push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(routing): Implement unified routing and matching system

Browse Source 
- Introduced a centralized routing module with comprehensive matchers for domains, headers, IPs, and paths.
- Added DomainMatcher for domain pattern matching with support for wildcards and specificity calculation.
- Implemented HeaderMatcher for HTTP header matching, including exact matches and pattern support.
- Developed IpMatcher for IP address matching, supporting CIDR notation, ranges, and wildcards.
- Created PathMatcher for path matching with parameter extraction and wildcard support.
- Established RouteSpecificity class to calculate and compare route specificity scores.
- Enhanced HttpRouter to utilize the new matching system, supporting both modern and legacy route configurations.
- Added detailed logging and error handling for routing operations.
This commit is contained in:
Philipp Kunz
2025-06-02 03:57:52 +00:00
parent 01e1153fb8
commit 54ffbadb86
28 changed files with 1827 additions and 1724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ts/core/utils/route-manager.ts
View File

@@ -12,7 +12,6 @@ import {
matchPath,
matchIpPattern,
matchIpCidr,
ipToNumber,
isIpAuthorized,
calculateRouteSpecificity
} from './route-utils.js';
@@ -343,13 +342,6 @@ export class SharedRouteManager extends plugins.EventEmitter {
return matchIpCidr(cidr, ip);
}
/**
* Convert an IP address to a numeric value
* @deprecated Use the ipToNumber function from route-utils.js instead
*/
private ipToNumber(ip: string): number {
return ipToNumber(ip);
}
/**
* Validate the route configuration and return any warnings

