@serve.zone/dcrouter 13.21.1 → 13.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_serve/bundle.js +26 -4
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/classes.dcrouter.d.ts +6 -0
- package/dist_ts/classes.dcrouter.js +83 -5
- package/dist_ts/config/classes.route-config-manager.d.ts +1 -1
- package/dist_ts/config/classes.route-config-manager.js +2 -2
- package/dist_ts/db/documents/classes.ip-intelligence.doc.d.ts +25 -0
- package/dist_ts/db/documents/classes.ip-intelligence.doc.js +175 -0
- package/dist_ts/db/documents/classes.security-block-rule.doc.d.ts +17 -0
- package/dist_ts/db/documents/classes.security-block-rule.doc.js +124 -0
- package/dist_ts/db/documents/classes.security-policy-audit.doc.d.ts +11 -0
- package/dist_ts/db/documents/classes.security-policy-audit.doc.js +95 -0
- package/dist_ts/db/documents/index.d.ts +3 -0
- package/dist_ts/db/documents/index.js +4 -1
- package/dist_ts/monitoring/classes.metricsmanager.js +2 -1
- package/dist_ts/opsserver/handlers/config.handler.js +2 -1
- package/dist_ts/opsserver/handlers/remoteingress.handler.js +3 -1
- package/dist_ts/opsserver/handlers/security.handler.js +42 -1
- package/dist_ts/remoteingress/classes.remoteingress-manager.d.ts +10 -0
- package/dist_ts/remoteingress/classes.remoteingress-manager.js +9 -1
- package/dist_ts/remoteingress/classes.tunnel-manager.d.ts +3 -0
- package/dist_ts/remoteingress/classes.tunnel-manager.js +23 -5
- package/dist_ts/security/classes.security-policy-manager.d.ts +41 -0
- package/dist_ts/security/classes.security-policy-manager.js +283 -0
- package/dist_ts/security/index.d.ts +1 -0
- package/dist_ts/security/index.js +2 -1
- package/dist_ts_apiclient/classes.remoteingress.d.ts +2 -0
- package/dist_ts_apiclient/classes.remoteingress.js +7 -1
- package/dist_ts_interfaces/data/index.d.ts +1 -0
- package/dist_ts_interfaces/data/index.js +2 -1
- package/dist_ts_interfaces/data/remoteingress.d.ts +51 -0
- package/dist_ts_interfaces/data/security-policy.d.ts +32 -0
- package/dist_ts_interfaces/data/security-policy.js +2 -0
- package/dist_ts_interfaces/requests/config.d.ts +1 -0
- package/dist_ts_interfaces/requests/index.d.ts +1 -0
- package/dist_ts_interfaces/requests/index.js +2 -1
- package/dist_ts_interfaces/requests/security-policy.d.ts +64 -0
- package/dist_ts_interfaces/requests/security-policy.js +2 -0
- package/dist_ts_web/00_commitinfo_data.js +1 -1
- package/dist_ts_web/elements/network/ops-view-remoteingress.d.ts +5 -0
- package/dist_ts_web/elements/network/ops-view-remoteingress.js +69 -1
- package/package.json +3 -3
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/classes.dcrouter.ts +106 -6
- package/ts/config/classes.route-config-manager.ts +2 -2
- package/ts/db/documents/classes.ip-intelligence.doc.ts +75 -0
- package/ts/db/documents/classes.security-block-rule.doc.ts +52 -0
- package/ts/db/documents/classes.security-policy-audit.doc.ts +33 -0
- package/ts/db/documents/index.ts +3 -0
- package/ts/monitoring/classes.metricsmanager.ts +2 -0
- package/ts/opsserver/handlers/config.handler.ts +1 -0
- package/ts/opsserver/handlers/remoteingress.handler.ts +2 -0
- package/ts/opsserver/handlers/security.handler.ts +69 -0
- package/ts/remoteingress/classes.remoteingress-manager.ts +15 -2
- package/ts/remoteingress/classes.tunnel-manager.ts +25 -5
- package/ts/security/classes.security-policy-manager.ts +315 -0
- package/ts/security/index.ts +7 -1
- package/ts_apiclient/classes.remoteingress.ts +6 -0
- package/ts_web/00_commitinfo_data.ts +1 -1
- package/ts_web/elements/network/ops-view-remoteingress.ts +68 -0
|
@@ -8,6 +8,7 @@ export class TunnelManager {
|
|
|
8
8
|
config;
|
|
9
9
|
edgeStatuses = new Map();
|
|
10
10
|
reconcileInterval = null;
|
|
11
|
+
syncChain = Promise.resolve();
|
|
11
12
|
constructor(manager, config = {}) {
|
|
12
13
|
this.manager = manager;
|
|
13
14
|
this.config = config;
|
|
@@ -48,6 +49,7 @@ export class TunnelManager {
|
|
|
48
49
|
tunnelPort: this.config.tunnelPort ?? 8443,
|
|
49
50
|
targetHost: this.config.targetHost ?? '127.0.0.1',
|
|
50
51
|
tls: this.config.tls,
|
|
52
|
+
...(this.config.performance ? { performance: this.config.performance } : {}),
|
|
51
53
|
});
|
|
52
54
|
// Send allowed edges to the hub
|
|
53
55
|
await this.syncAllowedEdges();
|
|
@@ -84,6 +86,7 @@ export class TunnelManager {
|
|
|
84
86
|
if (existing) {
|
|
85
87
|
existing.activeTunnels = rustEdge.activeStreams;
|
|
86
88
|
existing.lastHeartbeat = Date.now();
|
|
89
|
+
this.applyRustStatus(existing, rustEdge);
|
|
87
90
|
// Update peer address if available from Rust hub
|
|
88
91
|
if (rustEdge.peerAddr) {
|
|
89
92
|
existing.publicIp = rustEdge.peerAddr;
|
|
@@ -91,14 +94,16 @@ export class TunnelManager {
|
|
|
91
94
|
}
|
|
92
95
|
else {
|
|
93
96
|
// Missed edgeConnected event — add entry
|
|
94
|
-
|
|
97
|
+
const status = {
|
|
95
98
|
edgeId: rustEdge.edgeId,
|
|
96
99
|
connected: true,
|
|
97
100
|
publicIp: rustEdge.peerAddr || null,
|
|
98
101
|
activeTunnels: rustEdge.activeStreams,
|
|
99
102
|
lastHeartbeat: Date.now(),
|
|
100
103
|
connectedAt: rustEdge.connectedAt * 1000,
|
|
101
|
-
}
|
|
104
|
+
};
|
|
105
|
+
this.applyRustStatus(status, rustEdge);
|
|
106
|
+
this.edgeStatuses.set(rustEdge.edgeId, status);
|
|
102
107
|
}
|
|
103
108
|
}
|
|
104
109
|
// Remove entries for edges no longer connected in Rust (missed edgeDisconnected)
|
|
@@ -113,8 +118,21 @@ export class TunnelManager {
|
|
|
113
118
|
* Call this after creating/deleting/updating edges.
|
|
114
119
|
*/
|
|
115
120
|
async syncAllowedEdges() {
|
|
116
|
-
const
|
|
117
|
-
|
|
121
|
+
const run = this.syncChain.catch(() => { }).then(async () => {
|
|
122
|
+
const edges = this.manager.getAllowedEdges();
|
|
123
|
+
await this.hub.updateAllowedEdges(edges);
|
|
124
|
+
});
|
|
125
|
+
this.syncChain = run;
|
|
126
|
+
await run;
|
|
127
|
+
}
|
|
128
|
+
applyRustStatus(status, rustEdge) {
|
|
129
|
+
status.transportMode = rustEdge.transportMode;
|
|
130
|
+
status.fallbackUsed = rustEdge.fallbackUsed;
|
|
131
|
+
status.performance = rustEdge.performance;
|
|
132
|
+
status.flowControl = rustEdge.flowControl;
|
|
133
|
+
status.queues = rustEdge.queues;
|
|
134
|
+
status.traffic = rustEdge.traffic;
|
|
135
|
+
status.udp = rustEdge.udp;
|
|
118
136
|
}
|
|
119
137
|
/**
|
|
120
138
|
* Get runtime statuses for all known edges.
