bdy 1.12.8-dev → 1.12.8-dev-pipeline-run

package/distTs/src/tunnel/tunnel.js

@@ -1,1010 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const basic_auth_1 = __importDefault(require("basic-auth"));
-const utils_1 = require("../utils");
-const latency_1 = __importDefault(require("./latency"));
-const client_1 = __importDefault(require("./ssh/client"));
-const events_1 = __importDefault(require("events"));
-const tcp_1 = __importDefault(require("./tcp"));
-const tls_1 = __importDefault(require("./server/tls"));
-const ssh_1 = __importDefault(require("./server/ssh"));
-const logger_1 = __importDefault(require("../logger"));
-const identification_1 = __importDefault(require("./identification"));
-const http_1 = __importDefault(require("./http"));
-const http2_1 = __importDefault(require("./server/http2"));
-const http1_1 = __importDefault(require("./server/http1"));
-const log_1 = __importDefault(require("./http/log"));
-const format_1 = __importDefault(require("../format"));
-const node_crypto_1 = __importDefault(require("node:crypto"));
-const cookie = __importStar(require("cookie"));
-const jsonwebtoken_1 = require("jsonwebtoken");
-const undici_1 = require("undici");
-const texts_1 = require("../texts");
-const dns_1 = __importDefault(require("./dns"));
-const tunnel_1 = require("../types/tunnel");
-const cfg_1 = __importDefault(require("./cfg"));
-const CIPHER_ALG = 'aes-256-cbc';
-const CIPHER_IV = Buffer.alloc(16).fill(0);
-const COOKIE_NAME = 'jwt_token';
-class Tunnel extends events_1.default {
-    agent;
-    id;
-    cipherKey;
-    sshHostKey;
-    type;
-    region;
-    target;
-    whitelist;
-    domain;
-    subdomain;
-    name;
-    timeout;
-    useragents;
-    headers;
-    responseHeaders;
-    terminate;
-    key;
-    cert;
-    ca;
-    host;
-    login;
-    password;
-    authType;
-    serve;
-    circuitBreaker;
-    log;
-    verify;
-    compression;
-    http2;
-    sshIp;
-    sshId;
-    sshPort;
-    sshUser;
-    sshPassword;
-    sshForwardPort;
-    sshClientUser;
-    sshClientPassword;
-    targetProto;
-    targetHost;
-    targetPort;
-    targetAuth;
-    totalConnections;
-    status;
-    connections;
-    dns;
-    regionLatency;
-    targetLatency;
-    tls;
-    httpLog;
-    identify;
-    http2server;
-    http1server;
-    sshServer;
-    ssh;
-    started;
-    constructor({ agent, id, type, target, region, timeout, domain, name, subdomain, whitelist, tlsSettings, httpSettings, sshSettings, sshHostKey, }) {
-        super();
-        if (!sshHostKey)
-            sshHostKey = (0, utils_1.createSshHostKey)();
-        this.agent = agent;
-        this.id = id;
-        this.cipherKey = node_crypto_1.default.createHash('sha512').update(this.id).digest('hex').substring(0, 32);
-        this.sshHostKey = sshHostKey;
-        this.create({
-            type,
-            target,
-            region,
-            timeout,
-            domain,
-            subdomain,
-            name,
-            whitelist,
-            tlsSettings,
-            httpSettings,
-            sshSettings,
-        });
-    }
-    create({ type, target, region, timeout, domain, subdomain, name, whitelist, tlsSettings, httpSettings, sshSettings, }) {
-        this.type = type;
-        this.region = region;
-        this.target = target;
-        this.whitelist = whitelist || [];
-        this.domain = domain;
-        this.subdomain = subdomain;
-        this.name = name;
-        this.timeout = timeout || utils_1.DEFAULT_TIMEOUT;
-        this.useragents = [];
-        this.headers = [];
-        this.responseHeaders = [];
-        if (tlsSettings) {
-            this.terminate = tlsSettings.terminate;
-            this.key = tlsSettings.key;
-            this.cert = tlsSettings.cert;
-            this.ca = tlsSettings.ca;
-        }
-        if (httpSettings) {
-            this.host = httpSettings.host;
-            if (httpSettings.authType) {
-                this.authType = httpSettings.authType;
-                if (this.authType === tunnel_1.TUNNEL_HTTP_AUTH_TYPE.BASIC) {
-                    this.login = httpSettings.login || '';
-                    this.password = httpSettings.password || '';
-                }
-            }
-            else if (httpSettings.login || httpSettings.password) {
-                this.authType = tunnel_1.TUNNEL_HTTP_AUTH_TYPE.BASIC;
-                this.login = httpSettings.login || '';
-                this.password = httpSettings.password || '';
-            }
-            else {
-                this.authType = tunnel_1.TUNNEL_HTTP_AUTH_TYPE.NONE;
