push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BREAKING CHANGE(smart-proxy/utils/route-validator): Consolidate and refactor route validators; move to class-based API and update usages

Browse Source 
Replaced legacy route-validators.ts with a unified route-validator.ts that provides a class-based RouteValidator plus the previous functional API (isValidPort, isValidDomain, validateRouteMatch, validateRouteAction, validateRouteConfig, validateRoutes, hasRequiredPropertiesForAction, assertValidRoute) for backwards compatibility. Updated utils exports and all imports/tests to reference the new module. Also switched static file loading in certificate manager to use SmartFileFactory.nodeFs(), and added @push.rocks/smartserve to devDependencies.
This commit is contained in:
Jürgen Kunz
2025-12-09 09:33:50 +00:00
parent be3ac75422
commit c4b9d7eb72
14 changed files with 725 additions and 2837 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
changelog.md
View File

@@ -1,5 +1,16 @@
# Changelog
## 2025-12-09 - 22.0.0 - BREAKING CHANGE(smart-proxy/utils/route-validator)
Consolidate and refactor route validators; move to class-based API and update usages
Replaced legacy route-validators.ts with a unified route-validator.ts that provides a class-based RouteValidator plus the previous functional API (isValidPort, isValidDomain, validateRouteMatch, validateRouteAction, validateRouteConfig, validateRoutes, hasRequiredPropertiesForAction, assertValidRoute) for backwards compatibility. Updated utils exports and all imports/tests to reference the new module. Also switched static file loading in certificate manager to use SmartFileFactory.nodeFs(), and added @push.rocks/smartserve to devDependencies.
- Rename and consolidate validator module: route-validators.ts removed; route-validator.ts added with RouteValidator class and duplicated functional API for compatibility.
- Updated exports in ts/proxies/smart-proxy/utils/index.ts and all internal imports/tests to reference './route-validator.js' instead of './route-validators.js'.
- Certificate manager now uses plugins.smartfile.SmartFileFactory.nodeFs() to load key/cert files (safer factory usage instead of direct static calls).
- Added @push.rocks/smartserve to devDependencies in package.json.
- Because the validator filename and some import paths changed, this is a breaking change for consumers importing the old module path.
## 2025-08-19 - 21.1.7 - fix(route-validator)
Relax domain validation to accept 'localhost', prefix wildcards (e.g. *example.com) and IP literals; add comprehensive domain validation tests

1
package.json
View File

@@ -18,6 +18,7 @@
"@git.zone/tsbuild": "^3.1.2",
"@git.zone/tsrun": "^2.0.0",
"@git.zone/tstest": "^3.1.3",
"@push.rocks/smartserve": "^1.4.0",
"@types/node": "^24.10.2",
"typescript": "^5.9.3",
"why-is-node-running": "^3.2.2"

2777
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

2
test/test.route-config.ts
View File

@@ -26,7 +26,7 @@ import {
isValidPort,
hasRequiredPropertiesForAction,
assertValidRoute
} from '../ts/proxies/smart-proxy/utils/route-validators.js';
} from '../ts/proxies/smart-proxy/utils/route-validator.js';
import {
createHttpRoute,

2
test/test.route-utils.ts
View File

@@ -24,7 +24,7 @@ import {
validateRouteAction,
hasRequiredPropertiesForAction,
assertValidRoute
} from '../ts/proxies/smart-proxy/utils/route-validators.js';
} from '../ts/proxies/smart-proxy/utils/route-validator.js';
import {
// Route utilities

2
ts/00_commitinfo_data.ts
View File

@@ -3,6 +3,6 @@
*/
export const commitinfo = {
name: '@push.rocks/smartproxy',
version: '21.1.7',
version: '22.0.0',
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
}

