fix(PortProxy): Refactor and enhance PortProxy test cases and handling

2025-02-27 21:19:34 +00:00
parent 622ad2ff20
commit 5d6b707440
4 changed files with 111 additions and 100 deletions
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.18.0',
+  version: '3.18.1',
  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
 }
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@ -2,10 +2,10 @@ import * as plugins from './plugins.js';

 /** Domain configuration with per‐domain allowed port ranges */
 export interface IDomainConfig {
-  domain: string | string[];         // Glob pattern or patterns for domain(s)
-  allowedIPs: string[];              // Glob patterns for allowed IPs
-  targetIP?: string;                 // Optional target IP for this domain
-  portRanges?: Array<{ from: number; to: number }>; // Optional domain-specific allowed port ranges
+  domains: string[];         // Glob patterns for domain(s)
+  allowedIPs: string[];      // Glob patterns for allowed IPs
+  targetIPs?: string[];      // If multiple targetIPs are given, use round robin.
+  portRanges?: Array<{ from: number; to: number }>; // Optional port ranges
 }

 /** Port proxy settings including global allowed port ranges */
@ -13,7 +13,7 @@ export interface IPortProxySettings extends plugins.tls.TlsOptions {
  fromPort: number;
  toPort: number;
  targetIP?: string; // Global target host to proxy to, defaults to 'localhost'
-  domains: IDomainConfig[];
+  domainConfigs: IDomainConfig[];
  sniEnabled?: boolean;
  defaultAllowedIPs?: string[];
  preserveSourceIP?: boolean;
@ -102,6 +102,9 @@ export class PortProxy {
  private connectionRecords: Set<IConnectionRecord> = new Set();
  private connectionLogger: NodeJS.Timeout | null = null;

+  // Map to track round robin indices for each domain config.
+  private domainTargetIndices: Map<IDomainConfig, number> = new Map();
+
  private terminationStats: {
    incoming: Record<string, number>;
    outgoing: Record<string, number>;
@ -122,6 +125,16 @@ export class PortProxy {
    this.terminationStats[side][reason] = (this.terminationStats[side][reason] || 0) + 1;
  }

+  private getTargetIP(domainConfig: IDomainConfig): string {
+    if (domainConfig.targetIPs && domainConfig.targetIPs.length > 0) {
+      const currentIndex = this.domainTargetIndices.get(domainConfig) || 0;
+      const ip = domainConfig.targetIPs[currentIndex % domainConfig.targetIPs.length];
+      this.domainTargetIndices.set(domainConfig, currentIndex + 1);
+      return ip;
+    }
+    return this.settings.targetIP!;
+  }
+
  public async start() {
    // Define a unified connection handler for all listening ports.
    const connectionHandler = (socket: plugins.net.Socket) => {
@ -214,18 +227,14 @@ export class PortProxy {
        // If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup.
        const domainConfig = forcedDomain
          ? forcedDomain
-          : (serverName ? this.settings.domains.find(config => {
-              if (typeof config.domain === 'string') {
-                return plugins.minimatch(serverName, config.domain);
-              } else {
-                return config.domain.some(d => plugins.minimatch(serverName, d));
-              }
-            }) : undefined);
+          : (serverName ? this.settings.domainConfigs.find(config =>
+              config.domains.some(d => plugins.minimatch(serverName, d))
+            ) : undefined);

        // If a matching domain config exists, check its allowedIPs.
        if (domainConfig) {
          if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
-            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${Array.isArray(domainConfig.domain) ? domainConfig.domain.join(', ') : domainConfig.domain}`);
+            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${domainConfig.domains.join(', ')}`);
          }
        } else if (this.settings.defaultAllowedIPs) {
          // Only check default allowed IPs if no domain config matched.
@ -233,7 +242,7 @@ export class PortProxy {
            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed by default allowed list`);
          }
        }
-        const targetHost = domainConfig?.targetIP || this.settings.targetIP!;
+        const targetHost = domainConfig ? this.getTargetIP(domainConfig) : this.settings.targetIP!;
        const connectionOptions: plugins.net.NetConnectOpts = {
          host: targetHost,
          port: overridePort !== undefined ? overridePort : this.settings.toPort,
@ -248,7 +257,7 @@ export class PortProxy {

        console.log(
          `Connection established: ${remoteIP} -> ${targetHost}:${connectionOptions.port}` +
-          `${serverName ? ` (SNI: ${serverName})` : forcedDomain ? ` (Port-based for domain: ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain})` : ''}`
+          `${serverName ? ` (SNI: ${serverName})` : forcedDomain ? ` (Port-based for domain: ${forcedDomain.domains.join(', ')})` : ''}`
        );

        if (initialChunk) {
@ -330,24 +339,24 @@ export class PortProxy {
          }
          console.log(`Port-based connection from ${remoteIP} on port ${localPort} forwarded to global target IP ${this.settings.targetIP}.`);
          setupConnection('', undefined, {
-            domain: 'global',
+            domains: ['global'],
            allowedIPs: this.settings.defaultAllowedIPs || [],
-            targetIP: this.settings.targetIP,
+            targetIPs: [this.settings.targetIP!],
            portRanges: []
          }, localPort);
          return;
        } else {
          // Attempt to find a matching forced domain config based on the local port.
-          const forcedDomain = this.settings.domains.find(
+          const forcedDomain = this.settings.domainConfigs.find(
            domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges)
          );
          if (forcedDomain) {
            if (!isAllowed(remoteIP, forcedDomain.allowedIPs)) {
-              console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain} on port ${localPort}.`);
+              console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domains.join(', ')} on port ${localPort}.`);
              socket.end();
              return;
            }
-            console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${Array.isArray(forcedDomain.domain) ? forcedDomain.domain.join(', ') : forcedDomain.domain}.`);
+            console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${forcedDomain.domains.join(', ')}.`);
            setupConnection('', undefined, forcedDomain, localPort);
            return;
          }