feat(proxies): introduce nftables command executor and utilities, default certificate provider, expanded route/socket helper modules, and security improvements

ts/proxies/http-proxy/http-proxy.ts

@@ -10,7 +10,7 @@ import type {
 import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext, IHttpRouteContext } from '../../core/models/route-context.js';
 import { createBaseRouteContext } from '../../core/models/route-context.js';
-import { CertificateManager } from './certificate-manager.js';
+import { DefaultCertificateProvider } from './default-certificates.js';
 import { ConnectionPool } from './connection-pool.js';
 import { RequestHandler, type IMetricsTracker } from './request-handler.js';
 import { WebSocketHandler } from './websocket-handler.js';
@@ -38,7 +38,7 @@ export class HttpProxy implements IMetricsTracker {
   public httpsServer: plugins.http2.Http2SecureServer;
 
   // Core components
-  private certificateManager: CertificateManager;
+  private defaultCertProvider: DefaultCertificateProvider;
   private connectionPool: ConnectionPool;
   private requestHandler: RequestHandler;
   private webSocketHandler: WebSocketHandler;
@@ -126,7 +126,7 @@ export class HttpProxy implements IMetricsTracker {
     );
 
     // Initialize other components
-    this.certificateManager = new CertificateManager(this.options);
+    this.defaultCertProvider = new DefaultCertificateProvider(this.logger);
     this.connectionPool = new ConnectionPool(this.options);
     this.requestHandler = new RequestHandler(
       this.options,
@@ -237,10 +237,11 @@ export class HttpProxy implements IMetricsTracker {
     this.startTime = Date.now();
     
     // Create HTTP/2 server with HTTP/1 fallback
+    const defaultCerts = this.defaultCertProvider.getDefaultCertificates();
     this.httpsServer = plugins.http2.createSecureServer(
       {
-        key: this.certificateManager.getDefaultCertificates().key,
-        cert: this.certificateManager.getDefaultCertificates().cert,
+        key: defaultCerts.key,
+        cert: defaultCerts.cert,
         allowHTTP1: true,
         ALPNProtocols: ['h2', 'http/1.1']
       }
@@ -258,9 +259,6 @@ export class HttpProxy implements IMetricsTracker {
       this.requestHandler.handleRequest(req, res);
     });
 
-    // Share server with certificate manager for dynamic contexts
-    // Cast to https.Server as Http2SecureServer is compatible for certificate contexts
-    this.certificateManager.setHttpsServer(this.httpsServer as any);
     // Setup WebSocket support on HTTP/1 fallback
     this.webSocketHandler.initialize(this.httpsServer as any);
     // Start metrics logging
@@ -506,10 +504,6 @@ export class HttpProxy implements IMetricsTracker {
     this.requestHandler.securityManager.setRoutes(routes);
     this.routes = routes;
 
-    // Directly update the certificate manager with the new routes
-    // This will extract domains and handle certificate provisioning
-    this.certificateManager.updateRoutes(routes);
-
     // Collect all domains and certificates for configuration
     const currentHostnames = new Set<string>();
     const certificateUpdates = new Map<string, { cert: string, key: string }>();
@@ -548,7 +542,7 @@ export class HttpProxy implements IMetricsTracker {
     // Update certificate cache with any static certificates
     for (const [domain, certData] of certificateUpdates.entries()) {
       try {
-        this.certificateManager.updateCertificate(
+        this.defaultCertProvider.updateCertificate(
           domain,
           certData.cert,
           certData.key
@@ -663,7 +657,7 @@ export class HttpProxy implements IMetricsTracker {
     expiryDate?: Date
   ): void {
     this.logger.info(`Updating certificate for ${domain}`);
-    this.certificateManager.updateCertificate(domain, certificate, privateKey);
+    this.defaultCertProvider.updateCertificate(domain, certificate, privateKey);
   }
 
   /**