246
ts/core/utils/route-utils.ts
View File

@@ -1,34 +1,21 @@
/**
* Route matching utilities for SmartProxy components
*
* Contains shared logic for domain matching, path matching, and IP matching
* to be used by different proxy components throughout the system.
* This file provides utility functions that use the unified matchers
* and additional route-specific utilities.
*/
import { DomainMatcher, PathMatcher, IpMatcher, HeaderMatcher } from '../routing/matchers/index.js';
import { RouteSpecificity } from '../routing/specificity.js';
import type { IRouteSpecificity } from '../routing/types.js';
import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
/**
* Match a domain pattern against a domain
*
* @param pattern Domain pattern with optional wildcards (e.g., "*.example.com")
* @param domain Domain to match against the pattern
* @returns Whether the domain matches the pattern
* @deprecated Use DomainMatcher.match() directly
*/
export function matchDomain(pattern: string, domain: string): boolean {
// Handle exact match (case-insensitive)
if (pattern.toLowerCase() === domain.toLowerCase()) {
return true;
}
// Handle wildcard pattern
if (pattern.includes('*')) {
const regexPattern = pattern
.replace(/\./g, '\\.') // Escape dots
.replace(/\*/g, '.*'); // Convert * to .*
const regex = new RegExp(`^${regexPattern}$`, 'i');
return regex.test(domain);
}
return false;
return DomainMatcher.match(pattern, domain);
}
/**
@@ -55,211 +42,50 @@ export function matchRouteDomain(domains: string | string[] | undefined, domain:
/**
* Match a path pattern against a path
*
* @param pattern Path pattern with optional wildcards
* @param path Path to match against the pattern
* @returns Whether the path matches the pattern
* @deprecated Use PathMatcher.match() directly
*/
export function matchPath(pattern: string, path: string): boolean {
// Handle exact match
if (pattern === path) {
return true;
}
// Handle simple wildcard at the end (like /api/*)
if (pattern.endsWith('*')) {
const prefix = pattern.slice(0, -1);
return path.startsWith(prefix);
}
// Handle more complex wildcard patterns
if (pattern.includes('*')) {
const regexPattern = pattern
.replace(/\./g, '\\.') // Escape dots
.replace(/\*/g, '.*') // Convert * to .*
.replace(/\//g, '\\/'); // Escape slashes
const regex = new RegExp(`^${regexPattern}$`);
return regex.test(path);
}
return false;
return PathMatcher.match(pattern, path).matches;
}
/**
* Parse CIDR notation into subnet and mask bits
*
* @param cidr CIDR string (e.g., "192.168.1.0/24")
* @returns Object with subnet and bits, or null if invalid
*/
export function parseCidr(cidr: string): { subnet: string; bits: number } | null {
try {
const [subnet, bitsStr] = cidr.split('/');
const bits = parseInt(bitsStr, 10);
if (isNaN(bits) || bits < 0 || bits > 32) {
return null;
}
return { subnet, bits };
} catch (e) {
return null;
}
}
/**
* Convert an IP address to a numeric value
*
* @param ip IPv4 address string (e.g., "192.168.1.1")
* @returns Numeric representation of the IP
*/
export function ipToNumber(ip: string): number {
// Handle IPv6-mapped IPv4 addresses (::ffff:192.168.1.1)
if (ip.startsWith('::ffff:')) {
ip = ip.slice(7);
}
const parts = ip.split('.').map(part => parseInt(part, 10));
return (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3];
}
// Helper functions removed - use IpMatcher internal methods instead
/**
* Match an IP against a CIDR pattern
*
* @param cidr CIDR pattern (e.g., "192.168.1.0/24")
* @param ip IP to match against the pattern
* @returns Whether the IP is in the CIDR range
* @deprecated Use IpMatcher.matchCidr() directly
*/
export function matchIpCidr(cidr: string, ip: string): boolean {
const parsed = parseCidr(cidr);
if (!parsed) {
return false;
}
try {
const { subnet, bits } = parsed;
// Normalize IPv6-mapped IPv4 addresses
const normalizedIp = ip.startsWith('::ffff:') ? ip.substring(7) : ip;
const normalizedSubnet = subnet.startsWith('::ffff:') ? subnet.substring(7) : subnet;
// Convert IP addresses to numeric values
const ipNum = ipToNumber(normalizedIp);
const subnetNum = ipToNumber(normalizedSubnet);
// Calculate subnet mask
const maskNum = ~(2 ** (32 - bits) - 1);
// Check if IP is in subnet
return (ipNum & maskNum) === (subnetNum & maskNum);
} catch (e) {
return false;
}
return IpMatcher.matchCidr(cidr, ip);
}
/**
* Match an IP pattern against an IP
*
* @param pattern IP pattern (exact, CIDR, or with wildcards)
* @param ip IP to match against the pattern
* @returns Whether the IP matches the pattern
* @deprecated Use IpMatcher.match() directly
*/
export function matchIpPattern(pattern: string, ip: string): boolean {
// Normalize IPv6-mapped IPv4 addresses
const normalizedIp = ip.startsWith('::ffff:') ? ip.substring(7) : ip;
const normalizedPattern = pattern.startsWith('::ffff:') ? pattern.substring(7) : pattern;
// Handle exact match with all variations
if (pattern === ip || normalizedPattern === normalizedIp ||
pattern === normalizedIp || normalizedPattern === ip) {
return true;
}
// Handle "all" wildcard
if (pattern === '*' || normalizedPattern === '*') {
return true;
}
// Handle CIDR notation (e.g., 192.168.1.0/24)
if (pattern.includes('/')) {
return matchIpCidr(pattern, normalizedIp) ||
(normalizedPattern !== pattern && matchIpCidr(normalizedPattern, normalizedIp));
}
// Handle glob pattern (e.g., 192.168.1.*)
if (pattern.includes('*')) {
const regexPattern = pattern.replace(/\./g, '\\.').replace(/\*/g, '.*');
const regex = new RegExp(`^${regexPattern}$`);
if (regex.test(ip) || regex.test(normalizedIp)) {
return true;
}
// If pattern was normalized, also test with normalized pattern
if (normalizedPattern !== pattern) {
const normalizedRegexPattern = normalizedPattern.replace(/\./g, '\\.').replace(/\*/g, '.*');
const normalizedRegex = new RegExp(`^${normalizedRegexPattern}$`);
return normalizedRegex.test(ip) || normalizedRegex.test(normalizedIp);
}
}
return false;
return IpMatcher.match(pattern, ip);
}
/**
* Match an IP against allowed and blocked IP patterns
*
* @param ip IP to check
* @param ipAllowList Array of allowed IP patterns
* @param ipBlockList Array of blocked IP patterns
* @returns Whether the IP is allowed
* @deprecated Use IpMatcher.isAuthorized() directly
*/
export function isIpAuthorized(
ip: string,
ipAllowList: string[] = ['*'],
ipBlockList: string[] = []
): boolean {
// Check blocked IPs first
if (ipBlockList.length > 0) {
for (const pattern of ipBlockList) {
if (matchIpPattern(pattern, ip)) {
return false; // IP is blocked
}
}
}
// If there are allowed IPs, check them
if (ipAllowList.length > 0) {
// Special case: if '*' is in allowed IPs, all non-blocked IPs are allowed
if (ipAllowList.includes('*')) {
return true;
}
for (const pattern of ipAllowList) {
if (matchIpPattern(pattern, ip)) {
return true; // IP is allowed
}
}
return false; // IP not in allowed list
}
// No allowed IPs specified, so IP is allowed by default
return true;
return IpMatcher.isAuthorized(ip, ipAllowList, ipBlockList);
}
/**
* Match an HTTP header pattern against a header value
*
* @param pattern Expected header value (string or RegExp)
* @param value Actual header value
* @returns Whether the header matches the pattern
* @deprecated Use HeaderMatcher.match() directly
*/
export function matchHeader(pattern: string | RegExp, value: string): boolean {
if (typeof pattern === 'string') {
return pattern === value;
} else if (pattern instanceof RegExp) {
return pattern.test(value);
}
return false;
// Convert RegExp to string pattern for HeaderMatcher
const stringPattern = pattern instanceof RegExp ? pattern.source : pattern;
return HeaderMatcher.match(stringPattern, value, { exactMatch: true });
}
/**
@@ -268,6 +94,7 @@ export function matchHeader(pattern: string | RegExp, value: string): boolean {
*
* @param match Match criteria to evaluate
* @returns Numeric specificity score
* @deprecated Consider using RouteSpecificity.calculate() with full IRouteConfig
*/
export function calculateRouteSpecificity(match: {
domains?: string | string[];
@@ -278,34 +105,37 @@ export function calculateRouteSpecificity(match: {
}): number {
let score = 0;
// Path is very specific
// Path specificity using PathMatcher
if (match.path) {
// More specific if it doesn't use wildcards
score += match.path.includes('*') ? 3 : 4;
score += PathMatcher.calculateSpecificity(match.path);
}
// Domain is next most specific
// Domain specificity using DomainMatcher
if (match.domains) {
const domains = Array.isArray(match.domains) ? match.domains : [match.domains];
// More domains or more specific domains (without wildcards) increase specificity
score += domains.length;
// Add bonus for exact domains (without wildcards)
score += domains.some(d => !d.includes('*')) ? 1 : 0;
// Use the highest specificity among all domains
const domainScore = Math.max(...domains.map(d => DomainMatcher.calculateSpecificity(d)));
score += domainScore;
}
// Headers are quite specific
// Headers specificity using HeaderMatcher
if (match.headers) {
score += Object.keys(match.headers).length * 2;
const stringHeaders: Record<string, string> = {};
for (const [key, value] of Object.entries(match.headers)) {
stringHeaders[key] = value instanceof RegExp ? value.source : value;
}
score += HeaderMatcher.calculateSpecificity(stringHeaders);
}
// Client IP adds some specificity
if (match.clientIp && match.clientIp.length > 0) {
score += 1;
// Use the first IP pattern for specificity
score += IpMatcher.calculateSpecificity(match.clientIp[0]);
}
// TLS version adds minimal specificity
if (match.tlsVersion && match.tlsVersion.length > 0) {
score += 1;
score += match.tlsVersion.length * 10;
}
return score;

10
ts/core/utils/security-utils.ts
View File

@@ -1,9 +1,5 @@
import * as plugins from '../../plugins.js';
import {
matchIpPattern,
ipToNumber,
matchIpCidr
} from './route-utils.js';
import { IpMatcher } from '../routing/matchers/ip.js';
/**
* Security utilities for IP validation, rate limiting,
@@ -90,7 +86,7 @@ export function isIPAuthorized(
// First check if IP is blocked - blocked IPs take precedence
if (blockedIPs.length > 0) {
for (const pattern of blockedIPs) {
if (matchIpPattern(pattern, ip)) {
if (IpMatcher.match(pattern, ip)) {
return false;
}
}
@@ -104,7 +100,7 @@ export function isIPAuthorized(
// Then check if IP is allowed in the explicit allow list
if (allowedIPs.length > 0) {
for (const pattern of allowedIPs) {
if (matchIpPattern(pattern, ip)) {
if (IpMatcher.match(pattern, ip)) {
return true;
}
}