npm - @serve.zone/dcrouter - Versions diffs - 13.39.0 → 13.40.0 - Mend

@serve.zone/dcrouter 13.39.0 → 13.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/deno.json +1 -1
package/dist_ts/00_commitinfo_data.js +1 -1
package/dist_ts/monitoring/classes.metricsmanager.d.ts +2 -0
package/dist_ts/monitoring/classes.metricsmanager.js +53 -19
package/dist_ts/opsserver/handlers/security.handler.d.ts +2 -0
package/dist_ts/opsserver/handlers/security.handler.js +50 -73
package/dist_ts/radius/classes.radius.server.d.ts +0 -5
package/dist_ts/radius/classes.radius.server.js +19 -65
package/dist_ts_web/00_commitinfo_data.js +1 -1
package/package.json +3 -3
package/ts/00_commitinfo_data.ts +1 -1
package/ts/monitoring/classes.metricsmanager.ts +59 -21
package/ts/opsserver/handlers/security.handler.ts +57 -109
package/ts/radius/classes.radius.server.ts +19 -69
package/ts_web/00_commitinfo_data.ts +1 -1

package/ts/radius/classes.radius.server.ts CHANGED Viewed

@@ -91,7 +91,6 @@ export class RadiusServer {
   private vlanManager: VlanManager;
   private accountingManager: AccountingManager;
   private config: IRadiusServerConfig;
-  private clientSecrets: Map<string, string> = new Map();
   private running: boolean = false;
   // Statistics
@@ -138,24 +137,18 @@ export class RadiusServer {
       await this.vlanManager.importMappings(this.config.vlanAssignment.mappings);
     }
-    // Build client secrets map
-    this.buildClientSecretsMap();
+    const cidrSecrets = this.buildClientSecretsMap();
     // Create the RADIUS server
     this.radiusServer = new plugins.smartradius.RadiusServer({
       authPort: this.config.authPort,
       acctPort: this.config.acctPort,
       bindAddress: this.config.bindAddress,
-      secretResolver: this.resolveClientSecret.bind(this),
+      cidrSecrets,
       authenticationHandler: this.handleAuthentication.bind(this),
       accountingHandler: this.handleAccounting.bind(this),
     });
-    // Configure per-client secrets
-    for (const [ip, secret] of this.clientSecrets) {
-      this.radiusServer.setClientSecret(ip, secret);
-    }
     // Start the server
     await this.radiusServer.start();
@@ -204,6 +197,7 @@ export class RadiusServer {
       calledStationId: request.calledStationId,
       callingStationId: request.callingStationId,
       serviceType: request.serviceType !== undefined ? String(request.serviceType) : undefined,
+      framedMtu: request.framedMtu,
     };
     logger.log('debug', `RADIUS Auth Request: user=${authData.username}, NAS=${authData.nasIpAddress}`);
@@ -288,6 +282,8 @@ export class RadiusServer {
       outputPackets: request.outputPackets,
       sessionTime: request.sessionTime,
       terminateCause: request.terminateCause !== undefined ? String(request.terminateCause) : undefined,
+      framedIpAddress: request.framedIpAddress,
+      serviceType: request.serviceType !== undefined ? String(request.serviceType) : undefined,
     };
     try {
@@ -394,66 +390,18 @@ export class RadiusServer {
   /**
    * Build client secrets map from configuration
    */
-  private buildClientSecretsMap(): void {
-    this.clientSecrets.clear();
+  private buildClientSecretsMap(): Record<string, string> {
+    const cidrSecrets: Record<string, string> = {};
     for (const client of this.config.clients) {
       if (!client.enabled) {
         continue;
       }
-      if (!client.ipRange.includes('/')) {
-        this.clientSecrets.set(client.ipRange, client.secret);
-      }
-    }
-  }
-  private resolveClientSecret(clientAddress: string): string | undefined {
-    const normalizedClientAddress = this.normalizeClientAddress(clientAddress);
-    if (!normalizedClientAddress) return undefined;