-            }
-            this.ca = httpSettings.ca;
-            this.serve = httpSettings.serve;
-            this.useragents = httpSettings.userAgents || [];
-            this.headers = httpSettings.headers || [];
-            this.responseHeaders = httpSettings.responseHeaders || [];
-            this.circuitBreaker = httpSettings.circuitBreaker;
-            this.log = httpSettings.log;
-            this.verify = httpSettings.verify;
-            this.compression = httpSettings.compression;
-            this.http2 = httpSettings.http2;
-        }
-        if (sshSettings) {
-            this.sshIp = sshSettings.ip;
-            this.sshId = sshSettings.sshId;
-            this.sshPort = sshSettings.port;
-            this.sshUser = sshSettings.user;
-            this.sshPassword = sshSettings.password;
-            this.sshForwardPort = sshSettings.forwardPort;
-            this.sshClientUser = sshSettings.clientUser;
-            this.sshClientPassword = sshSettings.clientPassword;
-        }
-        this.targetProto = 'http';
-        this.targetHost = 'localhost';
-        this.targetPort = 80;
-        this.targetAuth = null;
-        if (this.type === tunnel_1.TUNNEL_TYPE.HTTP) {
-            let m = this.target.match(utils_1.TARGET_ONLY_PORT_REGEX);
-            if (m) {
-                this.targetPort = parseInt(m[0], 10);
-            }
-            else {
-                m = this.target.match(utils_1.TARGET_HTTP_REGEX);
-                if (m) {
-                    if (m[2])
-                        this.targetProto = m[2];
-                    if (m[6])
-                        this.targetPort = parseInt(m[6], 10);
-                    else if (this.targetProto === 'https')
-                        this.targetPort = 443;
-                    if (m[4])
-                        this.targetHost = m[4];
-                    if (m[3])
-                        this.targetAuth = m[3].replace(/@$/, '');
-                }
-            }
-        }
-        else if (this.type === tunnel_1.TUNNEL_TYPE.SSH) {
-            this.targetHost = 'localhost';
-            this.targetProto = 'ssh://';
-            this.targetPort = 22;
-        }
-        else {
-            const m = this.target.match(utils_1.TARGET_TCP_TLS_REGEX);
-            if (m) {
-                this.targetPort = parseInt(m[3], 10);
-                if (m[2])
-                    this.targetHost = m[2];
-            }
-        }
-        this.connections = {};
-        this.totalConnections = 0;
-        this.status = tunnel_1.TUNNEL_STATUS.CLOSED;
-        this.dns = null;
-        this.regionLatency = null;
-        this.targetLatency = null;
-        this.tls = null;
-        this.httpLog = null;
-        this.identify = null;
-        this.http2server = null;
-        this.http1server = null;
-        this.sshServer = null;
-        this.ssh = null;
-        this.started = false;
-    }
-    recreate({ type, target, region, timeout, domain, subdomain, name, whitelist, tlsSettings, httpSettings, sshSettings, }) {
-        const started = this.started;
-        this.stop(false);
-        this.create({
-            type,
-            target,
-            region,
-            timeout,
-            domain,
-            subdomain,
-            name,
-            whitelist,
-            tlsSettings,
-            httpSettings,
-            sshSettings,
-        });
-        if (started)
-            this.start();
-    }
-    hasChanged(data) {
-        const tunnel = new Tunnel({
-            ...data,
-            sshHostKey: this.sshHostKey,
-        });
-        if (this.type !== tunnel.type)
-            return true;
-        if (this.target !== tunnel.target)
-            return true;
-        if (this.region !== tunnel.region)
-            return true;
-        if (this.timeout !== tunnel.timeout)
-            return true;
-        if (this.domain !== tunnel.domain)
-            return true;
-        if (this.subdomain !== tunnel.subdomain)
-            return true;
-        if (this.terminate !== tunnel.terminate)
-            return true;
-        if (this.key !== tunnel.key)
-            return true;
-        if (this.cert !== tunnel.cert)
-            return true;
-        if (this.ca !== tunnel.ca)
-            return true;
-        if (this.host !== tunnel.host)
-            return true;
-        if (this.login !== tunnel.login)
-            return true;
-        if (this.password !== tunnel.password)
-            return true;
-        if (this.serve !== tunnel.serve)
-            return true;
