3.4.0

changelog.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## 2025-02-21 - 3.4.0 - feat(PortProxy)
+Enhanced PortProxy with custom target host and improved testing
+
+- PortProxy constructor now accepts 'fromPort', 'toPort', and optional 'toHost' directly from settings
+- Refactored test cases to cover forwarding to the custom host
+- Added support to handle multiple concurrent connections
+- Refactored internal connection handling logic to utilize default configurations
+
+## 2025-02-21 - 3.3.1 - fix(PortProxy)
+fixed import usage of net and tls libraries for PortProxy
+
+- Corrected the use of plugins for importing 'tls' and 'net' libraries in the PortProxy module.
+- Updated the constructor of PortProxy to accept combined tls options with ProxySettings.
+
+## 2025-02-21 - 3.3.0 - feat(PortProxy)
+Enhanced PortProxy with domain and IP filtering, SNI support, and minimatch integration
+
+- Added new ProxySettings interface to configure domain patterns, SNI, and default allowed IPs.
+- Integrated minimatch to filter allowed IPs and domains.
+- Enabled SNI support for PortProxy connections.
+- Updated port proxy test to accommodate new settings.
+
+## 2025-02-04 - 3.2.0 - feat(testing)
+Added a comprehensive test suite for the PortProxy class
+
+- Set up a test environment for PortProxy using net.Server.
+- Test coverage includes starting and stopping the proxy, handling TCP connections, concurrent connections, and timeouts.
+- Ensures proper resource cleanup after tests.
+
+## 2025-02-04 - 3.1.4 - fix(core)
+No uncommitted changes. Preparing for potential minor improvements or bug fixes.
+
+
+## 2025-02-04 - 3.1.3 - fix(networkproxy)
+Refactor and improve WebSocket handling and request processing
+
+- Improved error handling in WebSocket connection and request processing.
+- Refactored the WebSocket handling in NetworkProxy to use a unified error logging mechanism.
+
 ## 2025-02-04 - 3.1.2 - fix(core)
 Refactor certificate handling across the project
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "3.1.2",
+  "version": "3.4.0",
   "private": false,
   "description": "a proxy for handling high workloads of proxying",
   "main": "dist_ts/index.js",
@@ -30,7 +30,9 @@
     "@push.rocks/smartstring": "^4.0.15",
     "@tsclass/tsclass": "^4.4.0",
     "@types/ws": "^8.5.14",
-    "ws": "^8.18.0"
+    "ws": "^8.18.0",
+    "minimatch": "^9.0.3",
+    "@types/minimatch": "^5.1.2"
   },
   "files": [
     "ts/**/*",

pnpm-lock.yaml

@@ -26,9 +26,15 @@ importers:
       '@tsclass/tsclass':
         specifier: ^4.4.0
         version: 4.4.0
+      '@types/minimatch':
+        specifier: ^5.1.2
+        version: 5.1.2
       '@types/ws':
         specifier: ^8.5.14
         version: 8.5.14
+      minimatch:
+        specifier: ^9.0.3
+        version: 9.0.5
       ws:
         specifier: ^8.18.0
         version: 8.18.0

