build(deps): bump fgw scripts to 1.5.2 (#569)

Signed-off-by: Lin Yang <[email protected]>

charts/fsm/components/scripts/gateways/filters/tcp/ConcurrencyLimit.js

@@ -0,0 +1,30 @@
+export default function (config) {
+  var maxConnections = config.concurrencyLimit?.maxConnections | 0
+
+  if (maxConnections > 0) {
+    var quota = new algo.Quota(maxConnections, { key: config.key })
+
+    var $rejected = false
+
+    return pipeline($=>$
+      .onStart(() => {
+        if (quota.consume(1) <= 0) {
+          $rejected = true
+          return new StreamEnd
+        }
+      })
+      .pipe(() => $rejected ? 'reject' : 'pass', {
+        'reject': $=>$,
+        'pass': $=>$.pipeNext(),
+      })
+      .onEnd(() => {
+        console.log($rejected)
+        if (!$rejected) {
+          quota.produce(1)
+        }
+      })
+    )
+  } else {
+    return pipeline($=>$.pipeNext())
+  }
+}

charts/fsm/components/scripts/gateways/filters/tcp/IPRestriction.js

@@ -0,0 +1,38 @@
+export default function (config) {
+  var allowed = config.ipRestriction?.allowed || []
+  var forbidden = config.ipRestriction?.forbidden || []
+
+  allowed = allowed.map(s => {
+    if (s.indexOf('/') < 0) s += '/32'
+    return new IPMask(s)
+  })
+
+  forbidden = forbidden.map(s => {
+    if (s.indexOf('/') < 0) s += '/32'
+    return new IPMask(s)
+  })
+
+  var $rejected = false
+
+  return pipeline($=>$
+    .onStart(ctx => {
+      var ip = ctx.inbound.remoteAddress
+      if (allowed.length > 0) {
+        if (!allowed.some(m => m.contains(ip))) {
+          $rejected = true
+          return new StreamEnd
+        }
+      }
+      if (forbidden.length > 0) {
+        if (forbidden.some(m => m.contains(ip))) {
+          $rejected = true
+          return new StreamEnd
+        }
+      }
+    })
+    .pipe(() => $rejected ? 'reject' : 'pass', {
+      'reject': $=>$,
+      'pass': $=>$.pipeNext(),
+    })
+  )
+}

charts/fsm/components/scripts/gateways/filters/udp/DNSModifier.js

@@ -0,0 +1,78 @@
+import { log } from '../../utils.js'
+
+export default function (config) {
+  var hostnames = {}
+  var prefixes = []
+
+  config.dnsModifier.domains?.forEach?.(
+    ent => {
+      var name = ent.name
+      var answer = ent.answer
+      if (name.startsWith('*')) {
+        prefixes.push([name.substring(1), answer])
+      } else {
+        hostnames[name] = answer
+      }
+    }
+  )
+
+  function findAnswer(name) {
+    var a = hostnames[name]
+    if (a) return a
+    a = prefixes.find(([prefix]) => name.endsWith(prefix))
+    if (a) return a[1]
+  }
+
+  var $name
+  var $question
+  var $answer
+
+  return pipeline($=>$
+    .replaceData(data => {
+      if (data.size > 0) {
+        return new Message(data)
+      }
+    })
+    .demux().to($=>$
+      .replaceMessage(
+        msg => {
+          $question = DNS.decode(msg.body)
+          $name = $question?.question?.[0]?.name
+          if ($name) {
+            $answer = findAnswer($name)
+          } else {
+            $answer = null
+          }
+          log?.('[DNSModifier] Q =', $question, '; A =', $answer || '?')
+          return msg.body
+        }
+      )
+      .pipe(() => {
+        return $answer ? 'reply' : 'forward'
+      }, {
+        'reply': ($=>$
+          .replaceData(
+            () => new Message(DNS.encode({
+              id: $question.id,
+              qr: 1,
+              rd: 1,
+              ra: 1,
+              question: $question.question,
+              answer: [{
+                name: $name,
+                type: 'A',
+                ttl: 3600,
+                ...$answer,
+              }]
+            }))
+          )
+        ),
+        'forward': ($=>$
+          .pipeNext()
+          .replaceData(data => new Message(data))
+        ),
+      })
+    )
+    .replaceMessage(msg => msg.body)
+  )
+}