push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: push.rocks:v19.2.5
Branches Tags
push.rocks:master
push.rocks:v19.6.2 push.rocks:v19.6.1 push.rocks:v19.6.0 push.rocks:v19.5.26 push.rocks:v19.5.25 push.rocks:v19.5.24 push.rocks:v19.5.23 push.rocks:v19.5.22 push.rocks:v19.5.21 push.rocks:v19.5.20 push.rocks:v19.5.19 push.rocks:v19.5.18 push.rocks:v19.5.17 push.rocks:v19.5.16 push.rocks:v19.5.15 push.rocks:v19.5.14 push.rocks:v19.5.13 push.rocks:v19.5.12 push.rocks:v19.5.11 push.rocks:v19.5.10 push.rocks:v19.5.9 push.rocks:v19.5.8 push.rocks:v19.5.7 push.rocks:v19.5.6 push.rocks:v19.5.5 push.rocks:v19.5.4 push.rocks:v19.5.3 push.rocks:v19.5.2 push.rocks:v19.5.1 push.rocks:v19.5.0 push.rocks:v19.4.3 push.rocks:v19.4.2 push.rocks:v19.4.1 push.rocks:v19.3.13 push.rocks:v19.3.12 push.rocks:v19.3.11 push.rocks:v19.3.10 push.rocks:v19.3.9 push.rocks:v19.3.8 push.rocks:v19.3.7 push.rocks:v19.3.6 push.rocks:v19.3.5 push.rocks:v19.3.4 push.rocks:v19.3.3 push.rocks:v19.3.2 push.rocks:v19.3.1 push.rocks:v19.3.0 push.rocks:v19.2.6 push.rocks:v19.2.5 push.rocks:v19.2.4 push.rocks:v19.2.3 push.rocks:v19.2.2 push.rocks:v19.2.1 push.rocks:v19.2.0 push.rocks:v19.1.0 push.rocks:v19.0.0 push.rocks:v18.2.0 push.rocks:v18.1.1 push.rocks:v18.1.0 push.rocks:v18.0.2 push.rocks:v18.0.1 push.rocks:v18.0.0 push.rocks:v17.0.0 push.rocks:v16.0.4 push.rocks:v16.0.3 push.rocks:v16.0.2 push.rocks:v16.0.1 push.rocks:v16.0.0 push.rocks:v15.1.0 push.rocks:v15.0.3 push.rocks:v15.0.2 push.rocks:v15.0.1 push.rocks:v15.0.0 push.rocks:v13.1.3 push.rocks:v13.1.2 push.rocks:v13.1.1 push.rocks:v13.1.0 push.rocks:v13.0.0 push.rocks:v12.2.0 push.rocks:v12.1.0 push.rocks:v12.0.0 push.rocks:v11.0.0 push.rocks:v10.3.0 push.rocks:v10.2.0 push.rocks:v10.1.0 push.rocks:v10.0.12 push.rocks:v10.0.11 push.rocks:v10.0.10 push.rocks:v10.0.9 push.rocks:v10.0.8 push.rocks:v10.0.7 push.rocks:v10.0.6 push.rocks:v10.0.5 push.rocks:v10.0.4 push.rocks:v10.0.3 push.rocks:v10.0.2 push.rocks:v10.0.1 push.rocks:v10.0.0 push.rocks:v9.0.0 push.rocks:v8.0.0 push.rocks:v7.2.0 push.rocks:v7.1.4 push.rocks:v7.1.3 push.rocks:v7.1.2 push.rocks:v7.1.1 push.rocks:v7.1.0 push.rocks:v7.0.1 push.rocks:v7.0.0 push.rocks:v6.0.1 push.rocks:v6.0.0 push.rocks:v5.1.0 push.rocks:v5.0.0 push.rocks:v4.3.0 push.rocks:v4.2.6 push.rocks:v4.2.5 push.rocks:v4.2.4 push.rocks:v4.2.3 push.rocks:v4.2.2 push.rocks:v4.2.1 push.rocks:v4.2.0 push.rocks:v4.1.16 push.rocks:v4.1.15 push.rocks:v4.1.14 push.rocks:v4.1.13 push.rocks:v4.1.12 push.rocks:v4.1.11 push.rocks:v4.1.10 push.rocks:v4.1.9 push.rocks:v4.1.8 push.rocks:v4.1.7 push.rocks:v4.1.6 push.rocks:v4.1.5 push.rocks:v4.1.4 push.rocks:v4.1.3 push.rocks:v4.1.2 push.rocks:v4.1.1 push.rocks:v4.1.0 push.rocks:v4.0.0 push.rocks:v3.41.8 push.rocks:v3.41.7 push.rocks:v3.41.6 push.rocks:v3.41.5 push.rocks:v3.41.4 push.rocks:v3.41.3 push.rocks:v3.41.2 push.rocks:v3.41.1 push.rocks:v3.41.0 push.rocks:v3.40.0 push.rocks:v3.39.0 push.rocks:v3.38.2 push.rocks:v3.38.1 push.rocks:v3.38.0 push.rocks:v3.37.3 push.rocks:v3.37.2 push.rocks:v3.37.1 push.rocks:v3.37.0 push.rocks:v3.34.0 push.rocks:v3.33.0 push.rocks:v3.32.2 push.rocks:v3.32.1 push.rocks:v3.32.0 push.rocks:v3.31.2 push.rocks:v3.31.1 push.rocks:v3.31.0 push.rocks:v3.30.8 push.rocks:v3.30.7 push.rocks:v3.30.6 push.rocks:v3.30.5 push.rocks:v3.30.4 push.rocks:v3.30.3 push.rocks:v3.30.2 push.rocks:v3.30.1 push.rocks:v3.30.0 push.rocks:v3.29.3 push.rocks:v3.29.2 push.rocks:v3.29.1 push.rocks:v3.29.0 push.rocks:v3.28.6 push.rocks:v3.28.5 push.rocks:v3.28.4 push.rocks:v3.28.3 push.rocks:v3.28.2 push.rocks:v3.28.1 push.rocks:v3.28.0 push.rocks:v3.27.0 push.rocks:v3.26.0 push.rocks:v3.25.4 push.rocks:v3.25.3 push.rocks:v3.25.2 push.rocks:v3.25.1 push.rocks:v3.25.0 push.rocks:v3.24.0 push.rocks:v3.23.1 push.rocks:v3.23.0 push.rocks:v3.22.5 push.rocks:v3.22.4 push.rocks:v3.22.3 push.rocks:v3.22.2 push.rocks:v3.22.1 push.rocks:v3.22.0 push.rocks:v3.21.0 push.rocks:v3.20.2 push.rocks:v3.20.1 push.rocks:v3.20.0 push.rocks:v3.19.0 push.rocks:v3.18.2 push.rocks:v3.18.1 push.rocks:v3.18.0 push.rocks:v3.17.1 push.rocks:v3.17.0 push.rocks:v3.16.9 push.rocks:v3.16.8 push.rocks:v3.16.7 push.rocks:v3.16.6 push.rocks:v3.16.5 push.rocks:v3.16.4 push.rocks:v3.16.3 push.rocks:v3.16.2 push.rocks:v3.16.1 push.rocks:v3.16.0 push.rocks:v3.15.0 push.rocks:v3.14.2 push.rocks:v3.14.1 push.rocks:v3.14.0 push.rocks:v3.13.0 push.rocks:v3.12.0 push.rocks:v3.11.0 push.rocks:v3.10.5 push.rocks:v3.10.4 push.rocks:v3.10.3 push.rocks:v3.10.2 push.rocks:v3.10.1 push.rocks:v3.10.0 push.rocks:v3.9.4 push.rocks:v3.9.3 push.rocks:v3.9.2 push.rocks:v3.9.1 push.rocks:v3.9.0 push.rocks:v3.8.1 push.rocks:v3.8.0 push.rocks:v3.7.3 push.rocks:v3.7.2 push.rocks:v3.7.1 push.rocks:v3.7.0 push.rocks:v3.6.0 push.rocks:v3.5.0 push.rocks:v3.4.4 push.rocks:v3.4.3 push.rocks:v3.4.2 push.rocks:v3.4.1 push.rocks:v3.4.0 push.rocks:v3.3.1 push.rocks:v3.3.0 push.rocks:v3.2.0 push.rocks:v3.1.4 push.rocks:v3.1.3 push.rocks:v3.1.2 push.rocks:v3.1.1 push.rocks:v3.1.0 push.rocks:v3.0.61 push.rocks:v3.0.60 push.rocks:v3.0.59 push.rocks:v3.0.58 push.rocks:v3.0.57 push.rocks:v3.0.56 push.rocks:v3.0.55 push.rocks:v3.0.54 push.rocks:v3.0.53 push.rocks:v3.0.52 push.rocks:v3.0.51 push.rocks:v3.0.50 push.rocks:v3.0.49 push.rocks:v3.0.48 push.rocks:v3.0.47 push.rocks:v3.0.46 push.rocks:v3.0.45 push.rocks:v3.0.44 push.rocks:v3.0.43 push.rocks:v3.0.42 push.rocks:v3.0.41 push.rocks:v3.0.40 push.rocks:v3.0.39 push.rocks:v3.0.38 push.rocks:v3.0.37 push.rocks:v3.0.36 push.rocks:v3.0.35 push.rocks:v3.0.34 push.rocks:v3.0.33 push.rocks:v3.0.32 push.rocks:v3.0.31 push.rocks:v3.0.30 push.rocks:v3.0.29 push.rocks:v3.0.28 push.rocks:v3.0.27 push.rocks:v3.0.26 push.rocks:v3.0.25 push.rocks:v3.0.24 push.rocks:v3.0.23 push.rocks:v3.0.22 push.rocks:v3.0.21 push.rocks:v3.0.20 push.rocks:v3.0.19 push.rocks:v3.0.18 push.rocks:v3.0.17 push.rocks:v3.0.16 push.rocks:v3.0.15 push.rocks:v3.0.14 push.rocks:v3.0.13 push.rocks:v3.0.12 push.rocks:v3.0.11 push.rocks:v3.0.10 push.rocks:v3.0.9 push.rocks:v3.0.8 push.rocks:v3.0.7 push.rocks:v3.0.6 push.rocks:v3.0.5 push.rocks:v3.0.4 push.rocks:v3.0.3 push.rocks:v3.0.2 push.rocks:v3.0.1 push.rocks:v3.0.0 push.rocks:v2.0.16 push.rocks:v2.0.15 push.rocks:v2.0.14 push.rocks:v2.0.13 push.rocks:v2.0.12 push.rocks:v2.0.11 push.rocks:v2.0.10 push.rocks:v2.0.9 push.rocks:v2.0.8 push.rocks:v2.0.7 push.rocks:v2.0.6 push.rocks:v2.0.5 push.rocks:v2.0.4 push.rocks:v2.0.3 push.rocks:v2.0.2 push.rocks:v2.0.1 push.rocks:v2.0.0 push.rocks:v1.0.38 push.rocks:v1.0.37 push.rocks:v1.0.36 push.rocks:v1.0.35 push.rocks:v1.0.34 push.rocks:v1.0.33 push.rocks:v1.0.32 push.rocks:v1.0.31 push.rocks:v1.0.30 push.rocks:v1.0.29 push.rocks:v1.0.28 push.rocks:v1.0.27 push.rocks:v1.0.26 push.rocks:v1.0.25 push.rocks:v1.0.24 push.rocks:v1.0.23 push.rocks:v1.0.22 push.rocks:v1.0.21 push.rocks:v1.0.20 push.rocks:v1.0.19 push.rocks:v1.0.18 push.rocks:v1.0.17 push.rocks:v1.0.16 push.rocks:v1.0.15 push.rocks:v1.0.14 push.rocks:v1.0.13 push.rocks:v1.0.12 push.rocks:v1.0.11 push.rocks:v1.0.10 push.rocks:v1.0.9 push.rocks:v1.0.8 push.rocks:v1.0.7 push.rocks:v1.0.6 push.rocks:v1.0.5 push.rocks:v1.0.4 push.rocks:v1.0.3 push.rocks:v1.0.2
...
compare: push.rocks:v19.3.9
Branches Tags
push.rocks:master
push.rocks:v19.6.2 push.rocks:v19.6.1 push.rocks:v19.6.0 push.rocks:v19.5.26 push.rocks:v19.5.25 push.rocks:v19.5.24 push.rocks:v19.5.23 push.rocks:v19.5.22 push.rocks:v19.5.21 push.rocks:v19.5.20 push.rocks:v19.5.19 push.rocks:v19.5.18 push.rocks:v19.5.17 push.rocks:v19.5.16 push.rocks:v19.5.15 push.rocks:v19.5.14 push.rocks:v19.5.13 push.rocks:v19.5.12 push.rocks:v19.5.11 push.rocks:v19.5.10 push.rocks:v19.5.9 push.rocks:v19.5.8 push.rocks:v19.5.7 push.rocks:v19.5.6 push.rocks:v19.5.5 push.rocks:v19.5.4 push.rocks:v19.5.3 push.rocks:v19.5.2 push.rocks:v19.5.1 push.rocks:v19.5.0 push.rocks:v19.4.3 push.rocks:v19.4.2 push.rocks:v19.4.1 push.rocks:v19.3.13 push.rocks:v19.3.12 push.rocks:v19.3.11 push.rocks:v19.3.10 push.rocks:v19.3.9 push.rocks:v19.3.8 push.rocks:v19.3.7 push.rocks:v19.3.6 push.rocks:v19.3.5 push.rocks:v19.3.4 push.rocks:v19.3.3 push.rocks:v19.3.2 push.rocks:v19.3.1 push.rocks:v19.3.0 push.rocks:v19.2.6 push.rocks:v19.2.5 push.rocks:v19.2.4 push.rocks:v19.2.3 push.rocks:v19.2.2 push.rocks:v19.2.1 push.rocks:v19.2.0 push.rocks:v19.1.0 push.rocks:v19.0.0 push.rocks:v18.2.0 push.rocks:v18.1.1 push.rocks:v18.1.0 push.rocks:v18.0.2 push.rocks:v18.0.1 push.rocks:v18.0.0 push.rocks:v17.0.0 push.rocks:v16.0.4 push.rocks:v16.0.3 push.rocks:v16.0.2 push.rocks:v16.0.1 push.rocks:v16.0.0 push.rocks:v15.1.0 push.rocks:v15.0.3 push.rocks:v15.0.2 push.rocks:v15.0.1 push.rocks:v15.0.0 push.rocks:v13.1.3 push.rocks:v13.1.2 push.rocks:v13.1.1 push.rocks:v13.1.0 push.rocks:v13.0.0 push.rocks:v12.2.0 push.rocks:v12.1.0 push.rocks:v12.0.0 push.rocks:v11.0.0 push.rocks:v10.3.0 push.rocks:v10.2.0 push.rocks:v10.1.0 push.rocks:v10.0.12 push.rocks:v10.0.11 push.rocks:v10.0.10 push.rocks:v10.0.9 push.rocks:v10.0.8 push.rocks:v10.0.7 push.rocks:v10.0.6 push.rocks:v10.0.5 push.rocks:v10.0.4 push.rocks:v10.0.3 push.rocks:v10.0.2 push.rocks:v10.0.1 push.rocks:v10.0.0 push.rocks:v9.0.0 push.rocks:v8.0.0 push.rocks:v7.2.0 push.rocks:v7.1.4 push.rocks:v7.1.3 push.rocks:v7.1.2 push.rocks:v7.1.1 push.rocks:v7.1.0 push.rocks:v7.0.1 push.rocks:v7.0.0 push.rocks:v6.0.1 push.rocks:v6.0.0 push.rocks:v5.1.0 push.rocks:v5.0.0 push.rocks:v4.3.0 push.rocks:v4.2.6 push.rocks:v4.2.5 push.rocks:v4.2.4 push.rocks:v4.2.3 push.rocks:v4.2.2 push.rocks:v4.2.1 push.rocks:v4.2.0 push.rocks:v4.1.16 push.rocks:v4.1.15 push.rocks:v4.1.14 push.rocks:v4.1.13 push.rocks:v4.1.12 push.rocks:v4.1.11 push.rocks:v4.1.10 push.rocks:v4.1.9 push.rocks:v4.1.8 push.rocks:v4.1.7 push.rocks:v4.1.6 push.rocks:v4.1.5 push.rocks:v4.1.4 push.rocks:v4.1.3 push.rocks:v4.1.2 push.rocks:v4.1.1 push.rocks:v4.1.0 push.rocks:v4.0.0 push.rocks:v3.41.8 push.rocks:v3.41.7 push.rocks:v3.41.6 push.rocks:v3.41.5 push.rocks:v3.41.4 push.rocks:v3.41.3 push.rocks:v3.41.2 push.rocks:v3.41.1 push.rocks:v3.41.0 push.rocks:v3.40.0 push.rocks:v3.39.0 push.rocks:v3.38.2 push.rocks:v3.38.1 push.rocks:v3.38.0 push.rocks:v3.37.3 push.rocks:v3.37.2 push.rocks:v3.37.1 push.rocks:v3.37.0 push.rocks:v3.34.0 push.rocks:v3.33.0 push.rocks:v3.32.2 push.rocks:v3.32.1 push.rocks:v3.32.0 push.rocks:v3.31.2 push.rocks:v3.31.1 push.rocks:v3.31.0 push.rocks:v3.30.8 push.rocks:v3.30.7 push.rocks:v3.30.6 push.rocks:v3.30.5 push.rocks:v3.30.4 push.rocks:v3.30.3 push.rocks:v3.30.2 push.rocks:v3.30.1 push.rocks:v3.30.0 push.rocks:v3.29.3 push.rocks:v3.29.2 push.rocks:v3.29.1 push.rocks:v3.29.0 push.rocks:v3.28.6 push.rocks:v3.28.5 push.rocks:v3.28.4 push.rocks:v3.28.3 push.rocks:v3.28.2 push.rocks:v3.28.1 push.rocks:v3.28.0 push.rocks:v3.27.0 push.rocks:v3.26.0 push.rocks:v3.25.4 push.rocks:v3.25.3 push.rocks:v3.25.2 push.rocks:v3.25.1 push.rocks:v3.25.0 push.rocks:v3.24.0 push.rocks:v3.23.1 push.rocks:v3.23.0 push.rocks:v3.22.5 push.rocks:v3.22.4 push.rocks:v3.22.3 push.rocks:v3.22.2 push.rocks:v3.22.1 push.rocks:v3.22.0 push.rocks:v3.21.0 push.rocks:v3.20.2 push.rocks:v3.20.1 push.rocks:v3.20.0 push.rocks:v3.19.0 push.rocks:v3.18.2 push.rocks:v3.18.1 push.rocks:v3.18.0 push.rocks:v3.17.1 push.rocks:v3.17.0 push.rocks:v3.16.9 push.rocks:v3.16.8 push.rocks:v3.16.7 push.rocks:v3.16.6 push.rocks:v3.16.5 push.rocks:v3.16.4 push.rocks:v3.16.3 push.rocks:v3.16.2 push.rocks:v3.16.1 push.rocks:v3.16.0 push.rocks:v3.15.0 push.rocks:v3.14.2 push.rocks:v3.14.1 push.rocks:v3.14.0 push.rocks:v3.13.0 push.rocks:v3.12.0 push.rocks:v3.11.0 push.rocks:v3.10.5 push.rocks:v3.10.4 push.rocks:v3.10.3 push.rocks:v3.10.2 push.rocks:v3.10.1 push.rocks:v3.10.0 push.rocks:v3.9.4 push.rocks:v3.9.3 push.rocks:v3.9.2 push.rocks:v3.9.1 push.rocks:v3.9.0 push.rocks:v3.8.1 push.rocks:v3.8.0 push.rocks:v3.7.3 push.rocks:v3.7.2 push.rocks:v3.7.1 push.rocks:v3.7.0 push.rocks:v3.6.0 push.rocks:v3.5.0 push.rocks:v3.4.4 push.rocks:v3.4.3 push.rocks:v3.4.2 push.rocks:v3.4.1 push.rocks:v3.4.0 push.rocks:v3.3.1 push.rocks:v3.3.0 push.rocks:v3.2.0 push.rocks:v3.1.4 push.rocks:v3.1.3 push.rocks:v3.1.2 push.rocks:v3.1.1 push.rocks:v3.1.0 push.rocks:v3.0.61 push.rocks:v3.0.60 push.rocks:v3.0.59 push.rocks:v3.0.58 push.rocks:v3.0.57 push.rocks:v3.0.56 push.rocks:v3.0.55 push.rocks:v3.0.54 push.rocks:v3.0.53 push.rocks:v3.0.52 push.rocks:v3.0.51 push.rocks:v3.0.50 push.rocks:v3.0.49 push.rocks:v3.0.48 push.rocks:v3.0.47 push.rocks:v3.0.46 push.rocks:v3.0.45 push.rocks:v3.0.44 push.rocks:v3.0.43 push.rocks:v3.0.42 push.rocks:v3.0.41 push.rocks:v3.0.40 push.rocks:v3.0.39 push.rocks:v3.0.38 push.rocks:v3.0.37 push.rocks:v3.0.36 push.rocks:v3.0.35 push.rocks:v3.0.34 push.rocks:v3.0.33 push.rocks:v3.0.32 push.rocks:v3.0.31 push.rocks:v3.0.30 push.rocks:v3.0.29 push.rocks:v3.0.28 push.rocks:v3.0.27 push.rocks:v3.0.26 push.rocks:v3.0.25 push.rocks:v3.0.24 push.rocks:v3.0.23 push.rocks:v3.0.22 push.rocks:v3.0.21 push.rocks:v3.0.20 push.rocks:v3.0.19 push.rocks:v3.0.18 push.rocks:v3.0.17 push.rocks:v3.0.16 push.rocks:v3.0.15 push.rocks:v3.0.14 push.rocks:v3.0.13 push.rocks:v3.0.12 push.rocks:v3.0.11 push.rocks:v3.0.10 push.rocks:v3.0.9 push.rocks:v3.0.8 push.rocks:v3.0.7 push.rocks:v3.0.6 push.rocks:v3.0.5 push.rocks:v3.0.4 push.rocks:v3.0.3 push.rocks:v3.0.2 push.rocks:v3.0.1 push.rocks:v3.0.0 push.rocks:v2.0.16 push.rocks:v2.0.15 push.rocks:v2.0.14 push.rocks:v2.0.13 push.rocks:v2.0.12 push.rocks:v2.0.11 push.rocks:v2.0.10 push.rocks:v2.0.9 push.rocks:v2.0.8 push.rocks:v2.0.7 push.rocks:v2.0.6 push.rocks:v2.0.5 push.rocks:v2.0.4 push.rocks:v2.0.3 push.rocks:v2.0.2 push.rocks:v2.0.1 push.rocks:v2.0.0 push.rocks:v1.0.38 push.rocks:v1.0.37 push.rocks:v1.0.36 push.rocks:v1.0.35 push.rocks:v1.0.34 push.rocks:v1.0.33 push.rocks:v1.0.32 push.rocks:v1.0.31 push.rocks:v1.0.30 push.rocks:v1.0.29 push.rocks:v1.0.28 push.rocks:v1.0.27 push.rocks:v1.0.26 push.rocks:v1.0.25 push.rocks:v1.0.24 push.rocks:v1.0.23 push.rocks:v1.0.22 push.rocks:v1.0.21 push.rocks:v1.0.20 push.rocks:v1.0.19 push.rocks:v1.0.18 push.rocks:v1.0.17 push.rocks:v1.0.16 push.rocks:v1.0.15 push.rocks:v1.0.14 push.rocks:v1.0.13 push.rocks:v1.0.12 push.rocks:v1.0.11 push.rocks:v1.0.10 push.rocks:v1.0.9 push.rocks:v1.0.8 push.rocks:v1.0.7 push.rocks:v1.0.6 push.rocks:v1.0.5 push.rocks:v1.0.4 push.rocks:v1.0.3 push.rocks:v1.0.2

24 Commits
v19.2.5 ... v19.3.9

Author SHA1 Message Date
Philipp Kunz
84c5d0a69e 19.3.9
Some checks failed
Default (tags) / security (push) Successful in 34s
Details
Default (tags) / test (push) Failing after 1h12m9s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 19:59:22 +00:00
Philipp Kunz
42fe1e5d15 fix(route-connection-handler): Forward non-TLS connections on HttpProxy ports to fix ACME HTTP-01 challenge handling 2025-05-19 19:59:22 +00:00
Philipp Kunz
85bd448858 19.3.8
Some checks failed
Default (tags) / security (push) Successful in 36s
Details
Default (tags) / test (push) Failing after 1h12m11s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 19:17:48 +00:00
Philipp Kunz
da061292ae fix(certificate-manager): Preserve certificate manager update callback in updateRoutes 2025-05-19 19:17:48 +00:00
Philipp Kunz
6387b32d4b 19.3.7
Some checks failed
Default (tags) / security (push) Successful in 33s
Details
Default (tags) / test (push) Failing after 14m19s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 18:29:57 +00:00
Philipp Kunz
3bf4e97e71 fix(smartproxy): Improve error handling in forwarding connection handler and refine domain matching logic 2025-05-19 18:29:56 +00:00
Philipp Kunz
98ef91b6ea 19.3.6
Some checks failed
Default (tags) / security (push) Successful in 35s
Details
Default (tags) / test (push) Failing after 14m21s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 17:59:12 +00:00
Philipp Kunz
1b4d215cd4 fix(tests): test 2025-05-19 17:59:12 +00:00
Philipp Kunz
70448af5b4 19.3.5
Some checks failed
Default (tags) / security (push) Successful in 36s
Details
Default (tags) / test (push) Failing after 14m23s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 17:56:48 +00:00
Philipp Kunz
33732c2361 fix(smartproxy): Correct NFTables forwarding handling to avoid premature connection termination and add comprehensive tests 2025-05-19 17:56:48 +00:00
Philipp Kunz
8d821b4e25 19.3.4
Some checks failed
Default (tags) / security (push) Successful in 38s
Details
Default (tags) / test (push) Failing after 14m25s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 17:39:35 +00:00
Philipp Kunz
4b381915e1 fix(docs, tests, acme): fix: update changelog, documentation, examples and tests for v19.4.0 release. Adjust global ACME configuration to use ssl@bleu.de and add non-privileged port examples. 2025-05-19 17:39:35 +00:00
Philipp Kunz
5c6437c5b3 19.3.3
Some checks failed
Default (tags) / security (push) Successful in 22s
Details
Default (tags) / test (push) Failing after 20m45s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 17:28:54 +00:00
Philipp Kunz
a31c68b03f fix(core): No changes detected – project structure and documentation remain unchanged. 2025-05-19 17:28:54 +00:00
Philipp Kunz
465148d553 fix(strcuture): refactor responsibilities 2025-05-19 17:28:05 +00:00
Philipp Kunz
8fb67922a5 19.3.2
Some checks failed
Default (tags) / security (push) Successful in 36s
Details
Default (tags) / test (push) Failing after 20m55s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 13:23:16 +00:00
Philipp Kunz
6d3e72c948 fix(SmartCertManager): Preserve certificate manager update callback during route updates 2025-05-19 13:23:16 +00:00
Philipp Kunz
e317fd9d7e 19.3.1
Some checks failed
Default (tags) / security (push) Successful in 37s
Details
Default (tags) / test (push) Failing after 20m57s
Details
Default (tags) / release (push) Has been cancelled
Details
Default (tags) / metadata (push) Has been cancelled
Details
2025-05-19 12:17:21 +00:00
Philipp Kunz
4134d2842c fix(certificates): Update static-route certificate metadata for ACME challenges 2025-05-19 12:17:21 +00:00
Philipp Kunz
02e77655ad update 2025-05-19 12:04:26 +00:00
Philipp Kunz
f9bcbf4bfc 19.3.0
Some checks failed
Default (tags) / security (push) Successful in 33s
Details
Default (tags) / test (push) Failing after 1m24s
Details
Default (tags) / release (push) Has been skipped
Details
Default (tags) / metadata (push) Has been skipped
Details
2025-05-19 10:11:29 +00:00
Philipp Kunz
ec81678651 feat(smartproxy): Update dependencies and enhance ACME certificate provisioning with wildcard support 2025-05-19 10:11:29 +00:00
Philipp Kunz
9646dba601 19.2.6
Some checks failed
Default (tags) / security (push) Successful in 25s
Details
Default (tags) / test (push) Failing after 23s
Details
Default (tags) / release (push) Has been skipped
Details
Default (tags) / metadata (push) Has been skipped
Details
2025-05-19 03:42:47 +00:00
Philipp Kunz
0faca5e256 fix(tests): Adjust test cases for ACME challenge route handling, mutex locking in route updates, and port management. Remove obsolete challenge-route lifecycle tests and update expected outcomes in port80 management and race condition tests. 2025-05-19 03:42:47 +00:00
104 changed files with 4628 additions and 3872 deletions
Expand all files Collapse all files

6
certs/static-route/meta.json
View File

@ -1,5 +1,5 @@
{
"expiryDate": "2025-08-16T18:25:31.732Z",
"issueDate": "2025-05-18T18:25:31.732Z",
"savedAt": "2025-05-18T18:25:31.734Z"
"expiryDate": "2025-08-17T16:58:47.999Z",
"issueDate": "2025-05-19T16:58:47.999Z",
"savedAt": "2025-05-19T16:58:48.001Z"
}