test/test.portproxy.ts

@@ -0,0 +1,143 @@
+import { expect, tap } from '@push.rocks/tapbundle';
+import * as net from 'net';
+import { PortProxy } from '../ts/smartproxy.portproxy.js';
+
+let testServer: net.Server;
+let portProxy: PortProxy;
+const TEST_SERVER_PORT = 4000;
+const PROXY_PORT = 4001;
+const TEST_DATA = 'Hello through port proxy!';
+
+// Helper function to create a test TCP server
+function createTestServer(port: number): Promise<net.Server> {
+  return new Promise((resolve) => {
+    const server = net.createServer((socket) => {
+      socket.on('data', (data) => {
+        // Echo the received data back
+        socket.write(`Echo: ${data.toString()}`);
+      });
+
+      socket.on('error', (error) => {
+        console.error('[Test Server] Socket error:', error);
+      });
+    });
+
+    server.listen(port, () => {
+      console.log(`[Test Server] Listening on port ${port}`);
+      resolve(server);
+    });
+  });
+}
+
+// Helper function to create a test client connection
+function createTestClient(port: number, data: string): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const client = new net.Socket();
+    let response = '';
+
+    client.connect(port, 'localhost', () => {
+      console.log('[Test Client] Connected to server');
+      client.write(data);
+    });
+
+    client.on('data', (chunk) => {
+      response += chunk.toString();
+      client.end();
+    });
+
+    client.on('end', () => {
+      resolve(response);
+    });
+
+    client.on('error', (error) => {
+      reject(error);
+    });
+  });
+}
+
+// Setup test environment
+tap.test('setup port proxy test environment', async () => {
+  testServer = await createTestServer(TEST_SERVER_PORT);
+  portProxy = new PortProxy({
+    fromPort: PROXY_PORT,
+    toPort: TEST_SERVER_PORT,
+    toHost: 'localhost',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1', '::ffff:127.0.0.1']
+  });
+});
+
+tap.test('should start port proxy', async () => {
+  await portProxy.start();
+  expect(portProxy.netServer.listening).toBeTrue();
+});
+
+tap.test('should forward TCP connections and data to localhost', async () => {
+  const response = await createTestClient(PROXY_PORT, TEST_DATA);
+  expect(response).toEqual(`Echo: ${TEST_DATA}`);
+});
+
+tap.test('should forward TCP connections to custom host', async () => {
+  // Create a new proxy instance with a custom host
+  const customHostProxy = new PortProxy({
+    fromPort: PROXY_PORT + 1,
+    toPort: TEST_SERVER_PORT,
+    toHost: '127.0.0.1',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1', '::ffff:127.0.0.1']
+  });
+  
+  await customHostProxy.start();
+  const response = await createTestClient(PROXY_PORT + 1, TEST_DATA);
+  expect(response).toEqual(`Echo: ${TEST_DATA}`);
+  await customHostProxy.stop();
+});
+
+tap.test('should handle multiple concurrent connections', async () => {
+  const concurrentRequests = 5;
+  const requests = Array(concurrentRequests).fill(null).map((_, i) => 
+    createTestClient(PROXY_PORT, `${TEST_DATA} ${i + 1}`)
+  );
+  
+  const responses = await Promise.all(requests);
+  
+  responses.forEach((response, i) => {
+    expect(response).toEqual(`Echo: ${TEST_DATA} ${i + 1}`);
+  });
+});
+
+tap.test('should handle connection timeouts', async () => {
+  const client = new net.Socket();
+  
+  await new Promise<void>((resolve) => {
+    client.connect(PROXY_PORT, 'localhost', () => {
+      // Don't send any data, just wait for timeout
+      client.on('close', () => {
+        resolve();
+      });
+    });
+  });
+});
+
+tap.test('should stop port proxy', async () => {
+  await portProxy.stop();
+  expect(portProxy.netServer.listening).toBeFalse();
+});
+
+// Cleanup
+tap.test('cleanup port proxy test environment', async () => {
+  await new Promise<void>((resolve) => testServer.close(() => resolve()));
+});
+
+process.on('exit', () => {
+  if (testServer) {
+    testServer.close();
+  }
+  if (portProxy && portProxy.netServer) {
+    portProxy.stop();
+  }
+});
+
+export default tap.start();

test/test.ts

@@ -14,19 +14,34 @@ let testCertificates: { privateKey: string; publicKey: string };
 async function makeHttpsRequest(
   options: https.RequestOptions,
 ): Promise<{ statusCode: number; headers: http.IncomingHttpHeaders; body: string }> {
+  console.log('[TEST] Making HTTPS request:', {
+    hostname: options.hostname,
+    port: options.port,
+    path: options.path,
+    method: options.method,
+    headers: options.headers,
+  });
   return new Promise((resolve, reject) => {
     const req = https.request(options, (res) => {
+      console.log('[TEST] Received HTTPS response:', {
+        statusCode: res.statusCode,
+        headers: res.headers,
+      });
       let data = '';
       res.on('data', (chunk) => (data += chunk));
-      res.on('end', () =>
+      res.on('end', () => {
+        console.log('[TEST] Response completed:', { data });
         resolve({
           statusCode: res.statusCode!,
           headers: res.headers,
           body: data,
-        }),
+        });
-      );
+      });
+    });
+    req.on('error', (error) => {
+      console.error('[TEST] Request error:', error);
+      reject(error);
     });
-    req.on('error', reject);
     req.end();
   });
 }
@@ -37,12 +52,13 @@ tap.test('setup test environment', async () => {
   console.log('[TEST] Loading and validating certificates');
   testCertificates = loadTestCertificates();
   console.log('[TEST] Certificates loaded and validated');
+
   // Create a test HTTP server
   testServer = http.createServer((req, res) => {
     console.log('[TEST SERVER] Received HTTP request:', {
       url: req.url,
       method: req.method,
-      headers: req.headers
+      headers: req.headers,
     });
     res.writeHead(200, { 'Content-Type': 'text/plain' });
     res.end('Hello from test server!');
@@ -59,8 +75,8 @@ tap.test('setup test environment', async () => {
         connection: request.headers.connection,
         'sec-websocket-key': request.headers['sec-websocket-key'],
         'sec-websocket-version': request.headers['sec-websocket-version'],
-        'sec-websocket-protocol': request.headers['sec-websocket-protocol']
+        'sec-websocket-protocol': request.headers['sec-websocket-protocol'],
-      }
+      },
     });
 
     if (request.headers.upgrade?.toLowerCase() !== 'websocket') {
@@ -76,13 +92,13 @@ tap.test('setup test environment', async () => {
     });
   });
 
