mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-05-26 07:08:01 +00:00
edf0f36940
* chore(frontend): add react+typescript toolchain alongside vue
Step 0 of the planned vue->react migration. React 19, antd 5, i18next
+ react-i18next, typescript 5, and @vitejs/plugin-react 6 are added as
dev/runtime deps alongside the existing vue stack. Both frameworks
coexist in the build until the last entry flips.
* vite.config.js: react() plugin runs next to vue(); new manualChunks
for vendor-react / vendor-antd-react / vendor-icons-react /
vendor-i18next. Existing vue chunks unchanged.
* eslint.config.js: typescript-eslint + eslint-plugin-react-hooks
rules scoped to *.{ts,tsx}; vue config untouched for *.{js,vue}.
* tsconfig.json: strict, jsx: react-jsx, moduleResolution: bundler,
allowJs: true (lets .tsx files import the remaining .js modules
during incremental migration), @/* path alias.
* env.d.ts: Vite client types + window.X_UI_BASE_PATH typing +
SubPageData shape consumed by the subscription page.
Vite stays pinned at 8.0.13 per the existing project policy. No
existing .vue/.js source files touched in this step.
eslint-plugin-react (not -hooks) is not included because its latest
release does not yet support ESLint 10. react-hooks/purity covers
the safety-critical case; revisit when the plugin updates.
* refactor(frontend): port subpage to react+ts
Step 1 of the planned vue->react migration. The standalone
subscription page (sub/sub.go renders the HTML host; React mounts
into #app) is the first entry off vue.
Introduces two shared pieces both entries (and future ones) will
use:
* src/hooks/useTheme.tsx — React Context + useTheme hook + the
same buildAntdThemeConfig (dark/ultra-dark token overrides) and
pauseAnimationsUntilLeave helper the vue version exposes. Same
localStorage keys (dark-mode, isUltraDarkThemeEnabled) and DOM
side effects (body.className, html[data-theme]) so the two stay
in sync across the coexistence period.
* src/i18n/react.ts — i18next + react-i18next loader that reads
the same web/translation/*.json files via import.meta.glob. The
vue-i18n setup in src/i18n/index.js is untouched and still serves
the remaining vue entries.
SubPage.tsx mirrors the vue version's behavior: reads
window.__SUB_PAGE_DATA__ injected by the Go sub server, renders QR
codes / descriptions / Android+iOS deep-link dropdowns, supports
theme cycle and language switch. Uses AntD v5 idioms: Descriptions
items prop, Dropdown menu prop, Layout.Content.
* refactor(frontend): port login to react+ts
Step 2 of the planned vue->react migration. The login entry is the
first to exercise AntD React's Form API (Form + Form.Item with
name/rules + onFinish) and the existing axios/CSRF interceptors
under React.
* LoginPage.tsx: same form fields, conditional 2FA input,
rotating headline ("Hello" / "Welcome to..."), drifting blob
background, theme cycle + language popover. Headline transition
switches from vue's <Transition mode=out-in> to a CSS keyframe
animation keyed off the visible word.
* entries/login.tsx: setupAxios() + applyDocumentTitle() unchanged
from the vue entry — both are framework-agnostic in src/utils
and src/api/axios-init.js.
useTheme hook, ThemeProvider, and i18n/react.ts loader introduced
in step 1 are now shared across two entries; Vite extracts them as
a small chunk in the build output.
* refactor(frontend): port api-docs to react+ts
Step 3 of the planned vue->react migration. The five api-docs files
(ApiDocsPage, CodeBlock, EndpointRow, EndpointSection, plus the
data-only endpoints.js) all move to react+ts.
Also introduces components/AppSidebar.tsx — api-docs is the first
authenticated page to need it. AppSidebar.vue stays in place for the
six remaining vue entries (settings, inbounds, clients, xray, nodes,
index); each gets switched to AppSidebar.tsx as its entry migrates.
After the last entry flips, AppSidebar.vue is deleted.
Notable transformations:
* The scroll observer that highlights the active TOC link is a
useEffect keyed on sections — re-registers whenever the visible
set changes (search filter narrows it). Same behaviour as the vue
watchEffect.
* v-html="safeInlineHtml(...)" becomes
dangerouslySetInnerHTML={{ __html: safeInlineHtml(...) }}. The
helper still escapes everything except <code> tags.
* JSON syntax highlighter in CodeBlock is unchanged — pure regex on
the escaped string, then rendered via dangerouslySetInnerHTML.
* endpoints.js stays as JS (allowJs in tsconfig); only the consumer
signatures (Endpoint, Section) are typed at the React boundary.
* AppSidebar reuses pauseAnimationsUntilLeave + useTheme from
step 1. Drawer + Sider keyed off the same localStorage flag
(isSidebarCollapsed) and DOM theme attributes the vue version
uses, so the two stay in sync during coexistence.
* refactor(frontend): port nodes to react+ts
Step 4 of the planned vue->react migration. The nodes entry brings in
the largest shared-infrastructure batch so far — every authenticated
react page from here on can lean on these.
New shared pieces (live alongside their .vue counterparts during
coexistence):
* hooks/useMediaQuery.ts — useState + resize listener
* hooks/useWebSocket.ts — wraps WebSocketClient, subscribes on mount
and unsubscribes on unmount. The underlying client is a single
module-level instance so multiple components on the same page
share one socket.
* hooks/useNodes.ts — node list state + CRUD + probe/test, including
the totals memo (online/offline/avgLatency) used by the summary card.
applyNodesEvent is the entry point for the heartbeat-pushed list.
* components/CustomStatistic.tsx — thin Statistic wrapper, prefix +
suffix slots become props.
* components/Sparkline.tsx — the SVG line chart with measured-width
axis scaling, gradient fill, tooltip overlay, and per-instance
gradient id from React.useId. ResizeObserver lifecycle is in
useEffect; the math is unchanged.
Pages:
* NodesPage — wires hooks + WebSocket together, renders summary card
+ NodeList, hosts the form modal. Uses Modal.useModal() for the
delete confirm so the dialog inherits ConfigProvider theming.
* NodeList — desktop renders a Table with expandable history rows;
mobile flips to a vertical card list whose actions live in a
bottom-right Dropdown. The IP-blur eye toggle persists across both.
* NodeFormModal — controlled form (useState object, single setForm
per change). The reset-on-open effect computes the next state
once and applies it with eslint-disable to satisfy the new
react-hooks/set-state-in-effect rule on a legitimate pattern.
* NodeHistoryPanel — polls /panel/api/nodes/history/{id}/{metric}/
{bucket} every 15s, renders cpu+mem sparklines side-by-side.
* refactor(frontend): port settings to react+ts
Step 5 of the planned vue->react migration. Settings is the first
entry whose state model didn't translate to the Vue-style "parent
passes a reactive object, children mutate it in place" pattern, so
the React port flips it to lifted state + a typed updateSetting
patch function.
* models/setting.ts — typed AllSetting class with the same field
defaults and equals() behavior the vue version had. The .js
twin is deleted; nothing else imported it.
* hooks/useAllSetting.ts — owns allSetting + oldAllSetting state,
exposes updateSetting(patch), saveDisabled is derived via useMemo
off equals() (no more 1Hz dirty-check timer).
