push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(smart-proxy): add socket-handler relay, fast-path port-only forwarding, metrics and bridge improvements, and various TS/Rust integration fixes

Browse Source
This commit is contained in:
Jürgen Kunz
2026-02-09 16:25:33 +00:00
parent 41efdb47f8
commit f7605e042e
17 changed files with 724 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
test/test.acme-http-challenge.ts
View File

@@ -1,13 +1,37 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
import * as http from 'http';
import { SmartProxy, SocketHandlers } from '../ts/index.js';
/**
* Helper to make HTTP requests using Node's http module (unlike fetch/undici,
* http.request doesn't keep the event loop alive via a connection pool).
*/
function httpRequest(url: string, options: { method?: string; headers?: Record<string, string> } = {}): Promise<{ status: number; headers: http.IncomingHttpHeaders; body: string }> {
return new Promise((resolve, reject) => {
const parsed = new URL(url);
const req = http.request({
hostname: parsed.hostname,
port: parsed.port,
path: parsed.pathname + parsed.search,
method: options.method || 'GET',
headers: options.headers,
}, (res) => {
let body = '';
res.on('data', (chunk: Buffer) => { body += chunk.toString(); });
res.on('end', () => resolve({ status: res.statusCode!, headers: res.headers, body }));
});
req.on('error', reject);
req.end();
});
}
tap.test('should handle HTTP requests on port 80 for ACME challenges', async (tools) => {
tools.timeout(10000);
// Track HTTP requests that are handled
const handledRequests: any[] = [];
const settings = {
routes: [
{
@@ -24,7 +48,7 @@ tap.test('should handle HTTP requests on port 80 for ACME challenges', async (to
method: req.method,
headers: req.headers
});
// Simulate ACME challenge response
const token = req.url?.split('/').pop() || '';
res.header('Content-Type', 'text/plain');
@@ -34,40 +58,31 @@ tap.test('should handle HTTP requests on port 80 for ACME challenges', async (to
}
]
};
const proxy = new SmartProxy(settings);
// Mock NFTables manager
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Make an HTTP request to the challenge endpoint
const response = await fetch('http://localhost:18080/.well-known/acme-challenge/test-token', {
method: 'GET'
});
const response = await httpRequest('http://localhost:18080/.well-known/acme-challenge/test-token');
// Verify response
expect(response.status).toEqual(200);
const body = await response.text();
expect(body).toEqual('challenge-response-for-test-token');
expect(response.body).toEqual('challenge-response-for-test-token');
// Verify request was handled
expect(handledRequests.length).toEqual(1);
expect(handledRequests[0].path).toEqual('/.well-known/acme-challenge/test-token');
expect(handledRequests[0].method).toEqual('GET');
await proxy.stop();
});
tap.test('should parse HTTP headers correctly', async (tools) => {
tools.timeout(10000);
const capturedContext: any = {};
const settings = {
routes: [
{
@@ -92,36 +107,30 @@ tap.test('should parse HTTP headers correctly', async (tools) => {
}
]
};
const proxy = new SmartProxy(settings);
// Mock NFTables manager
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Make request with custom headers
const response = await fetch('http://localhost:18081/test', {
const response = await httpRequest('http://localhost:18081/test', {
method: 'POST',
headers: {
'X-Custom-Header': 'test-value',
'User-Agent': 'test-agent'
}
});
expect(response.status).toEqual(200);
const body = await response.json();
const body = JSON.parse(response.body);
// Verify headers were parsed correctly
expect(capturedContext.headers['x-custom-header']).toEqual('test-value');
expect(capturedContext.headers['user-agent']).toEqual('test-agent');
expect(capturedContext.method).toEqual('POST');
expect(capturedContext.path).toEqual('/test');
await proxy.stop();
});
export default tap.start();
export default tap.start();

