3.13.0

changelog.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## 2025-02-25 - 3.13.0 - feat(core)
+Add support for tagging iptables rules with comments and cleaning them up on process exit
+
+- Extended IPTablesProxy class to include tagging rules with unique comments.
+- Added feature to clean up iptables rules via comments during process exit.
+
+## 2025-02-24 - 3.12.0 - feat(IPTablesProxy)
+Introduce IPTablesProxy class for managing iptables NAT rules
+
+- Added IPTablesProxy class to facilitate basic port forwarding using iptables.
+- Introduced IIpTableProxySettings interface for configuring IPTablesProxy.
+- Implemented start and stop methods for managing iptables rules dynamically.
+
+## 2025-02-24 - 3.11.0 - feat(Port80Handler)
+Add automatic certificate issuance with ACME client
+
+- Implemented automatic certificate issuance using 'acme-client' for Port80Handler.
+- Converts account key and CSR from Buffers to strings for processing.
+- Implemented HTTP-01 challenge handling for certificate acquisition.
+- New certificates are fetched and added dynamically.
+
 ## 2025-02-24 - 3.10.5 - fix(portproxy)
 Fix incorrect import path in test file
 

npmextra.json

@@ -5,7 +5,7 @@
       "githost": "code.foss.global",
       "gitscope": "push.rocks",
       "gitrepo": "smartproxy",
-      "description": "a proxy for handling high workloads of proxying",
+      "description": "A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.",
       "npmPackagename": "@push.rocks/smartproxy",
       "license": "MIT",
       "projectDomain": "push.rocks",
@@ -20,7 +20,11 @@
         "ssl redirect",
         "port mapping",
         "reverse proxy",
-        "authentication"
+        "authentication",
+        "dynamic routing",
+        "sni",
+        "port forwarding",
+        "real-time applications"
       ]
     }
   },

package.json

@@ -1,8 +1,8 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "3.10.5",
+  "version": "3.13.0",
   "private": false,
-  "description": "a proxy for handling high workloads of proxying",
+  "description": "A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.",
   "main": "dist_ts/index.js",
   "typings": "dist_ts/index.d.ts",
   "type": "module",
@@ -31,6 +31,7 @@
     "@tsclass/tsclass": "^4.4.0",
     "@types/minimatch": "^5.1.2",
     "@types/ws": "^8.5.14",
+    "acme-client": "^5.4.0",
     "minimatch": "^9.0.3",
     "pretty-ms": "^9.2.0",
     "ws": "^8.18.0"
@@ -61,7 +62,11 @@
     "ssl redirect",
     "port mapping",
     "reverse proxy",
-    "authentication"
+    "authentication",
+    "dynamic routing",
+    "sni",
+    "port forwarding",
+    "real-time applications"
   ],
   "homepage": "https://code.foss.global/push.rocks/smartproxy#readme",
   "repository": {

pnpm-lock.yaml

@@ -32,6 +32,9 @@ importers:
       '@types/ws':
         specifier: ^8.5.14
         version: 8.5.14
+      acme-client:
+        specifier: ^5.4.0
+        version: 5.4.0
       minimatch:
         specifier: ^9.0.3
         version: 9.0.5
@@ -683,6 +686,39 @@ packages:
   '@pdf-lib/upng@1.0.1':
     resolution: {integrity: sha512-dQK2FUMQtowVP00mtIksrlZhdFXQZPC+taih1q4CvPZ5vqdxR/LKBaFg0oAfzd1GlHZXXSPdQfzQnt+ViGvEIQ==}
 
+  '@peculiar/asn1-cms@2.3.15':
+    resolution: {integrity: sha512-B+DoudF+TCrxoJSTjjcY8Mmu+lbv8e7pXGWrhNp2/EGJp9EEcpzjBCar7puU57sGifyzaRVM03oD5L7t7PghQg==}
+
+  '@peculiar/asn1-csr@2.3.15':
+    resolution: {integrity: sha512-caxAOrvw2hUZpxzhz8Kp8iBYKsHbGXZPl2KYRMIPvAfFateRebS3136+orUpcVwHRmpXWX2kzpb6COlIrqCumA==}
+
+  '@peculiar/asn1-ecc@2.3.15':
+    resolution: {integrity: sha512-/HtR91dvgog7z/WhCVdxZJ/jitJuIu8iTqiyWVgRE9Ac5imt2sT/E4obqIVGKQw7PIy+X6i8lVBoT6wC73XUgA==}
+
+  '@peculiar/asn1-pfx@2.3.15':
+    resolution: {integrity: sha512-E3kzQe3J2xV9DP6SJS4X6/N1e4cYa2xOAK46VtvpaRk8jlheNri8v0rBezKFVPB1rz/jW8npO+u1xOvpATFMWg==}
+
+  '@peculiar/asn1-pkcs8@2.3.15':
+    resolution: {integrity: sha512-/PuQj2BIAw1/v76DV1LUOA6YOqh/UvptKLJHtec/DQwruXOCFlUo7k6llegn8N5BTeZTWMwz5EXruBw0Q10TMg==}
+
+  '@peculiar/asn1-pkcs9@2.3.15':
+    resolution: {integrity: sha512-yiZo/1EGvU1KiQUrbcnaPGWc0C7ElMMskWn7+kHsCFm+/9fU0+V1D/3a5oG0Jpy96iaXggQpA9tzdhnYDgjyFg==}
+
+  '@peculiar/asn1-rsa@2.3.15':
+    resolution: {integrity: sha512-p6hsanvPhexRtYSOHihLvUUgrJ8y0FtOM97N5UEpC+VifFYyZa0iZ5cXjTkZoDwxJ/TTJ1IJo3HVTB2JJTpXvg==}
+
+  '@peculiar/asn1-schema@2.3.15':
+    resolution: {integrity: sha512-QPeD8UA8axQREpgR5UTAfu2mqQmm97oUqahDtNdBcfj3qAnoXzFdQW+aNf/tD2WVXF8Fhmftxoj0eMIT++gX2w==}
+
+  '@peculiar/asn1-x509-attr@2.3.15':
+    resolution: {integrity: sha512-TWJVJhqc+IS4MTEML3l6W1b0sMowVqdsnI4dnojg96LvTuP8dga9f76fjP07MUuss60uSyT2ckoti/2qHXA10A==}
+
+  '@peculiar/asn1-x509@2.3.15':
+    resolution: {integrity: sha512-0dK5xqTqSLaxv1FHXIcd4Q/BZNuopg+u1l23hT9rOmQ1g4dNtw0g/RnEi+TboB0gOwGtrWn269v27cMgchFIIg==}
+
+  '@peculiar/x509@1.12.3':
+    resolution: {integrity: sha512-+Mzq+W7cNEKfkNZzyLl6A6ffqc3r21HGZUezgfKxpZrkORfOqgRXnS80Zu0IV6a9Ue9QBJeKD7kN0iWfc3bhRQ==}
+
   '@pkgjs/parseargs@0.11.0':
     resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
     engines: {node: '>=14'}
@@ -1563,6 +1599,10 @@ packages:
     resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==}
     engines: {node: '>= 0.6'}
 
+  acme-client@5.4.0:
+    resolution: {integrity: sha512-mORqg60S8iML6XSmVjqjGHJkINrCGLMj2QvDmFzI9vIlv1RGlyjmw3nrzaINJjkNsYXC41XhhD5pfy7CtuGcbA==}
+    engines: {node: '>= 16'}
+
   agent-base@6.0.2:
     resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
     engines: {node: '>= 6.0.0'}
@@ -1626,6 +1666,10 @@ packages:
     resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
     engines: {node: '>=8'}
 
+  asn1js@3.0.5:
+    resolution: {integrity: sha512-FVnvrKJwpt9LP2lAMl8qZswRNm3T4q9CON+bxldk2iwk3FFpuwhx2FfinyitizWHsVYyaY+y5JzDR0rCMV5yTQ==}
+    engines: {node: '>=12.0.0'}
+
   astral-regex@2.0.0:
     resolution: {integrity: sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==}
     engines: {node: '>=8'}
@@ -1643,6 +1687,9 @@ packages:
     resolution: {integrity: sha512-RE3mdQ7P3FRSe7eqCWoeQ/Z9QXrtniSjp1wUjt5nRC3WIpz5rSCve6o3fsZ2aCpJtrZjSZgjwXAoTO5k4tEI0w==}
     engines: {node: '>=4'}
 
+  axios@1.7.9:
+    resolution: {integrity: sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==}
+
   b4a@1.6.7:
     resolution: {integrity: sha512-OnAYlL5b7LEkALw87fUVafQw5rVR9RjwGd4KUwNQ6DrrNmaVaUCgLipfVlzrPQ4tWOR9P0IXGNOx50jYCCdSJg==}
 
@@ -3463,6 +3510,13 @@ packages:
     resolution: {integrity: sha512-+vZPU8iBSdCx1Kn5hHas80fyo0TiVyMeqLGv/1dygX2HKhAZjO9YThadbRTCoTYq0yWw+w/CysldPsEekDtjDQ==}
     engines: {node: '>=14.1.0'}
 
+  pvtsutils@1.3.6:
+    resolution: {integrity: sha512-PLgQXQ6H2FWCaeRak8vvk1GW462lMxB5s3Jm673N82zI4vqtVUPuZdffdZbPDFRoU8kAhItWFtPCWiPpp4/EDg==}
+
+  pvutils@1.1.3:
+    resolution: {integrity: sha512-pMpnA0qRdFp32b1sJl1wOJNxZLQ2cbQx+k6tjNtZ8CpvVhNqEPRgivZ2WOUev2YMajecdH7ctUPDvEe87nariQ==}
+    engines: {node: '>=6.0.0'}
+
   qs@6.13.0:
     resolution: {integrity: sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==}
     engines: {node: '>=0.6'}
@@ -3508,6 +3562,9 @@ packages:
     resolution: {integrity: sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==}
     engines: {node: '>= 14.18.0'}
 
+  reflect-metadata@0.2.2:
+    resolution: {integrity: sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==}
+
   regenerator-runtime@0.14.1:
     resolution: {integrity: sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==}
 
@@ -3897,6 +3954,10 @@ packages:
     engines: {node: '>=18.0.0'}
     hasBin: true
 
+  tsyringe@4.8.0:
+    resolution: {integrity: sha512-YB1FG+axdxADa3ncEtRnQCFq/M0lALGLxSZeVNbTU8NqhOVc51nnv2CISTcvc1kyv6EGPtXVr0v6lWeDxiijOA==}
+    engines: {node: '>= 6.0.0'}
+
   turndown-plugin-gfm@1.0.2:
     resolution: {integrity: sha512-vwz9tfvF7XN/jE0dGoBei3FXWuvll78ohzCZQuOb+ZjWrs3a0XhQVomJEb2Qh4VHTPNRO4GPZh0V7VRbiWwkRg==}
 
@@ -5212,6 +5273,96 @@ snapshots:
     dependencies:
       pako: 1.0.11
 
+  '@peculiar/asn1-cms@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      '@peculiar/asn1-x509-attr': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-csr@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-ecc@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pfx@2.3.15':
+    dependencies:
+      '@peculiar/asn1-cms': 2.3.15
+      '@peculiar/asn1-pkcs8': 2.3.15
+      '@peculiar/asn1-rsa': 2.3.15
+      '@peculiar/asn1-schema': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pkcs8@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pkcs9@2.3.15':
+    dependencies:
+      '@peculiar/asn1-cms': 2.3.15
+      '@peculiar/asn1-pfx': 2.3.15
+      '@peculiar/asn1-pkcs8': 2.3.15
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      '@peculiar/asn1-x509-attr': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-rsa@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-schema@2.3.15':
+    dependencies:
+      asn1js: 3.0.5
+      pvtsutils: 1.3.6
+      tslib: 2.8.1
+
+  '@peculiar/asn1-x509-attr@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      asn1js: 3.0.5
+      tslib: 2.8.1
+
+  '@peculiar/asn1-x509@2.3.15':
+    dependencies:
+      '@peculiar/asn1-schema': 2.3.15
+      asn1js: 3.0.5
+      pvtsutils: 1.3.6
+      tslib: 2.8.1
+
+  '@peculiar/x509@1.12.3':
+    dependencies:
+      '@peculiar/asn1-cms': 2.3.15
+      '@peculiar/asn1-csr': 2.3.15
+      '@peculiar/asn1-ecc': 2.3.15
+      '@peculiar/asn1-pkcs9': 2.3.15
+      '@peculiar/asn1-rsa': 2.3.15
+      '@peculiar/asn1-schema': 2.3.15
+      '@peculiar/asn1-x509': 2.3.15
+      pvtsutils: 1.3.6
+      reflect-metadata: 0.2.2
+      tslib: 2.8.1
+      tsyringe: 4.8.0
+
   '@pkgjs/parseargs@0.11.0':
     optional: true
 
@@ -6783,6 +6934,16 @@ snapshots:
       mime-types: 2.1.35
       negotiator: 0.6.3
 
+  acme-client@5.4.0:
+    dependencies:
+      '@peculiar/x509': 1.12.3
+      asn1js: 3.0.5
+      axios: 1.7.9(debug@4.4.0)
+      debug: 4.4.0
+      node-forge: 1.3.1
+    transitivePeerDependencies:
+      - supports-color
+
   agent-base@6.0.2:
     dependencies:
       debug: 4.3.4
@@ -6834,6 +6995,12 @@ snapshots:
 
   array-union@2.1.0: {}
 
+  asn1js@3.0.5:
+    dependencies:
+      pvtsutils: 1.3.6
+      pvutils: 1.1.3
+      tslib: 2.8.1
+
   astral-regex@2.0.0: {}
 
   async-mutex@0.3.2:
@@ -6846,6 +7013,14 @@ snapshots:
 
   axe-core@4.10.2: {}
 
+  axios@1.7.9(debug@4.4.0):
+    dependencies:
+      follow-redirects: 1.15.9(debug@4.4.0)
+      form-data: 4.0.1
+      proxy-from-env: 1.1.0
+    transitivePeerDependencies:
+      - debug
+
   b4a@1.6.7: {}
 
   bail@2.0.2: {}
@@ -8954,6 +9129,12 @@ snapshots:
       - supports-color
       - utf-8-validate
 
+  pvtsutils@1.3.6:
+    dependencies:
+      tslib: 2.8.1
+
+  pvutils@1.1.3: {}
+
   qs@6.13.0:
     dependencies:
       side-channel: 1.1.0
@@ -9008,6 +9189,8 @@ snapshots:
 
   readdirp@4.1.1: {}
 
+  reflect-metadata@0.2.2: {}
+
   regenerator-runtime@0.14.1: {}
 
   registry-auth-token@5.0.3:
@@ -9488,6 +9671,10 @@ snapshots:
     optionalDependencies:
       fsevents: 2.3.3
 
+  tsyringe@4.8.0:
+    dependencies:
+      tslib: 1.14.1
+
   turndown-plugin-gfm@1.0.2: {}
 
   turndown@7.2.0:

readme.md

@@ -14,11 +14,11 @@ This will add `@push.rocks/smartproxy` to your project's dependencies.
 
 ## Usage
 
-`@push.rocks/smartproxy` is a versatile package for setting up and handling proxies with various capabilities such as SSL redirection, port proxying, and creating network proxies with complex routing rules. Below is a comprehensive guide on using its features.
+`@push.rocks/smartproxy` is a comprehensive and versatile package designed to handle complex and high-volume proxying tasks efficiently. It includes features such as SSL redirection, port proxying, WebSocket support, and customizable routing and authentication mechanisms. This guide will provide a detailed walkthrough of how to harness these capabilities effectively. 
 
-### Setting Up a Network Proxy
+### Initial Setup
 
-Create a network proxy to route incoming HTTPS requests to different local servers based on the hostname.
+Before diving into specific features, let's start by configuring and setting up our basic proxy server:
 
 ```typescript
 import { NetworkProxy } from '@push.rocks/smartproxy';
@@ -26,7 +26,7 @@ import { NetworkProxy } from '@push.rocks/smartproxy';
 // Instantiate the NetworkProxy with desired options
 const myNetworkProxy = new NetworkProxy({ port: 443 });
 
-// Define your reverse proxy configurations
+// Define reverse proxy configurations
 const proxyConfigs = [
   {
     destinationIp: '127.0.0.1',
@@ -39,70 +39,187 @@ PRIVATE_KEY_CONTENT
 CERTIFICATE_CONTENT
 -----END CERTIFICATE-----`,
   },
-  // Add more reverse proxy configurations here
+  // More configurations can be added here
 ];
 
 // Start the network proxy
 await myNetworkProxy.start();
 
-// Update proxy configurations dynamically
+// Apply proxy configurations
 await myNetworkProxy.updateProxyConfigs(proxyConfigs);
 
-// Optionally, add default headers to all responses
+// Optionally add default headers to all responses
 await myNetworkProxy.addDefaultHeaders({
   'X-Powered-By': 'smartproxy',
 });
 ```
 
-### Port Proxying
+### Configuring SSL Redirection
 
-You can also set up a port proxy to forward traffic from one port to another, which is useful for dynamic port forwarding scenarios.
-
-```typescript
-import { PortProxy } from '@push.rocks/smartproxy';
-
-// Create a PortProxy to forward traffic from port 5000 to port 3000
-const myPortProxy = new PortProxy(5000, 3000);
-
-// Start the port proxy
-await myPortProxy.start();
-
-// To stop the port proxy, simply call
-await myPortProxy.stop();
-```
-
-### Enabling SSL Redirection
-
-Easily redirect HTTP traffic to HTTPS using the `SslRedirect` class. This is particularly useful when ensuring all traffic uses encryption.
+One essential capability of a robust proxy server is ensuring that all HTTP traffic is redirected to secure HTTPS endpoints. This can be effortlessly accomplished using the `SslRedirect` class within `smartproxy`. This class listens on port 80 (HTTP) and redirects all incoming requests to HTTPS:
 
 ```typescript
 import { SslRedirect } from '@push.rocks/smartproxy';
 
-// Instantiate the SslRedirect on port 80 (HTTP)
+// Instantiate the SslRedirect for listening on port 80
 const mySslRedirect = new SslRedirect(80);
 
-// Start listening and redirecting to HTTPS
+// Start listening and redirect HTTP traffic to HTTPS
 await mySslRedirect.start();
 
-// To stop the redirection, use
+// To stop redirection, you can use the following command:
 await mySslRedirect.stop();
 ```
 
-### Advanced Usage
+### Handling Complex Networking with Port Proxy
 
-The package integrates seamlessly with TypeScript, allowing for advanced use cases, such as implementing custom routing logic, authentication mechanisms, and handling WebSocket connections through the network proxy.
+Port proxying allows redirection of traffic from one port to another. This capability is crucial when dealing with services that need dynamic port forwarding, or when adapting to infrastructure changes without downtime. Smartproxy's `PortProxy` class handles this efficiently:
 
-For a more advanced setup involving WebSocket proxying and dynamic configuration reloading, refer to the network proxy example provided above. The WebSocket support demonstrates how seamless it is to work with real-time applications.
+```typescript
+import { PortProxy } from '@push.rocks/smartproxy';
 
-Remember, when dealing with certificates and private keys for HTTPS configurations, always secure your keys and store them appropriately.
+// Create a PortProxy to directly forward traffic from port 5000 to 3000
+const myPortProxy = new PortProxy(5000, 3000);
 
-`@push.rocks/smartproxy` provides a solid foundation for handling high workloads and complex proxying requirements with ease, whether you're implementing SSL redirections, port forwarding, or extensive routing and WebSocket support in your network.
+// Initiate the port proxy
+await myPortProxy.start();
 
-For more information on how to use the features, refer to the in-depth documentation available in the package's repository or the npm package description.
+// To stop the port proxy mechanism:
+await myPortProxy.stop();
+```
+
+Additionally, smartproxy's port proxying can support intricate scenarios where different forwarding rules are configured based on domain names or allowed IPs:
+
+```typescript
+import { PortProxy } from '@push.rocks/smartproxy';
+
+const myComplexPortProxy = new PortProxy({
+  fromPort: 6000,
+  toPort: 3000,
+  domains: [
+    {
+      domain: 'api.example.com',
+      allowedIPs: ['192.168.0.*', '127.0.0.1'],
+      targetIP: '192.168.1.100'
+    }
+    // Define more domain-specific rules if needed
+  ],
+  sniEnabled: true,  // if SNI (Server Name Indication) is desired
+  defaultAllowedIPs: ['*']);
+});
+
+// Start listening for complex routing requests
+await myComplexPortProxy.start();
+```
+
+### WebSocket Support and Load Handling
+
+With the advent of real-time applications, efficient WebSocket handling in proxies is crucial. Smartproxy integrates WebSocket support seamlessly, enabling it to proxy WebSocket traffic while maintaining security and performance:
+
+```typescript
+import { NetworkProxy } from '@push.rocks/smartproxy';
+
+const wsProxy = new NetworkProxy({ port: 443 });
+
+// Assume reverse proxy configurations with WebSocket intentions
+const wsProxyConfigs = [
+  {
+    destinationIp: '127.0.0.1',
+    destinationPort: '8080',
+    hostName: 'socket.example.com',
+    // Add further options such as keys for SSL if needed
+  }
+];
+
+// Start the network proxy with WebSocket capabilities
+await wsProxy.start();
+await wsProxy.updateProxyConfigs(wsProxyConfigs);
+
+// Ensure WebSocket connections remain alive
+wsProxy.heartbeatInterval = setInterval(() => {
+  // logic for keeping connections alive and healthy
+}, 60000); // Every 60 seconds
+
+// Gracefully handle server or connection errors to maintain uptime
+wsProxy.httpsServer.on('error', (error) => console.log('Server Error:', error));
+```
+
+### Comprehensive Routing and Advanced Features
+
+Smartproxy supports dynamic and customizable request routing based on the incoming request's destination. This feature enables extensive use-case scenarios, from simple API endpoint redirection to elaborate B2B service integrations:
+
+```typescript
+import { NetworkProxy } from '@push.rocks/smartproxy';
+
+const dynamicRoutingProxy = new NetworkProxy({ port: 8443 });
+dynamicRoutingProxy.router.setNewProxyConfigs([
+  {
+    destinationIp: '192.168.1.150',
+    destinationPort: '80',
+    hostName: 'dynamic.example.com',
+    authentication: {
+      type: 'Basic',
+      user: 'admin',
+      pass: 'password123'
+    }
+  }
+]);
+
+await dynamicRoutingProxy.start();
+```
+
+For those dealing with high volume or regulatory needs, the integration of tools like `iptables` allows broad control over network traffic:
+
+```typescript
+import { IPTablesProxy } from '@push.rocks/smartproxy';
+
+// Setting up iptables for advanced network management
+const ipTablesProxy = new IPTablesProxy({
+  fromPort: 8081,
+  toPort: 8080,
+  deleteOnExit: true // clean rules upon server shutdown
+});
+
+// Begin routing with IPTables
+await ipTablesProxy.start();
+```
+
+### Combining with HTTP and HTTPS Credentials
+
+When undertaking proxy configurations, handling sensitive data like SSL certificates and keys securely is imperative:
+
+```typescript
+import { loadDefaultCertificates } from '@push.rocks/smartproxy';
+
+try {
+  const { privateKey, publicKey } = loadDefaultCertificates(); // adjust path as needed
+  console.log('Certificates loaded.');
+  // Use these certificates in your SSL-based configurations
+} catch (error) {
+  console.error('Cannot load certificates:', error);
+}
+```
+
+### Testing and Validation
+
+Given these powerful capabilities, rigorous testing of configurations and functionality using frameworks like `tap` can ensure high-quality and reliable proxy configurations. Smartproxy integrates with Typescript test setups:
+
+```typescript
+import { expect, tap } from '@push.rocks/tapbundle';
+import { NetworkProxy } from '@push.rocks/smartproxy';
+
+tap.test('proxied request should return status 200', async () => {
+  // Your test logic here
+});
+
+tap.start();
+```
+
+In summary, `@push.rocks/smartproxy` offers a plethora of solutions tailored to both common and sophisticated proxying needs. Whether you're seeking straightforward port forwarding, secure SSL redirection, WebSocket management, or robust network routing controls, smartproxy provides the right tools for efficient and effective proxy operations. Through its integration simplicity and versatile configurations, developers can ensure high performance and secure proxying across various environments and applications.
 
 ## License and Legal Information
 
-This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
+This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. 
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.10.5',
-  description: 'a proxy for handling high workloads of proxying'
+  version: '3.13.0',
+  description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
 }

ts/classes.iptablesproxy.ts

@@ -0,0 +1,183 @@
+import { exec, execSync } from 'child_process';
+import { promisify } from 'util';
+
+const execAsync = promisify(exec);
+
+/**
+ * Settings for IPTablesProxy.
+ */
+export interface IIpTableProxySettings {
+  fromPort: number;
+  toPort: number;
+  toHost?: string; // Target host for proxying; defaults to 'localhost'
+  preserveSourceIP?: boolean; // If true, the original source IP is preserved.
+  deleteOnExit?: boolean;   // If true, clean up marked iptables rules before process exit.
+}
+
+/**
+ * IPTablesProxy sets up iptables NAT rules to forward TCP traffic.
+ * It only supports basic port forwarding and uses iptables comments to tag rules.
+ */
+export class IPTablesProxy {
+  public settings: IIpTableProxySettings;
+  private rulesInstalled: boolean = false;
+  private ruleTag: string;
+
+  constructor(settings: IIpTableProxySettings) {
+    this.settings = {
+      ...settings,
+      toHost: settings.toHost || 'localhost',
+    };
+    // Generate a unique identifier for the rules added by this instance.
+    this.ruleTag = `IPTablesProxy:${Date.now()}:${Math.random().toString(36).substr(2, 5)}`;
+
+    // If deleteOnExit is true, register cleanup handlers.
+    if (this.settings.deleteOnExit) {
+      const cleanup = () => {
+        try {
+          IPTablesProxy.cleanSlateSync();
+        } catch (err) {
+          console.error('Error cleaning iptables rules on exit:', err);
+        }
+      };
+      process.on('exit', cleanup);
+      process.on('SIGINT', () => {
+        cleanup();
+        process.exit();
+      });
+      process.on('SIGTERM', () => {
+        cleanup();
+        process.exit();
+      });
+    }
+  }
+
+  /**
+   * Sets up iptables rules for port forwarding.
+   * The rules are tagged with a unique comment so that they can be identified later.
+   */
+  public async start(): Promise<void> {
+    const dnatCmd = `iptables -t nat -A PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
+      `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
+      `-m comment --comment "${this.ruleTag}:DNAT"`;
+    try {
+      await execAsync(dnatCmd);
+      console.log(`Added iptables rule: ${dnatCmd}`);
+      this.rulesInstalled = true;
+    } catch (err) {
+      console.error(`Failed to add iptables DNAT rule: ${err}`);
+      throw err;
+    }
+
+    // If preserveSourceIP is false, add a MASQUERADE rule.
+    if (!this.settings.preserveSourceIP) {
+      const masqueradeCmd = `iptables -t nat -A POSTROUTING -p tcp -d ${this.settings.toHost} ` +
+        `--dport ${this.settings.toPort} -j MASQUERADE ` +
+        `-m comment --comment "${this.ruleTag}:MASQ"`;
+      try {
+        await execAsync(masqueradeCmd);
+        console.log(`Added iptables rule: ${masqueradeCmd}`);
+      } catch (err) {
+        console.error(`Failed to add iptables MASQUERADE rule: ${err}`);
+        // Roll back the DNAT rule if MASQUERADE fails.
+        try {
+          const rollbackCmd = `iptables -t nat -D PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
+            `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
+            `-m comment --comment "${this.ruleTag}:DNAT"`;
+          await execAsync(rollbackCmd);
+          this.rulesInstalled = false;
+        } catch (rollbackErr) {
+          console.error(`Rollback failed: ${rollbackErr}`);
+        }
+        throw err;
+      }
+    }
+  }
+
+  /**
+   * Removes the iptables rules that were added in start(), by matching the unique comment.
+   */
+  public async stop(): Promise<void> {
+    if (!this.rulesInstalled) return;
+
+    const dnatDelCmd = `iptables -t nat -D PREROUTING -p tcp --dport ${this.settings.fromPort} ` +
+      `-j DNAT --to-destination ${this.settings.toHost}:${this.settings.toPort} ` +
+      `-m comment --comment "${this.ruleTag}:DNAT"`;
+    try {
+      await execAsync(dnatDelCmd);
+      console.log(`Removed iptables rule: ${dnatDelCmd}`);
+    } catch (err) {
+      console.error(`Failed to remove iptables DNAT rule: ${err}`);
+    }
+
+    if (!this.settings.preserveSourceIP) {
+      const masqueradeDelCmd = `iptables -t nat -D POSTROUTING -p tcp -d ${this.settings.toHost} ` +
+        `--dport ${this.settings.toPort} -j MASQUERADE ` +
+        `-m comment --comment "${this.ruleTag}:MASQ"`;
+      try {
+        await execAsync(masqueradeDelCmd);
+        console.log(`Removed iptables rule: ${masqueradeDelCmd}`);
+      } catch (err) {
+        console.error(`Failed to remove iptables MASQUERADE rule: ${err}`);
+      }
+    }
+
+    this.rulesInstalled = false;
+  }
+
+  /**
+   * Asynchronously cleans up any iptables rules in the nat table that were added by this module.
+   * It looks for rules with comments containing "IPTablesProxy:".
+   */
+  public static async cleanSlate(): Promise<void> {
+    try {
+      const { stdout } = await execAsync('iptables-save -t nat');
+      const lines = stdout.split('\n');
+      const proxyLines = lines.filter(line => line.includes('IPTablesProxy:'));
+      for (const line of proxyLines) {
+        const trimmedLine = line.trim();
+        if (trimmedLine.startsWith('-A')) {
+          // Replace the "-A" with "-D" to form a deletion command.
+          const deleteRule = trimmedLine.replace('-A', '-D');
+          const cmd = `iptables -t nat ${deleteRule}`;
+          try {
+            await execAsync(cmd);
+            console.log(`Cleaned up iptables rule: ${cmd}`);
+          } catch (err) {
+            console.error(`Failed to remove iptables rule: ${cmd}`, err);
+          }
+        }
+      }
+    } catch (err) {
+      console.error(`Failed to run iptables-save: ${err}`);
+    }
+  }
+
+  /**
+   * Synchronously cleans up any iptables rules in the nat table that were added by this module.
+   * It looks for rules with comments containing "IPTablesProxy:".
+   * This method is intended for use in process exit handlers.
+   */
+  public static cleanSlateSync(): void {
+    try {
+      const stdout = execSync('iptables-save -t nat').toString();
+      const lines = stdout.split('\n');
+      const proxyLines = lines.filter(line => line.includes('IPTablesProxy:'));
+      for (const line of proxyLines) {
+        const trimmedLine = line.trim();
+        if (trimmedLine.startsWith('-A')) {
+          const deleteRule = trimmedLine.replace('-A', '-D');
+          const cmd = `iptables -t nat ${deleteRule}`;
+          try {
+            execSync(cmd);
+            console.log(`Cleaned up iptables rule: ${cmd}`);
+          } catch (err) {
+            console.error(`Failed to remove iptables rule: ${cmd}`, err);
+          }
+        }
+      }
+    } catch (err) {
+      console.error(`Failed to run iptables-save: ${err}`);
+    }
+  }
+}

ts/classes.port80handler.ts

@@ -55,8 +55,8 @@ export class Port80Handler {
     if (this.acmeClient) {
       return this.acmeClient;
     }
-    // Generate a new account key.
-    this.accountKey = await acme.forge.createPrivateKey();
+    // Generate a new account key and convert Buffer to string.
+    this.accountKey = (await acme.forge.createPrivateKey()).toString();
     this.acmeClient = new acme.Client({
       directoryUrl: acme.directory.letsencrypt.production, // Use production for a real certificate
       // For testing, you could use:
@@ -170,7 +170,11 @@ export class Port80Handler {
         domainInfo.challengeKeyAuthorization = keyAuthorization;
 
         // Notify the ACME server that the challenge is ready.
-        await client.verifyChallenge(authz, challenge, keyAuthorization);
+        // The acme-client examples show that verifyChallenge takes three arguments:
+        // (authorization, challenge, keyAuthorization). However, the official TypeScript
+        // types appear to be out-of-sync. As a workaround, we cast client to 'any'.
+        await (client as any).verifyChallenge(authz, challenge, keyAuthorization);
+
         await client.completeChallenge(challenge);
         // Wait until the challenge is validated.
         await client.waitForValidStatus(challenge);
@@ -178,9 +182,12 @@ export class Port80Handler {
       }
 
       // Generate a CSR and a new private key for the domain.
-      const [csr, privateKey] = await acme.forge.createCsr({
+      // Convert the resulting Buffers to strings.
+      const [csrBuffer, privateKeyBuffer] = await acme.forge.createCsr({
         commonName: domain,
       });
+      const csr = csrBuffer.toString();
+      const privateKey = privateKeyBuffer.toString();
 
       // Finalize the order and obtain the certificate.
       await client.finalizeOrder(order, csr);
@@ -195,8 +202,7 @@ export class Port80Handler {
       delete domainInfo.challengeKeyAuthorization;
 
       console.log(`Certificate obtained for ${domain}`);
-      // In a real application, you would persist the certificate and key,
-      // then reload your TLS server with the new credentials.
+      // In a production system, persist the certificate and key and reload your TLS server.
     } catch (error) {
       console.error(`Error during certificate issuance for ${domain}:`, error);
       const domainInfo = this.domainCertificates.get(domain);
@@ -206,7 +212,3 @@ export class Port80Handler {
     }
   }
 }
-
-// Example usage:
-// const handler = new Port80Handler();
-// handler.addDomain('example.com');

ts/classes.portproxy.ts

@@ -6,7 +6,7 @@ export interface IDomainConfig {
   targetIP?: string;      // Optional target IP for this domain
 }
 
-export interface IProxySettings extends plugins.tls.TlsOptions {
+export interface IPortProxySettings extends plugins.tls.TlsOptions {
   fromPort: number;
   toPort: number;
   toHost?: string; // Target host to proxy to, defaults to 'localhost'
@@ -89,7 +89,7 @@ interface IConnectionRecord {
 
 export class PortProxy {
   netServer: plugins.net.Server;
-  settings: IProxySettings;
+  settings: IPortProxySettings;
   // Unified record tracking each connection pair.
   private connectionRecords: Set<IConnectionRecord> = new Set();
   private connectionLogger: NodeJS.Timeout | null = null;
@@ -102,7 +102,7 @@ export class PortProxy {
     outgoing: {},
   };
 
-  constructor(settings: IProxySettings) {
+  constructor(settings: IPortProxySettings) {
     this.settings = {
       ...settings,
       toHost: settings.toHost || 'localhost',

ts/index.ts

@@ -1,3 +1,5 @@
+export * from './classes.iptablesproxy.js';
 export * from './classes.networkproxy.js';
 export * from './classes.portproxy.js';
+export * from './classes.port80handler.js';
 export * from './classes.sslredirect.js';