feat(PortProxy): Enhanced PortProxy with domain and IP filtering, SNI support, and minimatch integration
This commit is contained in:
parent
e67eff0fcc
commit
a4ad6c59c1
@ -1,5 +1,13 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 2025-02-21 - 3.3.0 - feat(PortProxy)
|
||||||
|
Enhanced PortProxy with domain and IP filtering, SNI support, and minimatch integration
|
||||||
|
|
||||||
|
- Added new ProxySettings interface to configure domain patterns, SNI, and default allowed IPs.
|
||||||
|
- Integrated minimatch to filter allowed IPs and domains.
|
||||||
|
- Enabled SNI support for PortProxy connections.
|
||||||
|
- Updated port proxy test to accommodate new settings.
|
||||||
|
|
||||||
## 2025-02-04 - 3.2.0 - feat(testing)
|
## 2025-02-04 - 3.2.0 - feat(testing)
|
||||||
Added a comprehensive test suite for the PortProxy class
|
Added a comprehensive test suite for the PortProxy class
|
||||||
|
|
||||||
|
@ -30,7 +30,9 @@
|
|||||||
"@push.rocks/smartstring": "^4.0.15",
|
"@push.rocks/smartstring": "^4.0.15",
|
||||||
"@tsclass/tsclass": "^4.4.0",
|
"@tsclass/tsclass": "^4.4.0",
|
||||||
"@types/ws": "^8.5.14",
|
"@types/ws": "^8.5.14",
|
||||||
"ws": "^8.18.0"
|
"ws": "^8.18.0",
|
||||||
|
"minimatch": "^9.0.3",
|
||||||
|
"@types/minimatch": "^5.1.2"
|
||||||
},
|
},
|
||||||
"files": [
|
"files": [
|
||||||
"ts/**/*",
|
"ts/**/*",
|
||||||
|
6
pnpm-lock.yaml
generated
6
pnpm-lock.yaml
generated
@ -26,9 +26,15 @@ importers:
|
|||||||
'@tsclass/tsclass':
|
'@tsclass/tsclass':
|
||||||
specifier: ^4.4.0
|
specifier: ^4.4.0
|
||||||
version: 4.4.0
|
version: 4.4.0
|
||||||
|
'@types/minimatch':
|
||||||
|
specifier: ^5.1.2
|
||||||
|
version: 5.1.2
|
||||||
'@types/ws':
|
'@types/ws':
|
||||||
specifier: ^8.5.14
|
specifier: ^8.5.14
|
||||||
version: 8.5.14
|
version: 8.5.14
|
||||||
|
minimatch:
|
||||||
|
specifier: ^9.0.3
|
||||||
|
version: 9.0.5
|
||||||
ws:
|
ws:
|
||||||
specifier: ^8.18.0
|
specifier: ^8.18.0
|
||||||
version: 8.18.0
|
version: 8.18.0
|
||||||
|
@ -58,7 +58,11 @@ function createTestClient(port: number, data: string): Promise<string> {
|
|||||||
// Setup test environment
|
// Setup test environment
|
||||||
tap.test('setup port proxy test environment', async () => {
|
tap.test('setup port proxy test environment', async () => {
|
||||||
testServer = await createTestServer(TEST_SERVER_PORT);
|
testServer = await createTestServer(TEST_SERVER_PORT);
|
||||||
portProxy = new PortProxy(PROXY_PORT, TEST_SERVER_PORT);
|
portProxy = new PortProxy(PROXY_PORT, TEST_SERVER_PORT, {
|
||||||
|
domains: [],
|
||||||
|
sniEnabled: false,
|
||||||
|
defaultAllowedIPs: ['127.0.0.1', '::ffff:127.0.0.1']
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
tap.test('should start port proxy', async () => {
|
tap.test('should start port proxy', async () => {
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@push.rocks/smartproxy',
|
name: '@push.rocks/smartproxy',
|
||||||
version: '3.2.0',
|
version: '3.3.0',
|
||||||
description: 'a proxy for handling high workloads of proxying'
|
description: 'a proxy for handling high workloads of proxying'
|
||||||
}
|
}
|
||||||
|
@ -23,5 +23,6 @@ export { lik, smartdelay, smartrequest, smartpromise, smartstring };
|
|||||||
// third party scope
|
// third party scope
|
||||||
import * as ws from 'ws';
|
import * as ws from 'ws';
|
||||||
import wsDefault from 'ws';
|
import wsDefault from 'ws';
|
||||||
|
import { minimatch } from 'minimatch';
|
||||||
|
|
||||||
export { wsDefault, ws };
|
export { wsDefault, ws, minimatch };