107
changelog.md
View File

@ -1,5 +1,112 @@
# Changelog
## 2025-05-19 - 19.3.9 - fix(route-connection-handler)
Forward non-TLS connections on HttpProxy ports to fix ACME HTTP-01 challenge handling
- Added a check in RouteConnectionHandler.handleForwardAction to see if the incoming connection is non-TLS and if its port is in useHttpProxy, then forward to HttpProxy.
- Non-TLS connections on explicitly configured HttpProxy ports are now correctly forwarded, ensuring ACME HTTP-01 challenges succeed.
- Updated tests in test.http-fix-unit.ts, test.http-fix-verification.ts, and test.http-port8080-forwarding.ts to verify that non-TLS connections on the configured ports are handled properly.
## 2025-05-19 - 19.3.8 - fix(route-connection-handler)
Fix HTTP-01 ACME challenges on port 80 by properly forwarding non-TLS connections to HttpProxy
- Fixed a bug where non-TLS connections on ports configured in useHttpProxy were not being forwarded to HttpProxy
- Added check for non-TLS connections on HttpProxy ports in handleForwardAction method
- This fix resolves ACME HTTP-01 challenges failing on port 80 when useHttpProxy includes port 80
- Added test/test.http-fix-unit.ts to verify the fix works correctly
## 2025-05-19 - 19.3.8 - fix(certificate-manager)
Preserve certificate manager update callback in updateRoutes
- Update the test in test/route-callback-simple.ts to override createCertificateManager and ensure the updateRoutes callback is set
- Ensure that the mock certificate manager always sets the updateRoutes callback, preserving behavior for ACME challenges
## 2025-05-19 - 19.3.7 - fix(smartproxy)
Improve error handling in forwarding connection handler and refine domain matching logic
- Add new test 'test.forwarding-fix-verification.ts' to ensure NFTables forwarded connections remain open
- Introduce setupOutgoingErrorHandler in route-connection-handler.ts for clearer, unified error reporting during outgoing connection setup
- Simplify direct connection piping by removing manual data queue processing in route-connection-handler.ts
- Enhance domain matching in route-manager.ts by explicitly handling routes with and without domain restrictions
## 2025-05-19 - 19.3.6 - fix(tests)
Fix route configuration property names in tests: replace 'acceptedRoutes' with 'routes' in nftables tests and update 'match: { port: ... }' to 'match: { ports: ... }' in port forwarding tests.
- Renamed 'acceptedRoutes' to 'routes' in test/nftables-forwarding.ts for alignment with the current SmartProxy API.
- Changed port matching in test/port-forwarding-fix.ts from 'match: { port: ... }' to 'match: { ports: ... }' for consistency.
## 2025-05-19 - 19.3.6 - fix(tests)
Update test route config properties: replace 'acceptedRoutes' with 'routes' in nftables tests and change 'match: { port: ... }' to 'match: { ports: ... }' in port forwarding tests
- In test/nftables-forwarding.ts, renamed property 'acceptedRoutes' to 'routes' to align with current SmartProxy API.
- In test/port-forwarding-fix.ts, updated 'match: { port: 9999 }' to 'match: { ports: 9999 }' for consistency.
## 2025-05-19 - 19.3.5 - fix(smartproxy)
Correct NFTables forwarding handling to avoid premature connection termination and add comprehensive tests
- Removed overly aggressive socket closing for routes using NFTables forwarding in route-connection-handler.ts
- Now logs NFTables-handled connections for monitoring while letting kernel-level forwarding operate transparently
- Added and updated tests for connection forwarding, NFTables integration and port forwarding fixes
- Enhanced logging and error handling in NFTables and TLS handling functions
## 2025-05-19 - 19.3.4 - fix(docs, tests, acme)
fix: update changelog, documentation, examples and tests for v19.4.0 release. Adjust global ACME configuration to use ssl@bleu.de and add non-privileged port examples.
- Updated changelog with new v19.4.0 entry detailing fixes in tests and docs
- Revised README and certificate-management.md to demonstrate global ACME settings (using ssl@bleu.de, non-privileged port support, auto-renewal configuration, and renewCheckIntervalHours)
- Added new examples (certificate-management-v19.ts and complete-example-v19.ts) and updated existing examples (dynamic port management, NFTables integration) to reflect v19.4.0 features
- Fixed test exports and port mapping issues in several test files (acme-state-manager, port80-management, race-conditions, etc.)
- Updated readme.plan.md to reflect completed refactoring and breaking changes from v19.3.3
## 2025-05-19 - 19.4.0 - fix(tests) & docs
Fix failing tests and update documentation for v19+ features
- Fix ForwardingHandlerFactory.applyDefaults to set port and socket properties correctly
- Fix route finding logic in forwarding tests to properly identify redirect routes
- Fix test exports in acme-state-manager.node.ts, port80-management.node.ts, and race-conditions.node.ts
- Update ACME email configuration to use ssl@bleu.de instead of test domains
- Update README with v19.4.0 features including global ACME configuration
- Update certificate-management.md documentation to reflect v19+ changes
- Add new examples: certificate-management-v19.ts and complete-example-v19.ts
- Update existing examples to demonstrate global ACME configuration
- Update readme.plan.md to reflect completed refactoring
## 2025-05-19 - 19.3.3 - fix(core)
No changes detected project structure and documentation remain unchanged.
- Git diff indicates no modifications.
- All source code, tests, and documentation files are intact with no alterations.
## 2025-05-19 - 19.3.2 - fix(SmartCertManager)
Preserve certificate manager update callback during route updates
- Modify test cases (test.fix-verification.ts, test.route-callback-simple.ts, test.route-update-callback.node.ts) to verify that the updateRoutesCallback is preserved upon route updates.
- Ensure that a new certificate manager created during updateRoutes correctly sets the update callback.
- Expose getState() in certificate-manager for reliable state retrieval.
## 2025-05-19 - 19.3.1 - fix(certificates)
Update static-route certificate metadata for ACME challenges
- Updated expiryDate and issueDate in certs/static-route/meta.json to reflect new certificate issuance information
## 2025-05-19 - 19.3.0 - feat(smartproxy)
Update dependencies and enhance ACME certificate provisioning with wildcard support
- Bump @types/node from ^22.15.18 to ^22.15.19
- Bump @push.rocks/smartacme from ^7.3.4 to ^8.0.0
- Bump @push.rocks/smartnetwork from ^4.0.1 to ^4.0.2
- Add new test (test.certificate-acme-update.ts) to verify wildcard certificate logic
- Update SmartCertManager to request wildcard certificates if DNS-01 challenge is available
## 2025-05-19 - 19.2.6 - fix(tests)
Adjust test cases for ACME challenge route handling, mutex locking in route updates, and port management. Remove obsolete challenge-route lifecycle tests and update expected outcomes in port80 management and race condition tests.
- Remove test file 'test.challenge-route-lifecycle.node.ts'
- Rename 'acme-route' to 'secure-route' in port80 management tests to avoid confusion
- Ensure port 80 is added only once when both user routes and ACME challenge use the same port
- Improve mutex locking tests to guarantee serialized route updates with no concurrent execution
- Adjust expected certificate manager recreation counts in race conditions tests
## 2025-05-19 - 19.2.5 - fix(acme)
Fix port 80 ACME management and challenge route concurrency issues by deduplicating port listeners, preserving challenge route state across certificate manager recreations, and adding mutex locks to route updates.

50
docs/certificate-management.md
View File

@ -208,11 +208,18 @@ const smartproxy = new SmartProxy({
// Certificate provisioning was automatic or via certProvisionFunction
```
### After (v18+)
### After (v19+)
```typescript
// New approach with route-based configuration
// New approach with global ACME configuration
const smartproxy = new SmartProxy({
// Global ACME defaults (v19+)
acme: {
email: 'ssl@bleu.de',
useProduction: true,
port: 80 // Or 8080 for non-privileged
},
routes: [{
match: { ports: 443, domains: 'example.com' },
action: {
@ -220,11 +227,7 @@ const smartproxy = new SmartProxy({
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'admin@example.com',
useProduction: true
}
certificate: 'auto' // Uses global ACME settings
}
}
}]
@ -235,9 +238,38 @@ const smartproxy = new SmartProxy({
### Common Issues
1. **Certificate not provisioning**: Ensure port 80 is accessible for ACME challenges
2. **ACME rate limits**: Use staging environment for testing
1. **Certificate not provisioning**: Ensure the ACME challenge port (80 or configured port) is accessible
2. **ACME rate limits**: Use staging environment for testing (`useProduction: false`)
3. **Permission errors**: Ensure the certificate directory is writable
4. **Invalid email domain**: ACME servers may reject certain email domains (e.g., example.com). Use a real email domain
5. **Port binding errors**: Use higher ports (e.g., 8080) if running without root privileges
### Using Non-Privileged Ports
For development or non-root environments:
```typescript
const proxy = new SmartProxy({
acme: {
email: 'ssl@bleu.de',
port: 8080, // Use 8080 instead of 80
useProduction: false
},
routes: [
{
match: { ports: 8443, domains: 'example.com' },
action: {
type: 'forward',
target: { host: 'localhost', port: 3000 },
tls: {
mode: 'terminate',
certificate: 'auto'
}
}
}
]
});
```
### Debug Mode

106
docs/http-01-acme-fix.md Normal file
View File

@ -0,0 +1,106 @@
# HTTP-01 ACME Challenge Fix (v19.3.8)
## Problem Description
In SmartProxy v19.3.7 and earlier, ACME HTTP-01 challenges would fail when port 80 was configured to use HttpProxy via the `useHttpProxy` configuration option. The issue was that non-TLS connections on ports listed in `useHttpProxy` were not being forwarded to HttpProxy, instead being handled as direct connections.
## Root Cause
The bug was located in the `RouteConnectionHandler.handleForwardAction` method in `ts/proxies/smart-proxy/route-connection-handler.ts`. The method only forwarded connections to HttpProxy if they had TLS settings with mode 'terminate' or 'terminate-and-reencrypt'. Non-TLS connections (like HTTP on port 80) were always handled as direct connections, regardless of the `useHttpProxy` configuration.
## Solution
The fix adds a check for non-TLS connections on ports listed in the `useHttpProxy` array:
```typescript
// No TLS settings - check if this port should use HttpProxy
const isHttpProxyPort = this.settings.useHttpProxy?.includes(record.localPort);
if (isHttpProxyPort && this.httpProxyBridge.getHttpProxy()) {
// Forward non-TLS connections to HttpProxy if configured
if (this.settings.enableDetailedLogging) {
console.log(
`[${connectionId}] Using HttpProxy for non-TLS connection on port ${record.localPort}`
);
}
this.httpProxyBridge.forwardToHttpProxy(
connectionId,
socket,
record,
initialChunk,
this.settings.httpProxyPort || 8443,
(reason) => this.connectionManager.initiateCleanupOnce(record, reason)
);
return;
}
```
## Configuration
To enable ACME HTTP-01 challenges on port 80 with HttpProxy:
```typescript
const proxy = new SmartProxy({
useHttpProxy: [80], // Must include port 80 for HTTP-01 challenges
httpProxyPort: 8443, // Default HttpProxy port
acme: {
email: 'ssl@example.com',
port: 80, // ACME challenge port
useProduction: false
},
routes: [
{
name: 'https-route',
match: {
ports: 443,
domains: 'example.com'
},
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'ssl@example.com',
useProduction: false
}
}
}
}
]
});
```
## Testing
The fix is verified by unit tests in `test/test.http-fix-unit.ts`:
1. **Test 1**: Verifies that non-TLS connections on ports in `useHttpProxy` are forwarded to HttpProxy
2. **Test 2**: Confirms that ports not in `useHttpProxy` still use direct connections
3. **Test 3**: Validates that ACME HTTP-01 challenges on port 80 work correctly with HttpProxy
## Impact
This fix enables proper ACME HTTP-01 challenge handling when:
1. Port 80 is configured in the `useHttpProxy` array
2. An ACME challenge route is configured to use HTTP-01 validation
3. Certificate provisioning with `certificate: 'auto'` is used
Without this fix, HTTP-01 challenges would fail because the challenge requests would not reach the ACME handler in HttpProxy.
## Migration Guide
If you were experiencing ACME HTTP-01 challenge failures:
1. Update to SmartProxy v19.3.8 or later
2. Ensure port 80 is included in your `useHttpProxy` configuration
3. Verify your ACME configuration includes the correct email and port settings
4. Test certificate renewal with staging ACME first (`useProduction: false`)
## Related Issues
- ACME HTTP-01 challenges timing out on port 80
- HTTP requests not being parsed on configured HttpProxy ports
- Certificate provisioning failing with "connection timeout" errors

119
examples/certificate-management-v19.ts Normal file
View File

@ -0,0 +1,119 @@
/**
* Certificate Management Example (v19+)
*
* This example demonstrates the new global ACME configuration introduced in v19+
* along with route-level overrides for specific domains.
*/
import {
SmartProxy,
createHttpRoute,
createHttpsTerminateRoute,
createCompleteHttpsServer
} from '../dist_ts/index.js';
async function main() {
// Create a SmartProxy instance with global ACME configuration
const proxy = new SmartProxy({
// Global ACME configuration (v19+)
// These settings apply to all routes with certificate: 'auto'
acme: {
email: 'ssl@bleu.de', // Global contact email
useProduction: false, // Use staging by default
port: 8080, // Use non-privileged port
renewThresholdDays: 30, // Renew 30 days before expiry
autoRenew: true, // Enable automatic renewal
renewCheckIntervalHours: 12 // Check twice daily
},
routes: [
// Route that uses global ACME settings
createHttpsTerminateRoute('app.example.com',
{ host: 'localhost', port: 3000 },
{ certificate: 'auto' } // Uses global ACME configuration
),
// Route with route-level ACME override
{
name: 'production-api',
match: { ports: 443, domains: 'api.example.com' },
action: {
type: 'forward',
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'api-certs@example.com', // Override email
useProduction: true, // Use production for API
renewThresholdDays: 60 // Earlier renewal for critical API
}
}
}
},
// Complete HTTPS server with automatic redirects
...createCompleteHttpsServer('website.example.com',
{ host: 'localhost', port: 8080 },
{ certificate: 'auto' }
),
// Static certificate (not using ACME)
{
name: 'internal-service',
match: { ports: 8443, domains: 'internal.local' },
action: {
type: 'forward',
target: { host: 'localhost', port: 3002 },
tls: {
mode: 'terminate',
certificate: {
cert: '-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----',
key: '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----'
}
}
}
}
]
});
// Monitor certificate events
proxy.on('certificate:issued', (event) => {
console.log(`Certificate issued for ${event.domain}`);
console.log(`Expires: ${event.expiryDate}`);
});
proxy.on('certificate:renewed', (event) => {
console.log(`Certificate renewed for ${event.domain}`);
});
proxy.on('certificate:error', (event) => {
console.error(`Certificate error for ${event.domain}: ${event.error}`);
});
// Start the proxy
await proxy.start();
console.log('SmartProxy started with global ACME configuration');
// Check certificate status programmatically
setTimeout(async () => {
// Get status for a specific route
const status = proxy.getCertificateStatus('app-route');
console.log('Certificate status:', status);
// Manually trigger renewal if needed
if (status && status.status === 'expiring') {
await proxy.renewCertificate('app-route');
}
}, 10000);
// Handle shutdown gracefully
process.on('SIGINT', async () => {
console.log('Shutting down proxy...');
await proxy.stop();
process.exit(0);
});
}
// Run the example
main().catch(console.error);

188
examples/complete-example-v19.ts Normal file
View File

@ -0,0 +1,188 @@
/**
* Complete SmartProxy Example (v19+)
*
* This comprehensive example demonstrates all major features of SmartProxy v19+:
* - Global ACME configuration
* - Route-based configuration
* - Helper functions for common patterns
* - Dynamic route management
* - Certificate status monitoring
* - Error handling and recovery
*/
import {
SmartProxy,
createHttpRoute,
createHttpsTerminateRoute,
createHttpsPassthroughRoute,
createHttpToHttpsRedirect,
createCompleteHttpsServer,
createLoadBalancerRoute,
createApiRoute,
createWebSocketRoute,
createStaticFileRoute,
createNfTablesRoute
} from '../dist_ts/index.js';
async function main() {
// Create SmartProxy with comprehensive configuration
const proxy = new SmartProxy({
// Global ACME configuration (v19+)
acme: {
email: 'ssl@bleu.de',
useProduction: false, // Use staging for this example
port: 8080, // Non-privileged port for development
autoRenew: true,
renewCheckIntervalHours: 12
},
// Initial routes
routes: [
// Basic HTTP service
createHttpRoute('api.example.com', { host: 'localhost', port: 3000 }),
// HTTPS with automatic certificates
createHttpsTerminateRoute('secure.example.com',
{ host: 'localhost', port: 3001 },
{ certificate: 'auto' }
),
// Complete HTTPS server with HTTP->HTTPS redirect
...createCompleteHttpsServer('www.example.com',
{ host: 'localhost', port: 8080 },
{ certificate: 'auto' }
),
// Load balancer with multiple backends
createLoadBalancerRoute(
'app.example.com',
['10.0.0.1', '10.0.0.2', '10.0.0.3'],
8080,
{
tls: {
mode: 'terminate',
certificate: 'auto'
}
}
),
// API route with CORS
createApiRoute('api.example.com', '/v1',
{ host: 'api-backend', port: 8081 },
{
useTls: true,
certificate: 'auto',
addCorsHeaders: true
}
),
// WebSocket support
createWebSocketRoute('ws.example.com', '/socket',
{ host: 'websocket-server', port: 8082 },
{
useTls: true,
certificate: 'auto'
}
),
// Static file server
createStaticFileRoute(['cdn.example.com', 'static.example.com'],
'/var/www/static',
{
serveOnHttps: true,
certificate: 'auto'
}
),
// HTTPS passthrough for services that handle their own TLS
createHttpsPassthroughRoute('legacy.example.com',
{ host: '192.168.1.100', port: 443 }
),
// HTTP to HTTPS redirects
createHttpToHttpsRedirect(['*.example.com', 'example.com'])
],
// Enable detailed logging for debugging
enableDetailedLogging: true
});
// Event handlers
proxy.on('connection', (event) => {
console.log(`New connection: ${event.source} -> ${event.destination}`);
});
proxy.on('certificate:issued', (event) => {
console.log(`Certificate issued for ${event.domain}`);
});
proxy.on('certificate:renewed', (event) => {
console.log(`Certificate renewed for ${event.domain}`);
});
proxy.on('error', (error) => {
console.error('Proxy error:', error);
});
// Start the proxy
await proxy.start();
console.log('SmartProxy started successfully');
console.log('Listening on ports:', proxy.getListeningPorts());
// Demonstrate dynamic route management
setTimeout(async () => {
console.log('Adding new route dynamically...');
// Get current routes and add a new one
const currentRoutes = proxy.settings.routes;
const newRoutes = [
...currentRoutes,
createHttpsTerminateRoute('new-service.example.com',
{ host: 'localhost', port: 3003 },
{ certificate: 'auto' }
)
];
// Update routes
await proxy.updateRoutes(newRoutes);
console.log('New route added successfully');
}, 5000);
// Check certificate status periodically
setInterval(async () => {
const routes = proxy.settings.routes;
for (const route of routes) {
if (route.action.tls?.certificate === 'auto') {
const status = proxy.getCertificateStatus(route.name);
if (status) {
console.log(`Certificate status for ${route.name}:`, status);
// Renew if expiring soon
if (status.status === 'expiring') {
console.log(`Renewing certificate for ${route.name}...`);
await proxy.renewCertificate(route.name);
}
}
}
}
}, 3600000); // Check every hour
// Graceful shutdown
process.on('SIGINT', async () => {
console.log('Shutting down gracefully...');
await proxy.stop();
process.exit(0);
});
process.on('SIGTERM', async () => {
console.log('Received SIGTERM, shutting down...');
await proxy.stop();
process.exit(0);
});
}
// Run the example
main().catch((error) => {
console.error('Failed to start proxy:', error);
process.exit(1);
});

24
examples/dynamic-port-management.ts
View File

@ -3,27 +3,25 @@
*
* This example demonstrates how to dynamically add and remove ports
* while SmartProxy is running, without requiring a restart.
* Also shows the new v19+ global ACME configuration.
*/
import { SmartProxy } from '../dist_ts/index.js';
import { SmartProxy, createHttpRoute, createHttpsTerminateRoute } from '../dist_ts/index.js';
import type { IRouteConfig } from '../dist_ts/index.js';
async function main() {
// Create a SmartProxy instance with initial routes
// Create a SmartProxy instance with initial routes and global ACME config
const proxy = new SmartProxy({
// Global ACME configuration (v19+)
acme: {
email: 'ssl@bleu.de',
useProduction: false,
port: 8080 // Using non-privileged port for ACME challenges
},
routes: [
// Initial route on port 8080
{
match: {
ports: 8080,
domains: ['example.com', '*.example.com']
},
action: {
type: 'forward',
target: { host: 'localhost', port: 3000 }
},
name: 'Initial HTTP Route'
}
createHttpRoute(['example.com', '*.example.com'], { host: 'localhost', port: 3000 })
]
});

12
examples/nftables-integration.ts
View File

@ -5,6 +5,7 @@
* for high-performance network routing that operates at the kernel level.
*
* NOTE: This requires elevated privileges to run (sudo) as it interacts with nftables.
* Also shows the new v19+ global ACME configuration.
*/
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
@ -50,15 +51,22 @@ async function simpleForwardingExample() {
async function httpsTerminationExample() {
console.log('Starting HTTPS termination with NFTables example...');
// Create a SmartProxy instance with an HTTPS termination route using NFTables
// Create a SmartProxy instance with global ACME and NFTables HTTPS termination
const proxy = new SmartProxy({
// Global ACME configuration (v19+)
acme: {
email: 'ssl@bleu.de',
useProduction: false,
port: 80 // NFTables needs root, so we can use port 80
},
routes: [
createNfTablesTerminateRoute('secure.example.com', {
host: 'localhost',
port: 8443
}, {
ports: 443,
certificate: 'auto', // Automatic certificate provisioning
certificate: 'auto', // Uses global ACME configuration
tableName: 'smartproxy_https'
})
],

92
implementation-summary.md
View File

@ -1,92 +0,0 @@
# SmartProxy ACME Simplification Implementation Summary
## Overview
We successfully implemented comprehensive support for both global and route-level ACME configuration in SmartProxy v19.0.0, addressing the certificate acquisition issues and improving the developer experience.
## What Was Implemented
### 1. Enhanced Configuration Support
- Added global ACME configuration at the SmartProxy level
- Maintained support for route-level ACME configuration
- Implemented configuration hierarchy where global settings serve as defaults
- Route-level settings override global defaults when specified
### 2. Updated Core Components
#### SmartProxy Class (`smart-proxy.ts`)
- Enhanced ACME configuration normalization in constructor
- Added support for both `email` and `accountEmail` fields
- Updated `initializeCertificateManager` to prioritize configurations correctly
- Added `validateAcmeConfiguration` method for comprehensive validation
#### SmartCertManager Class (`certificate-manager.ts`)
- Added `globalAcmeDefaults` property to store top-level configuration
- Implemented `setGlobalAcmeDefaults` method
- Updated `provisionAcmeCertificate` to use global defaults
- Enhanced error messages to guide users to correct configuration
#### ISmartProxyOptions Interface (`interfaces.ts`)
- Added comprehensive documentation for global ACME configuration
- Enhanced IAcmeOptions interface with better field descriptions
- Added example usage in JSDoc comments
### 3. Configuration Validation
- Checks for missing ACME email configuration
- Validates port 80 availability for HTTP-01 challenges
- Warns about wildcard domains with auto certificates
- Detects environment mismatches between global and route configs
### 4. Test Coverage
Created comprehensive test suite (`test.acme-configuration.node.ts`):
- Top-level ACME configuration
- Route-level ACME configuration
- Mixed configuration with overrides
- Error handling for missing email
- Support for accountEmail alias
### 5. Documentation Updates
#### Main README (`readme.md`)
- Added global ACME configuration example
- Updated code examples to show both configuration styles
- Added dedicated ACME configuration section
#### Certificate Management Guide (`certificate-management.md`)
- Updated for v19.0.0 changes
- Added configuration hierarchy explanation
- Included troubleshooting section
- Added migration guide from v18
#### Readme Hints (`readme.hints.md`)
- Added breaking change warning for ACME configuration
- Included correct configuration example
- Added migration considerations
## Key Benefits
1. **Reduced Configuration Duplication**: Global ACME settings eliminate need to repeat configuration
2. **Better Developer Experience**: Clear error messages guide users to correct configuration
3. **Backward Compatibility**: Route-level configuration still works as before
4. **Flexible Configuration**: Can mix global defaults with route-specific overrides
5. **Improved Validation**: Warns about common configuration issues
## Testing Results
All tests pass successfully:
- Global ACME configuration works correctly
- Route-level configuration continues to function
- Configuration hierarchy behaves as expected
- Error messages provide clear guidance
## Migration Path
For users upgrading from v18:
1. Existing route-level ACME configuration continues to work
2. Can optionally move common settings to global level
3. Route-specific overrides remain available
4. No breaking changes for existing configurations
## Conclusion
The implementation successfully addresses the original issue where SmartAcme was not initialized due to missing configuration. Users now have flexible options for configuring ACME, with clear error messages and comprehensive documentation to guide them.

8
package.json
View File

@ -1,6 +1,6 @@
{
"name": "@push.rocks/smartproxy",
"version": "19.2.5",
"version": "19.3.9",
"private": false,
"description": "A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.",
"main": "dist_ts/index.js",
@ -18,16 +18,16 @@
"@git.zone/tsbuild": "^2.5.1",
"@git.zone/tsrun": "^1.2.44",
"@git.zone/tstest": "^1.9.0",
"@types/node": "^22.15.18",
"@types/node": "^22.15.19",
"typescript": "^5.8.3"
},
"dependencies": {
"@push.rocks/lik": "^6.2.2",
"@push.rocks/smartacme": "^7.3.4",
"@push.rocks/smartacme": "^8.0.0",
"@push.rocks/smartcrypto": "^2.0.4",
"@push.rocks/smartdelay": "^3.0.5",
"@push.rocks/smartfile": "^11.2.0",
"@push.rocks/smartnetwork": "^4.0.1",
"@push.rocks/smartnetwork": "^4.0.2",
"@push.rocks/smartpromise": "^4.2.3",
"@push.rocks/smartrequest": "^2.1.0",
"@push.rocks/smartstring": "^4.0.15",

1267
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

43
readme.hints.md
View File

@ -91,4 +91,45 @@ const proxy = new SmartProxy({
- Update `plugins.ts` when adding new dependencies.
- Maintain test coverage for new routing or proxy features.
- Keep `ts/` and `dist_ts/` in sync after refactors.
- Consider implementing top-level ACME config support for backward compatibility
- Consider implementing top-level ACME config support for backward compatibility
## HTTP-01 ACME Challenge Fix (v19.3.8)
### Issue
Non-TLS connections on ports configured in `useHttpProxy` were not being forwarded to HttpProxy. This caused ACME HTTP-01 challenges to fail when the ACME port (usually 80) was included in `useHttpProxy`.
### Root Cause
In the `RouteConnectionHandler.handleForwardAction` method, only connections with TLS settings (mode: 'terminate' or 'terminate-and-reencrypt') were being forwarded to HttpProxy. Non-TLS connections were always handled as direct connections, even when the port was configured for HttpProxy.
### Solution
Added a check for non-TLS connections on ports listed in `useHttpProxy`:
```typescript
// No TLS settings - check if this port should use HttpProxy
const isHttpProxyPort = this.settings.useHttpProxy?.includes(record.localPort);
if (isHttpProxyPort && this.httpProxyBridge.getHttpProxy()) {
// Forward non-TLS connections to HttpProxy if configured
this.httpProxyBridge.forwardToHttpProxy(/*...*/);
return;
}
```
### Test Coverage
- `test/test.http-fix-unit.ts` - Unit tests verifying the fix
- Tests confirm that non-TLS connections on HttpProxy ports are properly forwarded
- Tests verify that non-HttpProxy ports still use direct connections
### Configuration Example
```typescript
const proxy = new SmartProxy({
useHttpProxy: [80], // Enable HttpProxy for port 80
httpProxyPort: 8443,
acme: {
email: 'ssl@example.com',
port: 80
},
routes: [
// Your routes here
]
});
```

71
readme.md
View File

@ -43,7 +43,7 @@ SmartProxy has been restructured using a modern, modular architecture with a uni
│ │ ├── route-manager.ts # Route management system
│ │ ├── smart-proxy.ts # Main SmartProxy class
│ │ └── ... # Supporting classes
│ ├── /network-proxy # NetworkProxy implementation
│ ├── /http-proxy # HttpProxy implementation (HTTP/HTTPS handling)
│ └── /nftables-proxy # NfTablesProxy implementation
├── /tls # TLS-specific functionality
│ ├── /sni # SNI handling components
@ -79,7 +79,7 @@ SmartProxy has been restructured using a modern, modular architecture with a uni
### Specialized Components
- **NetworkProxy** (`ts/proxies/network-proxy/network-proxy.ts`)
- **HttpProxy** (`ts/proxies/http-proxy/http-proxy.ts`)
HTTP/HTTPS reverse proxy with TLS termination and WebSocket support
- **Port80Handler** (`ts/http/port80/port80-handler.ts`)
ACME HTTP-01 challenge handler for Let's Encrypt certificates
@ -101,7 +101,7 @@ SmartProxy has been restructured using a modern, modular architecture with a uni
- `IRouteConfig`, `IRouteMatch`, `IRouteAction` (`ts/proxies/smart-proxy/models/route-types.ts`)
- `IRoutedSmartProxyOptions` (`ts/proxies/smart-proxy/models/route-types.ts`)
- `INetworkProxyOptions` (`ts/proxies/network-proxy/models/types.ts`)
- `IHttpProxyOptions` (`ts/proxies/http-proxy/models/types.ts`)
- `IAcmeOptions`, `IDomainOptions` (`ts/certificate/models/certificate-types.ts`)
- `INfTableProxySettings` (`ts/proxies/nftables-proxy/models/interfaces.ts`)
@ -113,7 +113,7 @@ npm install @push.rocks/smartproxy
## Quick Start with SmartProxy
SmartProxy v18.0.0 continues the evolution of the unified route-based configuration system making your proxy setup more flexible and intuitive with improved helper functions and NFTables integration for high-performance kernel-level routing.
SmartProxy v19.4.0 provides a unified route-based configuration system with enhanced certificate management, NFTables integration for high-performance kernel-level routing, and improved helper functions for common proxy setups.
```typescript
import {
@ -136,10 +136,12 @@ import {
const proxy = new SmartProxy({
// Global ACME settings for all routes with certificate: 'auto'
acme: {
email: 'ssl@example.com', // Required for Let's Encrypt
email: 'ssl@bleu.de', // Required for Let's Encrypt
useProduction: false, // Use staging by default
renewThresholdDays: 30, // Renew 30 days before expiry
port: 80 // Port for HTTP-01 challenges
port: 80, // Port for HTTP-01 challenges (use 8080 for non-privileged)
autoRenew: true, // Enable automatic renewal
renewCheckIntervalHours: 24 // Check for renewals daily
},
// Define all your routing rules in a single array
@ -216,26 +218,7 @@ const proxy = new SmartProxy({
certificate: 'auto',
maxRate: '100mbps'
})
],
// Global settings that apply to all routes
defaults: {
security: {
maxConnections: 500
}
},
// Automatic Let's Encrypt integration
acme: {
enabled: true,
contactEmail: 'admin@example.com',
useProduction: true
}
});
// Listen for certificate events
proxy.on('certificate', evt => {
console.log(`Certificate for ${evt.domain} ready, expires: ${evt.expiryDate}`);
]
});
// Start the proxy
@ -749,14 +732,14 @@ Available helper functions:
While SmartProxy provides a unified API for most needs, you can also use individual components:
### NetworkProxy
### HttpProxy
For HTTP/HTTPS reverse proxy with TLS termination and WebSocket support. Now with native route-based configuration support:
```typescript
import { NetworkProxy } from '@push.rocks/smartproxy';
import { HttpProxy } from '@push.rocks/smartproxy';
import * as fs from 'fs';
const proxy = new NetworkProxy({ port: 443 });
const proxy = new HttpProxy({ port: 443 });
await proxy.start();
// Modern route-based configuration (recommended)
@ -781,7 +764,7 @@ await proxy.updateRouteConfigs([
},
advanced: {
headers: {
'X-Forwarded-By': 'NetworkProxy'
'X-Forwarded-By': 'HttpProxy'
},
urlRewrite: {
pattern: '^/old/(.*)$',
@ -1053,7 +1036,7 @@ flowchart TB
direction TB
RouteConfig["Route Configuration<br>(Match/Action)"]
RouteManager["Route Manager"]
HTTPS443["HTTPS Port 443<br>NetworkProxy"]
HTTPS443["HTTPS Port 443<br>HttpProxy"]
SmartProxy["SmartProxy<br>(TCP/SNI Proxy)"]
ACME["Port80Handler<br>(ACME HTTP-01)"]
Certs[(SSL Certificates)]
@ -1429,6 +1412,8 @@ createRedirectRoute({
- `routes` (IRouteConfig[], required) - Array of route configurations
- `defaults` (object) - Default settings for all routes
- `acme` (IAcmeOptions) - ACME certificate options
- `useHttpProxy` (number[], optional) - Array of ports to forward to HttpProxy (e.g. `[80, 443]`)
- `httpProxyPort` (number, default 8443) - Port where HttpProxy listens for forwarded connections
- Connection timeouts: `initialDataTimeout`, `socketTimeout`, `inactivityTimeout`, etc.
- Socket opts: `noDelay`, `keepAlive`, `enableKeepAliveProbes`
- `certProvisionFunction` (callback) - Custom certificate provisioning
@ -1439,7 +1424,7 @@ createRedirectRoute({
- `getListeningPorts()` - Get all ports currently being listened on
- `async updateRoutes(routes: IRouteConfig[])` - Update routes and automatically adjust port listeners
### NetworkProxy (INetworkProxyOptions)
### HttpProxy (IHttpProxyOptions)
- `port` (number, required) - Main port to listen on
- `backendProtocol` ('http1'|'http2', default 'http1') - Protocol to use with backend servers
- `maxConnections` (number, default 10000) - Maximum concurrent connections
@ -1452,8 +1437,8 @@ createRedirectRoute({
- `useExternalPort80Handler` (boolean) - Use external port 80 handler for ACME challenges
- `portProxyIntegration` (boolean) - Integration with other proxies
#### NetworkProxy Enhanced Features
NetworkProxy now supports full route-based configuration including:
#### HttpProxy Enhanced Features
HttpProxy now supports full route-based configuration including:
- Advanced request and response header manipulation
- URL rewriting with RegExp pattern matching
- Template variable resolution for dynamic values (e.g. `{domain}`, `{clientIp}`)
@ -1495,6 +1480,22 @@ NetworkProxy now supports full route-based configuration including:
- Use higher priority for block routes to ensure they take precedence
- Enable `enableDetailedLogging` or `enableTlsDebugLogging` for debugging
### ACME HTTP-01 Challenges
- If ACME HTTP-01 challenges fail on port 80, ensure port 80 is included in `useHttpProxy`
- Since v19.3.8, non-TLS connections on ports listed in `useHttpProxy` are properly forwarded to HttpProxy
- Example configuration for ACME on port 80:
```typescript
const proxy = new SmartProxy({
useHttpProxy: [80], // Ensure port 80 is forwarded to HttpProxy
httpProxyPort: 8443,
acme: {
email: 'ssl@example.com',
port: 80
},
routes: [/* your routes */]
});
```
### NFTables Integration
- Ensure NFTables is installed: `apt install nftables` or `yum install nftables`
- Verify root/sudo permissions for NFTables operations
@ -1507,7 +1508,7 @@ NetworkProxy now supports full route-based configuration including:
- Ensure domains are publicly accessible for Let's Encrypt validation
- For TLS handshake issues, increase `initialDataTimeout` and `maxPendingDataSize`
### NetworkProxy
### HttpProxy
- Verify ports, certificates and `rejectUnauthorized` for TLS errors
- Configure CORS for preflight issues
- Increase `maxConnections` or `connectionPoolSize` under load

