push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(rustproxy): add authenticated VPN route security

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-24 01:25:06 +00:00
parent c161ac664d
commit c7785d2f78
12 changed files with 310 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/core/models/route-context.ts
+8 -1
View File
@@ -16,6 +16,12 @@ export interface IRouteContext {
domain?: string; // The domain from SNI or Host header
clientIp: string; // The client's IP address
serverIp: string; // The server's IP address
vpn?: { // Authenticated VPN identity from trusted PROXY v2 metadata
clientId: string;
assignedIp: string;
transportType?: string;
remoteAddr?: string;
};
// HTTP specifics (NetworkProxy only)
path?: string; // URL path (for HTTP connections)
@@ -88,6 +94,7 @@ export function toBaseContext(httpContext: IHttpRouteContext): IRouteContext {
domain: httpContext.domain,
clientIp: httpContext.clientIp,
serverIp: httpContext.serverIp,
vpn: httpContext.vpn,
path: httpContext.path,
query: httpContext.query,
headers: httpContext.headers,
@@ -110,4 +117,4 @@ export function toBaseContext(httpContext: IHttpRouteContext): IRouteContext {
}
return baseContext;
}
}
ts/proxies/smart-proxy/models/route-types.ts
+10 -1
View File
@@ -173,6 +173,15 @@ export interface IRouteSecurity {
expiresIn?: number;
excludePaths?: string[];
};
vpn?: {
/** Require authenticated VPN metadata from a trusted PROXY v2 TLV. */
required?: boolean;
/** Allowed VPN client IDs. Entries can be full-route or domain-scoped. */
allowedClients?: Array<string | { clientId: string; domains: string[] }>;
/** Allowed VPN tunnel IPs, kept for compatibility. Prefer allowedClients. */
allowedAssignedIps?: string[];
};
}
/**
@@ -436,4 +445,4 @@ export interface IRouteQuic {
initialCongestionWindow?: number;
}
// Configuration moved to models/interfaces.ts as ISmartProxyOptions
// Configuration moved to models/interfaces.ts as ISmartProxyOptions
ts/proxies/smart-proxy/socket-handler-server.ts
+1
View File
@@ -167,6 +167,7 @@ export class SocketHandlerServer {
domain: metadata.domain,
clientIp: metadata.remoteIP || 'unknown',
serverIp: '0.0.0.0',
vpn: metadata.vpn,
path: metadata.path,
isTls: metadata.isTLS || false,
tlsVersion: metadata.tlsVersion,