push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(portproxy): Extend domain input validation to support string arrays in port proxy configurations.

Browse Source
This commit is contained in:
Philipp Kunz 2025-02-27 15:46:14 +00:00
parent adee6afc76
commit 1aa409907b
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changelog.md
View File

@ -1,5 +1,12 @@
# Changelog # Changelog
## 2025-02-27 - 3.16.9 - fix(portproxy)
Extend domain input validation to support string arrays in port proxy configurations.
- Modify IDomainConfig interface to allow domain specification as string array.
- Update connection setup logic to handle multiple domain patterns.
- Enhance domain rejection logging to include all domain patterns.
## 2025-02-27 - 3.16.8 - fix(PortProxy) ## 2025-02-27 - 3.16.8 - fix(PortProxy)
Fix IP filtering for domain and global default allowed lists and improve port-based routing logic. Fix IP filtering for domain and global default allowed lists and improve port-based routing logic.

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.16.8', version: '3.16.9',
description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.' description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
} }

18
ts/classes.portproxy.ts
View File

@ -2,7 +2,7 @@ import * as plugins from './plugins.js';
/** Domain configuration with perdomain allowed port ranges */ /** Domain configuration with perdomain allowed port ranges */
export interface IDomainConfig { export interface IDomainConfig {
domain: string; // Glob pattern for domain domain: string | string[]; // Glob pattern or patterns for domain(s)
allowedIPs: string[]; // Glob patterns for allowed IPs allowedIPs: string[]; // Glob patterns for allowed IPs
targetIP?: string; // Optional target IP for this domain targetIP?: string; // Optional target IP for this domain
portRanges?: Array<{ from: number; to: number }>; // Optional domain-specific allowed port ranges portRanges?: Array<{ from: number; to: number }>; // Optional domain-specific allowed port ranges
@ -213,12 +213,18 @@ export class PortProxy {
// If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup. // If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup.
const domainConfig = forcedDomain const domainConfig = forcedDomain
? forcedDomain ? forcedDomain
: (serverName ? this.settings.domains.find(config => plugins.minimatch(serverName, config.domain)) : undefined); : (serverName ? this.settings.domains.find(config => {
if (typeof config.domain === 'string') {
return plugins.minimatch(serverName, config.domain);
} else {
return config.domain.some(d => plugins.minimatch(serverName, d));
}
}) : undefined);
// If a matching domain config exists, check its allowedIPs. // If a matching domain config exists, check its allowedIPs.
if (domainConfig) { if (domainConfig) {
if (!isAllowed(remoteIP, domainConfig.allowedIPs)) { if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${domainConfig.domain}`); return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${Array.isArray(domainConfig.domain) ? domainConfig.domain.join(', ') : domainConfig.domain}`);
} }
} else if (this.settings.defaultAllowedIPs) { } else if (this.settings.defaultAllowedIPs) {
// Only check default allowed IPs if no domain config matched. // Only check default allowed IPs if no domain config matched.
@ -241,7 +247,7 @@ export class PortProxy {
console.log( console.log(
`Connection established: ${remoteIP} -> ${targetHost}:${connectionOptions.port}` + `Connection established: ${remoteIP} -> ${targetHost}:${connectionOptions.port}` +
`${serverName ? ` (SNI: ${serverName})` : forcedDomain ? ` (Port-based for domain: ${forcedDomain.domain})` : ''}` `${serverName ? ` (SNI: ${serverName})` : forcedDomain ? ` (Port-based for domain: ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain})` : ''}`
); );
if (initialChunk) { if (initialChunk) {
@ -336,11 +342,11 @@ export class PortProxy {
); );
if (forcedDomain) { if (forcedDomain) {
if (!isAllowed(remoteIP, forcedDomain.allowedIPs)) { if (!isAllowed(remoteIP, forcedDomain.allowedIPs)) {
console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domain} on port ${localPort}.`); console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain} on port ${localPort}.`);
socket.end(); socket.end();
return; return;
} }
console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${forcedDomain.domain}.`); console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain}.`);
setupConnection('', undefined, forcedDomain, localPort); setupConnection('', undefined, forcedDomain, localPort);
return; return;
} }