277
readme.plan.md
View File

@ -1,277 +0,0 @@
# SmartProxy Development Plan
cat /home/philkunz/.claude/CLAUDE.md
## Critical Bug Fix: Port 80 EADDRINUSE with ACME Challenge Routes
### Problem Statement
SmartProxy encounters an "EADDRINUSE" error on port 80 when provisioning multiple ACME certificates. The issue occurs because the certificate manager adds and removes the challenge route for each certificate individually, causing race conditions when multiple certificates are provisioned concurrently.
### Root Cause
The `SmartCertManager` class adds the ACME challenge route (port 80) before provisioning each certificate and removes it afterward. When multiple certificates are provisioned:
1. Each provisioning cycle adds its own challenge route
2. This triggers `updateRoutes()` which calls `PortManager.updatePorts()`
3. Port 80 is repeatedly added/removed, causing binding conflicts
### Implementation Plan
#### Phase 1: Refactor Challenge Route Lifecycle
1. **Modify challenge route handling** in `SmartCertManager`
- [x] Add challenge route once during initialization if ACME is configured
- [x] Keep challenge route active throughout entire certificate provisioning
- [x] Remove challenge route only after all certificates are provisioned
- [x] Add concurrency control to prevent multiple simultaneous route updates
#### Phase 2: Update Certificate Provisioning Flow
2. **Refactor certificate provisioning methods**
- [x] Separate challenge route management from individual certificate provisioning
- [x] Update `provisionAcmeCertificate()` to not add/remove challenge routes
- [x] Modify `provisionAllCertificates()` to handle challenge route lifecycle
- [x] Add error handling for challenge route initialization failures
#### Phase 3: Implement Concurrency Controls
3. **Add synchronization mechanisms**
- [x] Implement mutex/lock for challenge route operations
- [x] Ensure certificate provisioning is properly serialized
- [x] Add safeguards against duplicate challenge routes
- [x] Handle edge cases (shutdown during provisioning, renewal conflicts)
#### Phase 4: Enhance Error Handling
4. **Improve error handling and recovery**
- [x] Add specific error types for port conflicts
- [x] Implement retry logic for transient port binding issues
- [x] Add detailed logging for challenge route lifecycle
- [x] Ensure proper cleanup on errors
#### Phase 5: Create Comprehensive Tests
5. **Write tests for challenge route management**
- [x] Test concurrent certificate provisioning
- [x] Test challenge route persistence during provisioning
- [x] Test error scenarios (port already in use)
- [x] Test cleanup after provisioning
- [x] Test renewal scenarios with existing challenge routes
#### Phase 6: Update Documentation
6. **Document the new behavior**
- [x] Update certificate management documentation
- [x] Add troubleshooting guide for port conflicts
- [x] Document the challenge route lifecycle
- [x] Include examples of proper ACME configuration
### Technical Details
#### Specific Code Changes
1. In `SmartCertManager.initialize()`:
```typescript
// Add challenge route once at initialization
if (hasAcmeRoutes && this.acmeOptions?.email) {
await this.addChallengeRoute();
}
```
2. Modify `provisionAcmeCertificate()`:
```typescript
// Remove these lines:
// await this.addChallengeRoute();
// await this.removeChallengeRoute();
```
3. Update `stop()` method:
```typescript
// Always remove challenge route on shutdown
if (this.challengeRoute) {
await this.removeChallengeRoute();
}
```
4. Add concurrency control:
```typescript
private challengeRouteLock = new AsyncLock();
private async manageChallengeRoute(operation: 'add' | 'remove'): Promise<void> {
await this.challengeRouteLock.acquire('challenge-route', async () => {
if (operation === 'add') {
await this.addChallengeRoute();
} else {
await this.removeChallengeRoute();
}
});
}
```
### Success Criteria
- [x] No EADDRINUSE errors when provisioning multiple certificates
- [x] Challenge route remains active during entire provisioning cycle
- [x] Port 80 is only bound once per SmartProxy instance
- [x] Proper cleanup on shutdown or error
- [x] All tests pass
- [x] Documentation clearly explains the behavior
### Implementation Summary
The port 80 EADDRINUSE issue has been successfully fixed through the following changes:
1. **Challenge Route Lifecycle**: Modified to add challenge route once during initialization and keep it active throughout certificate provisioning
2. **Concurrency Control**: Added flags to prevent concurrent provisioning and duplicate challenge route operations
3. **Error Handling**: Enhanced error messages for port conflicts and proper cleanup on errors
4. **Tests**: Created comprehensive test suite for challenge route lifecycle scenarios
5. **Documentation**: Updated certificate management guide with troubleshooting section for port conflicts
The fix ensures that port 80 is only bound once, preventing EADDRINUSE errors during concurrent certificate provisioning operations.
### Timeline
- Phase 1: 2 hours (Challenge route lifecycle)
- Phase 2: 1 hour (Provisioning flow)
- Phase 3: 2 hours (Concurrency controls)
- Phase 4: 1 hour (Error handling)
- Phase 5: 2 hours (Testing)
- Phase 6: 1 hour (Documentation)
Total estimated time: 9 hours
### Notes
- This is a critical bug affecting ACME certificate provisioning
- The fix requires careful handling of concurrent operations
- Backward compatibility must be maintained
- Consider impact on renewal operations and edge cases
## NEW FINDINGS: Additional Port Management Issues
### Problem Statement
Further investigation has revealed additional issues beyond the initial port 80 EADDRINUSE error:
1. **Race Condition in updateRoutes**: Certificate manager is recreated during route updates, potentially causing duplicate challenge routes
2. **Lost State**: The `challengeRouteActive` flag is not persisted when certificate manager is recreated
3. **No Global Synchronization**: Multiple concurrent route updates can create conflicting certificate managers
4. **Incomplete Cleanup**: Challenge route removal doesn't verify actual port release
### Implementation Plan for Additional Fixes
#### Phase 1: Fix updateRoutes Race Condition
1. **Preserve certificate manager state during route updates**
- [x] Track active challenge routes at SmartProxy level
- [x] Pass existing state to new certificate manager instances
- [x] Ensure challenge route is only added once across recreations
- [x] Add proper cleanup before recreation
#### Phase 2: Implement Global Route Update Lock
2. **Add synchronization for route updates**
- [x] Implement mutex/semaphore for `updateRoutes` method
- [x] Prevent concurrent certificate manager recreations
- [x] Ensure atomic route updates
- [x] Add timeout handling for locks
#### Phase 3: Improve State Management
3. **Persist critical state across certificate manager instances**
- [x] Create global state store for ACME operations
- [x] Track active challenge routes globally
- [x] Maintain port allocation state
- [x] Add state recovery mechanisms
#### Phase 4: Enhance Cleanup Verification
4. **Verify resource cleanup before recreation**
- [x] Wait for old certificate manager to fully stop
- [x] Verify challenge route removal from port manager
- [x] Add cleanup confirmation callbacks
- [x] Implement rollback on cleanup failure
#### Phase 5: Add Comprehensive Testing
5. **Test race conditions and edge cases**
- [x] Test rapid route updates with ACME
- [x] Test concurrent certificate manager operations
- [x] Test state persistence across recreations
- [x] Test cleanup verification logic
### Technical Implementation
1. **Global Challenge Route Tracker**:
```typescript
class SmartProxy {
private globalChallengeRouteActive = false;
private routeUpdateLock = new Mutex();
async updateRoutes(newRoutes: IRouteConfig[]): Promise<void> {
await this.routeUpdateLock.runExclusive(async () => {
// Update logic here
});
}
}
```
2. **State Preservation**:
```typescript
if (this.certManager) {
const state = {
challengeRouteActive: this.globalChallengeRouteActive,
acmeOptions: this.certManager.getAcmeOptions(),
// ... other state
};
await this.certManager.stop();
await this.verifyChallengeRouteRemoved();
this.certManager = await this.createCertificateManager(
newRoutes,
'./certs',
state
);
}
```
3. **Cleanup Verification**:
```typescript
private async verifyChallengeRouteRemoved(): Promise<void> {
const maxRetries = 10;
for (let i = 0; i < maxRetries; i++) {
if (!this.portManager.isListening(80)) {
return;
}
await this.sleep(100);
}
throw new Error('Failed to verify challenge route removal');
}
```
### Success Criteria
- [ ] No race conditions during route updates
- [ ] State properly preserved across certificate manager recreations
- [ ] No duplicate challenge routes
- [ ] Clean resource management
- [ ] All edge cases handled gracefully
### Timeline for Additional Fixes
- Phase 1: 3 hours (Race condition fix)
- Phase 2: 2 hours (Global synchronization)
- Phase 3: 2 hours (State management)
- Phase 4: 2 hours (Cleanup verification)
- Phase 5: 3 hours (Testing)
Total estimated time: 12 hours
### Priority
These additional fixes are HIGH PRIORITY as they address fundamental issues that could cause:
- Port binding errors
- Certificate provisioning failures
- Resource leaks
- Inconsistent proxy state
The fixes should be implemented immediately after the initial port 80 EADDRINUSE fix is deployed.
### Implementation Complete
All additional port management issues have been successfully addressed:
1. **Mutex Implementation**: Created a custom `Mutex` class for synchronizing route updates
2. **Global State Tracking**: Implemented `AcmeStateManager` to track challenge routes globally
3. **State Preservation**: Modified `SmartCertManager` to accept and preserve state across recreations
4. **Cleanup Verification**: Added `verifyChallengeRouteRemoved` method to ensure proper cleanup
5. **Comprehensive Testing**: Created test suites for race conditions and state management
The implementation ensures:
- No concurrent route updates can create conflicting states
- Challenge route state is preserved across certificate manager recreations
- Port 80 is properly managed without EADDRINUSE errors
- All resources are cleaned up properly during shutdown
All tests are ready to run and the implementation is complete.

86
summary-acme-simplification.md
View File

@ -1,86 +0,0 @@
# ACME/Certificate Simplification Summary
## What Was Done
We successfully implemented the ACME/Certificate simplification plan for SmartProxy:
### 1. Created New Certificate Management System
- **SmartCertManager** (`ts/proxies/smart-proxy/certificate-manager.ts`): A unified certificate manager that handles both ACME and static certificates
- **CertStore** (`ts/proxies/smart-proxy/cert-store.ts`): File-based certificate storage system
### 2. Updated Route Types
- Added `IRouteAcme` interface for ACME configuration
- Added `IStaticResponse` interface for static route responses
- Extended `IRouteTls` with comprehensive certificate options
- Added `handler` property to `IRouteAction` for static routes
### 3. Implemented Static Route Handler
- Added `handleStaticAction` method to route-connection-handler.ts
- Added support for 'static' route type in the action switch statement
- Implemented proper HTTP response formatting
### 4. Updated SmartProxy Integration
- Removed old CertProvisioner and Port80Handler dependencies
- Added `initializeCertificateManager` method
- Updated `start` and `stop` methods to use new certificate manager
- Added `provisionCertificate`, `renewCertificate`, and `getCertificateStatus` methods
### 5. Simplified NetworkProxyBridge
- Removed all certificate-related logic
- Simplified to only handle network proxy forwarding
- Updated to use port-based matching for network proxy routes
### 6. Cleaned Up HTTP Module
- Removed exports for port80 subdirectory
- Kept only router and redirect functionality
### 7. Created Tests
- Created simplified test for certificate functionality
- Test demonstrates static route handling and basic certificate configuration
## Key Improvements
1. **No Backward Compatibility**: Clean break from legacy implementations
2. **Direct SmartAcme Integration**: Uses @push.rocks/smartacme directly without custom wrappers
3. **Route-Based ACME Challenges**: No separate HTTP server needed
4. **Simplified Architecture**: Removed unnecessary abstraction layers
5. **Unified Configuration**: Certificate configuration is part of route definitions
## Configuration Example
```typescript
const proxy = new SmartProxy({
routes: [{
name: 'secure-site',
match: { ports: 443, domains: 'example.com' },
action: {
type: 'forward',
target: { host: 'backend', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'admin@example.com',
useProduction: true
}
}
}
}]
});
```
## Next Steps
1. Remove old certificate module and port80 directory
2. Update documentation with new configuration format
3. Test with real ACME certificates in staging environment
4. Add more comprehensive tests for renewal and edge cases
The implementation is complete and builds successfully!

34
summary-nftables-naming-consolidation.md
View File

@ -1,34 +0,0 @@
# NFTables Naming Consolidation Summary
This document summarizes the changes made to consolidate the naming convention for IP allow/block lists in the NFTables integration.
## Changes Made
1. **Updated NFTablesProxy interface** (`ts/proxies/nftables-proxy/models/interfaces.ts`):
- Changed `allowedSourceIPs` to `ipAllowList`
- Changed `bannedSourceIPs` to `ipBlockList`
2. **Updated NFTablesProxy implementation** (`ts/proxies/nftables-proxy/nftables-proxy.ts`):
- Updated all references from `allowedSourceIPs` to `ipAllowList`
- Updated all references from `bannedSourceIPs` to `ipBlockList`
3. **Updated NFTablesManager** (`ts/proxies/smart-proxy/nftables-manager.ts`):
- Changed mapping from `allowedSourceIPs` to `ipAllowList`
- Changed mapping from `bannedSourceIPs` to `ipBlockList`
## Files Already Using Consistent Naming
The following files already used the consistent naming convention `ipAllowList` and `ipBlockList`:
1. **Route helpers** (`ts/proxies/smart-proxy/utils/route-helpers.ts`)
2. **Integration test** (`test/test.nftables-integration.ts`)
3. **NFTables example** (`examples/nftables-integration.ts`)
4. **Route types** (`ts/proxies/smart-proxy/models/route-types.ts`)
## Result
The naming is now consistent throughout the codebase:
- `ipAllowList` is used for lists of allowed IP addresses
- `ipBlockList` is used for lists of blocked IP addresses
This matches the naming convention already established in SmartProxy's core routing system.

2
test/core/utils/test.event-system.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import {
EventSystem,
ProxyEvents,

2
test/core/utils/test.ip-utils.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { IpUtils } from '../../../ts/core/utils/ip-utils.js';
tap.test('ip-utils - normalizeIP', async () => {

2
test/core/utils/test.route-utils.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as routeUtils from '../../../ts/core/utils/route-utils.js';
// Test domain matching

2
test/core/utils/test.shared-security-manager.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { SharedSecurityManager } from '../../../ts/core/utils/shared-security-manager.js';
import type { IRouteConfig, IRouteContext } from '../../../ts/proxies/smart-proxy/models/route-types.js';

2
test/core/utils/test.validation-utils.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { ValidationUtils } from '../../../ts/core/utils/validation-utils.js';
import type { IDomainOptions, IAcmeOptions } from '../../../ts/core/models/common-types.js';

21
test/helpers/test-cert.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIUAzpwtk6k5v/7LfY1KR7PreezvsswDQYJKoZIhvcNAQEL
BQAwVTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFRlc3QxDTALBgNVBAcMBFRlc3Qx
DTALBgNVBAoMBFRlc3QxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wHhcNMjUw
NTE5MTc1MDM0WhcNMjYwNTE5MTc1MDM0WjBVMQswCQYDVQQGEwJVUzENMAsGA1UE
CAwEVGVzdDENMAsGA1UEBwwEVGVzdDENMAsGA1UECgwEVGVzdDEZMBcGA1UEAwwQ
dGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AK9FivUNjXz5q+snqKLCno0i3cYzJ+LTzSf+x+a/G7CA/rtigIvSYEqWC4+/MXPM
ifpU/iIRtj7RzoPKH44uJie7mS5kKSHsMnh/qixaxxJph+tVYdNGi9hNvL12T/5n
ihXkpMAK8MV6z3Y+ObiaKbCe4w19sLu2IIpff0U0mo6rTKOQwAfGa/N1dtzFaogP
f/iO5kcksWUPqZowM3lwXXgy8vg5ZeU7IZk9fRTBfrEJAr9TCQ8ivdluxq59Ax86
0AMmlbeu/dUMBcujLiTVjzqD3jz/Hr+iHq2y48NiF3j5oE/1qsD04d+QDWAygdmd
bQOy0w/W1X0ppnuPhLILQzcCAwEAAaNTMFEwHQYDVR0OBBYEFID88wvDJXrQyTsx
s+zl/wwx5BCMMB8GA1UdIwQYMBaAFID88wvDJXrQyTsxs+zl/wwx5BCMMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIRp9bUxAip5s0dx700PPVAd
mrS7kDCZ+KFD6UgF/F3ykshh33MfYNLghJCfhcWvUHQgiPKohWcZq1g4oMuDZPFW
EHTr2wkX9j6A3KNjgFT5OVkLdjNPYdxMbTvmKbsJPc82C9AFN/Xz97XlZvmE4mKc
JCKqTz9hK3JpoayEUrf9g4TJcVwNnl/UnMp2sZX3aId4wD2+jSb40H/5UPFO2stv
SvCSdMcq0ZOQ/g/P56xOKV/5RAdIYV+0/3LWNGU/dH0nUfJO9K31e3eR+QZ1Iyn3
iGPcaSKPDptVx+2hxcvhFuRgRjfJ0mu6/hnK5wvhrXrSm43FBgvmlo4MaX0HVss=
-----END CERTIFICATE-----

28
test/helpers/test-key.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvRYr1DY18+avr
J6iiwp6NIt3GMyfi080n/sfmvxuwgP67YoCL0mBKlguPvzFzzIn6VP4iEbY+0c6D
yh+OLiYnu5kuZCkh7DJ4f6osWscSaYfrVWHTRovYTby9dk/+Z4oV5KTACvDFes92
Pjm4mimwnuMNfbC7tiCKX39FNJqOq0yjkMAHxmvzdXbcxWqID3/4juZHJLFlD6ma
MDN5cF14MvL4OWXlOyGZPX0UwX6xCQK/UwkPIr3ZbsaufQMfOtADJpW3rv3VDAXL
oy4k1Y86g948/x6/oh6tsuPDYhd4+aBP9arA9OHfkA1gMoHZnW0DstMP1tV9KaZ7
j4SyC0M3AgMBAAECggEAKfW6ng74C+7TtxDAAPMZtQ0fTcdKabWt/EC1B6tBzEAd
e6vJvW+IaOLB8tBhXOkfMSRu0KYv3Jsq1wcpBcdLkCCLu/zzkfDzZkCd809qMCC+
jtraeBOAADEgGbV80hlkh/g8btNPr99GUnb0J5sUlvl6vuyTxmSEJsxU8jL1O2km
YgK34fS5NS73h138P3UQAGC0dGK8Rt61EsFIKWTyH/r8tlz9nQrYcDG3LwTbFQQf
bsRLAjolxTRV6t1CzcjsSGtrAqm/4QNypP5McCyOXAqajb3pNGaJyGg1nAEOZclK
oagU7PPwaFmSquwo7Y1Uov72XuLJLVryBl0fOCen7QKBgQDieqvaL9gHsfaZKNoY
+0Cnul/Dw0kjuqJIKhar/mfLY7NwYmFSgH17r26g+X7mzuzaN0rnEhjh7L3j6xQJ
qhs9zL+/OIa581Ptvb8H/42O+mxnqx7Z8s5JwH0+f5EriNkU3euoAe/W9x4DqJiE
2VyvlM1gngxI+vFo+iewmg+vOwKBgQDGHiPKxXWD50tXvvDdRTjH+/4GQuXhEQjl
Po59AJ/PLc/AkQkVSzr8Fspf7MHN6vufr3tS45tBuf5Qf2Y9GPBRKR3e+M1CJdoi
1RXy0nMsnR0KujxgiIe6WQFumcT81AsIVXtDYk11Sa057tYPeeOmgtmUMJZb6lek
wqUxrFw0NQKBgQCs/p7+jsUpO5rt6vKNWn5MoGQ+GJFppUoIbX3b6vxFs+aA1eUZ
K+St8ZdDhtCUZUMufEXOs1gmWrvBuPMZXsJoNlnRKtBegat+Ug31ghMTP95GYcOz
H3DLjSkd8DtnUaTf95PmRXR6c1CN4t59u7q8s6EdSByCMozsbwiaMVQBuQKBgQCY
QxG/BYMLnPeKuHTlmg3JpSHWLhP+pdjwVuOrro8j61F/7ffNJcRvehSPJKbOW4qH
b5aYXdU07n1F4KPy0PfhaHhMpWsbK3w6yQnVVWivIRDw7bD5f/TQgxdWqVd7+HuC
LDBP2X0uZzF7FNPvkP4lOut9uNnWSoSRXAcZ5h33AQKBgQDWJYKGNoA8/IT9+e8n
v1Fy0RNL/SmBfGZW9pFGFT2pcu6TrzVSugQeWY/YFO2X6FqLPbL4p72Ar4rF0Uxl
31aYIjy3jDGzMabdIuW7mBogvtNjBG+0UgcLQzbdG6JkvTkQgqUjwIn/+Jo+0sS5
dEylNM0zC6zx1f1U1dGGZaNcLg==
-----END PRIVATE KEY-----

129
test/test.acme-http-challenge.ts Normal file
View File

@ -0,0 +1,129 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
import { SmartProxy } from '../ts/index.js';
tap.test('should handle HTTP requests on port 80 for ACME challenges', async (tools) => {
tools.timeout(10000);
// Track HTTP requests that are handled
const handledRequests: any[] = [];
const settings = {
routes: [
{
name: 'acme-test-route',
match: {
ports: [18080], // Use high port to avoid permission issues
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static' as const,
handler: async (context) => {
handledRequests.push({
path: context.path,
method: context.method,
headers: context.headers
});
// Simulate ACME challenge response
const token = context.path?.split('/').pop() || '';
return {
status: 200,
headers: { 'Content-Type': 'text/plain' },
body: `challenge-response-for-${token}`
};
}
}
}
]
};
const proxy = new SmartProxy(settings);
// Mock NFTables manager
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Make an HTTP request to the challenge endpoint
const response = await fetch('http://localhost:18080/.well-known/acme-challenge/test-token', {
method: 'GET'
});
// Verify response
expect(response.status).toEqual(200);
const body = await response.text();
expect(body).toEqual('challenge-response-for-test-token');
// Verify request was handled
expect(handledRequests.length).toEqual(1);
expect(handledRequests[0].path).toEqual('/.well-known/acme-challenge/test-token');
expect(handledRequests[0].method).toEqual('GET');
await proxy.stop();
});
tap.test('should parse HTTP headers correctly', async (tools) => {
tools.timeout(10000);
const capturedContext: any = {};
const settings = {
routes: [
{
name: 'header-test-route',
match: {
ports: [18081]
},
action: {
type: 'static' as const,
handler: async (context) => {
Object.assign(capturedContext, context);
return {
status: 200,
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
received: context.headers
})
};
}
}
}
]
};
const proxy = new SmartProxy(settings);
// Mock NFTables manager
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Make request with custom headers
const response = await fetch('http://localhost:18081/test', {
method: 'POST',
headers: {
'X-Custom-Header': 'test-value',
'User-Agent': 'test-agent'
}
});
expect(response.status).toEqual(200);
const body = await response.json();
// Verify headers were parsed correctly
expect(capturedContext.headers['x-custom-header']).toEqual('test-value');
expect(capturedContext.headers['user-agent']).toEqual('test-agent');
expect(capturedContext.method).toEqual('POST');
expect(capturedContext.path).toEqual('/test');
await proxy.stop();
});
tap.start();

141
test/test.acme-route-creation.ts Normal file
View File

@ -0,0 +1,141 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
import * as plugins from '../ts/plugins.js';
/**
* Test that verifies ACME challenge routes are properly created
*/
tap.test('should create ACME challenge route with high ports', async (tools) => {
tools.timeout(5000);
const capturedRoutes: any[] = [];
const settings = {
routes: [
{
name: 'secure-route',
match: {
ports: [18443], // High port to avoid permission issues
domains: 'test.local'
},
action: {
type: 'forward' as const,
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate' as const,
certificate: 'auto' as const
}
}
}
],
acme: {
email: 'test@example.com',
port: 18080, // High port for ACME challenges
useProduction: false // Use staging environment
}
};
const proxy = new SmartProxy(settings);
// Capture route updates
const originalUpdateRoutes = (proxy as any).updateRoutes.bind(proxy);
(proxy as any).updateRoutes = async function(routes: any[]) {
capturedRoutes.push([...routes]);
return originalUpdateRoutes(routes);
};
await proxy.start();
// Check that ACME challenge route was added
const finalRoutes = capturedRoutes[capturedRoutes.length - 1];
const challengeRoute = finalRoutes.find((r: any) => r.name === 'acme-challenge');
expect(challengeRoute).toBeDefined();
expect(challengeRoute.match.path).toEqual('/.well-known/acme-challenge/*');
expect(challengeRoute.match.ports).toEqual(18080);
expect(challengeRoute.action.type).toEqual('static');
expect(challengeRoute.priority).toEqual(1000);
await proxy.stop();
});
tap.test('should handle HTTP request parsing correctly', async (tools) => {
tools.timeout(5000);
let handlerCalled = false;
let receivedContext: any;
const settings = {
routes: [
{
name: 'test-static',
match: {
ports: [18090],
path: '/test/*'
},
action: {
type: 'static' as const,
handler: async (context) => {
handlerCalled = true;
receivedContext = context;
return {
status: 200,
headers: { 'Content-Type': 'text/plain' },
body: 'OK'
};
}
}
}
]
};
const proxy = new SmartProxy(settings);
// Mock NFTables manager
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Create a simple HTTP request
const client = new plugins.net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(18090, 'localhost', () => {
// Send HTTP request
const request = [
'GET /test/example HTTP/1.1',
'Host: localhost:18090',
'User-Agent: test-client',
'',
''
].join('\r\n');
client.write(request);
// Wait for response
client.on('data', (data) => {
const response = data.toString();
expect(response).toContain('HTTP/1.1 200');
expect(response).toContain('OK');
client.end();
resolve();
});
});
client.on('error', reject);
});
// Verify handler was called
expect(handlerCalled).toBeTrue();
expect(receivedContext).toBeDefined();
expect(receivedContext.path).toEqual('/test/example');
expect(receivedContext.method).toEqual('GET');
expect(receivedContext.headers.host).toEqual('localhost:18090');
await proxy.stop();
});
tap.start();

116
test/test.acme-simple.ts Normal file
View File

@ -0,0 +1,116 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
/**
* Simple test to verify HTTP parsing works for ACME challenges
*/
tap.test('should parse HTTP requests correctly', async (tools) => {
tools.timeout(15000);
let receivedRequest = '';
// Create a simple HTTP server to test the parsing
const server = net.createServer((socket) => {
socket.on('data', (data) => {
receivedRequest = data.toString();
// Send response
const response = [
'HTTP/1.1 200 OK',
'Content-Type: text/plain',
'Content-Length: 2',
'',
'OK'
].join('\r\n');
socket.write(response);
socket.end();
});
});
await new Promise<void>((resolve) => {
server.listen(18091, () => {
console.log('Test server listening on port 18091');
resolve();
});
});
// Connect and send request
const client = net.connect(18091, 'localhost');
await new Promise<void>((resolve, reject) => {
client.on('connect', () => {
const request = [
'GET /.well-known/acme-challenge/test-token HTTP/1.1',
'Host: localhost:18091',
'User-Agent: test-client',
'',
''
].join('\r\n');
client.write(request);
});
client.on('data', (data) => {
const response = data.toString();
expect(response).toContain('200 OK');
client.end();
});
client.on('end', () => {
resolve();
});
client.on('error', reject);
});
// Verify we received the request
expect(receivedRequest).toContain('GET /.well-known/acme-challenge/test-token');
expect(receivedRequest).toContain('Host: localhost:18091');
server.close();
});
/**
* Test to verify ACME route configuration
*/
tap.test('should configure ACME challenge route', async () => {
// Simple test to verify the route configuration structure
const challengeRoute = {
name: 'acme-challenge',
priority: 1000,
match: {
ports: 80,
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static',
handler: async (context: any) => {
const token = context.path?.split('/').pop() || '';
return {
status: 200,
headers: { 'Content-Type': 'text/plain' },
body: `challenge-response-${token}`
};
}
}
};
expect(challengeRoute.name).toEqual('acme-challenge');
expect(challengeRoute.match.path).toEqual('/.well-known/acme-challenge/*');
expect(challengeRoute.match.ports).toEqual(80);
expect(challengeRoute.priority).toEqual(1000);
// Test the handler
const context = {
path: '/.well-known/acme-challenge/test-token',
method: 'GET',
headers: {}
};
const response = await challengeRoute.action.handler(context);
expect(response.status).toEqual(200);
expect(response.body).toEqual('challenge-response-test-token');
});
tap.start();