2
ts/proxies/http-proxy/http-proxy.ts
View File

@@ -304,7 +304,7 @@ export class HttpProxy implements IMetricsTracker {
// For SmartProxy connections, wait for CLIENT_IP header
if (isFromSmartProxy) {
const MAX_PREFACE = 256; // bytes - prevent DoS
const HEADER_TIMEOUT_MS = 500; // timeout for header parsing
const HEADER_TIMEOUT_MS = 2000; // timeout for header parsing (increased for slow networks)
let headerTimer: NodeJS.Timeout | undefined;
let buffered = Buffer.alloc(0);

141
ts/proxies/nftables-proxy/nftables-proxy.ts
View File

@@ -76,22 +76,30 @@ export class NfTablesProxy {
// Register cleanup handlers if deleteOnExit is true
if (this.settings.deleteOnExit) {
const cleanup = () => {
// Synchronous cleanup for 'exit' event (only sync code runs here)
const syncCleanup = () => {
try {
this.stopSync();
} catch (err) {
this.log('error', 'Error cleaning nftables rules on exit:', { error: err.message });
}
};
process.on('exit', cleanup);
// Async cleanup for signal handlers (preferred, non-blocking)
const asyncCleanup = async () => {
try {
await this.stop();
} catch (err) {
this.log('error', 'Error cleaning nftables rules on signal:', { error: err.message });
}
};
process.on('exit', syncCleanup);
process.on('SIGINT', () => {
cleanup();
process.exit();
asyncCleanup().finally(() => process.exit());
});
process.on('SIGTERM', () => {
cleanup();
process.exit();
asyncCleanup().finally(() => process.exit());
});
}
}
@@ -219,37 +227,17 @@ export class NfTablesProxy {
}
/**
* Execute system command synchronously with multiple attempts
* @deprecated This method blocks the event loop and should be avoided. Use executeWithRetry instead.
* WARNING: This method contains a busy wait loop that will block the entire Node.js event loop!
* Execute system command synchronously (single attempt, no retry)
* Used only for exit handlers where the process is terminating anyway.
* For normal operations, use the async executeWithRetry method.
*/
private executeWithRetrySync(command: string, maxRetries = 3, retryDelayMs = 1000): string {
// Log deprecation warning
console.warn('[DEPRECATION WARNING] executeWithRetrySync blocks the event loop and should not be used. Consider using the async executeWithRetry method instead.');
let lastError: Error | undefined;
for (let i = 0; i < maxRetries; i++) {
try {
return execSync(command).toString();
} catch (err) {
lastError = err;
this.log('warn', `Command failed (attempt ${i+1}/${maxRetries}): ${command}`, { error: err.message });
// Wait before retry, unless it's the last attempt
if (i < maxRetries - 1) {
// CRITICAL: This busy wait loop blocks the entire event loop!
// This is a temporary fallback for sync contexts only.
// TODO: Remove this method entirely and make all callers async
const waitUntil = Date.now() + retryDelayMs;
while (Date.now() < waitUntil) {
// Busy wait - blocks event loop
}
}
}
private executeSync(command: string): string {
try {
return execSync(command, { timeout: 5000 }).toString();
} catch (err) {
this.log('warn', `Sync command failed: ${command}`, { error: err.message });
throw err;
}
throw new NftExecutionError(`Failed after ${maxRetries} attempts: ${lastError?.message || 'Unknown error'}`);
}
/**
@@ -1649,67 +1637,66 @@ export class NfTablesProxy {
}
/**
* Synchronous version of stop, for use in exit handlers
* Synchronous version of stop, for use in exit handlers only.
* Uses single-attempt commands without retry (process is exiting anyway).
*/
public stopSync(): void {
try {
let rulesetContent = '';
// Process rules in reverse order (LIFO)
for (let i = this.rules.length - 1; i >= 0; i--) {
const rule = this.rules[i];
if (rule.added) {
// Create delete rules by replacing 'add' with 'delete'
const deleteRule = rule.ruleContents.replace('add rule', 'delete rule');
