mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-05-26 07:08:01 +00:00
19e88c4610
* fix: hash-storage panic on SIGHUP and seeder dup-key on cold restart (#4539) Two bugs that combine into an unrecoverable crash loop after a user enables the Telegram bot in settings on a fresh install. 1. CheckHashStorageJob.Run panics with a nil pointer dereference. The cron job is scheduled whenever settings say the bot is enabled, but the package-level hash storage is only initialized inside Tgbot.Start, which StartPanelOnly intentionally skips (startTgBot=false). Toggling the bot on via the panel triggers SIGHUP, the storage stays nil, and the cron fires 2 minutes later and panics, exiting 2. 2. seedClientsFromInboundJSON is not idempotent. The fresh-install early-return path recorded only UserPasswordHash + ApiTokensTable, never ClientsTable. After the admin adds clients via the panel (which writes to the clients table through SyncInbound), the next start runs the seeder for the first time, finds matching emails already in the table, and fails with SQLSTATE 23505 on idx_clients_email, turning the panic above into an unrecoverable crash loop on PostgreSQL. Fixes: - web/job/check_hash_storage.go: nil-check the storage before calling RemoveExpiredHashes. - database/db.go: in the fresh-install early-return path, also record ClientsTable so the seeder never re-runs against panel-added data. - database/db.go: hydrate seedClientsFromInboundJSON's byEmail cache from existing rows so it merges instead of inserting when a row with the same email already lives in the clients table. Regression tests cover both paths. Closes #4539 * fix(clients): preserve protocol-specific credentials across multi-inbound syncs (#4538) fillProtocolDefaults only populates the credential relevant to the inbound's protocol (c.ID for VLESS, c.Auth for Hysteria, c.Password for Trojan/Shadowsocks). Each inbound's settings.clients JSON therefore carries the same client with only one of those fields set. SyncInbound's update path was unconditionally copying every credential column from incoming to the existing clients row, so the second sync (e.g. Hysteria after VLESS) would write UUID="" over a valid VLESS UUID and Auth="" the other way around. The next GetXrayConfig then emitted VLESS client entries with no "id" field, and xray-core crashed on startup with "common/uuid: invalid UUID:". Guard UUID/Password/Auth/Flow/Security/Reverse against empty overwrites so each protocol's sync only writes the credentials it actually owns. Other fields (LimitIP, TotalGB, Comment, etc.) keep the existing copy-everything behavior so admins can still clear them through the panel. Regression test in client_sync_multiprotocol_test.go. Closes #4538 * fix(expiry): show delayed-start countdown in subscribe and client info (#4535) A client with "start after first use" expiry stores the duration as a negative number of milliseconds (e.g. -86400000 = 1 day after first connect). The clients page row already renders this correctly as "Delayed start: 1d", but two other surfaces treated negative values as zero and rendered them as unlimited: - Subscription header: the index==0 / index>0 branches in subService, subClashService and subJsonService only carried ExpiryTime forward when > 0, so traffic.ExpiryTime stayed at zero and the header sent expire=0. Every imported client appeared to have no expiry, and the built-in subscribe page rendered the "unlimited" tag. - ClientInfoModal: both the expiryLabel helper and the rendering check treated <= 0 as the "no expiry" branch, so the modal showed an infinity tag instead of "Delayed start: Nd". Add subscriptionExpiryFromClient to map negative durations onto a "now + |value|" timestamp so subscription clients see an actual expiry they can count down from. Update ClientInfoModal's helper and render to match the clients-page convention. Regression test in subService_test.go covers the helper. Refs #4535 * feat(clash): emit xhttp and httpupgrade transports in subscription (#4531) applyTransport's switch only covered tcp/ws/grpc; xhttp and httpupgrade inbounds fell through to the default branch and returned false. buildProxy then returned a nil map and the inbound was dropped from the Clash subscription. When the subscription only contained xhttp/httpupgrade inbounds, the proxies list ended up empty and the client saw a 404 (or an "Error!" body on older builds), then refused to parse. Add a case for each, mapping the inbound's stream settings onto the Mihomo-format opts blocks: xhttp -> xhttp-opts: { path, host, mode } httpupgrade -> http-upgrade-opts: { path, headers: { Host } } Host falls back to the headers map when the dedicated `host` field is empty, matching the existing ws behavior. Closes #4531 * fix(online): refresh online-clients list even when no WS frontend is connected (#4515) XrayTrafficJob and NodeTrafficSyncJob both gated the entire post-traffic-write block behind websocket.HasClients() to skip expensive broadcasts when no browser is open. The block included the RefreshOnlineClientsFromMap call that keeps the in-memory p.onlineClients list current. Several non-WS consumers read that same list: - Telegram bot (tgbot.go calls p.GetOnlineClients in 3 places) - REST GET /panel/api/onlines (returned to API callers) - Internal alerts that check whether a client is online When no browser was watching the dashboard, the list went stale and stayed empty, so the bot reported "nobody online" and the onlines API returned [] even when xray had active sessions. Move RefreshOnlineClientsFromMap above the HasClients guard so the in-memory list is always fresh. Only the actual BroadcastTraffic / BroadcastClientStats / BroadcastOutbounds calls (and the GetAllClientTraffics / GetInboundsTrafficSummary work that feeds them) remain gated by HasClients. Closes #4515 * fix: address copilot review on #4545 Two issues raised by the Copilot review: 1) subscriptionExpiryFromClient called time.Now() per invocation. Two clients with the same delayed-start duration normalized to timestamps a few milliseconds apart, so the aggregator's "if normalized != traffic.ExpiryTime" check tripped and the subscription header expire= dropped back to 0 — the exact bug the helper was meant to fix, just one client later. Take nowMs as a parameter; each of GetSubs / GetClash / GetConfig captures one timestamp per request and reuses it. 2) Guarding Flow against empty incoming values in SyncInbound prevented a user from ever clearing a VLESS flow via the panel. FlowOverride on client_inbounds is the per-inbound mechanism that already preserves flow correctly across protocols, so the guard on the shared clients.flow column is the wrong place. Drop the Flow guard, keep the rest (UUID/Password/Auth/Security/ Reverse — none of which have a per-inbound override column). Adds a regression test that asserts clearing flow on the owning inbound makes ListForInbound return flow="". The existing cross-protocol test is rewritten to assert on the user-visible behavior (ListForInbound flow) instead of the shared clients.flow column.
1876 lines
53 KiB
Go
1876 lines
53 KiB
Go
package sub
|
||
|
||
import (
|
||
"encoding/base64"
|
||
"fmt"
|
||
"maps"
|
||
"net"
|
||
"net/url"
|
||
"slices"
|
||
"strings"
|
||
"time"
|
||
|
||
"github.com/gin-gonic/gin"
|
||
"github.com/goccy/go-json"
|
||
|
||
"github.com/mhsanaei/3x-ui/v3/database"
|
||
"github.com/mhsanaei/3x-ui/v3/database/model"
|
||
"github.com/mhsanaei/3x-ui/v3/logger"
|
||
"github.com/mhsanaei/3x-ui/v3/util/common"
|
||
"github.com/mhsanaei/3x-ui/v3/util/random"
|
||
"github.com/mhsanaei/3x-ui/v3/web/service"
|
||
"github.com/mhsanaei/3x-ui/v3/xray"
|
||
)
|
||
|
||
// SubService provides business logic for generating subscription links and managing subscription data.
|
||
type SubService struct {
|
||
address string
|
||
showInfo bool
|
||
remarkModel string
|
||
datepicker string
|
||
emailInRemark bool
|
||
inboundService service.InboundService
|
||
settingService service.SettingService
|
||
// nodesByID is populated per request from the Node table so
|
||
// resolveInboundAddress can return the node's address for any
|
||
// inbound whose NodeID is set. Keeps the per-link host derivation
|
||
// O(1) instead of O(N) DB hits.
|
||
nodesByID map[int]*model.Node
|
||
}
|
||
|
||
// NewSubService creates a new subscription service with the given configuration.
|
||
func NewSubService(showInfo bool, remarkModel string) *SubService {
|
||
return &SubService{
|
||
showInfo: showInfo,
|
||
remarkModel: remarkModel,
|
||
}
|
||
}
|
||
|
||
// PrepareForRequest sets per-request state (host + nodes map) on the
|
||
// shared SubService. Called by every entry point — GetSubs, GetJson,
|
||
// GetClash — so resolveInboundAddress sees the right host and the
|
||
// freshly-loaded node map regardless of which sub flavour the client
|
||
// hit.
|
||
func (s *SubService) PrepareForRequest(host string) {
|
||
s.address = host
|
||
s.loadNodes()
|
||
}
|
||
|
||
// GetSubs retrieves subscription links for a given subscription ID and host.
