serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(web): determine initial UI view from URL and wire selected view to appdash; add interface and web README files; bump various dependencies

Browse Source
This commit is contained in:
Jürgen Kunz
2026-02-02 22:21:55 +00:00
parent 5b473de354
commit ae34314f54
10 changed files with 790 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

575
readme.md
View File

@@ -1,10 +1,14 @@
# dcrouter
# @serve.zone/dcrouter
![](https://code.foss.global/serve.zone/docs/raw/branch/main/dcrouter.png)
**dcrouter: a traffic router intended to be gating your datacenter.**
**dcrouter: A powerful traffic router designed to be the gateway for your datacenter.** 🚀
A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), and DNS protocols. Designed for enterprises requiring robust traffic management, automatic certificate provisioning, and enterprise-grade email infrastructure.
A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), DNS protocols, and RADIUS authentication. Designed for enterprises requiring robust traffic management, automatic certificate provisioning, and enterprise-grade email infrastructure.
## Issue Reporting and Security
For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
## Table of Contents
@@ -13,11 +17,16 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
- [Quick Start](#quick-start)
- [Architecture](#architecture)
- [Configuration](#configuration)
- [Socket-Handler Mode](#socket-handler-mode)
- [Email System](#email-system)
- [SmartProxy Routing](#smartproxy-routing)
- [RADIUS Server](#radius-server)
- [Storage System](#storage-system)
- [Security Features](#security-features)
- [OpsServer Dashboard](#opsserver-dashboard)
- [API Reference](#api-reference)
- [Examples](#examples)
- [Testing](#testing)
- [Troubleshooting](#troubleshooting)
## Features
@@ -36,14 +45,16 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
### 📧 **Complete Email Infrastructure**
- **Multi-domain SMTP server** on standard ports (25, 587, 465)
- **Pattern-based email routing** with three processing modes
- **Pattern-based email routing** with four processing modes (forward, process, deliver, reject)
- **DKIM, SPF, DMARC** authentication and verification
- **Enterprise deliverability** with IP warmup and reputation management
- **Bounce handling** with suppression lists
### 📡 **RADIUS Server**
- **MAC Authentication Bypass (MAB)** for network device authentication
- **VLAN assignment** based on MAC address or OUI patterns
- **RADIUS accounting** for session tracking and billing
- **OpsServer API integration** for real-time management
### ⚡ **High Performance**
- **Connection pooling** and efficient resource management
@@ -57,10 +68,18 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
- **Automatic data migration** between backends
- **Persistent configuration** for domains, routes, and security data
### 🖥️ **OpsServer Dashboard**
- **Web-based management interface** for real-time monitoring
- **JWT authentication** with secure admin access
- **Live statistics** for connections, email, DNS, and RADIUS
- **Configuration management** via TypedRequest API
## Installation
```bash
npm install @serve.zone/dcrouter --save
# or
pnpm add @serve.zone/dcrouter
```
### Prerequisites
@@ -134,6 +153,30 @@ const router = new DcRouter({
await router.start();
```
### With OpsServer Dashboard
```typescript
import { DcRouter } from '@serve.zone/dcrouter';
const router = new DcRouter({
// Enable OpsServer for web dashboard
opsServerConfig: {
port: 3000,
admin: {
username: 'admin',
password: 'your-secure-password'
}
},
// Your routing configuration...