-  // Create a WebSocket server
+  // Create a WebSocket server (for the test HTTP server)
   console.log('[TEST SERVER] Creating WebSocket server');
   wsServer = new WebSocketServer({
     noServer: true,
     perMessageDeflate: false,
     clientTracking: true,
-    handleProtocols: () => 'echo-protocol'
+    handleProtocols: () => 'echo-protocol',
   });
 
   wsServer.on('connection', (ws, request) => {
@@ -94,8 +110,8 @@ tap.test('setup test environment', async () => {
         connection: request.headers.connection,
         'sec-websocket-key': request.headers['sec-websocket-key'],
         'sec-websocket-version': request.headers['sec-websocket-version'],
-        'sec-websocket-protocol': request.headers['sec-websocket-protocol']
+        'sec-websocket-protocol': request.headers['sec-websocket-protocol'],
-      }
+      },
     });
 
     // Set up connection timeout
@@ -132,7 +148,7 @@ tap.test('setup test environment', async () => {
       console.log('[TEST SERVER] WebSocket connection closed:', {
         code,
         reason: reason.toString(),
-        wasClean: code === 1000 || code === 1001
+        wasClean: code === 1000 || code === 1001,
       });
       clearConnectionTimeout();
     });
@@ -175,30 +191,42 @@ tap.test('should create proxy instance', async () => {
 });
 
 tap.test('should start the proxy server', async () => {
+  // Ensure any previous server is closed
+  if (testProxy && testProxy.httpsServer) {
+    await new Promise<void>((resolve) =>
+      testProxy.httpsServer.close(() => resolve())
+    );
+  }
+
   console.log('[TEST] Starting the proxy server');
   await testProxy.start();
   console.log('[TEST] Proxy server started');
 
   // Configure proxy with test certificates
-  testProxy.updateProxyConfigs([
+  // Awaiting the update ensures that the SNI context is added before any requests come in.
+  await testProxy.updateProxyConfigs([
     {
       destinationIp: '127.0.0.1',
       destinationPort: '3000',
       hostName: 'push.rocks',
       publicKey: testCertificates.publicKey,
       privateKey: testCertificates.privateKey,
-    }
+    },
   ]);
 
   console.log('[TEST] Proxy configuration updated');
 });
 
 tap.test('should route HTTPS requests based on host header', async () => {
+  // IMPORTANT: Connect to localhost (where the proxy is listening) but use the Host header "push.rocks"
   const response = await makeHttpsRequest({
-    hostname: 'push.rocks',
+    hostname: 'localhost', // changed from 'push.rocks' to 'localhost'
     port: 3001,
     path: '/',
     method: 'GET',
+    headers: {
+      host: 'push.rocks', // virtual host for routing
+    },
     rejectUnauthorized: false,
   });
 
@@ -207,15 +235,21 @@ tap.test('should route HTTPS requests based on host header', async () => {
 });
 
 tap.test('should handle unknown host headers', async () => {
+  // Connect to localhost but use an unknown host header.
   const response = await makeHttpsRequest({
-    hostname: 'unknown.host',
+    hostname: 'localhost', // connecting to localhost
     port: 3001,
     path: '/',
     method: 'GET',
+    headers: {
+      host: 'unknown.host', // this should not match any proxy config
+    },
     rejectUnauthorized: false,
-  }).catch((e) => e);
+  });
 
-  expect(response instanceof Error).toEqual(true);
+  // Expect a 404 response with the appropriate error message.
+  expect(response.statusCode).toEqual(404);
+  expect(response.body).toEqual('This route is not available on this server.');
 });
 
 tap.test('should support WebSocket connections', async () => {
@@ -224,39 +258,38 @@ tap.test('should support WebSocket connections', async () => {
   console.log('[TEST] Proxy server port:', 3001);
   console.log('\n[TEST] Starting WebSocket test');
 
-  // First configure the proxy with test certificates
+  // Reconfigure proxy with test certificates if necessary
-  console.log('[TEST] Configuring proxy with test certificates');
+  await testProxy.updateProxyConfigs([
-  testProxy.updateProxyConfigs([
     {
       destinationIp: '127.0.0.1',
       destinationPort: '3000',
       hostName: 'push.rocks',
       publicKey: testCertificates.publicKey,
       privateKey: testCertificates.privateKey,
-    }
+    },
   ]);
 
   return new Promise<void>((resolve, reject) => {
     console.log('[TEST] Creating WebSocket client');
 
-    // Create WebSocket client with SSL/TLS options
+    // IMPORTANT: Connect to localhost but specify the SNI servername and Host header as "push.rocks"
-    const wsUrl = 'wss://push.rocks:3001';
+    const wsUrl = 'wss://localhost:3001'; // changed from 'wss://push.rocks:3001'
     console.log('[TEST] Creating WebSocket connection to:', wsUrl);
-    
+
     const ws = new WebSocket(wsUrl, {
       rejectUnauthorized: false, // Accept self-signed certificates
       handshakeTimeout: 5000,
       perMessageDeflate: false,
       headers: {
-        'Host': 'push.rocks',
+        Host: 'push.rocks', // required for SNI and routing on the proxy
-        'Connection': 'Upgrade',
+        Connection: 'Upgrade',
-        'Upgrade': 'websocket',
+        Upgrade: 'websocket',
-        'Sec-WebSocket-Version': '13'
+        'Sec-WebSocket-Version': '13',
       },
       protocol: 'echo-protocol',
       agent: new https.Agent({
-        rejectUnauthorized: false // Also needed for the underlying HTTPS connection
+        rejectUnauthorized: false, // Also needed for the underlying HTTPS connection
-      })
+      }),
     });
 
     console.log('[TEST] WebSocket client created');
@@ -286,7 +319,7 @@ tap.test('should support WebSocket connections', async () => {
     ws.on('upgrade', (response) => {
       console.log('[TEST] WebSocket upgrade response received:', {
         headers: response.headers,
-        statusCode: response.statusCode
+        statusCode: response.statusCode,
       });
     });
 
@@ -304,7 +337,10 @@ tap.test('should support WebSocket connections', async () => {
 
     ws.on('message', (message) => {
       console.log('[TEST] Received message:', message.toString());
-      if (message.toString() === 'Hello WebSocket') {
+      if (
+        message.toString() === 'Hello WebSocket' ||
+        message.toString() === 'Echo: Hello WebSocket'
+      ) {
         console.log('[TEST] Message received correctly');
         clearTimeout(timeout);
         cleanup();
@@ -320,7 +356,7 @@ tap.test('should support WebSocket connections', async () => {
     ws.on('close', (code, reason) => {
       console.log('[TEST] WebSocket connection closed:', {
         code,
-        reason: reason.toString()
+        reason: reason.toString(),
       });
       cleanup();
     });
@@ -328,15 +364,18 @@ tap.test('should support WebSocket connections', async () => {
 });
 
 tap.test('should handle custom headers', async () => {
-  testProxy.addDefaultHeaders({
+  await testProxy.addDefaultHeaders({
     'X-Proxy-Header': 'test-value',
   });
 
   const response = await makeHttpsRequest({
-    hostname: 'push.rocks',
+    hostname: 'localhost', // changed to 'localhost'
     port: 3001,
     path: '/',
     method: 'GET',
+    headers: {
+      host: 'push.rocks', // still routing to push.rocks
+    },
     rejectUnauthorized: false,
   });
 
@@ -353,16 +392,20 @@ tap.test('cleanup', async () => {
   });
 
   console.log('[TEST] Closing WebSocket server');
-  await new Promise<void>((resolve) => wsServer.close(() => {
+  await new Promise<void>((resolve) =>
-    console.log('[TEST] WebSocket server closed');
+    wsServer.close(() => {
-    resolve();
+      console.log('[TEST] WebSocket server closed');
-  }));
+      resolve();
+    })
+  );
 
   console.log('[TEST] Closing test server');
-  await new Promise<void>((resolve) => testServer.close(() => {
+  await new Promise<void>((resolve) =>
-    console.log('[TEST] Test server closed');
+    testServer.close(() => {
-    resolve();
+      console.log('[TEST] Test server closed');
-  }));
+      resolve();
+    })
+  );
 
   console.log('[TEST] Stopping proxy');
   await testProxy.stop();
@@ -376,4 +419,4 @@ process.on('exit', () => {
   testProxy.stop().then(() => console.log('[TEST] Proxy server stopped'));
 });
 
-tap.start();
+tap.start();

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.1.2',
+  version: '3.4.0',
   description: 'a proxy for handling high workloads of proxying'
 }

ts/smartproxy.classes.networkproxy.ts

@@ -8,12 +8,11 @@ export interface INetworkProxyOptions {
   port: number;
 }
 
-interface WebSocketWithHeartbeat extends plugins.wsDefault {
+interface IWebSocketWithHeartbeat extends plugins.wsDefault {
   lastPong: number;
 }
 
 export class NetworkProxy {
-  // INSTANCE
   public options: INetworkProxyOptions;
   public proxyConfigs: plugins.tsclass.network.IReverseProxyConfig[] = [];
   public httpsServer: plugins.https.Server;
@@ -43,148 +42,23 @@ export class NetworkProxy {
     }
   }
 
-  /**
-   * starts the proxyInstance
-   */
   public async start() {
+    // Instead of marking the callback async (which Node won't await),
+    // we call our async handler and catch errors.
     this.httpsServer = plugins.https.createServer(
       {
         key: this.defaultCertificates.key,
         cert: this.defaultCertificates.cert
       },
-      async (originRequest, originResponse) => {
+      (originRequest, originResponse) => {
-        /**
+        this.handleRequest(originRequest, originResponse).catch((error) => {
-         * endRequest function
+          console.error('Unhandled error in request handler:', error);
-         * can be used to prematurely end a request
+          try {
-         */
-        const endOriginReqRes = (
-          statusArg: number = 404,
-          messageArg: string = 'This route is not available on this server.',
-          headers: plugins.http.OutgoingHttpHeaders = {},
-        ) => {
-          originResponse.writeHead(statusArg, messageArg);
-          originResponse.end(messageArg);
-          if (originRequest.socket !== originResponse.socket) {
-            console.log('hey, something is strange.');
-          }
-          originResponse.destroy();
-        };
-
-        console.log(
-          `got request: ${originRequest.headers.host}${plugins.url.parse(originRequest.url).path}`,
-        );
-        const destinationConfig = this.router.routeReq(originRequest);
-
-        if (!destinationConfig) {
-          console.log(
-            `${originRequest.headers.host} can't be routed properly. Terminating request.`,
-          );
-          endOriginReqRes();
-          return;
-        }
-
-        // authentication
-        if (destinationConfig.authentication) {
-          const authInfo = destinationConfig.authentication;
-          switch (authInfo.type) {
-            case 'Basic':
-              const authHeader = originRequest.headers.authorization;
-              if (authHeader) {
-                if (!authHeader.includes('Basic ')) {
-                  return endOriginReqRes(401, 'Authentication required', {
-                    'WWW-Authenticate': 'Basic realm="Access to the staging site", charset="UTF-8"',
-                  });
-                }
-                const authStringBase64 = originRequest.headers.authorization.replace('Basic ', '');
-                const authString: string = plugins.smartstring.base64.decode(authStringBase64);
-                const userPassArray = authString.split(':');
-                const user = userPassArray[0];
-                const pass = userPassArray[1];
-                if (user === authInfo.user && pass === authInfo.pass) {
-                  console.log('request successfully authenticated');
-                } else {
-                  return endOriginReqRes(403, 'Forbidden: Wrong credentials');
-                }
-              }
-              break;
-            default:
-              return endOriginReqRes(
-                403,
-                'Forbidden: unsupported authentication method configured. Please report to the admin.',
-              );
-          }
-        }
-
-        let destinationUrl: string;
-        if (destinationConfig) {
-          destinationUrl = `http://${destinationConfig.destinationIp}:${destinationConfig.destinationPort}${originRequest.url}`;
-        } else {
-          return endOriginReqRes();
-        }
-        console.log(destinationUrl);
-        try {
-          const proxyResponse = await plugins.smartrequest.request(
-            destinationUrl,
-            {
-              method: originRequest.method,
-              headers: {
-                ...originRequest.headers,
-                'X-Forwarded-Host': originRequest.headers.host,
-                'X-Forwarded-Proto': 'https',
-              },
-              keepAlive: true,
-            },
-            true, // lets make this streaming (keepAlive)
-            (proxyRequest) => {
-              originRequest.on('data', (data) => {
-                proxyRequest.write(data);
-              });
-              originRequest.on('end', () => {
-                proxyRequest.end();
-              });
-              originRequest.on('error', () => {
-                proxyRequest.end();
-              });
-              originRequest.on('close', () => {
-                proxyRequest.end();
-              });
-              originRequest.on('timeout', () => {
-                proxyRequest.end();
-                originRequest.destroy();
-              });
-              proxyRequest.on('error', () => {
-                endOriginReqRes();
-              });
-            },
-          );
-          originResponse.statusCode = proxyResponse.statusCode;
-          console.log(proxyResponse.statusCode);
-          for (const defaultHeader of Object.keys(this.defaultHeaders)) {
-            originResponse.setHeader(defaultHeader, this.defaultHeaders[defaultHeader]);
-          }
-          for (const header of Object.keys(proxyResponse.headers)) {
-            originResponse.setHeader(header, proxyResponse.headers[header]);
-          }
-          proxyResponse.on('data', (data) => {
-            originResponse.write(data);
-          });
-          proxyResponse.on('end', () => {
             originResponse.end();
-          });
+          } catch (err) {
-          proxyResponse.on('error', () => {
+            // ignore errors during cleanup
-            originResponse.destroy();
+          }
-          });
+        });
-          proxyResponse.on('close', () => {
-            originResponse.end();
-          });
-          proxyResponse.on('timeout', () => {
-            originResponse.end();
-            originResponse.destroy();
-          });
-        } catch (error) {
-          console.error('Error while processing request:', error);
-          endOriginReqRes(502, 'Bad Gateway: Error processing the request');
-        }
       },
     );
 