|
||
func (s *SubService) GetSubs(subId string, host string) ([]string, int64, xray.ClientTraffic, error) {
|
||
s.PrepareForRequest(host)
|
||
var result []string
|
||
var traffic xray.ClientTraffic
|
||
var lastOnline int64
|
||
var hasEnabledClient bool
|
||
var clientTraffics []xray.ClientTraffic
|
||
inbounds, err := s.getInboundsBySubId(subId)
|
||
if err != nil {
|
||
return nil, 0, traffic, err
|
||
}
|
||
|
||
if len(inbounds) == 0 {
|
||
return nil, 0, traffic, nil
|
||
}
|
||
|
||
s.datepicker, err = s.settingService.GetDatepicker()
|
||
if err != nil {
|
||
s.datepicker = "gregorian"
|
||
}
|
||
|
||
s.emailInRemark, err = s.settingService.GetSubEmailInRemark()
|
||
if err != nil {
|
||
s.emailInRemark = true
|
||
}
|
||
|
||
seenEmails := make(map[string]struct{})
|
||
for _, inbound := range inbounds {
|
||
clients, err := s.inboundService.GetClients(inbound)
|
||
if err != nil {
|
||
logger.Error("SubService - GetClients: Unable to get clients from inbound")
|
||
}
|
||
if clients == nil {
|
||
continue
|
||
}
|
||
s.projectThroughFallbackMaster(inbound)
|
||
for _, client := range clients {
|
||
if client.SubID == subId {
|
||
if client.Enable {
|
||
hasEnabledClient = true
|
||
}
|
||
result = append(result, s.GetLink(inbound, client.Email))
|
||
var ct xray.ClientTraffic
|
||
ct, clientTraffics = s.appendUniqueTraffic(seenEmails, clientTraffics, inbound.ClientStats, client.Email)
|
||
if ct.LastOnline > lastOnline {
|
||
lastOnline = ct.LastOnline
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
now := time.Now().UnixMilli()
|
||
for index, clientTraffic := range clientTraffics {
|
||
if index == 0 {
|
||
traffic.Up = clientTraffic.Up
|
||
traffic.Down = clientTraffic.Down
|
||
traffic.Total = clientTraffic.Total
|
||
traffic.ExpiryTime = subscriptionExpiryFromClient(now, clientTraffic.ExpiryTime)
|
||
} else {
|
||
traffic.Up += clientTraffic.Up
|
||
traffic.Down += clientTraffic.Down
|
||
if traffic.Total == 0 || clientTraffic.Total == 0 {
|
||
traffic.Total = 0
|
||
} else {
|
||
traffic.Total += clientTraffic.Total
|
||
}
|
||
normalized := subscriptionExpiryFromClient(now, clientTraffic.ExpiryTime)
|
||
if normalized != traffic.ExpiryTime {
|
||
traffic.ExpiryTime = 0
|
||
}
|
||
}
|
||
}
|
||
traffic.Enable = hasEnabledClient
|
||
return result, lastOnline, traffic, nil
|
||
}
|
||
|
||
func subscriptionExpiryFromClient(nowMs, expiryTime int64) int64 {
|
||
if expiryTime > 0 {
|
||
return expiryTime
|
||
}
|
||
if expiryTime < 0 {
|
||
return nowMs + (-expiryTime)
|
||
}
|
||
return 0
|
||
}
|
||
|
||
func (s *SubService) getInboundsBySubId(subId string) ([]*model.Inbound, error) {
|
||
db := database.GetDB()
|
||
var inbounds []*model.Inbound
|
||
err := db.Model(model.Inbound{}).Preload("ClientStats").Where(`id in (
|
||
SELECT DISTINCT inbounds.id
|
||
FROM inbounds
|
||
JOIN client_inbounds ON client_inbounds.inbound_id = inbounds.id
|
||
JOIN clients ON clients.id = client_inbounds.client_id
|
||
WHERE
|
||
inbounds.protocol in ('vmess','vless','trojan','shadowsocks','hysteria','hysteria2')
|
||
AND clients.sub_id = ? AND inbounds.enable = ?
|
||
)`, subId, true).Find(&inbounds).Error
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
return inbounds, nil
|
||
}
|
||
|
||
// appendUniqueTraffic resolves the traffic stats for email and appends them
|
||
// to acc only the first time email is seen. Shared-email mode lets one
|
||
// client_traffics row underpin several inbounds, so without dedupe its
|
||
// quota and usage would be counted once per inbound.
|
||
func (s *SubService) appendUniqueTraffic(seen map[string]struct{}, acc []xray.ClientTraffic, stats []xray.ClientTraffic, email string) (xray.ClientTraffic, []xray.ClientTraffic) {
|
||
ct := s.getClientTraffics(stats, email)
|
||
if _, dup := seen[email]; !dup {
|
||
seen[email] = struct{}{}
|
||
acc = append(acc, ct)
|
||
}
|
||
return ct, acc
|
||
}
|
||
|
||
func (s *SubService) getClientTraffics(traffics []xray.ClientTraffic, email string) xray.ClientTraffic {
|
||
for _, traffic := range traffics {
|
||
if traffic.Email == email {
|
||
return traffic
|
||
}
|
||
}
|
||
return xray.ClientTraffic{}
|
||
}
|
||
|
||
// projectThroughFallbackMaster mutates the inbound in place so its
|
||
// Listen/Port/StreamSettings reflect the externally reachable master
|
||
// when applicable. Covers both fallback mechanisms:
|
||
// - panel-tracked: an inbound_fallbacks row where child_id = inbound.Id
|
||
// - legacy unix-socket: inbound.Listen begins with "@" and some VLESS/
|
||
// Trojan inbound's settings.fallbacks references that listen address
|
||
//
|
||
// Returns true when a projection happened; sub services call this before
|
||
// generating links so a child VLESS-WS bound to 127.0.0.1 emits the
|
||
// master's :443 + TLS state instead of its own loopback endpoint.
|
||
func (s *SubService) projectThroughFallbackMaster(inbound *model.Inbound) bool {
|
||
if inbound == nil {
|
||
return false
|
||
}
|
||
db := database.GetDB()
|
||
var master *model.Inbound
|
||
|
||
var rule model.InboundFallback
|
||
if err := db.Where("child_id = ?", inbound.Id).
|
||
Order("sort_order ASC, id ASC").
|
||
First(&rule).Error; err == nil {
|
||
var m model.Inbound
|
||
if err := db.Where("id = ?", rule.MasterId).First(&m).Error; err == nil {
|
||
master = &m
|
||
}
|
||
}
|
||
|
||
if master == nil && len(inbound.Listen) > 0 && inbound.Listen[0] == '@' {
|
||
var m model.Inbound
|
||
if err := db.Model(model.Inbound{}).
|
||
Where("JSON_TYPE(settings, '$.fallbacks') = 'array'").
|
||
Where("EXISTS (SELECT * FROM json_each(settings, '$.fallbacks') WHERE json_extract(value, '$.dest') = ?)", inbound.Listen).
|
||
First(&m).Error; err == nil {
|
||
master = &m
|
||
}
|
||
}
|
||
|
||
if master == nil {
|
||
return false
|
||
}
|
||
inbound.StreamSettings = mergeStreamFromMaster(inbound.StreamSettings, master.StreamSettings)
|
||
inbound.Listen = master.Listen
|
||
inbound.Port = master.Port
|
||
return true
|
||
}
|
||
|
||
// mergeStreamFromMaster copies the master's security + tlsSettings +
|
||
// realitySettings + externalProxy onto the child's stream so the child's
|
||
// link advertises the master's TLS / Reality state. Transport (network
|
||
// + ws/grpc/etc. settings) stays the child's.
|
||
func mergeStreamFromMaster(childStream, masterStream string) string {
|
||
var stream map[string]any
|
||
json.Unmarshal([]byte(childStream), &stream)
|
||
if stream == nil {
|
||
stream = map[string]any{}
|
||
}
|
||
var mst map[string]any
|
||
json.Unmarshal([]byte(masterStream), &mst)
|
||
if mst == nil {
|
||
return childStream
|
||
}
|
||
stream["security"] = mst["security"]
|
||
if v, ok := mst["tlsSettings"]; ok {
|
||
stream["tlsSettings"] = v
|
||
} else {
|
||
delete(stream, "tlsSettings")
|
||
}
|
||
if v, ok := mst["realitySettings"]; ok {
|
||
stream["realitySettings"] = v
|
||
} else {
|
||
delete(stream, "realitySettings")
|
||
}
|
||
if v, ok := mst["externalProxy"]; ok {
|
||
stream["externalProxy"] = v
|
||
}
|
||
out, err := json.MarshalIndent(stream, "", " ")
|
||
if err != nil {
|
||
return childStream
|
||
}
|
||
return string(out)
|
||
}
|
||
|
||
// GetLink dispatches to the protocol-specific generator for one (inbound, client)
|
||
// pair. Returns "" when the inbound's protocol doesn't produce a subscription URL
|
||
// (socks, http, mixed, wireguard, dokodemo, tunnel). The returned string may
|
||
// contain multiple `\n`-separated URLs when the inbound has externalProxy set.
|
||
func (s *SubService) GetLink(inbound *model.Inbound, email string) string {
|
||
switch inbound.Protocol {
|
||
case "vmess":
|
||
return s.genVmessLink(inbound, email)
|
||
case "vless":
|
||
return s.genVlessLink(inbound, email)
|
||
case "trojan":
|
||
return s.genTrojanLink(inbound, email)
|
||
case "shadowsocks":
|
||
return s.genShadowsocksLink(inbound, email)
|
||
case "hysteria", "hysteria2":
|
||
return s.genHysteriaLink(inbound, email)
|
||
}
|
||
return ""
|
||
}
|
||
|
||
// Protocol link generators are intentionally ordered as:
|
||
// vmess -> vless -> trojan -> shadowsocks -> hysteria.