|
|
@@ -162,4 +180,4 @@ export class TunnelManager {
|
|
|
162
180
|
return total;
|
|
163
181
|
}
|
|
164
182
|
}
|
|
165
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
183
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy50dW5uZWwtbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3JlbW90ZWluZ3Jlc3MvY2xhc3Nlcy50dW5uZWwtbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGVBQWUsQ0FBQztBQWN6Qzs7R0FFRztBQUNILE1BQU0sT0FBTyxhQUFhO0lBQ2hCLEdBQUcsQ0FBOEQ7SUFDakUsT0FBTyxDQUF1QjtJQUM5QixNQUFNLENBQXVCO0lBQzdCLFlBQVksR0FBc0MsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUM1RCxpQkFBaUIsR0FBMEMsSUFBSSxDQUFDO0lBQ2hFLFNBQVMsR0FBa0IsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBRXJELFlBQVksT0FBNkIsRUFBRSxTQUErQixFQUFFO1FBQzFFLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSxPQUFPLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFeEQsNENBQTRDO1FBQzVDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLGVBQWUsRUFBRSxDQUFDLElBQTBDLEVBQUUsRUFBRTtZQUMxRSxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO2dCQUNqQyxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07Z0JBQ25CLFNBQVMsRUFBRSxJQUFJO2dCQUNmLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxJQUFJLElBQUk7Z0JBQy9CLGFBQWEsRUFBRSxDQUFDO2dCQUNoQixhQUFhLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRTtnQkFDekIsV0FBVyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUU7YUFDeEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDLElBQXdCLEVBQUUsRUFBRTtZQUMzRCxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEMsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxJQUEwQyxFQUFFLEVBQUU7WUFDekUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3BELElBQUksUUFBUSxFQUFFLENBQUM7Z0JBQ2IsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUN6QixRQUFRLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUN0QyxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxJQUEwQyxFQUFFLEVBQUU7WUFDekUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3BELElBQUksUUFBUSxJQUFJLFFBQVEsQ0FBQyxhQUFhLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzNDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMzQixDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsS0FBSztRQUNoQixNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO1lBQ25CLFVBQVUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsSUFBSSxJQUFJO1lBQzFDLFVBQVUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsSUFBSSxXQUFXO1lBQ2pELEdBQUcsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUc7WUFDcEIsR0FBRyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxFQUFFLFdBQVcsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7U0FDdEUsQ0FBQyxDQUFDO1FBRVYsZ0NBQWdDO1FBQ2hDLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFOUIsNERBQTREO1FBQzVELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFO1lBQ3hDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLEdBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbkMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2IsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLElBQUk7UUFDZixJQUFJLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQzNCLGFBQWEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztZQUN0QyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDO1FBQ2hDLENBQUM7UUFDRCwwREFBMEQ7UUFDMUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN0QixJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzVCLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsU0FBUztRQUNyQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDN0MsSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjO1lBQUUsT0FBTztRQUVwRCxNQUFNLFdBQVcsR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBRXRDLEtBQUssTUFBTSxRQUFRLElBQUksU0FBUyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ2hELFdBQVcsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN4RCxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUNiLFFBQVEsQ0FBQyxhQUFhLEdBQUcsUUFBUSxDQUFDLGFBQWEsQ0FBQztnQkFDaEQsUUFBUSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3BDLElBQUksQ0FBQyxlQUFlLENBQUMsUUFBUSxFQUFFLFFBQVEsQ0FBQyxDQUFDO2dCQUN6QyxpREFBaUQ7Z0JBQ2pELElBQUksUUFBUSxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUN0QixRQUFRLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQyxRQUFRLENBQUM7Z0JBQ3hDLENBQUM7WUFDSCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04seUNBQXlDO2dCQUN6QyxNQUFNLE1BQU0sR0FBeUI7b0JBQ25DLE1BQU0sRUFBRSxRQUFRLENBQUMsTUFBTTtvQkFDdkIsU0FBUyxFQUFFLElBQUk7b0JBQ2YsUUFBUSxFQUFFLFFBQVEsQ0FBQyxRQUFRLElBQUksSUFBSTtvQkFDbkMsYUFBYSxFQUFFLFFBQVEsQ0FBQyxhQUFhO29CQUNyQyxhQUFhLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRTtvQkFDekIsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLEdBQUcsSUFBSTtpQkFDekMsQ0FBQztnQkFDRixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQztnQkFDdkMsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztZQUNqRCxDQUFDO1FBQ0gsQ0FBQztRQUVELGlGQUFpRjtRQUNqRixLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUM5QyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUM3QixJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNuQyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7O09BR0c7SUFDSSxLQUFLLENBQUMsZ0JBQWdCO1FBQzNCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxHQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLElBQUksRUFBRTtZQUN6RCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxLQUFZLENBQUMsQ0FBQztRQUNsRCxDQUFDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxTQUFTLEdBQUcsR0FBRyxDQUFDO1FBQ3JCLE1BQU0sR0FBRyxDQUFDO0lBQ1osQ0FBQztJQUVPLGVBQWUsQ0FBQyxNQUE0QixFQUFFLFFBQWE7UUFDakUsTUFBTSxDQUFDLGFBQWEsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBQzlDLE1BQU0sQ0FBQyxZQUFZLEdBQUcsUUFBUSxDQUFDLFlBQVksQ0FBQztRQUM1QyxNQUFNLENBQUMsV0FBVyxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUM7UUFDMUMsTUFBTSxDQUFDLFdBQVcsR0FBRyxRQUFRLENBQUMsV0FBVyxDQUFDO1FBQzFDLE1BQU0sQ0FBQyxNQUFNLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQztRQUNoQyxNQUFNLENBQUMsT0FBTyxHQUFHLFFBQVEsQ0FBQyxPQUFPLENBQUM7UUFDbEMsTUFBTSxDQUFDLEdBQUcsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDO0lBQzVCLENBQUM7SUFFRDs7T0FFRztJQUNJLGVBQWU7UUFDcEIsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxhQUFhLENBQUMsTUFBYztRQUNqQyxPQUFPLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7T0FFRztJQUNJLGlCQUFpQjtRQUN0QixJQUFJLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDZCxLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQztZQUNoRCxJQUFJLE1BQU0sQ0FBQyxTQUFTO2dCQUFFLEtBQUssRUFBRSxDQUFDO1FBQ2hDLENBQUM7UUFDRCxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQjtRQUN4QixNQUFNLEdBQUcsR0FBYSxFQUFFLENBQUM7UUFDekIsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7WUFDaEQsSUFBSSxNQUFNLENBQUMsU0FBUyxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDeEMsR0FBRyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDNUIsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRDs7T0FFRztJQUNJLHFCQUFxQjtRQUMxQixJQUFJLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDZCxLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQztZQUNoRCxLQUFLLElBQUksTUFBTSxDQUFDLGFBQWEsQ0FBQztRQUNoQyxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0NBQ0YifQ==