rulesetContent += `${deleteRule}\n`;
}
}
// Apply the ruleset if we have any rules to delete
if (rulesetContent) {
// Write to temporary file
fs.writeFileSync(this.tempFilePath, rulesetContent);
// Apply the ruleset
this.executeWithRetrySync(
`${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`,
this.settings.maxRetries,
this.settings.retryDelayMs
);
// Apply the ruleset (single attempt, no retry - process is exiting)
this.executeSync(`${NfTablesProxy.NFT_CMD} -f ${this.tempFilePath}`);
this.log('info', 'Removed all added rules');
// Mark all rules as removed
this.rules.forEach(rule => {
rule.added = false;
rule.verified = false;
});
// Remove temporary file
fs.unlinkSync(this.tempFilePath);
try {
fs.unlinkSync(this.tempFilePath);
} catch {
// Ignore - process is exiting
}
}
// Clean up IP sets if we created any
if (this.settings.useIPSets && this.ipSets.size > 0) {
for (const [key, _] of this.ipSets) {
const [family, setName] = key.split(':');
try {
this.executeWithRetrySync(
`${NfTablesProxy.NFT_CMD} delete set ${family} ${this.tableName} ${setName}`,
this.settings.maxRetries,
this.settings.retryDelayMs
this.executeSync(
`${NfTablesProxy.NFT_CMD} delete set ${family} ${this.tableName} ${setName}`
);
} catch (err) {
} catch {
// Non-critical error, continue
}
}
}
// Optionally clean up tables if they're empty (sync version)
this.cleanupEmptyTablesSync();
this.log('info', 'NfTablesProxy stopped successfully');
} catch (err) {
this.log('error', `Error stopping NfTablesProxy: ${err.message}`);
@@ -1760,7 +1747,7 @@ export class NfTablesProxy {
}
/**
* Synchronous version of cleanupEmptyTables
* Synchronous version of cleanupEmptyTables (for exit handlers only)
*/
private cleanupEmptyTablesSync(): void {
// Check if tables are empty, and if so, delete them
@@ -1769,38 +1756,32 @@ export class NfTablesProxy {
if (family === 'ip6' && !this.settings.ipv6Support) {
continue;
}
try {
// Check if table exists
const tableExistsOutput = this.executeWithRetrySync(
`${NfTablesProxy.NFT_CMD} list tables ${family}`,
this.settings.maxRetries,
this.settings.retryDelayMs
const tableExistsOutput = this.executeSync(
`${NfTablesProxy.NFT_CMD} list tables ${family}`
);
const tableExists = tableExistsOutput.includes(`table ${family} ${this.tableName}`);
if (!tableExists) {
continue;
}
// Check if the table has any rules
const stdout = this.executeWithRetrySync(
`${NfTablesProxy.NFT_CMD} list table ${family} ${this.tableName}`,
this.settings.maxRetries,
this.settings.retryDelayMs
const stdout = this.executeSync(
`${NfTablesProxy.NFT_CMD} list table ${family} ${this.tableName}`
);
const hasRules = stdout.includes('rule');
if (!hasRules) {
// Table is empty, delete it
this.executeWithRetrySync(
`${NfTablesProxy.NFT_CMD} delete table ${family} ${this.tableName}`,
this.settings.maxRetries,
this.settings.retryDelayMs
this.executeSync(
`${NfTablesProxy.NFT_CMD} delete table ${family} ${this.tableName}`
);
this.log('info', `Deleted empty table ${family} ${this.tableName}`);
}
} catch (err) {

5
ts/proxies/smart-proxy/certificate-manager.ts
View File

@@ -389,12 +389,13 @@ export class SmartCertManager {
let cert: string = certConfig.cert;
// Load from files if paths are provided
const smartFileFactory = plugins.smartfile.SmartFileFactory.nodeFs();
if (certConfig.keyFile) {
const keyFile = await plugins.smartfile.SmartFile.fromFilePath(certConfig.keyFile);
const keyFile = await smartFileFactory.fromFilePath(certConfig.keyFile);
key = keyFile.contents.toString();
}
if (certConfig.certFile) {
const certFile = await plugins.smartfile.SmartFile.fromFilePath(certConfig.certFile);
const certFile = await smartFileFactory.fromFilePath(certConfig.certFile);
cert = certFile.contents.toString();
}

