feat(smartproxy): Update documentation and route helper functions; add createPortRange, createSecurityConfig, createStaticFileRoute, and createTestRoute helpers to the readme and tests. Refactor test examples to use the new helper API and remove legacy connection handling files (including the old connection handler and PortRangeManager) to fully embrace the unified route‐based configuration.
This commit is contained in:
@ -23,10 +23,10 @@ export type TPortRange = number | number[] | Array<{ from: number; to: number }>
|
||||
export interface IRouteMatch {
|
||||
// Listen on these ports (required)
|
||||
ports: TPortRange;
|
||||
|
||||
|
||||
// Optional domain patterns to match (default: all domains)
|
||||
domains?: string | string[];
|
||||
|
||||
|
||||
// Advanced matching criteria
|
||||
path?: string; // Match specific paths
|
||||
clientIp?: string[]; // Match specific client IPs
|
||||
@ -61,6 +61,25 @@ export interface IRouteRedirect {
|
||||
status: 301 | 302 | 307 | 308;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authentication options
|
||||
*/
|
||||
export interface IRouteAuthentication {
|
||||
type: 'basic' | 'digest' | 'oauth' | 'jwt';
|
||||
credentials?: {
|
||||
username: string;
|
||||
password: string;
|
||||
}[];
|
||||
realm?: string;
|
||||
jwtSecret?: string;
|
||||
jwtIssuer?: string;
|
||||
oauthProvider?: string;
|
||||
oauthClientId?: string;
|
||||
oauthClientSecret?: string;
|
||||
oauthRedirectUri?: string;
|
||||
[key: string]: any; // Allow additional auth-specific options
|
||||
}
|
||||
|
||||
/**
|
||||
* Security options for route actions
|
||||
*/
|
||||
@ -68,10 +87,28 @@ export interface IRouteSecurity {
|
||||
allowedIps?: string[];
|
||||
blockedIps?: string[];
|
||||
maxConnections?: number;
|
||||
authentication?: {
|
||||
type: 'basic' | 'digest' | 'oauth';
|
||||
// Auth-specific options would go here
|
||||
};
|
||||
authentication?: IRouteAuthentication;
|
||||
}
|
||||
|
||||
/**
|
||||
* Static file server configuration
|
||||
*/
|
||||
export interface IRouteStaticFiles {
|
||||
directory: string;
|
||||
indexFiles?: string[];
|
||||
cacheControl?: string;
|
||||
expires?: number;
|
||||
followSymlinks?: boolean;
|
||||
disableDirectoryListing?: boolean;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test route response configuration
|
||||
*/
|
||||
export interface IRouteTestResponse {
|
||||
status: number;
|
||||
headers: Record<string, string>;
|
||||
body: string;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -81,6 +118,8 @@ export interface IRouteAdvanced {
|
||||
timeout?: number;
|
||||
headers?: Record<string, string>;
|
||||
keepAlive?: boolean;
|
||||
staticFiles?: IRouteStaticFiles;
|
||||
testResponse?: IRouteTestResponse;
|
||||
// Additional advanced options would go here
|
||||
}
|
||||
|
||||
@ -90,19 +129,19 @@ export interface IRouteAdvanced {
|
||||
export interface IRouteAction {
|
||||
// Basic routing
|
||||
type: TRouteActionType;
|
||||
|
||||
|
||||
// Target for forwarding
|
||||
target?: IRouteTarget;
|
||||
|
||||
|
||||
// TLS handling
|
||||
tls?: IRouteTls;
|
||||
|
||||
|
||||
// For redirects
|
||||
redirect?: IRouteRedirect;
|
||||
|
||||
|
||||
// Security options
|
||||
security?: IRouteSecurity;
|
||||
|
||||
|
||||
// Advanced options
|
||||
advanced?: IRouteAdvanced;
|
||||
}
|
||||
@ -113,10 +152,10 @@ export interface IRouteAction {
|
||||
export interface IRouteConfig {
|
||||
// What to match
|
||||
match: IRouteMatch;
|
||||
|
||||
|
||||
// What to do with matched traffic
|
||||
action: IRouteAction;
|
||||
|
||||
|
||||
// Optional metadata
|
||||
name?: string; // Human-readable name for this route
|
||||
description?: string; // Description of the route's purpose
|
||||
@ -130,7 +169,7 @@ export interface IRouteConfig {
|
||||
export interface IRoutedSmartProxyOptions {
|
||||
// The unified configuration array (required)
|
||||
routes: IRouteConfig[];
|
||||
|
||||
|
||||
// Global/default settings
|
||||
defaults?: {
|
||||
target?: {
|
||||
@ -141,10 +180,10 @@ export interface IRoutedSmartProxyOptions {
|
||||
tls?: IRouteTls;
|
||||
// ...other defaults
|
||||
};
|
||||
|
||||
|
||||
// Other global settings remain (acme, etc.)