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import type { IIpIntelligenceRecord, ISecurityBlockRule, ISecurityCompiledPolicy, TSecurityBlockRuleMatchMode, TSecurityBlockRuleType } from '../../dist_ts_interfaces/data/security-policy.js';
|
|
2
|
+
export interface ISecurityPolicyManagerOptions {
|
|
3
|
+
intelligenceRefreshMs?: number;
|
|
4
|
+
onPolicyChanged?: () => void | Promise<void>;
|
|
5
|
+
}
|
|
6
|
+
export interface IRemoteIngressFirewallSnapshot {
|
|
7
|
+
blockedIps?: string[];
|
|
8
|
+
}
|
|
9
|
+
export declare class SecurityPolicyManager {
|
|
10
|
+
private readonly smartNetwork;
|
|
11
|
+
private readonly intelligenceRefreshMs;
|
|
12
|
+
private readonly inFlightObservations;
|
|
13
|
+
private readonly onPolicyChanged?;
|
|
14
|
+
constructor(options?: ISecurityPolicyManagerOptions);
|
|
15
|
+
start(): Promise<void>;
|
|
16
|
+
stop(): Promise<void>;
|
|
17
|
+
observeIps(ips: string[]): Promise<void>;
|
|
18
|
+
observeIp(ipAddress: string): Promise<void>;
|
|
19
|
+
listBlockRules(): Promise<ISecurityBlockRule[]>;
|
|
20
|
+
listIpIntelligence(): Promise<IIpIntelligenceRecord[]>;
|
|
21
|
+
createBlockRule(input: {
|
|
22
|
+
type: TSecurityBlockRuleType;
|
|
23
|
+
value: string;
|
|
24
|
+
matchMode?: TSecurityBlockRuleMatchMode;
|
|
25
|
+
reason?: string;
|
|
26
|
+
enabled?: boolean;
|
|
27
|
+
}, actor?: string): Promise<ISecurityBlockRule>;
|
|
28
|
+
updateBlockRule(id: string, patch: Partial<Pick<ISecurityBlockRule, 'value' | 'matchMode' | 'reason' | 'enabled'>>, actor?: string): Promise<ISecurityBlockRule | null>;
|
|
29
|
+
deleteBlockRule(id: string, actor?: string): Promise<boolean>;
|
|
30
|
+
compilePolicy(): Promise<ISecurityCompiledPolicy>;
|
|
31
|
+
compileSmartProxyPolicy(): Promise<ISecurityCompiledPolicy>;
|
|
32
|
+
compileRemoteIngressFirewall(): Promise<IRemoteIngressFirewallSnapshot | undefined>;
|
|
33
|
+
private matchesAnyReactiveRule;
|
|
34
|
+
private ruleMatchesIntelligence;
|
|
35
|
+
private normalizeIp;
|
|
36
|
+
private normalizeCidr;
|
|
37
|
+
private isPublicIp;
|
|
38
|
+
private ruleFromDoc;
|
|
39
|
+
private writeAudit;
|
|
40
|
+
private notifyPolicyChanged;
|
|
41
|
+
}
|
|
@@ -0,0 +1,283 @@
|
|
|
1
|
+
import * as plugins from '../plugins.js';
|
|
2
|
+
import { logger } from '../logger.js';
|
|
3
|
+
import { IpIntelligenceDoc, SecurityBlockRuleDoc, SecurityPolicyAuditDoc } from '../db/index.js';
|
|
4
|
+
export class SecurityPolicyManager {
|
|
5
|
+
smartNetwork = new plugins.smartnetwork.SmartNetwork({
|
|
6
|
+
cacheTtl: 24 * 60 * 60 * 1000,
|
|
7
|
+
});
|
|
8
|
+
intelligenceRefreshMs;
|
|
9
|
+
inFlightObservations = new Set();
|
|
10
|
+
onPolicyChanged;
|
|
11
|
+
constructor(options = {}) {
|
|
12
|
+
this.intelligenceRefreshMs = options.intelligenceRefreshMs ?? 24 * 60 * 60 * 1000;
|
|
13
|
+
this.onPolicyChanged = options.onPolicyChanged;
|
|
14
|
+
}
|
|
15
|
+
async start() {
|
|
16
|
+
logger.log('info', 'SecurityPolicyManager started');
|
|
17
|
+
}
|
|
18
|
+
async stop() {
|
|
19
|
+
await this.smartNetwork.stop();
|
|
20
|
+
}
|
|
21
|
+
async observeIps(ips) {
|
|
22
|
+
const uniqueIps = [...new Set(ips.map((ip) => this.normalizeIp(ip)).filter(Boolean))];
|
|
23
|
+
await Promise.allSettled(uniqueIps.map((ip) => this.observeIp(ip)));
|
|
24
|
+
}
|
|
25
|
+
async observeIp(ipAddress) {
|
|
26
|
+
const ip = this.normalizeIp(ipAddress);
|
|
27
|
+
if (!ip || !this.isPublicIp(ip) || this.inFlightObservations.has(ip)) {
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
this.inFlightObservations.add(ip);
|
|
31
|
+
try {
|
|
32
|
+
const now = Date.now();
|
|
33
|
+
let doc = await IpIntelligenceDoc.findByIp(ip);
|
|
34
|
+
if (doc && now - doc.updatedAt < this.intelligenceRefreshMs) {
|
|
35
|
+
if (now - doc.lastSeenAt > 60_000) {
|
|
36
|
+
doc.lastSeenAt = now;
|
|
37
|
+
doc.seenCount = (doc.seenCount || 0) + 1;
|
|
38
|
+
await doc.save();
|
|
39
|
+
}
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
const intelligence = await this.smartNetwork.getIpIntelligence(ip);
|
|
43
|
+
if (!doc) {
|
|
44
|
+
doc = new IpIntelligenceDoc();
|
|
45
|
+
doc.ipAddress = ip;
|
|
46
|
+
doc.firstSeenAt = now;
|
|
47
|
+
}
|
|
48
|
+
Object.assign(doc, intelligence);
|
|
49
|
+
doc.lastSeenAt = now;
|
|
50
|
+
doc.updatedAt = now;
|
|
51
|
+
doc.seenCount = (doc.seenCount || 0) + 1;
|
|
52
|
+
await doc.save();
|
|
53
|
+
if (await this.matchesAnyReactiveRule(doc)) {
|
|
54
|
+
await this.notifyPolicyChanged();
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
catch (err) {
|
|
58
|
+
logger.log('warn', `Failed to enrich IP ${ip}: ${err.message}`);
|
|
59
|
+
}
|
|
60
|
+
finally {
|
|
61
|
+
this.inFlightObservations.delete(ip);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
async listBlockRules() {
|
|
65
|
+
return (await SecurityBlockRuleDoc.findAll()).map((doc) => this.ruleFromDoc(doc));
|
|
66
|
+
}
|
|
67
|
+
async listIpIntelligence() {
|
|
68
|
+
return (await IpIntelligenceDoc.findAll()).map((doc) => ({
|
|
69
|
+
ipAddress: doc.ipAddress,
|
|
70
|
+
asn: doc.asn,
|
|
71
|
+
asnOrg: doc.asnOrg,
|
|
72
|
+
registrantOrg: doc.registrantOrg,
|
|
73
|
+
registrantCountry: doc.registrantCountry,
|
|
74
|
+
networkRange: doc.networkRange,
|
|
75
|
+
abuseContact: doc.abuseContact,
|
|
76
|
+
country: doc.country,
|
|
77
|
+
countryCode: doc.countryCode,
|
|
78
|
+
city: doc.city,
|
|
79
|
+
latitude: doc.latitude,
|
|
80
|
+
longitude: doc.longitude,
|
|
81
|
+
accuracyRadius: doc.accuracyRadius,
|
|
82
|
+
timezone: doc.timezone,
|
|
83
|
+
firstSeenAt: doc.firstSeenAt,
|
|
84
|
+
lastSeenAt: doc.lastSeenAt,
|
|
85
|
+
updatedAt: doc.updatedAt,
|
|
86
|
+
seenCount: doc.seenCount,
|
|
87
|
+
}));
|
|
88
|
+
}
|
|
89
|
+
async createBlockRule(input, actor = 'system') {
|
|
90
|
+
const now = Date.now();
|
|
91
|
+
const doc = new SecurityBlockRuleDoc();
|
|
92
|
+
doc.id = plugins.uuid.v4();
|
|
93
|
+
doc.type = input.type;
|
|
94
|
+
doc.value = input.value.trim();
|
|
95
|
+
doc.matchMode = input.matchMode;
|
|
96
|
+
doc.reason = input.reason;
|
|
97
|
+
doc.enabled = input.enabled ?? true;
|
|
98
|
+
doc.createdAt = now;
|
|
99
|
+
doc.updatedAt = now;
|
|
100
|
+
doc.createdBy = actor;
|
|
101
|
+
await doc.save();
|
|
102
|
+
await this.writeAudit('createBlockRule', actor, { rule: this.ruleFromDoc(doc) });
|
|
103
|
+
await this.notifyPolicyChanged();
|
|
104
|
+
