push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(PortProxy): Enhancements made to PortProxy settings and capabilities

Browse Source
This commit is contained in:
Philipp Kunz 2025-02-27 12:41:20 +00:00
parent 408b793149
commit a2cb56ba65
3 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changelog.md
View File

@ -1,5 +1,13 @@
# Changelog # Changelog
## 2025-02-27 - 3.16.0 - feat(PortProxy)
Enhancements made to PortProxy settings and capabilities
- Added 'forwardAllGlobalRanges' and 'targetIP' to IPortProxySettings.
- Improved PortProxy to forward connections based on domain-specific configurations.
- Added comprehensive handling for global port-range based connection forwarding.
- Enabled forwarding of all connections on global port ranges directly to global target IP.
## 2025-02-27 - 3.15.0 - feat(classes.portproxy) ## 2025-02-27 - 3.15.0 - feat(classes.portproxy)
Add support for port range-based routing with enhanced IP and port validation. Add support for port range-based routing with enhanced IP and port validation.

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.15.0', version: '3.16.0',
description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.' description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
} }

26
ts/classes.portproxy.ts
View File

@ -5,20 +5,21 @@ export interface IDomainConfig {
domain: string; // Glob pattern for domain domain: string; // Glob pattern for domain
allowedIPs: string[]; // Glob patterns for allowed IPs allowedIPs: string[]; // Glob patterns for allowed IPs
targetIP?: string; // Optional target IP for this domain targetIP?: string; // Optional target IP for this domain
portRanges: Array<{ from: number; to: number }>; // Domain-specific allowed port ranges portRanges?: Array<{ from: number; to: number }>; // Optional domain-specific allowed port ranges
} }
/** Port proxy settings including global allowed port ranges */ /** Port proxy settings including global allowed port ranges */
export interface IPortProxySettings extends plugins.tls.TlsOptions { export interface IPortProxySettings extends plugins.tls.TlsOptions {
fromPort: number; fromPort: number;
toPort: number; toPort: number;
toHost?: string; // Target host to proxy to, defaults to 'localhost' targetIP?: string; // Global target host to proxy to, defaults to 'localhost'
domains: IDomainConfig[]; domains: IDomainConfig[];
sniEnabled?: boolean; sniEnabled?: boolean;
defaultAllowedIPs?: string[]; defaultAllowedIPs?: string[];
preserveSourceIP?: boolean; preserveSourceIP?: boolean;
maxConnectionLifetime?: number; // (ms) force cleanup of long-lived connections maxConnectionLifetime?: number; // (ms) force cleanup of long-lived connections
globalPortRanges: Array<{ from: number; to: number }>; // Global allowed port ranges globalPortRanges: Array<{ from: number; to: number }>; // Global allowed port ranges
forwardAllGlobalRanges?: boolean; // When true, forwards all connections on global port ranges to the global targetIP
} }
/** /**
@ -111,7 +112,7 @@ export class PortProxy {
constructor(settingsArg: IPortProxySettings) { constructor(settingsArg: IPortProxySettings) {
this.settings = { this.settings = {
...settingsArg, ...settingsArg,
toHost: settingsArg.toHost || 'localhost', targetIP: settingsArg.targetIP || 'localhost',
maxConnectionLifetime: settingsArg.maxConnectionLifetime || 600000, maxConnectionLifetime: settingsArg.maxConnectionLifetime || 600000,
}; };
} }
@ -256,7 +257,7 @@ export class PortProxy {
} else if (defaultAllowed && !serverName) { } else if (defaultAllowed && !serverName) {
console.log(`Connection allowed: IP ${remoteIP} is in default allowed list`); console.log(`Connection allowed: IP ${remoteIP} is in default allowed list`);
} }
const targetHost = domainConfig?.targetIP || this.settings.toHost!; const targetHost = domainConfig?.targetIP || this.settings.targetIP!;
const connectionOptions: plugins.net.NetConnectOpts = { const connectionOptions: plugins.net.NetConnectOpts = {
host: targetHost, host: targetHost,
port: this.settings.toPort, port: this.settings.toPort,
@ -350,6 +351,22 @@ export class PortProxy {
socket.destroy(); socket.destroy();
return; return;
} }
if (this.settings.forwardAllGlobalRanges) {
// Forward connection to the global targetIP regardless of domain config.
if (this.settings.defaultAllowedIPs && !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
console.log(`Connection from ${remoteIP} rejected: IP ${remoteIP} not allowed in global default allowed list.`);
socket.end();
return;
}
console.log(`Port-based connection from ${remoteIP} on port ${localPort} forwarded to global target IP ${this.settings.targetIP}.`);
setupConnection('', undefined, {
domain: 'global',
allowedIPs: this.settings.defaultAllowedIPs || [],
targetIP: this.settings.targetIP,
portRanges: []
});
return;
} else {
// Find a matching domain config based on the incoming local port. // Find a matching domain config based on the incoming local port.
const forcedDomain = this.settings.domains.find( const forcedDomain = this.settings.domains.find(
domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges) domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges)
@ -371,6 +388,7 @@ export class PortProxy {
setupConnection('', undefined, forcedDomain); setupConnection('', undefined, forcedDomain);
return; return;
} }
}
// --- FALLBACK: SNI-BASED HANDLING (if no global port ranges are defined) --- // --- FALLBACK: SNI-BASED HANDLING (if no global port ranges are defined) ---
if (this.settings.sniEnabled) { if (this.settings.sniEnabled) {