@push.rocks/smartproxy 5.0.0 → 6.0.0

package/ts/{classes.port80handler.ts → port80handler/classes.port80handler.ts}

@@ -1,5 +1,7 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import { IncomingMessage, ServerResponse } from 'http';
+import * as fs from 'fs';
+import * as path from 'path';
 
 /**
  * Custom error classes for better error handling
@@ -73,6 +75,10 @@ interface IPort80HandlerOptions {
   renewThresholdDays?: number;
   httpsRedirectPort?: number;
   renewCheckIntervalHours?: number;
+  enabled?: boolean; // Whether ACME is enabled at all
+  autoRenew?: boolean; // Whether to automatically renew certificates
+  certificateStore?: string; // Directory to store certificates
+  skipConfiguredCerts?: boolean; // Skip domains that already have certificates
 }
 
 /**
@@ -145,6 +151,10 @@ export class Port80Handler extends plugins.EventEmitter {
       renewThresholdDays: options.renewThresholdDays ?? 10, // Changed to 10 days as per requirements
       httpsRedirectPort: options.httpsRedirectPort ?? 443,
       renewCheckIntervalHours: options.renewCheckIntervalHours ?? 24,
+      enabled: options.enabled ?? true, // Enable by default
+      autoRenew: options.autoRenew ?? true, // Auto-renew by default
+      certificateStore: options.certificateStore ?? './certs', // Default store location
+      skipConfiguredCerts: options.skipConfiguredCerts ?? false
     };
   }
 
@@ -160,8 +170,19 @@ export class Port80Handler extends plugins.EventEmitter {
       throw new ServerError('Server is shutting down');
     }
 
+    // Skip if disabled
+    if (this.options.enabled === false) {
+      console.log('Port80Handler is disabled, skipping start');
+      return;
+    }
+
     return new Promise((resolve, reject) => {
       try {
+        // Load certificates from store if enabled
+        if (this.options.certificateStore) {
+          this.loadCertificatesFromStore();
+        }
+        
         this.server = plugins.http.createServer((req, res) => this.handleRequest(req, res));
         
         this.server.on('error', (error: NodeJS.ErrnoException) => {
@@ -332,6 +353,11 @@ export class Port80Handler extends plugins.EventEmitter {
     
     console.log(`Certificate set for ${domain}`);
     
+    // Save certificate to store if enabled
+    if (this.options.certificateStore) {
+      this.saveCertificateToStore(domain, certificate, privateKey);
+    }
+    
     // Emit certificate event
     this.emitCertificateEvent(Port80HandlerEvents.CERTIFICATE_ISSUED, {
       domain,
@@ -365,6 +391,135 @@ export class Port80Handler extends plugins.EventEmitter {
     };
   }
 