|
||||
acme?: IAcmeOptions;
|
||||
|
||||
|
||||
// Connection timeouts and other global settings
|
||||
initialDataTimeout?: number;
|
||||
socketTimeout?: number;
|
||||
@ -152,13 +191,13 @@ export interface IRoutedSmartProxyOptions {
|
||||
maxConnectionLifetime?: number;
|
||||
inactivityTimeout?: number;
|
||||
gracefulShutdownTimeout?: number;
|
||||
|
||||
|
||||
// Socket optimization settings
|
||||
noDelay?: boolean;
|
||||
keepAlive?: boolean;
|
||||
keepAliveInitialDelay?: number;
|
||||
maxPendingDataSize?: number;
|
||||
|
||||
|
||||
// Enhanced features
|
||||
disableInactivityCheck?: boolean;
|
||||
enableKeepAliveProbes?: boolean;
|
||||
@ -166,16 +205,16 @@ export interface IRoutedSmartProxyOptions {
|
||||
enableTlsDebugLogging?: boolean;
|
||||
enableRandomizedTimeouts?: boolean;
|
||||
allowSessionTicket?: boolean;
|
||||
|
||||
|
||||
// Rate limiting and security
|
||||
maxConnectionsPerIP?: number;
|
||||
connectionRateLimitPerMinute?: number;
|
||||
|
||||
|
||||
// Enhanced keep-alive settings
|
||||
keepAliveTreatment?: 'standard' | 'extended' | 'immortal';
|
||||
keepAliveInactivityMultiplier?: number;
|
||||
extendedKeepAliveLifetime?: number;
|
||||
|
||||
|
||||
/**
|
||||
* Optional certificate provider callback. Return 'http01' to use HTTP-01 challenges,
|
||||
* or a static certificate object for immediate provisioning.
|
||||
|
||||
@ -377,16 +377,10 @@ export class NetworkProxyBridge {
|
||||
publicKey: certCert,
|
||||
destinationIps: targetHosts,
|
||||
destinationPorts: [targetPort],
|
||||
proxyConfig: {
|
||||
targetIsTls: route.action.tls.mode === 'terminate-and-reencrypt',
|
||||
allowHTTP1: true,
|
||||
// Apply any other NetworkProxy-specific settings
|
||||
...(route.action.advanced ? {
|
||||
preserveHost: true,
|
||||
timeout: route.action.advanced.timeout,
|
||||
headers: route.action.advanced.headers
|
||||
} : {})
|
||||
}
|
||||
// Use backendProtocol for TLS re-encryption:
|
||||
backendProtocol: route.action.tls.mode === 'terminate-and-reencrypt' ? 'http2' : 'http1',
|
||||
// Add rewriteHostHeader for host header handling:
|
||||
rewriteHostHeader: route.action.advanced?.headers ? true : false
|
||||
};
|
||||
|
||||
configs.push(config);
|
||||
|
||||
@ -741,20 +741,7 @@ export class RouteConnectionHandler {
|
||||
this.connectionManager.incrementTerminationStat('outgoing', 'connection_failed');
|
||||
}
|
||||
|
||||
// If we have a forwarding handler for this domain, let it handle the error
|
||||
if (domainConfig) {
|
||||
try {
|
||||
const forwardingHandler = this.domainConfigManager.getForwardingHandler(domainConfig);
|
||||
forwardingHandler.emit('connection_error', {
|
||||
socket,
|
||||
error: err,
|
||||
connectionId
|
||||
});
|
||||
} catch (handlerErr) {
|
||||
// If getting the handler fails, just log and continue with normal cleanup
|
||||
console.log(`Error getting forwarding handler for error handling: ${handlerErr}`);
|
||||
}
|
||||
}
|
||||
// Route-based configuration doesn't use domain handlers
|
||||
|
||||
// Clean up the connection
|
||||
this.connectionManager.initiateCleanupOnce(record, `connection_failed_${code}`);
|
||||
@ -887,8 +874,8 @@ export class RouteConnectionHandler {
|
||||
`${
|
||||
serverName
|
||||
? ` (SNI: ${serverName})`
|
||||
: domainConfig
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: record.lockedDomain
|
||||
? ` (Domain: ${record.lockedDomain})`
|
||||
: ''
|
||||
}` +
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${
|
||||
@ -901,8 +888,8 @@ export class RouteConnectionHandler {
|
||||
`${
|
||||
serverName
|
||||
? ` (SNI: ${serverName})`
|
||||
: domainConfig
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: record.lockedDomain
|
||||
? ` (Domain: ${record.lockedDomain})`
|
||||
: ''
|
||||
}`
|
||||
);
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
import type {
|
||||
IRouteConfig,
|
||||
IRouteMatch,
|
||||
IRouteAction,
|
||||
import type {
|
||||
IRouteConfig,
|
||||
IRouteMatch,
|
||||
IRouteAction,
|
||||
IRouteTarget,
|
||||
IRouteTls,
|
||||
IRouteRedirect,
|
||||
IRouteSecurity,
|
||||
IRouteAdvanced
|
||||
IRouteAdvanced,
|
||||
TPortRange
|
||||
} from './models/route-types.js';
|
||||
|
||||
/**
|
||||
@ -30,7 +31,7 @@ export function createRoute(
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a basic HTTP route configuration
|
||||
* Create a basic HTTP route configuration
|
||||
*/
|
||||
export function createHttpRoute(
|
||||
options: {
|
||||
@ -206,7 +207,7 @@ export function createHttpToHttpsRedirect(
|
||||
}
|
||||
): IRouteConfig {
|
||||
const domainArray = Array.isArray(options.domains) ? options.domains : [options.domains];
|
||||
|
||||
|
||||
return createRedirectRoute({
|
||||
ports: 80,
|
||||
domains: options.domains,
|
||||
@ -270,7 +271,7 @@ export function createLoadBalancerRoute(
|
||||
): IRouteConfig {
|
||||
const useTls = options.tlsMode !== undefined;
|
||||
const defaultPort = useTls ? 443 : 80;
|
||||
|
||||
|
||||
return createRoute(
|
||||
{
|
||||
ports: options.ports || defaultPort,
|
||||
@ -321,7 +322,7 @@ export function createHttpsServer(
|
||||
): IRouteConfig[] {
|
||||
const routes: IRouteConfig[] = [];
|
||||
const domainArray = Array.isArray(options.domains) ? options.domains : [options.domains];
|
||||
|
||||
|
||||
// Add HTTPS route
|
||||
routes.push(createHttpsRoute({
|
||||
domains: options.domains,
|
||||
@ -330,7 +331,7 @@ export function createHttpsServer(
|
||||
security: options.security,
|
||||
name: options.name || `HTTPS Server for ${domainArray.join(', ')}`
|
||||
}));
|
||||
|
||||
|
||||
// Add HTTP to HTTPS redirect if requested
|
||||
if (options.addHttpRedirect !== false) {
|
||||
routes.push(createHttpToHttpsRedirect({
|
||||
@ -339,6 +340,158 @@ export function createHttpsServer(
|
||||
priority: 100
|
||||
}));
|
||||
}
|
||||
|
||||
|
||||
return routes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a port range configuration from various input formats
|
||||
*/
|
||||
export function createPortRange(
|
||||
ports: number | number[] | string | Array<{ from: number; to: number }>
|
||||
): TPortRange {
|
||||
// If it's a string like "80,443" or "8000-9000", parse it
|
||||
if (typeof ports === 'string') {
|
||||
if (ports.includes('-')) {
|
||||
// Handle range like "8000-9000"
|
||||
const [start, end] = ports.split('-').map(p => parseInt(p.trim(), 10));
|
||||
return [{ from: start, to: end }];
|
||||
} else if (ports.includes(',')) {
|
||||
// Handle comma-separated list like "80,443,8080"
|
||||
return ports.split(',').map(p => parseInt(p.trim(), 10));
|
||||
} else {
|
||||
// Handle single port as string
|
||||
return parseInt(ports.trim(), 10);
|
||||
}
|
||||
}
|
||||
|
||||
// Otherwise return as is
|
||||
return ports;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a security configuration object
|
||||
*/
|
||||
export function createSecurityConfig(
|
||||
options: {
|
||||
allowedIps?: string[];
|
||||
blockedIps?: string[];
|
||||
maxConnections?: number;
|
||||
authentication?: {
|
||||
type: 'basic' | 'digest' | 'oauth';
|
||||
// Auth-specific options
|
||||
[key: string]: any;
|
||||
};
|
||||
}
|
||||
): IRouteSecurity {
|
||||
return {
|
||||
...(options.allowedIps ? { allowedIps: options.allowedIps } : {}),
|
||||
...(options.blockedIps ? { blockedIps: options.blockedIps } : {}),
|
||||
...(options.maxConnections ? { maxConnections: options.maxConnections } : {}),
|
||||
...(options.authentication ? { authentication: options.authentication } : {})
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a static file server route
|
||||
*/
|
||||
export function createStaticFileRoute(
|
||||
options: {
|
||||
ports?: number | number[]; // Default: 80
|
||||
domains: string | string[];
|
||||
path?: string;
|
||||
targetDirectory: string;
|
||||
tlsMode?: 'terminate' | 'terminate-and-reencrypt';
|
||||
certificate?: 'auto' | { key: string; cert: string };
|
||||
headers?: Record<string, string>;
|
||||
security?: IRouteSecurity;
|
||||
name?: string;
|
||||
description?: string;
|
||||
priority?: number;
|
||||
tags?: string[];
|
||||
}
|
||||
): IRouteConfig {
|
||||
const useTls = options.tlsMode !== undefined;
|
||||
const defaultPort = useTls ? 443 : 80;
|
||||
|
||||
return createRoute(
|
||||
{
|
||||
ports: options.ports || defaultPort,
|
||||
domains: options.domains,
|
||||
...(options.path ? { path: options.path } : {})
|
||||
},
|
||||
{
|
||||
type: 'forward',
|
||||
target: {
|
||||
host: 'localhost', // Static file serving is typically handled locally
|
||||
port: 0, // Special value indicating a static file server
|
||||
preservePort: false
|
||||
},
|
||||
...(useTls ? {
|
||||
tls: {
|
||||
mode: options.tlsMode!,
|
||||
certificate: options.certificate || 'auto'
|
||||
}
|
||||
} : {}),
|
||||
advanced: {
|
||||
...(options.headers ? { headers: options.headers } : {}),
|
||||
staticFiles: {
|
||||
directory: options.targetDirectory,
|
||||
indexFiles: ['index.html', 'index.htm']
|
||||
}
|
||||
},
|
||||
...(options.security ? { security: options.security } : {})
|
||||
},
|
||||
{
|
||||
name: options.name || 'Static File Server',
|
||||
description: options.description || `Serving static files from ${options.targetDirectory}`,
|
||||
priority: options.priority,
|
||||
tags: options.tags
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a test route for debugging purposes
|
||||
*/
|
||||
export function createTestRoute(
|
||||
options: {
|
||||
ports?: number | number[]; // Default: 8000
|
||||
domains?: string | string[];
|
||||
path?: string;
|
||||
response?: {
|
||||
status?: number;
|
||||
headers?: Record<string, string>;
|
||||
body?: string;
|
||||
};
|
||||
name?: string;
|
||||
}
|
||||
): IRouteConfig {
|
||||
return createRoute(
|
||||
{
|
||||
ports: options.ports || 8000,
|
||||
...(options.domains ? { domains: options.domains } : {}),
|
||||
...(options.path ? { path: options.path } : {})
|
||||
},
|
||||
{
|
||||
type: 'forward',
|
||||
target: {
|
||||
host: 'test', // Special value indicating a test route
|
||||
port: 0
|
||||
},
|
||||
advanced: {
|
||||
testResponse: {
|
||||
status: options.response?.status || 200,
|
||||
headers: options.response?.headers || { 'Content-Type': 'text/plain' },
|
||||
body: options.response?.body || 'Test route is working!'
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
name: options.name || 'Test Route',
|
||||
description: 'Route for testing and debugging',
|
||||
priority: 500,
|
||||
tags: ['test', 'debug']
|
||||
}
|
||||
);
|
||||
}
|
||||
9
ts/proxies/smart-proxy/route-helpers/index.ts
Normal file
9
ts/proxies/smart-proxy/route-helpers/index.ts
Normal file
@ -0,0 +1,9 @@
|
||||
/**
|
||||
* Route helpers for SmartProxy
|
||||
*
|
||||
* This module provides helper functions for creating various types of route configurations
|
||||
* to be used with the SmartProxy system.
|
||||
*/
|
||||
|
||||
// Re-export all functions from the route-helpers.ts file
|
||||
export * from '../route-helpers.js';
|
||||
@ -7,8 +7,7 @@ import type {
|
||||
} from './models/route-types.js';
|
||||
import type {
|
||||
ISmartProxyOptions,
|
||||
IRoutedSmartProxyOptions,
|
||||
IDomainConfig
|
||||
IRoutedSmartProxyOptions
|
||||
} from './models/interfaces.js';
|
||||
import {
|
||||
isRoutedOptions,
|
||||
|
||||
@ -6,7 +6,7 @@ import { SecurityManager } from './security-manager.js';
|
||||
import { TlsManager } from './tls-manager.js';
|
||||
import { NetworkProxyBridge } from './network-proxy-bridge.js';
|
||||
import { TimeoutManager } from './timeout-manager.js';
|
||||
import { PortRangeManager } from './port-range-manager.js';
|
||||
// import { PortRangeManager } from './port-range-manager.js';
|
||||
import { RouteManager } from './route-manager.js';
|
||||
import { RouteConnectionHandler } from './route-connection-handler.js';
|
||||
|
||||
@ -22,7 +22,7 @@ import type {
|
||||
ISmartProxyOptions,
|
||||
IRoutedSmartProxyOptions
|
||||
} from './models/interfaces.js';
|
||||
import { isRoutedOptions } from './models/interfaces.js';
|
||||
import { isRoutedOptions, isLegacyOptions } from './models/interfaces.js';
|
||||
import type { IRouteConfig } from './models/route-types.js';
|
||||
|
||||
/**
|
||||
@ -49,7 +49,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
private tlsManager: TlsManager;
|
||||
private networkProxyBridge: NetworkProxyBridge;
|
||||
private timeoutManager: TimeoutManager;
|
||||
private portRangeManager: PortRangeManager;
|
||||
// private portRangeManager: PortRangeManager;
|
||||
private routeManager: RouteManager;
|
||||
private routeConnectionHandler: RouteConnectionHandler;
|
||||
|
||||
@ -133,7 +133,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
autoRenew: true,
|
||||
certificateStore: './certs',
|
||||
skipConfiguredCerts: false,
|
||||
httpsRedirectPort: this.settings.fromPort || 443,
|
||||
httpsRedirectPort: 443,
|
||||
renewCheckIntervalHours: 24,
|
||||
domainForwards: []
|
||||
};
|
||||
@ -152,7 +152,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
this.routeManager = new RouteManager(this.settings);
|
||||
|
||||
// Create port range manager
|
||||
this.portRangeManager = new PortRangeManager(this.settings);
|
||||
// this.portRangeManager = new PortRangeManager(this.settings);
|
||||
|
||||
// Create other required components
|
||||
this.tlsManager = new TlsManager(this.settings);
|
||||
@ -220,22 +220,22 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
if (this.port80Handler) {
|
||||
const acme = this.settings.acme!;
|
||||
|
||||
// Setup domain forwards based on configuration type
|
||||
// Setup domain forwards
|
||||
const domainForwards = acme.domainForwards?.map(f => {
|
||||
if (isLegacyOptions(this.settings)) {
|
||||
// If using legacy mode, check if domain config exists
|
||||
const domainConfig = this.settings.domainConfigs.find(
|
||||
dc => dc.domains.some(d => d === f.domain)
|
||||
);
|
||||
// Check if a matching route exists
|
||||
const matchingRoute = this.settings.routes.find(
|
||||
route => Array.isArray(route.match.domains)
|
||||
? route.match.domains.some(d => d === f.domain)
|
||||
: route.match.domains === f.domain
|
||||
);
|
||||
|
||||
if (domainConfig?.forwarding) {
|
||||
return {
|
||||
domain: f.domain,
|
||||
forwardConfig: f.forwardConfig,
|
||||
acmeForwardConfig: f.acmeForwardConfig,
|
||||
sslRedirect: f.sslRedirect || domainConfig.forwarding.http?.redirectToHttps || false
|
||||
if (matchingRoute) {
|
||||
return {
|
||||
domain: f.domain,
|
||||
forwardConfig: f.forwardConfig,
|
||||
acmeForwardConfig: f.acmeForwardConfig,
|
||||
sslRedirect: f.sslRedirect || false
|
||||
};
|
||||
}
|
||||
} else {
|
||||
// In route mode, look for matching route
|
||||
const route = this.routeManager.findMatchingRoute({
|
||||
@ -332,10 +332,8 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
const isNetworkProxyPort = this.settings.useNetworkProxy?.includes(port);
|
||||
console.log(
|
||||
`SmartProxy -> OK: Now listening on port ${port}${
|
||||
isLegacyOptions(this.settings) && this.settings.sniEnabled && !isNetworkProxyPort ?
|
||||
' (SNI passthrough enabled)' :
|
||||
''
|
||||
}${isNetworkProxyPort ? ' (NetworkProxy forwarding enabled)' : ''}`
|
||||
isNetworkProxyPort ? ' (NetworkProxy forwarding enabled)' : ''
|
||||
}`
|
||||
);
|
||||
});
|
||||
|
||||
@ -723,17 +721,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
domains.push(...eligibleDomains);
|
||||
}
|
||||
|
||||
// For legacy mode, also get domains from domain configs
|
||||
if (isLegacyOptions(this.settings)) {
|
||||
for (const config of this.settings.domainConfigs) {
|
||||
// Skip domains that can't be used with ACME
|
||||
const eligibleDomains = config.domains.filter(domain =>
|
||||
!domain.includes('*') && this.isValidDomain(domain)
|
||||
);
|
||||
|
||||
domains.push(...eligibleDomains);
|
||||
}
|
||||
}
|
||||
// Legacy mode is no longer supported
|
||||
|
||||
return domains;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user