UNPKG

@push.rocks/smartproxy

Version:

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

code.foss.global/push.rocks/smartproxy

107 lines (106 loc) 3.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import type { ILogger } from './models/types.js'; import type { IRouteConfig } from '../smart-proxy/models/route-types.js'; import type { IRouteContext } from '../../core/models/route-context.js'; /** * Manages security features for the NetworkProxy * Implements Phase 5.4: Security features like IP filtering and rate limiting */ export declare class SecurityManager { private logger; private routes; private maxConnectionsPerIP; private connectionRateLimitPerMinute; private ipFilterCache; private rateLimits; private connectionsByIP; private connectionRateByIP; constructor(logger: ILogger, routes?: IRouteConfig[], maxConnectionsPerIP?: number, connectionRateLimitPerMinute?: number); /** * Update the routes configuration */ setRoutes(routes: IRouteConfig[]): void; /** * Check if a client is allowed to access a specific route * * @param route The route to check access for * @param context The route context with client information * @returns True if access is allowed, false otherwise */ isAllowed(route: IRouteConfig, context: IRouteContext): boolean; /** * Check if an IP is allowed based on route security settings */ private isIpAllowed; /** * Check if IP matches any pattern in the list */ private ipMatchesPattern; /** * Check if IP matches CIDR notation * Very basic implementation - for production use, consider a dedicated IP library */ private ipMatchesCidr; /** * Check if request is within rate limit */ private isWithinRateLimit; /** * Clean up expired rate limits * Should be called periodically to prevent memory leaks */ cleanupExpiredRateLimits(): void; /** * Check basic auth credentials * * @param route The route to check auth for * @param username The provided username * @param password The provided password * @returns True if credentials are valid, false otherwise */ checkBasicAuth(route: IRouteConfig, username: string, password: string): boolean; /** * Verify a JWT token * * @param route The route to verify the token for * @param token The JWT token to verify * @returns True if the token is valid, false otherwise */ verifyJwtToken(route: IRouteConfig, token: string): boolean; /** * Get connections count by IP */ getConnectionCountByIP(ip: string): number; /** * Check and update connection rate for an IP * @returns true if within rate limit, false if exceeding limit */ checkConnectionRate(ip: string): boolean; /** * Track connection by IP */ trackConnectionByIP(ip: string, connectionId: string): void; /** * Remove connection tracking for an IP */ removeConnectionByIP(ip: string, connectionId: string): void; /** * Check if IP should be allowed considering connection rate and max connections * @returns Object with result and reason */ validateIP(ip: string): { allowed: boolean; reason?: string; }; /** * Clears all IP tracking data (for shutdown) */ clearIPTracking(): void; /** * Start periodic cleanup of IP tracking data */ private startPeriodicIpCleanup; /** * Perform cleanup of expired IP data */ private performIpCleanup; }