push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-29 12:15:53 +00:00
parent b0beeae19e
commit ab1ea95070
12 changed files with 855 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
test/test.basic-forward.ts
View File

@ -49,12 +49,15 @@ tap.test('basic forward action should work correctly', async (t) => {
await new Promise<void>((resolve, reject) => {
let received = '';
let testMessageSent = false;
client.on('data', (data) => {
received += data.toString();
console.log('Client received:', data.toString().trim());
if (received.includes('Hello from target server')) {
// Send test data
if (received.includes('Hello from target server') && !testMessageSent) {
// Send test data only once
testMessageSent = true;
client.write('Test message\n');
} else if (received.includes('Echo: Test message')) {
// Test successful

279
test/test.route-security-integration.ts Normal file
View File

@ -0,0 +1,279 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as smartproxy from '../ts/index.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
import * as net from 'net';
tap.test('route security should block connections from unauthorized IPs', async () => {
// Create a target server that should never receive connections
let targetServerConnections = 0;
const targetServer = net.createServer((socket) => {
targetServerConnections++;
console.log('Target server received connection - this should not happen!');
socket.write('ERROR: This connection should have been blocked');
socket.end();
});
await new Promise<void>((resolve) => {
targetServer.listen(9990, '127.0.0.1', () => {
console.log('Target server listening on port 9990');
resolve();
});
});
// Create proxy with restrictive security at route level
const routes: IRouteConfig[] = [{
name: 'secure-route',
match: {
ports: 9991
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 9990
}
},
security: {
// Only allow a non-existent IP
ipAllowList: ['192.168.99.99']
}
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: true,
routes: routes
});
await proxy.start();
console.log('Proxy started on port 9991');
// Wait a moment to ensure server is fully ready
await new Promise(resolve => setTimeout(resolve, 100));
// Try to connect from localhost (should be blocked)
const client = new net.Socket();
const events: string[] = [];
const result = await new Promise<string>((resolve) => {
let resolved = false;
client.on('connect', () => {
console.log('Client connected (TCP handshake succeeded)');
events.push('connected');
// Send initial data to trigger routing
client.write('test');
});
client.on('data', (data) => {
console.log('Client received data:', data.toString());
events.push('data');
if (!resolved) {
resolved = true;
resolve('data');
}
});
client.on('error', (err: any) => {
console.log('Client error:', err.code);
events.push('error');
if (!resolved) {
resolved = true;
resolve('error');
}
});
client.on('close', () => {
console.log('Client connection closed by server');
events.push('closed');
if (!resolved) {
resolved = true;
resolve('closed');
}
});
setTimeout(() => {
if (!resolved) {
resolved = true;
resolve('timeout');
}
}, 2000);
console.log('Attempting connection from 127.0.0.1...');
client.connect(9991, '127.0.0.1');
});
console.log('Connection result:', result);
console.log('Events:', events);
// The connection might be closed before or after TCP handshake
// What matters is that the target server never receives a connection
console.log('Test passed: Connection was properly blocked by security');
// Target server should not have received any connections
expect(targetServerConnections).toEqual(0);
// Clean up
client.destroy();
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
});
tap.test('route security with block list should work', async () => {
// Create a target server
let targetServerConnections = 0;
const targetServer = net.createServer((socket) => {
targetServerConnections++;
socket.write('Hello from target');
socket.end();
});
await new Promise<void>((resolve) => {
targetServer.listen(9992, '127.0.0.1', () => resolve());
});
// Create proxy with security at route level (not action level)
const routes: IRouteConfig[] = [{
name: 'secure-route-level',
match: {
ports: 9993
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 9992
}
},
security: { // Security at route level, not action level
ipBlockList: ['127.0.0.1', '::1', '::ffff:127.0.0.1']
}
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: true,
routes: routes
});
await proxy.start();
// Try to connect (should be blocked)
const client = new net.Socket();
const events: string[] = [];
const result = await new Promise<string>((resolve) => {
let resolved = false;
const timeout = setTimeout(() => {
if (!resolved) {
resolved = true;
resolve('timeout');
}
}, 2000);
client.on('connect', () => {
console.log('Client connected to block list test');
events.push('connected');
// Send initial data to trigger routing
client.write('test');
});
client.on('error', () => {
events.push('error');
if (!resolved) {
resolved = true;
clearTimeout(timeout);
resolve('error');
}
});
client.on('close', () => {
events.push('closed');
if (!resolved) {
resolved = true;
clearTimeout(timeout);
resolve('closed');
}
});
client.connect(9993, '127.0.0.1');
});
// Should connect then be immediately closed by security
expect(events).toContain('connected');
expect(events).toContain('closed');
expect(result).toEqual('closed');
expect(targetServerConnections).toEqual(0);
// Clean up
client.destroy();
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
});
tap.test('route without security should allow all connections', async () => {
// Create echo server
const echoServer = net.createServer((socket) => {
socket.on('data', (data) => {
socket.write(data);
});
});
await new Promise<void>((resolve) => {
echoServer.listen(9994, '127.0.0.1', () => resolve());
});
// Create proxy without security
const routes: IRouteConfig[] = [{
name: 'open-route',
match: {
ports: 9995
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 9994
}
}
// No security defined
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: false,
routes: routes
});
await proxy.start();
// Connect and test echo
const client = new net.Socket();
await new Promise<void>((resolve) => {
client.connect(9995, '127.0.0.1', () => resolve());
});
// Send data and verify echo
const testData = 'Hello World';
client.write(testData);
const response = await new Promise<string>((resolve) => {
client.once('data', (data) => {
resolve(data.toString());
});
setTimeout(() => resolve(''), 2000);
});
expect(response).toEqual(testData);
// Clean up
client.destroy();
await proxy.stop();
await new Promise<void>((resolve) => {
echoServer.close(() => resolve());
});
});
export default tap.start();

