push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(quic,http3): add HTTP/3 proxy handling and hot-reload QUIC TLS configuration

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-19 20:27:57 +00:00
parent 9e1103e7a7
commit af970c447e
10 changed files with 1911 additions and 1780 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ts/00_commitinfo_data.ts
View File

@@ -3,6 +3,6 @@
*/
export const commitinfo = {
name: '@push.rocks/smartproxy',
version: '25.15.0',
version: '25.16.0',
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
}

27
ts/proxies/smart-proxy/utils/route-validator.ts
View File

@@ -7,7 +7,7 @@ import type { IRouteConfig, IRouteMatch, IRouteAction, TPortRange } from '../mod
export class RouteValidator {
private static readonly VALID_TLS_MODES = ['terminate', 'passthrough', 'terminate-and-reencrypt'];
private static readonly VALID_ACTION_TYPES = ['forward', 'socket-handler'];
private static readonly VALID_PROTOCOLS = ['tcp', 'http', 'https', 'ws', 'wss'];
private static readonly VALID_PROTOCOLS = ['tcp', 'http', 'https', 'ws', 'wss', 'udp', 'quic', 'http3'];
private static readonly MAX_PORTS = 100;
private static readonly MAX_DOMAINS = 1000;
private static readonly MAX_HEADER_SIZE = 8192;
@@ -173,6 +173,22 @@ export class RouteValidator {
}
}
}
// QUIC routes require TLS with termination (QUIC mandates TLS 1.3)
if (route.action.udp?.quic && route.action.type === 'forward') {
if (!route.action.tls) {
errors.push('QUIC routes require TLS configuration (action.tls) — QUIC mandates TLS 1.3');
} else if (route.action.tls.mode === 'passthrough') {
errors.push('QUIC routes cannot use TLS mode "passthrough" — use "terminate" or "terminate-and-reencrypt"');
}
}
// Protocol quic/http3 requires transport udp or all
if (route.match?.protocol && ['quic', 'http3'].includes(route.match.protocol)) {
if (route.match.transport && route.match.transport !== 'udp' && route.match.transport !== 'all') {
errors.push(`Protocol "${route.match.protocol}" requires transport "udp" or "all"`);
}
}
}
// Validate security settings
@@ -619,6 +635,15 @@ export function validateRouteAction(action: IRouteAction): { valid: boolean; err
}
}
// QUIC routes require TLS with termination
if (action.udp?.quic && action.type === 'forward') {
if (!action.tls) {
errors.push('QUIC routes require TLS configuration — QUIC mandates TLS 1.3');
} else if (action.tls.mode === 'passthrough') {
errors.push('QUIC routes cannot use TLS mode "passthrough"');
}
}
if (action.type === 'socket-handler') {
if (!action.socketHandler && !action.datagramHandler) {
errors.push('Socket handler or datagram handler function is required for socket-handler action');