-        if (this.circuitBreaker !== tunnel.circuitBreaker)
-            return true;
-        if (this.log !== tunnel.log)
-            return true;
-        if (this.verify !== tunnel.verify)
-            return true;
-        if (this.http2 !== tunnel.http2)
-            return true;
-        if (this.compression !== tunnel.compression)
-            return true;
-        if (this.sshIp !== tunnel.sshIp)
-            return true;
-        if (this.sshId !== tunnel.sshId)
-            return true;
-        if (this.sshPort !== tunnel.sshPort)
-            return true;
-        if (this.sshUser !== tunnel.sshUser)
-            return true;
-        if (this.sshPassword !== tunnel.sshPassword)
-            return true;
-        if (this.sshForwardPort !== tunnel.sshForwardPort)
-            return true;
-        if (this.sshClientPassword !== tunnel.sshClientPassword)
-            return true;
-        if (this.sshClientUser !== tunnel.sshClientUser)
-            return true;
-        if (this.whitelist?.length !== tunnel.whitelist?.length)
-            return true;
-        if (this.whitelist && tunnel.whitelist) {
-            this.whitelist.sort();
-            tunnel.whitelist.sort();
-            for (let i = 0; i < this.whitelist.length; i += 1) {
-                if (this.whitelist[i] !== tunnel.whitelist[i])
-                    return true;
-            }
-        }
-        if (this.useragents?.length !== tunnel.useragents?.length)
-            return true;
-        if (this.useragents && tunnel.useragents) {
-            this.useragents.sort();
-            tunnel.useragents.sort();
-            for (let i = 0; i < this.useragents.length; i += 1) {
-                if (this.useragents[i] !== tunnel.useragents[i])
-                    return true;
-            }
-        }
-        const sortHeaders = (a, b) => a.name.localeCompare(b.name);
-        if (this.headers?.length !== tunnel.headers?.length)
-            return true;
-        if (this.headers && tunnel.headers) {
-            this.headers.sort(sortHeaders);
-            tunnel.headers.sort(sortHeaders);
-            for (let i = 0; i < this.headers.length; i += 1) {
-                const thisH = this.headers[i];
-                const tunnelH = tunnel.headers[i];
-                if (thisH.name !== tunnelH.name)
-                    return true;
-                if (thisH.value !== tunnelH.value)
-                    return true;
-            }
-        }
-        if (this.responseHeaders?.length !== tunnel.responseHeaders?.length)
-            return true;
-        if (this.responseHeaders && tunnel.responseHeaders) {
-            this.responseHeaders.sort(sortHeaders);
-            tunnel.responseHeaders.sort(sortHeaders);
-            for (let i = 0; i < this.responseHeaders.length; i += 1) {
-                const thisRH = this.responseHeaders[i];
-                const tunnelRH = tunnel.responseHeaders[i];
-                if (thisRH.name !== tunnelRH.name)
-                    return true;
-                if (thisRH.value !== tunnelRH.value)
-                    return true;
-            }
-        }
-        return false;
-    }
-    async sshConnected() {
-        try {
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_CONNECTED)(this.id, this.sshForwardPort));
-            if (this.ssh && this.sshForwardPort)
-                await this.ssh.forwardIn(this.sshForwardPort);
-            this.status = tunnel_1.TUNNEL_STATUS.OPEN;
-        }
-        catch (err) {
-            // reconnect
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_FAILED)(this.id));
-            logger_1.default.debug(err);
-            if (this.ssh)
-                this.ssh.close();
-            return;
-        }
-        this.emit(tunnel_1.TUNNEL_EVENT.OPEN, this);
-    }
-    sshDisconnected() {
-        if (this.status !== tunnel_1.TUNNEL_STATUS.CLOSED) {
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_DISCONNECTED)(this.id));
-            this.status = tunnel_1.TUNNEL_STATUS.CLOSED;
-            this.emit(tunnel_1.TUNNEL_EVENT.CLOSED, this);
-        }
-    }
-    tunnelToTarget(stream, onClose) {
-        if (!this.totalConnections)
-            this.totalConnections = 0;
-        this.totalConnections += 1;
-        const tcp = new tcp_1.default(this.targetHost || '', this.targetPort || 0, stream);
-        if (!this.connections)
-            this.connections = {};
-        this.connections[tcp.id] = tcp;
-        tcp.on(tunnel_1.TUNNEL_EVENT_TCP.CLOSED, () => {
-            if (this.connections && this.connections[tcp.id]) {
-                this.connections[tcp.id].removeAllListeners();