+  /**
+   * Saves a certificate to the filesystem store
+   * @param domain The domain for the certificate
+   * @param certificate The certificate (PEM format)
+   * @param privateKey The private key (PEM format)
+   * @private
+   */
+  private saveCertificateToStore(domain: string, certificate: string, privateKey: string): void {
+    // Skip if certificate store is not enabled
+    if (!this.options.certificateStore) return;
+    
+    try {
+      const storePath = this.options.certificateStore;
+      
+      // Ensure the directory exists
+      if (!fs.existsSync(storePath)) {
+        fs.mkdirSync(storePath, { recursive: true });
+        console.log(`Created certificate store directory: ${storePath}`);
+      }
+      
+      const certPath = path.join(storePath, `${domain}.cert.pem`);
+      const keyPath = path.join(storePath, `${domain}.key.pem`);
+      
+      // Write certificate and private key files
+      fs.writeFileSync(certPath, certificate);
+      fs.writeFileSync(keyPath, privateKey);
+      
+      // Set secure permissions for private key
+      try {
+        fs.chmodSync(keyPath, 0o600);
+      } catch (err) {
+        console.log(`Warning: Could not set secure permissions on ${keyPath}`);
+      }
+      
+      console.log(`Saved certificate for ${domain} to ${certPath}`);
+    } catch (err) {
+      console.error(`Error saving certificate for ${domain}:`, err);
+    }
+  }
+
+  /**
+   * Loads certificates from the certificate store
+   * @private
+   */
+  private loadCertificatesFromStore(): void {
+    if (!this.options.certificateStore) return;
+    
+    try {
+      const storePath = this.options.certificateStore;
+      
+      // Ensure the directory exists
+      if (!fs.existsSync(storePath)) {
+        fs.mkdirSync(storePath, { recursive: true });
+        console.log(`Created certificate store directory: ${storePath}`);
+        return;
+      }
+      
+      // Get list of certificate files
+      const files = fs.readdirSync(storePath);
+      const certFiles = files.filter(file => file.endsWith('.cert.pem'));
+      
+      // Load each certificate
+      for (const certFile of certFiles) {
+        const domain = certFile.replace('.cert.pem', '');
+        const keyFile = `${domain}.key.pem`;
+        
+        // Skip if key file doesn't exist
+        if (!files.includes(keyFile)) {
+          console.log(`Warning: Found certificate for ${domain} but no key file`);
+          continue;
+        }
+        
+        // Skip if we should skip configured certs
+        if (this.options.skipConfiguredCerts) {
+          const domainInfo = this.domainCertificates.get(domain);
+          if (domainInfo && domainInfo.certObtained) {
+            console.log(`Skipping already configured certificate for ${domain}`);
+            continue;
+          }
+        }
+        
+        // Load certificate and key
+        try {
+          const certificate = fs.readFileSync(path.join(storePath, certFile), 'utf8');
+          const privateKey = fs.readFileSync(path.join(storePath, keyFile), 'utf8');
+          
+          // Extract expiry date
+          let expiryDate: Date | undefined;
+          try {
+            const matches = certificate.match(/Not After\s*:\s*(.*?)(?:\n|$)/i);
+            if (matches && matches[1]) {
+              expiryDate = new Date(matches[1]);
+            }
+          } catch (err) {
+            console.log(`Warning: Could not extract expiry date from certificate for ${domain}`);
+          }
+          
+          // Check if domain is already registered
+          let domainInfo = this.domainCertificates.get(domain);
+          if (!domainInfo) {
+            // Register domain if not already registered
+            domainInfo = {
+              options: {
+                domainName: domain,
+                sslRedirect: true,
+                acmeMaintenance: true
+              },
+              certObtained: false,
+              obtainingInProgress: false
+            };
+            this.domainCertificates.set(domain, domainInfo);
+          }
+          
+          // Set certificate
+          domainInfo.certificate = certificate;
+          domainInfo.privateKey = privateKey;
+          domainInfo.certObtained = true;
+          domainInfo.expiryDate = expiryDate;
+          
+          console.log(`Loaded certificate for ${domain} from store, valid until ${expiryDate?.toISOString() || 'unknown'}`);
+        } catch (err) {
+          console.error(`Error loading certificate for ${domain}:`, err);
+        }
+      }
+    } catch (err) {
+      console.error('Error loading certificates from store:', err);
+    }
+  }
+
   /**
    * Check if a domain is a glob pattern
    * @param domain Domain to check
@@ -710,6 +865,11 @@ export class Port80Handler extends plugins.EventEmitter {
 
       console.log(`Certificate ${isRenewal ? 'renewed' : 'obtained'} for ${domain}`);
       
+      // Save the certificate to the store if enabled
+      if (this.options.certificateStore) {
+        this.saveCertificateToStore(domain, certificate, privateKey);
+      }
+      
       // Emit the appropriate event
       const eventType = isRenewal 
         ? Port80HandlerEvents.CERTIFICATE_RENEWED 
@@ -834,6 +994,12 @@ export class Port80Handler extends plugins.EventEmitter {
       return;
     }
     
