@push.rocks/smartproxy 26.2.4 → 27.0.0

package/ts/proxies/smart-proxy/utils/route-helpers/nftables-helpers.ts

@@ -1,202 +0,0 @@
-/**
- * NFTables Route Helper Functions
- *
- * This module provides utility functions for creating NFTables-based route configurations
- * for high-performance packet forwarding at the kernel level.
- */
-
-import type { IRouteConfig, IRouteMatch, IRouteAction, TPortRange } from '../../models/route-types.js';
-import { createHttpToHttpsRedirect } from './https-helpers.js';
-
-/**
- * Create an NFTables-based route for high-performance packet forwarding
- * @param nameOrDomains Name or domain(s) to match
- * @param target Target host and port
- * @param options Additional route options
- * @returns Route configuration object
- */
-export function createNfTablesRoute(
-  nameOrDomains: string | string[],
-  target: { host: string; port: number | 'preserve' },
-  options: {
-    ports?: TPortRange;
-    protocol?: 'tcp' | 'udp' | 'all';
-    preserveSourceIP?: boolean;
-    ipAllowList?: string[];
-    ipBlockList?: string[];
-    maxRate?: string;
-    priority?: number;
-    useTls?: boolean;
-    tableName?: string;
-    useIPSets?: boolean;
-    useAdvancedNAT?: boolean;
-  } = {}
-): IRouteConfig {
-  // Determine if this is a name or domain
-  let name: string;
-  let domains: string | string[] | undefined;
-
-  if (Array.isArray(nameOrDomains) || (typeof nameOrDomains === 'string' && nameOrDomains.includes('.'))) {
-    domains = nameOrDomains;
-    name = Array.isArray(nameOrDomains) ? nameOrDomains[0] : nameOrDomains;
-  } else {
-    name = nameOrDomains;
-    domains = undefined; // No domains
-  }
-
-  // Create route match
-  const match: IRouteMatch = {
-    domains,
-    ports: options.ports || 80
-  };
-
-  // Create route action
-  const action: IRouteAction = {
-    type: 'forward',
-    targets: [{
-      host: target.host,
-      port: target.port
-    }],
-    forwardingEngine: 'nftables',
-    nftables: {
-      protocol: options.protocol || 'tcp',
-      preserveSourceIP: options.preserveSourceIP,
-      maxRate: options.maxRate,
-      priority: options.priority,
-      tableName: options.tableName,
-      useIPSets: options.useIPSets,
-      useAdvancedNAT: options.useAdvancedNAT
-    }
-  };
-
-  // Add TLS options if needed
-  if (options.useTls) {
-    action.tls = {
-      mode: 'passthrough'
-    };
-  }
-
-  // Create the route config
-  const routeConfig: IRouteConfig = {
-    name,
-    match,
-    action
-  };
-
-  // Add security if allowed or blocked IPs are specified
-  if (options.ipAllowList?.length || options.ipBlockList?.length) {
-    routeConfig.security = {
-      ipAllowList: options.ipAllowList,
-      ipBlockList: options.ipBlockList
-    };
-  }
-
-  return routeConfig;
-}
-
-/**
- * Create an NFTables-based TLS termination route
- * @param nameOrDomains Name or domain(s) to match
- * @param target Target host and port
- * @param options Additional route options
- * @returns Route configuration object
- */
-export function createNfTablesTerminateRoute(
-  nameOrDomains: string | string[],
-  target: { host: string; port: number | 'preserve' },
-  options: {
-    ports?: TPortRange;
-    protocol?: 'tcp' | 'udp' | 'all';
-    preserveSourceIP?: boolean;
-    ipAllowList?: string[];
-    ipBlockList?: string[];
-    maxRate?: string;
-    priority?: number;
-    tableName?: string;
-    useIPSets?: boolean;
-    useAdvancedNAT?: boolean;
-    certificate?: 'auto' | { key: string; cert: string };
-  } = {}
-): IRouteConfig {
-  // Create basic NFTables route
-  const route = createNfTablesRoute(
-    nameOrDomains,
-    target,
-    {
-      ...options,
-      ports: options.ports || 443,
-      useTls: false
-    }
-  );
-
-  // Set TLS termination
-  route.action.tls = {
-    mode: 'terminate',
-    certificate: options.certificate || 'auto'
-  };
-
-  return route;
-}
-
-/**
- * Create a complete NFTables-based HTTPS setup with HTTP redirect
- * @param nameOrDomains Name or domain(s) to match
- * @param target Target host and port
- * @param options Additional route options
- * @returns Array of two route configurations (HTTPS and HTTP redirect)
- */
-export function createCompleteNfTablesHttpsServer(
-  nameOrDomains: string | string[],
-  target: { host: string; port: number | 'preserve' },
-  options: {
-    httpPort?: TPortRange;
-    httpsPort?: TPortRange;
-    protocol?: 'tcp' | 'udp' | 'all';
-    preserveSourceIP?: boolean;
-    ipAllowList?: string[];
-    ipBlockList?: string[];
-    maxRate?: string;
-    priority?: number;
-    tableName?: string;
-    useIPSets?: boolean;
-    useAdvancedNAT?: boolean;
-    certificate?: 'auto' | { key: string; cert: string };
-  } = {}
-): IRouteConfig[] {
-  // Create the HTTPS route using NFTables
-  const httpsRoute = createNfTablesTerminateRoute(
-    nameOrDomains,
-    target,
-    {
-      ...options,
-      ports: options.httpsPort || 443
-    }
-  );
-
-  // Determine the domain(s) for HTTP redirect
-  const domains = typeof nameOrDomains === 'string' && !nameOrDomains.includes('.')
-    ? undefined
-    : nameOrDomains;
-
-  // Extract the HTTPS port for the redirect destination
-  const httpsPort = typeof options.httpsPort === 'number'
-    ? options.httpsPort
-    : Array.isArray(options.httpsPort) && typeof options.httpsPort[0] === 'number'
-      ? options.httpsPort[0]
-      : 443;
-
-  // Create the HTTP redirect route (this uses standard forwarding, not NFTables)
-  const httpRedirectRoute = createHttpToHttpsRedirect(
-    domains as any, // Type cast needed since domains can be undefined now
-    httpsPort,
-    {
-      match: {
-        ports: options.httpPort || 80,
-        domains: domains as any // Type cast needed since domains can be undefined now
-      },
-      name: `HTTP to HTTPS Redirect for ${Array.isArray(domains) ? domains.join(', ') : domains || 'all domains'}`
-    }
-  );
-
-  return [httpsRoute, httpRedirectRoute];
-}

