import { tap, expect } from '@git.zone/tstest/tapbundle'; import * as smartproxy from '../ts/index.js'; import type { IRouteConfig } from '../ts/proxies/smart-proxy/models/route-types.js'; import * as net from 'net'; tap.test('route-specific security should be enforced', async () => { // Create a simple echo server for testing const echoServer = net.createServer((socket) => { socket.on('data', (data) => { socket.write(data); }); }); await new Promise((resolve) => { echoServer.listen(8877, '127.0.0.1', () => { console.log('Echo server listening on port 8877'); resolve(); }); }); // Create proxy with route-specific security const routes: IRouteConfig[] = [{ name: 'secure-route', match: { ports: 8878 }, action: { type: 'forward', target: { host: '127.0.0.1', port: 8877 }, security: { ipAllowList: ['127.0.0.1', '::1', '::ffff:127.0.0.1'] } } }]; const proxy = new smartproxy.SmartProxy({ enableDetailedLogging: true, routes: routes }); await proxy.start(); // Test 1: Connection from allowed IP should work const client1 = new net.Socket(); const connected = await new Promise((resolve) => { client1.connect(8878, '127.0.0.1', () => { console.log('Client connected from allowed IP'); resolve(true); }); client1.on('error', (err) => { console.log('Connection error:', err.message); resolve(false); }); // Set timeout to prevent hanging setTimeout(() => resolve(false), 2000); }); if (connected) { // Test echo const testData = 'Hello from allowed IP'; client1.write(testData); const response = await new Promise((resolve) => { client1.once('data', (data) => { resolve(data.toString()); }); setTimeout(() => resolve(''), 2000); }); expect(response).toEqual(testData); client1.destroy(); } else { expect(connected).toBeTrue(); } // Clean up await proxy.stop(); await new Promise((resolve) => { echoServer.close(() => resolve()); }); }); tap.test('route-specific IP block list should be enforced', async () => { // Create a simple echo server for testing const echoServer = net.createServer((socket) => { socket.on('data', (data) => { socket.write(data); }); }); await new Promise((resolve) => { echoServer.listen(8879, '127.0.0.1', () => { console.log('Echo server listening on port 8879'); resolve(); }); }); // Create proxy with route-specific block list const routes: IRouteConfig[] = [{ name: 'blocked-route', match: { ports: 8880 }, action: { type: 'forward', target: { host: '127.0.0.1', port: 8879 }, security: { ipAllowList: ['0.0.0.0/0', '::/0'], // Allow all IPs ipBlockList: ['127.0.0.1', '::1', '::ffff:127.0.0.1'] // But block localhost } } }]; const proxy = new smartproxy.SmartProxy({ enableDetailedLogging: true, routes: routes }); await proxy.start(); // Test: Connection from blocked IP should fail const client = new net.Socket(); const connected = await new Promise((resolve) => { let resolved = false; client.connect(8880, '127.0.0.1', () => { if (!resolved) { resolved = true; console.log('Client connected from blocked IP (should not happen)'); resolve(true); } }); client.on('error', (err) => { if (!resolved) { resolved = true; console.log('Connection blocked (expected):', err.message); resolve(false); } }); client.on('close', () => { if (!resolved) { resolved = true; console.log('Connection closed (expected for blocked IP)'); resolve(false); } }); // Set timeout setTimeout(() => { if (!resolved) { resolved = true; resolve(false); } }, 2000); }); // Connection should have been blocked expect(connected).toBeFalse(); if (client.readyState !== 'closed') { client.destroy(); } // Clean up await proxy.stop(); await new Promise((resolve) => { echoServer.close(() => resolve()); }); }); tap.test('routes without security should allow all connections', async () => { // Create a simple echo server for testing const echoServer = net.createServer((socket) => { socket.on('data', (data) => { socket.write(data); }); }); await new Promise((resolve) => { echoServer.listen(8881, '127.0.0.1', () => { console.log('Echo server listening on port 8881'); resolve(); }); }); // Create proxy without route-specific security const routes: IRouteConfig[] = [{ name: 'open-route', match: { ports: 8882 }, action: { type: 'forward', target: { host: '127.0.0.1', port: 8881 } // No security section - should allow all } }]; const proxy = new smartproxy.SmartProxy({ enableDetailedLogging: true, routes: routes }); await proxy.start(); // Test: Connection should work without security restrictions const client = new net.Socket(); const connected = await new Promise((resolve) => { client.connect(8882, '127.0.0.1', () => { console.log('Client connected to open route'); resolve(true); }); client.on('error', (err) => { console.log('Connection error:', err.message); resolve(false); }); // Set timeout setTimeout(() => resolve(false), 2000); }); expect(connected).toBeTrue(); if (connected) { // Test echo const testData = 'Hello from open route'; client.write(testData); const response = await new Promise((resolve) => { client.once('data', (data) => { resolve(data.toString()); }); setTimeout(() => resolve(''), 2000); }); expect(response).toEqual(testData); client.destroy(); } // Clean up await proxy.stop(); await new Promise((resolve) => { echoServer.close(() => resolve()); }); }); export default tap;