odac 0.9.0

package/server/src/SSL.js

@@ -0,0 +1,180 @@
+const {log, error} = Candy.core('Log', false).init('SSL')
+
+const acme = require('acme-client')
+const fs = require('fs')
+const os = require('os')
+const selfsigned = require('selfsigned')
+
+class SSL {
+  #checking = false
+  #checked = {}
+
+  async check() {
+    if (this.#checking || !Candy.core('Config').config.websites) return
+    this.#checking = true
+    this.#self()
+    for (const domain of Object.keys(Candy.core('Config').config.websites)) {
+      if (Candy.core('Config').config.websites[domain].cert === false) continue
+      if (
+        !Candy.core('Config').config.websites[domain].cert?.ssl ||
+        Date.now() + 1000 * 60 * 60 * 24 * 30 > Candy.core('Config').config.websites[domain].cert.ssl.expiry
+      )
+        await this.#ssl(domain)
+    }
+    this.#checking = false
+  }
+
+  renew(domain) {
+    if (domain.match(/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/))
+      return Candy.server('Api').result(false, __('SSL renewal is not available for IP addresses.'))
+    if (!Candy.core('Config').config.websites[domain]) {
+      for (const key of Object.keys(Candy.core('Config').config.websites)) {
+        for (const subdomain of Candy.core('Config').config.websites[key].subdomain)
+          if (subdomain + '.' + key == domain) {
+            domain = key
+            break
+          }
+      }
+      if (!Candy.core('Config').config.websites[domain]) return Candy.server('Api').result(false, __('Domain %s not found.', domain))
+    }
+    this.#ssl(domain)
+    return Candy.server('Api').result(true, __('SSL certificate for domain %s renewed successfully.', domain))
+  }
+
+  #self() {
+    let ssl = Candy.core('Config').config.ssl ?? {}
+    if (ssl && ssl.expiry > Date.now() && ssl.key && ssl.cert && fs.existsSync(ssl.key) && fs.existsSync(ssl.cert)) return
+    log('Generating self-signed SSL certificate...')
+    const attrs = [{name: 'commonName', value: 'CandyPack'}]
+    const pems = selfsigned.generate(attrs, {days: 365, keySize: 2048})
+    if (!fs.existsSync(os.homedir() + '/.candypack/cert/ssl')) fs.mkdirSync(os.homedir() + '/.candypack/cert/ssl', {recursive: true})
+    let key_file = os.homedir() + '/.candypack/cert/ssl/candypack.key'
+    let crt_file = os.homedir() + '/.candypack/cert/ssl/candypack.crt'
+    fs.writeFileSync(key_file, pems.private)
+    fs.writeFileSync(crt_file, pems.cert)
+    ssl.key = key_file
+    ssl.cert = crt_file
+    ssl.expiry = Date.now() + 86400000
+    Candy.core('Config').config.ssl = ssl
+  }
+
+  async #ssl(domain) {
+    if (this.#checked[domain]?.interval > Date.now()) return
+
+    try {
+      const accountPrivateKey = await acme.forge.createPrivateKey()
+
+      // Create ACME client with proper error handling configuration
+      const client = new acme.Client({
+        directoryUrl: acme.directory.letsencrypt.production,
+        accountKey: accountPrivateKey
+      })
+
+      let subdomains = [domain]
+      for (const subdomain of Candy.core('Config').config.websites[domain].subdomain ?? []) {
+        subdomains.push(subdomain + '.' + domain)
+      }
+
+      const [key, csr] = await acme.forge.createCsr({
+        commonName: domain,
+        altNames: subdomains
+      })
+
+      log('Requesting SSL certificate for domain %s...', domain)
+
+      const cert = await client.auto({
+        csr,
+        termsOfServiceAgreed: true,
+        challengePriority: ['dns-01'],
+        challengeCreateFn: async (authz, challenge, keyAuthorization) => {
+          if (challenge.type === 'dns-01') {
+            log('Creating DNS challenge for %s', authz.identifier.value)
+            Candy.server('DNS').record({
+              name: '_acme-challenge.' + authz.identifier.value,
+              type: 'TXT',
+              value: keyAuthorization,
+              ttl: 100,
+              unique: true
+            })
+          }
+        },
+        challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
+          if (challenge.type === 'dns-01') {
+            log('Removing DNS challenge for %s', authz.identifier.value)
+            Candy.server('DNS').delete({
+              name: '_acme-challenge.' + authz.identifier.value,
+              type: 'TXT',
+              value: keyAuthorization
+            })
+          }
+        }
+      })
+
+      if (!cert) {