package/ts/proxies/smart-proxy/utils/route-helpers/security-helpers.ts

@@ -1,96 +0,0 @@
-/**
- * Security Route Helper Functions
- *
- * This module provides utility functions for adding security features to routes.
- */
-
-import type { IRouteConfig } from '../../models/route-types.js';
-import { mergeRouteConfigs } from '../route-utils.js';
-
-/**
- * Create a rate limiting route pattern
- * @param baseRoute Base route to add rate limiting to
- * @param rateLimit Rate limiting configuration
- * @returns Route with rate limiting
- */
-export function addRateLimiting(
-  baseRoute: IRouteConfig,
-  rateLimit: {
-    maxRequests: number;
-    window: number; // Time window in seconds
-    keyBy?: 'ip' | 'path' | 'header';
-    headerName?: string; // Required if keyBy is 'header'
-    errorMessage?: string;
-  }
-): IRouteConfig {
-  return mergeRouteConfigs(baseRoute, {
-    security: {
-      rateLimit: {
-        enabled: true,
-        maxRequests: rateLimit.maxRequests,
-        window: rateLimit.window,
-        keyBy: rateLimit.keyBy || 'ip',
-        headerName: rateLimit.headerName,
-        errorMessage: rateLimit.errorMessage || 'Rate limit exceeded. Please try again later.'
-      }
-    }
-  });
-}
-
-/**
- * Create a basic authentication route pattern
- * @param baseRoute Base route to add authentication to
- * @param auth Authentication configuration
- * @returns Route with basic authentication
- */
-export function addBasicAuth(
-  baseRoute: IRouteConfig,
-  auth: {
-    users: Array<{ username: string; password: string }>;
-    realm?: string;
-    excludePaths?: string[];
-  }
-): IRouteConfig {
-  return mergeRouteConfigs(baseRoute, {
-    security: {
-      basicAuth: {
-        enabled: true,
-        users: auth.users,
-        realm: auth.realm || 'Restricted Area',
-        excludePaths: auth.excludePaths || []
-      }
-    }
-  });
-}
-
-/**
- * Create a JWT authentication route pattern
- * @param baseRoute Base route to add JWT authentication to
- * @param jwt JWT authentication configuration
- * @returns Route with JWT authentication
- */
-export function addJwtAuth(
-  baseRoute: IRouteConfig,
-  jwt: {
-    secret: string;
-    algorithm?: string;
-    issuer?: string;
-    audience?: string;
-    expiresIn?: number; // Time in seconds
-    excludePaths?: string[];
-  }
-): IRouteConfig {
-  return mergeRouteConfigs(baseRoute, {
-    security: {
-      jwtAuth: {
-        enabled: true,
-        secret: jwt.secret,
-        algorithm: jwt.algorithm || 'HS256',
-        issuer: jwt.issuer,
-        audience: jwt.audience,
-        expiresIn: jwt.expiresIn,
-        excludePaths: jwt.excludePaths || []
-      }
-    }
-  });
-}