@@ -194,7 +68,7 @@ export class NetworkProxy {
     // Set up the heartbeat interval
     this.heartbeatInterval = setInterval(() => {
       wsServer.clients.forEach((ws: plugins.wsDefault) => {
-        const wsIncoming = ws as WebSocketWithHeartbeat;
+        const wsIncoming = ws as IWebSocketWithHeartbeat;
         if (!wsIncoming.lastPong) {
           wsIncoming.lastPong = Date.now();
         }
@@ -209,7 +83,7 @@ export class NetworkProxy {
 
     wsServer.on(
       'connection',
-      async (wsIncoming: WebSocketWithHeartbeat, reqArg: plugins.http.IncomingMessage) => {
+      (wsIncoming: IWebSocketWithHeartbeat, reqArg: plugins.http.IncomingMessage) => {
         console.log(
           `wss proxy: got connection for wsc for https://${reqArg.headers.host}${reqArg.url}`,
         );
@@ -220,21 +94,24 @@ export class NetworkProxy {
         });
 
         let wsOutgoing: plugins.wsDefault;
-
         const outGoingDeferred = plugins.smartpromise.defer();
 
+        // --- Improvement 2: Only call routeReq once ---
+        const wsDestinationConfig = this.router.routeReq(reqArg);
+        if (!wsDestinationConfig) {
+          wsIncoming.terminate();
+          return;
+        }
         try {
           wsOutgoing = new plugins.wsDefault(
-            `ws://${this.router.routeReq(reqArg).destinationIp}:${
+            `ws://${wsDestinationConfig.destinationIp}:${wsDestinationConfig.destinationPort}${reqArg.url}`,
-              this.router.routeReq(reqArg).destinationPort
-            }${reqArg.url}`,
           );
           console.log('wss proxy: initiated outgoing proxy');
           wsOutgoing.on('open', async () => {
             outGoingDeferred.resolve();
           });
         } catch (err) {
-          console.log(err);
+          console.error('Error initiating outgoing WebSocket:', err);
           wsIncoming.terminate();
           return;
         }
@@ -259,20 +136,20 @@ export class NetworkProxy {
         const terminateWsOutgoing = () => {
           if (wsOutgoing) {
             wsOutgoing.terminate();
-            console.log('terminated outgoing ws.');
+            console.log('Terminated outgoing ws.');
           }
         };
-        wsIncoming.on('error', () => terminateWsOutgoing());
+        wsIncoming.on('error', terminateWsOutgoing);
-        wsIncoming.on('close', () => terminateWsOutgoing());
+        wsIncoming.on('close', terminateWsOutgoing);
 
         const terminateWsIncoming = () => {
           if (wsIncoming) {
             wsIncoming.terminate();
-            console.log('terminated incoming ws.');
+            console.log('Terminated incoming ws.');
           }
         };
-        wsOutgoing.on('error', () => terminateWsIncoming());
+        wsOutgoing.on('error', terminateWsIncoming);
-        wsOutgoing.on('close', () => terminateWsIncoming());
+        wsOutgoing.on('close', terminateWsIncoming);
       },
     );
 
@@ -281,26 +158,18 @@ export class NetworkProxy {
 
     this.httpsServer.on('connection', (connection: plugins.net.Socket) => {
       this.socketMap.add(connection);
-      console.log(`added connection. now ${this.socketMap.getArray().length} sockets connected.`);
+      console.log(`Added connection. Now ${this.socketMap.getArray().length} sockets connected.`);
       const cleanupConnection = () => {
         if (this.socketMap.checkForObject(connection)) {
           this.socketMap.remove(connection);
-          console.log(`removed connection. ${this.socketMap.getArray().length} sockets remaining.`);
+          console.log(`Removed connection. ${this.socketMap.getArray().length} sockets remaining.`);
           connection.destroy();
         }
       };
-      connection.on('close', () => {
+      connection.on('close', cleanupConnection);
-        cleanupConnection();
+      connection.on('error', cleanupConnection);
-      });
+      connection.on('end', cleanupConnection);
-      connection.on('error', () => {
+      connection.on('timeout', cleanupConnection);
-        cleanupConnection();
-      });
-      connection.on('end', () => {
-        cleanupConnection();
-      });
-      connection.on('timeout', () => {
-        cleanupConnection();
-      });
     });
 
     this.httpsServer.listen(this.options.port);
@@ -309,7 +178,150 @@ export class NetworkProxy {
     );
   }
 