18
test/test.connection-forwarding.ts
View File

@@ -84,17 +84,15 @@ tap.test('should forward TCP connections correctly', async () => {
socket.on('error', reject);
});
// Test data transmission
// Test data transmission - wait for welcome message first
await new Promise<void>((resolve) => {
client.on('data', (data) => {
client.once('data', (data) => {
const response = data.toString();
console.log('Received:', response);
expect(response).toContain('Connected to TCP test server');
client.end();
resolve();
});
client.write('Hello from client');
});
await smartProxy.stop();
@@ -146,15 +144,13 @@ tap.test('should handle TLS passthrough correctly', async () => {
// Test data transmission over TLS
await new Promise<void>((resolve) => {
client.on('data', (data) => {
client.once('data', (data) => {
const response = data.toString();
console.log('TLS Received:', response);
expect(response).toContain('Connected to TLS test server');
client.end();
resolve();
});
client.write('Hello from TLS client');
});
await smartProxy.stop();
@@ -222,15 +218,13 @@ tap.test('should handle SNI-based forwarding', async () => {
});
await new Promise<void>((resolve) => {
clientA.on('data', (data) => {
clientA.once('data', (data) => {
const response = data.toString();
console.log('Domain A response:', response);
expect(response).toContain('Connected to TLS test server');
clientA.end();
resolve();
});
clientA.write('Hello from domain A');
});
// Test domain B should also use TLS since it's on port 8443
@@ -251,7 +245,7 @@ tap.test('should handle SNI-based forwarding', async () => {
});
await new Promise<void>((resolve) => {
clientB.on('data', (data) => {
clientB.once('data', (data) => {
const response = data.toString();
console.log('Domain B response:', response);
// Should be forwarded to TLS server
@@ -259,8 +253,6 @@ tap.test('should handle SNI-based forwarding', async () => {
clientB.end();
resolve();
});
clientB.write('Hello from domain B');
});
await smartProxy.stop();