package/ts/proxies/smart-proxy/utils/route-helpers/websocket-helpers.ts

@@ -1,98 +0,0 @@
-/**
- * WebSocket Route Helper Functions
- *
- * This module provides utility functions for creating WebSocket route configurations.
- */
-
-import type { IRouteConfig, IRouteMatch, IRouteAction } from '../../models/route-types.js';
-
-/**
- * Create a WebSocket route configuration
- * @param domains Domain(s) to match
- * @param targetOrPath Target server OR WebSocket path (legacy)
- * @param targetOrOptions Target server (legacy) OR options
- * @param options Additional route options (legacy)
- * @returns Route configuration object
- */
-export function createWebSocketRoute(
-  domains: string | string[],
-  targetOrPath: { host: string | string[]; port: number } | string,
-  targetOrOptions?: { host: string | string[]; port: number } | {
-    useTls?: boolean;
-    certificate?: 'auto' | { key: string; cert: string };
-    path?: string;
-    httpPort?: number | number[];
-    httpsPort?: number | number[];
-    pingInterval?: number;
-    pingTimeout?: number;
-    name?: string;
-    [key: string]: any;
-  },
-  options?: {
-    useTls?: boolean;
-    certificate?: 'auto' | { key: string; cert: string };
-    httpPort?: number | number[];
-    httpsPort?: number | number[];
-    pingInterval?: number;
-    pingTimeout?: number;
-    name?: string;
-    [key: string]: any;
-  }
-): IRouteConfig {
-  // Handle different signatures
-  let target: { host: string | string[]; port: number };
-  let wsPath: string;
-  let finalOptions: any;
-
-  if (typeof targetOrPath === 'string') {
-    // Legacy signature: (domains, path, target, options)
-    wsPath = targetOrPath;
-    target = targetOrOptions as { host: string | string[]; port: number };
-    finalOptions = options || {};
-  } else {
-    // New signature: (domains, target, options)
-    target = targetOrPath;
-    finalOptions = (targetOrOptions as any) || {};
-    wsPath = finalOptions.path || '/ws';
-  }
-
-  // Normalize WebSocket path
-  const normalizedPath = wsPath.startsWith('/') ? wsPath : `/${wsPath}`;
-
-  // Create route match
-  const match: IRouteMatch = {
-    ports: finalOptions.useTls
-      ? (finalOptions.httpsPort || 443)
-      : (finalOptions.httpPort || 80),
-    domains,
-    path: normalizedPath
-  };
-
-  // Create route action
-  const action: IRouteAction = {
-    type: 'forward',
-    targets: [target],
-    websocket: {
-      enabled: true,
-      pingInterval: finalOptions.pingInterval || 30000, // 30 seconds
-      pingTimeout: finalOptions.pingTimeout || 5000    // 5 seconds
-    }
-  };
-
-  // Add TLS configuration if using HTTPS
-  if (finalOptions.useTls) {
-    action.tls = {
-      mode: 'terminate',
-      certificate: finalOptions.certificate || 'auto'
-    };
-  }
-
-  // Create the route config
-  return {
-    match,
-    action,
-    name: finalOptions.name || `WebSocket Route ${normalizedPath} for ${Array.isArray(domains) ? domains.join(', ') : domains}`,
-    priority: finalOptions.priority || 100, // Higher priority for WebSocket routes
-    ...finalOptions
-  };
-}

package/ts/proxies/smart-proxy/utils/route-helpers.ts

@@ -1,11 +0,0 @@
-/**
- * Route Helper Functions
- *
- * This file re-exports all route helper functions for backwards compatibility.
- * The actual implementations have been split into focused modules in the route-helpers/ directory.
- *
- * @see ./route-helpers/index.ts for the modular exports
- */
-
-// Re-export everything from the modular helpers
-export * from './route-helpers/index.js';