52
ts/proxies/smart-proxy/http-proxy-bridge.ts
View File

@@ -109,17 +109,46 @@ export class HttpProxyBridge {
if (!this.httpProxy) {
throw new Error('HttpProxy not initialized');
}
// Check if client socket is already destroyed before proceeding
const underlyingSocket = socket instanceof WrappedSocket ? socket.socket : socket;
if (underlyingSocket.destroyed) {
console.log(`[${connectionId}] Client socket already destroyed, skipping HttpProxy forwarding`);
cleanupCallback('client_disconnected_before_proxy');
return;
}
const proxySocket = new plugins.net.Socket();
await new Promise<void>((resolve, reject) => {
proxySocket.connect(httpProxyPort, 'localhost', () => {
console.log(`[${connectionId}] Connected to HttpProxy for termination`);
resolve();
// Handle client disconnect during proxy connection setup
const clientDisconnectHandler = () => {
console.log(`[${connectionId}] Client disconnected during HttpProxy connection setup`);
proxySocket.destroy();
cleanupCallback('client_disconnected_during_setup');
};
underlyingSocket.once('close', clientDisconnectHandler);
try {
await new Promise<void>((resolve, reject) => {
proxySocket.connect(httpProxyPort, 'localhost', () => {
console.log(`[${connectionId}] Connected to HttpProxy for termination`);
resolve();
});
proxySocket.on('error', reject);
});
proxySocket.on('error', reject);
});
} finally {
// Remove the disconnect handler after connection attempt
underlyingSocket.removeListener('close', clientDisconnectHandler);
}
// Double-check client socket is still connected after async operation
if (underlyingSocket.destroyed) {
console.log(`[${connectionId}] Client disconnected while connecting to HttpProxy`);
proxySocket.destroy();
cleanupCallback('client_disconnected_after_proxy_connect');
return;
}
// Send client IP information header first (custom protocol)
// Format: "CLIENT_IP:<ip>\r\n"
@@ -136,10 +165,7 @@ export class HttpProxyBridge {
proxySocket.write(initialChunk);
}
// Use centralized bidirectional forwarding
// Extract underlying socket if it's a WrappedSocket
const underlyingSocket = socket instanceof WrappedSocket ? socket.socket : socket;
// Use centralized bidirectional forwarding (underlyingSocket already extracted above)
setupBidirectionalForwarding(underlyingSocket, proxySocket, {
onClientData: (chunk) => {
// Update stats - this is the ONLY place bytes are counted for HttpProxy connections

8
ts/proxies/smart-proxy/utils/index.ts
View File

@@ -8,8 +8,8 @@
// Export route helpers for creating route configurations
export * from './route-helpers.js';
// Export route validators for validating route configurations
export * from './route-validators.js';
// Export route validator (class-based and functional API)
export * from './route-validator.js';
// Export route utilities for route operations
export * from './route-utils.js';
@@ -20,6 +20,4 @@ export {
addRateLimiting,
addBasicAuth,
addJwtAuth
} from './route-helpers.js';
// Migration utilities have been removed as they are no longer needed
} from './route-helpers.js';

2
ts/proxies/smart-proxy/utils/route-utils.ts
View File

@@ -6,7 +6,7 @@
*/
import type { IRouteConfig, IRouteMatch } from '../models/route-types.js';
import { validateRouteConfig } from './route-validators.js';
import { validateRouteConfig } from './route-validator.js';
/**
* Merge two route configurations