61
test/test.route-security-unit.ts Normal file
View File

@ -0,0 +1,61 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as smartproxy from '../ts/index.js';
tap.test('route security should be correctly configured', async () => {
// Test that we can create a proxy with route-specific security
const routes = [{
name: 'secure-route',
match: {
ports: 8990
},
action: {
type: 'forward' as const,
target: {
host: '127.0.0.1',
port: 8991
},
security: {
ipAllowList: ['192.168.1.1'],
ipBlockList: ['10.0.0.1']
}
}
}];
// This should not throw an error
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: false,
routes: routes
});
// The proxy should be created successfully
expect(proxy).toBeInstanceOf(smartproxy.SmartProxy);
// Test that security manager exists and has the isIPAuthorized method
const securityManager = (proxy as any).securityManager;
expect(securityManager).toBeDefined();
expect(typeof securityManager.isIPAuthorized).toEqual('function');
// Test IP authorization logic directly
const isLocalhostAllowed = securityManager.isIPAuthorized(
'127.0.0.1',
['192.168.1.1'], // Allow list
[] // Block list
);
expect(isLocalhostAllowed).toBeFalse();
const isAllowedIPAllowed = securityManager.isIPAuthorized(
'192.168.1.1',
['192.168.1.1'], // Allow list
[] // Block list
);
expect(isAllowedIPAllowed).toBeTrue();
const isBlockedIPAllowed = securityManager.isIPAuthorized(
'10.0.0.1',
['0.0.0.0/0'], // Allow all
['10.0.0.1'] // But block this specific IP
);
expect(isBlockedIPAllowed).toBeFalse();
});
tap.start();

