UNPKG

@push.rocks/smartproxy

Version:

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

code.foss.global/push.rocks/smartproxy

212 lines 13.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
import * as plugins from '../../plugins.js'; import { IpMatcher } from '../routing/matchers/ip.js'; /** * Normalize IP addresses for comparison * Handles IPv4-mapped IPv6 addresses (::ffff:127.0.0.1) * * @param ip IP address to normalize * @returns Array of equivalent IP representations */ export function normalizeIP(ip) { if (!ip) return []; // Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1) if (ip.startsWith('::ffff:')) { const ipv4 = ip.slice(7); return [ip, ipv4]; } // Handle IPv4 addresses by also checking IPv4-mapped form if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) { return [ip, `::ffff:${ip}`]; } return [ip]; } /** * Check if an IP is authorized based on allow and block lists * * @param ip - The IP address to check * @param allowedIPs - Array of allowed IP patterns * @param blockedIPs - Array of blocked IP patterns * @returns Whether the IP is authorized */ export function isIPAuthorized(ip, allowedIPs = ['*'], blockedIPs = []) { // Skip IP validation if no rules if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) { return true; } // First check if IP is blocked - blocked IPs take precedence if (blockedIPs.length > 0) { for (const pattern of blockedIPs) { if (IpMatcher.match(pattern, ip)) { return false; } } } // If allowed IPs list has wildcard, all non-blocked IPs are allowed if (allowedIPs.includes('*')) { return true; } // Then check if IP is allowed in the explicit allow list if (allowedIPs.length > 0) { for (const pattern of allowedIPs) { if (IpMatcher.match(pattern, ip)) { return true; } } // If allowedIPs is specified but no match, deny access return false; } // Default allow if no explicit allow list return true; } /** * Check if an IP exceeds maximum connections * * @param ip - The IP address to check * @param ipConnectionsMap - Map of IPs to connection info * @param maxConnectionsPerIP - Maximum allowed connections per IP * @returns Result with allowed status and reason if blocked */ export function checkMaxConnections(ip, ipConnectionsMap, maxConnectionsPerIP) { if (!ipConnectionsMap.has(ip)) { return { allowed: true }; } const connectionCount = ipConnectionsMap.get(ip).connections.size; if (connectionCount >= maxConnectionsPerIP) { return { allowed: false, reason: `Maximum connections per IP (${maxConnectionsPerIP}) exceeded` }; } return { allowed: true }; } /** * Check if an IP exceeds connection rate limit * * @param ip - The IP address to check * @param ipConnectionsMap - Map of IPs to connection info * @param rateLimit - Maximum connections per minute * @returns Result with allowed status and reason if blocked */ export function checkConnectionRate(ip, ipConnectionsMap, rateLimit) { const now = Date.now(); const minute = 60 * 1000; // Get or create connection info if (!ipConnectionsMap.has(ip)) { const info = { connections: new Set(), timestamps: [now], ipVariants: normalizeIP(ip) }; ipConnectionsMap.set(ip, info); return { allowed: true }; } // Get timestamps and filter out entries older than 1 minute const info = ipConnectionsMap.get(ip); const timestamps = info.timestamps.filter(time => now - time < minute); timestamps.push(now); info.timestamps = timestamps; // Check if rate exceeds limit if (timestamps.length > rateLimit) { return { allowed: false, reason: `Connection rate limit (${rateLimit}/min) exceeded` }; } return { allowed: true }; } /** * Track a connection for an IP * * @param ip - The IP address * @param connectionId - The connection ID to track * @param ipConnectionsMap - Map of IPs to connection info */ export function trackConnection(ip, connectionId, ipConnectionsMap) { if (!ipConnectionsMap.has(ip)) { ipConnectionsMap.set(ip, { connections: new Set([connectionId]), timestamps: [Date.now()], ipVariants: normalizeIP(ip) }); return; } const info = ipConnectionsMap.get(ip); info.connections.add(connectionId); } /** * Remove connection tracking for an IP * * @param ip - The IP address * @param