|
||||||
|
@ -1,14 +1,30 @@
|
|||||||
import * as plugins from './smartproxy.plugins.js';
|
import * as plugins from './smartproxy.plugins.js';
|
||||||
import * as net from 'net';
|
import * as net from 'net';
|
||||||
|
import * as tls from 'tls';
|
||||||
|
|
||||||
|
|
||||||
|
export interface DomainConfig {
|
||||||
|
domain: string; // glob pattern for domain
|
||||||
|
allowedIPs: string[]; // glob patterns for IPs allowed to access this domain
|
||||||
|
}
|
||||||
|
|
||||||
|
export interface ProxySettings {
|
||||||
|
domains: DomainConfig[];
|
||||||
|
sniEnabled?: boolean;
|
||||||
|
tlsOptions?: tls.TlsOptions;
|
||||||
|
defaultAllowedIPs?: string[]; // Optional default IP patterns if no matching domain found
|
||||||
|
}
|
||||||
|
|
||||||
export class PortProxy {
|
export class PortProxy {
|
||||||
netServer: plugins.net.Server;
|
netServer: plugins.net.Server;
|
||||||
fromPort: number;
|
fromPort: number;
|
||||||
toPort: number;
|
toPort: number;
|
||||||
|
settings: ProxySettings;
|
||||||
|
|
||||||
constructor(fromPortArg: number, toPortArg: number) {
|
constructor(fromPortArg: number, toPortArg: number, settings: ProxySettings) {
|
||||||
this.fromPort = fromPortArg;
|
this.fromPort = fromPortArg;
|
||||||
this.toPort = toPortArg;
|
this.toPort = toPortArg;
|
||||||
|
this.settings = settings;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async start() {
|
public async start() {
|
||||||
@ -22,8 +38,43 @@ export class PortProxy {
|
|||||||
from.destroy();
|
from.destroy();
|
||||||
to.destroy();
|
to.destroy();
|
||||||
};
|
};
|
||||||
this.netServer = net
|
const isAllowed = (value: string, patterns: string[]): boolean => {
|
||||||
.createServer((from) => {
|
return patterns.some(pattern => plugins.minimatch(value, pattern));
|
||||||
|
};
|
||||||
|
|
||||||
|
const findMatchingDomain = (serverName: string): DomainConfig | undefined => {
|
||||||
|
return this.settings.domains.find(config => plugins.minimatch(serverName, config.domain));
|
||||||
|
};
|
||||||
|
|
||||||
|
const server = this.settings.sniEnabled ? tls.createServer(this.settings.tlsOptions || {}) : net.createServer();
|
||||||
|
|
||||||
|
this.netServer = server.on('connection', (from: net.Socket) => {
|
||||||
|
const remoteIP = from.remoteAddress || '';
|
||||||
|
if (this.settings.sniEnabled && from instanceof tls.TLSSocket) {
|
||||||
|
const serverName = (from as any).servername || '';
|
||||||
|
const domainConfig = findMatchingDomain(serverName);
|
||||||
|
|
||||||
|
if (!domainConfig) {
|
||||||
|
// If no matching domain config found, check default IPs if available
|
||||||
|
if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
|
||||||
|
console.log(`Connection rejected: No matching domain config for ${serverName} from IP ${remoteIP}`);
|
||||||
|
from.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Check if IP is allowed for this domain
|
||||||
|
if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
|
||||||
|
console.log(`Connection rejected: IP ${remoteIP} not allowed for domain ${serverName}`);
|
||||||
|
from.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
|
||||||
|
console.log(`Connection rejected: IP ${remoteIP} not allowed for non-SNI connection`);
|
||||||
|
from.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const to = net.createConnection({
|
const to = net.createConnection({
|
||||||
host: 'localhost',
|
host: 'localhost',
|
||||||
port: this.toPort,
|
port: this.toPort,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user