return this.ruleFromDoc(doc);
|
|
105
|
+
}
|
|
106
|
+
async updateBlockRule(id, patch, actor = 'system') {
|
|
107
|
+
const doc = await SecurityBlockRuleDoc.findById(id);
|
|
108
|
+
if (!doc) {
|
|
109
|
+
return null;
|
|
110
|
+
}
|
|
111
|
+
if (patch.value !== undefined)
|
|
112
|
+
doc.value = patch.value.trim();
|
|
113
|
+
if (patch.matchMode !== undefined)
|
|
114
|
+
doc.matchMode = patch.matchMode;
|
|
115
|
+
if (patch.reason !== undefined)
|
|
116
|
+
doc.reason = patch.reason;
|
|
117
|
+
if (patch.enabled !== undefined)
|
|
118
|
+
doc.enabled = patch.enabled;
|
|
119
|
+
doc.updatedAt = Date.now();
|
|
120
|
+
await doc.save();
|
|
121
|
+
await this.writeAudit('updateBlockRule', actor, { id, patch });
|
|
122
|
+
await this.notifyPolicyChanged();
|
|
123
|
+
return this.ruleFromDoc(doc);
|
|
124
|
+
}
|
|
125
|
+
async deleteBlockRule(id, actor = 'system') {
|
|
126
|
+
const doc = await SecurityBlockRuleDoc.findById(id);
|
|
127
|
+
if (!doc) {
|
|
128
|
+
return false;
|
|
129
|
+
}
|
|
130
|
+
await doc.delete();
|
|
131
|
+
await this.writeAudit('deleteBlockRule', actor, { id });
|
|
132
|
+
await this.notifyPolicyChanged();
|
|
133
|
+
return true;
|
|
134
|
+
}
|
|
135
|
+
async compilePolicy() {
|
|
136
|
+
const rules = await SecurityBlockRuleDoc.findEnabled();
|
|
137
|
+
const intelligenceDocs = await IpIntelligenceDoc.findAll();
|
|
138
|
+
const blockedIps = new Set();
|
|
139
|
+
const blockedCidrs = new Set();
|
|
140
|
+
for (const rule of rules) {
|
|
141
|
+
const normalizedValue = rule.value.trim();
|
|
142
|
+
if (!normalizedValue)
|
|
143
|
+
continue;
|
|
144
|
+
if (rule.type === 'ip') {
|
|
145
|
+
const ip = this.normalizeIp(normalizedValue);
|
|
146
|
+
if (ip && plugins.net.isIP(ip))
|
|
147
|
+
blockedIps.add(ip);
|
|
148
|
+
continue;
|
|
149
|
+
}
|
|
150
|
+
if (rule.type === 'cidr') {
|
|
151
|
+
const cidr = this.normalizeCidr(normalizedValue);
|
|
152
|
+
if (cidr)
|
|
153
|
+
blockedCidrs.add(cidr);
|
|
154
|
+
continue;
|
|
155
|
+
}
|
|
156
|
+
for (const doc of intelligenceDocs) {
|
|
157
|
+
if (!this.ruleMatchesIntelligence(rule, doc))
|
|
158
|
+
continue;
|
|
159
|
+
const cidr = this.normalizeCidr(doc.networkRange || '');
|
|
160
|
+
if (cidr) {
|
|
161
|
+
blockedCidrs.add(cidr);
|
|
162
|
+
}
|
|
163
|
+
else if (this.normalizeIp(doc.ipAddress)) {
|
|
164
|
+
blockedIps.add(this.normalizeIp(doc.ipAddress));
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
return {
|
|
169
|
+
blockedIps: [...blockedIps].sort(),
|
|
170
|
+
blockedCidrs: [...blockedCidrs].sort(),
|
|
171
|
+
};
|
|
172
|
+
}
|
|
173
|
+
async compileSmartProxyPolicy() {
|
|
174
|
+
return await this.compilePolicy();
|
|
175
|
+
}
|
|
176
|
+
async compileRemoteIngressFirewall() {
|
|
177
|
+
const policy = await this.compilePolicy();
|
|
178
|
+
const blockedIps = [
|
|
179
|
+
...policy.blockedIps.filter((ip) => plugins.net.isIP(ip) === 4),
|
|
180
|
+
...policy.blockedCidrs.filter((cidr) => plugins.net.isIP(cidr.split('/')[0]) === 4),
|
|
181
|
+
];
|
|
182
|
+
return blockedIps.length > 0 ? { blockedIps } : undefined;
|
|
183
|
+
}
|
|
184
|
+
async matchesAnyReactiveRule(doc) {
|
|
185
|
+
const rules = await SecurityBlockRuleDoc.findEnabled();
|
|
186
|
+
return rules.some((rule) => rule.type === 'asn' || rule.type === 'organization'
|
|
187
|
+
? this.ruleMatchesIntelligence(rule, doc)
|
|
188
|
+
: false);
|
|
189
|
+
}
|
|
190
|
+
ruleMatchesIntelligence(rule, doc) {
|
|
191
|
+
const value = rule.value.trim().toLowerCase();
|
|
192
|
+
if (!value)
|
|
193
|
+
return false;
|
|
194
|
+
if (rule.type === 'asn') {
|
|
195
|
+
return String(doc.asn ?? '') === value.replace(/^as/i, '');
|
|
196
|
+
}
|
|
197
|
+
if (rule.type === 'organization') {
|
|
198
|
+
const candidates = [doc.asnOrg, doc.registrantOrg]
|
|
199
|
+
.filter(Boolean)
|
|
200
|
+
.map((candidate) => candidate.toLowerCase());
|
|
201
|
+
if (rule.matchMode === 'exact') {
|
|
202
|
+
return candidates.some((candidate) => candidate === value);
|
|
203
|
+
}
|
|
204
|
+
return candidates.some((candidate) => candidate.includes(value));
|
|
205
|
+
}
|
|
206
|
+
return false;
|
|
207
|
+
}
|
|
208
|
+
normalizeIp(ipAddress) {
|
|
209
|
+
const ip = ipAddress.trim();
|
|
210
|
+
if (ip.startsWith('::ffff:')) {
|
|
211
|
+
return ip.slice('::ffff:'.length);
|
|
212
|
+
}
|
|
213
|
+
return plugins.net.isIP(ip) ? ip : undefined;
|
|
214
|
+
}
|
|
215
|
+
normalizeCidr(value) {
|
|
216
|
+
const [rawIp, rawPrefix] = value.trim().split('/');
|
|
217
|
+
if (!rawIp || !rawPrefix)
|
|
218
|
+
return undefined;
|
|
219
|
+
const ip = this.normalizeIp(rawIp);
|
|
220
|
+
if (!ip)
|
|
221
|
+
return undefined;
|
|
222
|
+
const prefix = Number(rawPrefix);
|
|
223
|
+
const maxPrefix = plugins.net.isIP(ip) === 4 ? 32 : 128;
|
|
224
|
+
if (!Number.isInteger(prefix) || prefix < 0 || prefix > maxPrefix)
|
|
225
|
+
return undefined;
|
|
226
|
+
return `${ip}/${prefix}`;
|
|
227
|
+
}
|
|
228
|
+
isPublicIp(ip) {
|
|
229
|
+
const family = plugins.net.isIP(ip);
|
|
230
|
+
if (family === 4) {
|
|
231
|
+
const parts = ip.split('.').map((part) => Number(part));
|
|
232
|
+
const [a, b] = parts;
|
|
233
|
+
if (a === 10 || a === 127 || a === 0 || a >= 224)
|
|
234
|
+
return false;
|
|
235
|
+
if (a === 100 && b >= 64 && b <= 127)
|
|
236
|
+
return false;
|
|
237
|
+
if (a === 169 && b === 254)
|
|
238
|
+
return false;
|
|
239
|
+
if (a === 172 && b >= 16 && b <= 31)
|
|
240
|
+
return false;
|
|
241
|
+
if (a === 192 && b === 168)
|
|
242
|
+
return false;
|
|
243
|
+
return true;
|
|
244
|
+
}
|
|
245
|
+
if (family === 6) {
|
|
246
|
+
const lower = ip.toLowerCase();
|
|
247
|
+
if (lower === '::1' || lower === '::')
|
|
248
|
+
return false;
|
|
249
|
+
if (lower.startsWith('fe80:') || lower.startsWith('fc') || lower.startsWith('fd'))
|
|
250
|
+
return false;
|
|
251
|
+
return true;
|
|
252
|
+
}
|
|
253
|
+
return false;
|
|
254
|
+
}
|
|
255
|
+
ruleFromDoc(doc) {
|
|
256
|
+
return {
|
|
257
|
+
id: doc.id,
|
|
258
|
+
type: doc.type,
|
|
259
|
+
value: doc.value,
|
|
260
|
+
matchMode: doc.matchMode,
|
|
261
|
+
enabled: doc.enabled,
|
|
262
|
+
reason: doc.reason,
|
|
263
|
+
createdAt: doc.createdAt,
|
|
264
|
+
updatedAt: doc.updatedAt,
|
|
265
|
+
createdBy: doc.createdBy,
|
|
266
|
+
};
|
|
267
|
+
}
|
|
268
|
+
async writeAudit(action, actor, details) {
|
|
269
|
+
const doc = new SecurityPolicyAuditDoc();
|
|
270
|
+
doc.id = plugins.uuid.v4();
|
|
271
|
+
doc.action = action;
|
|
272
|
+
doc.actor = actor;
|
|
273
|
+
doc.details = details;
|
|
274
|
+
doc.createdAt = Date.now();
|
|
275
|
+
await doc.save();
|
|
276
|
+
}
|
|
277
|
+
async notifyPolicyChanged() {
|
|
278
|
+
if (this.onPolicyChanged) {
|
|
279
|
+
await this.onPolicyChanged();