-  public async updateProxyConfigs(proxyConfigsArg: plugins.tsclass.network.IReverseProxyConfig[]) {
+  /**
+   * Internal async handler for processing HTTP/HTTPS requests.
+   */
+  private async handleRequest(
+    originRequest: plugins.http.IncomingMessage,
+    originResponse: plugins.http.ServerResponse,
+  ): Promise<void> {
+    const endOriginReqRes = (
+      statusArg: number = 404,
+      messageArg: string = 'This route is not available on this server.',
+      headers: plugins.http.OutgoingHttpHeaders = {},
+    ) => {
+      originResponse.writeHead(statusArg, messageArg);
+      originResponse.end(messageArg);
+      if (originRequest.socket !== originResponse.socket) {
+        console.log('hey, something is strange.');
+      }
+      originResponse.destroy();
+    };
+
+    console.log(
+      `got request: ${originRequest.headers.host}${plugins.url.parse(originRequest.url).path}`,
+    );
+    const destinationConfig = this.router.routeReq(originRequest);
+
+    if (!destinationConfig) {
+      console.log(
+        `${originRequest.headers.host} can't be routed properly. Terminating request.`,
+      );
+      endOriginReqRes();
+      return;
+    }
+
+    // authentication
+    if (destinationConfig.authentication) {
+      const authInfo = destinationConfig.authentication;
+      switch (authInfo.type) {
+        case 'Basic': {
+          const authHeader = originRequest.headers.authorization;
+          if (!authHeader) {
+            return endOriginReqRes(401, 'Authentication required', {
+              'WWW-Authenticate': 'Basic realm="Access to the staging site", charset="UTF-8"',
+            });
+          }
+          if (!authHeader.includes('Basic ')) {
+            return endOriginReqRes(401, 'Authentication required', {
+              'WWW-Authenticate': 'Basic realm="Access to the staging site", charset="UTF-8"',
+            });
+          }
+          const authStringBase64 = authHeader.replace('Basic ', '');
+          const authString: string = plugins.smartstring.base64.decode(authStringBase64);
+          const userPassArray = authString.split(':');
+          const user = userPassArray[0];
+          const pass = userPassArray[1];
+          if (user === authInfo.user && pass === authInfo.pass) {
+            console.log('Request successfully authenticated');
+          } else {
+            return endOriginReqRes(403, 'Forbidden: Wrong credentials');
+          }
+          break;
+        }
+        default:
+          return endOriginReqRes(
+            403,
+            'Forbidden: unsupported authentication method configured. Please report to the admin.',
+          );
+      }
+    }
+
+    let destinationUrl: string;
+    if (destinationConfig) {
+      destinationUrl = `http://${destinationConfig.destinationIp}:${destinationConfig.destinationPort}${originRequest.url}`;
+    } else {
+      return endOriginReqRes();
+    }
+    console.log(destinationUrl);
+    try {
+      const proxyResponse = await plugins.smartrequest.request(
+        destinationUrl,
+        {
+          method: originRequest.method,
+          headers: {
+            ...originRequest.headers,
+            'X-Forwarded-Host': originRequest.headers.host,
+            'X-Forwarded-Proto': 'https',
+          },
+          keepAlive: true,
+        },
+        true, // streaming (keepAlive)
+        (proxyRequest) => {
+          originRequest.on('data', (data) => {
+            proxyRequest.write(data);
+          });
+          originRequest.on('end', () => {
+            proxyRequest.end();
+          });
+          originRequest.on('error', () => {
+            proxyRequest.end();
+          });
+          originRequest.on('close', () => {
+            proxyRequest.end();
+          });
+          originRequest.on('timeout', () => {
+            proxyRequest.end();
+            originRequest.destroy();
+          });
+          proxyRequest.on('error', () => {
+            endOriginReqRes();
+          });
+        },
+      );
+      originResponse.statusCode = proxyResponse.statusCode;
+      console.log(proxyResponse.statusCode);
+      for (const defaultHeader of Object.keys(this.defaultHeaders)) {
+        originResponse.setHeader(defaultHeader, this.defaultHeaders[defaultHeader]);
+      }
+      for (const header of Object.keys(proxyResponse.headers)) {
+        originResponse.setHeader(header, proxyResponse.headers[header]);
+      }
+      proxyResponse.on('data', (data) => {
+        originResponse.write(data);
+      });
+      proxyResponse.on('end', () => {
+        originResponse.end();
+      });
+      proxyResponse.on('error', () => {
+        originResponse.destroy();
+      });
+      proxyResponse.on('close', () => {
+        originResponse.end();
+      });
+      proxyResponse.on('timeout', () => {
+        originResponse.end();
+        originResponse.destroy();
+      });
+    } catch (error) {
+      console.error('Error while processing request:', error);
+      endOriginReqRes(502, 'Bad Gateway: Error processing the request');
+    }
+  }
+
+  public async updateProxyConfigs(
+    proxyConfigsArg: plugins.tsclass.network.IReverseProxyConfig[],
+  ) {
     console.log(`got new proxy configs`);
     this.proxyConfigs = proxyConfigsArg;
     this.router.setNewProxyConfigs(proxyConfigsArg);
@@ -347,11 +359,11 @@ export class NetworkProxy {
     this.httpsServer.close(() => {
       done.resolve();
     });
-    await this.socketMap.forEach(async (socket) => {
+    for (const socket of this.socketMap.getArray()) {
       socket.destroy();
-    });
+    }
     await done.promise;
     clearInterval(this.heartbeatInterval);
     console.log('NetworkProxy -> OK: Server has been stopped and all connections closed.');
   }
-}
+}