-                delete this.connections[tcp.id];
-            }
-            onClose();
-        });
-        tcp.pipe();
-    }
-    httpIdentified(type) {
-        logger_1.default.info((0, texts_1.LOG_TUNNEL_IDENTIFIED)(this.id, type));
-        this.emit(tunnel_1.TUNNEL_EVENT.HTTP_IDENTIFIED, this, type);
-    }
-    httpConnectionOpen(s) {
-        if (!this.totalConnections)
-            this.totalConnections = 0;
-        if (!this.connections)
-            this.connections = {};
-        this.totalConnections += 1;
-        this.connections[s.id] = s;
-        this.emit(tunnel_1.TUNNEL_EVENT.HTTP_OPEN, this);
-    }
-    httpConnectionClosed(s) {
-        if (this.connections && this.connections[s.id]) {
-            delete this.connections[s.id];
-        }
-        this.emit(tunnel_1.TUNNEL_EVENT.HTTP_CLOSED, this);
-    }
-    async httpBasicAuth(req, res) {
-        if (this.authType === tunnel_1.TUNNEL_HTTP_AUTH_TYPE.BASIC) {
-            const user = (0, basic_auth_1.default)(req);
-            if (user && user.name === this.login && user.pass === this.password) {
-                return true;
-            }
-            const authorized = await this._checkHttpPat(req, res, false);
-            if (authorized) {
-                return true;
-            }
-            logger_1.default.debug(texts_1.LOG_TUNNEL_HTTP_WRON_AUTH);
-            this.httpEndFast(req, res, 401, 'Unauthorised', {
-                'WWW-Authenticate': 'Basic real="Buddy"',
-            });
-            return false;
-        }
-        return true;
-    }
-    async _checkHttpPat(req, res, setCookie) {
-        const user = (0, basic_auth_1.default)(req);
-        if (!user || !user.name || !user.pass)
-            return false;
-        const client = this._getHttpAuthClient();
-        try {
-            const { statusCode, body } = await client.request({
-                path: `/tunnel/auth/pat`,
-                method: 'POST',
-                headers: {
-                    'content-type': 'application/json',
-                },
-                body: JSON.stringify({
-                    id: this.id,
-                    agentId: this.agent.id,
-                    login: user.name,
-                    password: user.pass,
-                })
-            });
-            if (statusCode !== 200)
-                return false;
-            const result = await body.json();
-            if (!result.success)
-                return false;
-            if (setCookie)
-                this._httpSetAuthCookie(res, result.token);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    _getHttpAuthClient() {
-        return new undici_1.Client(cfg_1.default.getTokenHost(), {
-            connect: {
-                rejectUnauthorized: false
-            }
-        });
-    }
-    async _httpExchangeAuthCode(code) {
-        const client = this._getHttpAuthClient();
-        try {
-            const r = await client.request({
-                path: `/external-api/auth/token?grant_type=authorization_code`,
-                method: 'POST',
-                headers: {
-                    'content-type': 'application/json',
-                },
-                body: JSON.stringify({
-                    code
-                })
-            });
-            const o = await r.body.json();
-            if (o.accessToken) {
-                return o.accessToken;
-            }
-        }
-        catch {
-            // do nothing
-        }
-        return '';
-    }
-    _httpParseAuthToken(token) {
-        const msg = 'Invalid authorization token';
-        if (!token)
-            throw new Error(msg);
-        const data = (0, jsonwebtoken_1.decode)(token);
-        if (data === null || !data.tunnelId || !data.userId || data.aud !== 'tunnels' || data.sub !== 'tunnel_read')
-            throw new Error(msg);
-        return {
-            tunnelId: data.tunnelId,
-            userId: data.userId,
-            token
-        };
-    }
-    _httpSetAuthCookie(res, token) {
-        res.setHeader('set-cookie', cookie.serialize(COOKIE_NAME, token, {
-            maxAge: 3600,
-            path: '/',
-            secure: false,
-            httpOnly: true,
-            sameSite: 'lax'
-        }));
-    }
-    async _checkHttpAuthToken(code, token, req, res) {
-        let fromCookie = false;
-        if (code && !token) {
-            token = await this._httpExchangeAuthCode(code);
-        }
-        if (!token) {
-            const cookies = cookie.parse(req.headers.cookie || '');
-            token = cookies[COOKIE_NAME] || '';