+        error('SSL certificate generation failed for domain %s: No certificate returned', domain)
+        return
+      }
+
+      // Save certificate files
+      this.#saveCertificate(domain, key, cert)
+    } catch (err) {
+      this.#handleSSLError(domain, err)
+    }
+  }
+
+  #handleSSLError(domain, err) {
+    if (!this.#checked[domain]) this.#checked[domain] = {error: 0}
+    if (this.#checked[domain].error < 5) {
+      this.#checked[domain].error = this.#checked[domain].error + 1
+    }
+    this.#checked[domain].interval = this.#checked[domain].error * 1000 * 60 * 5 + Date.now()
+
+    // More specific error handling
+    if (err.message && err.message.includes('validateStatus')) {
+      error(
+        'SSL certificate request failed due to HTTP validation error for domain %s. This may be due to network issues or ACME server problems.',
+        domain
+      )
+    } else if (err.code === 'ENOTFOUND' || err.code === 'ECONNREFUSED') {
+      error('SSL certificate request failed due to network connectivity issues for domain %s: %s', domain, err.message)
+    } else {
+      error('SSL certificate request failed for domain %s: %s', domain, err.message)
+    }
+  }
+
+  #saveCertificate(domain, key, cert) {
+    try {
+      delete this.#checked[domain]
+
+      if (!fs.existsSync(os.homedir() + '/.candypack/cert/ssl')) {
+        fs.mkdirSync(os.homedir() + '/.candypack/cert/ssl', {recursive: true})
+      }
+
+      fs.writeFileSync(os.homedir() + '/.candypack/cert/ssl/' + domain + '.key', key)
+      fs.writeFileSync(os.homedir() + '/.candypack/cert/ssl/' + domain + '.crt', cert)
+
+      let websites = Candy.core('Config').config.websites ?? {}
+      let website = websites[domain]
+      if (!website) return
+
+      if (!website.cert) website.cert = {}
+      website.cert.ssl = {
+        key: os.homedir() + '/.candypack/cert/ssl/' + domain + '.key',
+        cert: os.homedir() + '/.candypack/cert/ssl/' + domain + '.crt',
+        expiry: Date.now() + 1000 * 60 * 60 * 24 * 30 * 3
+      }
+
+      websites[domain] = website
+      Candy.core('Config').config.websites = websites
+
+      Candy.server('Web').clearSSLCache(domain)
+      Candy.server('Mail').clearSSLCache(domain)
+
+      log('SSL certificate successfully generated and saved for domain %s', domain)
+    } catch (err) {
+      error('Failed to save SSL certificate for domain %s: %s', domain, err.message)
+    }
+  }
+}
+
+module.exports = new SSL()

package/server/src/Server.js

@@ -0,0 +1,27 @@
+class Server {
+  constructor() {
+    Candy.core('Config').config.server.pid = process.pid
+    Candy.core('Config').config.server.started = Date.now()
+    Candy.server('Service')
+    Candy.server('DNS')
+    Candy.server('Web')
+    Candy.server('Mail')
+    Candy.server('Api')
+    Candy.server('Hub')
+    setTimeout(function () {
+      setInterval(function () {
+        Candy.server('Service').check()
+        Candy.server('SSL').check()
+        Candy.server('Web').check()
+        Candy.server('Mail').check()
+      }, 1000)
+    }, 1000)
+  }
+
+  stop() {
+    Candy.server('Service').stopAll()
+    Candy.server('Web').stopAll()
+  }
+}
+
+module.exports = new Server()

package/server/src/Service.js

@@ -0,0 +1,248 @@
+const {log, error} = Candy.core('Log', false).init('Service')
+
+const childProcess = require('child_process')
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+
+class Service {
+  #services = []
+  #watcher = {}
+  #loaded = false
+  #logs = {}
+  #errs = {}
+  #error_counts = {}
+  #active = {}
+
+  #get(id) {
+    if (!this.#loaded && this.#services.length == 0) {
+      this.#services = Candy.core('Config').config.services ?? []
+      this.#loaded = true
+    }
+    for (const service of this.#services) {
+      if (service.id == id || service.name == id || service.file == id) return service
+    }
+    return false
+  }
+
+  #add(file) {
+    let name = path.basename(file)
+    if (name.substr(-3) == '.js') name = name.substr(0, name.length - 3)
+    let service = {
+      id: this.#services.length,
+      name: path.basename(file),
+      file: file,
+      active: true
+    }
+    this.#services.push(service)
+    this.#services[service.id] = service
+    Candy.core('Config').config.services = this.#services
+    return true
+  }
+
+  #set(id, key, value) {
+    let service = this.#get(id)
