refractium 1.1.2

Extensible low-level reverse proxy for port multiplexing and protocol-based routing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

use crate::commands::Commands;
use crate::display;
use refractium::core::Refractium;
use refractium::protocols::dns::Dns;
use refractium::protocols::ftp::Ftp;
use refractium::protocols::http::Http;
use refractium::protocols::https::Https;
use refractium::protocols::ssh::Ssh;
use refractium::protocols::{DynamicProtocol, ProtocolRegistry};
use refractium::types::{ProxyConfig, Transport};
use std::collections::HashMap;
use std::net::SocketAddr;
use std::process;
use std::sync::Arc;
use tokio::net::lookup_host;
use tokio_util::sync::CancellationToken;

pub fn setup_refractium(config: &ProxyConfig, cancel_token: CancellationToken) -> Refractium {
    let (registry_tcp, routes_tcp) = setup_engine(config, &Transport::Tcp);
    let (registry_udp, routes_udp) = setup_engine(config, &Transport::Udp);

    Refractium::builder()
        .registries(registry_tcp, registry_udp)
        .routes(routes_tcp, routes_udp)
        .peek_config(config.peek_buffer_size, config.peek_timeout_ms)
        .max_connections(config.max_connections)
        .max_connections_per_ip(config.max_connections_per_ip)
        .cancel_token(cancel_token)
        .build()
}

pub async fn execute_refractium(
    command: Option<Commands>,
    refractium: Arc<Refractium>,
    _cancel_token: CancellationToken,
) -> anyhow::Result<()> {
    let addr = resolve_addr_from_str("0.0.0.0:8080").await?;

    match command {
        Some(Commands::Tcp) => {
            display::print_info("TCP", "0.0.0.0", 8080);
            refractium.run_tcp(addr).await.map_err(Into::into)
        }
        Some(Commands::Udp) => {
            display::print_info("UDP", "0.0.0.0", 8080);
            refractium.run_udp(addr).await.map_err(Into::into)
        }
        _ => {
            display::print_info("TCP + UDP", "0.0.0.0", 8080);
            refractium.run_both(addr).await.map_err(Into::into)
        }
    }
}

pub fn get_routes(config: &ProxyConfig, filter: &Transport) -> HashMap<String, Vec<String>> {
    let mut routes = HashMap::new();
    let built_in_map = [
        ("http", Transport::Tcp),
        ("https", Transport::Tcp),
        ("ssh", Transport::Tcp),
        ("ftp", Transport::Tcp),
        ("dns", Transport::Udp),
    ];

    for route in &config.protocols {
        let mut effective_transport = &route.transport;

        // If it's a built-in, enforce its native transport
        if let Some(&(name, ref native)) = built_in_map.iter().find(|(n, _)| *n == route.name) {
            if route.transport == Transport::Both {
                effective_transport = native;
            } else if route.transport != *native {
                display::print_error(&format!(
                    "Protocol mismatch: '{}' must be {:?}, but is configured as {:?}",
                    name, native, route.transport
                ));
                process::exit(1);
            }
        }

        if *effective_transport == *filter || *effective_transport == Transport::Both {
            let key = route.sni.as_ref().map_or_else(
                || route.name.clone(),
                |sni| format!("{}:{}", route.name, sni),
            );
            routes.insert(key, route.forward_to.to_vec());
        }
    }

    let fallback = match filter {
        Transport::Tcp => config.fallback_tcp.as_ref(),
        Transport::Udp => config.fallback_udp.as_ref(),
        Transport::Both => None,
    };
    if let Some(fb) = fallback {
        routes.insert("fallback".to_string(), vec![fb.clone()]);
    }
    routes
}

fn setup_engine(
    config: &ProxyConfig,
    filter: &Transport,
) -> (Arc<ProtocolRegistry>, HashMap<String, Vec<String>>) {
    let mut registry = ProtocolRegistry::new();

    if matches!(filter, Transport::Tcp | Transport::Both) {
        #[cfg(feature = "proto-http")]
        registry.register(Arc::new(Http));
        #[cfg(feature = "proto-https")]
        registry.register(Arc::new(Https));
        #[cfg(feature = "proto-ssh")]
        registry.register(Arc::new(Ssh));
        #[cfg(feature = "proto-ftp")]
        registry.register(Arc::new(Ftp));
    }
    if matches!(filter, Transport::Udp | Transport::Both) {
        #[cfg(feature = "proto-dns")]
        registry.register(Arc::new(Dns));
    }

    for route in &config.protocols {
        if (route.transport == *filter || route.transport == Transport::Both)
            && let Some(ref patterns) = route.patterns
        {
            registry.register(Arc::new(DynamicProtocol {
                name: route.name.clone(),
                patterns: patterns.clone(),
            }));
        }
    }

    (Arc::new(registry), get_routes(config, filter))
}

async fn resolve_addr_from_str(addr_str: &str) -> anyhow::Result<SocketAddr> {
    match lookup_host(addr_str).await {
        Ok(mut addrs) => addrs
            .next()
            .ok_or_else(|| anyhow::anyhow!("Could not resolve any address for {addr_str}")),
        Err(e) => {
            display::print_resolve_error(addr_str, &e.to_string());
            process::exit(1);
        }
    }
}