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5zZWN1cml0eS1wb2xpY3ktbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3NlY3VyaXR5L2NsYXNzZXMuc2VjdXJpdHktcG9saWN5LW1hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUN0QyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQWtCakcsTUFBTSxPQUFPLHFCQUFxQjtJQUNmLFlBQVksR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDO1FBQ3BFLFFBQVEsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJO0tBQzlCLENBQUMsQ0FBQztJQUNjLHFCQUFxQixDQUFTO0lBQzlCLG9CQUFvQixHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7SUFDekMsZUFBZSxDQUE4QjtJQUU5RCxZQUFZLFVBQXlDLEVBQUU7UUFDckQsSUFBSSxDQUFDLHFCQUFxQixHQUFHLE9BQU8sQ0FBQyxxQkFBcUIsSUFBSSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDbEYsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxDQUFDO0lBQ2pELENBQUM7SUFFTSxLQUFLLENBQUMsS0FBSztRQUNoQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRU0sS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFhO1FBQ25DLE1BQU0sU0FBUyxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBYSxDQUFDLENBQUMsQ0FBQztRQUNsRyxNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVNLEtBQUssQ0FBQyxTQUFTLENBQUMsU0FBaUI7UUFDdEMsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsSUFBSSxJQUFJLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDckUsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2xDLElBQUksQ0FBQztZQUNILE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUN2QixJQUFJLEdBQUcsR0FBRyxNQUFNLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUMvQyxJQUFJLEdBQUcsSUFBSSxHQUFHLEdBQUcsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMscUJBQXFCLEVBQUUsQ0FBQztnQkFDNUQsSUFBSSxHQUFHLEdBQUcsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLEVBQUUsQ0FBQztvQkFDbEMsR0FBRyxDQUFDLFVBQVUsR0FBRyxHQUFHLENBQUM7b0JBQ3JCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsQ0FBQyxHQUFHLENBQUMsU0FBUyxJQUFJLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDekMsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ25CLENBQUM7Z0JBQ0QsT0FBTztZQUNULENBQUM7WUFFRCxNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsaUJBQWlCLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDbkUsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUNULEdBQUcsR0FBRyxJQUFJLGlCQUFpQixFQUFFLENBQUM7Z0JBQzlCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsRUFBRSxDQUFDO2dCQUNuQixHQUFHLENBQUMsV0FBVyxHQUFHLEdBQUcsQ0FBQztZQUN4QixDQUFDO1lBQ0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUM7WUFDakMsR0FBRyxDQUFDLFVBQVUsR0FBRyxHQUFHLENBQUM7WUFDckIsR0FBRyxDQUFDLFNBQVMsR0FBRyxHQUFHLENBQUM7WUFDcEIsR0FBRyxDQUFDLFNBQVMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxTQUFTLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ3pDLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1lBRWpCLElBQUksTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDM0MsTUFBTSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUNuQyxDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1QkFBdUIsRUFBRSxLQUFNLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQzdFLENBQUM7Z0JBQVMsQ0FBQztZQUNULElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdkMsQ0FBQztJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsY0FBYztRQUN6QixPQUFPLENBQUMsTUFBTSxvQkFBb0IsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFTSxLQUFLLENBQUMsa0JBQWtCO1FBQzdCLE9BQU8sQ0FBQyxNQUFNLGlCQUFpQixDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZELFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUc7WUFDWixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhO1lBQ2hDLGlCQUFpQixFQUFFLEdBQUcsQ0FBQyxpQkFBaUI7WUFDeEMsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO1lBQzlCLFlBQVksRUFBRSxHQUFHLENBQUMsWUFBWTtZQUM5QixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87WUFDcEIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO1lBQzVCLElBQUksRUFBRSxHQUFHLENBQUMsSUFBSTtZQUNkLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtZQUN0QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7WUFDeEIsY0FBYyxFQUFFLEdBQUcsQ0FBQyxjQUFjO1lBQ2xDLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtZQUN0QixXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7WUFDNUIsVUFBVSxFQUFFLEdBQUcsQ0FBQyxVQUFVO1lBQzFCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7U0FDekIsQ0FBQyxDQUFDLENBQUM7SUFDTixDQUFDO0lBRU0sS0FBSyxDQUFDLGVBQWUsQ0FBQyxLQU01QixFQUFFLEtBQUssR0FBRyxRQUFRO1FBQ2pCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUN2QixNQUFNLEdBQUcsR0FBRyxJQUFJLG9CQUFvQixFQUFFLENBQUM7UUFDdkMsR0FBRyxDQUFDLEVBQUUsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzNCLEdBQUcsQ0FBQyxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQztRQUN0QixHQUFHLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDL0IsR0FBRyxDQUFDLFNBQVMsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDO1FBQ2hDLEdBQUcsQ0FBQyxNQUFNLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQztRQUMxQixHQUFHLENBQUMsT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDO1FBQ3BDLEdBQUcsQ0FBQyxTQUFTLEdBQUcsR0FBRyxDQUFDO1FBQ3BCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsR0FBRyxDQUFDO1FBQ3BCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDO1FBQ3RCLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDakYsTUFBTSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztRQUNqQyxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVNLEtBQUssQ0FBQyxlQUFlLENBQUMsRUFBVSxFQUFFLEtBQXNGLEVBQUUsS0FBSyxHQUFHLFFBQVE7UUFDL0ksTUFBTSxHQUFHLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEQsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsSUFBSSxLQUFLLENBQUMsS0FBSyxLQUFLLFNBQVM7WUFBRSxHQUFHLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDOUQsSUFBSSxLQUFLLENBQUMsU0FBUyxLQUFLLFNBQVM7WUFBRSxHQUFHLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUM7UUFDbkUsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLFNBQVM7WUFBRSxHQUFHLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUM7UUFDMUQsSUFBSSxLQUFLLENBQUMsT0FBTyxLQUFLLFNBQVM7WUFBRSxHQUFHLENBQUMsT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUM7UUFDN0QsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDM0IsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGlCQUFpQixFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQy9ELE1BQU0sSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7UUFDakMsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFTSxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQVUsRUFBRSxLQUFLLEdBQUcsUUFBUTtRQUN2RCxNQUFNLEdBQUcsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNwRCxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDVCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFDRCxNQUFNLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNuQixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUN4RCxNQUFNLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1FBQ2pDLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLEtBQUssQ0FBQyxhQUFhO1FBQ3hCLE1BQU0sS0FBSyxHQUFHLE1BQU0sb0JBQW9CLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDdkQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGlCQUFpQixDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQzNELE1BQU0sVUFBVSxHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7UUFDckMsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLEVBQVUsQ0FBQztRQUV2QyxLQUFLLE1BQU0sSUFBSSxJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ3pCLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDMUMsSUFBSSxDQUFDLGVBQWU7Z0JBQUUsU0FBUztZQUUvQixJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssSUFBSSxFQUFFLENBQUM7Z0JBQ3ZCLE1BQU0sRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUFDLENBQUM7Z0JBQzdDLElBQUksRUFBRSxJQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztvQkFBRSxVQUFVLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUNuRCxTQUFTO1lBQ1gsQ0FBQztZQUVELElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDekIsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztnQkFDakQsSUFBSSxJQUFJO29CQUFFLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ2pDLFNBQVM7WUFDWCxDQUFDO1lBRUQsS0FBSyxNQUFNLEdBQUcsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO2dCQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7b0JBQUUsU0FBUztnQkFDdkQsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsWUFBWSxJQUFJLEVBQUUsQ0FBQyxDQUFDO2dCQUN4RCxJQUFJLElBQUksRUFBRSxDQUFDO29CQUNULFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ3pCLENBQUM7cUJBQU0sSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO29CQUMzQyxVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBRSxDQUFDLENBQUM7Z0JBQ25ELENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU87WUFDTCxVQUFVLEVBQUUsQ0FBQyxHQUFHLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRTtZQUNsQyxZQUFZLEVBQUUsQ0FBQyxHQUFHLFlBQVksQ0FBQyxDQUFDLElBQUksRUFBRTtTQUN2QyxDQUFDO0lBQ0osQ0FBQztJQUVNLEtBQUssQ0FBQyx1QkFBdUI7UUFDbEMsT0FBTyxNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRU0sS0FBSyxDQUFDLDRCQUE0QjtRQUN2QyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUMxQyxNQUFNLFVBQVUsR0FBRztZQUNqQixHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDL0QsR0FBRyxNQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztTQUNwRixDQUFDO1FBQ0YsT0FBTyxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQzVELENBQUM7SUFFTyxLQUFLLENBQUMsc0JBQXNCLENBQUMsR0FBc0I7UUFDekQsTUFBTSxLQUFLLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN2RCxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssS0FBSyxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssY0FBYztZQUM3RSxDQUFDLENBQUMsSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFDekMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ2IsQ0FBQztJQUVPLHVCQUF1QixDQUFDLElBQTBCLEVBQUUsR0FBc0I7UUFDaEYsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM5QyxJQUFJLENBQUMsS0FBSztZQUFFLE9BQU8sS0FBSyxDQUFDO1FBRXpCLElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUN4QixPQUFPLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsQ0FBQyxLQUFLLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7WUFDakMsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxhQUFhLENBQUM7aUJBQy9DLE1BQU0sQ0FBQyxPQUFPLENBQUM7aUJBQ2YsR0FBRyxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFVLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztZQUNoRCxJQUFJLElBQUksQ0FBQyxTQUFTLEtBQUssT0FBTyxFQUFFLENBQUM7Z0JBQy9CLE9BQU8sVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxLQUFLLEtBQUssQ0FBQyxDQUFDO1lBQzdELENBQUM7WUFDRCxPQUFPLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRU8sV0FBVyxDQUFDLFNBQWlCO1FBQ25DLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUM1QixJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3BDLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUMvQyxDQUFDO0lBRU8sYUFBYSxDQUFDLEtBQWE7UUFDakMsTUFBTSxDQUFDLEtBQUssRUFBRSxTQUFTLENBQUMsR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ25ELElBQUksQ0FBQyxLQUFLLElBQUksQ0FBQyxTQUFTO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFDM0MsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxJQUFJLENBQUMsRUFBRTtZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQzFCLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUNqQyxNQUFNLFNBQVMsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDO1FBQ3hELElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLE1BQU0sR0FBRyxDQUFDLElBQUksTUFBTSxHQUFHLFNBQVM7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUNwRixPQUFPLEdBQUcsRUFBRSxJQUFJLE1BQU0sRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFTyxVQUFVLENBQUMsRUFBVTtRQUMzQixNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNwQyxJQUFJLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNqQixNQUFNLEtBQUssR0FBRyxFQUFFLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDeEQsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUM7WUFDckIsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRztnQkFBRSxPQUFPLEtBQUssQ0FBQztZQUMvRCxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksR0FBRztnQkFBRSxPQUFPLEtBQUssQ0FBQztZQUNuRCxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLEdBQUc7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDekMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUU7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDbEQsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxHQUFHO2dCQUFFLE9BQU8sS0FBSyxDQUFDO1lBQ3pDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUNELElBQUksTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUMvQixJQUFJLEtBQUssS0FBSyxLQUFLLElBQUksS0FBSyxLQUFLLElBQUk7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDcEQsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUM7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDaEcsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRU8sV0FBVyxDQUFDLEdBQXlCO1FBQzNDLE9BQU87WUFDTCxFQUFFLEVBQUUsR0FBRyxDQUFDLEVBQUU7WUFDVixJQUFJLEVBQUUsR0FBRyxDQUFDLElBQUk7WUFDZCxLQUFLLEVBQUUsR0FBRyxDQUFDLEtBQUs7WUFDaEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1lBQ3hCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1lBQ3hCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7U0FDekIsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsVUFBVSxDQUFDLE1BQWMsRUFBRSxLQUFhLEVBQUUsT0FBZ0M7UUFDdEYsTUFBTSxHQUFHLEdBQUcsSUFBSSxzQkFBc0IsRUFBRSxDQUFDO1FBQ3pDLEdBQUcsQ0FBQyxFQUFFLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUMzQixHQUFHLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQztRQUNwQixHQUFHLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUNsQixHQUFHLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUN0QixHQUFHLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUMzQixNQUFNLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNuQixDQUFDO0lBRU8sS0FBSyxDQUFDLG1CQUFtQjtRQUMvQixJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUMvQixDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export { SecurityLogger, SecurityLogLevel, SecurityEventType, type ISecurityEvent } from './classes.securitylogger.js';