|
||
func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string {
|
||
if inbound.Protocol != model.VMESS {
|
||
return ""
|
||
}
|
||
address := s.resolveInboundAddress(inbound)
|
||
obj := map[string]any{
|
||
"v": "2",
|
||
"add": address,
|
||
"port": inbound.Port,
|
||
"type": "none",
|
||
}
|
||
stream := unmarshalStreamSettings(inbound.StreamSettings)
|
||
network, _ := stream["network"].(string)
|
||
applyVmessNetworkParams(stream, network, obj)
|
||
if finalmask, ok := stream["finalmask"].(map[string]any); ok {
|
||
applyFinalMaskObj(finalmask, obj)
|
||
}
|
||
security, _ := stream["security"].(string)
|
||
obj["tls"] = security
|
||
if security == "tls" {
|
||
applyVmessTLSParams(stream, obj)
|
||
}
|
||
|
||
clients, _ := s.inboundService.GetClients(inbound)
|
||
clientIndex := findClientIndex(clients, email)
|
||
obj["id"] = clients[clientIndex].ID
|
||
obj["scy"] = clients[clientIndex].Security
|
||
|
||
externalProxies, _ := stream["externalProxy"].([]any)
|
||
|
||
if len(externalProxies) > 0 {
|
||
return s.buildVmessExternalProxyLinks(externalProxies, obj, inbound, email)
|
||
}
|
||
|
||
obj["ps"] = s.genRemark(inbound, email, "")
|
||
return buildVmessLink(obj)
|
||
}
|
||
|
||
func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
|
||
if inbound.Protocol != model.VLESS {
|
||
return ""
|
||
}
|
||
address := s.resolveInboundAddress(inbound)
|
||
stream := unmarshalStreamSettings(inbound.StreamSettings)
|
||
clients, _ := s.inboundService.GetClients(inbound)
|
||
clientIndex := findClientIndex(clients, email)
|
||
uuid := clients[clientIndex].ID
|
||
port := inbound.Port
|
||
streamNetwork := stream["network"].(string)
|
||
params := make(map[string]string)
|
||
params["type"] = streamNetwork
|
||
|
||
// Add encryption parameter for VLESS from inbound settings
|
||
var settings map[string]any
|
||
json.Unmarshal([]byte(inbound.Settings), &settings)
|
||
if encryption, ok := settings["encryption"].(string); ok {
|
||
params["encryption"] = encryption
|
||
}
|
||
|
||
applyShareNetworkParams(stream, streamNetwork, params)
|
||
if finalmask, ok := stream["finalmask"].(map[string]any); ok {
|
||
applyFinalMaskParams(finalmask, params)
|
||
}
|
||
security, _ := stream["security"].(string)
|
||
switch security {
|
||
case "tls":
|
||
applyShareTLSParams(stream, params)
|
||
if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 {
|
||
params["flow"] = clients[clientIndex].Flow
|
||
}
|
||
case "reality":
|
||
applyShareRealityParams(stream, params)
|
||
if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 {
|
||
params["flow"] = clients[clientIndex].Flow
|
||
}
|
||
default:
|
||
params["security"] = "none"
|
||
}
|
||
|
||
externalProxies, _ := stream["externalProxy"].([]any)
|
||
|
||
if len(externalProxies) > 0 {
|
||
return s.buildExternalProxyURLLinks(
|
||
externalProxies,
|
||
params,
|
||
security,
|
||
func(dest string, port int) string {
|
||
return fmt.Sprintf("vless://%s@%s:%d", uuid, dest, port)
|
||
},
|
||
func(ep map[string]any) string {
|
||
return s.genRemark(inbound, email, ep["remark"].(string))
|
||
},
|
||
)
|
||
}
|
||
|
||
link := fmt.Sprintf("vless://%s@%s:%d", uuid, address, port)
|
||
return buildLinkWithParams(link, params, s.genRemark(inbound, email, ""))
|
||
}
|
||
|
||
func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string {
|
||
if inbound.Protocol != model.Trojan {
|
||
return ""
|
||
}
|
||
address := s.resolveInboundAddress(inbound)
|
||
stream := unmarshalStreamSettings(inbound.StreamSettings)
|
||
clients, _ := s.inboundService.GetClients(inbound)
|
||
clientIndex := findClientIndex(clients, email)
|
||
password := clients[clientIndex].Password
|
||
port := inbound.Port
|
||
streamNetwork := stream["network"].(string)
|
||
params := make(map[string]string)
|
||
params["type"] = streamNetwork
|
||
|
||
applyShareNetworkParams(stream, streamNetwork, params)
|
||
if finalmask, ok := stream["finalmask"].(map[string]any); ok {
|
||
applyFinalMaskParams(finalmask, params)
|
||
}
|
||
security, _ := stream["security"].(string)
|
||
switch security {
|
||
case "tls":
|
||
applyShareTLSParams(stream, params)
|
||
case "reality":
|
||
applyShareRealityParams(stream, params)
|
||
if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 {
|
||
params["flow"] = clients[clientIndex].Flow
|
||
}
|
||
default:
|
||
params["security"] = "none"
|
||
}
|
||
|
||
externalProxies, _ := stream["externalProxy"].([]any)
|
||
|
||
if len(externalProxies) > 0 {
|
||
return s.buildExternalProxyURLLinks(
|
||
externalProxies,
|
||
params,
|
||
security,
|
||
func(dest string, port int) string {
|
||
return fmt.Sprintf("trojan://%s@%s:%d", password, dest, port)
|
||
},
|
||
func(ep map[string]any) string {
|
||
return s.genRemark(inbound, email, ep["remark"].(string))
|
||
},
|
||
)
|
||
}
|
||
|
||
link := fmt.Sprintf("trojan://%s@%s:%d", password, address, port)
|
||
return buildLinkWithParams(link, params, s.genRemark(inbound, email, ""))
|
||
}
|
||
|
||
func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) string {
|
||
if inbound.Protocol != model.Shadowsocks {
|
||
return ""
|
||
}
|
||
address := s.resolveInboundAddress(inbound)
|
||
stream := unmarshalStreamSettings(inbound.StreamSettings)
|
||
clients, _ := s.inboundService.GetClients(inbound)
|
||
|
||
var settings map[string]any
|
||
json.Unmarshal([]byte(inbound.Settings), &settings)
|
||
inboundPassword := settings["password"].(string)
|
||
method := settings["method"].(string)
|
||
clientIndex := findClientIndex(clients, email)
|
||
streamNetwork := stream["network"].(string)
|
||
params := make(map[string]string)
|
||
params["type"] = streamNetwork
|
||
|
||
applyShareNetworkParams(stream, streamNetwork, params)
|
||
if finalmask, ok := stream["finalmask"].(map[string]any); ok {
|
||
applyFinalMaskParams(finalmask, params)
|
||
}
|
||
|
||
security, _ := stream["security"].(string)
|
||
if security == "tls" {
|
||
applyShareTLSParams(stream, params)
|
||
}
|
||
|
||
encPart := fmt.Sprintf("%s:%s", method, clients[clientIndex].Password)
|
||
if method[0] == '2' {
|
||
encPart = fmt.Sprintf("%s:%s:%s", method, inboundPassword, clients[clientIndex].Password)
|
||
}
|
||
|
||
externalProxies, _ := stream["externalProxy"].([]any)
|
||
|
||
if len(externalProxies) > 0 {
|
||
proxyParams := cloneStringMap(params)
|
||
proxyParams["security"] = security
|
||
return s.buildExternalProxyURLLinks(
|
||
externalProxies,
|
||
proxyParams,
|
||
security,
|
||
func(dest string, port int) string {
|
||
return fmt.Sprintf("ss://%s@%s:%d", base64.StdEncoding.EncodeToString([]byte(encPart)), dest, port)
|
||
},
|
||
func(ep map[string]any) string {
|
||
return s.genRemark(inbound, email, ep["remark"].(string))
|
||
},
|
||
)
|
||
}
|
||
|
||
link := fmt.Sprintf("ss://%s@%s:%d", base64.StdEncoding.EncodeToString([]byte(encPart)), address, inbound.Port)
|
||
return buildLinkWithParams(link, params, s.genRemark(inbound, email, ""))
|
||
}
|
||
|
||
func (s *SubService) genHysteriaLink(inbound *model.Inbound, email string) string {
|
||
if !model.IsHysteria(inbound.Protocol) {
|
||
return ""
|
||
}
|
||
var stream map[string]any
|
||
json.Unmarshal([]byte(inbound.StreamSettings), &stream)
|
||
clients, _ := s.inboundService.GetClients(inbound)
|
||
clientIndex := -1
|
||
for i, client := range clients {
|
||
if client.Email == email {
|
||
clientIndex = i
|
||
break
|
||
}
|
||
}
|
||
auth := clients[clientIndex].Auth
|
||
params := make(map[string]string)
|
||
|
||
params["security"] = "tls"
|
||
tlsSetting, _ := stream["tlsSettings"].(map[string]any)
|
||
alpns, _ := tlsSetting["alpn"].([]any)
|
||
var alpn []string
|
||
for _, a := range alpns {
|
||
alpn = append(alpn, a.(string))
|
||
}
|
||
if len(alpn) > 0 {
|
||
params["alpn"] = strings.Join(alpn, ",")
|
||
}
|
||
if sniValue, ok := searchKey(tlsSetting, "serverName"); ok {
|
||
params["sni"], _ = sniValue.(string)
|
||
}
|
||
|
||
tlsSettings, _ := searchKey(tlsSetting, "settings")
|
||
if tlsSetting != nil {
|
||
if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok {
|
||
params["fp"], _ = fpValue.(string)
|
||
}
|
||
if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok {
|
||
if insecure.(bool) {
|
||
params["insecure"] = "1"
|
||
}
|
||
}
|
||
}
|
||
|
||
// salamander obfs (Hysteria2). The panel-side link generator already
|
||
// emits these; keep the subscription output in sync so a client has
|
||
// the obfs password to match the server.
|
||
if finalmask, ok := stream["finalmask"].(map[string]any); ok {
|
||
applyFinalMaskParams(finalmask, params)
|
||
if udpMasks, ok := finalmask["udp"].([]any); ok {
|
||
for _, m := range udpMasks {
|
||
mask, _ := m.(map[string]any)
|
||
if mask == nil || mask["type"] != "salamander" {
|
||
continue
|
||
}
|
||
settings, _ := mask["settings"].(map[string]any)
|
||
if pw, ok := settings["password"].(string); ok && pw != "" {
|
||
params["obfs"] = "salamander"
|
||
params["obfs-password"] = pw
|
||
break
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
var settings map[string]any
|
||
json.Unmarshal([]byte(inbound.Settings), &settings)
|
||
version, _ := settings["version"].(float64)
|
||
protocol := "hysteria2"
|
||
if int(version) == 1 {
|
||
protocol = "hysteria"
|
||
}
|
||
|
||
// Fan out one link per External Proxy entry if any. Previously this
|
||
// generator ignored `externalProxy` entirely, so the link kept the
|
||
// server's own IP/port even when the admin configured an alternate
|
||
// endpoint (e.g. a CDN hostname + port that forwards to the node).
|
||
// Matches the behaviour of genVlessLink / genTrojanLink / ….