+    // Skip renewal if auto-renewal is disabled
+    if (this.options.autoRenew === false) {
+      console.log('Auto-renewal is disabled, skipping certificate renewal check');
+      return;
+    }
+    
     console.log('Checking for certificates that need renewal...');
     
     const now = new Date();
@@ -928,4 +1094,86 @@ export class Port80Handler extends plugins.EventEmitter {
   private emitCertificateEvent(eventType: Port80HandlerEvents, data: ICertificateData): void {
     this.emit(eventType, data);
   }
+  
+  /**
+   * Gets all domains and their certificate status
+   * @returns Map of domains to certificate status
+   */
+  public getDomainCertificateStatus(): Map<string, {
+    certObtained: boolean;
+    expiryDate?: Date;
+    daysRemaining?: number;
+    obtainingInProgress: boolean;
+    lastRenewalAttempt?: Date;
+  }> {
+    const result = new Map<string, {
+      certObtained: boolean;
+      expiryDate?: Date;
+      daysRemaining?: number;
+      obtainingInProgress: boolean;
+      lastRenewalAttempt?: Date;
+    }>();
+    
+    const now = new Date();
+    
+    for (const [domain, domainInfo] of this.domainCertificates.entries()) {
+      // Skip glob patterns
+      if (this.isGlobPattern(domain)) continue;
+      
+      const status: {
+        certObtained: boolean;
+        expiryDate?: Date;
+        daysRemaining?: number;
+        obtainingInProgress: boolean;
+        lastRenewalAttempt?: Date;
+      } = {
+        certObtained: domainInfo.certObtained,
+        expiryDate: domainInfo.expiryDate,
+        obtainingInProgress: domainInfo.obtainingInProgress,
+        lastRenewalAttempt: domainInfo.lastRenewalAttempt
+      };
+      
+      // Calculate days remaining if expiry date is available
+      if (domainInfo.expiryDate) {
+        const daysRemaining = Math.ceil(
+          (domainInfo.expiryDate.getTime() - now.getTime()) / (24 * 60 * 60 * 1000)
+        );
+        status.daysRemaining = daysRemaining;
+      }
+      
+      result.set(domain, status);
+    }
+    
+    return result;
+  }
+  
+  /**
+   * Gets information about managed domains
+   * @returns Array of domain information
+   */
+  public getManagedDomains(): Array<{
+    domain: string;
+    isGlobPattern: boolean;
+    hasCertificate: boolean;
+    hasForwarding: boolean;
+    sslRedirect: boolean;
+    acmeMaintenance: boolean;
+  }> {
+    return Array.from(this.domainCertificates.entries()).map(([domain, info]) => ({
+      domain,
+      isGlobPattern: this.isGlobPattern(domain),
+      hasCertificate: info.certObtained,
+      hasForwarding: !!info.options.forward,
+      sslRedirect: info.options.sslRedirect,
+      acmeMaintenance: info.options.acmeMaintenance
+    }));
+  }
+  
+  /**
+   * Gets configuration details
+   * @returns Current configuration
+   */
+  public getConfig(): Required<IPort80HandlerOptions> {
+    return { ...this.options };
+  }
 }

package/ts/{classes.pp.connectionhandler.ts → smartproxy/classes.pp.connectionhandler.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import type {
   IConnectionRecord,
   IDomainConfig,

package/ts/{classes.pp.connectionmanager.ts → smartproxy/classes.pp.connectionmanager.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import type { IConnectionRecord, IPortProxySettings } from './classes.pp.interfaces.js';
 import { SecurityManager } from './classes.pp.securitymanager.js';
 import { TimeoutManager } from './classes.pp.timeoutmanager.js';

package/ts/{classes.pp.domainconfigmanager.ts → smartproxy/classes.pp.domainconfigmanager.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import type { IDomainConfig, IPortProxySettings } from './classes.pp.interfaces.js';
 