66
test/test.acme-state-manager.node.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { AcmeStateManager } from '../ts/proxies/smart-proxy/acme-state-manager.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
@ -19,20 +19,20 @@ tap.test('AcmeStateManager should track challenge routes correctly', async (tool
};
// Initially no challenge routes
tools.expect(stateManager.isChallengeRouteActive()).toBeFalse();
tools.expect(stateManager.getActiveChallengeRoutes()).toHaveLength(0);
expect(stateManager.isChallengeRouteActive()).toBeFalse();
expect(stateManager.getActiveChallengeRoutes()).toEqual([]);
// Add challenge route
stateManager.addChallengeRoute(challengeRoute);
tools.expect(stateManager.isChallengeRouteActive()).toBeTrue();
tools.expect(stateManager.getActiveChallengeRoutes()).toHaveLength(1);
tools.expect(stateManager.getPrimaryChallengeRoute()).toEqual(challengeRoute);
expect(stateManager.isChallengeRouteActive()).toBeTrue();
expect(stateManager.getActiveChallengeRoutes()).toHaveProperty("length", 1);
expect(stateManager.getPrimaryChallengeRoute()).toEqual(challengeRoute);
// Remove challenge route
stateManager.removeChallengeRoute('acme-challenge');
tools.expect(stateManager.isChallengeRouteActive()).toBeFalse();
tools.expect(stateManager.getActiveChallengeRoutes()).toHaveLength(0);
tools.expect(stateManager.getPrimaryChallengeRoute()).toBeNull();
expect(stateManager.isChallengeRouteActive()).toBeFalse();
expect(stateManager.getActiveChallengeRoutes()).toEqual([]);
expect(stateManager.getPrimaryChallengeRoute()).toBeNull();
});
tap.test('AcmeStateManager should track port allocations', async (tools) => {
@ -64,27 +64,27 @@ tap.test('AcmeStateManager should track port allocations', async (tools) => {
// Add first route
stateManager.addChallengeRoute(challengeRoute1);
tools.expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
tools.expect(stateManager.isPortAllocatedForAcme(8080)).toBeFalse();
tools.expect(stateManager.getAcmePorts()).toEqual([80]);
expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
expect(stateManager.isPortAllocatedForAcme(8080)).toBeFalse();
expect(stateManager.getAcmePorts()).toEqual([80]);
// Add second route
stateManager.addChallengeRoute(challengeRoute2);
tools.expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
tools.expect(stateManager.isPortAllocatedForAcme(8080)).toBeTrue();
tools.expect(stateManager.getAcmePorts()).toContain(80);
tools.expect(stateManager.getAcmePorts()).toContain(8080);
expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
expect(stateManager.isPortAllocatedForAcme(8080)).toBeTrue();
expect(stateManager.getAcmePorts()).toContain(80);
expect(stateManager.getAcmePorts()).toContain(8080);
// Remove first route - port 80 should still be allocated
stateManager.removeChallengeRoute('acme-challenge-1');
tools.expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
tools.expect(stateManager.isPortAllocatedForAcme(8080)).toBeTrue();
expect(stateManager.isPortAllocatedForAcme(80)).toBeTrue();
expect(stateManager.isPortAllocatedForAcme(8080)).toBeTrue();
// Remove second route - all ports should be deallocated
stateManager.removeChallengeRoute('acme-challenge-2');
tools.expect(stateManager.isPortAllocatedForAcme(80)).toBeFalse();
tools.expect(stateManager.isPortAllocatedForAcme(8080)).toBeFalse();
tools.expect(stateManager.getAcmePorts()).toHaveLength(0);
expect(stateManager.isPortAllocatedForAcme(80)).toBeFalse();
expect(stateManager.isPortAllocatedForAcme(8080)).toBeFalse();
expect(stateManager.getAcmePorts()).toEqual([]);
});
tap.test('AcmeStateManager should select primary route by priority', async (tools) => {
@ -125,19 +125,19 @@ tap.test('AcmeStateManager should select primary route by priority', async (tool
// Add low priority first
stateManager.addChallengeRoute(lowPriorityRoute);
tools.expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('low-priority');
expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('low-priority');
// Add high priority - should become primary
stateManager.addChallengeRoute(highPriorityRoute);
tools.expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('high-priority');
expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('high-priority');
// Add default priority - primary should remain high priority
stateManager.addChallengeRoute(defaultPriorityRoute);
tools.expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('high-priority');
expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('high-priority');
// Remove high priority - primary should fall back to low priority
stateManager.removeChallengeRoute('high-priority');
tools.expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('low-priority');
expect(stateManager.getPrimaryChallengeRoute()?.name).toEqual('low-priority');
});
tap.test('AcmeStateManager should handle clear operation', async (tools) => {
@ -168,18 +168,18 @@ tap.test('AcmeStateManager should handle clear operation', async (tools) => {
stateManager.addChallengeRoute(challengeRoute2);
// Verify state before clear
tools.expect(stateManager.isChallengeRouteActive()).toBeTrue();
tools.expect(stateManager.getActiveChallengeRoutes()).toHaveLength(2);
tools.expect(stateManager.getAcmePorts()).toHaveLength(3);
expect(stateManager.isChallengeRouteActive()).toBeTrue();
expect(stateManager.getActiveChallengeRoutes()).toHaveProperty("length", 2);
expect(stateManager.getAcmePorts()).toHaveProperty("length", 3);
// Clear all state
stateManager.clear();
// Verify state after clear
tools.expect(stateManager.isChallengeRouteActive()).toBeFalse();
tools.expect(stateManager.getActiveChallengeRoutes()).toHaveLength(0);
tools.expect(stateManager.getAcmePorts()).toHaveLength(0);
tools.expect(stateManager.getPrimaryChallengeRoute()).toBeNull();
expect(stateManager.isChallengeRouteActive()).toBeFalse();
expect(stateManager.getActiveChallengeRoutes()).toEqual([]);
expect(stateManager.getAcmePorts()).toEqual([]);
expect(stateManager.getPrimaryChallengeRoute()).toBeNull();
});
export default tap;
export default tap.start();

77
test/test.certificate-acme-update.ts Normal file
View File

@ -0,0 +1,77 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
import * as smartproxy from '../ts/index.js';
// This test verifies that SmartProxy correctly uses the updated SmartAcme v8.0.0 API
// with the optional wildcard parameter
tap.test('SmartCertManager should call getCertificateForDomain with wildcard option', async () => {
console.log('Testing SmartCertManager with SmartAcme v8.0.0 API...');
// Create a mock route with ACME certificate configuration
const mockRoute: smartproxy.IRouteConfig = {
match: {
domains: ['test.example.com'],
ports: 443
},
action: {
type: 'forward',
target: {
host: 'localhost',
port: 8080
},
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'test@example.com',
useProduction: false
}
}
},
name: 'test-route'
};
// Create a certificate manager
const certManager = new smartproxy.SmartCertManager(
[mockRoute],
'./test-certs',
{
email: 'test@example.com',
useProduction: false
}
);
// Since we can't actually test ACME in a unit test, we'll just verify the logic
// The actual test would be that it builds and runs without errors
// Test the wildcard logic for different domain types and challenge handlers
const testCases = [
{ domain: 'example.com', hasDnsChallenge: true, shouldIncludeWildcard: true },
{ domain: 'example.com', hasDnsChallenge: false, shouldIncludeWildcard: false },
{ domain: 'sub.example.com', hasDnsChallenge: true, shouldIncludeWildcard: true },
{ domain: 'sub.example.com', hasDnsChallenge: false, shouldIncludeWildcard: false },
{ domain: '*.example.com', hasDnsChallenge: true, shouldIncludeWildcard: false },
{ domain: '*.example.com', hasDnsChallenge: false, shouldIncludeWildcard: false },
{ domain: 'test', hasDnsChallenge: true, shouldIncludeWildcard: false }, // single label domain
{ domain: 'test', hasDnsChallenge: false, shouldIncludeWildcard: false },
{ domain: 'my.sub.example.com', hasDnsChallenge: true, shouldIncludeWildcard: true },
{ domain: 'my.sub.example.com', hasDnsChallenge: false, shouldIncludeWildcard: false }
];
for (const testCase of testCases) {
const shouldIncludeWildcard = !testCase.domain.startsWith('*.') &&
testCase.domain.includes('.') &&
testCase.domain.split('.').length >= 2 &&
testCase.hasDnsChallenge;
console.log(`Domain: ${testCase.domain}, DNS-01: ${testCase.hasDnsChallenge}, Should include wildcard: ${shouldIncludeWildcard}`);
expect(shouldIncludeWildcard).toEqual(testCase.shouldIncludeWildcard);
}
console.log('All wildcard logic tests passed!');
});
tap.start({
throwOnError: true
});

2
test/test.certificate-provisioning.ts
View File

@ -1,5 +1,5 @@
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
const testProxy = new SmartProxy({
routes: [{

2
test/test.certificate-simple.ts
View File

@ -1,5 +1,5 @@
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
tap.test('should create SmartProxy with certificate routes', async () => {
const proxy = new SmartProxy({

346
test/test.challenge-route-lifecycle.node.ts
View File

@ -1,346 +0,0 @@
import * as plugins from '../ts/plugins.js';
import { SmartProxy } from '../ts/index.js';
import { tap, expect } from '@push.rocks/tapbundle';
let testProxy: SmartProxy;
// Helper to check if a port is being listened on
async function isPortListening(port: number): Promise<boolean> {
return new Promise((resolve) => {
const server = plugins.net.createServer();
server.once('error', (err: any) => {
if (err.code === 'EADDRINUSE') {
// Port is already in use (being listened on)
resolve(true);
} else {
resolve(false);
}
});
server.once('listening', () => {
// Port is available (not being listened on)
server.close();
resolve(false);
});
server.listen(port);
});
}
// Helper to create test route
const createRoute = (id: number, port: number = 8443) => ({
name: `test-route-${id}`,
match: {
ports: [port],
domains: [`test${id}.example.com`]
},
action: {
type: 'forward' as const,
target: {
host: 'localhost',
port: 3000 + id
},
tls: {
mode: 'terminate' as const,
certificate: 'auto' as const
}
}
});
tap.test('should add challenge route once during initialization', async () => {
testProxy = new SmartProxy({
routes: [createRoute(1, 8443)],
acme: {
email: 'test@example.com',
useProduction: false,
port: 8080 // Use high port for testing
}
});
// Mock certificate manager initialization
let challengeRouteAddCount = 0;
const originalInitCertManager = (testProxy as any).initializeCertificateManager;
(testProxy as any).initializeCertificateManager = async function() {
// Track challenge route additions
const mockCertManager = {
addChallengeRoute: async function() {
challengeRouteAddCount++;
},
removeChallengeRoute: async function() {
challengeRouteAddCount--;
},
setUpdateRoutesCallback: function() {},
setNetworkProxy: function() {},
setGlobalAcmeDefaults: function() {},
initialize: async function() {
// Simulate adding challenge route during init
await this.addChallengeRoute();
},
stop: async function() {
// Simulate removing challenge route during stop
await this.removeChallengeRoute();
},
getAcmeOptions: function() {
return { email: 'test@example.com' };
}
};
(this as any).certManager = mockCertManager;
};
await testProxy.start();
// Challenge route should be added exactly once
expect(challengeRouteAddCount).toEqual(1);
await testProxy.stop();
// Challenge route should be removed on stop
expect(challengeRouteAddCount).toEqual(0);
});
tap.test('should persist challenge route during multiple certificate provisioning', async () => {
testProxy = new SmartProxy({
routes: [
createRoute(1, 8443),
createRoute(2, 8444),
createRoute(3, 8445)
],
acme: {
email: 'test@example.com',
useProduction: false,
port: 8080
}
});
// Mock to track route operations
let challengeRouteActive = false;
let addAttempts = 0;
let removeAttempts = 0;
(testProxy as any).initializeCertificateManager = async function() {
const mockCertManager = {
challengeRouteActive: false,
isProvisioning: false,
addChallengeRoute: async function() {
addAttempts++;
if (this.challengeRouteActive) {
console.log('Challenge route already active, skipping');
return;
}
this.challengeRouteActive = true;
challengeRouteActive = true;
},
removeChallengeRoute: async function() {
removeAttempts++;
if (!this.challengeRouteActive) {
console.log('Challenge route not active, skipping removal');
return;
}
this.challengeRouteActive = false;
challengeRouteActive = false;
},
provisionAllCertificates: async function() {
this.isProvisioning = true;
// Simulate provisioning multiple certificates
for (let i = 0; i < 3; i++) {
// Would normally call provisionCertificate for each route
// Challenge route should remain active throughout
expect(this.challengeRouteActive).toEqual(true);
}
this.isProvisioning = false;
},
setUpdateRoutesCallback: function() {},
setNetworkProxy: function() {},
setGlobalAcmeDefaults: function() {},
initialize: async function() {
await this.addChallengeRoute();
await this.provisionAllCertificates();
},
stop: async function() {
await this.removeChallengeRoute();
},
getAcmeOptions: function() {
return { email: 'test@example.com' };
}
};
(this as any).certManager = mockCertManager;
};
await testProxy.start();
// Challenge route should be added once and remain active
expect(addAttempts).toEqual(1);
expect(challengeRouteActive).toEqual(true);
await testProxy.stop();
// Challenge route should be removed once
expect(removeAttempts).toEqual(1);
expect(challengeRouteActive).toEqual(false);
});
tap.test('should handle port conflicts gracefully', async () => {
// Create a server that listens on port 8080 to create a conflict
const conflictServer = plugins.net.createServer();
await new Promise<void>((resolve) => {
conflictServer.listen(8080, () => {
resolve();
});
});
try {
testProxy = new SmartProxy({
routes: [createRoute(1, 8443)],
acme: {
email: 'test@example.com',
useProduction: false,
port: 8080 // This port is already in use
}
});
let error: Error | null = null;
(testProxy as any).initializeCertificateManager = async function() {
const mockCertManager = {
challengeRouteActive: false,
addChallengeRoute: async function() {
if (this.challengeRouteActive) {
return;
}
// Simulate EADDRINUSE error
const err = new Error('listen EADDRINUSE: address already in use :::8080');
(err as any).code = 'EADDRINUSE';
throw err;
},
setUpdateRoutesCallback: function() {},
setNetworkProxy: function() {},
setGlobalAcmeDefaults: function() {},
initialize: async function() {
try {
await this.addChallengeRoute();
} catch (e) {
error = e as Error;
throw e;
}
},
stop: async function() {},
getAcmeOptions: function() {
return { email: 'test@example.com' };
}
};
(this as any).certManager = mockCertManager;
};
try {
await testProxy.start();
} catch (e) {
error = e as Error;
}
// Should have caught the port conflict
expect(error).toBeTruthy();
expect(error?.message).toContain('Port 8080 is already in use');
} finally {
// Clean up conflict server
conflictServer.close();
}
});
tap.test('should prevent concurrent provisioning', async () => {
// Mock the certificate manager with tracking
let concurrentAttempts = 0;
let maxConcurrent = 0;
let currentlyProvisioning = 0;
const mockProxy = {
provisionCertificate: async function(route: any, allowConcurrent = false) {
if (!allowConcurrent && currentlyProvisioning > 0) {
console.log('Provisioning already in progress, skipping');
return;
}
concurrentAttempts++;
currentlyProvisioning++;
maxConcurrent = Math.max(maxConcurrent, currentlyProvisioning);
// Simulate provisioning delay
await new Promise(resolve => setTimeout(resolve, 10));
currentlyProvisioning--;
}
};
// Try to provision multiple certificates concurrently
const promises = [];
for (let i = 0; i < 5; i++) {
promises.push(mockProxy.provisionCertificate({ name: `route-${i}` }));
}
await Promise.all(promises);
// Should have rejected concurrent attempts
expect(concurrentAttempts).toEqual(1);
expect(maxConcurrent).toEqual(1);
});
tap.test('should clean up properly even on errors', async () => {
let challengeRouteActive = false;
const mockCertManager = {
challengeRouteActive: false,
addChallengeRoute: async function() {
this.challengeRouteActive = true;
challengeRouteActive = true;
throw new Error('Test error during add');
},
removeChallengeRoute: async function() {
if (!this.challengeRouteActive) {
return;
}
this.challengeRouteActive = false;
challengeRouteActive = false;
},
initialize: async function() {
try {
await this.addChallengeRoute();
} catch (error) {
// Should still clean up
await this.removeChallengeRoute();
throw error;
}
}
};
try {
await mockCertManager.initialize();
} catch (error) {
// Expected error
}
// State should be cleaned up
expect(challengeRouteActive).toEqual(false);
expect(mockCertManager.challengeRouteActive).toEqual(false);
});
tap.start();

294
test/test.connection-forwarding.ts Normal file
View File

@ -0,0 +1,294 @@
import { expect, tap } from '@git.zone/tapbundle';
import * as net from 'net';
import * as tls from 'tls';
import * as fs from 'fs';
import * as path from 'path';
import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
// Setup test infrastructure
const testCertPath = path.join(process.cwd(), 'test', 'helpers', 'test-cert.pem');
const testKeyPath = path.join(process.cwd(), 'test', 'helpers', 'test-key.pem');
let testServer: net.Server;
let tlsTestServer: tls.Server;
let smartProxy: SmartProxy;
tap.test('setup test servers', async () => {
// Create TCP test server
testServer = net.createServer((socket) => {
socket.write('Connected to TCP test server\n');
socket.on('data', (data) => {
socket.write(`TCP Echo: ${data}`);
});
});
await new Promise<void>((resolve) => {
testServer.listen(7001, '127.0.0.1', () => {
console.log('TCP test server listening on port 7001');
resolve();
});
});
// Create TLS test server for SNI testing
tlsTestServer = tls.createServer(
{
cert: fs.readFileSync(testCertPath),
key: fs.readFileSync(testKeyPath),
},
(socket) => {
socket.write('Connected to TLS test server\n');
socket.on('data', (data) => {
socket.write(`TLS Echo: ${data}`);
});
}
);
await new Promise<void>((resolve) => {
tlsTestServer.listen(7002, '127.0.0.1', () => {
console.log('TLS test server listening on port 7002');
resolve();
});
});
});
tap.test('should forward TCP connections correctly', async () => {
// Create SmartProxy with forward route
smartProxy = new SmartProxy({
enableDetailedLogging: true,
routes: [
{
id: 'tcp-forward',
name: 'TCP Forward Route',
match: {
port: 8080,
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 7001,
},
},
},
],
});
await smartProxy.start();
// Test TCP forwarding
const client = await new Promise<net.Socket>((resolve, reject) => {
const socket = net.connect(8080, '127.0.0.1', () => {
console.log('Connected to proxy');
resolve(socket);
});
socket.on('error', reject);
});
// Test data transmission
await new Promise<void>((resolve) => {
client.on('data', (data) => {
const response = data.toString();
console.log('Received:', response);
expect(response).toContain('Connected to TCP test server');
client.end();
resolve();
});
client.write('Hello from client');
});
await smartProxy.stop();
});
tap.test('should handle TLS passthrough correctly', async () => {
// Create SmartProxy with TLS passthrough route
smartProxy = new SmartProxy({
enableDetailedLogging: true,
routes: [
{
id: 'tls-passthrough',
name: 'TLS Passthrough Route',
match: {
port: 8443,
domain: 'test.example.com',
},
action: {
type: 'forward',
tls: {
mode: 'passthrough',
},
target: {
host: '127.0.0.1',
port: 7002,
},
},
},
],
});
await smartProxy.start();
// Test TLS passthrough
const client = await new Promise<tls.TLSSocket>((resolve, reject) => {
const socket = tls.connect(
{
port: 8443,
host: '127.0.0.1',
servername: 'test.example.com',
rejectUnauthorized: false,
},
() => {
console.log('Connected via TLS');
resolve(socket);
}
);
socket.on('error', reject);
});
// Test data transmission over TLS
await new Promise<void>((resolve) => {
client.on('data', (data) => {
const response = data.toString();
console.log('TLS Received:', response);
expect(response).toContain('Connected to TLS test server');
client.end();
resolve();
});
client.write('Hello from TLS client');
});
await smartProxy.stop();
});
tap.test('should handle SNI-based forwarding', async () => {
// Create SmartProxy with multiple domain routes
smartProxy = new SmartProxy({
enableDetailedLogging: true,
routes: [
{
id: 'domain-a',
name: 'Domain A Route',
match: {
port: 8443,
domain: 'a.example.com',
},
action: {
type: 'forward',
tls: {
mode: 'passthrough',
},
target: {
host: '127.0.0.1',
port: 7002,
},
},
},
{
id: 'domain-b',
name: 'Domain B Route',
match: {
port: 8443,
domain: 'b.example.com',
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 7001,
},
},
},
],
});
await smartProxy.start();
// Test domain A (TLS passthrough)
const clientA = await new Promise<tls.TLSSocket>((resolve, reject) => {
const socket = tls.connect(
{
port: 8443,
host: '127.0.0.1',
servername: 'a.example.com',
rejectUnauthorized: false,
},
() => {
console.log('Connected to domain A');
resolve(socket);
}
);
socket.on('error', reject);
});
await new Promise<void>((resolve) => {
clientA.on('data', (data) => {
const response = data.toString();
console.log('Domain A response:', response);
expect(response).toContain('Connected to TLS test server');
clientA.end();
resolve();
});
clientA.write('Hello from domain A');
});
// Test domain B (non-TLS forward)
const clientB = await new Promise<net.Socket>((resolve, reject) => {
const socket = net.connect(8443, '127.0.0.1', () => {
// Send TLS ClientHello with SNI for b.example.com
const clientHello = Buffer.from([
0x16, 0x03, 0x01, 0x00, 0x4e, // TLS Record header
0x01, 0x00, 0x00, 0x4a, // Handshake header
0x03, 0x03, // TLS version
// Random bytes
...Array(32).fill(0),
0x00, // Session ID length
0x00, 0x02, // Cipher suites length
0x00, 0x35, // Cipher suite
0x01, 0x00, // Compression methods
0x00, 0x1f, // Extensions length
0x00, 0x00, // SNI extension
0x00, 0x1b, // Extension length
0x00, 0x19, // SNI list length
0x00, // SNI type (hostname)
0x00, 0x16, // SNI length
// "b.example.com" in ASCII
0x62, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
]);
socket.write(clientHello);
setTimeout(() => {
resolve(socket);
}, 100);
});
socket.on('error', reject);
});
await new Promise<void>((resolve) => {
clientB.on('data', (data) => {
const response = data.toString();
console.log('Domain B response:', response);
// Should be forwarded to TCP server
expect(response).toContain('Connected to TCP test server');
clientB.end();
resolve();
});
// Send regular data after initial handshake
setTimeout(() => {
clientB.write('Hello from domain B');
}, 200);
});
await smartProxy.stop();
});
tap.test('cleanup', async () => {
testServer.close();
tlsTestServer.close();
});
export default tap.start();

81
test/test.fix-verification.ts Normal file
View File

@ -0,0 +1,81 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
tap.test('should verify certificate manager callback is preserved on updateRoutes', async () => {
// Create proxy with initial cert routes
const proxy = new SmartProxy({
routes: [{
name: 'cert-route',
match: { ports: [18443], domains: ['test.local'] },
action: {
type: 'forward',
target: { host: 'localhost', port: 3000 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: { email: 'test@local.test' }
}
}
}],
acme: { email: 'test@local.test', port: 18080 }
});
// Track callback preservation
let initialCallbackSet = false;
let updateCallbackSet = false;
// Mock certificate manager creation
(proxy as any).createCertificateManager = async function(...args: any[]) {
const certManager = {
updateRoutesCallback: null as any,
setUpdateRoutesCallback: function(callback: any) {
this.updateRoutesCallback = callback;
if (!initialCallbackSet) {
initialCallbackSet = true;
} else {
updateCallbackSet = true;
}
},
setHttpProxy: () => {},
setGlobalAcmeDefaults: () => {},
setAcmeStateManager: () => {},
initialize: async () => {},
stop: async () => {},
getAcmeOptions: () => ({ email: 'test@local.test' }),
getState: () => ({ challengeRouteActive: false })
};
// Set callback as in real implementation
certManager.setUpdateRoutesCallback(async (routes) => {
await this.updateRoutes(routes);
});
return certManager;
};
await proxy.start();
expect(initialCallbackSet).toEqual(true);
// Update routes - this should preserve the callback
await proxy.updateRoutes([{
name: 'updated-route',
match: { ports: [18444], domains: ['test2.local'] },
action: {
type: 'forward',
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: { email: 'test@local.test' }
}
}
}]);
expect(updateCallbackSet).toEqual(true);
await proxy.stop();
console.log('Fix verified: Certificate manager callback is preserved on updateRoutes');
});
tap.start();

131
test/test.forwarding-fix-verification.ts Normal file
View File

@ -0,0 +1,131 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
let testServer: net.Server;
let smartProxy: SmartProxy;
tap.test('setup test server', async () => {
// Create a test server that handles connections
testServer = await new Promise<net.Server>((resolve) => {
const server = net.createServer((socket) => {
console.log('Test server: Client connected');
socket.write('Welcome from test server\n');
socket.on('data', (data) => {
console.log(`Test server received: ${data.toString().trim()}`);
socket.write(`Echo: ${data}`);
});
socket.on('close', () => {
console.log('Test server: Client disconnected');
});
});
server.listen(6789, () => {
console.log('Test server listening on port 6789');
resolve(server);
});
});
});
tap.test('regular forward route should work correctly', async () => {
smartProxy = new SmartProxy({
routes: [{
id: 'test-forward',
name: 'Test Forward Route',
match: { ports: 7890 },
action: {
type: 'forward',
target: { host: 'localhost', port: 6789 }
}
}]
});
await smartProxy.start();
// Create a client connection
const client = await new Promise<net.Socket>((resolve, reject) => {
const socket = net.connect(7890, 'localhost', () => {
console.log('Client connected to proxy');
resolve(socket);
});
socket.on('error', reject);
});
// Test data exchange
const response = await new Promise<string>((resolve) => {
client.on('data', (data) => {
resolve(data.toString());
});
});
expect(response).toContain('Welcome from test server');
// Send data through proxy
client.write('Test message');
const echo = await new Promise<string>((resolve) => {
client.once('data', (data) => {
resolve(data.toString());
});
});
expect(echo).toContain('Echo: Test message');
client.end();
await smartProxy.stop();
});
tap.test('NFTables forward route should not terminate connections', async () => {
smartProxy = new SmartProxy({
routes: [{
id: 'nftables-test',
name: 'NFTables Test Route',
match: { ports: 7891 },
action: {
type: 'forward',
forwardingEngine: 'nftables',
target: { host: 'localhost', port: 6789 }
}
}]
});
await smartProxy.start();
// Create a client connection
const client = await new Promise<net.Socket>((resolve, reject) => {
const socket = net.connect(7891, 'localhost', () => {
console.log('Client connected to NFTables proxy');
resolve(socket);
});
socket.on('error', reject);
});
// With NFTables, the connection should stay open at the application level
// even though forwarding happens at kernel level
let connectionClosed = false;
client.on('close', () => {
connectionClosed = true;
});
// Wait a bit to ensure connection isn't immediately closed
await new Promise(resolve => setTimeout(resolve, 1000));
expect(connectionClosed).toBe(false);
console.log('NFTables connection stayed open as expected');
client.end();
await smartProxy.stop();
});
tap.test('cleanup', async () => {
if (testServer) {
testServer.close();
}
if (smartProxy) {
await smartProxy.stop();
}
});
export default tap.start();

105
test/test.forwarding-regression.ts Normal file
View File

@ -0,0 +1,105 @@
import { expect, tap } from '@git.zone/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
// Test to verify port forwarding works correctly
tap.test('forward connections should not be immediately closed', async (t) => {
// Create a backend server that accepts connections
const testServer = net.createServer((socket) => {
console.log('Client connected to test server');
socket.write('Welcome from test server\n');
socket.on('data', (data) => {
console.log('Test server received:', data.toString());
socket.write(`Echo: ${data}`);
});
socket.on('error', (err) => {
console.error('Test server socket error:', err);
});
});
// Listen on a non-privileged port
await new Promise<void>((resolve) => {
testServer.listen(9090, '127.0.0.1', () => {
console.log('Test server listening on port 9090');
resolve();
});
});
// Create SmartProxy with a forward route
const smartProxy = new SmartProxy({
enableDetailedLogging: true,
routes: [
{
id: 'forward-test',
name: 'Forward Test Route',
match: {
port: 8080,
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 9090,
},
},
},
],
});
await smartProxy.start();
// Create a client connection through the proxy
const client = net.createConnection({
port: 8080,
host: '127.0.0.1',
});
let connectionClosed = false;
let dataReceived = false;
let welcomeMessage = '';
client.on('connect', () => {
console.log('Client connected to proxy');
});
client.on('data', (data) => {
console.log('Client received:', data.toString());
dataReceived = true;
welcomeMessage = data.toString();
});
client.on('close', () => {
console.log('Client connection closed');
connectionClosed = true;
});
client.on('error', (err) => {
console.error('Client error:', err);
});
// Wait for the welcome message
await t.waitForExpect(() => {
return dataReceived;
}, 'Data should be received from the server', 2000);
// Verify we got the welcome message
expect(welcomeMessage).toContain('Welcome from test server');
// Send some data
client.write('Hello from client');
// Wait a bit to make sure connection isn't immediately closed
await new Promise(resolve => setTimeout(resolve, 100));
// Connection should still be open
expect(connectionClosed).toBe(false);
// Clean up
client.end();
await smartProxy.stop();
testServer.close();
});
export default tap.start();

4
test/test.forwarding.examples.ts
View File

@ -1,5 +1,5 @@
import * as path from 'path';
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import {
@ -175,7 +175,7 @@ tap.test('Route-based configuration examples', async (tools) => {
// Just verify that all routes are configured correctly
console.log(`Created ${allRoutes.length} example routes`);
expect(allRoutes.length).toEqual(8);
expect(allRoutes.length).toEqual(10);
});
export default tap.start();

6
test/test.forwarding.ts
View File

@ -1,4 +1,4 @@
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
import type { IForwardConfig, TForwardingType } from '../ts/forwarding/config/forwarding-types.js';
@ -72,8 +72,8 @@ tap.test('Route Helpers - Create complete HTTPS server with redirect', async ()
expect(routes.length).toEqual(2);
// Check HTTP to HTTPS redirect
const redirectRoute = findRouteForDomain(routes, 'full.example.com');
// Check HTTP to HTTPS redirect - find route by action type
const redirectRoute = routes.find(r => r.action.type === 'redirect');
expect(redirectRoute.action.type).toEqual('redirect');
expect(redirectRoute.match.ports).toEqual(80);

2
test/test.forwarding.unit.ts
View File

@ -1,4 +1,4 @@
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
// First, import the components directly to avoid issues with compiled modules

