feat(PortProxy): Enhanced PortProxy with domain and IP filtering, SNI support, and minimatch integration
This commit is contained in:
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '3.2.0',
|
||||
version: '3.3.0',
|
||||
description: 'a proxy for handling high workloads of proxying'
|
||||
}
|
||||
|
||||
@ -23,5 +23,6 @@ export { lik, smartdelay, smartrequest, smartpromise, smartstring };
|
||||
// third party scope
|
||||
import * as ws from 'ws';
|
||||
import wsDefault from 'ws';
|
||||
import { minimatch } from 'minimatch';
|
||||
|
||||
export { wsDefault, ws };
|
||||
export { wsDefault, ws, minimatch };
|
||||
|
||||
@ -1,14 +1,30 @@
|
||||
import * as plugins from './smartproxy.plugins.js';
|
||||
import * as net from 'net';
|
||||
import * as tls from 'tls';
|
||||
|
||||
|
||||
export interface DomainConfig {
|
||||
domain: string; // glob pattern for domain
|
||||
allowedIPs: string[]; // glob patterns for IPs allowed to access this domain
|
||||
}
|
||||
|
||||
export interface ProxySettings {
|
||||
domains: DomainConfig[];
|
||||
sniEnabled?: boolean;
|
||||
tlsOptions?: tls.TlsOptions;
|
||||
defaultAllowedIPs?: string[]; // Optional default IP patterns if no matching domain found
|
||||
}
|
||||
|
||||
export class PortProxy {
|
||||
netServer: plugins.net.Server;
|
||||
fromPort: number;
|
||||
toPort: number;
|
||||
settings: ProxySettings;
|
||||
|
||||
constructor(fromPortArg: number, toPortArg: number) {
|
||||
constructor(fromPortArg: number, toPortArg: number, settings: ProxySettings) {
|
||||
this.fromPort = fromPortArg;
|
||||
this.toPort = toPortArg;
|
||||
this.settings = settings;
|
||||
}
|
||||
|
||||
public async start() {
|
||||
@ -22,8 +38,43 @@ export class PortProxy {
|
||||
from.destroy();
|
||||
to.destroy();
|
||||
};
|
||||
this.netServer = net
|
||||
.createServer((from) => {
|
||||
const isAllowed = (value: string, patterns: string[]): boolean => {
|
||||
return patterns.some(pattern => plugins.minimatch(value, pattern));
|
||||
};
|
||||
|
||||
const findMatchingDomain = (serverName: string): DomainConfig | undefined => {
|
||||
return this.settings.domains.find(config => plugins.minimatch(serverName, config.domain));
|
||||
};
|
||||
|
||||
const server = this.settings.sniEnabled ? tls.createServer(this.settings.tlsOptions || {}) : net.createServer();
|
||||
|
||||
this.netServer = server.on('connection', (from: net.Socket) => {
|
||||
const remoteIP = from.remoteAddress || '';
|
||||
if (this.settings.sniEnabled && from instanceof tls.TLSSocket) {
|
||||
const serverName = (from as any).servername || '';
|
||||
const domainConfig = findMatchingDomain(serverName);
|
||||
|
||||
if (!domainConfig) {
|
||||
// If no matching domain config found, check default IPs if available
|
||||
if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
|
||||
console.log(`Connection rejected: No matching domain config for ${serverName} from IP ${remoteIP}`);
|
||||
from.end();
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
// Check if IP is allowed for this domain
|
||||
if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
|
||||
console.log(`Connection rejected: IP ${remoteIP} not allowed for domain ${serverName}`);
|
||||
from.end();
|
||||
return;
|
||||
}
|
||||
}
|
||||
} else if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
|
||||
console.log(`Connection rejected: IP ${remoteIP} not allowed for non-SNI connection`);
|
||||
from.end();
|
||||
return;
|
||||
}
|
||||
|
||||
const to = net.createConnection({
|
||||
host: 'localhost',
|
||||
port: this.toPort,
|
||||
|
||||
Reference in New Issue
Block a user