-            fromCookie = true;
-        }
-        if (!token) {
-            return false;
-        }
-        try {
-            const data = this._httpParseAuthToken(token);
-            if (data.tunnelId !== this.id) {
-                return false;
-            }
-            if (!data.userId) {
-                return false;
-            }
-            if (fromCookie) {
-                return true;
-            }
-            this._httpSetAuthCookie(res, token);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    _httpEncryptState(str) {
-        try {
-            const cipher = node_crypto_1.default.createCipheriv(CIPHER_ALG, Buffer.from(this.cipherKey), Buffer.from(CIPHER_IV));
-            let enc = cipher.update(JSON.stringify({ str }), 'utf8', 'hex');
-            enc += cipher.final('hex');
-            return enc;
-        }
-        catch {
-            // do nothing
-        }
-        return '';
-    }
-    _httpDecryptState(state) {
-        if (state) {
-            try {
-                const decipher = node_crypto_1.default.createDecipheriv(CIPHER_ALG, Buffer.from(this.cipherKey), Buffer.from(CIPHER_IV));
-                let dec = decipher.update(state, 'hex', 'utf8');
-                dec += decipher.final('utf8');
-                const url = JSON.parse(dec).str;
-                if (url) {
-                    new URL(url);
-                    return url;
-                }
-            }
-            catch {
-                // do nothing
-            }
-        }
-        return '';
-    }
-    _redirectHttpToBuddyAuth(pathname, search, req, res) {
-        let host = this.agent.host;
-        if (/^https:\/\/\d+\.\d+\.\d+\.\d+$/.test(host)) {
-            host = 'https://app.local.io';
-        }
-        const callback = `https://${this.subdomain}.${(this.region || '').toLowerCase()}-${this.sshId}.${this.domain}`;
-        let state;
-        if (req.headers['x-forwarded-host']) {
-            if (req.headers['x-forwarded-proto'] === 'http') {
-                state = 'http://';
-            }
-            else {
-                state = 'https://';
-            }
-            state += req.headers['x-forwarded-host'];
-        }
-        else {
-            state = callback;
-        }
-        state += pathname;
-        if (search)
-            state += search;
-        const enc = this._httpEncryptState(state);
-        let url = `${host}/tunnel/auth?redirect_url=${encodeURIComponent(callback)}&id=${encodeURIComponent(this.id)}&agentId=${encodeURIComponent(this.agent.id)}&state=${encodeURIComponent(enc)}`;
-        if (/app\.local\.io/.test(host)) {
-            url += '&response_type=token';
-        }
-        this.httpEndFast(req, res, 302, 'Found', {
-            location: url,
-        });
-    }
-    async httpBuddyAuth(req, res) {
-        if (this.authType === tunnel_1.TUNNEL_HTTP_AUTH_TYPE.BUDDY) {
-            const { searchParams, pathname, search } = new URL(req.url, 'https://abc.com');
-            const code = searchParams.get('code') || '';
-            const state = searchParams.get('state') || '';
-            const token = searchParams.get('access_token') || '';
-            const url = this._httpDecryptState(state);
-            const authByToken = await this._checkHttpAuthToken(code, token, req, res);
-            if (authByToken) {
-                if (url) {
-                    this.httpEndFast(req, res, 302, 'Found', {
-                        location: url,
-                    });
-                    return false;
-                }
-                return true;
-            }
-            else if ((code || token) && url) {
-                this.httpEndFast(req, res, 404, 'Not found');
-                return false;
-            }
-            const auth = (0, basic_auth_1.default)(req);
-            if (auth) {
-                const authorized = await this._checkHttpPat(req, res, true);
-                if (authorized) {
-                    return true;
-                }
-            }
-            this._redirectHttpToBuddyAuth(pathname, search, req, res);
-            return false;
-        }
-        return true;
-    }
-    httpEndFast(req, res, statusCode, msg, headers = {}) {
-        let log;
-        if (this.httpLog) {
-            log = this.httpLog.newRequest(req.method, req.headers, req.url, req.httpVersion, req);
-        }
-        if (!log) {
-            if (this.httpLog)
-                this.httpLog.newResponse(statusCode, headers);
-            res.statusCode = statusCode;
-            Object.keys(headers).forEach((k) => {