183
test/test.http-fix-unit.ts Normal file
View File

@ -0,0 +1,183 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
// Unit test for the HTTP forwarding fix
tap.test('should forward non-TLS connections on HttpProxy ports', async (tapTest) => {
// Test configuration
const testPort = 8080;
const httpProxyPort = 8844;
// Track forwarding logic
let forwardedToHttpProxy = false;
let setupDirectConnection = false;
// Create mock settings
const mockSettings = {
useHttpProxy: [testPort],
httpProxyPort: httpProxyPort,
routes: [{
name: 'test-route',
match: { ports: testPort },
action: {
type: 'forward',
target: { host: 'localhost', port: 8181 }
}
}]
};
// Create mock connection record
const mockRecord = {
id: 'test-connection',
localPort: testPort,
remoteIP: '127.0.0.1',
isTLS: false
};
// Mock HttpProxyBridge
const mockHttpProxyBridge = {
getHttpProxy: () => ({ available: true }),
forwardToHttpProxy: async () => {
forwardedToHttpProxy = true;
}
};
// Test the logic from handleForwardAction
const route = mockSettings.routes[0];
const action = route.action;
// Simulate the fixed logic
if (!action.tls) {
// No TLS settings - check if this port should use HttpProxy
const isHttpProxyPort = mockSettings.useHttpProxy?.includes(mockRecord.localPort);
if (isHttpProxyPort && mockHttpProxyBridge.getHttpProxy()) {
// Forward non-TLS connections to HttpProxy if configured
console.log(`Using HttpProxy for non-TLS connection on port ${mockRecord.localPort}`);
await mockHttpProxyBridge.forwardToHttpProxy();
} else {
// Basic forwarding
console.log(`Using basic forwarding`);
setupDirectConnection = true;
}
}
// Verify the fix works correctly
expect(forwardedToHttpProxy).toEqual(true);
expect(setupDirectConnection).toEqual(false);
console.log('Test passed: Non-TLS connections on HttpProxy ports are forwarded correctly');
});
// Test that non-HttpProxy ports still use direct connection
tap.test('should use direct connection for non-HttpProxy ports', async (tapTest) => {
let forwardedToHttpProxy = false;
let setupDirectConnection = false;
const mockSettings = {
useHttpProxy: [80, 443], // Different ports
httpProxyPort: 8844,
routes: [{
name: 'test-route',
match: { ports: 8080 }, // Not in useHttpProxy
action: {
type: 'forward',
target: { host: 'localhost', port: 8181 }
}
}]
};
const mockRecord = {
id: 'test-connection-2',
localPort: 8080, // Not in useHttpProxy
remoteIP: '127.0.0.1',
isTLS: false
};
const mockHttpProxyBridge = {
getHttpProxy: () => ({ available: true }),
forwardToHttpProxy: async () => {
forwardedToHttpProxy = true;
}
};
const route = mockSettings.routes[0];
const action = route.action;
// Test the logic
if (!action.tls) {
const isHttpProxyPort = mockSettings.useHttpProxy?.includes(mockRecord.localPort);
if (isHttpProxyPort && mockHttpProxyBridge.getHttpProxy()) {
console.log(`Using HttpProxy for non-TLS connection on port ${mockRecord.localPort}`);
await mockHttpProxyBridge.forwardToHttpProxy();
} else {
console.log(`Using basic forwarding for port ${mockRecord.localPort}`);
setupDirectConnection = true;
}
}
// Verify port 8080 uses direct connection when not in useHttpProxy
expect(forwardedToHttpProxy).toEqual(false);
expect(setupDirectConnection).toEqual(true);
console.log('Test passed: Non-HttpProxy ports use direct connection');
});
// Test HTTP-01 ACME challenge scenario
tap.test('should handle ACME HTTP-01 challenges on port 80 with HttpProxy', async (tapTest) => {
let forwardedToHttpProxy = false;
const mockSettings = {
useHttpProxy: [80], // Port 80 configured for HttpProxy
httpProxyPort: 8844,
acme: {
port: 80,
email: 'test@example.com'
},
routes: [{
name: 'acme-challenge',
match: {
ports: 80,
paths: ['/.well-known/acme-challenge/*']
},
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 }
}
}]
};
const mockRecord = {
id: 'acme-connection',
localPort: 80,
remoteIP: '127.0.0.1',
isTLS: false
};
const mockHttpProxyBridge = {
getHttpProxy: () => ({ available: true }),
forwardToHttpProxy: async () => {
forwardedToHttpProxy = true;
}
};
const route = mockSettings.routes[0];
const action = route.action;
// Test the fix for ACME HTTP-01 challenges
if (!action.tls) {
const isHttpProxyPort = mockSettings.useHttpProxy?.includes(mockRecord.localPort);
if (isHttpProxyPort && mockHttpProxyBridge.getHttpProxy()) {
console.log(`Using HttpProxy for ACME challenge on port ${mockRecord.localPort}`);
await mockHttpProxyBridge.forwardToHttpProxy();
}
}
// Verify HTTP-01 challenges on port 80 go through HttpProxy
expect(forwardedToHttpProxy).toEqual(true);
console.log('Test passed: ACME HTTP-01 challenges on port 80 use HttpProxy');
});
tap.start();

168
test/test.http-fix-verification.ts Normal file
View File

@ -0,0 +1,168 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { RouteConnectionHandler } from '../ts/proxies/smart-proxy/route-connection-handler.js';
import { ISmartProxyOptions } from '../ts/proxies/smart-proxy/models/interfaces.js';
import * as net from 'net';
// Direct test of the fix in RouteConnectionHandler
tap.test('should detect and forward non-TLS connections on useHttpProxy ports', async (tapTest) => {
// Create mock objects
const mockSettings: ISmartProxyOptions = {
useHttpProxy: [8080],
httpProxyPort: 8844,
routes: [{
name: 'test-route',
match: { ports: 8080 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8181 }
}
}]
};
let httpProxyForwardCalled = false;
let directConnectionCalled = false;
// Create mocks for dependencies
const mockHttpProxyBridge = {
getHttpProxy: () => ({ available: true }),
forwardToHttpProxy: async (...args: any[]) => {
console.log('Mock: forwardToHttpProxy called');
httpProxyForwardCalled = true;
}
};
// Mock connection manager
const mockConnectionManager = {
createConnection: (socket: any) => ({
id: 'test-connection',
localPort: 8080,
remoteIP: '127.0.0.1',
isTLS: false
}),
initiateCleanupOnce: () => {},
cleanupConnection: () => {}
};
// Mock route manager that returns a matching route
const mockRouteManager = {
findMatchingRoute: (criteria: any) => ({
route: mockSettings.routes[0]
})
};
// Create route connection handler instance
const handler = new RouteConnectionHandler(
mockSettings,
mockConnectionManager as any,
{} as any, // security manager
{} as any, // tls manager
mockHttpProxyBridge as any,
{} as any, // timeout manager
mockRouteManager as any
);
// Override setupDirectConnection to track if it's called
handler['setupDirectConnection'] = (...args: any[]) => {
console.log('Mock: setupDirectConnection called');
directConnectionCalled = true;
};
// Test: Create a mock socket representing non-TLS connection on port 8080
const mockSocket = new net.Socket();
mockSocket.localPort = 8080;
mockSocket.remoteAddress = '127.0.0.1';
// Simulate the handler processing the connection
handler.handleConnection(mockSocket);
// Simulate receiving non-TLS data
mockSocket.emit('data', Buffer.from('GET / HTTP/1.1\r\nHost: test.local\r\n\r\n'));
// Give it a moment to process
await new Promise(resolve => setTimeout(resolve, 100));
// Verify that the connection was forwarded to HttpProxy, not direct connection
expect(httpProxyForwardCalled).toEqual(true);
expect(directConnectionCalled).toEqual(false);
mockSocket.destroy();
});
// Test that verifies TLS connections still work normally
tap.test('should handle TLS connections normally', async (tapTest) => {
const mockSettings: ISmartProxyOptions = {
useHttpProxy: [443],
httpProxyPort: 8844,
routes: [{
name: 'tls-route',
match: { ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8443 },
tls: { mode: 'terminate' }
}
}]
};
let httpProxyForwardCalled = false;
const mockHttpProxyBridge = {
getHttpProxy: () => ({ available: true }),
forwardToHttpProxy: async (...args: any[]) => {
httpProxyForwardCalled = true;
}
};
const mockConnectionManager = {
createConnection: (socket: any) => ({
id: 'test-tls-connection',
localPort: 443,
remoteIP: '127.0.0.1',
isTLS: true,
tlsHandshakeComplete: false
}),
initiateCleanupOnce: () => {},
cleanupConnection: () => {}
};
const mockTlsManager = {
isTlsHandshake: (chunk: Buffer) => true,
isClientHello: (chunk: Buffer) => true,
extractSNI: (chunk: Buffer) => 'test.local'
};
const mockRouteManager = {
findMatchingRoute: (criteria: any) => ({
route: mockSettings.routes[0]
})
};
const handler = new RouteConnectionHandler(
mockSettings,
mockConnectionManager as any,
{} as any,
mockTlsManager as any,
mockHttpProxyBridge as any,
{} as any,
mockRouteManager as any
);
const mockSocket = new net.Socket();
mockSocket.localPort = 443;
mockSocket.remoteAddress = '127.0.0.1';
handler.handleConnection(mockSocket);
// Simulate TLS handshake
const tlsHandshake = Buffer.from([0x16, 0x03, 0x01, 0x00, 0x05]);
mockSocket.emit('data', tlsHandshake);
await new Promise(resolve => setTimeout(resolve, 100));
// TLS connections with 'terminate' mode should go to HttpProxy
expect(httpProxyForwardCalled).toEqual(true);
mockSocket.destroy();
});
tap.start();

150
test/test.http-forwarding-fix.ts Normal file
View File

@ -0,0 +1,150 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
import * as net from 'net';
// Test that verifies HTTP connections on ports configured in useHttpProxy are properly forwarded
tap.test('should detect and forward non-TLS connections on HttpProxy ports', async (tapTest) => {
// Track whether the connection was forwarded to HttpProxy
let forwardedToHttpProxy = false;
let connectionPath = '';
// Mock the HttpProxy forwarding
const originalForward = SmartProxy.prototype['httpProxyBridge'].prototype.forwardToHttpProxy;
SmartProxy.prototype['httpProxyBridge'].prototype.forwardToHttpProxy = function(...args: any[]) {
forwardedToHttpProxy = true;
connectionPath = 'httpproxy';
console.log('Mock: Connection forwarded to HttpProxy');
// Just close the connection for the test
args[1].end(); // socket.end()
};
// Create a SmartProxy with useHttpProxy configured
const proxy = new SmartProxy({
useHttpProxy: [8080],
httpProxyPort: 8844,
enableDetailedLogging: true,
routes: [{
name: 'test-route',
match: {
ports: 8080
},
action: {
type: 'forward',
target: { host: 'localhost', port: 8181 }
}
}]
});
// Override the HttpProxy initialization to avoid actual HttpProxy setup
proxy['httpProxyBridge'].getHttpProxy = () => ({} as any);
await proxy.start();
// Make a connection to port 8080
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(8080, 'localhost', () => {
console.log('Client connected to proxy on port 8080');
// Send a non-TLS HTTP request
client.write('GET / HTTP/1.1\r\nHost: test.local\r\n\r\n');
resolve();
});
client.on('error', reject);
});
// Give it a moment to process
await new Promise(resolve => setTimeout(resolve, 100));
// Verify the connection was forwarded to HttpProxy
expect(forwardedToHttpProxy).toEqual(true);
expect(connectionPath).toEqual('httpproxy');
client.destroy();
await proxy.stop();
// Restore original method
SmartProxy.prototype['httpProxyBridge'].prototype.forwardToHttpProxy = originalForward;
});
// Test that verifies the fix detects non-TLS connections
tap.test('should properly detect non-TLS connections on HttpProxy ports', async (tapTest) => {
const targetPort = 8182;
let receivedConnection = false;
// Create a target server that never receives the connection (because it goes to HttpProxy)
const targetServer = net.createServer((socket) => {
receivedConnection = true;
socket.end();
});
await new Promise<void>((resolve) => {
targetServer.listen(targetPort, () => {
console.log(`Target server listening on port ${targetPort}`);
resolve();
});
});
// Mock HttpProxyBridge to track forwarding
let httpProxyForwardCalled = false;
const proxy = new SmartProxy({
useHttpProxy: [8080],
httpProxyPort: 8844,
routes: [{
name: 'test-route',
match: {
ports: 8080
},
action: {
type: 'forward',
target: { host: 'localhost', port: targetPort }
}
}]
});
// Override the forwardToHttpProxy method to track calls
const originalForward = proxy['httpProxyBridge'].forwardToHttpProxy;
proxy['httpProxyBridge'].forwardToHttpProxy = async function(...args: any[]) {
httpProxyForwardCalled = true;
console.log('HttpProxy forward called with connectionId:', args[0]);
// Just end the connection
args[1].end();
};
// Mock getHttpProxy to return a truthy value
proxy['httpProxyBridge'].getHttpProxy = () => ({} as any);
await proxy.start();
// Make a non-TLS connection
const client = new net.Socket();
await new Promise<void>((resolve, reject) => {
client.connect(8080, 'localhost', () => {
console.log('Connected to proxy');
client.write('GET / HTTP/1.1\r\nHost: test.local\r\n\r\n');
resolve();
});
client.on('error', () => resolve()); // Ignore errors since we're ending the connection
});
await new Promise(resolve => setTimeout(resolve, 100));
// Verify that HttpProxy was called, not direct connection
expect(httpProxyForwardCalled).toEqual(true);
expect(receivedConnection).toEqual(false); // Target should not receive direct connection
client.destroy();
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
// Restore original method
proxy['httpProxyBridge'].forwardToHttpProxy = originalForward;
});
tap.start();

160
test/test.http-port8080-forwarding.ts Normal file
View File

@ -0,0 +1,160 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
import * as http from 'http';
tap.test('should forward HTTP connections on port 8080 to HttpProxy', async (tapTest) => {
// Create a mock HTTP server to act as our target
const targetPort = 8181;
let receivedRequest = false;
let receivedPath = '';
const targetServer = http.createServer((req, res) => {
// Log request details for debugging
console.log(`Target server received: ${req.method} ${req.url}`);
receivedPath = req.url || '';
if (req.url === '/.well-known/acme-challenge/test-token') {
receivedRequest = true;
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('test-challenge-response');
} else {
res.writeHead(200);
res.end('OK');
}
});
await new Promise<void>((resolve) => {
targetServer.listen(targetPort, () => {
console.log(`Target server listening on port ${targetPort}`);
resolve();
});
});
// Create SmartProxy with port 8080 configured for HttpProxy
const proxy = new SmartProxy({
useHttpProxy: [8080], // Enable HttpProxy for port 8080
httpProxyPort: 8844,
enableDetailedLogging: true,
routes: [{
name: 'test-route',
match: {
ports: 8080,
domains: ['test.local']
},
action: {
type: 'forward',
target: { host: 'localhost', port: targetPort }
}
}]
});
await proxy.start();
// Give the proxy a moment to fully initialize
await new Promise(resolve => setTimeout(resolve, 500));
// Make an HTTP request to port 8080
const options = {
hostname: 'localhost',
port: 8080,
path: '/.well-known/acme-challenge/test-token',
method: 'GET',
headers: {
'Host': 'test.local'
}
};
const response = await new Promise<http.IncomingMessage>((resolve, reject) => {
const req = http.request(options, (res) => resolve(res));
req.on('error', reject);
req.end();
});
// Collect response data
let responseData = '';
response.setEncoding('utf8');
response.on('data', chunk => responseData += chunk);
await new Promise(resolve => response.on('end', resolve));
// Verify the request was properly forwarded
expect(response.statusCode).toEqual(200);
expect(receivedPath).toEqual('/.well-known/acme-challenge/test-token');
expect(responseData).toEqual('test-challenge-response');
expect(receivedRequest).toEqual(true);
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
});
tap.test('should handle basic HTTP request forwarding', async (tapTest) => {
// Create a simple target server
const targetPort = 8182;
let receivedRequest = false;
const targetServer = http.createServer((req, res) => {
console.log(`Target received: ${req.method} ${req.url} from ${req.headers.host}`);
receivedRequest = true;
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('Hello from target');
});
await new Promise<void>((resolve) => {
targetServer.listen(targetPort, () => {
console.log(`Target server listening on port ${targetPort}`);
resolve();
});
});
// Create a simple proxy without HttpProxy
const proxy = new SmartProxy({
routes: [{
name: 'simple-forward',
match: {
ports: 8081,
domains: ['test.local']
},
action: {
type: 'forward',
target: { host: 'localhost', port: targetPort }
}
}]
});
await proxy.start();
await new Promise(resolve => setTimeout(resolve, 500));
// Make request
const options = {
hostname: 'localhost',
port: 8081,
path: '/test',
method: 'GET',
headers: {
'Host': 'test.local'
}
};
const response = await new Promise<http.IncomingMessage>((resolve, reject) => {
const req = http.request(options, (res) => resolve(res));
req.on('error', reject);
req.end();
});
let responseData = '';
response.setEncoding('utf8');
response.on('data', chunk => responseData += chunk);
await new Promise(resolve => response.on('end', resolve));
expect(response.statusCode).toEqual(200);
expect(responseData).toEqual('Hello from target');
expect(receivedRequest).toEqual(true);
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
});
tap.start();

96
test/test.http-port8080-simple.ts Normal file
View File

@ -0,0 +1,96 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
import * as net from 'net';
tap.test('should forward HTTP connections on port 8080 to HttpProxy', async (tapTest) => {
// Create a simple echo server to act as our target
const targetPort = 8181;
let receivedData = '';
const targetServer = net.createServer((socket) => {
console.log('Target server received connection');
socket.on('data', (data) => {
receivedData += data.toString();
console.log('Target server received data:', data.toString().split('\n')[0]);
// Send a simple HTTP response
const response = 'HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\nHello, World!';
socket.write(response);
});
});
await new Promise<void>((resolve) => {
targetServer.listen(targetPort, () => {
console.log(`Target server listening on port ${targetPort}`);
resolve();
});
});
// Create SmartProxy with port 8080 configured for HttpProxy
const proxy = new SmartProxy({
useHttpProxy: [8080], // Enable HttpProxy for port 8080
httpProxyPort: 8844,
enableDetailedLogging: true,
routes: [{
name: 'test-route',
match: {
ports: 8080
},
action: {
type: 'forward',
target: { host: 'localhost', port: targetPort }
}
}]
});
await proxy.start();
// Give the proxy a moment to fully initialize
await new Promise(resolve => setTimeout(resolve, 500));
console.log('Making test connection to proxy on port 8080...');
// Create a simple TCP connection to test
const client = new net.Socket();
const responsePromise = new Promise<string>((resolve, reject) => {
let response = '';
client.on('data', (data) => {
response += data.toString();
console.log('Client received:', data.toString());
});
client.on('end', () => {
resolve(response);
});
client.on('error', reject);
});
await new Promise<void>((resolve, reject) => {
client.connect(8080, 'localhost', () => {
console.log('Client connected to proxy');
// Send a simple HTTP request
client.write('GET / HTTP/1.1\r\nHost: test.local\r\n\r\n');
resolve();
});
client.on('error', reject);
});
// Wait for response
const response = await responsePromise;
// Check that we got the response
expect(response).toContain('Hello, World!');
expect(receivedData).toContain('GET / HTTP/1.1');
client.destroy();
await proxy.stop();
await new Promise<void>((resolve) => {
targetServer.close(() => resolve());
});
});
tap.start();

54
test/test.networkproxy.function-targets.ts → test/test.httpproxy.function-targets.ts
View File

@ -1,20 +1,20 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
import { NetworkProxy } from '../ts/proxies/network-proxy/index.js';
import { HttpProxy } from '../ts/proxies/http-proxy/index.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
import type { IRouteContext } from '../ts/core/models/route-context.js';
// Declare variables for tests
let networkProxy: NetworkProxy;
let httpProxy: HttpProxy;
let testServer: plugins.http.Server;
let testServerHttp2: plugins.http2.Http2Server;
let serverPort: number;
let serverPortHttp2: number;
// Setup test environment
tap.test('setup NetworkProxy function-based targets test environment', async (tools) => {
tap.test('setup HttpProxy function-based targets test environment', async (tools) => {
// Set a reasonable timeout for the test
tools.timeout = 30000; // 30 seconds
tools.timeout(30000); // 30 seconds
// Create simple HTTP server to respond to requests
testServer = plugins.http.createServer((req, res) => {
res.writeHead(200, { 'Content-Type': 'application/json' });
@ -63,8 +63,8 @@ tap.test('setup NetworkProxy function-based targets test environment', async (to
});
});
// Create NetworkProxy instance
networkProxy = new NetworkProxy({
// Create HttpProxy instance
httpProxy = new HttpProxy({
port: 0, // Use dynamic port
logLevel: 'info', // Use info level to see more logs
// Disable ACME to avoid trying to bind to port 80
@ -73,11 +73,11 @@ tap.test('setup NetworkProxy function-based targets test environment', async (to
}
});
await networkProxy.start();
await httpProxy.start();
// Log the actual port being used
const actualPort = networkProxy.getListeningPort();
console.log(`NetworkProxy actual listening port: ${actualPort}`);
const actualPort = httpProxy.getListeningPort();
console.log(`HttpProxy actual listening port: ${actualPort}`);
});
// Test static host/port routes
@ -100,10 +100,10 @@ tap.test('should support static host/port routes', async () => {
}
];
await networkProxy.updateRouteConfigs(routes);
await httpProxy.updateRouteConfigs(routes);
// Get proxy port using the improved getListeningPort() method
const proxyPort = networkProxy.getListeningPort();
const proxyPort = httpProxy.getListeningPort();
// Make request to proxy
const response = await makeRequest({
@ -145,10 +145,10 @@ tap.test('should support function-based host', async () => {
}
];
await networkProxy.updateRouteConfigs(routes);
await httpProxy.updateRouteConfigs(routes);
// Get proxy port using the improved getListeningPort() method
const proxyPort = networkProxy.getListeningPort();
const proxyPort = httpProxy.getListeningPort();
// Make request to proxy
const response = await makeRequest({
@ -190,10 +190,10 @@ tap.test('should support function-based port', async () => {
}
];
await networkProxy.updateRouteConfigs(routes);
await httpProxy.updateRouteConfigs(routes);
// Get proxy port using the improved getListeningPort() method
const proxyPort = networkProxy.getListeningPort();
const proxyPort = httpProxy.getListeningPort();
// Make request to proxy
const response = await makeRequest({
@ -236,10 +236,10 @@ tap.test('should support function-based host AND port', async () => {
}
];
await networkProxy.updateRouteConfigs(routes);
await httpProxy.updateRouteConfigs(routes);
// Get proxy port using the improved getListeningPort() method
const proxyPort = networkProxy.getListeningPort();
const proxyPort = httpProxy.getListeningPort();
// Make request to proxy
const response = await makeRequest({
@ -285,10 +285,10 @@ tap.test('should support context-based routing with path', async () => {
}
];
await networkProxy.updateRouteConfigs(routes);
await httpProxy.updateRouteConfigs(routes);
// Get proxy port using the improved getListeningPort() method
const proxyPort = networkProxy.getListeningPort();
const proxyPort = httpProxy.getListeningPort();
// Make request to proxy with /api path
const apiResponse = await makeRequest({
@ -322,9 +322,9 @@ tap.test('should support context-based routing with path', async () => {
});
// Cleanup test environment
tap.test('cleanup NetworkProxy function-based targets test environment', async () => {
tap.test('cleanup HttpProxy function-based targets test environment', async () => {
// Skip cleanup if setup failed
if (!networkProxy && !testServer && !testServerHttp2) {
if (!httpProxy && !testServer && !testServerHttp2) {
console.log('Skipping cleanup - setup failed');
return;
}
@ -358,11 +358,11 @@ tap.test('cleanup NetworkProxy function-based targets test environment', async (
});
}
// Stop NetworkProxy last
if (networkProxy) {
console.log('Stopping NetworkProxy...');
await networkProxy.stop();
console.log('NetworkProxy stopped successfully');
// Stop HttpProxy last
if (httpProxy) {
console.log('Stopping HttpProxy...');
await httpProxy.stop();
console.log('HttpProxy stopped successfully');
}
// Force exit after a short delay to ensure cleanup

10
test/test.networkproxy.ts → test/test.httpproxy.ts
View File

@ -1,11 +1,11 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as smartproxy from '../ts/index.js';
import { loadTestCertificates } from './helpers/certificates.js';
import * as https from 'https';
import * as http from 'http';
import { WebSocket, WebSocketServer } from 'ws';
let testProxy: smartproxy.NetworkProxy;
let testProxy: smartproxy.HttpProxy;
let testServer: http.Server;
let wsServer: WebSocketServer;
let testCertificates: { privateKey: string; publicKey: string };
@ -187,7 +187,7 @@ tap.test('setup test environment', async () => {
tap.test('should create proxy instance', async () => {
// Test with the original minimal options (only port)
testProxy = new smartproxy.NetworkProxy({
testProxy = new smartproxy.HttpProxy({
port: 3001,
});
expect(testProxy).toEqual(testProxy); // Instance equality check
@ -195,7 +195,7 @@ tap.test('should create proxy instance', async () => {
tap.test('should create proxy instance with extended options', async () => {
// Test with extended options to verify backward compatibility
testProxy = new smartproxy.NetworkProxy({
testProxy = new smartproxy.HttpProxy({
port: 3001,
maxConnections: 5000,
keepAliveTimeout: 120000,
@ -214,7 +214,7 @@ tap.test('should create proxy instance with extended options', async () => {
tap.test('should start the proxy server', async () => {
// Create a new proxy instance
testProxy = new smartproxy.NetworkProxy({
testProxy = new smartproxy.HttpProxy({
port: 3001,
maxConnections: 5000,
backendProtocol: 'http1',

116
test/test.nftables-forwarding.ts Normal file
View File

@ -0,0 +1,116 @@
import { expect, tap } from '@git.zone/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
// Test to verify NFTables forwarding doesn't terminate connections
tap.test('NFTables forwarding should not terminate connections', async () => {
// Create a test server that receives connections
const testServer = net.createServer((socket) => {
socket.write('Connected to test server\n');
socket.on('data', (data) => {
socket.write(`Echo: ${data}`);
});
});
// Start test server
await new Promise<void>((resolve) => {
testServer.listen(8001, '127.0.0.1', () => {
console.log('Test server listening on port 8001');
resolve();
});
});
// Create SmartProxy with NFTables route
const smartProxy = new SmartProxy({
enableDetailedLogging: true,
routes: [
{
id: 'nftables-test',
name: 'NFTables Test Route',
match: {
port: 8080,
},
action: {
type: 'forward',
forwardingEngine: 'nftables',
target: {
host: '127.0.0.1',
port: 8001,
},
},
},
// Also add regular forwarding route for comparison
{
id: 'regular-test',
name: 'Regular Forward Route',
match: {
port: 8081,
},
action: {
type: 'forward',
target: {
host: '127.0.0.1',
port: 8001,
},
},
},
],
});
await smartProxy.start();
// Test NFTables route
const nftablesConnection = await new Promise<net.Socket>((resolve, reject) => {
const client = net.connect(8080, '127.0.0.1', () => {
console.log('Connected to NFTables route');
resolve(client);
});
client.on('error', reject);
});
// Add timeout to check if connection stays alive
await new Promise<void>((resolve) => {
let dataReceived = false;
nftablesConnection.on('data', (data) => {
console.log('NFTables route data:', data.toString());
dataReceived = true;
});
// Send test data
nftablesConnection.write('Test NFTables');
// Check connection after 100ms
setTimeout(() => {
// Connection should still be alive even if app doesn't handle it
expect(nftablesConnection.destroyed).toBe(false);
nftablesConnection.end();
resolve();
}, 100);
});
// Test regular forwarding route for comparison
const regularConnection = await new Promise<net.Socket>((resolve, reject) => {
const client = net.connect(8081, '127.0.0.1', () => {
console.log('Connected to regular route');
resolve(client);
});
client.on('error', reject);
});
// Test regular connection works
await new Promise<void>((resolve) => {
regularConnection.on('data', (data) => {
console.log('Regular route data:', data.toString());
expect(data.toString()).toContain('Connected to test server');
regularConnection.end();
resolve();
});
});
// Cleanup
await smartProxy.stop();
testServer.close();
});
export default tap.start();

2
test/test.nftables-integration.simple.ts
View File

@ -1,6 +1,6 @@
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { createNfTablesRoute, createNfTablesTerminateRoute } from '../ts/proxies/smart-proxy/utils/route-helpers.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as child_process from 'child_process';
import { promisify } from 'util';

2
test/test.nftables-integration.ts
View File

@ -1,6 +1,6 @@
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { createNfTablesRoute, createNfTablesTerminateRoute } from '../ts/proxies/smart-proxy/utils/route-helpers.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
import * as http from 'http';
import * as https from 'https';

2
test/test.nftables-manager.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { NFTablesManager } from '../ts/proxies/smart-proxy/nftables-manager.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
import type { ISmartProxyOptions } from '../ts/proxies/smart-proxy/models/interfaces.js';

2
test/test.nftables-status.ts
View File

@ -1,7 +1,7 @@
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { NFTablesManager } from '../ts/proxies/smart-proxy/nftables-manager.js';
import { createNfTablesRoute } from '../ts/proxies/smart-proxy/utils/route-helpers.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as child_process from 'child_process';
import { promisify } from 'util';

86
test/test.port-forwarding-fix.ts Normal file
View File

@ -0,0 +1,86 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
let echoServer: net.Server;
let proxy: SmartProxy;
tap.test('port forwarding should not immediately close connections', async () => {
// Create an echo server
echoServer = await new Promise<net.Server>((resolve) => {
const server = net.createServer((socket) => {
socket.on('data', (data) => {
socket.write(`ECHO: ${data}`);
});
});
server.listen(8888, () => {
console.log('Echo server listening on port 8888');
resolve(server);
});
});
// Create proxy with forwarding route
proxy = new SmartProxy({
routes: [{
id: 'test',
match: { ports: 9999 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8888 }
}
}]
});
await proxy.start();
// Test connection through proxy
const client = net.createConnection(9999, 'localhost');
const result = await new Promise<string>((resolve, reject) => {
client.on('data', (data) => {
resolve(data.toString());
});
client.on('error', reject);
client.write('Hello');
});
expect(result).toEqual('ECHO: Hello');
client.end();
});
tap.test('TLS passthrough should work correctly', async () => {
// Create proxy with TLS passthrough
proxy = new SmartProxy({
routes: [{
id: 'tls-test',
match: { ports: 8443, domains: 'test.example.com' },
action: {
type: 'forward',
tls: { mode: 'passthrough' },
target: { host: 'localhost', port: 443 }
}
}]
});
await proxy.start();
// For now just verify the proxy starts correctly with TLS passthrough route
expect(proxy).toBeDefined();
await proxy.stop();
});
tap.test('cleanup', async () => {
if (echoServer) {
echoServer.close();
}
if (proxy) {
await proxy.stop();
}
});
export default tap.start();

2
test/test.port-mapping.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import {