261
test/test.route-security.ts Normal file
View File

@ -0,0 +1,261 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as smartproxy from '../ts/index.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
import * as net from 'net';
tap.test('route-specific security should be enforced', async () => {
// Create a simple echo server for testing
const echoServer = net.createServer((socket) => {
socket.on('data', (data) => {
socket.write(data);
});
});
await new Promise<void>((resolve) => {
echoServer.listen(8877, '127.0.0.1', () => {
console.log('Echo server listening on port 8877');
resolve();
});
});
// Create proxy with route-specific security
const routes: IRouteConfig[] = [{
name: 'secure-route',
match: {
ports: 8878
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 8877
},
security: {
ipAllowList: ['127.0.0.1', '::1', '::ffff:127.0.0.1']
}
}
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: true,
routes: routes
});
await proxy.start();
// Test 1: Connection from allowed IP should work
const client1 = new net.Socket();
const connected = await new Promise<boolean>((resolve) => {
client1.connect(8878, '127.0.0.1', () => {
console.log('Client connected from allowed IP');
resolve(true);
});
client1.on('error', (err) => {
console.log('Connection error:', err.message);
resolve(false);
});
// Set timeout to prevent hanging
setTimeout(() => resolve(false), 2000);
});
if (connected) {
// Test echo
const testData = 'Hello from allowed IP';
client1.write(testData);
const response = await new Promise<string>((resolve) => {
client1.once('data', (data) => {
resolve(data.toString());
});
setTimeout(() => resolve(''), 2000);
});
expect(response).toEqual(testData);
client1.destroy();
} else {
expect(connected).toBeTrue();
}
// Clean up
await proxy.stop();
await new Promise<void>((resolve) => {
echoServer.close(() => resolve());
});
});
tap.test('route-specific IP block list should be enforced', async () => {
// Create a simple echo server for testing
const echoServer = net.createServer((socket) => {
socket.on('data', (data) => {
socket.write(data);
});
});
await new Promise<void>((resolve) => {
echoServer.listen(8879, '127.0.0.1', () => {
console.log('Echo server listening on port 8879');
resolve();
});
});
// Create proxy with route-specific block list
const routes: IRouteConfig[] = [{
name: 'blocked-route',
match: {
ports: 8880
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 8879
},
security: {
ipAllowList: ['0.0.0.0/0', '::/0'], // Allow all IPs
ipBlockList: ['127.0.0.1', '::1', '::ffff:127.0.0.1'] // But block localhost
}
}
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: true,
routes: routes
});
await proxy.start();
// Test: Connection from blocked IP should fail
const client = new net.Socket();
const connected = await new Promise<boolean>((resolve) => {
let resolved = false;
client.connect(8880, '127.0.0.1', () => {
if (!resolved) {
resolved = true;
console.log('Client connected from blocked IP (should not happen)');
resolve(true);
}
});
client.on('error', (err) => {
if (!resolved) {
resolved = true;
console.log('Connection blocked (expected):', err.message);
resolve(false);
}
});
client.on('close', () => {
if (!resolved) {
resolved = true;
console.log('Connection closed (expected for blocked IP)');
resolve(false);
}
});
// Set timeout
setTimeout(() => {
if (!resolved) {
resolved = true;
resolve(false);
}
}, 2000);
});
// Connection should have been blocked
expect(connected).toBeFalse();
if (client.readyState !== 'closed') {
client.destroy();
}
// Clean up
await proxy.stop();
await new Promise<void>((resolve) => {
echoServer.close(() => resolve());
});
});
tap.test('routes without security should allow all connections', async () => {
// Create a simple echo server for testing
const echoServer = net.createServer((socket) => {
socket.on('data', (data) => {
socket.write(data);
});
});
await new Promise<void>((resolve) => {
echoServer.listen(8881, '127.0.0.1', () => {
console.log('Echo server listening on port 8881');
resolve();
});
});
// Create proxy without route-specific security
const routes: IRouteConfig[] = [{
name: 'open-route',
match: {
ports: 8882
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 8881
}
// No security section - should allow all
}
}];
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: true,
routes: routes
});
await proxy.start();
// Test: Connection should work without security restrictions
const client = new net.Socket();
const connected = await new Promise<boolean>((resolve) => {
client.connect(8882, '127.0.0.1', () => {
console.log('Client connected to open route');
resolve(true);
});
client.on('error', (err) => {
console.log('Connection error:', err.message);
resolve(false);
});
// Set timeout
setTimeout(() => resolve(false), 2000);
});
expect(connected).toBeTrue();
if (connected) {
// Test echo
const testData = 'Hello from open route';
client.write(testData);
const response = await new Promise<string>((resolve) => {
client.once('data', (data) => {
resolve(data.toString());
});
setTimeout(() => resolve(''), 2000);
});
expect(response).toEqual(testData);
client.destroy();
}
// Clean up
await proxy.stop();
await new Promise<void>((resolve) => {
echoServer.close(() => resolve());
});
});
export default tap;