 /**

package/ts/{classes.pp.interfaces.ts → smartproxy/classes.pp.interfaces.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 
 /** Domain configuration with per-domain allowed port ranges */
 export interface IDomainConfig {
@@ -78,16 +78,42 @@ export interface IPortProxySettings {
   useNetworkProxy?: number[]; // Array of ports to forward to NetworkProxy
   networkProxyPort?: number; // Port where NetworkProxy is listening (default: 8443)
 
-  // ACME certificate management options
-  acme?: {
+  // Port80Handler configuration (replaces ACME configuration)
+  port80HandlerConfig?: {
     enabled?: boolean; // Whether to enable automatic certificate management
-    port?: number; // Port to listen on for ACME challenges (default: 80)
+    port?: number; // Port to listen on for ACME challenges (default: 80) 
     contactEmail?: string; // Email for Let's Encrypt account
     useProduction?: boolean; // Whether to use Let's Encrypt production (default: false for staging)
     renewThresholdDays?: number; // Days before expiry to renew certificates (default: 30)
     autoRenew?: boolean; // Whether to automatically renew certificates (default: true)
     certificateStore?: string; // Directory to store certificates (default: ./certs)
-    skipConfiguredCerts?: boolean; // Skip domains that already have certificates configured
+    skipConfiguredCerts?: boolean; // Skip domains that already have certificates
+    httpsRedirectPort?: number; // Port to redirect HTTP requests to HTTPS (default: 443)
+    renewCheckIntervalHours?: number; // How often to check for renewals (default: 24)
+    // Domain-specific forwarding configurations
+    domainForwards?: Array<{
+      domain: string;
+      forwardConfig?: {
+        ip: string;
+        port: number;
+      };
+      acmeForwardConfig?: {
+        ip: string;
+        port: number;
+      };
+    }>;
+  };
+  
+  // Legacy ACME configuration (deprecated, use port80HandlerConfig instead)
+  acme?: {
+    enabled?: boolean;
+    port?: number;
+    contactEmail?: string;
+    useProduction?: boolean;
+    renewThresholdDays?: number;
+    autoRenew?: boolean;
+    certificateStore?: string;
+    skipConfiguredCerts?: boolean;
   };
 }
 

package/ts/{classes.pp.networkproxybridge.ts → smartproxy/classes.pp.networkproxybridge.ts}

@@ -1,5 +1,6 @@
-import * as plugins from './plugins.js';
-import { NetworkProxy } from './classes.networkproxy.js';
+import * as plugins from '../plugins.js';
+import { NetworkProxy } from '../networkproxy/classes.np.networkproxy.js';
+import { Port80Handler, Port80HandlerEvents, type ICertificateData } from '../port80handler/classes.port80handler.js';
 import type { IConnectionRecord, IPortProxySettings, IDomainConfig } from './classes.pp.interfaces.js';
 
 /**
@@ -7,9 +8,28 @@ import type { IConnectionRecord, IPortProxySettings, IDomainConfig } from './cla
  */
 export class NetworkProxyBridge {
   private networkProxy: NetworkProxy | null = null;
+  private port80Handler: Port80Handler | null = null;
   
   constructor(private settings: IPortProxySettings) {}
   
+  /**
+   * Set the Port80Handler to use for certificate management
+   */
+  public setPort80Handler(handler: Port80Handler): void {
+    this.port80Handler = handler;
+    
+    // Register for certificate events
+    handler.on(Port80HandlerEvents.CERTIFICATE_ISSUED, this.handleCertificateEvent.bind(this));
+    handler.on(Port80HandlerEvents.CERTIFICATE_RENEWED, this.handleCertificateEvent.bind(this));
+    
+    // If NetworkProxy is already initialized, connect it with Port80Handler
+    if (this.networkProxy) {
+      this.networkProxy.setExternalPort80Handler(handler);
+    }
+    
+    console.log('Port80Handler connected to NetworkProxyBridge');
+  }
+  
   /**
    * Initialize NetworkProxy instance
    */
@@ -20,22 +40,61 @@ export class NetworkProxyBridge {
         port: this.settings.networkProxyPort!,
         portProxyIntegration: true,
         logLevel: this.settings.enableDetailedLogging ? 'debug' : 'info',
+        useExternalPort80Handler: !!this.port80Handler // Use Port80Handler if available
       };
 