|
||
externalProxies, _ := stream["externalProxy"].([]any)
|
||
if len(externalProxies) > 0 {
|
||
links := make([]string, 0, len(externalProxies))
|
||
for _, externalProxy := range externalProxies {
|
||
ep, ok := externalProxy.(map[string]any)
|
||
if !ok {
|
||
continue
|
||
}
|
||
dest, _ := ep["dest"].(string)
|
||
portF, okPort := ep["port"].(float64)
|
||
if dest == "" || !okPort {
|
||
continue
|
||
}
|
||
epRemark, _ := ep["remark"].(string)
|
||
|
||
link := fmt.Sprintf("%s://%s@%s:%d", protocol, auth, dest, int(portF))
|
||
u, _ := url.Parse(link)
|
||
q := u.Query()
|
||
for k, v := range params {
|
||
q.Add(k, v)
|
||
}
|
||
u.RawQuery = q.Encode()
|
||
u.Fragment = s.genRemark(inbound, email, epRemark)
|
||
links = append(links, u.String())
|
||
}
|
||
return strings.Join(links, "\n")
|
||
}
|
||
|
||
// No external proxy configured — use the inbound's resolved address so
|
||
// node-managed inbounds get the node's host instead of the central panel's.
|
||
link := fmt.Sprintf("%s://%s@%s:%d", protocol, auth, s.resolveInboundAddress(inbound), inbound.Port)
|
||
url, _ := url.Parse(link)
|
||
q := url.Query()
|
||
for k, v := range params {
|
||
q.Add(k, v)
|
||
}
|
||
url.RawQuery = q.Encode()
|
||
url.Fragment = s.genRemark(inbound, email, "")
|
||
return url.String()
|
||
}
|
||
|
||
// loadNodes refreshes nodesByID from the DB. Called once per request so
|
||
// the per-inbound resolveInboundAddress lookups are pure map reads.
|
||
// We filter to address != ” so a half-configured node row doesn't
|
||
// accidentally produce a useless host like "https://:2053".
|
||
func (s *SubService) loadNodes() {
|
||
db := database.GetDB()
|
||
var nodes []*model.Node
|
||
if err := db.Model(&model.Node{}).Where("address != ''").Find(&nodes).Error; err != nil {
|
||
logger.Warning("subscription: load nodes failed:", err)
|
||
s.nodesByID = nil
|
||
return
|
||
}
|
||
m := make(map[int]*model.Node, len(nodes))
|
||
for _, n := range nodes {
|
||
m[n.Id] = n
|
||
}
|
||
s.nodesByID = m
|
||
}
|
||
|
||
// resolveInboundAddress picks the host an external client should
|
||
// connect to. Order:
|
||
// 1. If the inbound is node-managed and the node has an address, use
|
||
// the node's address — central panel's hostname doesn't speak xray
|
||
// for that inbound.
|
||
// 2. If the inbound binds to a non-wildcard listen address, use it.
|
||
// 3. Otherwise fall back to the request's host (whatever the client
|
||
// subscribed against).
|
||
func (s *SubService) resolveInboundAddress(inbound *model.Inbound) string {
|
||
if inbound.NodeID != nil && s.nodesByID != nil {
|
||
if n, ok := s.nodesByID[*inbound.NodeID]; ok && n.Address != "" {
|
||
return n.Address
|
||
}
|
||
}
|
||
if inbound.Listen == "" || inbound.Listen == "0.0.0.0" || inbound.Listen == "::" || inbound.Listen == "::0" {
|
||
return s.address
|
||
}
|
||
return inbound.Listen
|
||
}
|
||
|
||
func findClientIndex(clients []model.Client, email string) int {
|
||
for i, client := range clients {
|
||
if client.Email == email {
|
||
return i
|
||
}
|
||
}
|
||
return -1
|
||
}
|
||
|
||
func unmarshalStreamSettings(streamSettings string) map[string]any {
|
||
var stream map[string]any
|
||
json.Unmarshal([]byte(streamSettings), &stream)
|
||
return stream
|
||
}
|
||
|
||
func applyPathAndHostParams(settings map[string]any, params map[string]string) {
|
||
params["path"] = settings["path"].(string)
|
||
if host, ok := settings["host"].(string); ok && len(host) > 0 {
|
||
params["host"] = host
|
||
} else {
|
||
headers, _ := settings["headers"].(map[string]any)
|
||
params["host"] = searchHost(headers)
|
||
}
|
||
}
|
||
|
||
func applyPathAndHostObj(settings map[string]any, obj map[string]any) {
|
||
obj["path"] = settings["path"].(string)
|
||
if host, ok := settings["host"].(string); ok && len(host) > 0 {
|
||
obj["host"] = host
|
||
} else {
|
||
headers, _ := settings["headers"].(map[string]any)
|
||
obj["host"] = searchHost(headers)
|
||
}
|
||
}
|
||
|
||
func applyShareNetworkParams(stream map[string]any, streamNetwork string, params map[string]string) {
|
||
switch streamNetwork {
|
||
case "tcp":
|
||
tcp, _ := stream["tcpSettings"].(map[string]any)
|
||
header, _ := tcp["header"].(map[string]any)
|
||
typeStr, _ := header["type"].(string)
|
||
if typeStr == "http" {
|
||
request := header["request"].(map[string]any)
|
||
requestPath, _ := request["path"].([]any)
|
||
params["path"] = requestPath[0].(string)
|
||
headers, _ := request["headers"].(map[string]any)
|
||
params["host"] = searchHost(headers)
|
||
params["headerType"] = "http"
|
||
}
|
||
case "kcp":
|
||
applyKcpShareParams(stream, params)
|
||
case "ws":
|
||
ws, _ := stream["wsSettings"].(map[string]any)
|
||
applyPathAndHostParams(ws, params)
|
||
case "grpc":
|
||
grpc, _ := stream["grpcSettings"].(map[string]any)
|
||
params["serviceName"] = grpc["serviceName"].(string)
|
||
params["authority"], _ = grpc["authority"].(string)
|
||
if grpc["multiMode"].(bool) {
|
||
params["mode"] = "multi"
|
||
}
|
||
case "httpupgrade":
|
||
httpupgrade, _ := stream["httpupgradeSettings"].(map[string]any)
|
||
applyPathAndHostParams(httpupgrade, params)
|
||
case "xhttp":
|
||
xhttp, _ := stream["xhttpSettings"].(map[string]any)
|
||
applyXhttpExtraParams(xhttp, params)
|
||
}
|
||
}
|
||
|
||
// applyXhttpExtraObj copies the bidirectional xhttp settings into the
|
||
// VMess base64 JSON link object. VMess supports arbitrary keys, so we
|
||
// flatten the SplitHTTPConfig "extra" fields directly onto obj.
|
||
func applyXhttpExtraObj(xhttp map[string]any, obj map[string]any) {
|
||
if xpb, ok := xhttp["xPaddingBytes"].(string); ok && len(xpb) > 0 {
|
||
obj["x_padding_bytes"] = xpb
|
||
}
|
||
maps.Copy(obj, buildXhttpExtra(xhttp))
|
||
}
|
||
|
||
func applyVmessNetworkParams(stream map[string]any, network string, obj map[string]any) {
|
||
obj["net"] = network
|
||
switch network {
|
||
case "tcp":
|
||
tcp, _ := stream["tcpSettings"].(map[string]any)
|
||
header, _ := tcp["header"].(map[string]any)
|
||
typeStr, _ := header["type"].(string)
|
||
obj["type"] = typeStr
|
||
if typeStr == "http" {
|
||
request := header["request"].(map[string]any)
|
||
requestPath, _ := request["path"].([]any)
|
||
obj["path"] = requestPath[0].(string)
|
||
headers, _ := request["headers"].(map[string]any)
|
||
obj["host"] = searchHost(headers)
|
||
}
|
||
case "kcp":
|
||
applyKcpShareObj(stream, obj)
|
||
case "ws":
|
||
ws, _ := stream["wsSettings"].(map[string]any)
|
||
applyPathAndHostObj(ws, obj)
|
||
case "grpc":
|
||
grpc, _ := stream["grpcSettings"].(map[string]any)
|
||
obj["path"] = grpc["serviceName"].(string)
|
||
obj["authority"] = grpc["authority"].(string)
|
||
if grpc["multiMode"].(bool) {
|
||
obj["type"] = "multi"
|
||
}
|
||
case "httpupgrade":
|
||
httpupgrade, _ := stream["httpupgradeSettings"].(map[string]any)
|
||
applyPathAndHostObj(httpupgrade, obj)
|
||
case "xhttp":
|
||
xhttp, _ := stream["xhttpSettings"].(map[string]any)
|
||
applyPathAndHostObj(xhttp, obj)
|
||
if mode, ok := xhttp["mode"].(string); ok {
|
||
obj["mode"] = mode
|
||
}
|
||
applyXhttpExtraObj(xhttp, obj)
|
||
}
|
||
}
|
||
|
||
func applyShareTLSParams(stream map[string]any, params map[string]string) {
|
||
params["security"] = "tls"
|
||
tlsSetting, _ := stream["tlsSettings"].(map[string]any)
|
||
alpns, _ := tlsSetting["alpn"].([]any)
|
||
var alpn []string
|
||
for _, a := range alpns {
|
||
alpn = append(alpn, a.(string))
|
||
}
|
||
if len(alpn) > 0 {
|
||
params["alpn"] = strings.Join(alpn, ",")
|
||
}
|
||
if sniValue, ok := searchKey(tlsSetting, "serverName"); ok {
|
||
params["sni"], _ = sniValue.(string)
|
||
}
|
||
|
||
tlsSettings, _ := searchKey(tlsSetting, "settings")
|
||
if tlsSetting != nil {
|
||
if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok {
|
||
params["fp"], _ = fpValue.(string)
|
||
}
|
||
}
|
||
}
|
||
|
||
func applyVmessTLSParams(stream map[string]any, obj map[string]any) {
|
||
tlsSetting, _ := stream["tlsSettings"].(map[string]any)
|
||
alpns, _ := tlsSetting["alpn"].([]any)
|
||
if len(alpns) > 0 {
|
||
var alpn []string
|
||
for _, a := range alpns {
|
||