-                res.setHeader(k, headers[k]);
-            });
-            res.end(msg);
-        }
-        else {
-            req.pipe(log.requestBody);
-            log.requestBody.pipeToNothing(() => {
-                if (this.httpLog)
-                    this.httpLog.newResponse(statusCode, headers, log);
-                res.statusCode = statusCode;
-                Object.keys(headers).forEach((k) => {
-                    res.setHeader(k, headers[k]);
-                });
-                res.end(msg);
-            });
-        }
-    }
-    httpRateLimit(req, res) {
-        const isRateLimited = !!this.httpLog && this.httpLog.isRateLimited(req);
-        if (isRateLimited) {
-            logger_1.default.debug(texts_1.LOG_TUNNEL_HTTP_RATE_LIMIT);
-            this.httpEndFast(req, res, 429, 'Too Many Requests', {
-                'Retry-After': '60',
-            });
-            return false;
-        }
-        return true;
-    }
-    httpCircuitBreaker(req, res) {
-        const isOpen = !!this.httpLog && this.httpLog.isCircuitBreakerOpen();
-        if (isOpen) {
-            logger_1.default.debug(texts_1.LOG_TUNNEL_HTTP_CIRCUIT_BREAKER_OPEN);
-            this.httpEndFast(req, res, 504, 'Service Unavailable', {});
-            return false;
-        }
-        return true;
-    }
-    httpUserAgent(req, res) {
-        if (this.useragents && this.useragents.length > 0) {
-            const ua = req.headers['user-agent'] || '';
-            for (let i = 0; i < this.useragents.length; i += 1) {
-                const str = this.useragents[i];
-                if ((0, utils_1.isStringRegExp)(str)) {
-                    try {
-                        const r = new RegExp(str, 'i');
-                        if (r.test(ua))
-                            return true;
-                    }
-                    catch {
-                        // do nothing
-                    }
-                }
-                else if (ua.includes(str)) {
-                    return true;
-                }
-            }
-            logger_1.default.debug(texts_1.LOG_TUNNEL_HTTP_WRONG_USER_AGENTS);
-            this.httpEndFast(req, res, 401, 'Unauthorised', {});
-            return false;
-        }
-        return true;
-    }
-    targetReconnected() {
-        if (this.identify)
-            this.identify.identify();
-    }
-    httpLogRequest(logRequest) {
-        this.emit(tunnel_1.TUNNEL_EVENT.HTTP_REQUEST, this, logRequest);
-    }
-    httpLogResponse(logRequest) {
-        this.emit(tunnel_1.TUNNEL_EVENT.HTTP_RESPONSE, this, logRequest);
-    }
-    retryHttpLogRequest(logRequest) {
-        if (logRequest.requestBody.tooLarge)
-            return;
-        if (logRequest.httpVersion === '2.0') {
-            if (this.http2server)
-                return this.http2server.retryRequest(logRequest);
-        }
-        if (this.http1server) {
-            return this.http1server.retryRequest(logRequest);
-        }
-    }
-    async httpRequest(req, res) {
-        const isAuth = (await this.httpBasicAuth(req, res)) &&
-            (await this.httpBuddyAuth(req, res)) &&
-            this.httpUserAgent(req, res) &&
-            this.httpRateLimit(req, res) &&
-            this.httpCircuitBreaker(req, res);
-        if (!isAuth)
-            return;
-        const http = new http_1.default({
-            req,
-            res,
-            auth: this.targetAuth,
-            proto: this.targetProto,
-            host: this.targetHost,
-            port: this.targetPort,
-            hostHeader: this.host,
-            timeout: this.timeout,
-            verify: this.verify,
-            compression: this.compression,
-            headers: this.headers,
-            serve: this.serve,
-            responseHeaders: this.responseHeaders,
-            httpIdentify: this.identify?.type,
-            httpLog: this.httpLog,
-        });
-        http.once(tunnel_1.TUNNEL_HTTP_SOCKET.CLOSED, (socket) => this.httpConnectionClosed(socket));
-        http.pipe().then();
-    }
-    tlsSocket(tlsSocket) {
-        this.tunnelToTarget(tlsSocket, () => {
-            this.emit(tunnel_1.TUNNEL_EVENT.TLS_CLOSED, this);
-        });
-        this.emit(tunnel_1.TUNNEL_EVENT.TLS_OPEN, this);
-    }
-    canStreamTcp() {
-        if (this.type === tunnel_1.TUNNEL_TYPE.TCP)
-            return true;
-        return (this.type === tunnel_1.TUNNEL_TYPE.TLS &&
-            this.terminate &&
-            [tunnel_1.TUNNEL_TERMINATE_AT.REGION, tunnel_1.TUNNEL_TERMINATE_AT.TARGET].includes(this.terminate));