304
test/test.port80-management.node.ts
View File

@ -1,6 +1,10 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
/**
* Test that verifies port 80 is not double-registered when both
* user routes and ACME challenges use the same port
*/
tap.test('should not double-register port 80 when user route and ACME use same port', async (tools) => {
tools.timeout(5000);
@ -17,20 +21,20 @@ tap.test('should not double-register port 80 when user route and ACME use same p
},
action: {
type: 'forward' as const,
targetUrl: 'http://localhost:3000'
target: { host: 'localhost', port: 3000 }
}
},
{
name: 'acme-route',
name: 'secure-route',
match: {
ports: [443]
},
action: {
type: 'forward' as const,
targetUrl: 'https://localhost:3001',
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate' as const,
certificate: 'auto'
certificate: 'auto' as const
}
}
}
@ -44,57 +48,61 @@ tap.test('should not double-register port 80 when user route and ACME use same p
const proxy = new SmartProxy(settings);
// Mock the port manager to track port additions
(proxy as any).portManager = {
const mockPortManager = {
addPort: async (port: number) => {
if (activePorts.has(port)) {
// This is the deduplication behavior we're testing
return;
return; // Simulate deduplication
}
activePorts.add(port);
if (port === 80) {
port80AddCount++;
}
},
addPorts: async (ports: number[]) => {
for (const port of ports) {
await (proxy as any).portManager.addPort(port);
await mockPortManager.addPort(port);
}
},
removePort: async (port: number) => {
activePorts.delete(port);
},
updatePorts: async (requiredPorts: Set<number>) => {
const portsToRemove = [];
for (const port of activePorts) {
if (!requiredPorts.has(port)) {
portsToRemove.push(port);
}
}
const portsToAdd = [];
for (const port of requiredPorts) {
if (!activePorts.has(port)) {
portsToAdd.push(port);
}
}
for (const port of portsToRemove) {
await (proxy as any).portManager.removePort(port);
}
for (const port of portsToAdd) {
await (proxy as any).portManager.addPort(port);
await mockPortManager.addPort(port);
}
},
setShuttingDown: () => {},
getPortForRoutes: () => new Map(),
closeAll: async () => { activePorts.clear(); },
stop: async () => { await (proxy as any).portManager.closeAll(); }
stop: async () => { await mockPortManager.closeAll(); }
};
// Inject mock
(proxy as any).portManager = mockPortManager;
// Mock certificate manager to prevent ACME calls
(proxy as any).createCertificateManager = async function(routes: any[], certDir: string, acmeOptions: any, initialState?: any) {
const mockCertManager = {
setUpdateRoutesCallback: function(callback: any) { /* noop */ },
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {
// Simulate ACME route addition
const challengeRoute = {
name: 'acme-challenge',
priority: 1000,
match: {
ports: acmeOptions?.port || 80,
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static'
}
};
// This would trigger route update in real implementation
},
getAcmeOptions: () => acmeOptions,
getState: () => ({ challengeRouteActive: false }),
stop: async () => {}
};
return mockCertManager;
};
// Mock NFTables
@ -103,85 +111,25 @@ tap.test('should not double-register port 80 when user route and ACME use same p
stop: async () => {}
};
// Mock certificate manager to prevent ACME
(proxy as any).createCertificateManager = async function(routes: any[], certDir: string, acmeOptions: any) {
const certManager = {
routes: routes,
globalAcmeDefaults: acmeOptions,
updateRoutesCallback: null as any,
challengeRouteActive: false,
setUpdateRoutesCallback: function(callback: any) {
this.updateRoutesCallback = callback;
},
setNetworkProxy: function() {},
setGlobalAcmeDefaults: function(defaults: any) {
this.globalAcmeDefaults = defaults;
},
initialize: async function() {
const hasAcmeRoutes = routes.some((r: any) =>
r.action.tls?.certificate === 'auto'
);
if (hasAcmeRoutes && acmeOptions?.email) {
const challengeRoute = {
name: 'acme-challenge',
priority: 1000,
match: {
ports: acmeOptions.port || 80,
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static',
handler: async () => ({ status: 200, body: 'challenge' })
}
};
const updatedRoutes = [...routes, challengeRoute];
if (this.updateRoutesCallback) {
await this.updateRoutesCallback(updatedRoutes);
}
this.challengeRouteActive = true;
}
},
getAcmeOptions: function() {
return acmeOptions;
},
stop: async function() {}
};
certManager.setUpdateRoutesCallback(async (routes: any[]) => {
await this.updateRoutes(routes);
});
await certManager.initialize();
return certManager;
};
// Mock admin server to prevent binding
// Mock admin server
(proxy as any).startAdminServer = async function() {
this.servers.set(this.settings.port, {
(this as any).servers.set(this.settings.port, {
port: this.settings.port,
close: async () => {}
});
};
try {
await proxy.start();
// Verify that port 80 was added only once
tools.expect(port80AddCount).toEqual(1);
} finally {
await proxy.stop();
}
await proxy.start();
// Verify that port 80 was added only once
expect(port80AddCount).toEqual(1);
await proxy.stop();
});
/**
* Test that verifies ACME can use a different port than user routes
*/
tap.test('should handle ACME on different port than user routes', async (tools) => {
tools.timeout(5000);
@ -198,20 +146,20 @@ tap.test('should handle ACME on different port than user routes', async (tools)
},
action: {
type: 'forward' as const,
targetUrl: 'http://localhost:3000'
target: { host: 'localhost', port: 3000 }
}
},
{
name: 'acme-route',
name: 'secure-route',
match: {
ports: [443]
},
action: {
type: 'forward' as const,
targetUrl: 'https://localhost:3001',
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate' as const,
certificate: 'auto'
certificate: 'auto' as const
}
}
}
@ -225,34 +173,57 @@ tap.test('should handle ACME on different port than user routes', async (tools)
const proxy = new SmartProxy(settings);
// Mock the port manager
(proxy as any).portManager = {
const mockPortManager = {
addPort: async (port: number) => {
if (!activePorts.has(port)) {
activePorts.add(port);
portAddHistory.push(port);
}
},
addPorts: async (ports: number[]) => {
for (const port of ports) {
await (proxy as any).portManager.addPort(port);
await mockPortManager.addPort(port);
}
},
removePort: async (port: number) => {
activePorts.delete(port);
},
updatePorts: async (requiredPorts: Set<number>) => {
for (const port of requiredPorts) {
await (proxy as any).portManager.addPort(port);
await mockPortManager.addPort(port);
}
},
setShuttingDown: () => {},
getPortForRoutes: () => new Map(),
closeAll: async () => { activePorts.clear(); },
stop: async () => { await (proxy as any).portManager.closeAll(); }
stop: async () => { await mockPortManager.closeAll(); }
};
// Inject mocks
(proxy as any).portManager = mockPortManager;
// Mock certificate manager
(proxy as any).createCertificateManager = async function(routes: any[], certDir: string, acmeOptions: any, initialState?: any) {
const mockCertManager = {
setUpdateRoutesCallback: function(callback: any) { /* noop */ },
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {
// Simulate ACME route addition on different port
const challengeRoute = {
name: 'acme-challenge',
priority: 1000,
match: {
ports: acmeOptions?.port || 80,
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static'
}
};
},
getAcmeOptions: () => acmeOptions,
getState: () => ({ challengeRouteActive: false }),
stop: async () => {}
};
return mockCertManager;
};
// Mock NFTables
@ -261,85 +232,22 @@ tap.test('should handle ACME on different port than user routes', async (tools)
stop: async () => {}
};
// Mock certificate manager
(proxy as any).createCertificateManager = async function(routes: any[], certDir: string, acmeOptions: any) {
const certManager = {
routes: routes,
globalAcmeDefaults: acmeOptions,
updateRoutesCallback: null as any,
challengeRouteActive: false,
setUpdateRoutesCallback: function(callback: any) {
this.updateRoutesCallback = callback;
},
setNetworkProxy: function() {},
setGlobalAcmeDefaults: function(defaults: any) {
this.globalAcmeDefaults = defaults;
},
initialize: async function() {
const hasAcmeRoutes = routes.some((r: any) =>
r.action.tls?.certificate === 'auto'
);
if (hasAcmeRoutes && acmeOptions?.email) {
const challengeRoute = {
name: 'acme-challenge',
priority: 1000,
match: {
ports: acmeOptions.port || 80,
path: '/.well-known/acme-challenge/*'
},
action: {
type: 'static',
handler: async () => ({ status: 200, body: 'challenge' })
}
};
const updatedRoutes = [...routes, challengeRoute];
if (this.updateRoutesCallback) {
await this.updateRoutesCallback(updatedRoutes);
}
this.challengeRouteActive = true;
}
},
getAcmeOptions: function() {
return acmeOptions;
},
stop: async function() {}
};
certManager.setUpdateRoutesCallback(async (routes: any[]) => {
await this.updateRoutes(routes);
});
await certManager.initialize();
return certManager;
};
// Mock admin server
(proxy as any).startAdminServer = async function() {
this.servers.set(this.settings.port, {
(this as any).servers.set(this.settings.port, {
port: this.settings.port,
close: async () => {}
});
};
try {
await proxy.start();
// Verify that all expected ports were added
tools.expect(portAddHistory).toInclude(80); // User route
tools.expect(portAddHistory).toInclude(443); // TLS route
tools.expect(portAddHistory).toInclude(8080); // ACME challenge
} finally {
await proxy.stop();
}
await proxy.start();
// Verify that all expected ports were added
expect(portAddHistory.includes(80)).toBeTrue(); // User route
expect(portAddHistory.includes(443)).toBeTrue(); // TLS route
expect(portAddHistory.includes(8080)).toBeTrue(); // ACME challenge on different port
await proxy.stop();
});
export default tap;
export default tap.start();

321
test/test.race-conditions.node.ts
View File

@ -1,6 +1,9 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { SmartProxy } from '../ts/index.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { SmartProxy, type IRouteConfig } from '../ts/index.js';
/**
* Test that verifies mutex prevents race conditions during concurrent route updates
*/
tap.test('should handle concurrent route updates without race conditions', async (tools) => {
tools.timeout(10000);
@ -39,10 +42,10 @@ tap.test('should handle concurrent route updates without race conditions', async
},
action: {
type: 'forward' as const,
targetUrl: `https://localhost:${3001 + i}`,
target: { host: 'localhost', port: 3001 + i },
tls: {
mode: 'terminate' as const,
certificate: 'auto'
certificate: 'auto' as const
}
}
}
@ -54,227 +57,27 @@ tap.test('should handle concurrent route updates without race conditions', async
// Verify final state
const currentRoutes = proxy['settings'].routes;
tools.expect(currentRoutes.length).toBeGreaterThan(1);
expect(currentRoutes.length).toEqual(2); // Initial route + last update
await proxy.stop();
});
tap.test('should preserve certificate manager state during rapid updates', async (tools) => {
/**
* Test that verifies mutex serializes route updates
*/
tap.test('should serialize route updates with mutex', async (tools) => {
tools.timeout(10000);
const settings = {
port: 6002,
routes: [
{
name: 'test-route',
match: {
ports: [443]
},
action: {
type: 'forward' as const,
targetUrl: 'https://localhost:3001',
tls: {
mode: 'terminate' as const,
certificate: 'auto'
}
}
routes: [{
name: 'test-route',
match: { ports: [80] },
action: {
type: 'forward' as const,
targetUrl: 'http://localhost:3000'
}
],
acme: {
email: 'test@test.com',
port: 80
}
};
const proxy = new SmartProxy(settings);
await proxy.start();
// Get initial certificate manager reference
const initialCertManager = proxy['certManager'];
tools.expect(initialCertManager).not.toBeNull();
// Perform rapid route updates
for (let i = 0; i < 3; i++) {
await proxy.updateRoutes([
...settings.routes,
{
name: `extra-route-${i}`,
match: {
ports: [8000 + i]
},
action: {
type: 'forward' as const,
targetUrl: `http://localhost:${4000 + i}`
}
}
]);
}
// Certificate manager should be recreated but state preserved
const finalCertManager = proxy['certManager'];
tools.expect(finalCertManager).not.toBeNull();
tools.expect(finalCertManager).not.toEqual(initialCertManager);
await proxy.stop();
});
tap.test('should handle challenge route state correctly across recreations', async (tools) => {
tools.timeout(10000);
let challengeRouteAddCount = 0;
const settings = {
port: 6003,
routes: [
{
name: 'acme-route',
match: {
ports: [443]
},
action: {
type: 'forward' as const,
targetUrl: 'https://localhost:3001',
tls: {
mode: 'terminate' as const,
certificate: 'auto'
}
}
}
],
acme: {
email: 'test@test.com',
port: 80
}
};
const proxy = new SmartProxy(settings);
// Mock the route update to count challenge route additions
const originalUpdateRoutes = proxy['updateRoutes'].bind(proxy);
proxy['updateRoutes'] = async (routes: any[]) => {
if (routes.some(r => r.name === 'acme-challenge')) {
challengeRouteAddCount++;
}
return originalUpdateRoutes(routes);
};
await proxy.start();
// Multiple route updates
for (let i = 0; i < 3; i++) {
await proxy.updateRoutes([
...settings.routes,
{
name: `dynamic-route-${i}`,
match: {
ports: [9000 + i]
},
action: {
type: 'forward' as const,
targetUrl: `http://localhost:${5000 + i}`
}
}
]);
}
// Challenge route should only be added once during initial start
tools.expect(challengeRouteAddCount).toEqual(1);
await proxy.stop();
});
tap.test('should prevent port conflicts during certificate manager recreation', async (tools) => {
tools.timeout(10000);
const settings = {
port: 6004,
routes: [
{
name: 'http-route',
match: {
ports: [80]
},
action: {
type: 'forward' as const,
targetUrl: 'http://localhost:3000'
}
},
{
name: 'https-route',
match: {
ports: [443]
},
action: {
type: 'forward' as const,
targetUrl: 'https://localhost:3001',
tls: {
mode: 'terminate' as const,
certificate: 'auto'
}
}
}
],
acme: {
email: 'test@test.com',
port: 80 // Same as user route
}
};
const proxy = new SmartProxy(settings);
// Track port operations
let port80AddCount = 0;
const originalPortManager = proxy['portManager'];
const originalAddPort = originalPortManager.addPort.bind(originalPortManager);
originalPortManager.addPort = async (port: number) => {
if (port === 80) {
port80AddCount++;
}
return originalAddPort(port);
};
await proxy.start();
// Update routes multiple times
for (let i = 0; i < 3; i++) {
await proxy.updateRoutes([
...settings.routes,
{
name: `temp-route-${i}`,
match: {
ports: [7000 + i]
},
action: {
type: 'forward' as const,
targetUrl: `http://localhost:${6000 + i}`
}
}
]);
}
// Port 80 should be maintained properly without conflicts
tools.expect(port80AddCount).toBeGreaterThan(0);
await proxy.stop();
});
tap.test('should handle mutex locking correctly', async (tools) => {
tools.timeout(10000);
const settings = {
port: 6005,
routes: [
{
name: 'test-route',
match: {
ports: [80]
},
action: {
type: 'forward' as const,
targetUrl: 'http://localhost:3000'
}
}
]
}]
};
const proxy = new SmartProxy(settings);
@ -282,16 +85,17 @@ tap.test('should handle mutex locking correctly', async (tools) => {
let updateStartCount = 0;
let updateEndCount = 0;
let maxConcurrent = 0;
// Wrap updateRoutes to track concurrent execution
const originalUpdateRoutes = proxy['updateRoutes'].bind(proxy);
proxy['updateRoutes'] = async (routes: any[]) => {
updateStartCount++;
const startCount = updateStartCount;
const endCount = updateEndCount;
const concurrent = updateStartCount - updateEndCount;
maxConcurrent = Math.max(maxConcurrent, concurrent);
// If mutex is working, start count should never be more than end count + 1
tools.expect(startCount).toBeLessThanOrEqual(endCount + 1);
// If mutex is working, only one update should run at a time
expect(concurrent).toEqual(1);
const result = await originalUpdateRoutes(routes);
updateEndCount++;
@ -305,9 +109,7 @@ tap.test('should handle mutex locking correctly', async (tools) => {
...settings.routes,
{
name: `concurrent-route-${i}`,
match: {
ports: [2000 + i]
},
match: { ports: [2000 + i] },
action: {
type: 'forward' as const,
targetUrl: `http://localhost:${3000 + i}`
@ -319,10 +121,77 @@ tap.test('should handle mutex locking correctly', async (tools) => {
await Promise.all(updates);
// All updates should have completed
tools.expect(updateStartCount).toEqual(5);
tools.expect(updateEndCount).toEqual(5);
expect(updateStartCount).toEqual(5);
expect(updateEndCount).toEqual(5);
expect(maxConcurrent).toEqual(1); // Mutex ensures only one at a time
await proxy.stop();
});
export default tap;
/**
* Test that challenge route state is preserved across certificate manager recreations
*/
tap.test('should preserve challenge route state during cert manager recreation', async (tools) => {
tools.timeout(10000);
const settings = {
port: 6003,
routes: [{
name: 'acme-route',
match: { ports: [443] },
action: {
type: 'forward' as const,
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate' as const,
certificate: 'auto' as const
}
}
}],
acme: {
email: 'test@test.com',
port: 80
}
};
const proxy = new SmartProxy(settings);
// Track certificate manager recreations
let certManagerCreationCount = 0;
const originalCreateCertManager = proxy['createCertificateManager'].bind(proxy);
proxy['createCertificateManager'] = async (...args: any[]) => {
certManagerCreationCount++;
return originalCreateCertManager(...args);
};
await proxy.start();
// Initial creation
expect(certManagerCreationCount).toEqual(1);
// Multiple route updates
for (let i = 0; i < 3; i++) {
await proxy.updateRoutes([
...settings.routes as IRouteConfig[],
{
name: `dynamic-route-${i}`,
match: { ports: [9000 + i] },
action: {
type: 'forward' as const,
target: { host: 'localhost', port: 5000 + i }
}
}
]);
}
// Certificate manager should be recreated for each update
expect(certManagerCreationCount).toEqual(4); // 1 initial + 3 updates
// State should be preserved (challenge route active)
const globalState = proxy['globalChallengeRouteActive'];
expect(globalState).toBeDefined();
await proxy.stop();
});
export default tap.start();

115
test/test.route-callback-simple.ts Normal file
View File

@ -0,0 +1,115 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
tap.test('should set update routes callback on certificate manager', async () => {
// Create a simple proxy with a route requiring certificates
const proxy = new SmartProxy({
acme: {
email: 'test@local.dev',
useProduction: false,
port: 8080 // Use non-privileged port for ACME challenges globally
},
routes: [{
name: 'test-route',
match: {
ports: [8443],
domains: ['test.local']
},
action: {
type: 'forward',
target: { host: 'localhost', port: 3000 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'test@local.dev',
useProduction: false
}
}
}
}]
});
// Track callback setting
let callbackSet = false;
// Override createCertificateManager to track callback setting
(proxy as any).createCertificateManager = async function(
routes: any,
certStore: string,
acmeOptions?: any,
initialState?: any
) {
// Create a mock certificate manager
const mockCertManager = {
setUpdateRoutesCallback: function(callback: any) {
callbackSet = true;
},
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {},
stop: async function() {},
getAcmeOptions: function() { return acmeOptions || {}; },
getState: function() { return initialState || { challengeRouteActive: false }; }
};
// Mimic the real createCertificateManager behavior
// Always set up the route update callback for ACME challenges
mockCertManager.setUpdateRoutesCallback(async (routes) => {
await this.updateRoutes(routes);
});
// Connect with HttpProxy if available (mimic real behavior)
if ((this as any).httpProxyBridge.getHttpProxy()) {
mockCertManager.setHttpProxy((this as any).httpProxyBridge.getHttpProxy());
}
// Set the ACME state manager
mockCertManager.setAcmeStateManager((this as any).acmeStateManager);
// Pass down the global ACME config if available
if ((this as any).settings.acme) {
mockCertManager.setGlobalAcmeDefaults((this as any).settings.acme);
}
await mockCertManager.initialize();
return mockCertManager;
};
await proxy.start();
// The callback should have been set during initialization
expect(callbackSet).toEqual(true);
// Reset tracking
callbackSet = false;
// Update routes - this should recreate the certificate manager
await proxy.updateRoutes([{
name: 'new-route',
match: {
ports: [8444],
domains: ['new.local']
},
action: {
type: 'forward',
target: { host: 'localhost', port: 3001 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: {
email: 'test@local.dev',
useProduction: false
}
}
}
}]);
// The callback should have been set again after update
expect(callbackSet).toEqual(true);
await proxy.stop();
});
tap.start();

2
test/test.route-config.ts
View File

@ -1,7 +1,7 @@
/**
* Tests for the unified route-based configuration system
*/
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
// Import from core modules
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';

98
test/test.route-redirects.ts Normal file
View File

@ -0,0 +1,98 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
import { createHttpToHttpsRedirect } from '../ts/proxies/smart-proxy/utils/route-helpers.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';
// Test that HTTP to HTTPS redirects work correctly
tap.test('should handle HTTP to HTTPS redirects', async (tools) => {
// Create a simple HTTP to HTTPS redirect route
const redirectRoute = createHttpToHttpsRedirect(
'example.com',
443,
{
name: 'HTTP to HTTPS Redirect Test'
}
);
// Verify the route is configured correctly
expect(redirectRoute.action.type).toEqual('redirect');
expect(redirectRoute.action.redirect).toBeTruthy();
expect(redirectRoute.action.redirect?.to).toEqual('https://{domain}:443{path}');
expect(redirectRoute.action.redirect?.status).toEqual(301);
expect(redirectRoute.match.ports).toEqual(80);
expect(redirectRoute.match.domains).toEqual('example.com');
});
tap.test('should handle custom redirect configurations', async (tools) => {
// Create a custom redirect route
const customRedirect: IRouteConfig = {
name: 'custom-redirect',
match: {
ports: [8080],
domains: ['old.example.com']
},
action: {
type: 'redirect',
redirect: {
to: 'https://new.example.com{path}',
status: 302
}
}
};
// Verify the route structure
expect(customRedirect.action.redirect?.to).toEqual('https://new.example.com{path}');
expect(customRedirect.action.redirect?.status).toEqual(302);
});
tap.test('should support multiple redirect scenarios', async (tools) => {
const routes: IRouteConfig[] = [
// HTTP to HTTPS redirect
createHttpToHttpsRedirect(['example.com', 'www.example.com']),
// Custom redirect with different port
{
name: 'custom-port-redirect',
match: {
ports: 8080,
domains: 'api.example.com'
},
action: {
type: 'redirect',
redirect: {
to: 'https://{domain}:8443{path}',
status: 308
}
}
},
// Redirect to different domain entirely
{
name: 'domain-redirect',
match: {
ports: 80,
domains: 'old-domain.com'
},
action: {
type: 'redirect',
redirect: {
to: 'https://new-domain.com{path}',
status: 301
}
}
}
];
// Create SmartProxy with redirect routes
const proxy = new SmartProxy({
routes
});
// Verify all routes are redirect type
routes.forEach(route => {
expect(route.action.type).toEqual('redirect');
expect(route.action.redirect).toBeTruthy();
});
});
export default tap.start();

121
test/test.route-update-callback.node.ts
View File

@ -1,6 +1,6 @@
import * as plugins from '../ts/plugins.js';
import { SmartProxy } from '../ts/index.js';
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
let testProxy: SmartProxy;
@ -53,15 +53,28 @@ tap.test('should preserve route update callback after updateRoutes', async () =>
this.updateRoutesCallback = callback;
},
updateRoutesCallback: null,
setNetworkProxy: function() {},
initialize: async function() {},
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {
// This is where the callback is actually set in the real implementation
return Promise.resolve();
},
stop: async function() {},
getAcmeOptions: function() {
return { email: 'test@testdomain.test' };
},
getState: function() {
return { challengeRouteActive: false };
}
};
(this as any).certManager = mockCertManager;
// Simulate the real behavior where setUpdateRoutesCallback is called
mockCertManager.setUpdateRoutesCallback(async (routes: any) => {
await this.updateRoutes(routes);
});
};
// Start the proxy (with mocked cert manager)
@ -82,36 +95,40 @@ tap.test('should preserve route update callback after updateRoutes', async () =>
createRoute(2, 'test2.testdomain.test', 8444)
];
// Mock the updateRoutes to create a new mock cert manager
const originalUpdateRoutes = testProxy.updateRoutes.bind(testProxy);
// Mock the updateRoutes to simulate the real implementation
testProxy.updateRoutes = async function(routes) {
// Update settings
this.settings.routes = routes;
// Recreate cert manager (simulating the bug scenario)
// Simulate what happens in the real code - recreate cert manager via createCertificateManager
if ((this as any).certManager) {
await (this as any).certManager.stop();
// Simulate createCertificateManager which creates a new cert manager
const newMockCertManager = {
setUpdateRoutesCallback: function(callback: any) {
this.updateRoutesCallback = callback;
},
updateRoutesCallback: null,
setNetworkProxy: function() {},
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {},
stop: async function() {},
getAcmeOptions: function() {
return { email: 'test@testdomain.test' };
},
getState: function() {
return { challengeRouteActive: false };
}
};
(this as any).certManager = newMockCertManager;
// THIS IS THE FIX WE'RE TESTING - the callback should be set
(this as any).certManager.setUpdateRoutesCallback(async (routes: any) => {
// Set the callback as done in createCertificateManager
newMockCertManager.setUpdateRoutesCallback(async (routes: any) => {
await this.updateRoutes(routes);
});
(this as any).certManager = newMockCertManager;
await (this as any).certManager.initialize();
}
};
@ -214,11 +231,14 @@ tap.test('should handle route updates when cert manager is not initialized', asy
this.updateRoutesCallback = callback;
},
updateRoutesCallback: null,
setNetworkProxy: function() {},
setHttpProxy: function() {},
initialize: async function() {},
stop: async function() {},
getAcmeOptions: function() {
return { email: 'test@testdomain.test' };
},
getState: function() {
return { challengeRouteActive: false };
}
};
@ -239,10 +259,10 @@ tap.test('should handle route updates when cert manager is not initialized', asy
// Update with routes that need certificates
await proxyWithoutCerts.updateRoutes([createRoute(1, 'cert-needed.testdomain.test', 9443)]);
// Now it should have a cert manager with callback
// In the real implementation, cert manager is not created by updateRoutes if it doesn't exist
// This is the expected behavior - cert manager is only created during start() or re-created if already exists
const newCertManager = (proxyWithoutCerts as any).certManager;
expect(newCertManager).toBeTruthy();
expect(newCertManager.updateRoutesCallback).toBeTruthy();
expect(newCertManager).toBeFalsy(); // Should still be null
await proxyWithoutCerts.stop();
});
@ -252,67 +272,58 @@ tap.test('should clean up properly', async () => {
});
tap.test('real code integration test - verify fix is applied', async () => {
// This test will run against the actual code (not mocked) to verify the fix is working
// This test will start with routes that need certificates to test the fix
const realProxy = new SmartProxy({
routes: [{
name: 'simple-route',
match: {
ports: [9999]
},
action: {
type: 'forward' as const,
target: {
host: 'localhost',
port: 3000
}
}
}]
routes: [createRoute(1, 'test.example.com', 9999)],
acme: {
email: 'test@example.com',
useProduction: false,
port: 18080
}
});
// Mock only the ACME initialization to avoid certificate provisioning issues
let mockCertManager: any;
(realProxy as any).initializeCertificateManager = async function() {
const hasAutoRoutes = this.settings.routes.some((r: any) =>
r.action.tls?.certificate === 'auto'
);
if (!hasAutoRoutes) {
return;
}
mockCertManager = {
// Mock the certificate manager creation to track callback setting
let callbackSet = false;
(realProxy as any).createCertificateManager = async function(routes: any[], certDir: string, acmeOptions: any, initialState?: any) {
const mockCertManager = {
setUpdateRoutesCallback: function(callback: any) {
callbackSet = true;
this.updateRoutesCallback = callback;
},
updateRoutesCallback: null as any,
setNetworkProxy: function() {},
setHttpProxy: function() {},
setGlobalAcmeDefaults: function() {},
setAcmeStateManager: function() {},
initialize: async function() {},
stop: async function() {},
getAcmeOptions: function() {
return { email: 'test@example.com', useProduction: false };
return acmeOptions || { email: 'test@example.com', useProduction: false };
},
getState: function() {
return initialState || { challengeRouteActive: false };
}
};
(this as any).certManager = mockCertManager;
// The fix should cause this callback to be set automatically
mockCertManager.setUpdateRoutesCallback(async (routes: any) => {
// Always set up the route update callback for ACME challenges
mockCertManager.setUpdateRoutesCallback(async (routes) => {
await this.updateRoutes(routes);
});
return mockCertManager;
};
await realProxy.start();
// Add a route that requires certificates - this will trigger updateRoutes
const newRoute = createRoute(1, 'test.example.com', 9999);
await realProxy.updateRoutes([newRoute]);
// The callback should have been set during initialization
expect(callbackSet).toEqual(true);
callbackSet = false; // Reset for update test
// If the fix is applied correctly, the certificate manager should have the callback
const certManager = (realProxy as any).certManager;
// Update routes - this should recreate cert manager with callback preserved
const newRoute = createRoute(2, 'test2.example.com', 9999);
await realProxy.updateRoutes([createRoute(1, 'test.example.com', 9999), newRoute]);
// This is the critical assertion - the fix should ensure this callback is set
expect(certManager).toBeTruthy();
expect(certManager.updateRoutesCallback).toBeTruthy();
// The callback should have been set again during update
expect(callbackSet).toEqual(true);
await realProxy.stop();

2
test/test.route-utils.ts
View File

@ -1,4 +1,4 @@
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../ts/plugins.js';
// Import from individual modules to avoid naming conflicts

4
test/test.router.ts
View File

@ -1,7 +1,7 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as tsclass from '@tsclass/tsclass';
import * as http from 'http';
import { ProxyRouter, type RouterResult } from '../ts/http/router/proxy-router.js';
import { ProxyRouter, type RouterResult } from '../ts/routing/router/proxy-router.js';
// Test proxies and configurations
let router: ProxyRouter;

81
test/test.simple-acme-mock.ts Normal file
View File

@ -0,0 +1,81 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartProxy } from '../ts/index.js';
/**
* Simple test to check route manager initialization with ACME
*/
tap.test('should properly initialize with ACME configuration', async (tools) => {
const settings = {
routes: [
{
name: 'secure-route',
match: {
ports: [8443],
domains: 'test.example.com'
},
action: {
type: 'forward' as const,
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate' as const,
certificate: 'auto' as const,
acme: {
email: 'ssl@bleu.de',
challengePort: 8080
}
}
}
}
],
acme: {
email: 'ssl@bleu.de',
port: 8080,
useProduction: false,
enabled: true
}
};
const proxy = new SmartProxy(settings);
// Replace the certificate manager creation to avoid real ACME requests
(proxy as any).createCertificateManager = async () => {
return {
setUpdateRoutesCallback: () => {},
setHttpProxy: () => {},
setGlobalAcmeDefaults: () => {},
setAcmeStateManager: () => {},
initialize: async () => {
console.log('Mock certificate manager initialized');
},
stop: async () => {
console.log('Mock certificate manager stopped');
}
};
};
// Mock NFTables
(proxy as any).nftablesManager = {
ensureNFTablesSetup: async () => {},
stop: async () => {}
};
await proxy.start();
// Verify proxy started successfully
expect(proxy).toBeDefined();
// Verify route manager has routes
const routeManager = (proxy as any).routeManager;
expect(routeManager).toBeDefined();
expect(routeManager.getAllRoutes().length).toBeGreaterThan(0);
// Verify the route exists with correct domain
const routes = routeManager.getAllRoutes();
const secureRoute = routes.find((r: any) => r.name === 'secure-route');
expect(secureRoute).toBeDefined();
expect(secureRoute.match.domains).toEqual('test.example.com');
await proxy.stop();
});
tap.start();

2
test/test.smartacme-integration.ts
View File

@ -1,5 +1,5 @@
import * as plugins from '../ts/plugins.js';
import { tap, expect } from '@push.rocks/tapbundle';
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { SmartCertManager } from '../ts/proxies/smart-proxy/certificate-manager.js';
import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js';

2
test/test.smartproxy.ts
View File

@ -1,4 +1,4 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as net from 'net';
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/
export const commitinfo = {
name: '@push.rocks/smartproxy',
version: '19.2.5',
version: '19.3.9',
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
}

28
ts/forwarding/factory/forwarding-factory.ts
View File

@ -52,6 +52,13 @@ export class ForwardingHandlerFactory {
enabled: true,
...config.http
};
// Set default port and socket if not provided
if (!result.port) {
result.port = 80;
}
if (!result.socket) {
result.socket = `/tmp/forwarding-${config.type}-${result.port}.sock`;
}
break;
case 'https-passthrough':
@ -65,6 +72,13 @@ export class ForwardingHandlerFactory {
enabled: false,
...config.http
};
// Set default port and socket if not provided
if (!result.port) {
result.port = 443;
}
if (!result.socket) {
result.socket = `/tmp/forwarding-${config.type}-${result.port}.sock`;
}
break;
case 'https-terminate-to-http':
@ -84,6 +98,13 @@ export class ForwardingHandlerFactory {
maintenance: true,
...config.acme
};
// Set default port and socket if not provided
if (!result.port) {
result.port = 443;
}
if (!result.socket) {
result.socket = `/tmp/forwarding-${config.type}-${result.port}.sock`;
}
break;
case 'https-terminate-to-https':
@ -101,6 +122,13 @@ export class ForwardingHandlerFactory {
maintenance: true,
...config.acme
};
// Set default port and socket if not provided
if (!result.port) {
result.port = 443;
}
if (!result.socket) {
result.socket = `/tmp/forwarding-${config.type}-${result.port}.sock`;
}
break;
}