alpn = append(alpn, a.(string))
|
||
}
|
||
obj["alpn"] = strings.Join(alpn, ",")
|
||
}
|
||
if sniValue, ok := searchKey(tlsSetting, "serverName"); ok {
|
||
obj["sni"], _ = sniValue.(string)
|
||
}
|
||
|
||
tlsSettings, _ := searchKey(tlsSetting, "settings")
|
||
if tlsSetting != nil {
|
||
if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok {
|
||
obj["fp"], _ = fpValue.(string)
|
||
}
|
||
}
|
||
}
|
||
|
||
func applyShareRealityParams(stream map[string]any, params map[string]string) {
|
||
params["security"] = "reality"
|
||
realitySetting, _ := stream["realitySettings"].(map[string]any)
|
||
realitySettings, _ := searchKey(realitySetting, "settings")
|
||
if realitySetting != nil {
|
||
if sniValue, ok := searchKey(realitySetting, "serverNames"); ok {
|
||
sNames, _ := sniValue.([]any)
|
||
params["sni"] = sNames[random.Num(len(sNames))].(string)
|
||
}
|
||
if pbkValue, ok := searchKey(realitySettings, "publicKey"); ok {
|
||
params["pbk"], _ = pbkValue.(string)
|
||
}
|
||
if sidValue, ok := searchKey(realitySetting, "shortIds"); ok {
|
||
shortIds, _ := sidValue.([]any)
|
||
params["sid"] = shortIds[random.Num(len(shortIds))].(string)
|
||
}
|
||
if fpValue, ok := searchKey(realitySettings, "fingerprint"); ok {
|
||
if fp, ok := fpValue.(string); ok && len(fp) > 0 {
|
||
params["fp"] = fp
|
||
}
|
||
}
|
||
if pqvValue, ok := searchKey(realitySettings, "mldsa65Verify"); ok {
|
||
if pqv, ok := pqvValue.(string); ok && len(pqv) > 0 {
|
||
params["pqv"] = pqv
|
||
}
|
||
}
|
||
params["spx"] = "/" + random.Seq(15)
|
||
}
|
||
}
|
||
|
||
func buildVmessLink(obj map[string]any) string {
|
||
jsonStr, _ := json.MarshalIndent(obj, "", " ")
|
||
return "vmess://" + base64.StdEncoding.EncodeToString(jsonStr)
|
||
}
|
||
|
||
func cloneVmessShareObj(baseObj map[string]any, newSecurity string) map[string]any {
|
||
newObj := map[string]any{}
|
||
for key, value := range baseObj {
|
||
if !(newSecurity == "none" && (key == "alpn" || key == "sni" || key == "fp")) {
|
||
newObj[key] = value
|
||
}
|
||
}
|
||
return newObj
|
||
}
|
||
|
||
func applyExternalProxyTLSObj(ep map[string]any, obj map[string]any, security string) {
|
||
if security != "tls" {
|
||
return
|
||
}
|
||
if sni, ok := externalProxySNI(ep); ok {
|
||
obj["sni"] = sni
|
||
}
|
||
if fp, ok := ep["fingerprint"].(string); ok && fp != "" {
|
||
obj["fp"] = fp
|
||
}
|
||
if alpn, ok := externalProxyALPN(ep["alpn"]); ok {
|
||
obj["alpn"] = alpn
|
||
}
|
||
}
|
||
|
||
func applyExternalProxyTLSParams(ep map[string]any, params map[string]string, security string) {
|
||
if security != "tls" {
|
||
return
|
||
}
|
||
if sni, ok := externalProxySNI(ep); ok {
|
||
params["sni"] = sni
|
||
}
|
||
if fp, ok := ep["fingerprint"].(string); ok && fp != "" {
|
||
params["fp"] = fp
|
||
}
|
||
if alpn, ok := externalProxyALPN(ep["alpn"]); ok {
|
||
params["alpn"] = alpn
|
||
}
|
||
}
|
||
|
||
// cloneStreamForExternalProxy returns a shallow clone of stream with
|
||
// tlsSettings (and its nested settings map) deep-copied. The external
|
||
// proxy loop mutates tlsSettings per iteration, so without isolating
|
||
// those maps each proxy's SNI/fingerprint/ALPN would leak into the next.
|
||
func cloneStreamForExternalProxy(stream map[string]any) map[string]any {
|
||
out := cloneMap(stream)
|
||
ts, ok := out["tlsSettings"].(map[string]any)
|
||
if !ok || ts == nil {
|
||
return out
|
||
}
|
||
clonedTs := cloneMap(ts)
|
||
if inner, ok := clonedTs["settings"].(map[string]any); ok && inner != nil {
|
||
clonedTs["settings"] = cloneMap(inner)
|
||
}
|
||
out["tlsSettings"] = clonedTs
|
||
return out
|
||
}
|
||
|
||
func applyExternalProxyTLSToStream(ep map[string]any, stream map[string]any, security string) {
|
||
if security != "tls" {
|
||
return
|
||
}
|
||
tlsSettings, _ := stream["tlsSettings"].(map[string]any)
|
||
if tlsSettings == nil {
|
||
tlsSettings = map[string]any{}
|
||
stream["tlsSettings"] = tlsSettings
|
||
}
|
||
if sni, ok := externalProxySNI(ep); ok {
|
||
tlsSettings["serverName"] = sni
|
||
}
|
||
if fp, ok := ep["fingerprint"].(string); ok && fp != "" {
|
||
tlsSettings["fingerprint"] = fp
|
||
settings, _ := tlsSettings["settings"].(map[string]any)
|
||
if settings == nil {
|
||
settings = map[string]any{}
|
||
tlsSettings["settings"] = settings
|
||
}
|
||
settings["fingerprint"] = fp
|
||
}
|
||
if alpn, ok := externalProxyALPNList(ep["alpn"]); ok {
|
||
tlsSettings["alpn"] = alpn
|
||
}
|
||
}
|
||
|
||
func externalProxySNI(ep map[string]any) (string, bool) {
|
||
if sni, ok := ep["sni"].(string); ok && sni != "" {
|
||
return sni, true
|
||
}
|
||
if dest, ok := ep["dest"].(string); ok && dest != "" {
|
||
return dest, true
|
||
}
|
||
return "", false
|
||
}
|
||
|
||
func externalProxyALPN(value any) (string, bool) {
|
||
switch v := value.(type) {
|
||
case string:
|
||
return v, v != ""
|
||
case []string:
|
||
if len(v) == 0 {
|
||
return "", false
|
||
}
|
||
return strings.Join(v, ","), true
|
||
case []any:
|
||
alpn := make([]string, 0, len(v))
|
||
for _, item := range v {
|
||
if s, ok := item.(string); ok && s != "" {
|
||
alpn = append(alpn, s)
|
||
}
|
||
}
|
||
if len(alpn) == 0 {
|
||
return "", false
|
||
}
|
||
return strings.Join(alpn, ","), true
|
||
default:
|
||
return "", false
|
||
}
|
||
}
|
||
|
||
func externalProxyALPNList(value any) ([]any, bool) {
|
||
switch v := value.(type) {
|
||
case string:
|
||
if v == "" {
|
||
return nil, false
|
||
}
|
||
parts := strings.Split(v, ",")
|
||
out := make([]any, 0, len(parts))
|
||
for _, part := range parts {
|
||
if part = strings.TrimSpace(part); part != "" {
|
||
out = append(out, part)
|
||
}
|
||
}
|
||
return out, len(out) > 0
|
||
case []string:
|
||
out := make([]any, 0, len(v))
|
||
for _, item := range v {
|
||
if item != "" {
|
||
out = append(out, item)
|
||
}
|
||
}
|
||
return out, len(out) > 0
|
||
case []any:
|
||
out := make([]any, 0, len(v))
|
||
for _, item := range v {
|
||
if s, ok := item.(string); ok && s != "" {
|
||
out = append(out, s)
|
||
}
|
||
}
|
||
return out, len(out) > 0
|
||
default:
|
||
return nil, false
|
||
}
|
||
}
|
||
|
||
func (s *SubService) buildVmessExternalProxyLinks(externalProxies []any, baseObj map[string]any, inbound *model.Inbound, email string) string {
|
||
var links strings.Builder
|
||
for index, externalProxy := range externalProxies {
|
||
ep, _ := externalProxy.(map[string]any)
|
||
newSecurity, _ := ep["forceTls"].(string)
|
||
securityToApply := baseObj["tls"].(string)
|
||
if newSecurity != "same" {
|
||
securityToApply = newSecurity
|
||
}
|
||
newObj := cloneVmessShareObj(baseObj, newSecurity)
|
||
newObj["ps"] = s.genRemark(inbound, email, ep["remark"].(string))
|
||
newObj["add"] = ep["dest"].(string)
|
||
newObj["port"] = int(ep["port"].(float64))
|
||
|
||
if newSecurity != "same" {
|
||
newObj["tls"] = newSecurity
|
||
}
|
||
applyExternalProxyTLSObj(ep, newObj, securityToApply)
|
||
if index > 0 {
|
||
links.WriteString("\n")
|
||
}
|
||
links.WriteString(buildVmessLink(newObj))
|
||
}
|
||
return links.String()
|
||
}
|
||
|
||
func buildLinkWithParams(link string, params map[string]string, fragment string) string {
|
||
parsedURL, _ := url.Parse(link)
|
||
q := parsedURL.Query()
|
||
for k, v := range params {
|
||
q.Add(k, v)
|
||
}
|
||
parsedURL.RawQuery = q.Encode()
|
||
parsedURL.Fragment = fragment
|
||
return parsedURL.String()
|
||
}
|
||
|
||
func buildLinkWithParamsAndSecurity(link string, params map[string]string, fragment, security string, omitTLSFields bool) string {
|
||
parsedURL, _ := url.Parse(link)
|
||
q := parsedURL.Query()
|
||
for k, v := range params {
|
||
if k == "security" {
|
||
v = security
|
||
}
|
||
if omitTLSFields && (k == "alpn" || k == "sni" || k == "fp") {
|
||
continue
|
||
}
|
||
q.Add(k, v)
|
||
}
|
||
parsedURL.RawQuery = q.Encode()
|
||
parsedURL.Fragment = fragment
|
||
return parsedURL.String()
|
||
}
|
||
|
||
func (s *SubService) buildExternalProxyURLLinks(
|
||
externalProxies []any,
|
||
params map[string]string,
|
||
baseSecurity string,
|
||
makeLink func(dest string, port int) string,
|
||
makeRemark func(ep map[string]any) string,
|
||
) string {