+    let index = this.#services.indexOf(service)
+    if (service) {
+      if (typeof key == 'object') {
+        for (const k in key) service[k] = key[k]
+      } else {
+        service[key] = value
+      }
+    } else {
+      return false
+    }
+    this.#services[index] = service
+    Candy.core('Config').config.services = this.#services
+  }
+
+  async check() {
+    this.#services = Candy.core('Config').config.services ?? []
+    for (const service of this.#services) {
+      if (service.active) {
+        if (!service.pid) {
+          this.#run(service.id)
+        } else {
+          if (!this.#watcher[service.pid]) {
+            log('Service %s (PID %s) is not running. Restarting...', service.name, service.pid)
+            Candy.core('Process').stop(service.pid)
+            this.#run(service.id)
+            this.#set(service.id, 'pid', null)
+          }
+        }
+      }
+      if (this.#logs[service.id])
+        fs.writeFile(os.homedir() + '/.candypack/logs/' + service.name + '.log', this.#logs[service.id], 'utf8', function (err) {
+          if (err) error(err)
+        })
+      if (this.#errs[service.id])
+        fs.writeFile(os.homedir() + '/.candypack/logs/' + service.name + '.err.log', this.#errs[service.id], 'utf8', function (err) {
+          if (err) error(err)
+        })
+    }
+  }
+
+  async delete(id) {
+    return new Promise(resolve => {
+      let service = this.#get(id)
+      if (service) {
+        this.stop(service.id)
+        this.#services = this.#services.filter(s => s.id != service.id)
+        Candy.core('Config').config.services = this.#services
+        return resolve(Candy.server('Api').result(true, __('Service %s deleted successfully.', service.name)))
+      } else {
+        return resolve(Candy.server('Api').result(false, __('Service %s not found.', id)))
+      }
+    })
+  }
+
+  async #run(id) {
+    if (this.#active[id]) return
+    this.#active[id] = true
+    let service = this.#get(id)
+    if (!service) return
+    log('Service %s is not running. Starting...', service.name)
+    if (this.#error_counts[id] > 10) {
+      this.#active[id] = false
+      log('Service %s has exceeded the maximum error limit. Please check the logs for more details.', service.name)
+      return
+    }
+    if ((service.status == 'errored' || service.status == 'stopped') && Date.now() - service.updated < this.#error_counts[id] * 1000) {
+      this.#active[id] = false
+      log('Service %s is in a cooldown period.', service.name)
+      return
+    }
+    log('Starting service %s...', service.name)
+    this.#set(id, 'updated', Date.now())
+    var child = childProcess.spawn('node', [service.file], {
+      cwd: path.dirname(service.file)
+    })
+    let pid = child.pid
+    child.stdout.on('data', data => {
+      if (!this.#logs[id]) this.#logs[id] = ''
+      this.#logs[id] +=
+        '[LOG][' +
+        Date.now() +
+        '] ' +
+        data
+          .toString()
+          .trim()
+          .split('\n')
+          .join('\n[LOG][' + Date.now() + '] ') +
+        '\n'
+      if (this.#logs[id].length > 1000000) this.#logs[id] = this.#logs[id].substr(this.#logs[id].length - 1000000)
+    })
+    child.stderr.on('data', data => {
+      if (!this.#errs[id]) this.#errs[id] = ''
+      this.#logs[id] +=
+        '[ERR][' +
+        Date.now() +
+        '] ' +
+        data
+          .toString()
+          .trim()
+          .split('\n')
+          .join('\n[ERR][' + Date.now() + '] ') +
+        '\n'
+      this.#errs[id] += data.toString()
+      if (this.#errs[id].length > 1000000) this.#errs[id] = this.#errs[id].substr(this.#errs[id].length - 1000000)
+      this.#set(id, {
+        status: 'errored',
+        updated: Date.now()
+      })
+    })
+    child.on('exit', () => {
+      if (this.#get(service.id).status == 'running') {
+        this.#set(id, {
+          pid: null,
+          started: null,
+          status: 'stopped',
+          updated: Date.now()
+        })
+      }
+      this.#watcher[pid] = false
+      this.#error_counts[id] = this.#error_counts[id] ?? 0
+      this.#error_counts[id]++
+      this.#active[id] = false
+    })
+    this.#set(id, {
+      active: true,
+      pid: pid,
+      started: Date.now(),
+      status: 'running'
+    })
+    this.#watcher[pid] = true
+  }
+
+  async init() {
+    log('Initializing services...')