16
ts/http/index.ts
View File

@ -1,16 +0,0 @@
/**
* HTTP functionality module
*/
// Export types and models
export * from './models/http-types.js';
// Export submodules (remove port80 export)
export * from './router/index.js';
export * from './redirects/index.js';
// REMOVED: export * from './port80/index.js';
// Convenience namespace exports (no more Port80)
export const Http = {
// Only router and redirect functionality remain
};

108
ts/http/models/http-types.ts
View File

@ -1,108 +0,0 @@
import * as plugins from '../../plugins.js';
// Certificate types have been removed - use SmartCertManager instead
export interface IDomainOptions {
domainName: string;
sslRedirect: boolean;
acmeMaintenance: boolean;
forward?: { ip: string; port: number };
acmeForward?: { ip: string; port: number };
}
/**
* HTTP-specific event types
*/
export enum HttpEvents {
REQUEST_RECEIVED = 'request-received',
REQUEST_FORWARDED = 'request-forwarded',
REQUEST_HANDLED = 'request-handled',
REQUEST_ERROR = 'request-error',
}
/**
* HTTP status codes as an enum for better type safety
*/
export enum HttpStatus {
OK = 200,
MOVED_PERMANENTLY = 301,
FOUND = 302,
TEMPORARY_REDIRECT = 307,
PERMANENT_REDIRECT = 308,
BAD_REQUEST = 400,
NOT_FOUND = 404,
METHOD_NOT_ALLOWED = 405,
INTERNAL_SERVER_ERROR = 500,
NOT_IMPLEMENTED = 501,
SERVICE_UNAVAILABLE = 503,
}
/**
* Represents a domain configuration with certificate status information
*/
export interface IDomainCertificate {
options: IDomainOptions;
certObtained: boolean;
obtainingInProgress: boolean;
certificate?: string;
privateKey?: string;
expiryDate?: Date;
lastRenewalAttempt?: Date;
}
/**
* Base error class for HTTP-related errors
*/
export class HttpError extends Error {
constructor(message: string) {
super(message);
this.name = 'HttpError';
}
}
/**
* Error related to certificate operations
*/
export class CertificateError extends HttpError {
constructor(
message: string,
public readonly domain: string,
public readonly isRenewal: boolean = false
) {
super(`${message} for domain ${domain}${isRenewal ? ' (renewal)' : ''}`);
this.name = 'CertificateError';
}
}
/**
* Error related to server operations
*/
export class ServerError extends HttpError {
constructor(message: string, public readonly code?: string) {
super(message);
this.name = 'ServerError';
}
}
/**
* Redirect configuration for HTTP requests
*/
export interface IRedirectConfig {
source: string; // Source path or pattern
destination: string; // Destination URL
type: HttpStatus; // Redirect status code
preserveQuery?: boolean; // Whether to preserve query parameters
}
/**
* HTTP router configuration
*/
export interface IRouterConfig {
routes: Array<{
path: string;
handler: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
}>;
notFoundHandler?: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
}
// Backward compatibility interfaces
export { HttpError as Port80HandlerError };
export { CertificateError as CertError };

3
ts/http/redirects/index.ts
View File

@ -1,3 +0,0 @@
/**
* HTTP redirects
*/

22
ts/index.ts
View File

@ -6,19 +6,23 @@
// Migrated to the new proxies structure
export * from './proxies/nftables-proxy/index.js';
// Export NetworkProxy elements selectively to avoid RouteManager ambiguity
export { NetworkProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './proxies/network-proxy/index.js';
export type { IMetricsTracker, MetricsTracker } from './proxies/network-proxy/index.js';
// Export HttpProxy elements selectively to avoid RouteManager ambiguity
export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './proxies/http-proxy/index.js';
export type { IMetricsTracker, MetricsTracker } from './proxies/http-proxy/index.js';
// Export models except IAcmeOptions to avoid conflict
export type { INetworkProxyOptions, ICertificateEntry, ILogger } from './proxies/network-proxy/models/types.js';
export { RouteManager as NetworkProxyRouteManager } from './proxies/network-proxy/models/types.js';
export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './proxies/http-proxy/models/types.js';
export { RouteManager as HttpProxyRouteManager } from './proxies/http-proxy/models/types.js';
// Backward compatibility exports (deprecated)
export { HttpProxy as NetworkProxy } from './proxies/http-proxy/index.js';
export type { IHttpProxyOptions as INetworkProxyOptions } from './proxies/http-proxy/models/types.js';
export { HttpProxyBridge as NetworkProxyBridge } from './proxies/smart-proxy/index.js';
// Certificate and Port80 modules have been removed - use SmartCertManager instead
export * from './redirect/classes.redirect.js';
// Redirect module has been removed - use route-based redirects instead
// Export SmartProxy elements selectively to avoid RouteManager ambiguity
export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, NetworkProxyBridge, RouteConnectionHandler } from './proxies/smart-proxy/index.js';
export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler, SmartCertManager } from './proxies/smart-proxy/index.js';
export { RouteManager } from './proxies/smart-proxy/route-manager.js';
// Export smart-proxy models
export type { ISmartProxyOptions, IConnectionRecord, IRouteConfig, IRouteMatch, IRouteAction, IRouteTls, IRouteContext } from './proxies/smart-proxy/models/index.js';
@ -41,4 +45,4 @@ export type { IAcmeOptions } from './proxies/smart-proxy/models/interfaces.js';
export * as forwarding from './forwarding/index.js';
// Certificate module has been removed - use SmartCertManager instead
export * as tls from './tls/index.js';
export * as http from './http/index.js';
export * as routing from './routing/index.js';

4
ts/proxies/network-proxy/certificate-manager.ts → ts/proxies/http-proxy/certificate-manager.ts
View File

@ -2,7 +2,7 @@ import * as plugins from '../../plugins.js';
import * as fs from 'fs';
import * as path from 'path';
import { fileURLToPath } from 'url';
import { type INetworkProxyOptions, type ICertificateEntry, type ILogger, createLogger } from './models/types.js';
import { type IHttpProxyOptions, type ICertificateEntry, type ILogger, createLogger } from './models/types.js';
import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
/**
@ -18,7 +18,7 @@ export class CertificateManager {
private logger: ILogger;
private httpsServer: plugins.https.Server | null = null;
constructor(private options: INetworkProxyOptions) {
constructor(private options: IHttpProxyOptions) {
this.certificateStoreDir = path.resolve(options.acme?.certificateStore || './certs');
this.logger = createLogger(options.logLevel || 'info');

4
ts/proxies/network-proxy/connection-pool.ts → ts/proxies/http-proxy/connection-pool.ts
View File

@ -1,5 +1,5 @@
import * as plugins from '../../plugins.js';
import { type INetworkProxyOptions, type IConnectionEntry, type ILogger, createLogger } from './models/types.js';
import { type IHttpProxyOptions, type IConnectionEntry, type ILogger, createLogger } from './models/types.js';
/**
* Manages a pool of backend connections for efficient reuse
@ -9,7 +9,7 @@ export class ConnectionPool {
private roundRobinPositions: Map<string, number> = new Map();
private logger: ILogger;
constructor(private options: INetworkProxyOptions) {
constructor(private options: IHttpProxyOptions) {
this.logger = createLogger(options.logLevel || 'info');
}

0
ts/proxies/network-proxy/context-creator.ts → ts/proxies/http-proxy/context-creator.ts
View File

0
ts/proxies/network-proxy/function-cache.ts → ts/proxies/http-proxy/function-cache.ts
View File

6
ts/proxies/http-proxy/handlers/index.ts Normal file
View File

@ -0,0 +1,6 @@
/**
* HTTP handlers for various route types
*/
export { RedirectHandler } from './redirect-handler.js';
export { StaticHandler } from './static-handler.js';

105
ts/proxies/http-proxy/handlers/redirect-handler.ts Normal file
View File

@ -0,0 +1,105 @@
import * as plugins from '../../../plugins.js';
import type { IRouteConfig } from '../../smart-proxy/models/route-types.js';
import type { IConnectionRecord } from '../../smart-proxy/models/interfaces.js';
import type { ILogger } from '../models/types.js';
import { createLogger } from '../models/types.js';
import { HttpStatus, getStatusText } from '../models/http-types.js';
export interface IRedirectHandlerContext {
connectionId: string;
connectionManager: any; // Avoid circular deps
settings: any;
logger?: ILogger;
}
/**
* Handles HTTP redirect routes
*/
export class RedirectHandler {
/**
* Handle redirect routes
*/
public static async handleRedirect(
socket: plugins.net.Socket,
route: IRouteConfig,
context: IRedirectHandlerContext
): Promise<void> {
const { connectionId, connectionManager, settings } = context;
const logger = context.logger || createLogger(settings.logLevel || 'info');
const action = route.action;
// We should have a redirect configuration
if (!action.redirect) {
logger.error(`[${connectionId}] Redirect action missing redirect configuration`);
socket.end();
connectionManager.cleanupConnection({ id: connectionId }, 'missing_redirect');
return;
}
// For TLS connections, we can't do redirects at the TCP level
// This check should be done before calling this handler
// Wait for the first HTTP request to perform the redirect
const dataListeners: ((chunk: Buffer) => void)[] = [];
const httpDataHandler = (chunk: Buffer) => {
// Remove all data listeners to avoid duplicated processing
for (const listener of dataListeners) {
socket.removeListener('data', listener);
}
// Parse HTTP request to get path
try {
const headersEnd = chunk.indexOf('\r\n\r\n');
if (headersEnd === -1) {
// Not a complete HTTP request, need more data
socket.once('data', httpDataHandler);
dataListeners.push(httpDataHandler);
return;
}
const httpHeaders = chunk.slice(0, headersEnd).toString();
const requestLine = httpHeaders.split('\r\n')[0];
const [method, path] = requestLine.split(' ');
// Extract Host header
const hostMatch = httpHeaders.match(/Host: (.+?)(\r\n|\r|\n|$)/i);
const host = hostMatch ? hostMatch[1].trim() : '';
// Process the redirect URL with template variables
let redirectUrl = action.redirect.to;
redirectUrl = redirectUrl.replace(/\{domain\}/g, host);
redirectUrl = redirectUrl.replace(/\{path\}/g, path || '');
redirectUrl = redirectUrl.replace(/\{port\}/g, socket.localPort?.toString() || '80');
// Prepare the HTTP redirect response
const redirectResponse = [
`HTTP/1.1 ${action.redirect.status} Moved`,
`Location: ${redirectUrl}`,
'Connection: close',
'Content-Length: 0',
'',
'',
].join('\r\n');
if (settings.enableDetailedLogging) {
logger.info(
`[${connectionId}] Redirecting to ${redirectUrl} with status ${action.redirect.status}`
);
}
// Send the redirect response
socket.end(redirectResponse);
connectionManager.initiateCleanupOnce({ id: connectionId }, 'redirect_complete');
} catch (err) {
logger.error(`[${connectionId}] Error processing HTTP redirect: ${err}`);
socket.end();
connectionManager.initiateCleanupOnce({ id: connectionId }, 'redirect_error');
}
};
// Setup the HTTP data handler
socket.once('data', httpDataHandler);
dataListeners.push(httpDataHandler);
}
}

251
ts/proxies/http-proxy/handlers/static-handler.ts Normal file
View File

@ -0,0 +1,251 @@
import * as plugins from '../../../plugins.js';
import type { IRouteConfig } from '../../smart-proxy/models/route-types.js';
import type { IConnectionRecord } from '../../smart-proxy/models/interfaces.js';
import type { ILogger } from '../models/types.js';
import { createLogger } from '../models/types.js';
import type { IRouteContext } from '../../../core/models/route-context.js';
import { HttpStatus, getStatusText } from '../models/http-types.js';
export interface IStaticHandlerContext {
connectionId: string;
connectionManager: any; // Avoid circular deps
settings: any;
logger?: ILogger;
}
/**
* Handles static routes including ACME challenges
*/
export class StaticHandler {
/**
* Handle static routes
*/
public static async handleStatic(
socket: plugins.net.Socket,
route: IRouteConfig,
context: IStaticHandlerContext,
record: IConnectionRecord
): Promise<void> {
const { connectionId, connectionManager, settings } = context;
const logger = context.logger || createLogger(settings.logLevel || 'info');
if (!route.action.handler) {
logger.error(`[${connectionId}] Static route '${route.name}' has no handler`);
socket.end();
connectionManager.cleanupConnection(record, 'no_handler');
return;
}
let buffer = Buffer.alloc(0);
let processingData = false;
const handleHttpData = async (chunk: Buffer) => {
// Accumulate the data
buffer = Buffer.concat([buffer, chunk]);
// Prevent concurrent processing of the same buffer
if (processingData) return;
processingData = true;
try {
// Process data until we have a complete request or need more data
await processBuffer();
} finally {
processingData = false;
}
};
const processBuffer = async () => {
// Look for end of HTTP headers
const headerEndIndex = buffer.indexOf('\r\n\r\n');
if (headerEndIndex === -1) {
// Need more data
if (buffer.length > 8192) {
// Prevent excessive buffering
logger.error(`[${connectionId}] HTTP headers too large`);
socket.end();
connectionManager.cleanupConnection(record, 'headers_too_large');
}
return; // Wait for more data to arrive
}
// Parse the HTTP request
const headerBuffer = buffer.slice(0, headerEndIndex);
const headers = headerBuffer.toString();
const lines = headers.split('\r\n');
if (lines.length === 0) {
logger.error(`[${connectionId}] Invalid HTTP request`);
socket.end();
connectionManager.cleanupConnection(record, 'invalid_request');
return;
}
// Parse request line
const requestLine = lines[0];
const requestParts = requestLine.split(' ');
if (requestParts.length < 3) {
logger.error(`[${connectionId}] Invalid HTTP request line`);
socket.end();
connectionManager.cleanupConnection(record, 'invalid_request_line');
return;
}
const [method, path, httpVersion] = requestParts;
// Parse headers
const headersMap: Record<string, string> = {};
for (let i = 1; i < lines.length; i++) {
const colonIndex = lines[i].indexOf(':');
if (colonIndex > 0) {
const key = lines[i].slice(0, colonIndex).trim().toLowerCase();
const value = lines[i].slice(colonIndex + 1).trim();
headersMap[key] = value;
}
}
// Check for Content-Length to handle request body
const requestBodyLength = parseInt(headersMap['content-length'] || '0', 10);
const bodyStartIndex = headerEndIndex + 4; // Skip the \r\n\r\n
// If there's a body, ensure we have the full body
if (requestBodyLength > 0) {
const totalExpectedLength = bodyStartIndex + requestBodyLength;
// If we don't have the complete body yet, wait for more data
if (buffer.length < totalExpectedLength) {
// Implement a reasonable body size limit to prevent memory issues
if (requestBodyLength > 1024 * 1024) {
// 1MB limit
logger.error(`[${connectionId}] Request body too large`);
socket.end();
connectionManager.cleanupConnection(record, 'body_too_large');
return;
}
return; // Wait for more data
}
}
// Extract query string if present
let pathname = path;
let query: string | undefined;
const queryIndex = path.indexOf('?');
if (queryIndex !== -1) {
pathname = path.slice(0, queryIndex);
query = path.slice(queryIndex + 1);
}
try {
// Get request body if present
let requestBody: Buffer | undefined;
if (requestBodyLength > 0) {
requestBody = buffer.slice(bodyStartIndex, bodyStartIndex + requestBodyLength);
}
// Pause socket to prevent data loss during async processing
socket.pause();
// Remove the data listener since we're handling the request
socket.removeListener('data', handleHttpData);
// Build route context with parsed HTTP information
const context: IRouteContext = {
port: record.localPort,
domain: record.lockedDomain || headersMap['host']?.split(':')[0],
clientIp: record.remoteIP,
serverIp: socket.localAddress!,
path: pathname,
query: query,
headers: headersMap,
isTls: record.isTLS,
tlsVersion: record.tlsVersion,
routeName: route.name,
routeId: route.id,
timestamp: Date.now(),
connectionId,
};
// Since IRouteContext doesn't have a body property,
// we need an alternative approach to handle the body
let response;
if (requestBody) {
if (settings.enableDetailedLogging) {
logger.info(
`[${connectionId}] Processing request with body (${requestBody.length} bytes)`
);
}
// Pass the body as an additional parameter by extending the context object
// This is not type-safe, but it allows handlers that expect a body to work
const extendedContext = {
...context,
// Provide both raw buffer and string representation
requestBody: requestBody,
requestBodyText: requestBody.toString(),
method: method,
};
// Call the handler with the extended context
// The handler needs to know to look for the non-standard properties
response = await route.action.handler(extendedContext as any);
} else {
// Call the handler with the standard context
const extendedContext = {
...context,
method: method,
};
response = await route.action.handler(extendedContext as any);
}
// Prepare the HTTP response
const responseHeaders = response.headers || {};
const contentLength = Buffer.byteLength(response.body || '');
responseHeaders['Content-Length'] = contentLength.toString();
if (!responseHeaders['Content-Type']) {
responseHeaders['Content-Type'] = 'text/plain';
}
// Build the response
let httpResponse = `HTTP/1.1 ${response.status} ${getStatusText(response.status)}\r\n`;
for (const [key, value] of Object.entries(responseHeaders)) {
httpResponse += `${key}: ${value}\r\n`;
}
httpResponse += '\r\n';
// Send response
socket.write(httpResponse);
if (response.body) {
socket.write(response.body);
}
socket.end();
connectionManager.cleanupConnection(record, 'completed');
} catch (error) {
logger.error(`[${connectionId}] Error in static handler: ${error}`);
// Send error response
const errorResponse =
'HTTP/1.1 500 Internal Server Error\r\n' +
'Content-Type: text/plain\r\n' +
'Content-Length: 21\r\n' +
'\r\n' +
'Internal Server Error';
socket.write(errorResponse);
socket.end();
connectionManager.cleanupConnection(record, 'handler_error');
}
};
// Listen for data
socket.on('data', handleHttpData);
// Ensure cleanup on socket close
socket.once('close', () => {
socket.removeListener('data', handleHttpData);
});
}
}

38
ts/proxies/network-proxy/network-proxy.ts → ts/proxies/http-proxy/http-proxy.ts
View File

@ -5,7 +5,7 @@ import {
convertLegacyConfigToRouteConfig
} from './models/types.js';
import type {
INetworkProxyOptions,
IHttpProxyOptions,
ILogger,
IReverseProxyConfig
} from './models/types.js';
@ -16,21 +16,22 @@ import { CertificateManager } from './certificate-manager.js';
import { ConnectionPool } from './connection-pool.js';
import { RequestHandler, type IMetricsTracker } from './request-handler.js';
import { WebSocketHandler } from './websocket-handler.js';
import { ProxyRouter } from '../../http/router/index.js';
import { RouteRouter } from '../../http/router/route-router.js';
import { ProxyRouter } from '../../routing/router/index.js';
import { RouteRouter } from '../../routing/router/route-router.js';
import { FunctionCache } from './function-cache.js';
/**
* NetworkProxy provides a reverse proxy with TLS termination, WebSocket support,
* HttpProxy provides a reverse proxy with TLS termination, WebSocket support,
* automatic certificate management, and high-performance connection pooling.
* Handles all HTTP/HTTPS traffic including redirects, ACME challenges, and static routes.
*/
export class NetworkProxy implements IMetricsTracker {
export class HttpProxy implements IMetricsTracker {
// Provide a minimal JSON representation to avoid circular references during deep equality checks
public toJSON(): any {
return {};
}
// Configuration
public options: INetworkProxyOptions;
public options: IHttpProxyOptions;
public routes: IRouteConfig[] = [];
// Server instances (HTTP/2 with HTTP/1 fallback)
@ -66,9 +67,9 @@ export class NetworkProxy implements IMetricsTracker {
private logger: ILogger;
/**
* Creates a new NetworkProxy instance
* Creates a new HttpProxy instance
*/
constructor(optionsArg: INetworkProxyOptions) {
constructor(optionsArg: IHttpProxyOptions) {
// Set default options
this.options = {
port: optionsArg.port,
@ -155,7 +156,7 @@ export class NetworkProxy implements IMetricsTracker {
}
/**
* Returns the port number this NetworkProxy is listening on
* Returns the port number this HttpProxy is listening on
* Useful for SmartProxy to determine where to forward connections
*/
public getListeningPort(): number {
@ -202,7 +203,7 @@ export class NetworkProxy implements IMetricsTracker {
/**
* Returns current server metrics
* Useful for SmartProxy to determine which NetworkProxy to use for load balancing
* Useful for SmartProxy to determine which HttpProxy to use for load balancing
*/
public getMetrics(): any {
return {
@ -219,21 +220,12 @@ export class NetworkProxy implements IMetricsTracker {
};
}
/**
* @deprecated Use SmartCertManager instead
*/
public setExternalPort80Handler(handler: any): void {
this.logger.warn('Port80Handler is deprecated - use SmartCertManager instead');
}
/**
* Starts the proxy server
*/
public async start(): Promise<void> {
this.startTime = Date.now();
// Certificate management is now handled by SmartCertManager
// Create HTTP/2 server with HTTP/1 fallback
this.httpsServer = plugins.http2.createSecureServer(
{
@ -268,7 +260,7 @@ export class NetworkProxy implements IMetricsTracker {
// Start the server
return new Promise((resolve) => {
this.httpsServer.listen(this.options.port, () => {
this.logger.info(`NetworkProxy started on port ${this.options.port}`);
this.logger.info(`HttpProxy started on port ${this.options.port}`);
resolve();
});
});
@ -361,7 +353,7 @@ export class NetworkProxy implements IMetricsTracker {
}
/**
* Updates the route configurations - this is the primary method for configuring NetworkProxy
* Updates the route configurations - this is the primary method for configuring HttpProxy
* @param routes The new route configurations to use
*/
public async updateRouteConfigs(routes: IRouteConfig[]): Promise<void> {
@ -512,7 +504,7 @@ export class NetworkProxy implements IMetricsTracker {
* Stops the proxy server
*/
public async stop(): Promise<void> {
this.logger.info('Stopping NetworkProxy server');
this.logger.info('Stopping HttpProxy server');
// Clear intervals
if (this.metricsInterval) {
@ -543,7 +535,7 @@ export class NetworkProxy implements IMetricsTracker {
// Close the HTTPS server
return new Promise((resolve) => {
this.httpsServer.close(() => {
this.logger.info('NetworkProxy server stopped successfully');
this.logger.info('HttpProxy server stopped successfully');
resolve();
});
});

0
ts/proxies/network-proxy/http-request-handler.ts → ts/proxies/http-proxy/http-request-handler.ts
View File

0
ts/proxies/network-proxy/http2-request-handler.ts → ts/proxies/http-proxy/http2-request-handler.ts
View File

6
ts/proxies/network-proxy/index.ts → ts/proxies/http-proxy/index.ts
View File

@ -1,11 +1,11 @@
/**
* NetworkProxy implementation
* HttpProxy implementation
*/
// Re-export models
export * from './models/index.js';
// Export NetworkProxy and supporting classes
export { NetworkProxy } from './network-proxy.js';
// Export HttpProxy and supporting classes
export { HttpProxy } from './http-proxy.js';
export { CertificateManager } from './certificate-manager.js';
export { ConnectionPool } from './connection-pool.js';
export { RequestHandler } from './request-handler.js';

165
ts/proxies/http-proxy/models/http-types.ts Normal file
View File

@ -0,0 +1,165 @@
import * as plugins from '../../../plugins.js';
/**
* HTTP-specific event types
*/
export enum HttpEvents {
REQUEST_RECEIVED = 'request-received',
REQUEST_FORWARDED = 'request-forwarded',
REQUEST_HANDLED = 'request-handled',
REQUEST_ERROR = 'request-error',
}
/**
* HTTP status codes as an enum for better type safety
*/
export enum HttpStatus {
OK = 200,
MOVED_PERMANENTLY = 301,
FOUND = 302,
TEMPORARY_REDIRECT = 307,
PERMANENT_REDIRECT = 308,
BAD_REQUEST = 400,
UNAUTHORIZED = 401,
FORBIDDEN = 403,
NOT_FOUND = 404,
METHOD_NOT_ALLOWED = 405,
REQUEST_TIMEOUT = 408,
TOO_MANY_REQUESTS = 429,
INTERNAL_SERVER_ERROR = 500,
NOT_IMPLEMENTED = 501,
BAD_GATEWAY = 502,
SERVICE_UNAVAILABLE = 503,
GATEWAY_TIMEOUT = 504,
}
/**
* Base error class for HTTP-related errors
*/
export class HttpError extends Error {
constructor(message: string, public readonly statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
super(message);
this.name = 'HttpError';
}
}
/**
* Error related to certificate operations
*/
export class CertificateError extends HttpError {
constructor(
message: string,
public readonly domain: string,
public readonly isRenewal: boolean = false
) {
super(`${message} for domain ${domain}${isRenewal ? ' (renewal)' : ''}`, HttpStatus.INTERNAL_SERVER_ERROR);
this.name = 'CertificateError';
}
}
/**
* Error related to server operations
*/
export class ServerError extends HttpError {
constructor(message: string, public readonly code?: string, statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
super(message, statusCode);
this.name = 'ServerError';
}
}
/**
* Error for bad requests
*/
export class BadRequestError extends HttpError {
constructor(message: string) {
super(message, HttpStatus.BAD_REQUEST);
this.name = 'BadRequestError';
}
}
/**
* Error for not found resources
*/
export class NotFoundError extends HttpError {
constructor(message: string = 'Resource not found') {
super(message, HttpStatus.NOT_FOUND);
this.name = 'NotFoundError';
}
}
/**
* Redirect configuration for HTTP requests
*/
export interface IRedirectConfig {
source: string; // Source path or pattern
destination: string; // Destination URL
type: HttpStatus; // Redirect status code
preserveQuery?: boolean; // Whether to preserve query parameters
}
/**
* HTTP router configuration
*/
export interface IRouterConfig {
routes: Array<{
path: string;
method?: string;
handler: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void | Promise<void>;
}>;
notFoundHandler?: (req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
errorHandler?: (error: Error, req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse) => void;
}
/**
* HTTP request method types
*/
export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS' | 'CONNECT' | 'TRACE';
/**
* Helper function to get HTTP status text
*/
export function getStatusText(status: HttpStatus): string {
const statusTexts: Record<HttpStatus, string> = {
[HttpStatus.OK]: 'OK',
[HttpStatus.MOVED_PERMANENTLY]: 'Moved Permanently',
[HttpStatus.FOUND]: 'Found',
[HttpStatus.TEMPORARY_REDIRECT]: 'Temporary Redirect',
[HttpStatus.PERMANENT_REDIRECT]: 'Permanent Redirect',
[HttpStatus.BAD_REQUEST]: 'Bad Request',
[HttpStatus.UNAUTHORIZED]: 'Unauthorized',
[HttpStatus.FORBIDDEN]: 'Forbidden',
[HttpStatus.NOT_FOUND]: 'Not Found',
[HttpStatus.METHOD_NOT_ALLOWED]: 'Method Not Allowed',
[HttpStatus.REQUEST_TIMEOUT]: 'Request Timeout',
[HttpStatus.TOO_MANY_REQUESTS]: 'Too Many Requests',
[HttpStatus.INTERNAL_SERVER_ERROR]: 'Internal Server Error',
[HttpStatus.NOT_IMPLEMENTED]: 'Not Implemented',
[HttpStatus.BAD_GATEWAY]: 'Bad Gateway',
[HttpStatus.SERVICE_UNAVAILABLE]: 'Service Unavailable',
[HttpStatus.GATEWAY_TIMEOUT]: 'Gateway Timeout',
};
return statusTexts[status] || 'Unknown';
}
// Legacy interfaces for backward compatibility
export interface IDomainOptions {
domainName: string;
sslRedirect: boolean;
acmeMaintenance: boolean;
forward?: { ip: string; port: number };
acmeForward?: { ip: string; port: number };
}
export interface IDomainCertificate {
options: IDomainOptions;
certObtained: boolean;
obtainingInProgress: boolean;
certificate?: string;
privateKey?: string;
expiryDate?: Date;
lastRenewalAttempt?: Date;
}
// Backward compatibility exports
export { HttpError as Port80HandlerError };
export { CertificateError as CertError };

5
ts/proxies/http-proxy/models/index.ts Normal file
View File

@ -0,0 +1,5 @@
/**
* HttpProxy models
*/
export * from './types.js';
export * from './http-types.js';

4
ts/proxies/network-proxy/models/types.ts → ts/proxies/http-proxy/models/types.ts
View File

@ -16,9 +16,9 @@ import type { IRouteConfig } from '../../smart-proxy/models/route-types.js';
import type { IRouteContext } from '../../../core/models/route-context.js';
/**
* Configuration options for NetworkProxy
* Configuration options for HttpProxy
*/
export interface INetworkProxyOptions {
export interface IHttpProxyOptions {
port: number;
maxConnections?: number;
keepAliveTimeout?: number;

6
ts/proxies/network-proxy/request-handler.ts → ts/proxies/http-proxy/request-handler.ts
View File

@ -1,14 +1,14 @@
import * as plugins from '../../plugins.js';
import '../../core/models/socket-augmentation.js';
import {
type INetworkProxyOptions,
type IHttpProxyOptions,
type ILogger,
createLogger,
type IReverseProxyConfig,
RouteManager
} from './models/types.js';
import { ConnectionPool } from './connection-pool.js';
import { ProxyRouter } from '../../http/router/index.js';
import { ProxyRouter } from '../../routing/router/index.js';
import { ContextCreator } from './context-creator.js';
import { HttpRequestHandler } from './http-request-handler.js';
import { Http2RequestHandler } from './http2-request-handler.js';
@ -46,7 +46,7 @@ export class RequestHandler {
public securityManager: SecurityManager;
constructor(
private options: INetworkProxyOptions,
private options: IHttpProxyOptions,
private connectionPool: ConnectionPool,
private legacyRouter: ProxyRouter, // Legacy router for backward compatibility
private routeManager?: RouteManager,

0
ts/proxies/network-proxy/security-manager.ts → ts/proxies/http-proxy/security-manager.ts
View File

6
ts/proxies/network-proxy/websocket-handler.ts → ts/proxies/http-proxy/websocket-handler.ts
View File

@ -1,8 +1,8 @@
import * as plugins from '../../plugins.js';
import '../../core/models/socket-augmentation.js';
import { type INetworkProxyOptions, type IWebSocketWithHeartbeat, type ILogger, createLogger, type IReverseProxyConfig } from './models/types.js';
import { type IHttpProxyOptions, type IWebSocketWithHeartbeat, type ILogger, createLogger, type IReverseProxyConfig } from './models/types.js';
import { ConnectionPool } from './connection-pool.js';
import { ProxyRouter, RouteRouter } from '../../http/router/index.js';
import { ProxyRouter, RouteRouter } from '../../routing/router/index.js';
import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
import type { IRouteContext } from '../../core/models/route-context.js';
import { toBaseContext } from '../../core/models/route-context.js';
@ -23,7 +23,7 @@ export class WebSocketHandler {
private securityManager: SecurityManager;
constructor(
private options: INetworkProxyOptions,
private options: IHttpProxyOptions,
private connectionPool: ConnectionPool,
private legacyRouter: ProxyRouter, // Legacy router for backward compatibility
private routes: IRouteConfig[] = [] // Routes for modern router