|
||
links := make([]string, 0, len(externalProxies))
|
||
for _, externalProxy := range externalProxies {
|
||
ep, _ := externalProxy.(map[string]any)
|
||
newSecurity, _ := ep["forceTls"].(string)
|
||
dest, _ := ep["dest"].(string)
|
||
port := int(ep["port"].(float64))
|
||
|
||
securityToApply := baseSecurity
|
||
if newSecurity != "same" {
|
||
securityToApply = newSecurity
|
||
}
|
||
|
||
nextParams := cloneStringMap(params)
|
||
applyExternalProxyTLSParams(ep, nextParams, securityToApply)
|
||
|
||
links = append(
|
||
links,
|
||
buildLinkWithParamsAndSecurity(
|
||
makeLink(dest, port),
|
||
nextParams,
|
||
makeRemark(ep),
|
||
securityToApply,
|
||
newSecurity == "none",
|
||
),
|
||
)
|
||
}
|
||
return strings.Join(links, "\n")
|
||
}
|
||
|
||
func cloneStringMap(source map[string]string) map[string]string {
|
||
cloned := make(map[string]string, len(source))
|
||
maps.Copy(cloned, source)
|
||
return cloned
|
||
}
|
||
|
||
func (s *SubService) genRemark(inbound *model.Inbound, email string, extra string) string {
|
||
separationChar := string(s.remarkModel[0])
|
||
orderChars := s.remarkModel[1:]
|
||
orders := map[byte]string{
|
||
'i': "",
|
||
'e': "",
|
||
'o': "",
|
||
}
|
||
if len(email) > 0 && s.emailInRemark {
|
||
orders['e'] = email
|
||
}
|
||
if len(inbound.Remark) > 0 {
|
||
orders['i'] = inbound.Remark
|
||
}
|
||
if len(extra) > 0 {
|
||
orders['o'] = extra
|
||
}
|
||
|
||
var remark []string
|
||
for i := 0; i < len(orderChars); i++ {
|
||
char := orderChars[i]
|
||
order, exists := orders[char]
|
||
if exists && order != "" {
|
||
remark = append(remark, order)
|
||
}
|
||
}
|
||
|
||
if s.showInfo {
|
||
statsExist := false
|
||
var stats xray.ClientTraffic
|
||
for _, clientStat := range inbound.ClientStats {
|
||
if clientStat.Email == email {
|
||
stats = clientStat
|
||
statsExist = true
|
||
break
|
||
}
|
||
}
|
||
|
||
// Get remained days
|
||
if statsExist {
|
||
if !stats.Enable {
|
||
return fmt.Sprintf("⛔️N/A%s%s", separationChar, strings.Join(remark, separationChar))
|
||
}
|
||
if vol := stats.Total - (stats.Up + stats.Down); vol > 0 {
|
||
remark = append(remark, fmt.Sprintf("%s%s", common.FormatTraffic(vol), "📊"))
|
||
}
|
||
now := time.Now().Unix()
|
||
switch exp := stats.ExpiryTime / 1000; {
|
||
case exp > 0:
|
||
remainingSeconds := exp - now
|
||
days := remainingSeconds / 86400
|
||
hours := (remainingSeconds % 86400) / 3600
|
||
minutes := (remainingSeconds % 3600) / 60
|
||
if days > 0 {
|
||
if hours > 0 {
|
||
remark = append(remark, fmt.Sprintf("%dD,%dH⏳", days, hours))
|
||
} else {
|
||
remark = append(remark, fmt.Sprintf("%dD⏳", days))
|
||
}
|
||
} else if hours > 0 {
|
||
remark = append(remark, fmt.Sprintf("%dH⏳", hours))
|
||
} else {
|
||
remark = append(remark, fmt.Sprintf("%dM⏳", minutes))
|
||
}
|
||
case exp < 0:
|
||
days := exp / -86400
|
||
hours := (exp % -86400) / 3600
|
||
minutes := (exp % -3600) / 60
|
||
if days > 0 {
|
||
if hours > 0 {
|
||
remark = append(remark, fmt.Sprintf("%dD,%dH⏳", days, hours))
|
||
} else {
|
||
remark = append(remark, fmt.Sprintf("%dD⏳", days))
|
||
}
|
||
} else if hours > 0 {
|
||
remark = append(remark, fmt.Sprintf("%dH⏳", hours))
|
||
} else {
|
||
remark = append(remark, fmt.Sprintf("%dM⏳", minutes))
|
||
}
|
||
}
|
||
}
|
||
}
|
||
return strings.Join(remark, separationChar)
|
||
}
|
||
|
||
func searchKey(data any, key string) (any, bool) {
|
||
switch val := data.(type) {
|
||
case map[string]any:
|
||
for k, v := range val {
|
||
if k == key {
|
||
return v, true
|
||
}
|
||
if result, ok := searchKey(v, key); ok {
|
||
return result, true
|
||
}
|
||
}
|
||
case []any:
|
||
for _, v := range val {
|
||
if result, ok := searchKey(v, key); ok {
|
||
return result, true
|
||
}
|
||
}
|
||
}
|
||
return nil, false
|
||
}
|
||
|
||
// buildXhttpExtra walks an xhttpSettings map and returns the JSON blob
|
||
// that goes into the URL's `extra` param (or, for VMess, the link
|
||
// object). Carries ONLY the bidirectional fields from xray-core's
|
||
// SplitHTTPConfig — i.e. the ones the server enforces and the client
|
||
// must match. Strictly one-sided fields are excluded:
|
||
//
|
||
// - server-only (noSSEHeader, scMaxBufferedPosts, scStreamUpServerSecs,
|
||
// serverMaxHeaderBytes) — client wouldn't read them, so emitting
|
||
// them just bloats the URL.
|
||
// - client-only values are included only when present in the inbound
|
||
// JSON. Some deployments/imported configs carry them there, and the
|
||
// subscription link is the only place clients can receive them.
|
||
//
|
||
// Truthy-only guards keep default inbounds emitting the same compact URL
|
||
// they did before this helper grew.
|
||
func buildXhttpExtra(xhttp map[string]any) map[string]any {
|
||
if xhttp == nil {
|
||
return nil
|
||
}
|
||
extra := map[string]any{}
|
||
|
||
if xpb, ok := xhttp["xPaddingBytes"].(string); ok && len(xpb) > 0 {
|
||
extra["xPaddingBytes"] = xpb
|
||
}
|
||
if obfs, ok := xhttp["xPaddingObfsMode"].(bool); ok && obfs {
|
||
extra["xPaddingObfsMode"] = true
|
||
for _, field := range []string{"xPaddingKey", "xPaddingHeader", "xPaddingPlacement", "xPaddingMethod"} {
|
||
if v, ok := xhttp[field].(string); ok && len(v) > 0 {
|
||
extra[field] = v
|
||
}
|
||
}
|
||
}
|
||
|
||
stringFields := []string{
|
||
"uplinkHTTPMethod",
|
||
"sessionPlacement", "sessionKey",
|
||
"seqPlacement", "seqKey",
|
||
"uplinkDataPlacement", "uplinkDataKey",
|
||
"scMaxEachPostBytes", "scMinPostsIntervalMs",
|
||
}
|
||
for _, field := range stringFields {
|
||
if v, ok := xhttp[field].(string); ok && len(v) > 0 {
|
||
extra[field] = v
|
||
}
|
||
}
|
||
|
||
for _, field := range []string{"uplinkChunkSize"} {
|
||
if v, ok := nonZeroShareValue(xhttp[field]); ok {
|
||
extra[field] = v
|
||
}
|
||
}
|
||
|
||
for _, field := range []string{"noGRPCHeader"} {
|
||
if v, ok := xhttp[field].(bool); ok && v {
|
||
extra[field] = v
|
||
}
|
||
}
|
||
|
||
for _, field := range []string{"xmux", "downloadSettings"} {
|
||
if v, ok := nonEmptyShareObject(xhttp[field]); ok {
|
||
extra[field] = v
|
||
}
|
||
}
|
||
|
||
// Headers — emitted as the {name: value} map upstream's struct
|
||
// expects. The server runtime ignores this field, but the client
|
||
// (consuming the share link) honors it. Drop any "host" entry —
|
||
// host already wins as a top-level URL param.
|
||
if rawHeaders, ok := xhttp["headers"].(map[string]any); ok && len(rawHeaders) > 0 {
|
||
out := map[string]any{}
|
||
for k, v := range rawHeaders {
|
||
if strings.EqualFold(k, "host") {
|
||
continue
|
||
}
|
||
out[k] = v
|
||
}
|
||
if len(out) > 0 {
|
||
extra["headers"] = out
|
||
}
|
||
}
|
||
|
||
if len(extra) == 0 {
|
||
return nil
|
||
}
|
||
return extra
|
||
}
|
||
|
||
func nonZeroShareValue(v any) (any, bool) {
|
||
switch value := v.(type) {
|
||
case string:
|
||
return value, value != ""
|
||
case int:
|
||
return value, value != 0
|
||
case int32:
|
||
return value, value != 0
|
||
case int64:
|
||
return value, value != 0
|
||
case float32:
|
||
return value, value != 0
|
||
case float64:
|
||
return value, value != 0
|
||
default:
|
||
return nil, false
|
||
}
|
||
}
|
||
|
||
func nonEmptyShareObject(v any) (any, bool) {
|
||
switch value := v.(type) {
|
||
case map[string]any:
|
||
return value, len(value) > 0
|
||
case map[string]string:
|
||
return value, len(value) > 0
|
||
case []any:
|
||
return value, len(value) > 0
|
||
default:
|
||
return nil, false
|
||
}
|
||
}
|
||
|
||
// applyXhttpExtraParams emits the full xhttp config into the URL query
|
||
// params of a vless:// / trojan:// / ss:// link. Sets path/host/mode at
|
||
// top level (xray's Build() always lets these win over `extra`) and packs
|
||
// everything else into a JSON `extra` param. Also writes the flat
|
||
// `x_padding_bytes` param sing-box-family clients understand.
|
||
//
|
||
// Without this, the admin's custom xPaddingBytes / sessionKey / etc. never
|
||
// reach the client and handshakes are silently rejected with
|
||
// `invalid padding (...) length: 0` — the client-visible symptom is
|
||
// "xhttp doesn't connect" on OpenWRT / sing-box.