+    this.#services = Candy.core('Config').config.services ?? []
+    for (const service of this.#services) {
+      fs.readFile(os.homedir() + '/.candypack/logs/' + service.name + '.log', 'utf8', (err, data) => {
+        if (!err) this.#logs[service.id] = data.toString()
+      })
+    }
+    this.#loaded = true
+  }
+
+  async start(file) {
+    return new Promise(resolve => {
+      if (file && file.length > 0) {
+        file = path.resolve(file)
+        if (fs.existsSync(file)) {
+          if (!this.#get(file)) {
+            this.#add(file)
+            return resolve(Candy.server('Api').result(true, __('Service %s added successfully.', file)))
+          } else {
+            return resolve(Candy.server('Api').result(false, __('Service %s already exists.', file)))
+          }
+        } else {
+          return resolve(Candy.server('Api').result(false, __('Service file %s not found.', file)))
+        }
+      } else {
+        return resolve(Candy.server('Api').result(false, __('Service file not specified.')))
+      }
+    })
+  }
+
+  stop(id) {
+    let service = this.#get(id)
+    if (service) {
+      if (service.pid) {
+        Candy.core('Process').stop(service.pid)
+        this.#set(id, 'pid', null)
+        this.#set(id, 'started', null)
+        this.#set(id, 'active', false)
+      } else {
+        log(__('Service %s is not running.', id))
+      }
+    } else {
+      log(__('Service %s not found.', id))
+    }
+  }
+
+  async status() {
+    let services = Candy.core('Config').config.services ?? []
+    for (const service of services) {
+      if (service.status == 'running') {
+        var uptime = Date.now() - service.started
+        let seconds = Math.floor(uptime / 1000)
+        let minutes = Math.floor(seconds / 60)
+        let hours = Math.floor(minutes / 60)
+        let days = Math.floor(hours / 24)
+        seconds %= 60
+        minutes %= 60
+        hours %= 24
+        let uptimeString = ''
+        if (days) uptimeString += days + 'd '
+        if (hours) uptimeString += hours + 'h '
+        if (minutes) uptimeString += minutes + 'm '
+        if (seconds) uptimeString += seconds + 's'
+        service.uptime = uptimeString
+      }
+    }
+    return services
+  }
+}
+
+module.exports = new Service()

package/server/src/Subdomain.js

@@ -0,0 +1,64 @@
+class Subdomain {
+  async create(subdomain) {
+    let domain = subdomain.split('.')
+    subdomain = subdomain.trim().split('.')
+    if (subdomain.length < 3) return Candy.server('Api').result(false, await __('Invalid subdomain name.'))
+    if (Candy.core('Config').config.websites[domain.join('.')])
+      return Candy.server('Api').result(false, await __('Domain %s already exists.', domain.join('.')))
+    while (domain.length > 2) {
+      domain.shift()
+      if (Candy.core('Config').config.websites[domain.join('.')]) {
+        domain = domain.join('.')
+        break
+      }
+    }
+    if (typeof domain == 'object') return Candy.server('Api').result(false, await __('Domain %s not found.', domain.join('.')))
+    subdomain = subdomain.join('.').substr(0, subdomain.join('.').length - domain.length - 1)
+    let fulldomain = [subdomain, domain].join('.')