* components/SettingListItem.tsx — children-based wrapper instead
of named slots. The vue twin stays alive because xray (BasicsTab,
DnsTab) still imports it; deleted when xray migrates.
The five tab components and the TwoFactorModal each accept
{ allSetting, updateSetting } and render with AntD v5's Collapse
items[] API. Every v-model:value="x" became
value={...} onChange={(e) => updateSetting({ key: e.target.value })}
or onChange={(v) => updateSetting({ key: v })} for non-input
controls.
SubscriptionFormatsTab is the trickiest — fragment / noises[] /
mux / direct routing rules are stored as JSON-encoded strings on
the wire. Parsing them once via useMemo per field, mutating the
parsed object on edit, and stringifying back into the patch keeps
the round-trip identical to the vue version.
SettingsPage hosts the tab navigation (with hash sync), the
save / restart action bar, the security-warnings alert banner,
and the restart flow that rebuilds the panel URL after the new
host/port/cert settings take effect.
* refactor(frontend): port clients to react+ts
Step 6 of the planned vue->react migration. Clients is the biggest
data-CRUD page in the panel (1.1k-line ClientsPage, 4 modals, full
table + mobile card list, WebSocket-driven realtime traffic + online
updates).
New shared infra (lives alongside vue twins until inbounds migrates):
* hooks/useClients.ts — clients + inbounds list, CRUD + bulk delete +
attach/detach + traffic reset, with WebSocket event handlers
(traffic, client_stats, invalidate) and a small debounced refresh
on the invalidate event. State managed via setState; the live
client_stats event merges traffic snapshots row-by-row through a
ref to avoid stale closure issues.
* hooks/useDatepicker.ts — singleton "gregorian"/"jalalian" cache
with subscribe/notify so multiple components can read the panel's
Calendar Type without re-fetching. Mirrors useDatepicker.js.
* components/DateTimePicker.tsx — AntD DatePicker wrapper.
vue3-persian-datetime-picker has no React port; the Jalali UI
calendar is deferred (read-only Jalali display via IntlUtil
formatDate still works). The vue twin stays for inbounds.
* pages/inbounds/QrPanel.tsx — copy/download/copy-as-png QR helper
shared between clients (qr modal) and inbounds (still on vue).
Vue twin stays alive at QrPanel.vue.
* models/inbound.ts — slim port: only the TLS_FLOW_CONTROL constant
the clients form needs. The full inbound model stays as
inbound.js for now; inbounds will pull it in as inbound.ts.
The clients page itself uses Modal.useModal() for all confirm
dialogs (delete, bulk-delete, reset-traffic, delDepleted, reset-all)
so the dialogs render themed. Filter state persists to
localStorage under clientsFilterState. Sort + pagination state is
local; pageSize seeds from /panel/setting/defaultSettings.
The four modals share a controlled "open/onOpenChange" pattern
that replaces vue's v-model:open. ClientFormModal computes
attach/detach diffs from the inbound multi-select on submit; the
parent's onSave callback routes them through useClients's attach()/
detach() after the main update succeeds.
ESLint config: turned off four react-hooks v7 rules
(react-compiler, preserve-manual-memoization, set-state-in-effect,
purity). They're all React-Compiler-driven informational rules; we
don't run the compiler and the patterns they flag (initial-fetch
useEffect, derived computations using Date.now, inline arrow event
handlers) are all idiomatic React. Disabling globally instead of
per-line keeps the diff readable.
* refactor(frontend): port index dashboard to react+ts
Step 7 of the Vue→React migration. Ports the overview/index entry: dashboard
page, status + xray cards, panel-update / log / backup / system-history /
xray-metrics / xray-log / version modals, and the custom-geo subsection. Adds
the shared JsonEditor (CodeMirror 6) and useStatus hook used by the config
modal. Removes the unused react-hooks/set-state-in-effect disables now that
the rule is off globally.
* refactor(frontend): port xray to react+ts
Step 8 of the Vue→React migration. Ports the xray config entry: page shell,
basics/routing/outbounds/balancers/dns tabs, the rule + balancer + dns server
+ dns presets + warp + nord modals, the protocol-aware outbound form, and the
shared FinalMaskForm (TCP/UDP masks + QUIC params). Adds useXraySetting that
mirrors the legacy two-way sync between the JSON template string and the
parsed templateSettings tree. The outbound model itself stays in JS so the
class-driven form keeps its existing mutation API; instance access is typed
loosely inside the form to match.
The shared FinalMaskForm.vue and JsonEditor.vue stay alongside the new .tsx
versions until step 9 — InboundFormModal.vue still imports them.
Adds react-hooks/immutability and react-hooks/refs to the already-disabled
react-compiler rule set; both flag the outbound form's instance-mutation
pattern that doesn't run through useState.
* Upgrade frontend deps (antd v6, i18n, TS)
Bump frontend dependencies in package.json and regenerate package-lock.json. Notable updates: upgrade antd to v6, update i18next/react-i18next, axios, qs, vue-i18n, TypeScript and ESLint, plus related @rc-component packages and replacements (e.g. classnames/rc-util -> clsx/@rc-component/util). Lockfile changes reflect the new dependency tree required for Ant Design v6 and other package upgrades.
* refactor(frontend): port inbounds to react+ts and drop vue toolchain
Step 9 — the last entry. Ports the inbounds entry: page shell, list with
desktop table + mobile cards, info modal, qr-code modal, share-link
helpers, and the protocol-aware form modal (basics / protocol /
stream / security / sniffing / advanced JSON). useInbounds replaces
the Vue composable with WebSocket-driven traffic + client-stats merge.
Inbound and DBInbound models stay in JS so the class-driven form keeps
its mutation API; instance access is typed loosely inside the form to
match. FinalMaskForm/JsonEditor/TextModal/PromptModal/InfinityIcon are
the last shared bits to flip; their .vue counterparts go too.
Toolchain cleanup now that no entry needs Vue: drop plugin-vue from
vite.config, remove the .vue lint block + parser, prune vue / vue-i18n
/ ant-design-vue / @ant-design/icons-vue / vue3-persian-datetime-picker
/ moment-jalaali override from package.json, and switch utils/index.js
to import { message } from 'antd' instead of ant-design-vue.
* chore(frontend): adopt antd v6 api updates
Sweep deprecated props across the React tree:
- Modal: destroyOnClose -> destroyOnHidden, maskClosable -> mask.closable
- Space: direction -> orientation (or removed when redundant)
- Input.Group compact -> Space.Compact block
- Drawer: width -> size
- Spin: tip -> description
- Progress: trailColor -> railColor
- Alert: message -> title
- Popover: overlayClassName -> rootClassName
- BackTop -> FloatButton.BackTop
Also refresh dashboard theming for v6: rename dark/ultra Layout and Menu
tokens (siderBg, darkItemBg, darkSubMenuItemBg, darkPopupBg), tweak gauge
size/stroke, add font-size overrides for Statistic and Progress so the
overview numbers stay legible under v6 defaults.