14
ts/proxies/index.ts
View File

@ -2,15 +2,15 @@
* Proxy implementations module
*/
// Export NetworkProxy with selective imports to avoid conflicts
export { NetworkProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './network-proxy/index.js';
export type { IMetricsTracker, MetricsTracker } from './network-proxy/index.js';
// Export network-proxy models except IAcmeOptions
export type { INetworkProxyOptions, ICertificateEntry, ILogger } from './network-proxy/models/types.js';
export { RouteManager as NetworkProxyRouteManager } from './network-proxy/models/types.js';
// Export HttpProxy with selective imports to avoid conflicts
export { HttpProxy, CertificateManager, ConnectionPool, RequestHandler, WebSocketHandler } from './http-proxy/index.js';
export type { IMetricsTracker, MetricsTracker } from './http-proxy/index.js';
// Export http-proxy models except IAcmeOptions
export type { IHttpProxyOptions, ICertificateEntry, ILogger } from './http-proxy/models/types.js';
export { RouteManager as HttpProxyRouteManager } from './http-proxy/models/types.js';
// Export SmartProxy with selective imports to avoid conflicts
export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, NetworkProxyBridge, RouteConnectionHandler } from './smart-proxy/index.js';
export { SmartProxy, ConnectionManager, SecurityManager, TimeoutManager, TlsManager, HttpProxyBridge, RouteConnectionHandler } from './smart-proxy/index.js';
export { RouteManager as SmartProxyRouteManager } from './smart-proxy/route-manager.js';
export * from './smart-proxy/utils/index.js';
// Export smart-proxy models except IAcmeOptions

4
ts/proxies/network-proxy/models/index.ts
View File

@ -1,4 +0,0 @@
/**
* NetworkProxy models
*/
export * from './types.js';

62
ts/proxies/smart-proxy/certificate-manager.ts
View File

@ -1,5 +1,5 @@
import * as plugins from '../../plugins.js';
import { NetworkProxy } from '../network-proxy/index.js';
import { HttpProxy } from '../http-proxy/index.js';
import type { IRouteConfig, IRouteTls } from './models/route-types.js';
import type { IAcmeOptions } from './models/interfaces.js';
import { CertStore } from './cert-store.js';
@ -25,7 +25,7 @@ export interface ICertificateData {
export class SmartCertManager {
private certStore: CertStore;
private smartAcme: plugins.smartacme.SmartAcme | null = null;
private networkProxy: NetworkProxy | null = null;
private httpProxy: HttpProxy | null = null;
private renewalTimer: NodeJS.Timeout | null = null;
private pendingChallenges: Map<string, string> = new Map();
private challengeRoute: IRouteConfig | null = null;
@ -68,18 +68,10 @@ export class SmartCertManager {
}
}
public setNetworkProxy(networkProxy: NetworkProxy): void {
this.networkProxy = networkProxy;
public setHttpProxy(httpProxy: HttpProxy): void {
this.httpProxy = httpProxy;
}
/**
* Get the current state of the certificate manager
*/
public getState(): { challengeRouteActive: boolean } {
return {
challengeRouteActive: this.challengeRouteActive
};
}
/**
* Set the ACME state manager
@ -244,8 +236,29 @@ export class SmartCertManager {
// Challenge route should already be active from initialization
// No need to add it for each certificate
// Use smartacme to get certificate
const cert = await this.smartAcme.getCertificateForDomain(primaryDomain);
// Determine if we should request a wildcard certificate
// Only request wildcards if:
// 1. The primary domain is not already a wildcard
// 2. The domain has multiple parts (can have subdomains)
// 3. We have DNS-01 challenge support (required for wildcards)
const hasDnsChallenge = (this.smartAcme as any).challengeHandlers?.some((handler: any) =>
handler.getSupportedTypes && handler.getSupportedTypes().includes('dns-01')
);
const shouldIncludeWildcard = !primaryDomain.startsWith('*.') &&
primaryDomain.includes('.') &&
primaryDomain.split('.').length >= 2 &&
hasDnsChallenge;
if (shouldIncludeWildcard) {
console.log(`Requesting wildcard certificate for ${primaryDomain} (DNS-01 available)`);
}
// Use smartacme to get certificate with optional wildcard
const cert = await this.smartAcme.getCertificateForDomain(
primaryDomain,
shouldIncludeWildcard ? { includeWildcard: true } : undefined
);
// SmartAcme's Cert object has these properties:
// - publicKey: The certificate PEM string
@ -323,23 +336,23 @@ export class SmartCertManager {
}
/**
* Apply certificate to NetworkProxy
* Apply certificate to HttpProxy
*/
private async applyCertificate(domain: string, certData: ICertificateData): Promise<void> {
if (!this.networkProxy) {
console.warn('NetworkProxy not set, cannot apply certificate');
if (!this.httpProxy) {
console.warn('HttpProxy not set, cannot apply certificate');
return;
}
// Apply certificate to NetworkProxy
this.networkProxy.updateCertificate(domain, certData.cert, certData.key);
// Apply certificate to HttpProxy
this.httpProxy.updateCertificate(domain, certData.cert, certData.key);
// Also apply for wildcard if it's a subdomain
if (domain.includes('.') && !domain.startsWith('*.')) {
const parts = domain.split('.');
if (parts.length >= 2) {
const wildcardDomain = `*.${parts.slice(-2).join('.')}`;
this.networkProxy.updateCertificate(wildcardDomain, certData.cert, certData.key);
this.httpProxy.updateCertificate(wildcardDomain, certData.cert, certData.key);
}
}
}
@ -627,5 +640,14 @@ export class SmartCertManager {
public getAcmeOptions(): { email?: string; useProduction?: boolean; port?: number } | undefined {
return this.acmeOptions;
}
/**
* Get certificate manager state
*/
public getState(): { challengeRouteActive: boolean } {
return {
challengeRouteActive: this.challengeRouteActive
};
}
}

165
ts/proxies/smart-proxy/http-proxy-bridge.ts Normal file
View File

@ -0,0 +1,165 @@
import * as plugins from '../../plugins.js';
import { HttpProxy } from '../http-proxy/index.js';
import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
import type { IRouteConfig } from './models/route-types.js';
export class HttpProxyBridge {
private httpProxy: HttpProxy | null = null;
constructor(private settings: ISmartProxyOptions) {}
/**
* Get the HttpProxy instance
*/
public getHttpProxy(): HttpProxy | null {
return this.httpProxy;
}
/**
* Initialize HttpProxy instance
*/
public async initialize(): Promise<void> {
if (!this.httpProxy && this.settings.useHttpProxy && this.settings.useHttpProxy.length > 0) {
const httpProxyOptions: any = {
port: this.settings.httpProxyPort!,
portProxyIntegration: true,
logLevel: this.settings.enableDetailedLogging ? 'debug' : 'info'
};
this.httpProxy = new HttpProxy(httpProxyOptions);
console.log(`Initialized HttpProxy on port ${this.settings.httpProxyPort}`);
// Apply route configurations to HttpProxy
await this.syncRoutesToHttpProxy(this.settings.routes || []);
}
}
/**
* Sync routes to HttpProxy
*/
public async syncRoutesToHttpProxy(routes: IRouteConfig[]): Promise<void> {
if (!this.httpProxy) return;
// Convert routes to HttpProxy format
const httpProxyConfigs = routes
.filter(route => {
// Check if this route matches any of the specified network proxy ports
const routePorts = Array.isArray(route.match.ports)
? route.match.ports
: [route.match.ports];
return routePorts.some(port =>
this.settings.useHttpProxy?.includes(port)
);
})
.map(route => this.routeToHttpProxyConfig(route));
// Apply configurations to HttpProxy
await this.httpProxy.updateRouteConfigs(httpProxyConfigs);
}
/**
* Convert route to HttpProxy configuration
*/
private routeToHttpProxyConfig(route: IRouteConfig): any {
// Convert route to HttpProxy domain config format
let domain = '*';
if (route.match.domains) {
if (Array.isArray(route.match.domains)) {
domain = route.match.domains[0] || '*';
} else {
domain = route.match.domains;
}
}
return {
domain,
target: route.action.target,
tls: route.action.tls,
security: route.action.security,
match: {
...route.match,
domains: domain // Ensure domains is always set for HttpProxy
}
};
}
/**
* Check if connection should use HttpProxy
*/
public shouldUseHttpProxy(connection: IConnectionRecord, routeMatch: any): boolean {
// Only use HttpProxy for TLS termination
return (
routeMatch.route.action.tls?.mode === 'terminate' ||
routeMatch.route.action.tls?.mode === 'terminate-and-reencrypt'
) && this.httpProxy !== null;
}
/**
* Forward connection to HttpProxy
*/
public async forwardToHttpProxy(
connectionId: string,
socket: plugins.net.Socket,
record: IConnectionRecord,
initialChunk: Buffer,
httpProxyPort: number,
cleanupCallback: (reason: string) => void
): Promise<void> {
if (!this.httpProxy) {
throw new Error('HttpProxy not initialized');
}
const proxySocket = new plugins.net.Socket();
await new Promise<void>((resolve, reject) => {
proxySocket.connect(httpProxyPort, 'localhost', () => {
console.log(`[${connectionId}] Connected to HttpProxy for termination`);
resolve();
});
proxySocket.on('error', reject);
});
// Send initial chunk if present
if (initialChunk) {
proxySocket.write(initialChunk);
}
// Pipe the sockets together
socket.pipe(proxySocket);
proxySocket.pipe(socket);
// Handle cleanup
const cleanup = (reason: string) => {
socket.unpipe(proxySocket);
proxySocket.unpipe(socket);
proxySocket.destroy();
cleanupCallback(reason);
};
socket.on('end', () => cleanup('socket_end'));
socket.on('error', () => cleanup('socket_error'));
proxySocket.on('end', () => cleanup('proxy_end'));
proxySocket.on('error', () => cleanup('proxy_error'));
}
/**
* Start HttpProxy
*/
public async start(): Promise<void> {
if (this.httpProxy) {
await this.httpProxy.start();
}
}
/**
* Stop HttpProxy
*/
public async stop(): Promise<void> {
if (this.httpProxy) {
await this.httpProxy.stop();
this.httpProxy = null;
}
}
}

5
ts/proxies/smart-proxy/index.ts
View File

@ -14,12 +14,15 @@ export { ConnectionManager } from './connection-manager.js';
export { SecurityManager } from './security-manager.js';
export { TimeoutManager } from './timeout-manager.js';
export { TlsManager } from './tls-manager.js';
export { NetworkProxyBridge } from './network-proxy-bridge.js';
export { HttpProxyBridge } from './http-proxy-bridge.js';
// Export route-based components
export { RouteManager } from './route-manager.js';
export { RouteConnectionHandler } from './route-connection-handler.js';
export { NFTablesManager } from './nftables-manager.js';
// Export certificate management
export { SmartCertManager } from './certificate-manager.js';
// Export all helper functions from the utils directory
export * from './utils/index.js';

6
ts/proxies/smart-proxy/models/interfaces.ts
View File

@ -94,9 +94,9 @@ export interface ISmartProxyOptions {
keepAliveInactivityMultiplier?: number; // Multiplier for inactivity timeout for keep-alive connections
extendedKeepAliveLifetime?: number; // Extended lifetime for keep-alive connections (ms)
// NetworkProxy integration
useNetworkProxy?: number[]; // Array of ports to forward to NetworkProxy
networkProxyPort?: number; // Port where NetworkProxy is listening (default: 8443)
// HttpProxy integration
useHttpProxy?: number[]; // Array of ports to forward to HttpProxy
httpProxyPort?: number; // Port where HttpProxy is listening (default: 8443)
/**
* Global ACME configuration options for SmartProxy

1
ts/proxies/smart-proxy/models/route-types.ts
View File

@ -47,6 +47,7 @@ export interface IRouteContext {
path?: string; // URL path (for HTTP connections)
query?: string; // Query string (for HTTP connections)
headers?: Record<string, string>; // HTTP headers (for HTTP connections)
method?: string; // HTTP method (for HTTP connections)
// TLS information
isTls: boolean; // Whether the connection is TLS

152
ts/proxies/smart-proxy/network-proxy-bridge.ts
View File

@ -1,152 +0,0 @@
import * as plugins from '../../plugins.js';
import { NetworkProxy } from '../network-proxy/index.js';
import type { IConnectionRecord, ISmartProxyOptions } from './models/interfaces.js';
import type { IRouteConfig } from './models/route-types.js';
export class NetworkProxyBridge {
private networkProxy: NetworkProxy | null = null;
constructor(private settings: ISmartProxyOptions) {}
/**
* Get the NetworkProxy instance
*/
public getNetworkProxy(): NetworkProxy | null {
return this.networkProxy;
}
/**
* Initialize NetworkProxy instance
*/
public async initialize(): Promise<void> {
if (!this.networkProxy && this.settings.useNetworkProxy && this.settings.useNetworkProxy.length > 0) {
const networkProxyOptions: any = {
port: this.settings.networkProxyPort!,
portProxyIntegration: true,
logLevel: this.settings.enableDetailedLogging ? 'debug' : 'info'
};
this.networkProxy = new NetworkProxy(networkProxyOptions);
console.log(`Initialized NetworkProxy on port ${this.settings.networkProxyPort}`);
// Apply route configurations to NetworkProxy
await this.syncRoutesToNetworkProxy(this.settings.routes || []);
}
}
/**
* Sync routes to NetworkProxy
*/
public async syncRoutesToNetworkProxy(routes: IRouteConfig[]): Promise<void> {
if (!this.networkProxy) return;
// Convert routes to NetworkProxy format
const networkProxyConfigs = routes
.filter(route => {
// Check if this route matches any of the specified network proxy ports
const routePorts = Array.isArray(route.match.ports)
? route.match.ports
: [route.match.ports];
return routePorts.some(port =>
this.settings.useNetworkProxy?.includes(port)
);
})
.map(route => this.routeToNetworkProxyConfig(route));
// Apply configurations to NetworkProxy
await this.networkProxy.updateRouteConfigs(networkProxyConfigs);
}
/**
* Convert route to NetworkProxy configuration
*/
private routeToNetworkProxyConfig(route: IRouteConfig): any {
// Convert route to NetworkProxy domain config format
return {
domain: route.match.domains?.[0] || '*',
target: route.action.target,
tls: route.action.tls,
security: route.action.security
};
}
/**
* Check if connection should use NetworkProxy
*/
public shouldUseNetworkProxy(connection: IConnectionRecord, routeMatch: any): boolean {
// Only use NetworkProxy for TLS termination
return (
routeMatch.route.action.tls?.mode === 'terminate' ||
routeMatch.route.action.tls?.mode === 'terminate-and-reencrypt'
) && this.networkProxy !== null;
}
/**
* Forward connection to NetworkProxy
*/
public async forwardToNetworkProxy(
connectionId: string,
socket: plugins.net.Socket,
record: IConnectionRecord,
initialChunk: Buffer,
networkProxyPort: number,
cleanupCallback: (reason: string) => void
): Promise<void> {
if (!this.networkProxy) {
throw new Error('NetworkProxy not initialized');
}
const proxySocket = new plugins.net.Socket();
await new Promise<void>((resolve, reject) => {
proxySocket.connect(networkProxyPort, 'localhost', () => {
console.log(`[${connectionId}] Connected to NetworkProxy for termination`);
resolve();
});
proxySocket.on('error', reject);
});
// Send initial chunk if present
if (initialChunk) {
proxySocket.write(initialChunk);
}
// Pipe the sockets together
socket.pipe(proxySocket);
proxySocket.pipe(socket);
// Handle cleanup
const cleanup = (reason: string) => {
socket.unpipe(proxySocket);
proxySocket.unpipe(socket);
proxySocket.destroy();
cleanupCallback(reason);
};
socket.on('end', () => cleanup('socket_end'));
socket.on('error', () => cleanup('socket_error'));
proxySocket.on('end', () => cleanup('proxy_end'));
proxySocket.on('error', () => cleanup('proxy_error'));
}
/**
* Start NetworkProxy
*/
public async start(): Promise<void> {
if (this.networkProxy) {
await this.networkProxy.start();
}
}
/**
* Stop NetworkProxy
*/
public async stop(): Promise<void> {
if (this.networkProxy) {
await this.networkProxy.stop();
this.networkProxy = null;
}
}
}

4
ts/proxies/smart-proxy/port-manager.ts
View File

@ -60,10 +60,10 @@ export class PortManager {
// Start listening on the port
return new Promise<void>((resolve, reject) => {
server.listen(port, () => {
const isNetworkProxyPort = this.settings.useNetworkProxy?.includes(port);
const isHttpProxyPort = this.settings.useHttpProxy?.includes(port);
console.log(
`SmartProxy -> OK: Now listening on port ${port}${
isNetworkProxyPort ? ' (NetworkProxy forwarding enabled)' : ''
isHttpProxyPort ? ' (HttpProxy forwarding enabled)' : ''
}`
);

793
ts/proxies/smart-proxy/route-connection-handler.ts
View File

File diff suppressed because it is too large Load Diff

15
ts/proxies/smart-proxy/route-manager.ts
View File

@ -338,10 +338,19 @@ export class RouteManager extends plugins.EventEmitter {
// Find the first matching route based on priority order
for (const route of routesForPort) {
// Check domain match if specified
if (domain && !this.matchRouteDomain(route, domain)) {
continue;
// Check domain match
// If the route has domain restrictions and we have a domain to check
if (route.match.domains) {
// If no domain was provided (non-TLS or no SNI), this route doesn't match
if (!domain) {
continue;
}
// If domain is provided but doesn't match the route's domains, skip
if (!this.matchRouteDomain(route, domain)) {
continue;
}
}
// If route has no domain restrictions, it matches all domains
// Check path match if specified in both route and request
if (path && route.match.path) {

50
ts/proxies/smart-proxy/smart-proxy.ts
View File

@ -4,7 +4,7 @@ import * as plugins from '../../plugins.js';
import { ConnectionManager } from './connection-manager.js';
import { SecurityManager } from './security-manager.js';
import { TlsManager } from './tls-manager.js';
import { NetworkProxyBridge } from './network-proxy-bridge.js';
import { HttpProxyBridge } from './http-proxy-bridge.js';
import { TimeoutManager } from './timeout-manager.js';
import { PortManager } from './port-manager.js';
import { RouteManager } from './route-manager.js';
@ -49,7 +49,7 @@ export class SmartProxy extends plugins.EventEmitter {
private connectionManager: ConnectionManager;
private securityManager: SecurityManager;
private tlsManager: TlsManager;
private networkProxyBridge: NetworkProxyBridge;
private httpProxyBridge: HttpProxyBridge;
private timeoutManager: TimeoutManager;
public routeManager: RouteManager; // Made public for route management
private routeConnectionHandler: RouteConnectionHandler;
@ -123,7 +123,7 @@ export class SmartProxy extends plugins.EventEmitter {
keepAliveTreatment: settingsArg.keepAliveTreatment || 'extended',
keepAliveInactivityMultiplier: settingsArg.keepAliveInactivityMultiplier || 6,
extendedKeepAliveLifetime: settingsArg.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000,
networkProxyPort: settingsArg.networkProxyPort || 8443,
httpProxyPort: settingsArg.httpProxyPort || 8443,
};
// Normalize ACME options if provided (support both email and accountEmail)
@ -164,7 +164,7 @@ export class SmartProxy extends plugins.EventEmitter {
// Create other required components
this.tlsManager = new TlsManager(this.settings);
this.networkProxyBridge = new NetworkProxyBridge(this.settings);
this.httpProxyBridge = new HttpProxyBridge(this.settings);
// Initialize connection handler with route support
this.routeConnectionHandler = new RouteConnectionHandler(
@ -172,7 +172,7 @@ export class SmartProxy extends plugins.EventEmitter {
this.connectionManager,
this.securityManager,
this.tlsManager,
this.networkProxyBridge,
this.httpProxyBridge,
this.timeoutManager,
this.routeManager
);
@ -212,9 +212,9 @@ export class SmartProxy extends plugins.EventEmitter {
await this.updateRoutes(routes);
});
// Connect with NetworkProxy if available
if (this.networkProxyBridge.getNetworkProxy()) {
certManager.setNetworkProxy(this.networkProxyBridge.getNetworkProxy());
// Connect with HttpProxy if available
if (this.httpProxyBridge.getHttpProxy()) {
certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
}
// Set the ACME state manager
@ -312,16 +312,16 @@ export class SmartProxy extends plugins.EventEmitter {
// Initialize certificate manager before starting servers
await this.initializeCertificateManager();
// Initialize and start NetworkProxy if needed
if (this.settings.useNetworkProxy && this.settings.useNetworkProxy.length > 0) {
await this.networkProxyBridge.initialize();
// Initialize and start HttpProxy if needed
if (this.settings.useHttpProxy && this.settings.useHttpProxy.length > 0) {
await this.httpProxyBridge.initialize();
// Connect NetworkProxy with certificate manager
// Connect HttpProxy with certificate manager
if (this.certManager) {
this.certManager.setNetworkProxy(this.networkProxyBridge.getNetworkProxy());
this.certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
}
await this.networkProxyBridge.start();
await this.httpProxyBridge.start();
}
// Validate the route configuration
@ -368,7 +368,7 @@ export class SmartProxy extends plugins.EventEmitter {
let completedTlsHandshakes = 0;
let pendingTlsHandshakes = 0;
let keepAliveConnections = 0;
let networkProxyConnections = 0;
let httpProxyConnections = 0;
// Get connection records for analysis
const connectionRecords = this.connectionManager.getConnections();
@ -392,7 +392,7 @@ export class SmartProxy extends plugins.EventEmitter {
}
if (record.usingNetworkProxy) {
networkProxyConnections++;
httpProxyConnections++;
}
maxIncoming = Math.max(maxIncoming, now - record.incomingStartTime);
@ -408,7 +408,7 @@ export class SmartProxy extends plugins.EventEmitter {
console.log(
`Active connections: ${connectionRecords.size}. ` +
`Types: TLS=${tlsConnections} (Completed=${completedTlsHandshakes}, Pending=${pendingTlsHandshakes}), ` +
`Non-TLS=${nonTlsConnections}, KeepAlive=${keepAliveConnections}, NetworkProxy=${networkProxyConnections}. ` +
`Non-TLS=${nonTlsConnections}, KeepAlive=${keepAliveConnections}, HttpProxy=${httpProxyConnections}. ` +
`Longest running: IN=${plugins.prettyMs(maxIncoming)}, OUT=${plugins.prettyMs(maxOutgoing)}. ` +
`Termination stats: ${JSON.stringify({
IN: terminationStats.incoming,
@ -460,8 +460,8 @@ export class SmartProxy extends plugins.EventEmitter {
// Clean up all active connections
this.connectionManager.clearConnections();
// Stop NetworkProxy
await this.networkProxyBridge.stop();
// Stop HttpProxy
await this.httpProxyBridge.stop();
// Clear ACME state manager
this.acmeStateManager.clear();
@ -574,9 +574,9 @@ export class SmartProxy extends plugins.EventEmitter {
// Update settings with the new routes
this.settings.routes = newRoutes;
// If NetworkProxy is initialized, resync the configurations
if (this.networkProxyBridge.getNetworkProxy()) {
await this.networkProxyBridge.syncRoutesToNetworkProxy(newRoutes);
// If HttpProxy is initialized, resync the configurations
if (this.httpProxyBridge.getHttpProxy()) {
await this.httpProxyBridge.syncRoutesToHttpProxy(newRoutes);
}
// Update certificate manager with new routes
@ -711,14 +711,14 @@ export class SmartProxy extends plugins.EventEmitter {
let tlsConnections = 0;
let nonTlsConnections = 0;
let keepAliveConnections = 0;
let networkProxyConnections = 0;
let httpProxyConnections = 0;
// Analyze active connections
for (const record of connectionRecords.values()) {
if (record.isTLS) tlsConnections++;
else nonTlsConnections++;
if (record.hasKeepAlive) keepAliveConnections++;
if (record.usingNetworkProxy) networkProxyConnections++;
if (record.usingNetworkProxy) httpProxyConnections++;
}
return {
@ -726,7 +726,7 @@ export class SmartProxy extends plugins.EventEmitter {
tlsConnections,
nonTlsConnections,
keepAliveConnections,
networkProxyConnections,
httpProxyConnections,
terminationStats,
acmeEnabled: !!this.certManager,
port80HandlerPort: this.certManager ? 80 : null,

295
ts/redirect/classes.redirect.ts
View File

@ -1,295 +0,0 @@
import * as plugins from '../plugins.js';
export interface RedirectRule {
/**
* Optional protocol to match (http or https). If not specified, matches both.
*/
fromProtocol?: 'http' | 'https';
/**
* Optional hostname pattern to match. Can use * as wildcard.
* If not specified, matches all hosts.
*/
fromHost?: string;
/**
* Optional path prefix to match. If not specified, matches all paths.
*/
fromPath?: string;
/**
* Target protocol for the redirect (http or https)
*/
toProtocol: 'http' | 'https';
/**
* Target hostname for the redirect. Can use $1, $2, etc. to reference
* captured groups from wildcard matches in fromHost.
*/
toHost: string;
/**
* Optional target path prefix. If not specified, keeps original path.
* Can use $path to reference the original path.
*/
toPath?: string;
/**
* HTTP status code for the redirect (301 for permanent, 302 for temporary)
*/
statusCode?: 301 | 302 | 307 | 308;
}
export class Redirect {
private httpServer?: plugins.http.Server;
private httpsServer?: plugins.https.Server;
private rules: RedirectRule[] = [];
private httpPort: number = 80;
private httpsPort: number = 443;
private sslOptions?: {
key: Buffer;
cert: Buffer;
};
/**
* Create a new Redirect instance
* @param options Configuration options
*/
constructor(options: {
httpPort?: number;
httpsPort?: number;
sslOptions?: {
key: Buffer;
cert: Buffer;
};
rules?: RedirectRule[];
} = {}) {
if (options.httpPort) this.httpPort = options.httpPort;
if (options.httpsPort) this.httpsPort = options.httpsPort;
if (options.sslOptions) this.sslOptions = options.sslOptions;
if (options.rules) this.rules = options.rules;
}
/**
* Add a redirect rule
*/
public addRule(rule: RedirectRule): void {
this.rules.push(rule);
}
/**
* Remove all redirect rules
*/
public clearRules(): void {
this.rules = [];
}
/**
* Set SSL options for HTTPS redirects
*/
public setSslOptions(options: { key: Buffer; cert: Buffer }): void {
this.sslOptions = options;
}
/**
* Process a request according to the configured rules
*/
private handleRequest(
request: plugins.http.IncomingMessage,
response: plugins.http.ServerResponse,
protocol: 'http' | 'https'
): void {
const requestUrl = new URL(
request.url || '/',
`${protocol}://${request.headers.host || 'localhost'}`
);
const host = requestUrl.hostname;
const path = requestUrl.pathname + requestUrl.search;
// Find matching rule
const matchedRule = this.findMatchingRule(protocol, host, path);
if (matchedRule) {
const targetUrl = this.buildTargetUrl(matchedRule, host, path);
console.log(`Redirecting ${protocol}://${host}${path} to ${targetUrl}`);
response.writeHead(matchedRule.statusCode || 302, {
Location: targetUrl,
});
response.end();
} else {
// No matching rule, send 404
response.writeHead(404, { 'Content-Type': 'text/plain' });
response.end('Not Found');
}
}
/**
* Find a matching redirect rule for the given request
*/
private findMatchingRule(
protocol: 'http' | 'https',
host: string,
path: string
): RedirectRule | undefined {
return this.rules.find((rule) => {
// Check protocol match
if (rule.fromProtocol && rule.fromProtocol !== protocol) {
return false;
}
// Check host match
if (rule.fromHost) {
const pattern = rule.fromHost.replace(/\*/g, '(.*)');
const regex = new RegExp(`^${pattern}$`);
if (!regex.test(host)) {
return false;
}
}
// Check path match
if (rule.fromPath && !path.startsWith(rule.fromPath)) {
return false;
}
return true;
});
}
/**
* Build the target URL for a redirect
*/
private buildTargetUrl(rule: RedirectRule, originalHost: string, originalPath: string): string {
let targetHost = rule.toHost;
// Replace wildcards in host
if (rule.fromHost && rule.fromHost.includes('*')) {
const pattern = rule.fromHost.replace(/\*/g, '(.*)');
const regex = new RegExp(`^${pattern}$`);
const matches = originalHost.match(regex);
if (matches) {
for (let i = 1; i < matches.length; i++) {
targetHost = targetHost.replace(`$${i}`, matches[i]);
}
}
}
// Build target path
let targetPath = originalPath;
if (rule.toPath) {
if (rule.toPath.includes('$path')) {
// Replace $path with original path, optionally removing the fromPath prefix
const pathSuffix = rule.fromPath ?
originalPath.substring(rule.fromPath.length) :
originalPath;
targetPath = rule.toPath.replace('$path', pathSuffix);
} else {
targetPath = rule.toPath;
}
}
return `${rule.toProtocol}://${targetHost}${targetPath}`;
}
/**
* Start the redirect server(s)
*/
public async start(): Promise<void> {
const tasks = [];
// Create and start HTTP server if we have a port
if (this.httpPort) {
this.httpServer = plugins.http.createServer((req, res) =>
this.handleRequest(req, res, 'http')
);
const httpStartPromise = new Promise<void>((resolve) => {
this.httpServer?.listen(this.httpPort, () => {
console.log(`HTTP redirect server started on port ${this.httpPort}`);
resolve();
});
});
tasks.push(httpStartPromise);
}
// Create and start HTTPS server if we have SSL options and a port
if (this.httpsPort && this.sslOptions) {
this.httpsServer = plugins.https.createServer(this.sslOptions, (req, res) =>
this.handleRequest(req, res, 'https')
);
const httpsStartPromise = new Promise<void>((resolve) => {
this.httpsServer?.listen(this.httpsPort, () => {
console.log(`HTTPS redirect server started on port ${this.httpsPort}`);
resolve();
});
});
tasks.push(httpsStartPromise);
}
// Wait for all servers to start
await Promise.all(tasks);
}
/**
* Stop the redirect server(s)
*/
public async stop(): Promise<void> {
const tasks = [];
if (this.httpServer) {
const httpStopPromise = new Promise<void>((resolve) => {
this.httpServer?.close(() => {
console.log('HTTP redirect server stopped');
resolve();
});
});
tasks.push(httpStopPromise);
}
if (this.httpsServer) {
const httpsStopPromise = new Promise<void>((resolve) => {
this.httpsServer?.close(() => {
console.log('HTTPS redirect server stopped');
resolve();
});
});
tasks.push(httpsStopPromise);
}
await Promise.all(tasks);
}
}
// For backward compatibility
export class SslRedirect {
private redirect: Redirect;
port: number;
constructor(portArg: number) {
this.port = portArg;
this.redirect = new Redirect({
httpPort: portArg,
rules: [{
fromProtocol: 'http',
toProtocol: 'https',
toHost: '$1',
statusCode: 302
}]
});
}
public async start() {
await this.redirect.start();
}
public async stop() {
await this.redirect.stop();
}
}

9
ts/routing/index.ts Normal file
View File

@ -0,0 +1,9 @@
/**
* Routing functionality module
*/
// Export types and models from HttpProxy
export * from '../proxies/http-proxy/models/http-types.js';
// Export router functionality
export * from './router/index.js';

Some files were not shown because too many files have changed in this diff Show More