274
ts/proxies/smart-proxy/utils/route-validator.ts
View File

@@ -1,5 +1,5 @@
import { logger } from '../../../core/utils/logger.js';
import type { IRouteConfig } from '../models/route-types.js';
import type { IRouteConfig, IRouteMatch, IRouteAction, TPortRange } from '../models/route-types.js';
/**
* Validates route configurations for correctness and safety
@@ -454,7 +454,7 @@ export class RouteValidator {
errors: routeErrors,
component: 'route-validator'
});
for (const error of routeErrors) {
logger.log('error', ` - ${error}`, {
route: routeName,
@@ -463,4 +463,274 @@ export class RouteValidator {
}
}
}
}
// ============================================================================
// Functional API (for backwards compatibility with route-validators.ts)
// ============================================================================
/**
* Validates a port range or port number
* @param port Port number, port range, or port function
* @returns True if valid, false otherwise
*/
export function isValidPort(port: any): boolean {
if (typeof port === 'number') {
return port > 0 && port < 65536;
} else if (Array.isArray(port)) {
return port.every(p =>
(typeof p === 'number' && p > 0 && p < 65536) ||
(typeof p === 'object' && 'from' in p && 'to' in p &&
p.from > 0 && p.from < 65536 && p.to > 0 && p.to < 65536)
);
} else if (typeof port === 'function') {
return true;
} else if (typeof port === 'object' && 'from' in port && 'to' in port) {
return port.from > 0 && port.from < 65536 && port.to > 0 && port.to < 65536;
}
return false;
}
/**
* Validates a domain string - supports wildcards, localhost, and IP addresses
* @param domain Domain string to validate
* @returns True if valid, false otherwise
*/
export function isValidDomain(domain: string): boolean {
if (!domain || typeof domain !== 'string') return false;
if (domain === '*') return true;
if (domain === 'localhost') return true;
const domainPatterns = [
// Standard domain with optional wildcard subdomain (*.example.com)
/^(\*\.)?([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/,
// Wildcard prefix without dot (*example.com)
/^\*[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?))*$/,
// IP address
/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/,
// IPv6 address
/^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$/
];
return domainPatterns.some(pattern => pattern.test(domain));
}
/**
* Validates a route match configuration
* @param match Route match configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteMatch(match: IRouteMatch): { valid: boolean; errors: string[] } {
const errors: string[] = [];
if (match.ports !== undefined) {
if (!isValidPort(match.ports)) {
errors.push('Invalid port number or port range in match.ports');
}
}
if (match.domains !== undefined) {
if (typeof match.domains === 'string') {
if (!isValidDomain(match.domains)) {
errors.push(`Invalid domain format: ${match.domains}`);
}
} else if (Array.isArray(match.domains)) {
for (const domain of match.domains) {
if (!isValidDomain(domain)) {
errors.push(`Invalid domain format: ${domain}`);
}
}
} else {
errors.push('Domains must be a string or an array of strings');
}
}
if (match.path !== undefined) {
if (typeof match.path !== 'string' || !match.path.startsWith('/')) {
errors.push('Path must be a string starting with /');
}
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validates a route action configuration
* @param action Route action configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteAction(action: IRouteAction): { valid: boolean; errors: string[] } {
const errors: string[] = [];
if (!action.type) {
errors.push('Action type is required');
} else if (!['forward', 'socket-handler'].includes(action.type)) {
errors.push(`Invalid action type: ${action.type}`);
}
if (action.type === 'forward') {
if (!action.targets || !Array.isArray(action.targets) || action.targets.length === 0) {
errors.push('Targets array is required for forward action');
} else {
action.targets.forEach((target, index) => {
if (!target.host) {
errors.push(`Target[${index}] host is required`);
} else if (typeof target.host !== 'string' &&
!Array.isArray(target.host) &&
typeof target.host !== 'function') {