smartProxyConfig: { /* ... */ },
emailConfig: { /* ... */ }
});
await router.start();
// Dashboard available at http://localhost:3000
```
## Architecture
### System Overview
@@ -145,38 +188,44 @@ graph TB
SMTP[SMTP Clients]
TCP[TCP Clients]
DNS[DNS Queries]
RADIUS[RADIUS Clients]
end
subgraph "DcRouter Core"
DcRouter[DcRouter Orchestrator]
SmartProxy[SmartProxy Engine]
EmailServer[Unified Email Server]
DnsServer[DNS Server]
RadiusServer[RADIUS Server]
CertManager[Certificate Manager]
OpsServer[OpsServer Dashboard]
end
subgraph "Backend Services"
WebServices[Web Services]
MailServers[Mail Servers]
Databases[Databases]
APIs[Internal APIs]
end
HTTP --> SmartProxy
TCP --> SmartProxy
SMTP --> EmailServer
DNS --> DnsServer
RADIUS --> RadiusServer
DcRouter --> SmartProxy
DcRouter --> EmailServer
DcRouter --> DnsServer
DcRouter --> RadiusServer
DcRouter --> CertManager
DcRouter --> OpsServer
SmartProxy --> WebServices
SmartProxy --> APIs
EmailServer --> MailServers
EmailServer --> Databases
CertManager -.-> SmartProxy
CertManager -.-> EmailServer
```
@@ -197,12 +246,30 @@ High-performance HTTP/HTTPS and TCP/SNI proxy with:
Enterprise-grade SMTP server with:
- Multi-domain support
- Pattern-based routing
- Three processing modes
- Complete authentication stack
- Four processing modes (forward, process, deliver, reject)
- Complete authentication stack (DKIM, SPF, DMARC)
#### **DNS Server**
Authoritative DNS server with:
- Dynamic record management
- DNS-over-HTTPS (DoH) support
- ACME DNS-01 challenge handling
#### **RADIUS Server**
Network authentication server with:
- MAC Authentication Bypass (MAB)
- VLAN assignment
- Accounting support
#### **Certificate Manager**
Automatic TLS certificate provisioning via ACME with DNS-01 challenges.
#### **OpsServer Dashboard**
Web-based management interface with:
- JWT-secured API
- Real-time statistics
- Configuration management
## Configuration
### Complete Configuration Interface
@@ -215,46 +282,67 @@ interface IDcRouterOptions {
acme?: IAcmeConfig;
allowSessionTicket?: boolean;
};
// Email system configuration
emailConfig?: {
ports: number[];
hostname: string;
domains?: IEmailDomainConfig[]; // Domain infrastructure setup
routes: IEmailRoute[]; // Route-based email handling
routes: IEmailRoute[]; // Route-based email handling
auth?: IAuthConfig;
tls?: ITlsConfig;
maxMessageSize?: number;
rateLimits?: IRateLimitConfig;
useSocketHandler?: boolean; // Enable socket-handler mode (no port binding)
defaults?: { // Global defaults for all domains
useSocketHandler?: boolean; // Enable socket-handler mode (no port binding)
defaults?: { // Global defaults for all domains
dnsMode?: 'forward' | 'internal-dns' | 'external-dns';
dkim?: IDkimConfig;
rateLimits?: IRateLimitConfig;
};
};
// DNS server configuration
dnsServerConfig?: {
port?: number;
authoritative?: boolean;
records?: IDnsRecord[];
};
// DNS domain for automatic DNS-over-HTTPS setup
dnsDomain?: string; // e.g., 'dns.example.com'
// DNS nameserver domains (enables authoritative DNS)
dnsNsDomains?: string[]; // e.g., ['ns1.example.com', 'ns2.example.com']
// RADIUS server configuration
radiusConfig?: {
port?: number;
secret: string;
clients?: IRadiusClient[];
macAuth?: IMacAuthConfig;
vlanAssignment?: IVlanAssignment[];
};
// OpsServer configuration
opsServerConfig?: {
port?: number;
admin: {
username: string;
password: string;
};
};
// TLS and certificate configuration
tls?: {
contactEmail: string;
domain: string;
};
// DNS challenge configuration
dnsChallenge?: {
cloudflareApiKey: string;
};
// Storage configuration
storage?: {
fsPath?: string; // Filesystem storage path
@@ -489,7 +577,7 @@ Reject emails with custom SMTP responses.