-      // Add ACME settings if configured
-      if (this.settings.acme) {
+      // Copy ACME settings for backward compatibility (if port80HandlerConfig not set)
+      if (!this.settings.port80HandlerConfig && this.settings.acme) {
         networkProxyOptions.acme = { ...this.settings.acme };
       }
 
       this.networkProxy = new NetworkProxy(networkProxyOptions);
 
       console.log(`Initialized NetworkProxy on port ${this.settings.networkProxyPort}`);
+      
+      // Connect Port80Handler if available
+      if (this.port80Handler) {
+        this.networkProxy.setExternalPort80Handler(this.port80Handler);
+      }
 
       // Convert and apply domain configurations to NetworkProxy
       await this.syncDomainConfigsToNetworkProxy();
     }
   }
   
+  /**
+   * Handle certificate issuance or renewal events
+   */
+  private handleCertificateEvent(data: ICertificateData): void {
+    if (!this.networkProxy) return;
+    
+    console.log(`Received certificate for ${data.domain} from Port80Handler, updating NetworkProxy`);
+    
+    try {
+      // Find existing config for this domain
+      const existingConfigs = this.networkProxy.getProxyConfigs()
+        .filter(config => config.hostName === data.domain);
+      
+      if (existingConfigs.length > 0) {
+        // Update existing configs with new certificate
+        for (const config of existingConfigs) {
+          config.privateKey = data.privateKey;
+          config.publicKey = data.certificate;
+        }
+        
+        // Apply updated configs
+        this.networkProxy.updateProxyConfigs(existingConfigs)
+          .then(() => console.log(`Updated certificate for ${data.domain} in NetworkProxy`))
+          .catch(err => console.log(`Error updating certificate in NetworkProxy: ${err}`));
+      } else {
+        // Create a new config for this domain
+        console.log(`No existing config found for ${data.domain}, creating new config in NetworkProxy`);
+      }
+    } catch (err) {
+      console.log(`Error handling certificate event: ${err}`);
+    }
+  }
+  
   /**
    * Get the NetworkProxy instance
    */
@@ -57,22 +116,6 @@ export class NetworkProxyBridge {
     if (this.networkProxy) {
       await this.networkProxy.start();
       console.log(`NetworkProxy started on port ${this.settings.networkProxyPort}`);
-
-      // Log ACME status
-      if (this.settings.acme?.enabled) {
-        console.log(
-          `ACME certificate management is enabled (${
-            this.settings.acme.useProduction ? 'Production' : 'Staging'
-          } mode)`
-        );
-        console.log(`ACME HTTP challenge server on port ${this.settings.acme.port}`);
-
-        // Register domains for ACME certificates if enabled
-        if (this.networkProxy.options.acme?.enabled) {
-          console.log('Registering domains with ACME certificate manager...');
-          // The NetworkProxy will handle this internally via registerDomainsWithAcmeManager()
-        }
-      }
     }
   }
   
@@ -85,17 +128,43 @@ export class NetworkProxyBridge {
         console.log('Stopping NetworkProxy...');
         await this.networkProxy.stop();
         console.log('NetworkProxy stopped successfully');
-
-        // Log ACME shutdown if it was enabled
-        if (this.settings.acme?.enabled) {
-          console.log('ACME certificate manager stopped');
-        }
       } catch (err) {
         console.log(`Error stopping NetworkProxy: ${err}`);
       }
     }
   }
   