errors.push(`Target[${index}] host must be a string, array of strings, or function`);
}
if (target.port === undefined) {
errors.push(`Target[${index}] port is required`);
} else if (typeof target.port !== 'number' &&
typeof target.port !== 'function' &&
target.port !== 'preserve') {
errors.push(`Target[${index}] port must be a number, 'preserve', or a function`);
} else if (typeof target.port === 'number' && !isValidPort(target.port)) {
errors.push(`Target[${index}] port must be between 1 and 65535`);
}
if (target.match) {
if (target.match.ports && !Array.isArray(target.match.ports)) {
errors.push(`Target[${index}] match.ports must be an array`);
}
if (target.match.method && !Array.isArray(target.match.method)) {
errors.push(`Target[${index}] match.method must be an array`);
}
}
});
}
if (action.tls) {
if (!['passthrough', 'terminate', 'terminate-and-reencrypt'].includes(action.tls.mode)) {
errors.push(`Invalid TLS mode: ${action.tls.mode}`);
}
if (['terminate', 'terminate-and-reencrypt'].includes(action.tls.mode)) {
if (action.tls.certificate !== 'auto' &&
(!action.tls.certificate || !action.tls.certificate.key || !action.tls.certificate.cert)) {
errors.push('Certificate must be "auto" or an object with key and cert properties');
}
}
}
}
if (action.type === 'socket-handler') {
if (!action.socketHandler) {
errors.push('Socket handler function is required for socket-handler action');
} else if (typeof action.socketHandler !== 'function') {
errors.push('Socket handler must be a function');
}
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validates a complete route configuration
* @param route Route configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteConfig(route: IRouteConfig): { valid: boolean; errors: string[] } {
const errors: string[] = [];
if (!route.match) {
errors.push('Route match configuration is required');
}
if (!route.action) {
errors.push('Route action configuration is required');
}
if (route.match) {
const matchValidation = validateRouteMatch(route.match);
if (!matchValidation.valid) {
errors.push(...matchValidation.errors.map(err => `Match: ${err}`));
}
}
if (route.action) {
const actionValidation = validateRouteAction(route.action);
if (!actionValidation.valid) {
errors.push(...actionValidation.errors.map(err => `Action: ${err}`));
}
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validate an array of route configurations
* @param routes Array of route configurations to validate
* @returns { valid: boolean, errors: { index: number, errors: string[] }[] } Validation result
*/
export function validateRoutes(routes: IRouteConfig[]): {
valid: boolean;
errors: { index: number; errors: string[] }[]
} {
const results: { index: number; errors: string[] }[] = [];
routes.forEach((route, index) => {
const validation = validateRouteConfig(route);
if (!validation.valid) {
results.push({
index,
errors: validation.errors
});
}
});
return {
valid: results.length === 0,
errors: results
};
}
/**
* Check if a route configuration has the required properties for a specific action type
* @param route Route configuration to check
* @param actionType Expected action type
* @returns True if the route has the necessary properties, false otherwise
*/
export function hasRequiredPropertiesForAction(route: IRouteConfig, actionType: string): boolean {
if (!route.action || route.action.type !== actionType) {
return false;
}
switch (actionType) {
case 'forward':
return !!route.action.targets &&
Array.isArray(route.action.targets) &&
route.action.targets.length > 0 &&
route.action.targets.every(t => t.host && t.port !== undefined);
case 'socket-handler':
return !!route.action.socketHandler && typeof route.action.socketHandler === 'function';
default:
return false;
}
}
/**
* Throws an error if the route config is invalid, returns the config if valid
* Useful for immediate validation when creating routes
* @param route Route configuration to validate
* @returns The validated route configuration
* @throws Error if the route configuration is invalid
*/
export function assertValidRoute(route: IRouteConfig): IRouteConfig {
const validation = validateRouteConfig(route);
if (!validation.valid) {
throw new Error(`Invalid route configuration: ${validation.errors.join(', ')}`);
}
return route;
}