-    }
-    canStreamTls() {
-        return this.type === tunnel_1.TUNNEL_TYPE.TLS;
-    }
-    canStreamSsh() {
-        return this.type === tunnel_1.TUNNEL_TYPE.SSH;
-    }
-    canStreamHttp() {
-        return this.type === tunnel_1.TUNNEL_TYPE.HTTP;
-    }
-    safeEndStream(stream) {
-        try {
-            stream.removeAllListeners();
-            stream.once('error', () => { });
-            stream.end();
-        }
-        catch {
-            // do nothing
-        }
-        setTimeout(() => {
-            try {
-                stream.destroy();
-            }
-            catch {
-                // do nothing
-            }
-        }, 1000);
-    }
-    sshStreamTcp(stream) {
-        if (!this.canStreamTcp()) {
-            this.safeEndStream(stream);
-            return;
-        }
-        logger_1.default.debug((0, texts_1.LOG_TUNNEL_TCP_STREAM)(this.id));
-        this.tunnelToTarget(stream, () => {
-            this.emit(tunnel_1.TUNNEL_EVENT.TCP_CLOSED, this);
-        });
-        this.emit(tunnel_1.TUNNEL_EVENT.TCP_OPEN, this);
-    }
-    sshStreamHttp1(stream, info, ip) {
-        if (!this.canStreamHttp()) {
-            this.safeEndStream(stream);
-            return;
-        }
-        logger_1.default.debug((0, texts_1.LOG_TUNNEL_HTTP1_STREAM)(this.id));
-        if (this.http1server) {
-            this.http1server.handleSshTunnel(stream, info, ip);
-            return;
-        }
-        this.safeEndStream(stream);
-    }
-    sshStreamHttp2(stream, info, ip) {
-        if (!this.canStreamHttp()) {
-            this.safeEndStream(stream);
-            return;
-        }
-        logger_1.default.debug((0, texts_1.LOG_TUNNEL_HTTP2_STREAM)(this.id));
-        if (this.http2server) {
-            this.http2server.handleSshTunnel(stream, info, ip);
-            return;
-        }
-        this.safeEndStream(stream);
-    }
-    sshStreamSsh(stream) {
-        if (!this.canStreamSsh()) {
-            this.safeEndStream(stream);
-            return;
-        }
-        logger_1.default.debug((0, texts_1.LOG_TUNNEL_SSH_STREAM)(this.id));
-        if (this.sshServer) {
-            this.sshServer.handleSshTunnel(stream);
-            return;
-        }
-        this.safeEndStream(stream);
-    }
-    sshStreamTls(stream) {
-        if (!this.canStreamTls()) {
-            this.safeEndStream(stream);
-            return;
-        }
-        if (this.terminate === tunnel_1.TUNNEL_TERMINATE_AT.TARGET) {
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_TLS_TARGET_STREAM)(this.id));
-            this.sshStreamTcp(stream);
-            return;
-        }
-        if (this.terminate === tunnel_1.TUNNEL_TERMINATE_AT.REGION) {
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_TLS_REGION_STREAM)(this.id));
-            this.sshStreamTcp(stream);
-            return;
-        }
-        if (this.tls) {
-            logger_1.default.debug((0, texts_1.LOG_TUNNEL_TLS_AGENT_STREAM)(this.id));
-            this.tls.handleSshTunnel(stream);
-            return;
-        }
-        this.safeEndStream(stream);
-    }
-    start() {
-        if (this.started ||
-            !this.sshIp ||
-            !this.sshPort ||
-            !this.domain ||
-            !this.subdomain ||
-            !this.region ||
-            !this.sshId ||
-            !this.sshUser ||
-            !this.sshPassword)
-            return;
-        this.started = true;
-        logger_1.default.info((0, texts_1.LOG_STARTING_TUNNEL)(this.id));
-        // region latency
-        this.regionLatency = new latency_1.default(this.sshIp, this.sshPort);
-        this.regionLatency.startChecking();
-        // target latency
-        if (!this.serve && this.type !== tunnel_1.TUNNEL_TYPE.SSH) {
-            this.targetLatency = new latency_1.default(this.targetHost || '', this.targetPort || 0);
-            this.targetLatency.on(tunnel_1.TUNNEL_EVENT_LATENCY.RECONNECTED, () => this.targetReconnected());
-            this.targetLatency.startChecking();
-        }
-        // dns health
-        this.dns = new dns_1.default(this.sshIp, this.domain, this.subdomain, this.region, this.sshId);
-        this.dns.startChecking();
-        if (this.type === tunnel_1.TUNNEL_TYPE.TLS &&
-            this.terminate === tunnel_1.TUNNEL_TERMINATE_AT.AGENT) {
-            // tls
-            this.tls = new tls_1.default(this.key, this.cert, this.ca);
-            this.tls.on(tunnel_1.TUNNEL_EVENT.TLS_SOCKET, (socket) => this.tlsSocket(socket));
-        }
-        else if (this.type === tunnel_1.TUNNEL_TYPE.HTTP) {
-            // http
