fix(PortProxy): Fix port-based routing logic in PortProxy

2025-02-27 12:54:14 +00:00 · 2025-02-27 12:54:14 +00:00 · 7ee35a98e3
commit 7ee35a98e3
parent ea0f6d2270
3 changed files with 25 additions and 24 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,12 @@
 # Changelog

+## 2025-02-27 - 3.16.2 - fix(PortProxy)
+Fix port-based routing logic in PortProxy
+
+- Optimized the handling and checking of local ports in the global port range.
+- Fixed the logic for rejecting or accepting connections based on predefined port ranges.
+- Improved handling of the default and specific domain configurations during port-based connections.
+
 ## 2025-02-27 - 3.16.1 - fix(core)
 Updated minor version numbers in dependencies for patch release.

--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.16.1',
+  version: '3.16.2',
  description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
 }
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@ -344,13 +344,11 @@ export class PortProxy {
      };

      // --- PORT RANGE-BASED HANDLING ---
-      // If global port ranges are defined, enforce port-based routing and ignore SNI.
-      if (this.settings.globalPortRanges && this.settings.globalPortRanges.length > 0) {
-        if (!isPortInRanges(localPort, this.settings.globalPortRanges)) {
-          console.log(`Connection from ${remoteIP} rejected: port ${localPort} is not in global allowed ranges.`);
-          socket.destroy();
-          return;
-        }
+      // Check if the local port falls within any of the global port ranges.
+      const isLocalPortInGlobalRange =
+        this.settings.globalPortRanges && isPortInRanges(localPort, this.settings.globalPortRanges);
+
+      if (isLocalPortInGlobalRange) {
        if (this.settings.forwardAllGlobalRanges) {
          // Forward connection to the global targetIP regardless of domain config.
          if (this.settings.defaultAllowedIPs && !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
@ -367,30 +365,26 @@ export class PortProxy {
          });
          return;
        } else {
-          // Find a matching domain config based on the incoming local port.
+          // Attempt to find a matching forced domain config based on the local port.
          const forcedDomain = this.settings.domains.find(
            domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges)
          );
-          if (!forcedDomain) {
-            console.log(`Connection from ${remoteIP} rejected: port ${localPort} not configured in any domain's portRanges.`);
-            socket.destroy();
+          if (forcedDomain) {
+            const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
+            if (!defaultAllowed && !isAllowed(remoteIP, forcedDomain.allowedIPs)) {
+              console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domain} on port ${localPort}.`);
+              socket.end();
+              return;
+            }
+            console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${forcedDomain.domain}.`);
+            setupConnection('', undefined, forcedDomain);
            return;
          }
-          // Check allowed IPs for the forced domain.
-          const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
-          if (!defaultAllowed && !isAllowed(remoteIP, forcedDomain.allowedIPs)) {
-            console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domain} on port ${localPort}.`);
-            socket.end();
-            return;
-          }
-          console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${forcedDomain.domain}.`);
-          // Proceed immediately using the forced domain; ignore SNI.
-          setupConnection('', undefined, forcedDomain);
-          return;
+          // If no forced domain config is found for this port, fall through to SNI/default handling.
        }
      }

-      // --- FALLBACK: SNI-BASED HANDLING (if no global port ranges are defined) ---
+      // --- FALLBACK: SNI-BASED HANDLING (or default when SNI is disabled) ---
      if (this.settings.sniEnabled) {
        socket.setTimeout(5000, () => {
          console.log(`Initial data timeout for ${remoteIP}`);