-    const exactSecret = this.clientSecrets.get(normalizedClientAddress);
-    if (exactSecret !== undefined) return exactSecret;
-    for (const client of this.config.clients) {
-      if (!client.enabled || !client.ipRange.includes('/')) continue;
-      if (this.clientIpMatchesCidr(normalizedClientAddress, client.ipRange)) return client.secret;
+      cidrSecrets[client.ipRange] = client.secret;
     }
-    return undefined;
-  }
-  private normalizeClientAddress(clientAddress: string): string | undefined {
-    const trimmedAddress = clientAddress.trim();
-    const normalizedAddress = trimmedAddress.startsWith('::ffff:')
-      ? trimmedAddress.slice('::ffff:'.length)
-      : trimmedAddress;
-    return plugins.net.isIP(normalizedAddress) ? normalizedAddress : undefined;
-  }
-  private clientIpMatchesCidr(clientAddress: string, cidr: string): boolean {
-    const [networkAddress, rawPrefix] = cidr.trim().split('/');
-    const normalizedNetworkAddress = this.normalizeClientAddress(networkAddress || '');
-    if (!normalizedNetworkAddress || rawPrefix === undefined) return false;
-    const clientIp = this.ipv4ToNumber(clientAddress);
-    const networkIp = this.ipv4ToNumber(normalizedNetworkAddress);
-    if (clientIp === undefined || networkIp === undefined) return false;
-    const prefix = Number(rawPrefix);
-    if (!Number.isInteger(prefix) || prefix < 0 || prefix > 32) return false;
-    const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
-    return ((clientIp & mask) >>> 0) === ((networkIp & mask) >>> 0);
-  }
-  private ipv4ToNumber(ipAddress: string): number | undefined {
-    if (plugins.net.isIP(ipAddress) !== 4) return undefined;
-    const parts = ipAddress.split('.').map((part) => Number(part));
-    if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) {
-      return undefined;
-    }
-    return (((parts[0] * 256 + parts[1]) * 256 + parts[2]) * 256 + parts[3]) >>> 0;
+    return cidrSecrets;
   }
   /**
@@ -462,16 +410,20 @@ export class RadiusServer {
   async addClient(client: IRadiusClient): Promise<void> {
     // Check if client already exists
     const existingIndex = this.config.clients.findIndex(c => c.name === client.name);
+    const previousClient = existingIndex >= 0 ? this.config.clients[existingIndex] : undefined;
     if (existingIndex >= 0) {
       this.config.clients[existingIndex] = client;
     } else {
       this.config.clients.push(client);
     }
-    this.buildClientSecretsMap();
-    if (this.running && this.radiusServer && client.enabled && !client.ipRange.includes('/')) {
-      this.radiusServer.setClientSecret(client.ipRange, client.secret);
+    if (this.running && this.radiusServer) {
+      if (previousClient) {
+        this.radiusServer.removeNetworkSecret(previousClient.ipRange);
+      }
+      if (client.enabled) {
+        this.radiusServer.setNetworkSecret(client.ipRange, client.secret);
+      }
     }
     logger.log('info', `RADIUS client ${client.enabled ? 'added' : 'disabled'}: ${client.name} (${client.ipRange})`);
@@ -486,10 +438,8 @@ export class RadiusServer {
       const client = this.config.clients[index];
       this.config.clients.splice(index, 1);
-      this.buildClientSecretsMap();
-      if (this.radiusServer && !client.ipRange.includes('/')) {
-        this.radiusServer.removeClientSecret(client.ipRange);
+      if (this.radiusServer) {
+        this.radiusServer.removeNetworkSecret(client.ipRange);
       }
       logger.log('info', `RADIUS client removed: ${name}`);

package/ts_web/00_commitinfo_data.ts CHANGED Viewed

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '13.39.0',
+  version: '13.40.0',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }