fix some tests and prepare next step of evolution
This commit is contained in:
Binary file not shown.
@@ -1,68 +0,0 @@
|
||||
# language of the project (csharp, python, rust, java, typescript, go, cpp, or ruby)
|
||||
# * For C, use cpp
|
||||
# * For JavaScript, use typescript
|
||||
# Special requirements:
|
||||
# * csharp: Requires the presence of a .sln file in the project folder.
|
||||
language: typescript
|
||||
|
||||
# whether to use the project's gitignore file to ignore files
|
||||
# Added on 2025-04-07
|
||||
ignore_all_files_in_gitignore: true
|
||||
# list of additional paths to ignore
|
||||
# same syntax as gitignore, so you can use * and **
|
||||
# Was previously called `ignored_dirs`, please update your config if you are using that.
|
||||
# Added (renamed)on 2025-04-07
|
||||
ignored_paths: []
|
||||
|
||||
# whether the project is in read-only mode
|
||||
# If set to true, all editing tools will be disabled and attempts to use them will result in an error
|
||||
# Added on 2025-04-18
|
||||
read_only: false
|
||||
|
||||
|
||||
# list of tool names to exclude. We recommend not excluding any tools, see the readme for more details.
|
||||
# Below is the complete list of tools for convenience.
|
||||
# To make sure you have the latest list of tools, and to view their descriptions,
|
||||
# execute `uv run scripts/print_tool_overview.py`.
|
||||
#
|
||||
# * `activate_project`: Activates a project by name.
|
||||
# * `check_onboarding_performed`: Checks whether project onboarding was already performed.
|
||||
# * `create_text_file`: Creates/overwrites a file in the project directory.
|
||||
# * `delete_lines`: Deletes a range of lines within a file.
|
||||
# * `delete_memory`: Deletes a memory from Serena's project-specific memory store.
|
||||
# * `execute_shell_command`: Executes a shell command.
|
||||
# * `find_referencing_code_snippets`: Finds code snippets in which the symbol at the given location is referenced.
|
||||
# * `find_referencing_symbols`: Finds symbols that reference the symbol at the given location (optionally filtered by type).
|
||||
# * `find_symbol`: Performs a global (or local) search for symbols with/containing a given name/substring (optionally filtered by type).
|
||||
# * `get_current_config`: Prints the current configuration of the agent, including the active and available projects, tools, contexts, and modes.
|
||||
# * `get_symbols_overview`: Gets an overview of the top-level symbols defined in a given file.
|
||||
# * `initial_instructions`: Gets the initial instructions for the current project.
|
||||
# Should only be used in settings where the system prompt cannot be set,
|
||||
# e.g. in clients you have no control over, like Claude Desktop.
|
||||
# * `insert_after_symbol`: Inserts content after the end of the definition of a given symbol.
|
||||
# * `insert_at_line`: Inserts content at a given line in a file.
|
||||
# * `insert_before_symbol`: Inserts content before the beginning of the definition of a given symbol.
|
||||
# * `list_dir`: Lists files and directories in the given directory (optionally with recursion).
|
||||
# * `list_memories`: Lists memories in Serena's project-specific memory store.
|
||||
# * `onboarding`: Performs onboarding (identifying the project structure and essential tasks, e.g. for testing or building).
|
||||
# * `prepare_for_new_conversation`: Provides instructions for preparing for a new conversation (in order to continue with the necessary context).
|
||||
# * `read_file`: Reads a file within the project directory.
|
||||
# * `read_memory`: Reads the memory with the given name from Serena's project-specific memory store.
|
||||
# * `remove_project`: Removes a project from the Serena configuration.
|
||||
# * `replace_lines`: Replaces a range of lines within a file with new content.
|
||||
# * `replace_symbol_body`: Replaces the full definition of a symbol.
|
||||
# * `restart_language_server`: Restarts the language server, may be necessary when edits not through Serena happen.
|
||||
# * `search_for_pattern`: Performs a search for a pattern in the project.
|
||||
# * `summarize_changes`: Provides instructions for summarizing the changes made to the codebase.
|
||||
# * `switch_modes`: Activates modes by providing a list of their names
|
||||
# * `think_about_collected_information`: Thinking tool for pondering the completeness of collected information.
|
||||
# * `think_about_task_adherence`: Thinking tool for determining whether the agent is still on track with the current task.
|
||||
# * `think_about_whether_you_are_done`: Thinking tool for determining whether the task is truly completed.
|
||||
# * `write_memory`: Writes a named memory (for future reference) to Serena's project-specific memory store.
|
||||
excluded_tools: []
|
||||
|
||||
# initial prompt for the project. It will always be given to the LLM upon activating the project
|
||||
# (contrary to the memories, which are loaded on demand).
|
||||
initial_prompt: ""
|
||||
|
||||
project_name: "smartproxy"
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"expiryDate": "2025-11-12T14:20:10.043Z",
|
||||
"issueDate": "2025-08-14T14:20:10.043Z",
|
||||
"savedAt": "2025-08-14T14:20:10.044Z"
|
||||
"expiryDate": "2026-03-09T00:26:32.907Z",
|
||||
"issueDate": "2025-12-09T00:26:32.907Z",
|
||||
"savedAt": "2025-12-09T00:26:32.907Z"
|
||||
}
|
||||
32
package.json
32
package.json
@@ -15,11 +15,11 @@
|
||||
"buildDocs": "tsdoc"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@git.zone/tsbuild": "^2.6.4",
|
||||
"@git.zone/tsrun": "^1.2.44",
|
||||
"@git.zone/tstest": "^2.3.1",
|
||||
"@types/node": "^22.15.29",
|
||||
"typescript": "^5.8.3",
|
||||
"@git.zone/tsbuild": "^3.1.2",
|
||||
"@git.zone/tsrun": "^2.0.0",
|
||||
"@git.zone/tstest": "^3.1.3",
|
||||
"@types/node": "^24.10.2",
|
||||
"typescript": "^5.9.3",
|
||||
"why-is-node-running": "^3.2.2"
|
||||
},
|
||||
"dependencies": {
|
||||
@@ -27,20 +27,20 @@
|
||||
"@push.rocks/smartacme": "^8.0.0",
|
||||
"@push.rocks/smartcrypto": "^2.0.4",
|
||||
"@push.rocks/smartdelay": "^3.0.5",
|
||||
"@push.rocks/smartfile": "^11.2.5",
|
||||
"@push.rocks/smartlog": "^3.1.8",
|
||||
"@push.rocks/smartnetwork": "^4.0.2",
|
||||
"@push.rocks/smartfile": "^13.1.0",
|
||||
"@push.rocks/smartlog": "^3.1.10",
|
||||
"@push.rocks/smartnetwork": "^4.4.0",
|
||||
"@push.rocks/smartpromise": "^4.2.3",
|
||||
"@push.rocks/smartrequest": "^2.1.0",
|
||||
"@push.rocks/smartrequest": "^5.0.1",
|
||||
"@push.rocks/smartrx": "^3.0.10",
|
||||
"@push.rocks/smartstring": "^4.0.15",
|
||||
"@push.rocks/taskbuffer": "^3.1.7",
|
||||
"@tsclass/tsclass": "^9.2.0",
|
||||
"@types/minimatch": "^5.1.2",
|
||||
"@push.rocks/smartstring": "^4.1.0",
|
||||
"@push.rocks/taskbuffer": "^3.5.0",
|
||||
"@tsclass/tsclass": "^9.3.0",
|
||||
"@types/minimatch": "^6.0.0",
|
||||
"@types/ws": "^8.18.1",
|
||||
"minimatch": "^10.0.1",
|
||||
"pretty-ms": "^9.2.0",
|
||||
"ws": "^8.18.2"
|
||||
"minimatch": "^10.1.1",
|
||||
"pretty-ms": "^9.3.0",
|
||||
"ws": "^8.18.3"
|
||||
},
|
||||
"files": [
|
||||
"ts/**/*",
|
||||
|
||||
6348
pnpm-lock.yaml
generated
6348
pnpm-lock.yaml
generated
File diff suppressed because it is too large
Load Diff
@@ -10,7 +10,6 @@ tap.test('should handle clients that connect and immediately disconnect without
|
||||
|
||||
// Create a SmartProxy instance
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8560],
|
||||
enableDetailedLogging: false,
|
||||
initialDataTimeout: 5000, // 5 second timeout for initial data
|
||||
routes: [{
|
||||
@@ -166,7 +165,6 @@ tap.test('should handle clients that error during connection', async () => {
|
||||
console.log('\n=== Testing Connection Error Cleanup ===');
|
||||
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8561],
|
||||
enableDetailedLogging: false,
|
||||
routes: [{
|
||||
name: 'test-route',
|
||||
|
||||
@@ -10,7 +10,6 @@ tap.test('comprehensive connection cleanup test - all scenarios', async () => {
|
||||
|
||||
// Create a SmartProxy instance
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8570, 8571], // One for immediate routing, one for TLS
|
||||
enableDetailedLogging: false,
|
||||
initialDataTimeout: 2000,
|
||||
socketTimeout: 5000,
|
||||
@@ -207,7 +206,6 @@ tap.test('comprehensive connection cleanup test - all scenarios', async () => {
|
||||
// Test 5: NFTables route (should cleanup properly)
|
||||
console.log('\n--- Test 5: NFTables route cleanup ---');
|
||||
const nftProxy = new SmartProxy({
|
||||
ports: [8572],
|
||||
enableDetailedLogging: false,
|
||||
routes: [{
|
||||
name: 'nftables-route',
|
||||
|
||||
@@ -120,7 +120,7 @@ tap.test('Per-IP connection limits', async () => {
|
||||
// Try to create one more connection - should fail
|
||||
try {
|
||||
await createConcurrentConnections(PROXY_PORT, 1);
|
||||
expect.fail('Should not allow more than 3 connections per IP');
|
||||
throw new Error('Should not allow more than 3 connections per IP');
|
||||
} catch (err) {
|
||||
expect(err.message).toInclude('ECONNRESET');
|
||||
}
|
||||
@@ -144,7 +144,7 @@ tap.test('Route-level connection limits', async () => {
|
||||
// Try to exceed route limit
|
||||
try {
|
||||
await createConcurrentConnections(PROXY_PORT, 1);
|
||||
expect.fail('Should not allow more than 5 connections for this route');
|
||||
throw new Error('Should not allow more than 5 connections for this route');
|
||||
} catch (err) {
|
||||
expect(err.message).toInclude('ECONNRESET');
|
||||
}
|
||||
@@ -221,7 +221,7 @@ tap.test('HttpProxy per-IP validation', async () => {
|
||||
// Should reject additional connections
|
||||
try {
|
||||
await createConcurrentConnections(PROXY_PORT + 10, 1);
|
||||
expect.fail('HttpProxy should enforce per-IP limits');
|
||||
throw new Error('HttpProxy should enforce per-IP limits');
|
||||
} catch (err) {
|
||||
expect(err.message).toInclude('ECONNRESET');
|
||||
}
|
||||
|
||||
@@ -46,7 +46,7 @@ tap.test('Route-based configuration examples', async (tools) => {
|
||||
|
||||
expect(httpsPassthroughRoute).toBeTruthy();
|
||||
expect(httpsPassthroughRoute.action.tls?.mode).toEqual('passthrough');
|
||||
expect(Array.isArray(httpsPassthroughRoute.action.target?.host)).toBeTrue();
|
||||
expect(Array.isArray(httpsPassthroughRoute.action.targets)).toBeTrue();
|
||||
|
||||
// Example 3: HTTPS Termination to HTTP Backend
|
||||
const terminateToHttpRoute = createHttpsTerminateRoute(
|
||||
@@ -90,7 +90,7 @@ tap.test('Route-based configuration examples', async (tools) => {
|
||||
|
||||
expect(loadBalancerRoute).toBeTruthy();
|
||||
expect(loadBalancerRoute.action.tls?.mode).toEqual('terminate-and-reencrypt');
|
||||
expect(Array.isArray(loadBalancerRoute.action.target?.host)).toBeTrue();
|
||||
expect(Array.isArray(loadBalancerRoute.action.targets)).toBeTrue();
|
||||
|
||||
// Example 5: API Route
|
||||
const apiRoute = createApiRoute(
|
||||
|
||||
@@ -18,7 +18,7 @@ tap.test('keepalive support - verify keepalive connections are properly handled'
|
||||
}
|
||||
});
|
||||
|
||||
socket.on('error', (err) => {
|
||||
socket.on('error', (err: NodeJS.ErrnoException) => {
|
||||
// Ignore errors from backend sockets
|
||||
console.log(`Backend socket error (expected during cleanup): ${err.code}`);
|
||||
});
|
||||
@@ -56,7 +56,7 @@ tap.test('keepalive support - verify keepalive connections are properly handled'
|
||||
const client1 = net.connect(8590, 'localhost');
|
||||
|
||||
// Add error handler to prevent unhandled errors
|
||||
client1.on('error', (err) => {
|
||||
client1.on('error', (err: NodeJS.ErrnoException) => {
|
||||
console.log(`Client1 error (expected during cleanup): ${err.code}`);
|
||||
});
|
||||
|
||||
@@ -133,7 +133,7 @@ tap.test('keepalive support - verify keepalive connections are properly handled'
|
||||
const client2 = net.connect(8591, 'localhost');
|
||||
|
||||
// Add error handler to prevent unhandled errors
|
||||
client2.on('error', (err) => {
|
||||
client2.on('error', (err: NodeJS.ErrnoException) => {
|
||||
console.log(`Client2 error (expected during cleanup): ${err.code}`);
|
||||
});
|
||||
|
||||
@@ -193,7 +193,7 @@ tap.test('keepalive support - verify keepalive connections are properly handled'
|
||||
const client3 = net.connect(8592, 'localhost');
|
||||
|
||||
// Add error handler to prevent unhandled errors
|
||||
client3.on('error', (err) => {
|
||||
client3.on('error', (err: NodeJS.ErrnoException) => {
|
||||
console.log(`Client3 error (expected during cleanup): ${err.code}`);
|
||||
});
|
||||
|
||||
|
||||
@@ -31,7 +31,6 @@ tap.test('should not have memory leaks in long-running operations', async (tools
|
||||
routes[0].match.ports = 8080;
|
||||
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8080], // Use non-privileged port
|
||||
routes: routes
|
||||
});
|
||||
await proxy.start();
|
||||
@@ -143,7 +142,7 @@ tap.test('should not have memory leaks in long-running operations', async (tools
|
||||
|
||||
// Cleanup
|
||||
await proxy.stop();
|
||||
await new Promise<void>((resolve) => targetServer.close(resolve));
|
||||
await new Promise<void>((resolve) => targetServer.close(() => resolve()));
|
||||
|
||||
console.log('Memory leak test completed successfully');
|
||||
});
|
||||
|
||||
@@ -6,7 +6,6 @@ tap.test('memory leak fixes verification', async () => {
|
||||
// Test 1: MetricsCollector requestTimestamps cleanup
|
||||
console.log('\n=== Test 1: MetricsCollector requestTimestamps cleanup ===');
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8081],
|
||||
routes: [
|
||||
createHttpRoute('test.local', { host: 'localhost', port: 3200 }, {
|
||||
match: {
|
||||
@@ -40,7 +39,7 @@ tap.test('memory leak fixes verification', async () => {
|
||||
|
||||
// Check RequestHandler has destroy method
|
||||
const { RequestHandler } = await import('../ts/proxies/http-proxy/request-handler.js');
|
||||
const requestHandler = new RequestHandler({}, null as any);
|
||||
const requestHandler = new RequestHandler({ port: 8080 }, null as any);
|
||||
expect(typeof requestHandler.destroy).toEqual('function');
|
||||
console.log('✓ RequestHandler has destroy method');
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ tap.test('memory leak fixes - unit tests', async () => {
|
||||
|
||||
// Add 6000 timestamps
|
||||
for (let i = 0; i < 6000; i++) {
|
||||
collector.recordRequest();
|
||||
collector.recordRequest(`conn-${i}`, 'test-route', '127.0.0.1');
|
||||
}
|
||||
|
||||
// Access private property for testing
|
||||
@@ -37,7 +37,7 @@ tap.test('memory leak fixes - unit tests', async () => {
|
||||
console.log(`Timestamps after 6000 requests: ${timestamps.length}`);
|
||||
|
||||
// Force one more request to trigger cleanup
|
||||
collector.recordRequest();
|
||||
collector.recordRequest('conn-final', 'test-route', '127.0.0.1');
|
||||
timestamps = (collector as any).requestTimestamps;
|
||||
console.log(`Timestamps after cleanup trigger: ${timestamps.length}`);
|
||||
|
||||
@@ -64,7 +64,7 @@ tap.test('memory leak fixes - unit tests', async () => {
|
||||
|
||||
// Add new timestamps to exceed limit
|
||||
for (let i = 0; i < 3000; i++) {
|
||||
collector.recordRequest();
|
||||
collector.recordRequest(`conn-new-${i}`, 'test-route', '127.0.0.1');
|
||||
}
|
||||
|
||||
timestamps = (collector as any).requestTimestamps;
|
||||
@@ -110,7 +110,7 @@ tap.test('memory leak fixes - unit tests', async () => {
|
||||
};
|
||||
|
||||
const handler = new RequestHandler(
|
||||
{ logLevel: 'error' },
|
||||
{ port: 8080, logLevel: 'error' },
|
||||
mockConnectionPool as any
|
||||
);
|
||||
|
||||
|
||||
@@ -29,10 +29,8 @@ tap.test('should create SmartProxy instance with new metrics', async () => {
|
||||
routes: [{
|
||||
name: 'test-route',
|
||||
match: {
|
||||
matchType: 'startsWith',
|
||||
matchAgainst: 'domain',
|
||||
value: ['*'],
|
||||
ports: [proxyPort] // Add the port to match on
|
||||
ports: [proxyPort],
|
||||
domains: '*'
|
||||
},
|
||||
action: {
|
||||
type: 'forward',
|
||||
@@ -45,9 +43,11 @@ tap.test('should create SmartProxy instance with new metrics', async () => {
|
||||
}
|
||||
}
|
||||
}],
|
||||
defaultTarget: {
|
||||
host: 'localhost',
|
||||
port: echoServerPort
|
||||
defaults: {
|
||||
target: {
|
||||
host: 'localhost',
|
||||
port: echoServerPort
|
||||
}
|
||||
},
|
||||
metrics: {
|
||||
enabled: true,
|
||||
|
||||
@@ -70,10 +70,14 @@ const SKIP_TESTS = true;
|
||||
|
||||
tap.skip.test('NFTablesManager setup test', async () => {
|
||||
// Test will be skipped if not running as root due to tap.skip.test
|
||||
|
||||
|
||||
// Create a SmartProxy instance first
|
||||
const { SmartProxy } = await import('../ts/proxies/smart-proxy/smart-proxy.js');
|
||||
const proxy = new SmartProxy(sampleOptions);
|
||||
|
||||
// Create a new instance of NFTablesManager
|
||||
manager = new NFTablesManager(sampleOptions);
|
||||
|
||||
manager = new NFTablesManager(proxy);
|
||||
|
||||
// Verify the instance was created successfully
|
||||
expect(manager).toBeTruthy();
|
||||
});
|
||||
|
||||
@@ -32,7 +32,9 @@ if (!isRoot) {
|
||||
const testFn = isRoot ? tap.test : tap.skip.test;
|
||||
|
||||
testFn('NFTablesManager status functionality', async () => {
|
||||
const nftablesManager = new NFTablesManager({ routes: [] });
|
||||
const { SmartProxy } = await import('../ts/proxies/smart-proxy/smart-proxy.js');
|
||||
const proxy = new SmartProxy({ routes: [] });
|
||||
const nftablesManager = new NFTablesManager(proxy);
|
||||
|
||||
// Create test routes
|
||||
const testRoutes = [
|
||||
|
||||
@@ -31,7 +31,6 @@ tap.test('setup two smartproxies in a chain configuration', async () => {
|
||||
acceptProxyProtocol: true,
|
||||
sendProxyProtocol: false,
|
||||
enableDetailedLogging: true,
|
||||
connectionCleanupInterval: 5000, // More frequent cleanup for testing
|
||||
inactivityTimeout: 10000 // Shorter timeout for testing
|
||||
});
|
||||
await innerProxy.start();
|
||||
@@ -61,7 +60,6 @@ tap.test('setup two smartproxies in a chain configuration', async () => {
|
||||
},
|
||||
sendProxyProtocol: true,
|
||||
enableDetailedLogging: true,
|
||||
connectionCleanupInterval: 5000, // More frequent cleanup for testing
|
||||
inactivityTimeout: 10000 // Shorter timeout for testing
|
||||
});
|
||||
await outerProxy.start();
|
||||
|
||||
@@ -24,7 +24,6 @@ tap.test('simple proxy chain test - identify connection accumulation', async ()
|
||||
|
||||
// Create SmartProxy2 (downstream)
|
||||
const proxy2 = new SmartProxy({
|
||||
ports: [8591],
|
||||
enableDetailedLogging: true,
|
||||
socketTimeout: 5000,
|
||||
routes: [{
|
||||
@@ -42,7 +41,6 @@ tap.test('simple proxy chain test - identify connection accumulation', async ()
|
||||
|
||||
// Create SmartProxy1 (upstream)
|
||||
const proxy1 = new SmartProxy({
|
||||
ports: [8590],
|
||||
enableDetailedLogging: true,
|
||||
socketTimeout: 5000,
|
||||
routes: [{
|
||||
@@ -91,7 +89,7 @@ tap.test('simple proxy chain test - identify connection accumulation', async ()
|
||||
dataReceived = true;
|
||||
});
|
||||
|
||||
client.on('error', (err) => {
|
||||
client.on('error', (err: NodeJS.ErrnoException) => {
|
||||
console.log(`Client error: ${err.code}`);
|
||||
resolve();
|
||||
});
|
||||
|
||||
@@ -11,7 +11,6 @@ tap.test('should handle proxy chaining without connection accumulation', async (
|
||||
|
||||
// Create SmartProxy2 (downstream proxy)
|
||||
const proxy2 = new SmartProxy({
|
||||
ports: [8581],
|
||||
enableDetailedLogging: false,
|
||||
socketTimeout: 5000,
|
||||
routes: [{
|
||||
@@ -29,7 +28,6 @@ tap.test('should handle proxy chaining without connection accumulation', async (
|
||||
|
||||
// Create SmartProxy1 (upstream proxy)
|
||||
const proxy1 = new SmartProxy({
|
||||
ports: [8580],
|
||||
enableDetailedLogging: false,
|
||||
socketTimeout: 5000,
|
||||
routes: [{
|
||||
@@ -71,7 +69,7 @@ tap.test('should handle proxy chaining without connection accumulation', async (
|
||||
await new Promise<void>((resolve) => {
|
||||
const client = new net.Socket();
|
||||
|
||||
client.on('error', (err) => {
|
||||
client.on('error', (err: NodeJS.ErrnoException) => {
|
||||
console.log(`Client received error: ${err.code}`);
|
||||
resolve();
|
||||
});
|
||||
@@ -261,7 +259,6 @@ tap.test('should handle proxy chain with HTTP traffic', async () => {
|
||||
|
||||
// Create SmartProxy2 with HTTP handling
|
||||
const proxy2 = new SmartProxy({
|
||||
ports: [8583],
|
||||
useHttpProxy: [8583], // Enable HTTP proxy handling
|
||||
httpProxyPort: 8584,
|
||||
enableDetailedLogging: false,
|
||||
@@ -280,7 +277,6 @@ tap.test('should handle proxy chain with HTTP traffic', async () => {
|
||||
|
||||
// Create SmartProxy1 with HTTP handling
|
||||
const proxy1 = new SmartProxy({
|
||||
ports: [8582],
|
||||
useHttpProxy: [8582], // Enable HTTP proxy handling
|
||||
httpProxyPort: 8585,
|
||||
enableDetailedLogging: false,
|
||||
|
||||
@@ -10,7 +10,6 @@ tap.test('should handle rapid connection retries without leaking connections', a
|
||||
|
||||
// Create a SmartProxy instance
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8550],
|
||||
enableDetailedLogging: false,
|
||||
maxConnectionLifetime: 10000,
|
||||
socketTimeout: 5000,
|
||||
@@ -128,7 +127,6 @@ tap.test('should handle routing failures without leaking connections', async ()
|
||||
|
||||
// Create a SmartProxy instance with no routes
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8551],
|
||||
enableDetailedLogging: false,
|
||||
maxConnectionLifetime: 10000,
|
||||
socketTimeout: 5000,
|
||||
|
||||
@@ -209,10 +209,10 @@ tap.test('SmartProxy: Should create instance with route-based config', async ()
|
||||
})
|
||||
],
|
||||
defaults: {
|
||||
targets: [{
|
||||
target: {
|
||||
host: 'localhost',
|
||||
port: 8080
|
||||
}],
|
||||
},
|
||||
security: {
|
||||
ipAllowList: ['127.0.0.1', '192.168.0.*'],
|
||||
maxConnections: 100
|
||||
|
||||
@@ -7,7 +7,6 @@ tap.test('websocket keep-alive settings for SNI passthrough', async (tools) => {
|
||||
console.log('\n=== Test 1: Grace periods for encrypted connections ===');
|
||||
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8443],
|
||||
keepAliveTreatment: 'extended',
|
||||
keepAliveInactivityMultiplier: 10,
|
||||
inactivityTimeout: 60000, // 1 minute for testing
|
||||
@@ -100,7 +99,6 @@ tap.test('long-lived connection survival test', async (tools) => {
|
||||
|
||||
// Create proxy with immortal keep-alive
|
||||
const proxy = new SmartProxy({
|
||||
ports: [8444],
|
||||
keepAliveTreatment: 'immortal', // Never timeout
|
||||
routes: [
|
||||
{
|
||||
@@ -150,7 +148,7 @@ tap.test('long-lived connection survival test', async (tools) => {
|
||||
clearInterval(pingInterval);
|
||||
client.destroy();
|
||||
await proxy.stop();
|
||||
await new Promise<void>((resolve) => echoServer.close(resolve));
|
||||
await new Promise<void>((resolve) => echoServer.close(() => resolve()));
|
||||
|
||||
console.log('✅ Long-lived connection survived past 30-second timeout!');
|
||||
});
|
||||
|
||||
@@ -43,7 +43,6 @@ tap.test('zombie connection cleanup - verify inactivity check detects and cleans
|
||||
|
||||
// Create InnerProxy with faster inactivity check for testing
|
||||
const innerProxy = new SmartProxy({
|
||||
ports: [8591],
|
||||
enableDetailedLogging: true,
|
||||
inactivityTimeout: 5000, // 5 seconds for faster testing
|
||||
inactivityCheckInterval: 1000, // Check every second
|
||||
@@ -62,7 +61,6 @@ tap.test('zombie connection cleanup - verify inactivity check detects and cleans
|
||||
|
||||
// Create OuterProxy with faster inactivity check
|
||||
const outerProxy = new SmartProxy({
|
||||
ports: [8590],
|
||||
enableDetailedLogging: true,
|
||||
inactivityTimeout: 5000, // 5 seconds for faster testing
|
||||
inactivityCheckInterval: 1000, // Check every second
|
||||
|
||||
@@ -89,7 +89,6 @@ export interface ISmartProxyOptions {
|
||||
enableDetailedLogging?: boolean; // Enable detailed connection logging
|
||||
enableTlsDebugLogging?: boolean; // Enable TLS handshake debug logging
|
||||
enableRandomizedTimeouts?: boolean; // Randomize timeouts slightly to prevent thundering herd
|
||||
allowSessionTicket?: boolean; // Allow TLS session ticket for reconnection (default: true)
|
||||
|
||||
// Rate limiting and security
|
||||
maxConnectionsPerIP?: number; // Maximum simultaneous connections from a single IP
|
||||
|
||||
@@ -184,14 +184,28 @@ export class RouteConnectionHandler {
|
||||
const needsTlsHandling = allRoutes.some(route => {
|
||||
// Check if route matches this port
|
||||
const matchesPort = this.smartProxy.routeManager.getRoutesForPort(localPort).includes(route);
|
||||
|
||||
return matchesPort &&
|
||||
route.action.type === 'forward' &&
|
||||
route.action.tls &&
|
||||
(route.action.tls.mode === 'terminate' ||
|
||||
|
||||
return matchesPort &&
|
||||
route.action.type === 'forward' &&
|
||||
route.action.tls &&
|
||||
(route.action.tls.mode === 'terminate' ||
|
||||
route.action.tls.mode === 'passthrough');
|
||||
});
|
||||
|
||||
// Auto-calculate session ticket handling based on route configuration