```typescript
{
name: 'reject-spam',
match: {
match: {
senders: '*@spam-domain.com',
sizeRange: { min: 1000000 } // > 1MB
},
@@ -526,7 +614,7 @@ Route different domains to different servers:
name: 'partner-domain',
match: { recipients: '*@partner.com' },
action: {
type: 'forward',
type: 'forward',
forward: { host: 'partner-mail.com', port: 587 }
}
}
@@ -553,30 +641,6 @@ Different handling for authenticated vs unauthenticated senders:
}
```
#### **Content-Based Filtering**
Filter based on size, subject, or headers:
```typescript
{
name: 'large-email-reject',
match: { sizeRange: { min: 25000000 } }, // > 25MB
action: {
type: 'reject',
reject: { code: 552, message: 'Message too large' }
}
},
{
name: 'priority-emails',
match: {
headers: { 'X-Priority': 'high' },
subject: /urgent|emergency/i
},
action: {
type: 'process',
process: { queue: 'priority' }
}
}
```
### Email Security Features
#### **Route Matching Patterns**
@@ -593,7 +657,7 @@ match: { clientIp: '192.168.0.0/16' } // Private subnet
match: { clientIp: ['10.0.0.0/8', '172.16.0.0/12'] } // Multiple ranges
// Header matching
match: {
match: {
headers: {
'X-Priority': 'high',
'Subject': /urgent|emergency/i
@@ -652,7 +716,7 @@ const routes = [
}
}
},
// Static file serving
{
name: 'static-assets',
@@ -690,7 +754,7 @@ const tcpRoutes = [
}
}
},
// SNI-based routing for TLS services
{
name: 'secure-service',
@@ -709,6 +773,72 @@ const tcpRoutes = [
];
```
## RADIUS Server
DcRouter includes a RADIUS server for network access control:
### Basic RADIUS Configuration
```typescript
const router = new DcRouter({
radiusConfig: {
port: 1812,
secret: 'your-radius-secret',
clients: [
{
name: 'switch-1',
ip: '192.168.1.1',
secret: 'client-secret'
}
]
}
});
```
### MAC Authentication Bypass (MAB)
```typescript
const router = new DcRouter({
radiusConfig: {
port: 1812,
secret: 'radius-secret',
macAuth: {
enabled: true,
allowedMacs: [
'aa:bb:cc:dd:ee:ff',
'aa:bb:cc:*' // Wildcard for OUI matching
],
defaultVlan: 100,
guestVlan: 999
}
}
});
```
### VLAN Assignment
```typescript
const router = new DcRouter({
radiusConfig: {
secret: 'radius-secret',
vlanAssignment: [
{
match: { mac: 'aa:bb:cc:*' }, // Vendor OUI match
vlan: 100
},
{
match: { mac: 'dd:ee:ff:*' },
vlan: 200
},
{
match: { default: true },
vlan: 999 // Guest VLAN
}
]
}
});
```
## Storage System
### StorageManager
@@ -756,31 +886,6 @@ The storage system is used for:
- **IP Reputation**: `/security/ip-reputation/{ip}.json`
- **Domain Configs**: `/email/domains/{domain}.json`
### Data Migration
Migrate data between storage backends:
```typescript
import { StorageManager } from '@serve.zone/dcrouter';
// Export from filesystem
const fsStorage = new StorageManager({ fsPath: './data' });
const keys = await fsStorage.list('/');
const data = {};
for (const key of keys) {
data[key] = await fsStorage.get(key);
}
// Import to cloud storage
const cloudStorage = new StorageManager({
readFunction: cloudRead,
writeFunction: cloudWrite
});
for (const [key, value] of Object.entries(data)) {
await cloudStorage.set(key, value);
}
```
## Security Features
### IP Reputation Checking
@@ -801,21 +906,58 @@ if (result.isBlocked) {
}
```
### Content Security Scanner
### Rate Limiting
```typescript
import { ContentScanner } from '@serve.zone/dcrouter';
const scanner = new ContentScanner({
spamThreshold: 5.0,
virusScanning: true,
attachmentFiltering: {
maxSize: 25 * 1024 * 1024,
blockedTypes: ['.exe', '.bat', '.scr']
const router = new DcRouter({
emailConfig: {
rateLimits: {
inbound: {
messagesPerMinute: 100,