-            this.httpLog = new log_1.default(this.log, this.circuitBreaker);
-            this.httpLog.on(tunnel_1.TUNNEL_EVENT_HTTP.NEW_REQUEST, (logRequest) => this.httpLogRequest(logRequest));
-            this.httpLog.on(tunnel_1.TUNNEL_EVENT_HTTP.NEW_RESPONSE, (logRequest) => this.httpLogResponse(logRequest));
-            this.identify = new identification_1.default(this.targetProto || '', this.targetHost || '', this.targetPort || 0, this.http2 || !!this.serve);
-            this.identify.on(tunnel_1.TUNNEL_EVENT.IDENTIFIED, (type) => this.httpIdentified(type));
-            const host = format_1.default.entryHostEncoded(this);
-            this.http2server = new http2_1.default(host);
-            this.http2server.on(tunnel_1.TUNNEL_EVENT.HTTP_SESSION_OPEN, (session) => this.httpConnectionOpen(session));
-            this.http2server.on(tunnel_1.TUNNEL_EVENT.HTTP_SESSION_CLOSED, (session) => this.httpConnectionClosed(session));
-            this.http2server.on(tunnel_1.TUNNEL_EVENT.HTTP_REQUEST, async (req, res) => await this.httpRequest(req, res));
-            this.http1server = new http1_1.default(host);
-            this.http1server.on(tunnel_1.TUNNEL_HTTP_SOCKET.OPEN, (socket) => this.httpConnectionOpen(socket));
-            this.http1server.on(tunnel_1.TUNNEL_HTTP_SOCKET.CLOSED, (socket) => this.httpConnectionClosed(socket));
-            this.http1server.on(tunnel_1.TUNNEL_EVENT.HTTP_REQUEST, async (req, res) => await this.httpRequest(req, res));
-        }
-        else if (this.type === tunnel_1.TUNNEL_TYPE.SSH) {
-            // ssh server
-            this.sshServer = new ssh_1.default(this.agent, this.sshClientUser || '', this.sshClientPassword || '', this.sshHostKey);
-        }
-        // ssh
-        this.ssh = new client_1.default(this.sshIp, this.sshPort, this.sshUser, this.sshPassword);
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.CONNECTED, () => this.sshConnected());
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.DISCONNECTED, () => this.sshDisconnected());
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.STREAM_TCP, (stream) => this.sshStreamTcp(stream));
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.STREAM_TLS, (stream) => this.sshStreamTls(stream));
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.STREAM_HTTP1, (stream, info, ip) => this.sshStreamHttp1(stream, info, ip));
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.STREAM_HTTP2, (stream, info, ip) => this.sshStreamHttp2(stream, info, ip));
-        this.ssh.on(tunnel_1.TUNNEL_SSH_EVENT.STREAM_SSH, (stream) => this.sshStreamSsh(stream));
-        this.ssh.openKeepAlive();
-    }
-    stop(emitEvent = true) {
-        if (!this.started)
-            return;
-        this.started = false;
-        logger_1.default.info((0, texts_1.LOG_STOPPING_TUNNEL)(this.id));
-        if (emitEvent)
-            this.emit(tunnel_1.TUNNEL_EVENT.STOPPED, this);
-        if (this.regionLatency) {
-            this.regionLatency.removeAllListeners();
-            this.regionLatency.stopChecking();
-            this.regionLatency = null;
-        }
-        if (this.dns) {
-            this.dns.stopChecking();
-            this.dns = null;
-        }
-        if (this.targetLatency) {
-            this.targetLatency.removeAllListeners();
-            this.targetLatency.stopChecking();
-            this.targetLatency = null;
-        }
-        if (this.tls) {
-            this.tls.removeAllListeners();
-            this.tls.stop();
-            this.tls = null;
-        }
-        if (this.httpLog) {
-            this.httpLog.removeAllListeners();
-            this.httpLog.stop();
-            this.httpLog = null;
-        }
-        if (this.sshServer) {
-            this.sshServer.removeAllListeners();
-            this.sshServer.stop();
-            this.sshServer = null;
-        }
-        if (this.identify) {
-            this.identify.removeAllListeners();
-            this.identify.stop();
-            this.identify = null;
-        }
-        if (this.http2server) {
-            this.http2server.removeAllListeners();
-            this.http2server.stop();
-            this.http2server = null;
-        }
-        if (this.http1server) {
-            this.http1server.removeAllListeners();
-            this.http1server.stop();
-            this.http1server = null;
-        }
-        if (this.ssh) {
-            this.ssh.removeAllListeners();
-            this.ssh.closeKeepAlive();
-            this.ssh = null;
-        }
-        this.status = tunnel_1.TUNNEL_STATUS.CLOSED;
-    }
-}
-exports.default = Tunnel;