3.7.1

changelog.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 2025-02-21 - 3.7.1 - fix(smartproxy.portproxy)
+Optimize SNI handling by simplifying context creation
+
+- Removed unnecessary SecureContext creation for SNI requests in PortProxy
+- Improved handling of SNI passthrough by acknowledging requests without context creation
+
+## 2025-02-21 - 3.7.0 - feat(PortProxy)
+Add optional source IP preservation support in PortProxy
+
+- Added a feature to optionally preserve the client's source IP when proxying connections.
+- Enhanced test cases to include scenarios for source IP preservation.
+
+## 2025-02-21 - 3.6.0 - feat(PortProxy)
+Add feature to preserve original client IP through chained proxies
+
+- Added support to bind local address in PortProxy to preserve original client IP.
+- Implemented test for chained proxies to ensure client IP is preserved.
+
 ## 2025-02-21 - 3.5.0 - feat(PortProxy)
 Enhance PortProxy to support domain-specific target IPs
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "3.5.0",
+  "version": "3.7.1",
   "private": false,
   "description": "a proxy for handling high workloads of proxying",
   "main": "dist_ts/index.js",

test/test.portproxy.ts

@@ -175,6 +175,68 @@ tap.test('should stop port proxy', async () => {
 });
 
 // Cleanup
+tap.test('should support optional source IP preservation in chained proxies', async () => {
+  // Test 1: Without IP preservation (default behavior)
+  const firstProxyDefault = new PortProxy({
+    fromPort: PROXY_PORT + 4,
+    toPort: PROXY_PORT + 5,
+    toHost: 'localhost',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1', '::ffff:127.0.0.1']
+  });
+
+  const secondProxyDefault = new PortProxy({
+    fromPort: PROXY_PORT + 5,
+    toPort: TEST_SERVER_PORT,
+    toHost: 'localhost',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1', '::ffff:127.0.0.1']
+  });
+
+  await secondProxyDefault.start();
+  await firstProxyDefault.start();
+
+  // This should work because we explicitly allow both IPv4 and IPv6 formats
+  const response1 = await createTestClient(PROXY_PORT + 4, TEST_DATA);
+  expect(response1).toEqual(`Echo: ${TEST_DATA}`);
+
+  await firstProxyDefault.stop();
+  await secondProxyDefault.stop();
+
+  // Test 2: With IP preservation
+  const firstProxyPreserved = new PortProxy({
+    fromPort: PROXY_PORT + 6,
+    toPort: PROXY_PORT + 7,
+    toHost: 'localhost',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1'],
+    preserveSourceIP: true
+  });
+
+  const secondProxyPreserved = new PortProxy({
+    fromPort: PROXY_PORT + 7,
+    toPort: TEST_SERVER_PORT,
+    toHost: 'localhost',
+    domains: [],
+    sniEnabled: false,
+    defaultAllowedIPs: ['127.0.0.1'],
+    preserveSourceIP: true
+  });
+
+  await secondProxyPreserved.start();
+  await firstProxyPreserved.start();
+
+  // This should work with just IPv4 because source IP is preserved
+  const response2 = await createTestClient(PROXY_PORT + 6, TEST_DATA);
+  expect(response2).toEqual(`Echo: ${TEST_DATA}`);
+
+  await firstProxyPreserved.stop();
+  await secondProxyPreserved.stop();
+});
+
 tap.test('cleanup port proxy test environment', async () => {
   await new Promise<void>((resolve) => testServer.close(() => resolve()));
 });

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.5.0',
+  version: '3.7.1',
   description: 'a proxy for handling high workloads of proxying'
 }

ts/smartproxy.portproxy.ts

@@ -17,6 +17,7 @@ export interface ProxySettings extends plugins.tls.TlsOptions {
   domains: DomainConfig[];
   sniEnabled?: boolean;
   defaultAllowedIPs?: string[];  // Optional default IP patterns if no matching domain found
+  preserveSourceIP?: boolean;    // Whether to preserve the client's source IP when proxying
 }
 
 export class PortProxy {
@@ -72,14 +73,9 @@ export class PortProxy {
           ...this.settings,
           SNICallback: (serverName: string, cb: (err: Error | null, ctx?: plugins.tls.SecureContext) => void) => {
             console.log(`SNI request for domain: ${serverName}`);
-            const domainConfig = findMatchingDomain(serverName);
+            // For SNI passthrough, we don't need to create a context
-            if (!domainConfig) {
+            // Just acknowledge the SNI request and continue
-              // Always allow SNI for default IPs, even if domain doesn't match
+            cb(null);
-              console.log(`SNI domain ${serverName} not found, will check IP during connection`);
-            }
-            // Create context with the provided TLS settings
-            const ctx = plugins.tls.createSecureContext(this.settings);
-            cb(null, ctx);
           }
         })
       : plugins.net.createServer();
@@ -123,10 +119,18 @@ export class PortProxy {
       const domainConfig = serverName ? findMatchingDomain(serverName) : undefined;
       const targetHost = domainConfig?.targetIP || this.settings.toHost!;
       
-      const to = plugins.net.createConnection({
+      // Create connection, optionally preserving the client's source IP
+      const connectionOptions: plugins.net.NetConnectOpts = {
         host: targetHost,
         port: this.settings.toPort,
-      });
+      };
+
+      // Only set localAddress if preserveSourceIP is enabled
+      if (this.settings.preserveSourceIP) {
+        connectionOptions.localAddress = remoteIP.replace('::ffff:', ''); // Remove IPv6 mapping if present
+      }
+
+      const to = plugins.net.createConnection(connectionOptions);
       console.log(`Connection established: ${remoteIP} -> ${targetHost}:${this.settings.toPort}${serverName ? ` (SNI: ${serverName})` : ''}`);
       from.setTimeout(120000);
       from.pipe(to);