connectionId - The connection ID to remove * @param ipConnectionsMap - Map of IPs to connection info */ export function removeConnection(ip, connectionId, ipConnectionsMap) { if (!ipConnectionsMap.has(ip)) return; const info = ipConnectionsMap.get(ip); info.connections.delete(connectionId); if (info.connections.size === 0) { ipConnectionsMap.delete(ip); } } /** * Clean up expired rate limits * * @param rateLimits - Map of rate limits to clean up * @param logger - Logger for debug messages */ export function cleanupExpiredRateLimits(rateLimits, logger) { const now = Date.now(); let totalRemoved = 0; for (const [routeId, routeLimits] of rateLimits.entries()) { let removed = 0; for (const [key, limit] of routeLimits.entries()) { if (limit.expiry < now) { routeLimits.delete(key); removed++; totalRemoved++; } } if (removed > 0 && logger?.debug) { logger.debug(`Cleaned up ${removed} expired rate limits for route ${routeId}`); } } if (totalRemoved > 0 && logger?.info) { logger.info(`Cleaned up ${totalRemoved} expired rate limits total`); } } /** * Generate basic auth header value from username and password * * @param username - The username * @param password - The password * @returns Base64 encoded basic auth string */ export function generateBasicAuthHeader(username, password) { return `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`; } /** * Parse basic auth header * * @param authHeader - The Authorization header value * @returns Username and password, or null if invalid */ export function parseBasicAuthHeader(authHeader) { if (!authHeader || !authHeader.startsWith('Basic ')) { return null; } try { const base64 = authHeader.slice(6); // Remove 'Basic ' const decoded = Buffer.from(base64, 'base64').toString(); const [username, password] = decoded.split(':'); if (!username || !password) { return null; } return { username, password }; } catch (err) { return null; } } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktdXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9jb3JlL3V0aWxzL3NlY3VyaXR5LXV0aWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBMEN0RDs7Ozs7O0dBTUc7QUFDSCxNQUFNLFVBQVUsV0FBVyxDQUFDLEVBQVU7SUFDcEMsSUFBSSxDQUFDLEVBQUU7UUFBRSxPQUFPLEVBQUUsQ0FBQztJQUVuQix1REFBdUQ7SUFDdkQsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDN0IsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN6QixPQUFPLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ3BCLENBQUM7SUFFRCwwREFBMEQ7SUFDMUQsSUFBSSx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUN2QyxPQUFPLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ2QsQ0FBQztBQUVEOzs7Ozs7O0dBT0c7QUFDSCxNQUFNLFVBQVUsY0FBYyxDQUM1QixFQUFVLEVBQ1YsYUFBdUIsQ0FBQyxHQUFHLENBQUMsRUFDNUIsYUFBdUIsRUFBRTtJQUV6QixpQ0FBaUM7SUFDakMsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNoRSxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCw2REFBNkQ7SUFDN0QsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzFCLEtBQUssTUFBTSxPQUFPLElBQUksVUFBVSxFQUFFLENBQUM7WUFDakMsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELG9FQUFvRTtJQUNwRSxJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUM3QixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCx5REFBeUQ7SUFDekQsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzFCLEtBQUssTUFBTSxPQUFPLElBQUksVUFBVSxFQUFFLENBQUM7WUFDakMsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxPQUFPLElBQUksQ0FBQztZQUNkLENBQUM7UUFDSCxDQUFDO1FBQ0QsdURBQXVEO1FBQ3ZELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVELDBDQUEwQztJQUMxQyxPQUFPLElBQUksQ0FBQztBQUNkLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxVQUFVLG1CQUFtQixDQUNqQyxFQUFVLEVBQ1YsZ0JBQWdELEVBQ2hELG1CQUEyQjtJQUUzQixJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDOUIsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsTUFBTSxlQUFlLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUM7SUFFbkUsSUFBSSxlQUFlLElBQUksbUJBQW1CLEVBQUUsQ0FBQztRQUMzQyxPQUFPO1lBQ0wsT0FBTyxFQUFFLEtBQUs7WUFDZCxNQUFNLEVBQUUsK0JBQStCLG1CQUFtQixZQUFZO1NBQ3ZFLENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztBQUMzQixDQUFDO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sVUFBVSxtQkFBbUIsQ0FDakMsRUFBVSxFQUNWLGdCQUFnRCxFQUNoRCxTQUFpQjtJQUVqQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7SUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUV6QixnQ0FBZ0M7SUFDaEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxHQUFzQjtZQUM5QixXQUFXLEVBQUUsSUFBSSxHQUFHLEVBQUU7WUFDdEIsVUFBVSxFQUFFLENBQUMsR0FBRyxDQUFDO1lBQ2pCLFVBQVUsRUFBRSxXQUFXLENBQUMsRUFBRSxDQUFDO1NBQzVCLENBQUM7UUFDRixnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVELDREQUE0RDtJQUM1RCxNQUFNLElBQUksR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFFLENBQUM7SUFDdkMsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxHQUFHLE1BQU0sQ0FBQyxDQUFDO0lBQ3ZFLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDckIsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFFN0IsOEJBQThCO0lBQzlCLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxTQUFTLEVBQUUsQ0FBQztRQUNsQyxPQUFPO1lBQ0wsT0FBTyxFQUFFLEtBQUs7WUFDZCxNQUFNLEVBQUUsMEJBQTBCLFNBQVMsZ0JBQWdCO1NBQzVELENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztBQUMzQixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLGVBQWUsQ0FDN0IsRUFBVSxFQUNWLFlBQW9CLEVBQ3BCLGdCQUFnRDtJQUVoRCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDOUIsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRTtZQUN2QixXQUFXLEVBQUUsSUFBSSxHQUFHLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNwQyxVQUFVLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDeEIsVUFBVSxFQUFFLFdBQVcsQ0FBQyxFQUFFLENBQUM7U0FDNUIsQ0FBQyxDQUFDO1FBQ0gsT0FBTztJQUNULENBQUM7SUFFRCxNQUFNLElBQUksR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFFLENBQUM7SUFDdkMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUM7QUFDckMsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNILE1BQU0sVUFBVSxnQkFBZ0IsQ0FDOUIsRUFBVSxFQUNWLFlBQW9CLEVBQ3BCLGdCQUFnRDtJQUVoRCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUFFLE9BQU87SUFFdEMsTUFBTSxJQUFJLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDO0lBQ3ZDLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBRXRDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDaEMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzlCLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFVBQVUsd0JBQXdCLENBQ3RDLFVBQW9ELEVBQ3BELE1BQXdCO0lBRXhCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztJQUN2QixJQUFJLFlBQVksR0FBRyxDQUFDLENBQUM7SUFFckIsS0FBSyxNQUFNLENBQUMsT0FBTyxFQUFFLFdBQVcsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQzFELElBQUksT0FBTyxHQUFHLENBQUMsQ0FBQztRQUNoQixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLElBQUksV0FBVyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDakQsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLEdBQUcsRUFBRSxDQUFDO2dCQUN2QixXQUFXLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUN4QixPQUFPLEVBQUUsQ0FBQztnQkFDVixZQUFZLEVBQUUsQ0FBQztZQUNqQixDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksT0FBTyxHQUFHLENBQUMsSUFBSSxNQUFNLEVBQUUsS0FBSyxFQUFFLENBQUM7WUFDakMsTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLE9BQU8sa0NBQWtDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDakYsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLFlBQVksR0FBRyxDQUFDLElBQUksTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDO1FBQ3JDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxZQUFZLDRCQUE0QixDQUFDLENBQUM7SUFDdEUsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLFVBQVUsdUJBQXVCLENBQUMsUUFBZ0IsRUFBRSxRQUFnQjtJQUN4RSxPQUFPLFNBQVMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsSUFBSSxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO0FBQzlFLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sVUFBVSxvQkFBb0IsQ0FDbEMsVUFBa0I7SUFFbEIsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNwRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsa0JBQWtCO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3pELE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUVoRCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDM0IsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsT0FBTyxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsQ0FBQztJQUNoQyxDQUFDO0lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztRQUNiLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztBQUNILENBQUMifQ==