@push.rocks/smartproxy/dist_ts/core/utils/security-utils.d.ts

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

/**
 * Security utilities for IP validation, rate limiting,
 * authentication, and other security features
 */
/**
 * Result of IP validation
 */
export interface IIpValidationResult {
    allowed: boolean;
    reason?: string;
}
/**
 * IP connection tracking information
 */
export interface IIpConnectionInfo {
    connections: Set<string>;
    timestamps: number[];
    ipVariants: string[];
}
/**
 * Rate limit tracking
 */
export interface IRateLimitInfo {
    count: number;
    expiry: number;
}
/**
 * Logger interface for security utilities
 */
export interface ISecurityLogger {
    info: (message: string, ...args: any[]) => void;
    warn: (message: string, ...args: any[]) => void;
    error: (message: string, ...args: any[]) => void;
    debug?: (message: string, ...args: any[]) => void;
}
/**
 * Normalize IP addresses for comparison
 * Handles IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
 *
 * @param ip IP address to normalize
 * @returns Array of equivalent IP representations
 */
export declare function normalizeIP(ip: string): string[];
/**
 * Check if an IP is authorized based on allow and block lists
 *
 * @param ip - The IP address to check
 * @param allowedIPs - Array of allowed IP patterns
 * @param blockedIPs - Array of blocked IP patterns
 * @returns Whether the IP is authorized
 */
export declare function isIPAuthorized(ip: string, allowedIPs?: string[], blockedIPs?: string[]): boolean;
/**
 * Check if an IP exceeds maximum connections
 *
 * @param ip - The IP address to check
 * @param ipConnectionsMap - Map of IPs to connection info
 * @param maxConnectionsPerIP - Maximum allowed connections per IP
 * @returns Result with allowed status and reason if blocked
 */
export declare function checkMaxConnections(ip: string, ipConnectionsMap: Map<string, IIpConnectionInfo>, maxConnectionsPerIP: number): IIpValidationResult;
/**
 * Check if an IP exceeds connection rate limit
 *
 * @param ip - The IP address to check
 * @param ipConnectionsMap - Map of IPs to connection info
 * @param rateLimit - Maximum connections per minute
 * @returns Result with allowed status and reason if blocked
 */
export declare function checkConnectionRate(ip: string, ipConnectionsMap: Map<string, IIpConnectionInfo>, rateLimit: number): IIpValidationResult;
/**
 * Track a connection for an IP
 *
 * @param ip - The IP address
 * @param connectionId - The connection ID to track
 * @param ipConnectionsMap - Map of IPs to connection info
 */
export declare function trackConnection(ip: string, connectionId: string, ipConnectionsMap: Map<string, IIpConnectionInfo>): void;
/**
 * Remove connection tracking for an IP
 *
 * @param ip - The IP address
 * @param connectionId - The connection ID to remove
 * @param ipConnectionsMap - Map of IPs to connection info
 */
export declare function removeConnection(ip: string, connectionId: string, ipConnectionsMap: Map<string, IIpConnectionInfo>): void;
/**
 * Clean up expired rate limits
 *
 * @param rateLimits - Map of rate limits to clean up
 * @param logger - Logger for debug messages
 */
export declare function cleanupExpiredRateLimits(rateLimits: Map<string, Map<string, IRateLimitInfo>>, logger?: ISecurityLogger): void;
/**
 * Generate basic auth header value from username and password
 *
 * @param username - The username
 * @param password - The password
 * @returns Base64 encoded basic auth string
 */
export declare function generateBasicAuthHeader(username: string, password: string): string;
/**
 * Parse basic auth header
 *
 * @param authHeader - The Authorization header value
 * @returns Username and password, or null if invalid
 */
export declare function parseBasicAuthHeader(authHeader: string): {
    username: string;
    password: string;
} | null;