|
||
//
|
||
// Two encodings are written so every popular client can read at least one:
|
||
//
|
||
// - x_padding_bytes=<range> — flat param, understood by sing-box and its
|
||
// derivatives (Podkop, OpenWRT sing-box, Karing, NekoBox, …).
|
||
// - extra=<url-encoded-json> — full xhttp settings blob, which is how
|
||
// xray-core clients (v2rayNG, Happ, Furious, Exclave, …) pick up the
|
||
// bidirectional fields beyond path/host/mode.
|
||
func applyXhttpExtraParams(xhttp map[string]any, params map[string]string) {
|
||
if xhttp == nil {
|
||
return
|
||
}
|
||
applyPathAndHostParams(xhttp, params)
|
||
if mode, ok := xhttp["mode"].(string); ok {
|
||
params["mode"] = mode
|
||
}
|
||
|
||
if xpb, ok := xhttp["xPaddingBytes"].(string); ok && len(xpb) > 0 {
|
||
params["x_padding_bytes"] = xpb
|
||
}
|
||
|
||
extra := buildXhttpExtra(xhttp)
|
||
if extra != nil {
|
||
if b, err := json.Marshal(extra); err == nil {
|
||
params["extra"] = string(b)
|
||
}
|
||
}
|
||
}
|
||
|
||
var kcpMaskToHeaderType = map[string]string{
|
||
"header-dns": "dns",
|
||
"header-dtls": "dtls",
|
||
"header-srtp": "srtp",
|
||
"header-utp": "utp",
|
||
"header-wechat": "wechat-video",
|
||
"header-wireguard": "wireguard",
|
||
}
|
||
|
||
var validFinalMaskUDPTypes = map[string]struct{}{
|
||
"salamander": {},
|
||
"mkcp-aes128gcm": {},
|
||
"header-dns": {},
|
||
"header-dtls": {},
|
||
"header-srtp": {},
|
||
"header-utp": {},
|
||
"header-wechat": {},
|
||
"header-wireguard": {},
|
||
"mkcp-original": {},
|
||
"xdns": {},
|
||
"xicmp": {},
|
||
"noise": {},
|
||
"header-custom": {},
|
||
}
|
||
|
||
var validFinalMaskTCPTypes = map[string]struct{}{
|
||
"header-custom": {},
|
||
"fragment": {},
|
||
"sudoku": {},
|
||
}
|
||
|
||
// applyKcpShareParams reconstructs legacy KCP share-link fields from either
|
||
// the historical kcpSettings.header/seed shape or the current finalmask model.
|
||
// This keeps subscription output compatible while avoiding panics when older
|
||
// keys are absent from modern inbounds.
|
||
func applyKcpShareParams(stream map[string]any, params map[string]string) {
|
||
extractKcpShareFields(stream).applyToParams(params)
|
||
}
|
||
|
||
func applyKcpShareObj(stream map[string]any, obj map[string]any) {
|
||
extractKcpShareFields(stream).applyToObj(obj)
|
||
}
|
||
|
||
type kcpShareFields struct {
|
||
headerType string
|
||
seed string
|
||
mtu int
|
||
tti int
|
||
}
|
||
|
||
func (f kcpShareFields) applyToParams(params map[string]string) {
|
||
if f.headerType != "" && f.headerType != "none" {
|
||
params["headerType"] = f.headerType
|
||
}
|
||
setStringParam(params, "seed", f.seed)
|
||
setIntParam(params, "mtu", f.mtu)
|
||
setIntParam(params, "tti", f.tti)
|
||
}
|
||
|
||
func (f kcpShareFields) applyToObj(obj map[string]any) {
|
||
if f.headerType != "" && f.headerType != "none" {
|
||
obj["type"] = f.headerType
|
||
}
|
||
setStringField(obj, "path", f.seed)
|
||
setIntField(obj, "mtu", f.mtu)
|
||
setIntField(obj, "tti", f.tti)
|
||
}
|
||
|
||
func extractKcpShareFields(stream map[string]any) kcpShareFields {
|
||
fields := kcpShareFields{headerType: "none"}
|
||
|
||
if kcp, ok := stream["kcpSettings"].(map[string]any); ok {
|
||
if header, ok := kcp["header"].(map[string]any); ok {
|
||
if value, ok := header["type"].(string); ok && value != "" {
|
||
fields.headerType = value
|
||
}
|
||
}
|
||
if value, ok := kcp["seed"].(string); ok && value != "" {
|
||
fields.seed = value
|
||
}
|
||
if value, ok := readPositiveInt(kcp["mtu"]); ok {
|
||
fields.mtu = value
|
||
}
|
||
if value, ok := readPositiveInt(kcp["tti"]); ok {
|
||
fields.tti = value
|
||
}
|
||
}
|
||
|
||
for _, rawMask := range normalizedFinalMaskUDPMasks(stream["finalmask"]) {
|
||
mask, _ := rawMask.(map[string]any)
|
||
if mask == nil {
|
||
continue
|
||
}
|
||
maskType, _ := mask["type"].(string)
|
||
if mapped, ok := kcpMaskToHeaderType[maskType]; ok {
|
||
fields.headerType = mapped
|
||
continue
|
||
}
|
||
|
||
switch maskType {
|
||
case "mkcp-original":
|
||
fields.seed = ""
|
||
case "mkcp-aes128gcm":
|
||
fields.seed = ""
|
||
settings, _ := mask["settings"].(map[string]any)
|
||
if value, ok := settings["password"].(string); ok && value != "" {
|
||
fields.seed = value
|
||
}
|
||
}
|
||
}
|
||
|
||
return fields
|
||
}
|
||
|
||
func readPositiveInt(value any) (int, bool) {
|
||
switch number := value.(type) {
|
||
case int:
|
||
return number, number > 0
|
||
case int32:
|
||
return int(number), number > 0
|
||
case int64:
|
||
return int(number), number > 0
|
||
case float32:
|
||
parsed := int(number)
|
||
return parsed, parsed > 0
|
||
case float64:
|
||
parsed := int(number)
|
||
return parsed, parsed > 0
|
||
default:
|
||
return 0, false
|
||
}
|
||
}
|
||
|
||
func setStringParam(params map[string]string, key, value string) {
|
||
if value == "" {
|
||
delete(params, key)
|
||
return
|
||
}
|
||
params[key] = value
|
||
}
|
||
|
||
func setIntParam(params map[string]string, key string, value int) {
|
||
if value <= 0 {
|
||
delete(params, key)
|
||
return
|
||
}
|
||
params[key] = fmt.Sprintf("%d", value)
|
||
}
|
||
|
||
func setStringField(obj map[string]any, key, value string) {
|
||
if value == "" {
|
||
delete(obj, key)
|
||
return
|
||
}
|
||
obj[key] = value
|
||
}
|
||
|
||
func setIntField(obj map[string]any, key string, value int) {
|
||
if value <= 0 {
|
||
delete(obj, key)
|
||
return
|
||
}
|
||
obj[key] = value
|
||
}
|
||
|
||
// applyFinalMaskParams exports the finalmask payload as the compact
|
||
// `fm=<json>` share-link field used by v2rayN-compatible clients.
|
||
func applyFinalMaskParams(finalmask map[string]any, params map[string]string) {
|
||
if fm, ok := marshalFinalMask(finalmask); ok {
|
||
params["fm"] = fm
|
||
}
|
||
}
|
||
|
||
func applyFinalMaskObj(finalmask map[string]any, obj map[string]any) {
|
||
if fm, ok := marshalFinalMask(finalmask); ok {
|
||
obj["fm"] = fm
|
||
}
|
||
}
|
||
|
||
func marshalFinalMask(finalmask map[string]any) (string, bool) {
|
||
normalized := normalizeFinalMask(finalmask)
|
||
if !hasFinalMaskContent(normalized) {
|
||
return "", false
|
||
}
|
||
b, err := json.Marshal(normalized)
|
||
if err != nil || len(b) == 0 || string(b) == "null" {
|
||
return "", false
|
||
}
|
||
return string(b), true
|
||
}
|
||
|
||
func normalizeFinalMask(finalmask map[string]any) map[string]any {
|
||
tcpMasks := normalizedFinalMaskTCPMasks(finalmask)
|
||
udpMasks := normalizedFinalMaskUDPMasks(finalmask)
|
||
quicParams, hasQuicParams := finalmask["quicParams"].(map[string]any)
|
||
|
||
if len(tcpMasks) == 0 && len(udpMasks) == 0 && !hasQuicParams {
|
||
return nil
|
||
}
|
||
|
||
result := map[string]any{}
|
||
if len(tcpMasks) > 0 {
|
||
result["tcp"] = tcpMasks
|
||
}
|
||
if len(udpMasks) > 0 {
|
||
result["udp"] = udpMasks
|
||
}
|
||
if hasQuicParams && len(quicParams) > 0 {
|
||
result["quicParams"] = quicParams
|
||
}
|
||
return result
|
||
}
|
||
|
||
func normalizedFinalMaskTCPMasks(value any) []any {
|
||
finalmask, _ := value.(map[string]any)
|
||
if finalmask == nil {
|
||
return nil
|
||
}
|
||
rawMasks, _ := finalmask["tcp"].([]any)
|
||
if len(rawMasks) == 0 {
|
||
return nil
|
||
}
|
||
|
||
normalized := make([]any, 0, len(rawMasks))
|
||
for _, rawMask := range rawMasks {
|
||
mask, _ := rawMask.(map[string]any)
|
||
if mask == nil {
|
||
continue
|
||
}
|
||
maskType, _ := mask["type"].(string)
|
||
if _, ok := validFinalMaskTCPTypes[maskType]; !ok || maskType == "" {
|
||
continue
|
||
}
|
||
|
||
normalizedMask := map[string]any{"type": maskType}
|
||
if settings, ok := mask["settings"].(map[string]any); ok && len(settings) > 0 {
|
||
normalizedMask["settings"] = settings
|
||
}
|
||
normalized = append(normalized, normalizedMask)
|
||
}
|
||
|
||
if len(normalized) == 0 {
|
||
return nil
|
||
}
|
||
return normalized
|
||
}
|
||
|
||
func normalizedFinalMaskUDPMasks(value any) []any {
|
||
finalmask, _ := value.(map[string]any)
|
||
if finalmask == nil {
|
||
return nil
|
||
}
|
||
rawMasks, _ := finalmask["udp"].([]any)
|
||
if len(rawMasks) == 0 {
|
||
return nil
|
||
}
|
||
|
||
normalized := make([]any, 0, len(rawMasks))
|
||
for _, rawMask := range rawMasks {
|
||
mask, _ := rawMask.(map[string]any)
|
||
if mask == nil {
|
||
continue
|
||
}
|
||
maskType, _ := mask["type"].(string)
|
||
if _, ok := validFinalMaskUDPTypes[maskType]; !ok || maskType == "" {
|
||
continue
|
||
}
|
||
|
||
normalizedMask := map[string]any{"type": maskType}
|
||
if settings, ok := mask["settings"].(map[string]any); ok && len(settings) > 0 {
|
||
normalizedMask["settings"] = settings
|
||
}
|
||
normalized = append(normalized, normalizedMask)
|
||
}
|
||
|
||
if len(normalized) == 0 {
|
||
return nil
|
||
}
|
||
return normalized
|
||
}
|
||
|
||
func hasFinalMaskContent(value any) bool {
|
||
switch v := value.(type) {
|
||
case nil:
|
||
return false
|
||
case string:
|
||
return len(v) > 0
|
||
case map[string]any:
|
||
for _, item := range v {
|
||
if hasFinalMaskContent(item) {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
case []any:
|
||
return slices.ContainsFunc(v, hasFinalMaskContent)
|
||
default:
|
||
return true
|
||
}
|
||
}
|
||
|
||
func searchHost(headers any) string {
|
||
data, _ := headers.(map[string]any)
|
||
for k, v := range data {
|
||
if strings.EqualFold(k, "host") {
|
||
switch v.(type) {
|
||
case []any:
|
||
hosts, _ := v.([]any)
|
||
if len(hosts) > 0 {
|
||
return hosts[0].(string)
|
||
} else {
|
||
return ""
|
||
}
|
||
case any:
|
||
return v.(string)
|
||
}
|
||
}
|
||
}
|
||
|
||
return ""
|
||
}
|
||
|
||
// PageData is a view model for subpage.html
|
||
// PageData contains data for rendering the subscription information page.
