);
-          
-          return {
-            domain,
-            path: requestLine.path,
-            protocol: 'http',
-            port: 80  // Default HTTP port
-          };
-        }
-        
-        pos = lineEnd + 1;
-      }
-      
-      // No Host header found, but we have the path
-      return {
-        path: requestLine.path,
-        protocol: 'http',
-        port: 80
-      };
-    } catch (error) {
-      // Extraction failed
-      return null;
-    }
-  }
-  
-  /**
-   * Try to extract domain from any protocol
-   */
-  static extractDomain(data: Buffer, hint?: TProtocolType): string | null {
-    // If we have a hint, use it
-    if (hint) {
-      const routing = this.extract(data, hint);
-      return routing?.domain || null;
-    }
-    
-    // Try TLS first (more specific)
-    const tlsRouting = this.extractTlsRouting(data);
-    if (tlsRouting?.domain) {
-      return tlsRouting.domain;
-    }
-    
-    // Try HTTP
-    const httpRouting = this.extractHttpRouting(data);
-    if (httpRouting?.domain) {
-      return httpRouting.domain;
-    }
-    
-    return null;
-  }
-}

package/ts/detection/detectors/tls-detector.ts

@@ -1,223 +0,0 @@
-/**
- * TLS protocol detector
- */
-
-// TLS detector doesn't need plugins imports
-import type { IProtocolDetector } from '../models/interfaces.js';
-import type { IDetectionResult, IDetectionOptions, IConnectionInfo } from '../models/detection-types.js';
-import { readUInt16BE } from '../utils/buffer-utils.js';
-import { tlsVersionToString } from '../utils/parser-utils.js';
-
-// Import from protocols
-import { TlsRecordType, TlsHandshakeType, TlsExtensionType } from '../../protocols/tls/index.js';
-
-// Import TLS utilities for SNI extraction from protocols
-import { SniExtraction } from '../../protocols/tls/sni/sni-extraction.js';
-import { ClientHelloParser } from '../../protocols/tls/sni/client-hello-parser.js';
-
-/**
- * TLS detector implementation
- */
-export class TlsDetector implements IProtocolDetector {
-  /**
-   * Minimum bytes needed to identify TLS (record header)
-   */
-  private static readonly MIN_TLS_HEADER_SIZE = 5;
-  
-  
-  /**
-   * Detect TLS protocol from buffer
-   */
-  detect(buffer: Buffer, options?: IDetectionOptions): IDetectionResult | null {
-    // Check if buffer is too small
-    if (buffer.length < TlsDetector.MIN_TLS_HEADER_SIZE) {
-      return null;
-    }
-    
-    // Check if this is a TLS record
-    if (!this.isTlsRecord(buffer)) {
-      return null;
-    }
-    
-    // Extract basic TLS info
-    const recordType = buffer[0];
-    const tlsMajor = buffer[1];
-    const tlsMinor = buffer[2];
-    const recordLength = readUInt16BE(buffer, 3);
-    
-    // Initialize connection info
-    const connectionInfo: IConnectionInfo = {
-      protocol: 'tls',
-      tlsVersion: tlsVersionToString(tlsMajor, tlsMinor) || undefined
-    };
-    
-    // If it's a handshake, try to extract more info
-    if (recordType === TlsRecordType.HANDSHAKE && buffer.length >= 6) {
-      const handshakeType = buffer[5];
-      
-      // For ClientHello, extract SNI and other info
-      if (handshakeType === TlsHandshakeType.CLIENT_HELLO) {
-        // Check if we have the complete handshake
-        const totalRecordLength = recordLength + 5; // Including TLS header
-        if (buffer.length >= totalRecordLength) {
-          // Extract SNI using existing logic
-          const sni = SniExtraction.extractSNI(buffer);
-          if (sni) {
-            connectionInfo.domain = sni;
-            connectionInfo.sni = sni;
-          }
-          
-          // Parse ClientHello for additional info
-          const parseResult = ClientHelloParser.parseClientHello(buffer);
-          if (parseResult.isValid) {
-            // Extract ALPN if present
-            const alpnExtension = parseResult.extensions.find(
-              ext => ext.type === TlsExtensionType.APPLICATION_LAYER_PROTOCOL_NEGOTIATION
-            );
-            
-            if (alpnExtension) {
-              connectionInfo.alpn = this.parseAlpnExtension(alpnExtension.data);
-            }
-            
-            // Store cipher suites if needed
-            if (parseResult.cipherSuites && options?.extractFullHeaders) {
-              connectionInfo.cipherSuites = this.parseCipherSuites(parseResult.cipherSuites);
