11import Fastify from 'fastify' ;
22import { createServer } from 'node:http' ;
3- import { server as wisp , logging } from "@mercuryworkshop/wisp-js/server " ;
3+ import { Mrrowisp } from "mrrowisp " ;
44import createRammerhead from '../lib/rammerhead/src/server/index.js' ;
55import fastifyHelmet from '@fastify/helmet' ;
66import fastifyStatic from '@fastify/static' ;
@@ -21,29 +21,87 @@ import { existsSync, unlinkSync } from 'node:fs';
2121 */
2222console . log ( serverUrl ) ;
2323
24- // Wisp Configuration: Refer to the documentation at https://www.npmjs.com/package/@mercuryworkshop /wisp-js
25-
26- logging . set_level ( logging . NONE ) ;
27- wisp . options . allow_udp_streams = false ;
28- wisp . options . allow_loopback_ips = true ;
29-
30- // For security reasons only allow these ports. Any additional regional proxies or default sandboxed Tor ports should be added here.
31- wisp . options . port_whitelist = [
32- 80 ,
33- 443 ,
34- 9050 ,
35- 7000 ,
36- 7001
37- ] ;
38-
39- wisp . options . port_blacklist = [
40- [ 6881 , 6889 ] ,
41- 6969 ,
42- 1337 ,
43- [ 6969 , 6969 ] ,
44- 51413 ,
45- [ 49152 , 65535 ]
46- ] ;
24+ // Wisp Configuration: Refer to the documentation at https://www.npmjs.com/package/mrrowisp
25+
26+ const wisp = new Mrrowisp ( {
27+ port : 6001 ,
28+ logLevel : 'info' ,
29+
30+ allowTCP : true ,
31+ allowUDP : false ,
32+ enableV2 : true ,
33+ enableTwisp : false ,
34+ websocketPermessageDeflate : false ,
35+
36+ allowDirectIP : true ,
37+ allowPrivateIPs : false ,
38+ allowLoopbackIPs : true ,
39+
40+ parseRealIP : true ,
41+ trustedHeaders : [ 'CF-Connecting-IP' , 'X-Forwarded-For' ] ,
42+
43+ whitelist : {
44+ hostnames : [ ] ,
45+ ports : [
46+ 80 ,
47+ 443 ,
48+ 9050 ,
49+ 7000 ,
50+ 7001
51+ ] ,
52+ } ,
53+
54+ connectionsLimitPerIP : 32 ,
55+ connectionWindowSeconds : 10 ,
56+ tcpBufferSize : 65535 ,
57+ bufferRemainingLength : 65536 ,
58+ tcpNoDelay : true ,
59+ maxMessageSize : 4 * 1024 * 1024 ,
60+
61+ passwordAuth : false ,
62+
63+ floodProtection : {
64+ enabled : true ,
65+ maxConnectsPerSourceIPPerSecond : 25 ,
66+ maxConnectsPerDestPerSecond : 64 ,
67+ maxConnectsPerDestPerMinute : 600 ,
68+ maxInFlightSyns : 192 ,
69+ maxConcurrentStreamsPerConnection : 128 ,
70+ maxConcurrentConnections : 768 ,
71+ synFloodSignature : {
72+ enabled : true ,
73+ windowMs : 2000 ,
74+ minSamples : 24 ,
75+ failedHandshakeRatio : 0.7 ,
76+ } ,
77+ wsCloseAfterViolations : 8 ,
78+ logBlockedDials : true ,
79+ } ,
80+
81+ reputation : {
82+ enabled : true ,
83+ storePath : './data/mrrowisp-reputation.json' ,
84+ saveIntervalSeconds : 30 ,
85+ scoreDecayPerHour : 2 ,
86+ evictAfterDays : 7 ,
87+ thresholds : { warn : 25 , throttle : 55 , strict : 85 } ,
88+ weights : {
89+ privateEgress : 20 ,
90+ synSignature : 25 ,
91+ twispNoAuth : 40 ,
92+ burstRate : 5 ,
93+ successfulStream : - 2 ,
94+ requestKnownBadDest : 3 ,
95+ } ,
96+ destinationWeights : {
97+ privateEgress : 25 ,
98+ synSignature : 30 ,
99+ distinctSourcesEscalation : 1 ,
100+ } ,
101+ } ,
102+ } ) ;
103+
104+ wisp . start ( 4 ) ;
47105
48106// The server will check for the existence of this file when a shutdown is requested.
49107// The shutdown script in run-command.js will temporarily produce this file.
@@ -101,7 +159,7 @@ const serverFactory = (handler) => {
101159 . on ( 'upgrade' , ( req , socket , head ) => {
102160 if ( shouldRouteRh ( req ) ) routeRhUpgrade ( req , socket , head ) ;
103161 else if ( req . url . endsWith ( getAltPrefix ( 'wisp' , serverUrl . pathname ) ) )
104- wisp . routeRequest ( req , socket , head ) ;
162+ wisp . route ( req , socket , head ) ;
105163 } ) ;
106164} ;
107165
@@ -281,6 +339,7 @@ app.get(serverUrl.pathname + ':path', (req, reply) => {
281339 // is present, gracefully shut the server down.
282340 if ( reqPath === 'test-shutdown' && existsSync ( shutdown ) ) {
283341 console . log ( 'InvisiProxy is shutting down.' ) ;
342+ wisp . stop ( ) ;
284343 app . close ( ) ;
285344 unlinkSync ( shutdown ) ;
286345 process . exitCode = 0 ;
@@ -339,7 +398,7 @@ app.addHook('onSend', (request, reply, payload, done) => {
339398
340399app . listen ( { port : serverUrl . port , host : serverUrl . hostname } ) ;
341400console . log ( `InvisiProxy is listening on port ${ serverUrl . port } .` ) ;
342- console . log ( `When hosting with a reverse proxy please ensure you are using NGINX only.\nCaddy and Apache have security risks due to wisp-js and loopbacks. Please configure them correctly.\nNGINX is recommended and used for production. Ports are whitelisted and security is maintained with NGINX only.` ) ;
401+ console . log ( `When hosting with a reverse proxy please ensure you are using NGINX only.\nCaddy and Apache have security risks due to mrrowisp and loopbacks. Please configure them correctly.\nNGINX is recommended and used for production. Ports are whitelisted and security is maintained with NGINX only.` ) ;
343402if ( config . disguiseFiles )
344403 console . log (
345404 'disguiseFiles is enabled. Visit src/routes.mjs to see the entry point, listed within the pages variable.'
0 commit comments