+    if (Candy.core('Config').config.websites[domain].subdomain.includes(subdomain))
+      return Candy.server('Api').result(false, await __('Subdomain %s already exists.', fulldomain))
+    Candy.server('DNS').record({name: fulldomain, type: 'A'}, {name: 'www.' + fulldomain, type: 'CNAME'}, {name: fulldomain, type: 'MX'})
+    let websites = Candy.core('Config').config.websites
+    websites[domain].subdomain.push(subdomain)
+    websites[domain].subdomain.push('www.' + subdomain)
+    websites[domain].subdomain.sort()
+    Candy.core('Config').config.websites = websites
+    Candy.server('SSL').renew(domain)
+    return Candy.server('Api').result(true, await __('Subdomain %s1 created successfully for domain %s2.', fulldomain, domain))
+  }
+
+  async delete(subdomain) {
+    let domain = subdomain.split('.')
+    subdomain = subdomain.trim().split('.')
+    if (subdomain.length < 3) return Candy.server('Api').result(false, await __('Invalid subdomain name.'))
+    if (Candy.core('Config').config.websites[domain.join('.')])
+      return Candy.server('Api').result(false, await __('%s is a domain.', domain.join('.')))
+    while (domain.length > 2) {
+      domain.shift()
+      if (Candy.core('Config').config.websites[domain.join('.')]) {
+        domain = domain.join('.')
+        break
+      }
+    }
+    if (typeof domain == 'object') return Candy.server('Api').result(false, await __('Domain %s not found.', domain.join('.')))
+    subdomain = subdomain.join('.').substr(0, subdomain.join('.').length - domain.length - 1)
+    let fulldomain = [subdomain, domain].join('.')
+    if (!Candy.core('Config').config.websites[domain].subdomain.includes(subdomain))
+      return Candy.server('Api').result(false, await __('Subdomain %s not found.', fulldomain))
+    Candy.server('DNS').delete({name: fulldomain, type: 'A'}, {name: 'www.' + fulldomain, type: 'CNAME'}, {name: fulldomain, type: 'MX'})
+    let websites = Candy.core('Config').config.websites
+    websites[domain].subdomain = websites[domain].subdomain.filter(s => s != subdomain && s != 'www.' + subdomain)
+    Candy.core('Config').config.websites = websites
+    return Candy.server('Api').result(true, await __('Subdomain %s1 deleted successfully from domain %s2.', fulldomain, domain))
+  }
+
+  async list(domain) {
+    if (!Candy.core('Config').config.websites[domain]) return Candy.server('Api').result(false, await __('Domain %s not found.', domain))
+    let subdomains = Candy.core('Config').config.websites[domain].subdomain.map(subdomain => {
+      return subdomain + '.' + domain
+    })
+    return Candy.server('Api').result(true, (await __('Subdomains of %s:', domain)) + '\n  ' + subdomains.join('\n  '))
+  }
+}
+
+module.exports = new Subdomain()

package/server/src/Web/Firewall.js

@@ -0,0 +1,170 @@
+const {log} = Candy.core('Log', false).init('Firewall')
+
+/**
+ * Firewall class to handle IP blocking and rate limiting.
+ */
+class Firewall {
+  #requestCounts = new Map() // IP -> { count, timestamp }
+  #config = {}
+  #cleanupInterval = null
+
+  constructor() {
+    this.load()
+    // Run cleanup every minute
+    this.#cleanupInterval = setInterval(() => this.cleanup(), 60000)
+    if (this.#cleanupInterval.unref) this.#cleanupInterval.unref()
+  }
+
+  /**
+   * Load configuration from the global Config module.
+   */
+  load() {
+    // Load configuration from Candy.core('Config').config
+    const config = Candy.core('Config').config.firewall || {}
+
+    this.#config = {
+      enabled: config.enabled !== false,
+      rateLimit: {
+        enabled: config.rateLimit?.enabled !== false,
+        windowMs: config.rateLimit?.windowMs ?? 60000, // 1 minute
+        max: config.rateLimit?.max ?? 300 // limit each IP to 300 requests per windowMs
+      },
+      blacklist: new Set(config.blacklist || []),
+      whitelist: new Set(config.whitelist || [])
+    }
+  }
+
+  /**
+   * Check if a request should be allowed.
+   * @param {Object} req - The HTTP request object.
+   * @returns {Object} An object containing {allowed: boolean, reason?: string}.
