3.16.3

changelog.md

@@ -1,5 +1,55 @@
 # Changelog
 
+## 2025-02-27 - 3.16.3 - fix(PortProxy)
+Refactored PortProxy to support multiple listening ports and improved modularity.
+
+- Updated PortProxy to allow multiple listening ports with flexible configuration.
+- Moved helper functions for IP and port range checks outside the class for cleaner code structure.
+
+## 2025-02-27 - 3.16.2 - fix(PortProxy)
+Fix port-based routing logic in PortProxy
+
+- Optimized the handling and checking of local ports in the global port range.
+- Fixed the logic for rejecting or accepting connections based on predefined port ranges.
+- Improved handling of the default and specific domain configurations during port-based connections.
+
+## 2025-02-27 - 3.16.1 - fix(core)
+Updated minor version numbers in dependencies for patch release.
+
+- No specific file changes detected.
+- Dependencies versioning adjusted for stability.
+
+## 2025-02-27 - 3.16.0 - feat(PortProxy)
+Enhancements made to PortProxy settings and capabilities
+
+- Added 'forwardAllGlobalRanges' and 'targetIP' to IPortProxySettings.
+- Improved PortProxy to forward connections based on domain-specific configurations.
+- Added comprehensive handling for global port-range based connection forwarding.
+- Enabled forwarding of all connections on global port ranges directly to global target IP.
+
+## 2025-02-27 - 3.15.0 - feat(classes.portproxy)
+Add support for port range-based routing with enhanced IP and port validation.
+
+- Introduced globalPortRanges in IPortProxySettings for routing based on port ranges.
+- Improved connection handling with port range and domain configuration validations.
+- Updated connection logging to include the local port information.
+
+## 2025-02-26 - 3.14.2 - fix(PortProxy)
+Fix cleanup timer reset for PortProxy
+
+- Resolved an issue where the cleanup timer in the PortProxy class did not reset correctly if both incoming and outgoing data events were triggered without clearing flags.
+
+## 2025-02-26 - 3.14.1 - fix(PortProxy)
+Increased default maxConnectionLifetime for PortProxy to 600000 ms
+
+- Updated PortProxy settings to extend default maxConnectionLifetime to 10 minutes.
+
+## 2025-02-26 - 3.14.0 - feat(PortProxy)
+Introduce max connection lifetime feature
+
+- Added an optional maxConnectionLifetime setting for PortProxy.
+- Forces cleanup of long-lived connections based on inactivity or lifetime limit.
+
 ## 2025-02-25 - 3.13.0 - feat(core)
 Add support for tagging iptables rules with comments and cleaning them up on process exit
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "3.13.0",
+  "version": "3.16.3",
   "private": false,
   "description": "A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.",
   "main": "dist_ts/index.js",

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.13.0',
+  version: '3.16.3',
   description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
 }

ts/classes.portproxy.ts

@@ -1,19 +1,25 @@
 import * as plugins from './plugins.js';
 
+/** Domain configuration with per‐domain allowed port ranges */
 export interface IDomainConfig {
   domain: string;         // Glob pattern for domain
   allowedIPs: string[];   // Glob patterns for allowed IPs
   targetIP?: string;      // Optional target IP for this domain
+  portRanges?: Array<{ from: number; to: number }>; // Optional domain-specific allowed port ranges
 }
 
+/** Port proxy settings including global allowed port ranges */
 export interface IPortProxySettings extends plugins.tls.TlsOptions {
   fromPort: number;
   toPort: number;
-  toHost?: string; // Target host to proxy to, defaults to 'localhost'
+  targetIP?: string; // Global target host to proxy to, defaults to 'localhost'
   domains: IDomainConfig[];
   sniEnabled?: boolean;
   defaultAllowedIPs?: string[];
   preserveSourceIP?: boolean;
+  maxConnectionLifetime?: number; // (ms) force cleanup of long-lived connections
+  globalPortRanges: Array<{ from: number; to: number }>; // Global allowed port ranges
+  forwardAllGlobalRanges?: boolean; // When true, forwards all connections on global port ranges to the global targetIP
 }
 
 /**
@@ -85,10 +91,11 @@ interface IConnectionRecord {
   incomingStartTime: number;
   outgoingStartTime?: number;
   connectionClosed: boolean;
+  cleanupTimer?: NodeJS.Timeout; // Timer to force cleanup after max lifetime/inactivity
 }
 
 export class PortProxy {
-  netServer: plugins.net.Server;
+  private netServers: plugins.net.Server[] = [];
   settings: IPortProxySettings;
   // Unified record tracking each connection pair.
   private connectionRecords: Set<IConnectionRecord> = new Set();
@@ -102,10 +109,11 @@ export class PortProxy {
     outgoing: {},
   };
 
-  constructor(settings: IPortProxySettings) {
+  constructor(settingsArg: IPortProxySettings) {
     this.settings = {
-      ...settings,
+      ...settingsArg,
-      toHost: settings.toHost || 'localhost',
+      targetIP: settingsArg.targetIP || 'localhost',
+      maxConnectionLifetime: settingsArg.maxConnectionLifetime || 600000,
     };
   }
 
@@ -114,39 +122,10 @@ export class PortProxy {
   }
 
   public async start() {
-    // Helper to forcefully destroy sockets.
+    // Define a unified connection handler for all listening ports.
-    const cleanUpSockets = (socketA: plugins.net.Socket, socketB?: plugins.net.Socket) => {
+    const connectionHandler = (socket: plugins.net.Socket) => {
-      if (!socketA.destroyed) socketA.destroy();
-      if (socketB && !socketB.destroyed) socketB.destroy();
-    };
-
-    // Normalize an IP to include both IPv4 and IPv6 representations.
-    const normalizeIP = (ip: string): string[] => {
-      if (ip.startsWith('::ffff:')) {
-        const ipv4 = ip.slice(7);
-        return [ip, ipv4];
-      }
-      if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-        return [ip, `::ffff:${ip}`];
-      }
-      return [ip];
-    };
-
-    // Check if a given IP matches any of the glob patterns.
-    const isAllowed = (ip: string, patterns: string[]): boolean => {
-      const normalizedIPVariants = normalizeIP(ip);
-      const expandedPatterns = patterns.flatMap(normalizeIP);
-      return normalizedIPVariants.some(ipVariant =>
-        expandedPatterns.some(pattern => plugins.minimatch(ipVariant, pattern))
-      );
-    };
-
-    // Find a matching domain config based on the SNI.
-    const findMatchingDomain = (serverName: string): IDomainConfig | undefined =>
-      this.settings.domains.find(config => plugins.minimatch(serverName, config.domain));
-
-    this.netServer = plugins.net.createServer((socket: plugins.net.Socket) => {
       const remoteIP = socket.remoteAddress || '';
+      const localPort = socket.localPort; // The port on which this connection was accepted.
       const connectionRecord: IConnectionRecord = {
         incoming: socket,
         outgoing: null,
@@ -154,7 +133,7 @@ export class PortProxy {
         connectionClosed: false,
       };
       this.connectionRecords.add(connectionRecord);
-      console.log(`New connection from ${remoteIP}. Active connections: ${this.connectionRecords.size}`);
+      console.log(`New connection from ${remoteIP} on port ${localPort}. Active connections: ${this.connectionRecords.size}`);
 
       let initialDataReceived = false;
       let incomingTerminationReason: string | null = null;
@@ -164,7 +143,11 @@ export class PortProxy {
       const cleanupOnce = () => {
         if (!connectionRecord.connectionClosed) {
           connectionRecord.connectionClosed = true;
-          cleanUpSockets(connectionRecord.incoming, connectionRecord.outgoing || undefined);
+          if (connectionRecord.cleanupTimer) {
+            clearTimeout(connectionRecord.cleanupTimer);
+          }
+          if (!socket.destroyed) socket.destroy();
+          if (connectionRecord.outgoing && !connectionRecord.outgoing.destroyed) connectionRecord.outgoing.destroy();
           this.connectionRecords.delete(connectionRecord);
           console.log(`Connection from ${remoteIP} terminated. Active connections: ${this.connectionRecords.size}`);
         }
@@ -219,25 +202,28 @@ export class PortProxy {
         cleanupOnce();
       };
 
-      const setupConnection = (serverName: string, initialChunk?: Buffer) => {
+      /**
+       * Sets up the connection to the target host.
+       * @param serverName - The SNI hostname (unused when forcedDomain is provided).
+       * @param initialChunk - Optional initial data chunk.
+       * @param forcedDomain - If provided, overrides SNI/domain lookup (used for port-based routing).
+       */
+      const setupConnection = (serverName: string, initialChunk?: Buffer, forcedDomain?: IDomainConfig) => {
+        // If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup.
+        const domainConfig = forcedDomain ? forcedDomain : (serverName ? this.settings.domains.find(config => plugins.minimatch(serverName, config.domain)) : undefined);
         const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
 
-        if (!defaultAllowed && serverName) {
+        if (!defaultAllowed && serverName && !forcedDomain) {
-          const domainConfig = findMatchingDomain(serverName);
           if (!domainConfig) {
             return rejectIncomingConnection('rejected', `Connection rejected: No matching domain config for ${serverName} from ${remoteIP}`);
           }
           if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
             return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${serverName}`);
           }
-        } else if (!defaultAllowed && !serverName) {
-          return rejectIncomingConnection('rejected', `Connection rejected: No SNI and IP ${remoteIP} not in default allowed list`);
         } else if (defaultAllowed && !serverName) {
           console.log(`Connection allowed: IP ${remoteIP} is in default allowed list`);
         }
-
+        const targetHost = domainConfig?.targetIP || this.settings.targetIP!;
-        const domainConfig = serverName ? findMatchingDomain(serverName) : undefined;
-        const targetHost = domainConfig?.targetIP || this.settings.toHost!;
         const connectionOptions: plugins.net.NetConnectOpts = {
           host: targetHost,
           port: this.settings.toPort,
@@ -252,7 +238,7 @@ export class PortProxy {
 
         console.log(
           `Connection established: ${remoteIP} -> ${targetHost}:${this.settings.toPort}` +
-          `${serverName ? ` (SNI: ${serverName})` : ''}`
+          `${serverName ? ` (SNI: ${serverName})` : forcedDomain ? ` (Port-based for domain: ${forcedDomain.domain})` : ''}`
         );
 
         if (initialChunk) {
@@ -262,6 +248,7 @@ export class PortProxy {
         socket.pipe(targetSocket);
         targetSocket.pipe(socket);
 
+        // Attach error and close handlers.
         socket.on('error', handleError('incoming'));
         targetSocket.on('error', handleError('outgoing'));
         socket.on('close', handleClose('incoming'));
@@ -284,8 +271,83 @@ export class PortProxy {
         });
         socket.on('end', handleClose('incoming'));
         targetSocket.on('end', handleClose('outgoing'));
+
+        // Initialize a cleanup timer for max connection lifetime.
+        if (this.settings.maxConnectionLifetime) {
+          let incomingActive = false;
+          let outgoingActive = false;
+          const resetCleanupTimer = () => {
+            if (this.settings.maxConnectionLifetime) {
+              if (connectionRecord.cleanupTimer) {
+                clearTimeout(connectionRecord.cleanupTimer);
+              }
+              connectionRecord.cleanupTimer = setTimeout(() => {
+                console.log(`Connection from ${remoteIP} exceeded max lifetime with inactivity (${this.settings.maxConnectionLifetime}ms), forcing cleanup.`);
+                cleanupOnce();
+              }, this.settings.maxConnectionLifetime);
+            }
           };
 
+          resetCleanupTimer();
+
+          socket.on('data', () => {
+            incomingActive = true;
+            if (incomingActive && outgoingActive) {
+              resetCleanupTimer();
+              incomingActive = false;
+              outgoingActive = false;
+            }
+          });
+          targetSocket.on('data', () => {
+            outgoingActive = true;
+            if (incomingActive && outgoingActive) {
+              resetCleanupTimer();
+              incomingActive = false;
+              outgoingActive = false;
+            }
+          });
+        }
+      };
+
+      // --- PORT RANGE-BASED HANDLING ---
+      // If the local port is one of the globally listened ports, we may have port-based rules.
+      if (this.settings.globalPortRanges && this.settings.globalPortRanges.length > 0) {
+        // If forwardAllGlobalRanges is enabled, always forward using the global targetIP.
+        if (this.settings.forwardAllGlobalRanges) {
+          if (this.settings.defaultAllowedIPs && !isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
+            console.log(`Connection from ${remoteIP} rejected: IP ${remoteIP} not allowed in global default allowed list.`);
+            socket.end();
+            return;
+          }
+          console.log(`Port-based connection from ${remoteIP} on port ${localPort} forwarded to global target IP ${this.settings.targetIP}.`);
+          setupConnection('', undefined, {
+            domain: 'global',
+            allowedIPs: this.settings.defaultAllowedIPs || [],
+            targetIP: this.settings.targetIP,
+            portRanges: []
+          });
+          return;
+        } else {
+          // Attempt to find a matching forced domain config based on the local port.
+          const forcedDomain = this.settings.domains.find(
+            domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges)
+          );
+          if (forcedDomain) {
+            const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
+            if (!defaultAllowed && !isAllowed(remoteIP, forcedDomain.allowedIPs)) {
+              console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domain} on port ${localPort}.`);
+              socket.end();
+              return;
+            }
+            console.log(`Port-based connection from ${remoteIP} on port ${localPort} matched domain ${forcedDomain.domain}.`);
+            setupConnection('', undefined, forcedDomain);
+            return;
+          }
+          // Fall through to SNI/default handling if no forced domain config is found.
+        }
+      }
+
+      // --- FALLBACK: SNI-BASED HANDLING (or default when SNI is disabled) ---
       if (this.settings.sniEnabled) {
         socket.setTimeout(5000, () => {
           console.log(`Initial data timeout for ${remoteIP}`);
@@ -307,18 +369,38 @@ export class PortProxy {
         }
         setupConnection('');
       }
-    })
+    };
-      .on('error', (err: Error) => {
-        console.log(`Server Error: ${err.message}`);
-      })
-      .listen(this.settings.fromPort, () => {
-        console.log(
-          `PortProxy -> OK: Now listening on port ${this.settings.fromPort}` +
-          `${this.settings.sniEnabled ? ' (SNI passthrough enabled)' : ''}`
-        );
-      });
 
-    // Every 10 seconds log active connection count and longest running durations.
+    // --- SETUP LISTENERS ---
+    // Determine which ports to listen on.
+    const listeningPorts = new Set<number>();
+    if (this.settings.globalPortRanges && this.settings.globalPortRanges.length > 0) {
+      // Listen on every port defined by the global ranges.
+      for (const range of this.settings.globalPortRanges) {
+        for (let port = range.from; port <= range.to; port++) {
+          listeningPorts.add(port);
+        }
+      }
+      // Also ensure the default fromPort is listened to if it isn’t already in the ranges.
+      listeningPorts.add(this.settings.fromPort);
+    } else {
+      listeningPorts.add(this.settings.fromPort);
+    }
+
+    // Create a server for each port.
+    for (const port of listeningPorts) {
+      const server = plugins.net
+        .createServer(connectionHandler)
+        .on('error', (err: Error) => {
+          console.log(`Server Error on port ${port}: ${err.message}`);
+        });
+      server.listen(port, () => {
+        console.log(`PortProxy -> OK: Now listening on port ${port}${this.settings.sniEnabled ? ' (SNI passthrough enabled)' : ''}`);
+      });
+      this.netServers.push(server);
+    }
+
+    // Log active connection count and longest running durations every 10 seconds.
     this.connectionLogger = setInterval(() => {
       const now = Date.now();
       let maxIncoming = 0;
@@ -339,14 +421,41 @@ export class PortProxy {
   }
 
   public async stop() {
-    const done = plugins.smartpromise.defer();
+    // Close all servers.
-    this.netServer.close(() => {
+    const closePromises: Promise<void>[] = this.netServers.map(
-      done.resolve();
+      server =>
-    });
+        new Promise<void>((resolve) => {
+          server.close(() => resolve());
+        })
+    );
     if (this.connectionLogger) {
       clearInterval(this.connectionLogger);
       this.connectionLogger = null;
     }
-    await done.promise;
+    await Promise.all(closePromises);
   }
 }
+
+// Helper: Check if a port falls within any of the given port ranges.
+const isPortInRanges = (port: number, ranges: Array<{ from: number; to: number }>): boolean => {
+  return ranges.some(range => port >= range.from && port <= range.to);
+};
+
+// Helper: Check if a given IP matches any of the glob patterns.
+const isAllowed = (ip: string, patterns: string[]): boolean => {
+  const normalizeIP = (ip: string): string[] => {
+    if (ip.startsWith('::ffff:')) {
+      const ipv4 = ip.slice(7);
+      return [ip, ipv4];
+    }
+    if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
+      return [ip, `::ffff:${ip}`];
+    }
+    return [ip];
+  };
+  const normalizedIPVariants = normalizeIP(ip);
+  const expandedPatterns = patterns.flatMap(normalizeIP);
+  return normalizedIPVariants.some(ipVariant =>
+    expandedPatterns.some(pattern => plugins.minimatch(ipVariant, pattern))
+  );
+};