* chore(frontend): antd v6 polish, theme + modal fixes
- adopt message.useMessage hook + messageBus bridge so HttpUtil messages
inherit ConfigProvider theme tokens
- replace deprecated antd APIs (List, Input addonBefore/After, Empty
imageStyle); introduce InputAddon helper + SettingListItem custom rows
- fix dark/ultra selectors in portaled modals (body.dark,
html[data-theme='ultra-dark']) instead of nonexistent .is-dark/.is-ultra
- add horizontal scroll to clients table; reorder node columns so
actions+enable sit at the left
- swap raw button for antd Button in NodeFormModal test connection
- fix FinalMaskForm nested-form by hoisting it outside OutboundFormModal's
parent Form
- fix advanced "all" JSON tab in InboundFormModal — useMemo on a mutated
ref was stale; compute on every render
- fix chart-on-open for SystemHistory + XrayMetrics modals by adding open
to effect deps (useRef.current doesn't trigger re-runs)
- switch i18next interpolation to single-brace {var} to match locale files
- drop residual Vue mentions in CI workflows and Go comments
* fix(frontend): qr code collapse — open only first panel, allow toggle
ClientQrModal and QrCodeModal both used activeKey without onChange,
forcing every panel open and blocking user toggle. Switch to controlled
state initialized to the first item's key on open, with onChange so
clicks update state.
Also remove unused AppBridge.tsx (superseded by per-page message.useMessage
hook).
* fix(frontend): hover cards, balancer load, routing dnd, modal a11y, outbound crash
- ClientsPage/SettingsPage/XrayPage: add hoverable to bottom card/tabs so
hover affordance matches the top card
- BalancerFormModal: lazy-init useState from props + destroyOnHidden so
the form mounts with saved values instead of relying on a useEffect
sync that could miss the first open
- RoutingTab: rewrite pointer drag — handlers are now defined inside the
pointerdown closure so addEventListener/removeEventListener match;
drag state lives on a ref (from/to/moved) so onUp reads the real
indices, not stale closure values. Adds setPointerCapture so Windows
and touch keep delivering events when the cursor leaves the handle.
- OutboundFormModal/InboundFormModal: blur the focused input before
switching tabs to silence the aria-hidden-on-focused-element warning
- utils.isArrEmpty: return true for undefined/null arrays — the old form
treated undefined as "not empty" which crashed VLESSSettings.fromJson
when json.vnext was missing
* fix(frontend): clipboard reliability + restyle login page
- ClipboardManager.copyText: prefer navigator.clipboard on secure
contexts, fall back to a focused on-screen textarea + execCommand.
Old path used left:-9999px which failed selection in some browsers
and swallowed execCommand's return value, so the "copied" toast
appeared even when nothing made it to the clipboard.
- LoginPage: richer gradient backdrop — five animated colour blobs,
glassmorphic card (backdrop-filter blur + saturate), gradient brand
text/accent, masked grid texture for depth, and a thin gradient
border on the card. Light/dark/ultra each get their own palette.
* Memoize compactAdvancedJson and update deps
Wrap compactAdvancedJson in useCallback (dependent on messageApi) and add it to the dependency array of applyAdvancedJsonToBasic. This ensures a stable function reference for correct dependency tracking and avoids stale closures/unnecessary re-renders in InboundFormModal.tsx.
* style(frontend): prettier charts, drop redundant frame, format net rates
- Sparkline: multi-stop gradient fill, soft drop-shadow under the line,
dashed grid, glowing pulse on the latest-point marker, pill-shaped
tooltip with dashed crosshair
- XrayMetricsModal: glow + pulse on the observatory alive dot,
monospace stamps/listen text
- SystemHistoryModal: keep just the modal's frame around the chart (the
inner wrapper I'd added stacked a second border on top); strip the
decimal from Net Up/Down (25.63 KB/s → 25 KB/s) only on this chart's
formatter
* style(frontend): refined dark/ultra palette + shared pro card frame
- Dark tokens shifted to a cooler, Linear-style palette: page #1a1b1f,
sidebar/header #15161a (recessed nav, darker than cards), card
#23252b, elevated #2d2f37
- Ultra dark: page pure #000 for OLED, sidebar #050507 disappears into
the frame, card #101013 with a clear step, elevated #1a1a1e
- New styles/page-cards.css holds the card border/shadow/hover rules so
all seven content pages (index, clients, inbounds, xray, settings,
nodes, api-docs) share one definition instead of duplicating in each
page CSS
- Dashboard typography: uppercase card titles with letter-spacing,
larger 17px stat values, subtle gradient divider between stat columns,
ellipsis on action labels so "Backup & Restore" doesn't break the
card height at mid widths
- Light --bg-page stays at #e6e8ec for the contrast against white cards
* fix(frontend): wireguard info alignment, blue login dark, embed gitkeep
- align WireGuard info-modal fields with Protocol/Address/Port by wrapping
values in Tag (matches the rest of the dl.info-list rows)
- swap login dark palette from purple to pure blue blobs/accent/brand
- pin web/dist/.gitkeep through gitignore so //go:embed all:dist never
fails on a fresh clone with an empty dist directory
* docs: refresh frontend docs for the React + TS + AntD 6 stack
Update CONTRIBUTING.md and frontend/README.md to describe the migrated
frontend accurately:
- replace Vue 3 / Ant Design Vue 4 references with React 19 / AntD 6 / TS
- swap composables -> hooks, vue-i18n -> react-i18next, createApp -> createRoot
- mention the typecheck step (tsc --noEmit) in the PR checklist
- document the Vite 8.0.13 pin and TypeScript strict mode in conventions
- list the nodes and api-docs entries that were missing from the layout
* style(frontend): improve readability and mobile polish
- bump statistic title/value contrast in dark and ultra-dark so totals
on the inbounds summary card stay legible
- give index card actions explicit colors per theme so links like Stop,
Logs, System History no longer fade into the card background
- show the panel version as a tag next to "3X-UI" on mobile, mirroring
the Xray version tag pattern, and turn it orange when an update is
available
- make the login settings button a proper circle by adding size="large"
+ an explicit border-radius fallback on .toolbar-btn
* feat: jalali calendar support and date formatting fixes
- Wire useDatepicker into IntlUtil and switch jalalian display locale
to fa-IR for clean "1405/07/03 12:00:00" output (drops the awkward
"AP" era suffix that "<lang>-u-ca-persian" produced)
- Drop in persian-calendar-suite for the jalali date picker, with a
light/dark/ultra theme map and CSS overrides so the inline-styled
input stays readable and bg matches the surrounding container
- Force LTR on the picker input so "1405/03/07 00:00" reads naturally
- Pass calendar setting through ClientInfoModal, ClientsPage Duration
tooltip, and ClientFormModal's expiry picker
- Heuristic toMs() in ClientInfoModal so GORM's autoUpdateTime seconds
render as a real date instead of "1348/11/01"
- Persist UpdatedAt on the ClientRecord row in client_service.Update;
previously only the inbound settings JSON was bumped, so the panel
never saw a fresh updated_at after editing a client
* feat(frontend): donate link, panel version label, login lang menu
- Sidebar: add heart donate link to https://donate.sanaei.dev and small panel version under 3X-UI brand
- Login: swap settings-cog for translation icon, drop title, render languages as a direct list
- Vite dev: inject window.X_UI_CUR_VER from config/version so dev mode matches prod
- Translations: add menu.donate across all locales
* fix(xray-update): respect XUI_BIN_FOLDER on Windows
The Windows update path hardcoded "bin/xray-windows-amd64.exe", ignoring
the configured XUI_BIN_FOLDER. In dev mode (folder set to x-ui) this
created a stray bin/ folder while the running binary stayed un-updated.