229
test/test.metrics-new.ts
View File

@@ -15,7 +15,7 @@ tap.test('should create echo server for testing', async () => {
socket.write(data); // Echo back the data
});
});
await new Promise<void>((resolve) => {
echoServer.listen(echoServerPort, () => {
console.log(`Echo server listening on port ${echoServerPort}`);
@@ -27,55 +27,48 @@ tap.test('should create echo server for testing', async () => {
tap.test('should create SmartProxy instance with new metrics', async () => {
smartProxyInstance = new SmartProxy({
routes: [{
id: 'test-route', // id is needed for per-route metrics tracking in Rust
name: 'test-route',
match: {
ports: [proxyPort],
domains: '*'
ports: [proxyPort]
// No domains — port-only route uses fast-path (no data peeking)
},
action: {
type: 'forward',
targets: [{
host: 'localhost',
port: echoServerPort
}],
tls: {
mode: 'passthrough'
}
}]
// No TLS — plain TCP forwarding
}
}],
defaults: {
target: {
host: 'localhost',
port: echoServerPort
}
},
metrics: {
enabled: true,
sampleIntervalMs: 100, // Sample every 100ms for faster testing
retentionSeconds: 60
}
});
await smartProxyInstance.start();
});
tap.test('should verify new metrics API structure', async () => {
const metrics = smartProxyInstance.getMetrics();
// Check API structure
expect(metrics).toHaveProperty('connections');
expect(metrics).toHaveProperty('throughput');
expect(metrics).toHaveProperty('requests');
expect(metrics).toHaveProperty('totals');
expect(metrics).toHaveProperty('percentiles');
// Check connections methods
expect(metrics.connections).toHaveProperty('active');
expect(metrics.connections).toHaveProperty('total');
expect(metrics.connections).toHaveProperty('byRoute');
expect(metrics.connections).toHaveProperty('byIP');
expect(metrics.connections).toHaveProperty('topIPs');
// Check throughput methods
expect(metrics.throughput).toHaveProperty('instant');
expect(metrics.throughput).toHaveProperty('recent');
@@ -86,86 +79,103 @@ tap.test('should verify new metrics API structure', async () => {
expect(metrics.throughput).toHaveProperty('byIP');
});
tap.test('should track throughput correctly', async (tools) => {
tap.test('should track active connections', async (tools) => {
const metrics = smartProxyInstance.getMetrics();
// Initial state - no connections yet
// Initial state - no connections
expect(metrics.connections.active()).toEqual(0);
expect(metrics.throughput.instant()).toEqual({ in: 0, out: 0 });
// Create a test connection
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(proxyPort, 'localhost', () => {
console.log('Connected to proxy');
resolve();
});
client.on('error', reject);
});
// Send some data
// Send some data and wait for echo
const testData = Buffer.from('Hello, World!'.repeat(100)); // ~1.3KB
await new Promise<void>((resolve) => {
client.write(testData, () => {
console.log('Data sent');
resolve();
});
client.write(testData, () => resolve());
});
// Wait for echo response
await new Promise<void>((resolve) => {
client.once('data', (data) => {
console.log(`Received ${data.length} bytes back`);
resolve();
});
});
// Wait for metrics to be sampled
await tools.delayFor(200);
// Check metrics
// Wait for metrics to be polled
await tools.delayFor(500);
// Active connection count should be 1
expect(metrics.connections.active()).toEqual(1);
expect(metrics.requests.total()).toBeGreaterThan(0);
// Check throughput - should show bytes transferred
const instant = metrics.throughput.instant();
console.log('Instant throughput:', instant);
// Should have recorded some throughput
expect(instant.in).toBeGreaterThan(0);
expect(instant.out).toBeGreaterThan(0);
// Check totals
expect(metrics.totals.bytesIn()).toBeGreaterThan(0);
expect(metrics.totals.bytesOut()).toBeGreaterThan(0);
// Clean up
// Total connections should be tracked
expect(metrics.connections.total()).toBeGreaterThan(0);
// Per-route tracking should show the connection
const byRoute = metrics.connections.byRoute();
console.log('Connections by route:', Array.from(byRoute.entries()));
expect(byRoute.get('test-route')).toEqual(1);
// Clean up - close the connection
client.destroy();
// Wait for connection cleanup with retry
for (let i = 0; i < 10; i++) {
// Wait for connection cleanup
for (let i = 0; i < 20; i++) {
await tools.delayFor(100);
if (metrics.connections.active() === 0) break;
}
// Verify connection was cleaned up
expect(metrics.connections.active()).toEqual(0);
});
tap.test('should track multiple connections and routes', async (tools) => {
tap.test('should track bytes after connection closes', async (tools) => {
const metrics = smartProxyInstance.getMetrics();
// Ensure we start with 0 connections
const initialActive = metrics.connections.active();
if (initialActive > 0) {
console.log(`Warning: Starting with ${initialActive} active connections, waiting for cleanup...`);
for (let i = 0; i < 10; i++) {
await tools.delayFor(100);
if (metrics.connections.active() === 0) break;
}
// Create a connection, send data, then close it
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(proxyPort, 'localhost', () => resolve());
client.on('error', reject);
});
// Send some data
const testData = Buffer.from('Hello, World!'.repeat(100)); // ~1.3KB
await new Promise<void>((resolve) => {
client.write(testData, () => resolve());
});
// Wait for echo
await new Promise<void>((resolve) => {
client.once('data', () => resolve());
});
// Close the connection — Rust records bytes on connection close
client.destroy();
// Wait for connection to fully close and metrics to poll
for (let i = 0; i < 20; i++) {
await tools.delayFor(100);
if (metrics.connections.active() === 0 && metrics.totals.bytesIn() > 0) break;
}
// Now bytes should be recorded
console.log('Total bytes in:', metrics.totals.bytesIn());
console.log('Total bytes out:', metrics.totals.bytesOut());
expect(metrics.totals.bytesIn()).toBeGreaterThan(0);
expect(metrics.totals.bytesOut()).toBeGreaterThan(0);
});
tap.test('should track multiple connections', async (tools) => {
const metrics = smartProxyInstance.getMetrics();
// Ensure we start with 0 active connections
for (let i = 0; i < 20; i++) {
await tools.delayFor(100);
if (metrics.connections.active() === 0) break;
}
// Create multiple connections
@@ -174,100 +184,79 @@ tap.test('should track multiple connections and routes', async (tools) => {
for (let i = 0; i < connectionCount; i++) {
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(proxyPort, 'localhost', () => {
resolve();
});
client.connect(proxyPort, 'localhost', () => resolve());
client.on('error', reject);
});
clients.push(client);
}
// Allow connections to be fully established and tracked
await tools.delayFor(100);
// Allow connections to be fully established and metrics polled
await tools.delayFor(500);
// Verify active connections
console.log('Active connections:', metrics.connections.active());
expect(metrics.connections.active()).toEqual(connectionCount);
// Send data on each connection
const dataPromises = clients.map((client, index) => {
return new Promise<void>((resolve) => {
const data = Buffer.from(`Connection ${index}: `.repeat(50));
client.write(data, () => {
client.once('data', () => resolve());
});
});
});
await Promise.all(dataPromises);
await tools.delayFor(200);
// Check metrics by route
// Per-route should track all connections
const routeConnections = metrics.connections.byRoute();
console.log('Connections by route:', Array.from(routeConnections.entries()));
expect(routeConnections.get('test-route')).toEqual(connectionCount);
// Check top IPs
const topIPs = metrics.connections.topIPs(5);
console.log('Top IPs:', topIPs);
expect(topIPs.length).toBeGreaterThan(0);
expect(topIPs[0].count).toEqual(connectionCount);
// Clean up all connections
clients.forEach(client => client.destroy());
await tools.delayFor(100);
for (let i = 0; i < 20; i++) {
await tools.delayFor(100);
if (metrics.connections.active() === 0) break;
}
expect(metrics.connections.active()).toEqual(0);
});
tap.test('should provide throughput history', async (tools) => {
tap.test('should provide throughput data', async (tools) => {
const metrics = smartProxyInstance.getMetrics();
// Create a connection and send data periodically
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(proxyPort, 'localhost', () => resolve());
client.on('error', reject);
});
// Send data every 100ms for 1 second
for (let i = 0; i < 10; i++) {
const data = Buffer.from(`Packet ${i}: `.repeat(100));
client.write(data);
await tools.delayFor(100);
}
// Get throughput history
const history = metrics.throughput.history(2); // Last 2 seconds
console.log('Throughput history entries:', history.length);
console.log('Sample history entry:', history[0]);
expect(history.length).toBeGreaterThan(0);
expect(history[0]).toHaveProperty('timestamp');
expect(history[0]).toHaveProperty('in');
expect(history[0]).toHaveProperty('out');
// Verify different time windows show different rates
// Close connection so bytes are recorded
client.destroy();
// Wait for metrics to update
for (let i = 0; i < 20; i++) {
await tools.delayFor(100);
if (metrics.totals.bytesIn() > 0) break;
}
// Verify different time windows are available (all return same data from Rust for now)
const instant = metrics.throughput.instant();
const recent = metrics.throughput.recent();
const average = metrics.throughput.average();
console.log('Throughput windows:');
console.log(' Instant (1s):', instant);
console.log(' Recent (10s):', recent);
console.log(' Average (60s):', average);
// Clean up
client.destroy();
// Total bytes should have accumulated
expect(metrics.totals.bytesIn()).toBeGreaterThan(0);
expect(metrics.totals.bytesOut()).toBeGreaterThan(0);
});
tap.test('should clean up resources', async () => {
await smartProxyInstance.stop();
await new Promise<void>((resolve) => {
echoServer.close(() => {
console.log('Echo server closed');
@@ -276,4 +265,4 @@ tap.test('should clean up resources', async () => {
});
});
export default tap.start();
export default tap.start();