|
||||
// If any route on this port terminates TLS, allow session tickets (HttpProxy handles resumption)
|
||||
// Otherwise, block session tickets (need SNI for passthrough routing)
|
||||
const hasTlsTermination = allRoutes.some(route => {
|
||||
const matchesPort = this.smartProxy.routeManager.getRoutesForPort(localPort).includes(route);
|
||||
|
||||
return matchesPort &&
|
||||
route.action.type === 'forward' &&
|
||||
route.action.tls &&
|
||||
(route.action.tls.mode === 'terminate' ||
|
||||
route.action.tls.mode === 'terminate-and-reencrypt');
|
||||
});
|
||||
const allowSessionTicket = hasTlsTermination;
|
||||
|
||||
// If no routes require TLS handling and it's not port 443, route immediately
|
||||
if (!needsTlsHandling && localPort !== 443) {
|
||||
// Extract underlying socket for socket-utils functions
|
||||
@@ -345,7 +359,7 @@ export class RouteConnectionHandler {
|
||||
record.lockedDomain = serverName;
|
||||
|
||||
// Check if we should reject connections without SNI
|
||||
if (!serverName && this.smartProxy.settings.allowSessionTicket === false) {
|
||||
if (!serverName && allowSessionTicket === false) {
|
||||
logger.log('warn', `No SNI detected in TLS ClientHello for connection ${record.id}; sending TLS alert`, {
|
||||
connectionId: record.id,
|
||||
component: 'route-handler'
|
||||
|
||||
@@ -137,8 +137,6 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
enableDetailedLogging: settingsArg.enableDetailedLogging || false,
|
||||
enableTlsDebugLogging: settingsArg.enableTlsDebugLogging || false,
|
||||
enableRandomizedTimeouts: settingsArg.enableRandomizedTimeouts || false,
|
||||
allowSessionTicket:
|
||||
settingsArg.allowSessionTicket !== undefined ? settingsArg.allowSessionTicket : true,
|
||||
maxConnectionsPerIP: settingsArg.maxConnectionsPerIP || 100,
|
||||
connectionRateLimitPerMinute: settingsArg.connectionRateLimitPerMinute || 300,
|
||||
keepAliveTreatment: settingsArg.keepAliveTreatment || 'extended',
|
||||
|
||||
@@ -50,43 +50,7 @@ export class TlsManager {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle session resumption attempts
|
||||
*/
|
||||
public handleSessionResumption(
|
||||
chunk: Buffer,
|
||||
connectionId: string,
|
||||
hasSNI: boolean
|
||||
): { shouldBlock: boolean; reason?: string } {
|
||||
// Skip if session tickets are allowed
|
||||
if (this.smartProxy.settings.allowSessionTicket !== false) {
|
||||
return { shouldBlock: false };
|
||||
}
|
||||
|
||||
// Check for session resumption attempt
|
||||
const resumptionInfo = SniHandler.hasSessionResumption(
|
||||
chunk,
|
||||
this.smartProxy.settings.enableTlsDebugLogging || false
|
||||
);
|
||||
|
||||
// If this is a resumption attempt without SNI, block it
|
||||
if (resumptionInfo.isResumption && !hasSNI && !resumptionInfo.hasSNI) {
|
||||
if (this.smartProxy.settings.enableTlsDebugLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] Session resumption detected without SNI and allowSessionTicket=false. ` +
|
||||
`Terminating connection to force new TLS handshake.`
|
||||
);
|
||||
}
|
||||
return {
|
||||
shouldBlock: true,
|
||||
reason: 'session_ticket_blocked'
|
||||
};
|
||||
}
|
||||
|
||||
return { shouldBlock: false };
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Check for SNI mismatch during renegotiation
|
||||
*/
|
||||
public checkRenegotiationSNI(
|
||||
|
||||
Reference in New Issue
Block a user