-            }
-          }
-          
-          // Return complete result
-          return {
-            protocol: 'tls',
-            connectionInfo,
-            remainingBuffer: buffer.length > totalRecordLength 
-              ? buffer.subarray(totalRecordLength) 
-              : undefined,
-            isComplete: true
-          };
-        } else {
-          // Incomplete handshake
-          return {
-            protocol: 'tls',
-            connectionInfo,
-            isComplete: false,
-            bytesNeeded: totalRecordLength
-          };
-        }
-      }
-    }
-    
-    // For other TLS record types, just return basic info
-    return {
-      protocol: 'tls',
-      connectionInfo,
-      isComplete: true,
-      remainingBuffer: buffer.length > recordLength + 5 
-        ? buffer.subarray(recordLength + 5) 
-        : undefined
-    };
-  }
-  
-  /**
-   * Check if buffer can be handled by this detector
-   */
-  canHandle(buffer: Buffer): boolean {
-    return buffer.length >= TlsDetector.MIN_TLS_HEADER_SIZE && 
-           this.isTlsRecord(buffer);
-  }
-  
-  /**
-   * Get minimum bytes needed for detection
-   */
-  getMinimumBytes(): number {
-    return TlsDetector.MIN_TLS_HEADER_SIZE;
-  }
-  
-  /**
-   * Check if buffer contains a valid TLS record
-   */
-  private isTlsRecord(buffer: Buffer): boolean {
-    const recordType = buffer[0];
-    
-    // Check for valid record type
-    const validTypes = [
-      TlsRecordType.CHANGE_CIPHER_SPEC,
-      TlsRecordType.ALERT,
-      TlsRecordType.HANDSHAKE,
-      TlsRecordType.APPLICATION_DATA,
-      TlsRecordType.HEARTBEAT
-    ];
-    
-    if (!validTypes.includes(recordType)) {
-      return false;
-    }
-    
-    // Check TLS version bytes (should be 0x03 0x0X)
-    if (buffer[1] !== 0x03) {
-      return false;
-    }
-    
-    // Check record length is reasonable
-    const recordLength = readUInt16BE(buffer, 3);
-    if (recordLength > 16384) { // Max TLS record size
-      return false;
-    }
-    
-    return true;
-  }
-  
-  /**
-   * Parse ALPN extension data
-   */
-  private parseAlpnExtension(data: Buffer): string[] {
-    const protocols: string[] = [];
-    
-    if (data.length < 2) {
-      return protocols;
-    }
-    
-    const listLength = readUInt16BE(data, 0);
-    let offset = 2;
-    
-    while (offset < Math.min(2 + listLength, data.length)) {
-      const protoLength = data[offset];
-      offset++;
-      
-      if (offset + protoLength <= data.length) {
-        const protocol = data.subarray(offset, offset + protoLength).toString('ascii');
-        protocols.push(protocol);
-        offset += protoLength;
-      } else {
-        break;
-      }
-    }
-    
-    return protocols;
-  }
-  
-  /**
-   * Parse cipher suites
-   */
-  private parseCipherSuites(cipherData: Buffer): number[] {
-    const suites: number[] = [];
-    
-    for (let i = 0; i < cipherData.length - 1; i += 2) {
-      const suite = readUInt16BE(cipherData, i);
-      suites.push(suite);
-    }
-    
-    return suites;
-  }
-  
-  /**
-   * Detect with context for fragmented data
-   */
-  detectWithContext(
-    buffer: Buffer,
-    _context: { sourceIp?: string; sourcePort?: number; destIp?: string; destPort?: number },
-    options?: IDetectionOptions
-  ): IDetectionResult | null {
-    // This method is deprecated - TLS detection should use the fragment manager
-    // from the parent detector system, not maintain its own fragments
-    return this.detect(buffer, options);
-  }
-}

package/ts/detection/index.ts

@@ -1,25 +0,0 @@
-/**
- * Centralized Protocol Detection Module
- * 
- * This module provides unified protocol detection capabilities for
- * both TLS and HTTP protocols, extracting connection information
- * without consuming the data stream.
- */
-
-// Main detector
-export * from './protocol-detector.js';
-
-// Models
-export * from './models/detection-types.js';
-export * from './models/interfaces.js';
-
-// Individual detectors
-export * from './detectors/tls-detector.js';
-export * from './detectors/http-detector.js';
-export * from './detectors/quick-detector.js';
-export * from './detectors/routing-extractor.js';
-
-// Utilities
-export * from './utils/buffer-utils.js';
-export * from './utils/parser-utils.js';
-export * from './utils/fragment-manager.js';