connectionsPerIp: 10,
recipientsPerMessage: 50
},
outbound: {
messagesPerHour: 1000,
messagesPerDay: 10000
}
}
}
});
```
const scanResult = await scanner.scanEmail(email);
## OpsServer Dashboard
The OpsServer provides a web-based management interface:
### Features
- **Real-time Statistics**: View connections, email throughput, DNS queries, RADIUS sessions
- **Configuration Management**: Update routes and settings via API
- **Log Viewer**: Access system logs with filtering
- **Security Dashboard**: Monitor threats and blocked connections
### API Endpoints
The OpsServer exposes TypedRequest endpoints:
```typescript
// Health check
POST /typedrequest { method: 'getHealthStatus' }
// Server statistics
POST /typedrequest { method: 'getServerStatistics' }
// Configuration
POST /typedrequest { method: 'getConfiguration' }
POST /typedrequest { method: 'updateConfiguration', data: { ... } }
// Logs
POST /typedrequest { method: 'getLogs', data: { level: 'info', limit: 100 } }
// RADIUS
POST /typedrequest { method: 'getRadiusSessions' }
POST /typedrequest { method: 'getRadiusClients' }
```
## API Reference
@@ -830,7 +972,7 @@ constructor(options: IDcRouterOptions)
#### Methods
##### `start(): Promise<void>`
Starts all configured services (SmartProxy, email server, DNS server).
Starts all configured services (SmartProxy, email server, DNS server, RADIUS server, OpsServer).
##### `stop(): Promise<void>`
Gracefully stops all services.
@@ -863,9 +1005,6 @@ const status = router.emailService.getEmailStatus(emailId);
console.log(status.status); // 'pending', 'sent', 'delivered', 'bounced'
```
#### `getDeliveryReport(emailId: string): IDeliveryReport`
Detailed delivery information including bounce reasons and tracking data.
## Examples
### Complete Enterprise Setup
@@ -874,6 +1013,15 @@ Detailed delivery information including bounce reasons and tracking data.
import { DcRouter } from '@serve.zone/dcrouter';
const router = new DcRouter({
// OpsServer dashboard
opsServerConfig: {
port: 3000,
admin: {
username: 'admin',
password: process.env.ADMIN_PASSWORD
}
},
// HTTP/HTTPS routing
smartProxyConfig: {
routes: [
@@ -888,7 +1036,7 @@ const router = new DcRouter({
tls: { mode: 'terminate', certificate: 'auto' }
}
},
// API services
{
name: 'api',
@@ -899,20 +1047,9 @@ const router = new DcRouter({
targets: [{ host: '192.168.1.20', port: 8080 }],
tls: { mode: 'terminate', certificate: 'auto' }
}
},
// Internal services
{
name: 'internal',
match: { ports: [{ from: 8000, to: 8999 }] },
action: {
type: 'forward',
targets: [{ host: '192.168.1.30', port: 'preserve' }],
security: { ipAllowList: ['192.168.0.0/16'] }
}
}
],
// ACME certificate automation
acme: {
email: 'ssl@example.com',
@@ -921,12 +1058,12 @@ const router = new DcRouter({
autoRenew: true
}
},
// Enterprise email system
emailConfig: {
ports: [25, 587, 465],
hostname: 'mail.example.com',
// Domain configuration
domains: [
{
@@ -936,28 +1073,9 @@ const router = new DcRouter({
selector: 'mail',
rotateKeys: true
}
},
{
domain: 'notifications.example.com',
dnsMode: 'internal-dns',
rateLimits: {
outbound: { messagesPerHour: 10000 }
}
}
],
// Authentication configuration
auth: {
required: true,
methods: ['PLAIN', 'LOGIN']
},
// TLS configuration
tls: {
keyPath: './certs/mail-key.pem',
certPath: './certs/mail-cert.pem'
},
// Email routing rules
routes: [
// Relay from office network
@@ -967,68 +1085,55 @@ const router = new DcRouter({
match: { clientIp: '192.168.0.0/16' },
action: {
type: 'forward',
forward: {
host: 'internal-mail.example.com',
port: 25
}
forward: { host: 'internal-mail.example.com', port: 25 }
}
},
// Transactional emails via processing
// Process transactional emails
{
name: 'notifications',
priority: 50,
match: { recipients: '*@notifications.example.com' },
action: {
type: 'process',
process: {
scan: true,
dkim: true,
queue: 'priority'
}
process: { scan: true, dkim: true, queue: 'priority' }
}
},
// Internal emails forwarded to Exchange
{
name: 'internal-mail',
priority: 25,
match: { recipients: '*@example.com' },
action: {
type: 'forward',
forward: {
host: 'exchange.internal.example.com',
port: 25
}
}
},
// Default reject
{
name: 'default-reject',
match: { recipients: '*' },
action: {
type: 'reject',
reject: {
code: 550,
message: 'Relay denied'
}
reject: { code: 550, message: 'Relay denied' }
}
}
]
},
// RADIUS for network devices
radiusConfig: {
port: 1812,
secret: process.env.RADIUS_SECRET,
macAuth: {
enabled: true,
defaultVlan: 100,
guestVlan: 999
}
},
// DNS server for ACME challenges
dnsServerConfig: {
port: 53,
authoritative: true
},
// Cloudflare DNS challenges
dnsChallenge: {
cloudflareApiKey: process.env.CLOUDFLARE_API_KEY
},
// Persistent storage
storage: {
fsPath: '/var/lib/dcrouter/data'
@@ -1047,33 +1152,33 @@ setInterval(() => {
}, 60000);
```
### Email Template System
## Testing
```typescript
import { EmailService, TemplateManager } from '@serve.zone/dcrouter';
### Comprehensive Test Suite
// Setup email templates
const templateManager = new TemplateManager();
templateManager.addTemplate('welcome', {
subject: 'Welcome to {{company}}!',
html: `
<h1>Welcome {{name}}!</h1>
<p>Thank you for joining {{company}}.</p>
<p>Your account: {{email}}</p>
`,
text: 'Welcome {{name}}! Thank you for joining {{company}}.'
});
DcRouter includes a comprehensive test suite with 195 test files covering all aspects of the system:
// Send templated email
const emailService = new EmailService(router);
await emailService.sendTemplatedEmail('welcome', {
to: 'user@example.com',
templateData: {
name: 'John Doe',
company: 'Example Corp',
email: 'user@example.com'
}
});
#### SMTP Protocol Tests
- **Commands**: EHLO, HELO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT, VRFY, EXPN, HELP
- **Extensions**: SIZE, PIPELINING, STARTTLS
- **Connection Management**: TLS/plain connections, timeouts, limits, rejection handling
- **Error Handling**: Syntax errors, invalid sequences, temporary/permanent failures
- **Email Processing**: Basic sending, multiple recipients, large emails, invalid addresses
- **Security**: Authentication, rate limiting
- **Performance**: Throughput testing
- **Edge Cases**: Very large emails, special characters
#### Running Tests
```bash
# Run all tests
pnpm test
# Run specific test categories
tsx test/suite/smtpserver_commands/test.cmd-01.ehlo-command.ts
# Run with verbose output
tstest test/test.integration.ts --verbose
```
## Troubleshooting
@@ -1109,25 +1214,6 @@ dig TXT your-domain.com
- Test CIDR notation: `192.168.0.0/16` includes all 192.168.x.x addresses
- Confirm authentication state matches your expectations
**Common Route Patterns**
```typescript
// Debug route to log all traffic
{
name: 'debug-all',
priority: 1000,
match: { recipients: '*' },
action: { type: 'process', process: { scan: false } }
}
// Catch-all reject (should be lowest priority)
{
name: 'default-reject',
priority: 0,
match: { recipients: '*' },
action: { type: 'reject', reject: { code: 550, message: 'No route' } }
}
```
#### DNS Issues
```bash
# Test DNS server
@@ -1137,32 +1223,6 @@ dig @your-server.com your-domain.com
