3.16.7

fix(PortProxy): Improved IP validation logic in PortProxy to ensure correct domain matching and fallback
3.16.6
2025-02-27 15:32:06 +00:00 · 2025-02-27 15:32:06 +00:00 · 2025-02-27 15:30:20 +00:00 · 2025-02-27 15:30:20 +00:00 · 2025-02-27 15:05:38 +00:00 · 2025-02-27 15:05:38 +00:00
4 changed files with 33 additions and 14 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,23 @@
 # Changelog
 ## 2025-02-27 - 3.16.7 - fix(PortProxy)
 Improved IP validation logic in PortProxy to ensure correct domain matching and fallback
 - Refactored the setupConnection function inside PortProxy to enhance IP address validation.
 - Domain-specific allowed IP preference is applied before default list lookup.
 - Removed redundant condition checks to streamline connection rejection paths.
 ## 2025-02-27 - 3.16.6 - fix(PortProxy)
 Optimize connection cleanup logic in PortProxy by removing unnecessary delays.
 - Removed multiple await plugins.smartdelay.delayFor(0) calls.
 - Improved performance by ensuring timely resource release during connection termination.
 ## 2025-02-27 - 3.16.5 - fix(PortProxy)
 Improved connection cleanup process with added asynchronous delays
 - Connection cleanup now includes asynchronous delays for reliable order of operations.
 ## 2025-02-27 - 3.16.4 - fix(PortProxy)
 Fix and enhance port proxy handling
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@push.rocks/smartproxy",
-  "version": "3.16.4",
+  "version": "3.16.7",
  "private": false,
  "description": "A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.",
  "main": "dist_ts/index.js",
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.16.4',
+  version: '3.16.7',
  description: 'A robust and versatile proxy package designed to handle high workloads, offering features like SSL redirection, port proxying, WebSocket support, and customizable routing and authentication.'
 }
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@ -140,7 +140,7 @@ export class PortProxy {
      let outgoingTerminationReason: string | null = null;
      // Ensure cleanup happens only once for the entire connection record.
-      const cleanupOnce = () => {
+      const cleanupOnce = async () => {
        if (!connectionRecord.connectionClosed) {
          connectionRecord.connectionClosed = true;
          if (connectionRecord.cleanupTimer) {
@ -211,18 +211,20 @@ export class PortProxy {
       */
      const setupConnection = (serverName: string, initialChunk?: Buffer, forcedDomain?: IDomainConfig, overridePort?: number) => {
        // If a forcedDomain is provided (port-based routing), use it; otherwise, use SNI-based lookup.
-        const domainConfig = forcedDomain ? forcedDomain : (serverName ? this.settings.domains.find(config => plugins.minimatch(serverName, config.domain)) : undefined);
+        const domainConfig = forcedDomain
-        const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
+          ? forcedDomain
          : (serverName ? this.settings.domains.find(config => plugins.minimatch(serverName, config.domain)) : undefined);
-        if (!defaultAllowed && serverName && !forcedDomain) {
+        // New check: if a matching domain config exists, use its allowedIPs in preference.
-          if (!domainConfig) {
+        if (domainConfig) {
            return rejectIncomingConnection('rejected', `Connection rejected: No matching domain config for ${serverName} from ${remoteIP}`);
          }
          if (!isAllowed(remoteIP, domainConfig.allowedIPs)) {
-            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${serverName}`);
+            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed for domain ${domainConfig.domain}`);
          }
        } else if (this.settings.defaultAllowedIPs) {
          // Fallback to default allowed IPs if no domain config is found.
          if (!isAllowed(remoteIP, this.settings.defaultAllowedIPs)) {
            return rejectIncomingConnection('rejected', `Connection rejected: IP ${remoteIP} not allowed by default allowed list`);
          }
        } else if (defaultAllowed && !serverName) {
          console.log(`Connection allowed: IP ${remoteIP} is in default allowed list`);
        }
        const targetHost = domainConfig?.targetIP || this.settings.targetIP!;
        const connectionOptions: plugins.net.NetConnectOpts = {
@ -334,8 +336,7 @@ export class PortProxy {
            domain => domain.portRanges && domain.portRanges.length > 0 && isPortInRanges(localPort, domain.portRanges)
          );
          if (forcedDomain) {
-            const defaultAllowed = this.settings.defaultAllowedIPs && isAllowed(remoteIP, this.settings.defaultAllowedIPs);
+            if (!isAllowed(remoteIP, forcedDomain.allowedIPs)) {
            if (!defaultAllowed && !isAllowed(remoteIP, forcedDomain.allowedIPs)) {
              console.log(`Connection from ${remoteIP} rejected: IP not allowed for domain ${forcedDomain.domain} on port ${localPort}.`);
              socket.end();
              return;
Author	SHA1	Message	Date
Philipp Kunz	f1b810a4fa	3.16.7	2025-02-27 15:32:06 +00:00
Philipp Kunz	96b5877c5f	fix(PortProxy): Improved IP validation logic in PortProxy to ensure correct domain matching and fallback	2025-02-27 15:32:06 +00:00
Philipp Kunz	6d627f67f7	3.16.6	2025-02-27 15:30:20 +00:00
Philipp Kunz	9af968b8e7	fix(PortProxy): Optimize connection cleanup logic in PortProxy by removing unnecessary delays.	2025-02-27 15:30:20 +00:00
Philipp Kunz	b3ba0c21e8	3.16.5	2025-02-27 15:05:38 +00:00
Philipp Kunz	ef707a5870	fix(PortProxy): Improved connection cleanup process with added asynchronous delays	2025-02-27 15:05:38 +00:00