+  /**
+   * Register domains with Port80Handler
+   */
+  public registerDomainsWithPort80Handler(domains: string[]): void {
+    if (!this.port80Handler) {
+      console.log('Cannot register domains - Port80Handler not initialized');
+      return;
+    }
+    
+    for (const domain of domains) {
+      // Skip wildcards
+      if (domain.includes('*')) {
+        console.log(`Skipping wildcard domain for ACME: ${domain}`);
+        continue;
+      }
+      
+      // Register the domain
+      try {
+        this.port80Handler.addDomain({
+          domainName: domain,
+          sslRedirect: true,
+          acmeMaintenance: true
+        });
+        
+        console.log(`Registered domain with Port80Handler: ${domain}`);
+      } catch (err) {
+        console.log(`Error registering domain ${domain} with Port80Handler: ${err}`);
+      }
+    }
+  }
+  
   /**
    * Forwards a TLS connection to a NetworkProxy for handling
    */
@@ -207,14 +276,20 @@ export class NetworkProxyBridge {
         certPair
       );
 
-      // Log ACME-eligible domains if ACME is enabled
-      if (this.settings.acme?.enabled) {
+      // Log ACME-eligible domains
+      const acmeEnabled = this.settings.port80HandlerConfig?.enabled || this.settings.acme?.enabled;
+      if (acmeEnabled) {
         const acmeEligibleDomains = proxyConfigs
           .filter((config) => !config.hostName.includes('*')) // Exclude wildcards
           .map((config) => config.hostName);
 
         if (acmeEligibleDomains.length > 0) {
           console.log(`Domains eligible for ACME certificates: ${acmeEligibleDomains.join(', ')}`);
+          
+          // Register these domains with Port80Handler if available
+          if (this.port80Handler) {
+            this.registerDomainsWithPort80Handler(acmeEligibleDomains);
+          }
         } else {
           console.log('No domains eligible for ACME certificates found in configuration');
         }
@@ -232,12 +307,38 @@ export class NetworkProxyBridge {
    * Request a certificate for a specific domain
    */
   public async requestCertificate(domain: string): Promise<boolean> {
+    // Delegate to Port80Handler if available
+    if (this.port80Handler) {
+      try {
+        // Check if the domain is already registered
+        const cert = this.port80Handler.getCertificate(domain);
+        if (cert) {
+          console.log(`Certificate already exists for ${domain}`);
+          return true;
+        }
+        
+        // Register the domain for certificate issuance
+        this.port80Handler.addDomain({
+          domainName: domain,
+          sslRedirect: true,
+          acmeMaintenance: true
+        });
+        
+        console.log(`Domain ${domain} registered for certificate issuance`);
+        return true;
+      } catch (err) {
+        console.log(`Error requesting certificate: ${err}`);
+        return false;
+      }
+    }
+    
+    // Fall back to NetworkProxy if Port80Handler is not available
     if (!this.networkProxy) {
       console.log('Cannot request certificate - NetworkProxy not initialized');
       return false;
     }
 
-    if (!this.settings.acme?.enabled) {
+    if (!this.settings.port80HandlerConfig?.enabled && !this.settings.acme?.enabled) {
       console.log('Cannot request certificate - ACME is not enabled');
       return false;
     }

package/ts/{classes.pp.securitymanager.ts → smartproxy/classes.pp.securitymanager.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import type { IPortProxySettings } from './classes.pp.interfaces.js';
 
 /**

package/ts/{classes.pp.tlsmanager.ts → smartproxy/classes.pp.tlsmanager.ts}

@@ -1,4 +1,4 @@
-import * as plugins from './plugins.js';
+import * as plugins from '../plugins.js';
 import type { IPortProxySettings } from './classes.pp.interfaces.js';
 import { SniHandler } from './classes.pp.snihandler.js';