+   */
+  check(req) {
+    if (!this.#config.enabled) return {allowed: true}
+
+    // Extract IP address safely, handling x-forwarded-for which can be a comma-separated list
+    let ip = req.socket?.remoteAddress || req.headers['x-forwarded-for']?.split(',')[0]?.trim()
+
+    // Normalize IPv6-mapped IPv4 addresses
+    if (ip && ip.startsWith('::ffff:')) {
+      ip = ip.substring(7)
+    }
+
+    // Note: Native IPv6 addresses are not fully normalized (e.g. :: vs 0:0...).
+    // Blacklist/Whitelist entries for IPv6 should match the format provided by the socket (usually compressed).
+
+    if (!ip) return {allowed: true}
+
+    // 1. Check whitelist (bypass everything)
+    if (this.#config.whitelist.has(ip)) return {allowed: true}
+
+    // 2. Check blacklist
+    if (this.#config.blacklist.has(ip)) {
+      log(`Blocked request from blacklisted IP: ${ip}`)
+      return {allowed: false, reason: 'blacklist'}
+    }
+
+    // 3. Rate limiting
+    if (this.#config.rateLimit.enabled) {
+      // Memory protection: if map gets too big, clear it to prevent memory leak
+      if (this.#requestCounts.size > 20000) {
+        this.#requestCounts.clear()
+        log('Firewall request counts cleared due to memory limit')
+      }
+
+      const now = Date.now()
+      let record = this.#requestCounts.get(ip)
+
+      if (!record) {
+        record = {count: 0, timestamp: now}
+        this.#requestCounts.set(ip, record)
+      }
+
+      // Check window
+      if (now - record.timestamp > this.#config.rateLimit.windowMs) {
+        // Reset window
+        record.count = 1
+        record.timestamp = now
+      } else {
+        record.count++
+      }
+
+      if (record.count > this.#config.rateLimit.max) {
+        if (record.count === this.#config.rateLimit.max + 1) {
+          log(`Rate limit exceeded for IP: ${ip}`)
+        }
+        return {allowed: false, reason: 'rate_limit'}
+      }
+    }
+
+    return {allowed: true}
+  }
+
+  /**
+   * Cleanup stale rate limit records.
+   */
+  cleanup() {
+    if (!this.#config.rateLimit?.windowMs) return
+
+    const now = Date.now()
+    const windowMs = this.#config.rateLimit.windowMs
+
+    for (const [ip, record] of this.#requestCounts) {
+      if (now - record.timestamp > windowMs) {
+        this.#requestCounts.delete(ip)
+      }
+    }
+  }
+
+  /**
+   * Add an IP to the blacklist.
+   * @param {string} ip - The IP address to block.
+   */
+  addBlock(ip) {
+    if (this.#config.whitelist.has(ip)) this.#config.whitelist.delete(ip)
+    this.#config.blacklist.add(ip)
+    this.#save()
+  }
+
+  /**
+   * Remove an IP from the blacklist.
+   * @param {string} ip - The IP address to unblock.
+   */
+  removeBlock(ip) {
+    this.#config.blacklist.delete(ip)
+    this.#save()
+  }
+
+  /**
+   * Add an IP to the whitelist.
+   * @param {string} ip - The IP address to whitelist.
+   */
+  addWhitelist(ip) {
+    if (this.#config.blacklist.has(ip)) this.#config.blacklist.delete(ip)
+    this.#config.whitelist.add(ip)
+    this.#save()
+  }
+
+  /**
+   * Remove an IP from the whitelist.
+   * @param {string} ip - The IP address to remove from whitelist.
+   */
+  removeWhitelist(ip) {
+    this.#config.whitelist.delete(ip)
+    this.#save()
+  }
+
+  #save() {
+    // Update the global config
+    if (!Candy.core('Config').config.firewall) Candy.core('Config').config.firewall = {}
+
+    Candy.core('Config').config.firewall.blacklist = Array.from(this.#config.blacklist)
+    Candy.core('Config').config.firewall.whitelist = Array.from(this.#config.whitelist)
+    // Config module handles saving automatically when properties change if using Proxy,
+    // but here we are modifying the object structure.
+    // Assuming Config module watches for changes or we need to trigger save.
+    // Looking at Config.js, it uses Proxy to detect changes.
+  }
+}
+
+module.exports = Firewall