|
||
type PageData struct {
|
||
Host string
|
||
BasePath string
|
||
SId string
|
||
Enabled bool
|
||
Download string
|
||
Upload string
|
||
Total string
|
||
Used string
|
||
Remained string
|
||
Expire int64
|
||
LastOnline int64
|
||
Datepicker string
|
||
DownloadByte int64
|
||
UploadByte int64
|
||
TotalByte int64
|
||
SubUrl string
|
||
SubJsonUrl string
|
||
SubClashUrl string
|
||
SubTitle string
|
||
SubSupportUrl string
|
||
Result []string
|
||
}
|
||
|
||
// ResolveRequest extracts scheme and host info from request/headers consistently.
|
||
// ResolveRequest extracts scheme, host, and header information from an HTTP request.
|
||
func (s *SubService) ResolveRequest(c *gin.Context) (scheme string, host string, hostWithPort string, hostHeader string) {
|
||
// scheme
|
||
scheme = "http"
|
||
if c.Request.TLS != nil || strings.EqualFold(c.GetHeader("X-Forwarded-Proto"), "https") {
|
||
scheme = "https"
|
||
}
|
||
|
||
// base host (no port)
|
||
if h, err := getHostFromXFH(c.GetHeader("X-Forwarded-Host")); err == nil && h != "" {
|
||
host = h
|
||
}
|
||
if host == "" {
|
||
host = c.GetHeader("X-Real-IP")
|
||
}
|
||
if host == "" {
|
||
var err error
|
||
host, _, err = net.SplitHostPort(c.Request.Host)
|
||
if err != nil {
|
||
host = c.Request.Host
|
||
}
|
||
}
|
||
|
||
// host:port for URLs
|
||
hostWithPort = c.GetHeader("X-Forwarded-Host")
|
||
if hostWithPort == "" {
|
||
hostWithPort = c.Request.Host
|
||
}
|
||
if hostWithPort == "" {
|
||
hostWithPort = host
|
||
}
|
||
|
||
// header display host
|
||
hostHeader = c.GetHeader("X-Forwarded-Host")
|
||
if hostHeader == "" {
|
||
hostHeader = c.GetHeader("X-Real-IP")
|
||
}
|
||
if hostHeader == "" {
|
||
hostHeader = host
|
||
}
|
||
return
|
||
}
|
||
|
||
// BuildURLs constructs absolute subscription and JSON subscription URLs for a given subscription ID.
|
||
// It prioritizes configured URIs, then individual settings, and finally falls back to request-derived components.
|
||
func (s *SubService) BuildURLs(scheme, hostWithPort, subPath, subJsonPath, subClashPath, subId string) (subURL, subJsonURL, subClashURL string) {
|
||
if subId == "" {
|
||
return "", "", ""
|
||
}
|
||
|
||
configuredSubURI, _ := s.settingService.GetSubURI()
|
||
configuredSubJsonURI, _ := s.settingService.GetSubJsonURI()
|
||
configuredSubClashURI, _ := s.settingService.GetSubClashURI()
|
||
|
||
var baseScheme, baseHostWithPort string
|
||
if configuredSubURI == "" || configuredSubJsonURI == "" || configuredSubClashURI == "" {
|
||
baseScheme, baseHostWithPort = s.getBaseSchemeAndHost(scheme, hostWithPort)
|
||
}
|
||
|
||
subURL = s.buildSingleURL(configuredSubURI, baseScheme, baseHostWithPort, subPath, subId)
|
||
subJsonURL = s.buildSingleURL(configuredSubJsonURI, baseScheme, baseHostWithPort, subJsonPath, subId)
|
||
subClashURL = s.buildSingleURL(configuredSubClashURI, baseScheme, baseHostWithPort, subClashPath, subId)
|
||
|
||
return subURL, subJsonURL, subClashURL
|
||
}
|
||
|
||
// getBaseSchemeAndHost determines the base scheme and host from settings or falls back to request values
|
||
func (s *SubService) getBaseSchemeAndHost(requestScheme, requestHostWithPort string) (string, string) {
|
||
subDomain, err := s.settingService.GetSubDomain()
|
||
if err != nil || subDomain == "" {
|
||
return requestScheme, requestHostWithPort
|
||
}
|
||
|
||
// Get port and TLS settings
|
||
subPort, _ := s.settingService.GetSubPort()
|
||
subKeyFile, _ := s.settingService.GetSubKeyFile()
|
||
subCertFile, _ := s.settingService.GetSubCertFile()
|
||
|
||
// Determine scheme from TLS configuration
|
||
scheme := "http"
|
||
if subKeyFile != "" && subCertFile != "" {
|
||
scheme = "https"
|
||
}
|
||
|
||
// Build host:port, always include port for clarity
|
||
hostWithPort := fmt.Sprintf("%s:%d", subDomain, subPort)
|
||
|
||
return scheme, hostWithPort
|
||
}
|
||
|
||
// buildSingleURL constructs a single URL using configured URI or base components
|
||
func (s *SubService) buildSingleURL(configuredURI, baseScheme, baseHostWithPort, basePath, subId string) string {
|
||
if configuredURI != "" {
|
||
return s.joinPathWithID(configuredURI, subId)
|
||
}
|
||
|
||
baseURL := fmt.Sprintf("%s://%s", baseScheme, baseHostWithPort)
|
||
return s.joinPathWithID(baseURL+basePath, subId)
|
||
}
|
||
|
||
// joinPathWithID safely joins a base path with a subscription ID
|
||
func (s *SubService) joinPathWithID(basePath, subId string) string {
|
||
if strings.HasSuffix(basePath, "/") {
|
||
return basePath + subId
|
||
}
|
||
return basePath + "/" + subId
|
||
}
|
||
|
||
// BuildPageData parses header and prepares the template view model.
|
||
// BuildPageData constructs page data for rendering the subscription information page.
|
||
func (s *SubService) BuildPageData(subId string, hostHeader string, traffic xray.ClientTraffic, lastOnline int64, subs []string, subURL, subJsonURL, subClashURL string, basePath string, subTitle string, subSupportUrl string) PageData {
|
||
download := common.FormatTraffic(traffic.Down)
|
||
upload := common.FormatTraffic(traffic.Up)
|
||
total := "∞"
|
||
used := common.FormatTraffic(traffic.Up + traffic.Down)
|
||
remained := ""
|
||
if traffic.Total > 0 {
|
||
total = common.FormatTraffic(traffic.Total)
|
||
left := max(traffic.Total-(traffic.Up+traffic.Down), 0)
|
||
remained = common.FormatTraffic(left)
|
||
}
|
||
|
||
datepicker := s.datepicker
|
||
if datepicker == "" {
|
||
datepicker = "gregorian"
|
||
}
|
||
|
||
return PageData{
|
||
Host: hostHeader,
|
||
BasePath: basePath,
|
||
SId: subId,
|
||
Enabled: traffic.Enable,
|
||
Download: download,
|
||
Upload: upload,
|
||
Total: total,
|
||
Used: used,
|
||
Remained: remained,
|
||
Expire: traffic.ExpiryTime / 1000,
|
||
LastOnline: lastOnline,
|
||
Datepicker: datepicker,
|
||
DownloadByte: traffic.Down,
|
||
UploadByte: traffic.Up,
|
||
TotalByte: traffic.Total,
|
||
SubUrl: subURL,
|
||
SubJsonUrl: subJsonURL,
|
||
SubClashUrl: subClashURL,
|
||
SubTitle: subTitle,
|
||
SubSupportUrl: subSupportUrl,
|
||
Result: subs,
|
||
}
|
||
}
|
||
|
||
func getHostFromXFH(s string) (string, error) {
|
||
if strings.Contains(s, ":") {
|
||
realHost, _, err := net.SplitHostPort(s)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
return realHost, nil
|
||
}
|
||
return s, nil
|
||
}
|