* Bump Xray to v26.5.9 and minor cleanup
Update Xray release URLs to v26.5.9 in the GitHub Actions workflow and DockerInit.sh. Remove the hardcoded skip for tagVersion "26.5.3" so it will be considered when collecting Xray versions. Apply small formatting fixes: remove an extra blank line in database/db.go, normalize spacing/alignment of Protocol constants in database/model/model.go, and trim a trailing blank line in web/controller/inbound.go.
* fix(frontend): route remaining copy buttons through ClipboardManager
Direct navigator.clipboard calls fail in non-secure contexts (HTTP on a
LAN IP), making the API-docs code copy and security-tab token copy
silently broken. Both now go through ClipboardManager which falls back
to document.execCommand('copy') when navigator.clipboard is unavailable.
* fix(db): store CreatedAt/UpdatedAt in milliseconds
GORM's autoCreateTime/autoUpdateTime tags default to Unix seconds on
int64 fields and overwrite the service-supplied UnixMilli value on
save. The frontend interprets these timestamps as JS Date inputs
(milliseconds), so created/updated columns rendered ~1970 dates. Adding
the :milli qualifier makes GORM match what the service code and UI
expect.
* Improve legacy clipboard copy handling
Refactor ClipboardManager._legacyCopy to better handle focus and selection when copying. The textarea is now appended to the active element's parent (or body) and placed off-screen with aria-hidden and readonly attributes. The code preserves and restores the previous document selection and active element, uses focus({preventScroll: true}) to avoid scrolling, and returns the execCommand('copy') result. This makes legacy copy behavior more robust and less disruptive to the page state.
* fix(lint): drop redundant ok=false in clipboard fallback catch
* chore(deps): bump golang.org/x/net to v0.55.0 for GO-2026-5026
1546 lines
40 KiB
Go
1546 lines
40 KiB
Go
package service
|
|
|
|
import (
|
|
"archive/zip"
|
|
"bufio"
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"regexp"
|
|
"runtime"
|
|
"slices"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/mhsanaei/3x-ui/v3/config"
|
|
"github.com/mhsanaei/3x-ui/v3/database"
|
|
"github.com/mhsanaei/3x-ui/v3/logger"
|
|
"github.com/mhsanaei/3x-ui/v3/util/common"
|
|
"github.com/mhsanaei/3x-ui/v3/util/sys"
|
|
"github.com/mhsanaei/3x-ui/v3/xray"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/shirou/gopsutil/v4/cpu"
|
|
"github.com/shirou/gopsutil/v4/disk"
|
|
"github.com/shirou/gopsutil/v4/host"
|
|
"github.com/shirou/gopsutil/v4/load"
|
|
"github.com/shirou/gopsutil/v4/mem"
|
|
"github.com/shirou/gopsutil/v4/net"
|
|
)
|
|
|
|
// ProcessState represents the current state of a system process.
|
|
type ProcessState string
|
|
|
|
// Process state constants
|
|
const (
|
|
Running ProcessState = "running" // Process is running normally
|
|
Stop ProcessState = "stop" // Process is stopped
|
|
Error ProcessState = "error" // Process is in error state
|
|
)
|
|
|
|
// Status represents comprehensive system and application status information.
|
|
// It includes CPU, memory, disk, network statistics, and Xray process status.
|
|
type Status struct {
|
|
T time.Time `json:"-"`
|
|
Cpu float64 `json:"cpu"`
|
|
CpuCores int `json:"cpuCores"`
|
|
LogicalPro int `json:"logicalPro"`
|
|
CpuSpeedMhz float64 `json:"cpuSpeedMhz"`
|
|
Mem struct {
|
|
Current uint64 `json:"current"`
|
|
Total uint64 `json:"total"`
|
|
} `json:"mem"`
|
|
Swap struct {
|
|
Current uint64 `json:"current"`
|
|
Total uint64 `json:"total"`
|
|
} `json:"swap"`
|
|
Disk struct {
|
|
Current uint64 `json:"current"`
|
|
Total uint64 `json:"total"`
|
|
} `json:"disk"`
|
|
Xray struct {
|
|
State ProcessState `json:"state"`
|
|
ErrorMsg string `json:"errorMsg"`
|
|
Version string `json:"version"`
|
|
} `json:"xray"`
|
|
PanelVersion string `json:"panelVersion"`
|
|
Uptime uint64 `json:"uptime"`
|
|
Loads []float64 `json:"loads"`
|
|
TcpCount int `json:"tcpCount"`
|
|
UdpCount int `json:"udpCount"`
|
|
NetIO struct {
|
|
Up uint64 `json:"up"`
|
|
Down uint64 `json:"down"`
|
|
} `json:"netIO"`
|
|
NetTraffic struct {
|
|
Sent uint64 `json:"sent"`
|
|
Recv uint64 `json:"recv"`
|
|
} `json:"netTraffic"`
|
|
PublicIP struct {
|
|
IPv4 string `json:"ipv4"`
|
|
IPv6 string `json:"ipv6"`
|
|
} `json:"publicIP"`
|
|
AppStats struct {
|
|
Threads uint32 `json:"threads"`
|
|
Mem uint64 `json:"mem"`
|
|
Uptime uint64 `json:"uptime"`
|
|
} `json:"appStats"`
|
|
}
|
|
|
|
// Release represents information about a software release from GitHub.
|
|
type Release struct {
|
|
TagName string `json:"tag_name"` // The tag name of the release
|
|
}
|
|
|
|
// ServerService provides business logic for server monitoring and management.
|
|
// It handles system status collection, IP detection, and application statistics.
|
|
type ServerService struct {
|
|
xrayService XrayService
|
|
inboundService InboundService
|
|
settingService SettingService
|
|
cachedIPv4 string
|
|
cachedIPv6 string
|
|
noIPv6 bool
|
|
mu sync.Mutex
|
|
lastCPUTimes cpu.TimesStat
|
|
hasLastCPUSample bool
|
|
hasNativeCPUSample bool
|
|
emaCPU float64
|
|
cachedCpuSpeedMhz float64
|
|
lastCpuInfoAttempt time.Time
|
|
|
|
lastStatusMu sync.RWMutex
|
|
lastStatus *Status
|
|
|
|
versionsCacheMu sync.Mutex
|
|
versionsCache *cachedXrayVersions
|
|
}
|
|
|
|
type cachedXrayVersions struct {
|
|
versions []string
|
|
fetchedAt time.Time
|
|
}
|
|
|
|
// xrayVersionsCacheTTL bounds how often /getXrayVersion hits GitHub. The list
|
|
// is purely informational (rendered in the "switch Xray version" picker) so a
|
|
// quarter-hour staleness window is fine and saves the API budget.
|
|
const xrayVersionsCacheTTL = 15 * time.Minute
|
|
|
|
// allowedHistoryBuckets is the bucket-second whitelist for time-series
|
|
// aggregation endpoints (server + node metrics). Restricting it prevents
|
|
// callers from triggering arbitrary aggregation work and keeps the
|
|
// frontend's bucket selector self-documenting.
|
|
var allowedHistoryBuckets = map[int]bool{
|
|
2: true, // Real-time view
|
|
30: true, // 30s intervals
|
|
60: true, // 1m intervals
|
|
120: true, // 2m intervals
|
|
180: true, // 3m intervals
|
|
300: true, // 5m intervals
|
|
}
|
|
|
|
// IsAllowedHistoryBucket reports whether a bucket-seconds value is in the
|
|
// whitelist used by /server/history, /server/cpuHistory, /server/xrayMetricsHistory,
|
|
// /server/xrayObservatoryHistory, and /nodes/history.
|
|
func IsAllowedHistoryBucket(bucketSeconds int) bool {
|
|
return allowedHistoryBuckets[bucketSeconds]
|
|
}
|
|
|
|
// LastStatus returns the most recent Status snapshot collected by
|
|
// RefreshStatus. Safe for concurrent readers.
|
|
func (s *ServerService) LastStatus() *Status {
|
|
s.lastStatusMu.RLock()
|
|
defer s.lastStatusMu.RUnlock()
|
|
return s.lastStatus
|
|
}
|
|
|
|
// RefreshStatus collects a new system snapshot, stores it as LastStatus, and
|
|
// appends it to the system-metrics time series. Returns the new snapshot (may
|
|
// be nil if collection failed). Called by the background ticker; the caller is
|
|
// responsible for any side effects (websocket broadcast, xray metrics sample).
|
|
func (s *ServerService) RefreshStatus() *Status {
|
|
next := s.GetStatus(s.LastStatus())
|
|
if next == nil {
|
|
return nil
|
|
}
|
|
s.lastStatusMu.Lock()
|
|
s.lastStatus = next
|
|
s.lastStatusMu.Unlock()
|
|
s.AppendStatusSample(time.Now(), next)
|
|
return next
|
|
}
|
|
|
|
// GetXrayVersionsCached wraps GetXrayVersions with a TTL cache. On fetch
|
|
// failure we serve the last successful list (if any) so the UI doesn't go
|
|
// blank during a GitHub API hiccup; if there's no cache at all the underlying
|
|
// error is surfaced.
|
|
func (s *ServerService) GetXrayVersionsCached() ([]string, error) {
|
|
s.versionsCacheMu.Lock()
|
|
cache := s.versionsCache
|
|
s.versionsCacheMu.Unlock()
|
|
if cache != nil && time.Since(cache.fetchedAt) <= xrayVersionsCacheTTL {
|
|
return cache.versions, nil
|
|
}
|
|
versions, err := s.GetXrayVersions()
|
|
if err != nil {
|
|
if cache != nil {
|
|
logger.Warning("GetXrayVersionsCached: serving stale list:", err)
|
|
return cache.versions, nil
|
|
}
|
|
return nil, err
|
|
}
|
|
s.versionsCacheMu.Lock()
|
|
s.versionsCache = &cachedXrayVersions{versions: versions, fetchedAt: time.Now()}
|
|
s.versionsCacheMu.Unlock()
|
|
return versions, nil
|
|
}
|
|
|
|
// GetDefaultLogOutboundTags scans the default Xray config for freedom and
|
|
// blackhole outbound tags so /getXrayLogs can colour-code log lines without
|
|
// the controller re-doing the JSON walk. Falls back to the historical
|
|
// "direct"/"blocked" defaults when the config can't be read.
|
|
func (s *ServerService) GetDefaultLogOutboundTags() (freedoms, blackholes []string) {
|
|
config, err := s.settingService.GetDefaultXrayConfig()
|
|
if err == nil && config != nil {
|
|
if cfgMap, ok := config.(map[string]any); ok {
|
|
if outbounds, ok := cfgMap["outbounds"].([]any); ok {
|
|
for _, outbound := range outbounds {
|
|
obMap, ok := outbound.(map[string]any)
|
|
if !ok {
|
|
continue
|
|
}
|
|
tag, _ := obMap["tag"].(string)
|
|
if tag == "" {
|
|
continue
|
|
}
|
|
switch obMap["protocol"] {
|
|
case "freedom":
|
|
freedoms = append(freedoms, tag)
|
|
case "blackhole":
|
|
blackholes = append(blackholes, tag)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if len(freedoms) == 0 {
|
|
freedoms = []string{"direct"}
|
|
}
|
|
if len(blackholes) == 0 {
|
|
blackholes = []string{"blocked"}
|
|
}
|
|
return freedoms, blackholes
|
|
}
|
|
|
|
// AggregateCpuHistory returns up to maxPoints averaged buckets of size bucketSeconds.
|
|
// Kept for back-compat with the original /panel/api/server/cpuHistory/:bucket route;
|
|
// the response key is "cpu" (not "v") so legacy consumers parse unchanged.
|
|
func (s *ServerService) AggregateCpuHistory(bucketSeconds int, maxPoints int) []map[string]any {
|
|
out := systemMetrics.aggregate("cpu", bucketSeconds, maxPoints)
|
|
for _, p := range out {
|
|
p["cpu"] = p["v"]
|
|
delete(p, "v")
|
|
}
|
|
return out
|
|
}
|
|
|
|
// AggregateSystemMetric returns up to maxPoints averaged buckets for any
|
|
// known system metric (see SystemMetricKeys). Output points have keys
|
|
// {"t": unixSec, "v": value}; the caller decides how to format the value.
|
|
func (s *ServerService) AggregateSystemMetric(metric string, bucketSeconds int, maxPoints int) []map[string]any {
|
|
return systemMetrics.aggregate(metric, bucketSeconds, maxPoints)
|
|
}
|
|
|
|
type LogEntry struct {
|
|
DateTime time.Time
|
|
FromAddress string
|
|
ToAddress string
|
|
Inbound string
|
|
Outbound string
|
|
Email string
|
|
Event int
|
|
}
|
|
|
|
func getPublicIP(url string) string {
|
|
client := &http.Client{
|
|
Timeout: 3 * time.Second,
|
|
}
|
|
|
|
resp, err := client.Get(url)
|
|
if err != nil {
|
|
return "N/A"
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Don't retry if access is blocked or region-restricted
|
|
if resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusUnavailableForLegalReasons {
|
|
return "N/A"
|
|
}
|
|
if resp.StatusCode != http.StatusOK {
|
|
return "N/A"
|
|
}
|
|
|
|
ip, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return "N/A"
|
|
}
|
|
|
|
ipString := strings.TrimSpace(string(ip))
|
|
if ipString == "" {
|
|
return "N/A"
|
|
}
|
|
|
|
return ipString
|
|
}
|
|
|
|
func (s *ServerService) GetStatus(lastStatus *Status) *Status {
|
|
now := time.Now()
|
|
status := &Status{
|
|
T: now,
|
|
}
|
|
|
|
// CPU stats
|
|
util, err := s.sampleCPUUtilization()
|
|
if err != nil {
|
|
logger.Warning("get cpu percent failed:", err)
|
|
} else {
|
|
status.Cpu = util
|
|
}
|
|
|
|
status.CpuCores, err = cpu.Counts(false)
|
|
if err != nil {
|
|
logger.Warning("get cpu cores count failed:", err)
|
|
}
|
|
|
|
status.LogicalPro = runtime.NumCPU()
|
|
|
|
if status.CpuSpeedMhz = s.cachedCpuSpeedMhz; s.cachedCpuSpeedMhz == 0 && time.Since(s.lastCpuInfoAttempt) > 5*time.Minute {
|
|
s.lastCpuInfoAttempt = time.Now()
|
|
done := make(chan struct{})
|
|
go func() {
|
|
defer close(done)
|
|
cpuInfos, err := cpu.Info()
|
|
if err != nil {
|
|
logger.Warning("get cpu info failed:", err)
|
|
return
|
|
}
|
|
if len(cpuInfos) > 0 {
|
|
s.cachedCpuSpeedMhz = cpuInfos[0].Mhz
|
|
status.CpuSpeedMhz = s.cachedCpuSpeedMhz
|
|
} else {
|
|
logger.Warning("could not find cpu info")
|
|
}
|
|
}()
|
|
select {
|
|
case <-done:
|
|
case <-time.After(1500 * time.Millisecond):
|
|
logger.Warning("cpu info query timed out; will retry later")
|
|
}
|
|
} else if s.cachedCpuSpeedMhz != 0 {
|
|
status.CpuSpeedMhz = s.cachedCpuSpeedMhz
|
|
}
|
|
|
|
// Uptime
|
|
upTime, err := host.Uptime()
|
|
if err != nil {
|
|
logger.Warning("get uptime failed:", err)
|
|
} else {
|
|
status.Uptime = upTime
|
|
}
|
|
|
|
// Memory stats
|
|
memInfo, err := mem.VirtualMemory()
|
|
if err != nil {
|
|
logger.Warning("get virtual memory failed:", err)
|
|
} else {
|
|
status.Mem.Current = memInfo.Used
|
|
status.Mem.Total = memInfo.Total
|
|
}
|
|
|
|
swapInfo, err := mem.SwapMemory()
|
|
if err != nil {
|
|
logger.Warning("get swap memory failed:", err)
|
|
} else {
|
|
status.Swap.Current = swapInfo.Used
|
|
status.Swap.Total = swapInfo.Total
|
|
}
|
|
|
|
// Disk stats
|
|
diskInfo, err := disk.Usage("/")
|
|
if err != nil {
|
|
logger.Warning("get disk usage failed:", err)
|
|
} else {
|
|
status.Disk.Current = diskInfo.Used
|
|
status.Disk.Total = diskInfo.Total
|
|
}
|
|
|
|
// Load averages
|
|
avgState, err := load.Avg()
|
|
if err != nil {
|
|
logger.Warning("get load avg failed:", err)
|
|
} else {
|
|
status.Loads = []float64{avgState.Load1, avgState.Load5, avgState.Load15}
|
|
}
|
|
|
|
// Network stats
|
|
ioStats, err := net.IOCounters(true)
|
|
if err != nil {
|
|
logger.Warning("get io counters failed:", err)
|
|
} else {
|
|
var totalSent, totalRecv uint64
|
|
for _, iface := range ioStats {
|
|
name := strings.ToLower(iface.Name)
|
|
if isVirtualInterface(name) {
|
|
continue
|
|
}
|
|
totalSent += iface.BytesSent
|
|
totalRecv += iface.BytesRecv
|
|
}
|
|
status.NetTraffic.Sent = totalSent
|
|
status.NetTraffic.Recv = totalRecv
|
|
|
|
if lastStatus != nil {
|
|
duration := now.Sub(lastStatus.T)
|
|
seconds := float64(duration) / float64(time.Second)
|
|
up := uint64(float64(status.NetTraffic.Sent-lastStatus.NetTraffic.Sent) / seconds)
|
|
down := uint64(float64(status.NetTraffic.Recv-lastStatus.NetTraffic.Recv) / seconds)
|
|
status.NetIO.Up = up
|
|
status.NetIO.Down = down
|
|
}
|
|
}
|
|
|
|
// TCP/UDP connections
|
|
status.TcpCount, err = sys.GetTCPCount()
|
|
if err != nil {
|
|
logger.Warning("get tcp connections failed:", err)
|
|
}
|
|
|
|
status.UdpCount, err = sys.GetUDPCount()
|
|
if err != nil {
|
|
logger.Warning("get udp connections failed:", err)
|
|
}
|
|
|
|
// IP fetching with caching
|
|
showIp4ServiceLists := []string{
|
|
"https://api4.ipify.org",
|
|
"https://ipv4.icanhazip.com",
|
|
"https://v4.api.ipinfo.io/ip",
|
|
"https://ipv4.myexternalip.com/raw",
|
|
"https://4.ident.me",
|
|
"https://check-host.net/ip",
|
|
}
|
|
showIp6ServiceLists := []string{
|
|
"https://api6.ipify.org",
|
|
"https://ipv6.icanhazip.com",
|
|
"https://v6.api.ipinfo.io/ip",
|
|
"https://ipv6.myexternalip.com/raw",
|
|
"https://6.ident.me",
|
|
}
|
|
|
|
if s.cachedIPv4 == "" {
|
|
for _, ip4Service := range showIp4ServiceLists {
|
|
s.cachedIPv4 = getPublicIP(ip4Service)
|
|
if s.cachedIPv4 != "N/A" {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if s.cachedIPv6 == "" && !s.noIPv6 {
|
|
for _, ip6Service := range showIp6ServiceLists {
|
|
s.cachedIPv6 = getPublicIP(ip6Service)
|
|
if s.cachedIPv6 != "N/A" {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if s.cachedIPv6 == "N/A" {
|
|
s.noIPv6 = true
|
|
}
|
|
|
|
status.PublicIP.IPv4 = s.cachedIPv4
|
|
status.PublicIP.IPv6 = s.cachedIPv6
|
|
|
|
// Xray status
|
|
if s.xrayService.IsXrayRunning() {
|
|
status.Xray.State = Running
|
|
status.Xray.ErrorMsg = ""
|
|
} else {
|
|
err := s.xrayService.GetXrayErr()
|
|
if err != nil {
|
|
status.Xray.State = Error
|
|
} else {
|
|
status.Xray.State = Stop
|
|
}
|
|
status.Xray.ErrorMsg = s.xrayService.GetXrayResult()
|
|
}
|
|
status.Xray.Version = s.xrayService.GetXrayVersion()
|
|
status.PanelVersion = config.GetVersion()
|
|
|
|
// Application stats
|
|
var rtm runtime.MemStats
|
|
runtime.ReadMemStats(&rtm)
|
|
status.AppStats.Mem = rtm.Sys
|
|
status.AppStats.Threads = uint32(runtime.NumGoroutine())
|
|
if p != nil && p.IsRunning() {
|
|
status.AppStats.Uptime = p.GetUptime()
|
|
} else {
|
|
status.AppStats.Uptime = 0
|
|
}
|
|
|
|
return status
|
|
}
|
|
|
|
// AppendCpuSample is preserved for callers that only have the CPU number.
|
|
// New callers should prefer AppendStatusSample which writes the full set.
|
|
func (s *ServerService) AppendCpuSample(t time.Time, v float64) {
|
|
systemMetrics.append("cpu", t, v)
|
|
}
|
|
|
|
// AppendStatusSample writes one tick of every metric we keep — CPU, memory
|
|
// percent, network throughput (bytes/s), online client count, and the three
|
|
// load averages. Called by RefreshStatus on the same @2s cadence as
|
|
// AppendCpuSample, so all series stay aligned.