283
ts/proxies/smart-proxy/utils/route-validators.ts
View File

@@ -1,283 +0,0 @@
/**
* Route Validators
*
* This file provides utility functions for validating route configurations.
* These validators help ensure that route configurations are valid and correctly structured.
*/
import type { IRouteConfig, IRouteMatch, IRouteAction, TPortRange } from '../models/route-types.js';
/**
* Validates a port range or port number
* @param port Port number, port range, or port function
* @returns True if valid, false otherwise
*/
export function isValidPort(port: any): boolean {
if (typeof port === 'number') {
return port > 0 && port < 65536; // Valid port range is 1-65535
} else if (Array.isArray(port)) {
return port.every(p =>
(typeof p === 'number' && p > 0 && p < 65536) ||
(typeof p === 'object' && 'from' in p && 'to' in p &&
p.from > 0 && p.from < 65536 && p.to > 0 && p.to < 65536)
);
} else if (typeof port === 'function') {
// For function-based ports, we can't validate the result at config time
// so we just check that it's a function
return true;
} else if (typeof port === 'object' && 'from' in port && 'to' in port) {
return port.from > 0 && port.from < 65536 && port.to > 0 && port.to < 65536;
}
return false;
}
/**
* Validates a domain string
* @param domain Domain string to validate
* @returns True if valid, false otherwise
*/
export function isValidDomain(domain: string): boolean {
// Basic domain validation regex - allows wildcards (*.example.com)
const domainRegex = /^(\*\.)?([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
return domainRegex.test(domain);
}
/**
* Validates a route match configuration
* @param match Route match configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteMatch(match: IRouteMatch): { valid: boolean; errors: string[] } {
const errors: string[] = [];
// Validate ports
if (match.ports !== undefined) {
if (!isValidPort(match.ports)) {
errors.push('Invalid port number or port range in match.ports');
}
}
// Validate domains
if (match.domains !== undefined) {
if (typeof match.domains === 'string') {
if (!isValidDomain(match.domains)) {
errors.push(`Invalid domain format: ${match.domains}`);
}
} else if (Array.isArray(match.domains)) {
for (const domain of match.domains) {
if (!isValidDomain(domain)) {
errors.push(`Invalid domain format: ${domain}`);
}
}
} else {
errors.push('Domains must be a string or an array of strings');
}
}
// Validate path
if (match.path !== undefined) {
if (typeof match.path !== 'string' || !match.path.startsWith('/')) {
errors.push('Path must be a string starting with /');
}
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validates a route action configuration
* @param action Route action configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteAction(action: IRouteAction): { valid: boolean; errors: string[] } {
const errors: string[] = [];
// Validate action type
if (!action.type) {
errors.push('Action type is required');
} else if (!['forward', 'socket-handler'].includes(action.type)) {
errors.push(`Invalid action type: ${action.type}`);
}
// Validate targets for 'forward' action
if (action.type === 'forward') {
if (!action.targets || !Array.isArray(action.targets) || action.targets.length === 0) {
errors.push('Targets array is required for forward action');
} else {
// Validate each target
action.targets.forEach((target, index) => {
// Validate target host
if (!target.host) {
errors.push(`Target[${index}] host is required`);
} else if (typeof target.host !== 'string' &&
!Array.isArray(target.host) &&
typeof target.host !== 'function') {
errors.push(`Target[${index}] host must be a string, array of strings, or function`);
}
// Validate target port
if (target.port === undefined) {
errors.push(`Target[${index}] port is required`);
} else if (typeof target.port !== 'number' &&
typeof target.port !== 'function' &&
target.port !== 'preserve') {
errors.push(`Target[${index}] port must be a number, 'preserve', or a function`);
} else if (typeof target.port === 'number' && !isValidPort(target.port)) {
errors.push(`Target[${index}] port must be between 1 and 65535`);
}
// Validate match criteria if present
if (target.match) {