ts/smartproxy.plugins.ts

@@ -2,9 +2,10 @@
 import * as http from 'http';
 import * as https from 'https';
 import * as net from 'net';
+import * as tls from 'tls';
 import * as url from 'url';
 
-export { http, https, net, url };
+export { http, https, net, tls, url };
 
 // tsclass scope
 import * as tsclass from '@tsclass/tsclass';
@@ -23,5 +24,6 @@ export { lik, smartdelay, smartrequest, smartpromise, smartstring };
 // third party scope
 import * as ws from 'ws';
 import wsDefault from 'ws';
+import { minimatch } from 'minimatch';
 
-export { wsDefault, ws };
+export { wsDefault, ws, minimatch };

ts/smartproxy.portproxy.ts

@@ -1,14 +1,32 @@
 import * as plugins from './smartproxy.plugins.js';
-import * as net from 'net';
 
-export class PortProxy {
+
-  netServer: plugins.net.Server;
+export interface DomainConfig {
+  domain: string;  // glob pattern for domain
+  allowedIPs: string[];  // glob patterns for IPs allowed to access this domain
+}
+
+export interface ProxySettings extends plugins.tls.TlsOptions {
+  // Port configuration
   fromPort: number;
   toPort: number;
+  toHost?: string;  // Target host to proxy to, defaults to 'localhost'
 
-  constructor(fromPortArg: number, toPortArg: number) {
+  // Domain and security settings
-    this.fromPort = fromPortArg;
+  domains: DomainConfig[];
-    this.toPort = toPortArg;
+  sniEnabled?: boolean;
+  defaultAllowedIPs?: string[];  // Optional default IP patterns if no matching domain found
+}
+
+export class PortProxy {
+  netServer: plugins.net.Server | plugins.tls.Server;
+  settings: ProxySettings;
+
+  constructor(settings: ProxySettings) {
+    this.settings = {
+      ...settings,
+      toHost: settings.toHost || 'localhost'
+    };
   }
 
   public async start() {
@@ -22,11 +40,48 @@ export class PortProxy {
       from.destroy();
       to.destroy();
     };
-    this.netServer = net
+    const isAllowed = (value: string, patterns: string[]): boolean => {
-      .createServer((from) => {
+      return patterns.some(pattern => plugins.minimatch(value, pattern));
-        const to = net.createConnection({
+    };
-          host: 'localhost',
+
-          port: this.toPort,
+    const findMatchingDomain = (serverName: string): DomainConfig | undefined => {
+      return this.settings.domains.find(config => plugins.minimatch(serverName, config.domain));
+    };
+
+    const server = this.settings.sniEnabled
+      ? plugins.tls.createServer(this.settings)
+      : plugins.net.createServer();
+    
+    this.netServer = server.on('connection', (from: plugins.net.Socket) => {
+      const remoteIP = from.remoteAddress || '';
+        if (this.settings.sniEnabled && from instanceof plugins.tls.TLSSocket) {
+          const serverName = (from as any).servername || '';
+          const domainConfig = findMatchingDomain(serverName);
+
+          if (!domainConfig) {
+            // If no matching domain config found, check default IPs if available
+            if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
+              console.log(`Connection rejected: No matching domain config for ${serverName} from IP ${remoteIP}`);
+              from.end();
+              return;
+            }
+          } else {
+            // Check if IP is allowed for this domain
+            if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
+              console.log(`Connection rejected: IP ${remoteIP} not allowed for domain ${serverName}`);
+              from.end();
+              return;
+            }
+          }
+        } else if (!this.settings.defaultAllowedIPs || !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
+          console.log(`Connection rejected: IP ${remoteIP} not allowed for non-SNI connection`);
+          from.end();
+          return;
+        }
+
+        const to = plugins.net.createConnection({
+          host: this.settings.toHost!,
+          port: this.settings.toPort,
         });
         from.setTimeout(120000);
         from.pipe(to);
@@ -56,8 +111,8 @@ export class PortProxy {
           cleanUpSockets(from, to);
         });
       })
-      .listen(this.fromPort);
+      .listen(this.settings.fromPort);
-    console.log(`PortProxy -> OK: Now listening on port ${this.fromPort}`);
+    console.log(`PortProxy -> OK: Now listening on port ${this.settings.fromPort}`);
   }
 
   public async stop() {