7
test/test.route-security-integration.ts
View File

@@ -200,10 +200,11 @@ tap.test('route security with block list should work', async () => {
client.connect(9993, '127.0.0.1');
});
// Should connect then be immediately closed by security
// Connection should be blocked by security - either closed or error
expect(events).toContain('connected');
expect(events).toContain('closed');
expect(result).toEqual('closed');
// Rust drops the stream immediately; client may see 'closed', 'error', or both
const wasBlocked = result === 'closed' || result === 'error';
expect(wasBlocked).toEqual(true);
expect(targetServerConnections).toEqual(0);
// Clean up

47
test/test.route-security-unit.ts
View File

@@ -13,49 +13,26 @@ tap.test('route security should be correctly configured', async () => {
targets: [{
host: '127.0.0.1',
port: 8991
}],
security: {
ipAllowList: ['192.168.1.1'],
ipBlockList: ['10.0.0.1']
}
}]
},
security: {
ipAllowList: ['192.168.1.1'],
ipBlockList: ['10.0.0.1']
}
}];
// This should not throw an error
const proxy = new smartproxy.SmartProxy({
enableDetailedLogging: false,
routes: routes
});
// The proxy should be created successfully
expect(proxy).toBeInstanceOf(smartproxy.SmartProxy);
// Test that security manager exists and has the isIPAuthorized method
const securityManager = (proxy as any).securityManager;
expect(securityManager).toBeDefined();
expect(typeof securityManager.isIPAuthorized).toEqual('function');
// Test IP authorization logic directly
const isLocalhostAllowed = securityManager.isIPAuthorized(
'127.0.0.1',
['192.168.1.1'], // Allow list
[] // Block list
);
expect(isLocalhostAllowed).toBeFalse();
const isAllowedIPAllowed = securityManager.isIPAuthorized(
'192.168.1.1',
['192.168.1.1'], // Allow list
[] // Block list
);
expect(isAllowedIPAllowed).toBeTrue();
const isBlockedIPAllowed = securityManager.isIPAuthorized(
'10.0.0.1',
['0.0.0.0/0'], // Allow all
['10.0.0.1'] // But block this specific IP
);
expect(isBlockedIPAllowed).toBeFalse();
// Verify route configuration was preserved
expect(proxy.settings.routes[0].security?.ipAllowList).toContain('192.168.1.1');
expect(proxy.settings.routes[0].security?.ipBlockList).toContain('10.0.0.1');
});
export default tap.start();
export default tap.start();

4
test/test.smartproxy.ts
View File

@@ -94,7 +94,7 @@ tap.test('setup port proxy test environment', async () => {
tap.test('should start port proxy', async () => {
await smartProxy.start();
// Check if the proxy is listening by verifying the ports are active
expect(smartProxy.getListeningPorts().length).toBeGreaterThan(0);
expect((await smartProxy.getListeningPorts()).length).toBeGreaterThan(0);
});
// Test basic TCP forwarding.
@@ -237,7 +237,7 @@ tap.test('should handle connection timeouts', async () => {
tap.test('should stop port proxy', async () => {
await smartProxy.stop();
// Verify that there are no listening ports after stopping
expect(smartProxy.getListeningPorts().length).toEqual(0);
expect((await smartProxy.getListeningPorts()).length).toEqual(0);
// Remove from tracking
const index = allProxies.indexOf(smartProxy);