dig your-domain.com @8.8.8.8
```
### Logging and Monitoring
```typescript
import { SmartLog } from '@push.rocks/smartlog';
// Configure logging
const logger = new SmartLog({
level: 'info',
transport: 'console'
});
// Monitor email events
router.emailServer.on('emailReceived', (email) => {
logger.log('info', `Email received: ${email.from} -> ${email.to}`);
});
router.emailServer.on('emailSent', (result) => {
logger.log('info', `Email sent: ${result.messageId} (${result.status})`);
});
// Monitor proxy events
router.smartProxy.on('connectionEstablished', (connection) => {
logger.log('info', `Connection: ${connection.clientIp} -> ${connection.target}`);
});
```
### Performance Tuning
```typescript
@@ -1170,14 +1230,14 @@ const performanceConfig = {
// Connection limits
maxConnections: 1000,
connectionTimeout: 30000,
// Email queue settings
emailQueue: {
concurrency: 10,
maxRetries: 3,
retryDelay: 300000
},
// Cache settings
cache: {
ipReputation: { ttl: 3600000 }, // 1 hour
@@ -1187,60 +1247,23 @@ const performanceConfig = {
};
```
## License
## License and Legal Information
MIT License - see LICENSE file for details.
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file.
## Testing
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
### Comprehensive Test Suite
### Trademarks
DcRouter includes a comprehensive test suite covering all aspects of the system:
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
#### SMTP Protocol Tests
- **Commands**: EHLO, HELO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT, VRFY, EXPN, HELP
- **Extensions**: SIZE, PIPELINING, STARTTLS
- **Connection Management**: TLS/plain connections, timeouts, limits, rejection handling
- **Error Handling**: Syntax errors, invalid sequences, temporary/permanent failures
- **Email Processing**: Basic sending, multiple recipients, large emails, invalid addresses
- **Security**: Authentication, rate limiting
- **Performance**: Throughput testing
- **Edge Cases**: Very large emails, special characters
Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
#### Storage and Configuration Tests
- **Storage Manager**: All backend types (filesystem, custom, memory)
- **Integration**: Component storage usage and persistence
- **DNS Validation**: All DNS modes (forward, internal, external)
- **DNS Mode Switching**: Dynamic configuration changes
- **Data Migration**: Moving data between storage backends
### Company Information
#### Running Tests
Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany
```bash
# Run all tests
pnpm test
For any legal inquiries or further information, please contact us via email at hello@task.vc.
# Run specific test categories
tsx test/suite/commands/test.ehlo-command.ts
tsx test/suite/connection/test.tls-connection.ts
tsx test/suite/email-processing/test.basic-email.ts
# Run with verbose output
tstest test/suite/security/test.authentication.ts --verbose
```
### Test Infrastructure
The test suite uses a self-contained pattern where each test:
1. Starts its own SMTP server instance
2. Runs comprehensive test scenarios
3. Cleans up all resources
4. Provides detailed logging for debugging
This ensures tests are isolated, reliable, and can run in parallel.
## Support
- Documentation: [https://docs.serve.zone/dcrouter](https://docs.serve.zone/dcrouter)
- Issues: [https://github.com/serve-zone/dcrouter/issues](https://github.com/serve-zone/dcrouter/issues)
- Community: [https://community.serve.zone](https://community.serve.zone)
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.