|
|
2
2
|
export { IPReputationChecker, ReputationThreshold, IPType, type IReputationResult, type IIPReputationOptions } from './classes.ipreputationchecker.js';
|
|
3
3
|
export { ContentScanner, ThreatCategory, type IScanResult, type IContentScannerOptions } from './classes.contentscanner.js';
|
|
4
|
+
export { SecurityPolicyManager, type ISecurityPolicyManagerOptions, type IRemoteIngressFirewallSnapshot, } from './classes.security-policy-manager.js';
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { SecurityLogger, SecurityLogLevel, SecurityEventType } from './classes.securitylogger.js';
|
|
2
2
|
export { IPReputationChecker, ReputationThreshold, IPType } from './classes.ipreputationchecker.js';
|
|
3
3
|
export { ContentScanner, ThreatCategory } from './classes.contentscanner.js';
|
|
4
|
-
|
|
4
|
+
export { SecurityPolicyManager, } from './classes.security-policy-manager.js';
|
|
5
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9zZWN1cml0eS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQ0wsY0FBYyxFQUNkLGdCQUFnQixFQUNoQixpQkFBaUIsRUFFbEIsTUFBTSw2QkFBNkIsQ0FBQztBQUVyQyxPQUFPLEVBQ0wsbUJBQW1CLEVBQ25CLG1CQUFtQixFQUNuQixNQUFNLEVBR1AsTUFBTSxrQ0FBa0MsQ0FBQztBQUUxQyxPQUFPLEVBQ0wsY0FBYyxFQUNkLGNBQWMsRUFHZixNQUFNLDZCQUE2QixDQUFDO0FBRXJDLE9BQU8sRUFDTCxxQkFBcUIsR0FHdEIsTUFBTSxzQ0FBc0MsQ0FBQyJ9
|
|
@@ -6,12 +6,14 @@ export declare class RemoteIngress {
|
|
|
6
6
|
name: string;
|
|
7
7
|
secret: string;
|
|
8
8
|
listenPorts: number[];
|
|
9
|
+
listenPortsUdp?: number[];
|
|
9
10
|
enabled: boolean;
|
|
10
11
|
autoDerivePorts: boolean;
|
|
11
12
|
tags?: string[];
|
|
12
13
|
createdAt: number;
|
|
13
14
|
updatedAt: number;
|
|
14
15
|
effectiveListenPorts?: number[];
|
|
16
|
+
effectiveListenPortsUdp?: number[];
|
|
15
17
|
manualPorts?: number[];
|
|
16
18
|
derivedPorts?: number[];
|
|
17
19
|
constructor(clientRef: DcRouterApiClient, data: interfaces.data.IRemoteIngress);
|
|
@@ -6,12 +6,14 @@ export class RemoteIngress {
|
|
|
6
6
|
name;
|
|
7
7
|
secret;
|
|
8
8
|
listenPorts;
|
|
9
|
+
listenPortsUdp;
|
|
9
10
|
enabled;
|
|
10
11
|
autoDerivePorts;
|
|
11
12
|
tags;
|
|
12
13
|
createdAt;
|
|
13
14
|
updatedAt;
|
|
14
15
|
effectiveListenPorts;
|
|
16
|
+
effectiveListenPortsUdp;
|
|
15
17
|
manualPorts;
|
|
16
18
|
derivedPorts;
|
|
17
19
|
constructor(clientRef, data) {
|
|
@@ -20,12 +22,14 @@ export class RemoteIngress {
|
|
|
20
22
|
this.name = data.name;
|
|
21
23
|
this.secret = data.secret;
|
|
22
24
|
this.listenPorts = data.listenPorts;
|
|
25
|
+
this.listenPortsUdp = data.listenPortsUdp;
|
|
23
26
|
this.enabled = data.enabled;
|
|
24
27
|
this.autoDerivePorts = data.autoDerivePorts;
|
|
25
28
|
this.tags = data.tags;
|
|
26
29
|
this.createdAt = data.createdAt;
|
|
27
30
|
this.updatedAt = data.updatedAt;
|
|
28
31
|
this.effectiveListenPorts = data.effectiveListenPorts;
|
|
32
|
+
this.effectiveListenPortsUdp = data.effectiveListenPortsUdp;
|
|
29
33
|
this.manualPorts = data.manualPorts;
|
|
30
34
|
this.derivedPorts = data.derivedPorts;
|
|
31
35
|
}
|
|
@@ -38,11 +42,13 @@ export class RemoteIngress {
|
|
|
38
42
|
const edge = response.edge;
|
|
39
43
|
this.name = edge.name;
|
|
40
44
|
this.listenPorts = edge.listenPorts;
|
|
45
|
+
this.listenPortsUdp = edge.listenPortsUdp;
|
|
41
46
|
this.enabled = edge.enabled;
|
|
42
47
|
this.autoDerivePorts = edge.autoDerivePorts;
|
|
43
48
|
this.tags = edge.tags;
|
|
44
49
|
this.updatedAt = edge.updatedAt;
|
|
45
50
|
this.effectiveListenPorts = edge.effectiveListenPorts;
|
|
51
|
+
this.effectiveListenPortsUdp = edge.effectiveListenPortsUdp;
|
|
46
52
|
this.manualPorts = edge.manualPorts;
|
|
47
53
|
this.derivedPorts = edge.derivedPorts;
|
|
48
54
|
}
|
|
@@ -133,4 +139,4 @@ export class RemoteIngressManager {
|
|
|
133
139
|
return new RemoteIngressBuilder(this.clientRef);
|
|
134
140
|
}
|
|
135
141
|
}
|
|
136
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
142
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5yZW1vdGVpbmdyZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfYXBpY2xpZW50L2NsYXNzZXMucmVtb3RlaW5ncmVzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssVUFBVSxNQUFNLDJCQUEyQixDQUFDO0FBR3hELE1BQU0sT0FBTyxhQUFhO0lBQ2hCLFNBQVMsQ0FBb0I7SUFFckMsMkJBQTJCO0lBQ3BCLEVBQUUsQ0FBUztJQUNYLElBQUksQ0FBUztJQUNiLE1BQU0sQ0FBUztJQUNmLFdBQVcsQ0FBVztJQUN0QixjQUFjLENBQVk7SUFDMUIsT0FBTyxDQUFVO0lBQ2pCLGVBQWUsQ0FBVTtJQUN6QixJQUFJLENBQVk7SUFDaEIsU0FBUyxDQUFTO0lBQ2xCLFNBQVMsQ0FBUztJQUNsQixvQkFBb0IsQ0FBWTtJQUNoQyx1QkFBdUIsQ0FBWTtJQUNuQyxXQUFXLENBQVk7SUFDdkIsWUFBWSxDQUFZO0lBRS9CLFlBQVksU0FBNEIsRUFBRSxJQUFvQztRQUM1RSxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztRQUMzQixJQUFJLENBQUMsRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDbEIsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ3RCLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUMxQixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUM7UUFDcEMsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDO1FBQzFDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUM1QixJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUM7UUFDNUMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ3RCLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUNoQyxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDaEMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQztRQUN0RCxJQUFJLENBQUMsdUJBQXVCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzVELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNwQyxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDeEMsQ0FBQztJQUVNLEtBQUssQ0FBQyxNQUFNLENBQUMsT0FNbkI7UUFDQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUMzQyxxQkFBcUIsRUFDckIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRSxFQUFFLEdBQUcsT0FBTyxFQUFFLENBQVEsQ0FDdkUsQ0FBQztRQUNGLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO1FBQ3JELENBQUM7UUFDRCxtQ0FBbUM7UUFDbkMsTUFBTSxJQUFJLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQztRQUMzQixJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDdEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQ3BDLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQztRQUMxQyxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUM7UUFDNUIsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDO1FBQzVDLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUN0QixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDaEMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQztRQUN0RCxJQUFJLENBQUMsdUJBQXVCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzVELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNwQyxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDeEMsQ0FBQztJQUVNLEtBQUssQ0FBQyxNQUFNO1FBQ2pCLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQzNDLHFCQUFxQixFQUNyQixJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBUSxDQUMzRCxDQUFDO1FBQ0YsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLElBQUksaUNBQWlDLENBQUMsQ0FBQztRQUN6RSxDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxnQkFBZ0I7UUFDM0IsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FDM0MsK0JBQStCLEVBQy9CLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUUsRUFBRSxDQUFRLENBQzNELENBQUM7UUFDRixJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLENBQUMsQ0FBQztRQUNqRCxDQUFDO1FBQ0QsSUFBSSxDQUFDLE1BQU0sR0FBRyxRQUFRLENBQUMsTUFBTSxDQUFDO1FBQzlCLE9BQU8sUUFBUSxDQUFDLE1BQU0sQ0FBQztJQUN6QixDQUFDO0lBRU0sS0FBSyxDQUFDLGtCQUFrQixDQUFDLE9BQWdCO1FBQzlDLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQzNDLGlDQUFpQyxFQUNqQyxJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQVEsQ0FDeEUsQ0FBQztRQUNGLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBTyxJQUFJLGdDQUFnQyxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUNELE9BQU8sUUFBUSxDQUFDLEtBQUssQ0FBQztJQUN4QixDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sb0JBQW9CO0lBQ3ZCLFNBQVMsQ0FBb0I7SUFDN0IsUUFBUSxHQUFXLEVBQUUsQ0FBQztJQUN0QixlQUFlLENBQVk7SUFDM0IsbUJBQW1CLENBQVc7SUFDOUIsUUFBUSxDQUFZO0lBRTVCLFlBQVksU0FBNEI7UUFDdEMsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7SUFDN0IsQ0FBQztJQUVNLE9BQU8sQ0FBQyxJQUFZO1FBQ3pCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLGNBQWMsQ0FBQyxLQUFlO1FBQ25DLElBQUksQ0FBQyxlQUFlLEdBQUcsS0FBSyxDQUFDO1FBQzdCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLGtCQUFrQixDQUFDLElBQWE7UUFDckMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztRQUNoQyxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxPQUFPLENBQUMsSUFBYztRQUMzQixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQzNDLHFCQUFxQixFQUNyQixJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDO1lBQ2pDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUTtZQUNuQixXQUFXLEVBQUUsSUFBSSxDQUFDLGVBQWU7WUFDakMsZUFBZSxFQUFFLElBQUksQ0FBQyxtQkFBbUI7WUFDekMsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRO1NBQ3BCLENBQVEsQ0FDVixDQUFDO1FBQ0YsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLGlDQUFpQyxDQUFDLENBQUM7UUFDckQsQ0FBQztRQUNELE9BQU8sSUFBSSxhQUFhLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDMUQsQ0FBQztDQUNGO0FBRUQsTUFBTSxPQUFPLG9CQUFvQjtJQUN2QixTQUFTLENBQW9CO0lBRXJDLFlBQVksU0FBNEI7UUFDdEMsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7SUFDN0IsQ0FBQztJQUVNLEtBQUssQ0FBQyxJQUFJO1FBQ2YsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FDM0Msb0JBQW9CLEVBQ3BCLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLEVBQVMsQ0FDNUMsQ0FBQztRQUNGLE9BQU8sUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLElBQUksYUFBYSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBRU0sS0FBSyxDQUFDLFdBQVc7UUFDdEIsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FDM0Msd0JBQXdCLEVBQ3hCLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLEVBQVMsQ0FDNUMsQ0FBQztRQUNGLE9BQU8sUUFBUSxDQUFDLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRU0sS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUtuQjtRQUNDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25ELElBQUksT0FBTyxDQUFDLFdBQVc7WUFBRSxPQUFPLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNyRSxJQUFJLE9BQU8sQ0FBQyxlQUFlLEtBQUssU0FBUztZQUFFLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDL0YsSUFBSSxPQUFPLENBQUMsSUFBSTtZQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2hELE9BQU8sT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3hCLENBQUM7SUFFTSxLQUFLO1FBQ1YsT0FBTyxJQUFJLG9CQUFvQixDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNsRCxDQUFDO0NBQ0YifQ==
|
|
@@ -9,4 +9,5 @@ export * from './domain.js';
|
|
|
9
9
|
export * from './dns-record.js';
|
|
10
10
|
export * from './acme-config.js';
|
|
11
11
|
export * from './email-domain.js';
|
|
12
|
-
|
|
12
|
+
export * from './security-policy.js';
|
|
13
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90c19pbnRlcmZhY2VzL2RhdGEvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxVQUFVLENBQUM7QUFDekIsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLGFBQWEsQ0FBQztBQUM1QixjQUFjLGlCQUFpQixDQUFDO0FBQ2hDLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLHNCQUFzQixDQUFDIn0=
|
|
@@ -34,6 +34,57 @@ export interface IRemoteIngressStatus {
|
|
|
34
34
|
activeTunnels: number;
|
|
35
35
|
lastHeartbeat: number | null;
|
|
36
36
|
connectedAt: number | null;
|
|
37
|
+
transportMode?: 'tcpTls' | 'quic' | 'quicWithFallback';
|
|
38
|
+
fallbackUsed?: boolean;
|
|
39
|
+
performance?: IRemoteIngressPerformanceEffective;
|
|
40
|
+
flowControl?: IRemoteIngressFlowControlStatus;
|
|
41
|
+
queues?: IRemoteIngressQueueStatus;
|
|
42
|
+
traffic?: IRemoteIngressTrafficStatus;
|
|
43
|
+
udp?: IRemoteIngressUdpStatus;
|
|
44
|
+
}
|
|
45
|
+
export type TRemoteIngressPerformanceProfile = 'balanced' | 'throughput' | 'highConcurrency';
|
|
46
|
+
export interface IRemoteIngressPerformanceConfig {
|
|
47
|
+
profile?: TRemoteIngressPerformanceProfile;
|
|
48
|
+
maxStreamsPerEdge?: number;
|
|
49
|
+
totalWindowBudgetBytes?: number;
|
|
50
|
+
minStreamWindowBytes?: number;
|
|
51
|
+
maxStreamWindowBytes?: number;
|
|
52
|
+
sustainedStreamWindowBytes?: number;
|
|
53
|
+
quicDatagramReceiveBufferBytes?: number;
|
|
54
|
+
}
|
|
55
|
+
export interface IRemoteIngressPerformanceEffective {
|
|
56
|
+
profile: TRemoteIngressPerformanceProfile;
|
|
57
|
+
maxStreamsPerEdge: number;
|
|
58
|
+
totalWindowBudgetBytes: number;
|
|
59
|
+
minStreamWindowBytes: number;
|
|
60
|
+
maxStreamWindowBytes: number;
|
|
61
|
+
sustainedStreamWindowBytes: number;
|
|
62
|
+
quicDatagramReceiveBufferBytes: number;
|
|
63
|
+
}
|
|
64
|
+
export interface IRemoteIngressFlowControlStatus {
|
|
65
|
+
applies: boolean;
|
|
66
|
+
currentWindowBytes: number;
|
|
67
|
+
minWindowBytes: number;
|
|
68
|
+
maxWindowBytes: number;
|
|
69
|
+
totalWindowBudgetBytes: number;
|
|
70
|
+
estimatedInFlightBytes: number;
|
|
71
|
+
stalledStreams: number;
|
|
72
|
+
}
|
|
73
|
+
export interface IRemoteIngressQueueStatus {
|
|
74
|
+
ctrlQueueDepth: number;
|
|
75
|
+
dataQueueDepth: number;
|
|
76
|
+
sustainedQueueDepth: number;
|
|
77
|
+
}
|
|
78
|
+
export interface IRemoteIngressTrafficStatus {
|
|
79
|
+
bytesIn: number;
|
|
80
|
+
bytesOut: number;
|
|
81
|
+
streamsOpenedTotal: number;
|
|
82
|
+
streamsClosedTotal: number;
|
|
83
|
+
rejectedStreams: number;
|
|
84
|
+
}
|
|
85
|
+
export interface IRemoteIngressUdpStatus {
|
|
86
|
+
activeSessions: number;
|
|
87
|
+
droppedDatagrams: number;
|
|
37
88
|
}
|
|
38
89
|
/**
|
|
39
90
|
* Route-level remote ingress configuration.
|