if (target.match.ports && !Array.isArray(target.match.ports)) {
errors.push(`Target[${index}] match.ports must be an array`);
}
if (target.match.method && !Array.isArray(target.match.method)) {
errors.push(`Target[${index}] match.method must be an array`);
}
}
});
}
// Validate TLS options for forward actions
if (action.tls) {
if (!['passthrough', 'terminate', 'terminate-and-reencrypt'].includes(action.tls.mode)) {
errors.push(`Invalid TLS mode: ${action.tls.mode}`);
}
// For termination modes, validate certificate
if (['terminate', 'terminate-and-reencrypt'].includes(action.tls.mode)) {
if (action.tls.certificate !== 'auto' &&
(!action.tls.certificate || !action.tls.certificate.key || !action.tls.certificate.cert)) {
errors.push('Certificate must be "auto" or an object with key and cert properties');
}
}
}
}
// Validate socket handler for 'socket-handler' action
if (action.type === 'socket-handler') {
if (!action.socketHandler) {
errors.push('Socket handler function is required for socket-handler action');
} else if (typeof action.socketHandler !== 'function') {
errors.push('Socket handler must be a function');
}
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validates a complete route configuration
* @param route Route configuration to validate
* @returns { valid: boolean, errors: string[] } Validation result
*/
export function validateRouteConfig(route: IRouteConfig): { valid: boolean; errors: string[] } {
const errors: string[] = [];
// Check for required properties
if (!route.match) {
errors.push('Route match configuration is required');
}
if (!route.action) {
errors.push('Route action configuration is required');
}
// Validate match configuration
if (route.match) {
const matchValidation = validateRouteMatch(route.match);
if (!matchValidation.valid) {
errors.push(...matchValidation.errors.map(err => `Match: ${err}`));
}
}
// Validate action configuration
if (route.action) {
const actionValidation = validateRouteAction(route.action);
if (!actionValidation.valid) {
errors.push(...actionValidation.errors.map(err => `Action: ${err}`));
}
}
// Ensure the route has a unique identifier
if (!route.id && !route.name) {
errors.push('Route should have either an id or a name for identification');
}
return {
valid: errors.length === 0,
errors
};
}
/**
* Validate an array of route configurations
* @param routes Array of route configurations to validate
* @returns { valid: boolean, errors: { index: number, errors: string[] }[] } Validation result
*/
export function validateRoutes(routes: IRouteConfig[]): {
valid: boolean;
errors: { index: number; errors: string[] }[]
} {
const results: { index: number; errors: string[] }[] = [];
routes.forEach((route, index) => {
const validation = validateRouteConfig(route);
if (!validation.valid) {
results.push({
index,
errors: validation.errors
});
}
});
return {
valid: results.length === 0,
errors: results
};
}
/**
* Check if a route configuration has the required properties for a specific action type
* @param route Route configuration to check
* @param actionType Expected action type
* @returns True if the route has the necessary properties, false otherwise
*/
export function hasRequiredPropertiesForAction(route: IRouteConfig, actionType: string): boolean {
if (!route.action || route.action.type !== actionType) {
return false;
}
switch (actionType) {
case 'forward':
return !!route.action.targets &&
Array.isArray(route.action.targets) &&
route.action.targets.length > 0 &&
route.action.targets.every(t => t.host && t.port !== undefined);
case 'socket-handler':
return !!route.action.socketHandler && typeof route.action.socketHandler === 'function';
default:
return false;
}
}
/**
* Throws an error if the route config is invalid, returns the config if valid
* Useful for immediate validation when creating routes
* @param route Route configuration to validate
* @returns The validated route configuration
* @throws Error if the route configuration is invalid
*/
export function assertValidRoute(route: IRouteConfig): IRouteConfig {
const validation = validateRouteConfig(route);
if (!validation.valid) {
throw new Error(`Invalid route configuration: ${validation.errors.join(', ')}`);
}
return route;
}