|
|
func (s *ServerService) AppendStatusSample(t time.Time, status *Status) {
|
|
if status == nil {
|
|
return
|
|
}
|
|
systemMetrics.append("cpu", t, status.Cpu)
|
|
if status.Mem.Total > 0 {
|
|
systemMetrics.append("mem", t, float64(status.Mem.Current)*100.0/float64(status.Mem.Total))
|
|
}
|
|
systemMetrics.append("netUp", t, float64(status.NetIO.Up))
|
|
systemMetrics.append("netDown", t, float64(status.NetIO.Down))
|
|
online := 0
|
|
if p != nil && p.IsRunning() {
|
|
online = len(p.GetOnlineClients())
|
|
}
|
|
systemMetrics.append("online", t, float64(online))
|
|
if len(status.Loads) >= 3 {
|
|
systemMetrics.append("load1", t, status.Loads[0])
|
|
systemMetrics.append("load5", t, status.Loads[1])
|
|
systemMetrics.append("load15", t, status.Loads[2])
|
|
}
|
|
}
|
|
|
|
func (s *ServerService) sampleCPUUtilization() (float64, error) {
|
|
// Try native platform-specific CPU implementation first (Windows, Linux, macOS)
|
|
if pct, err := sys.CPUPercentRaw(); err == nil {
|
|
s.mu.Lock()
|
|
// First call to native method returns 0 (initializes baseline)
|
|
if !s.hasNativeCPUSample {
|
|
s.hasNativeCPUSample = true
|
|
s.mu.Unlock()
|
|
return 0, nil
|
|
}
|
|
// Smooth with EMA
|
|
const alpha = 0.3
|
|
if s.emaCPU == 0 {
|
|
s.emaCPU = pct
|
|
} else {
|
|
s.emaCPU = alpha*pct + (1-alpha)*s.emaCPU
|
|
}
|
|
val := s.emaCPU
|
|
s.mu.Unlock()
|
|
return val, nil
|
|
}
|
|
// If native call fails, fall back to gopsutil times
|
|
// Read aggregate CPU times (all CPUs combined)
|
|
times, err := cpu.Times(false)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
if len(times) == 0 {
|
|
return 0, fmt.Errorf("no cpu times available")
|
|
}
|
|
|
|
cur := times[0]
|
|
|
|
s.mu.Lock()
|
|
defer s.mu.Unlock()
|
|
|
|
// If this is the first sample, initialize and return current EMA (0 by default)
|
|
if !s.hasLastCPUSample {
|
|
s.lastCPUTimes = cur
|
|
s.hasLastCPUSample = true
|
|
return s.emaCPU, nil
|
|
}
|
|
|
|
// Compute busy and total deltas
|
|
// Note: Guest and GuestNice times are already included in User and Nice respectively,
|
|
// so we exclude them to avoid double-counting (Linux kernel accounting)
|
|
idleDelta := cur.Idle - s.lastCPUTimes.Idle
|
|
busyDelta := (cur.User - s.lastCPUTimes.User) +
|
|
(cur.System - s.lastCPUTimes.System) +
|
|
(cur.Nice - s.lastCPUTimes.Nice) +
|
|
(cur.Iowait - s.lastCPUTimes.Iowait) +
|
|
(cur.Irq - s.lastCPUTimes.Irq) +
|
|
(cur.Softirq - s.lastCPUTimes.Softirq) +
|
|
(cur.Steal - s.lastCPUTimes.Steal)
|
|
|
|
totalDelta := busyDelta + idleDelta
|
|
|
|
// Update last sample for next time
|
|
s.lastCPUTimes = cur
|
|
|
|
// Guard against division by zero or negative deltas (e.g., counter resets)
|
|
if totalDelta <= 0 {
|
|
return s.emaCPU, nil
|
|
}
|
|
|
|
raw := 100.0 * (busyDelta / totalDelta)
|
|
if raw < 0 {
|
|
raw = 0
|
|
}
|
|
if raw > 100 {
|
|
raw = 100
|
|
}
|
|
|
|
// Exponential moving average to smooth spikes
|
|
const alpha = 0.3 // smoothing factor (0<alpha<=1). Higher = more responsive, lower = smoother
|
|
if s.emaCPU == 0 {
|
|
// Initialize EMA with the first real reading to avoid long warm-up from zero
|
|
s.emaCPU = raw
|
|
} else {
|
|
s.emaCPU = alpha*raw + (1-alpha)*s.emaCPU
|
|
}
|
|
|
|
return s.emaCPU, nil
|
|
}
|
|
|
|
var xrayVersionsClient = &http.Client{Timeout: 10 * time.Second}
|
|
|
|
const (
|
|
maxXrayArchiveBytes = 200 << 20
|
|
maxXrayBinaryBytes = 200 << 20
|
|
)
|
|
|
|
func (s *ServerService) GetXrayVersions() ([]string, error) {
|
|
const (
|
|
XrayURL = "https://api.github.com/repos/XTLS/Xray-core/releases"
|
|
bufferSize = 8192
|
|
)
|
|
|
|
resp, err := xrayVersionsClient.Get(XrayURL)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Check HTTP status code - GitHub API returns object instead of array on error
|
|
if resp.StatusCode != http.StatusOK {
|
|
bodyBytes, _ := io.ReadAll(resp.Body)
|
|
var errorResponse struct {
|
|
Message string `json:"message"`
|
|
}
|
|
if json.Unmarshal(bodyBytes, &errorResponse) == nil && errorResponse.Message != "" {
|
|
return nil, fmt.Errorf("GitHub API error: %s", errorResponse.Message)
|
|
}
|
|
return nil, fmt.Errorf("GitHub API returned status %d: %s", resp.StatusCode, resp.Status)
|
|
}
|
|
|
|
buffer := bytes.NewBuffer(make([]byte, bufferSize))
|
|
buffer.Reset()
|
|
if _, err := buffer.ReadFrom(resp.Body); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var releases []Release
|
|
if err := json.Unmarshal(buffer.Bytes(), &releases); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var versions []string
|
|
for _, release := range releases {
|
|
tagVersion := strings.TrimPrefix(release.TagName, "v")
|
|
tagParts := strings.Split(tagVersion, ".")
|
|
if len(tagParts) != 3 {
|
|
continue
|
|
}
|
|
|
|
major, err1 := strconv.Atoi(tagParts[0])
|
|
minor, err2 := strconv.Atoi(tagParts[1])
|
|
patch, err3 := strconv.Atoi(tagParts[2])
|
|
if err1 != nil || err2 != nil || err3 != nil {
|
|
continue
|
|
}
|
|
|
|
if major > 26 || (major == 26 && minor > 4) || (major == 26 && minor == 4 && patch >= 25) {
|
|
versions = append(versions, release.TagName)
|
|
}
|
|
}
|
|
return versions, nil
|
|
}
|
|
|
|
func (s *ServerService) StopXrayService() error {
|
|
err := s.xrayService.StopXray()
|
|
if err != nil {
|
|
logger.Error("stop xray failed:", err)
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *ServerService) RestartXrayService() error {
|
|
err := s.xrayService.RestartXray(true)
|
|
if err != nil {
|
|
logger.Error("start xray failed:", err)
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *ServerService) downloadXRay(version string) (string, error) {
|
|
osName := runtime.GOOS
|
|
arch := runtime.GOARCH
|
|
|
|
switch osName {
|
|
case "darwin":
|
|
osName = "macos"
|
|
case "windows":
|
|
osName = "windows"
|
|
}
|
|
|
|
switch arch {
|
|
case "amd64":
|
|
arch = "64"
|
|
case "arm64":
|
|
arch = "arm64-v8a"
|
|
case "armv7":
|
|
arch = "arm32-v7a"
|
|
case "armv6":
|
|
arch = "arm32-v6"
|
|
case "armv5":
|
|
arch = "arm32-v5"
|
|
case "386":
|
|
arch = "32"
|
|
case "s390x":
|
|
arch = "s390x"
|
|
}
|
|
|
|
fileName := fmt.Sprintf("Xray-%s-%s.zip", osName, arch)
|
|
url := fmt.Sprintf("https://github.com/XTLS/Xray-core/releases/download/%s/%s", version, fileName)
|
|
client := &http.Client{Timeout: 60 * time.Second}
|
|
resp, err := client.Get(url)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode != http.StatusOK {
|
|
return "", fmt.Errorf("download xray: unexpected HTTP %d", resp.StatusCode)
|
|
}
|
|
if resp.ContentLength > maxXrayArchiveBytes {
|
|
return "", fmt.Errorf("download xray: archive exceeds %d bytes", maxXrayArchiveBytes)
|
|
}
|
|
|
|
file, err := os.CreateTemp("", "xray-*.zip")
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
path := file.Name()
|
|
ok := false
|
|
defer func() {
|
|
_ = file.Close()
|
|
if !ok {
|
|
_ = os.Remove(path)
|
|
}
|
|
}()
|
|
|
|
n, err := io.Copy(file, io.LimitReader(resp.Body, maxXrayArchiveBytes+1))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if n > maxXrayArchiveBytes {
|
|
return "", fmt.Errorf("download xray: archive exceeds %d bytes", maxXrayArchiveBytes)
|
|
}
|
|
|
|
ok = true
|
|
return path, nil
|
|
}
|
|
|
|
func (s *ServerService) UpdateXray(version string) error {
|
|
versions, err := s.GetXrayVersions()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !slices.Contains(versions, version) {
|
|
return fmt.Errorf("xray version %q is not in the fetched release list", version)
|
|
}
|
|
|
|
// 1. Stop xray before doing anything
|
|
if err := s.StopXrayService(); err != nil {
|
|
logger.Warning("failed to stop xray before update:", err)
|
|
}
|
|
|
|
// 2. Download the zip
|
|
zipFileName, err := s.downloadXRay(version)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer os.Remove(zipFileName)
|
|
|
|
zipFile, err := os.Open(zipFileName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer zipFile.Close()
|
|
|
|
stat, err := zipFile.Stat()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
reader, err := zip.NewReader(zipFile, stat.Size())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// 3. Helper to extract files
|
|
copyZipFile := func(zipName string, fileName string) error {
|
|
zipFile, err := reader.Open(zipName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer zipFile.Close()
|
|
if err := os.MkdirAll(filepath.Dir(fileName), 0755); err != nil {
|
|
return err
|
|
}
|
|
tmpFile, err := os.CreateTemp(filepath.Dir(fileName), ".xray-*")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
tmpPath := tmpFile.Name()
|
|
ok := false
|
|
defer func() {
|
|
_ = tmpFile.Close()
|
|
if !ok {
|
|
_ = os.Remove(tmpPath)
|
|
}
|
|
}()
|
|
n, err := io.Copy(tmpFile, io.LimitReader(zipFile, maxXrayBinaryBytes+1))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if n > maxXrayBinaryBytes {
|
|
return fmt.Errorf("xray binary exceeds %d bytes", maxXrayBinaryBytes)
|
|
}
|
|
if err := tmpFile.Chmod(0755); err != nil {
|
|
return err
|
|
}
|
|
if err := tmpFile.Close(); err != nil {
|
|
return err
|
|
}
|
|
if runtime.GOOS == "windows" {
|
|
_ = os.Remove(fileName)
|
|
}
|
|
if err := os.Rename(tmpPath, fileName); err != nil {
|
|
return err
|
|
}
|
|
ok = true
|
|
return nil
|
|
}
|
|
|
|
// 4. Extract correct binary
|
|
if runtime.GOOS == "windows" {
|
|
targetBinary := filepath.Join(config.GetBinFolderPath(), "xray-windows-amd64.exe")
|
|
err = copyZipFile("xray.exe", targetBinary)
|
|
} else {
|
|
err = copyZipFile("xray", xray.GetBinaryPath())
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// 5. Restart xray
|
|
if err := s.xrayService.RestartXray(true); err != nil {
|
|
logger.Error("start xray failed:", err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *ServerService) GetLogs(count string, level string, syslog string) []string {
|
|
c, _ := strconv.Atoi(count)
|
|
var lines []string
|
|
|
|
if syslog == "true" {
|
|
// Check if running on Windows - journalctl is not available
|
|
if runtime.GOOS == "windows" {
|
|
return []string{"Syslog is not supported on Windows. Please use application logs instead by unchecking the 'Syslog' option."}
|
|
}
|
|
|
|
// Validate and sanitize count parameter
|
|
countInt, err := strconv.Atoi(count)
|
|
if err != nil || countInt < 1 || countInt > 10000 {
|
|
return []string{"Invalid count parameter - must be a number between 1 and 10000"}
|
|
}
|
|
|
|
// Validate level parameter - only allow valid syslog levels
|
|
validLevels := map[string]bool{
|
|
"0": true, "emerg": true,
|
|
"1": true, "alert": true,
|
|
"2": true, "crit": true,
|
|
"3": true, "err": true,
|
|
"4": true, "warning": true,
|
|
"5": true, "notice": true,
|
|
"6": true, "info": true,
|
|
"7": true, "debug": true,
|
|
}
|
|
if !validLevels[level] {
|
|
return []string{"Invalid level parameter - must be a valid syslog level"}
|
|
}
|
|
|
|
// Use hardcoded command with validated parameters
|
|
cmd := exec.Command("journalctl", "-u", "x-ui", "--no-pager", "-n", strconv.Itoa(countInt), "-p", level)
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
err = cmd.Run()
|
|
if err != nil {
|
|
return []string{"Failed to run journalctl command! Make sure systemd is available and x-ui service is registered."}
|
|
}
|
|
lines = strings.Split(out.String(), "\n")
|
|
} else {
|
|
lines = logger.GetLogs(c, level)
|
|
}
|
|
|
|
return lines
|
|
}
|
|
|
|
func (s *ServerService) GetXrayLogs(
|
|
count string,
|
|
filter string,
|
|
showDirect string,
|
|
showBlocked string,
|
|
showProxy string,
|
|
freedoms []string,
|
|
blackholes []string) []LogEntry {
|
|
|
|
const (
|
|
Direct = iota
|
|
Blocked
|
|
Proxied
|
|
)
|
|
|
|
countInt, _ := strconv.Atoi(count)
|
|
var entries []LogEntry
|
|
|
|
pathToAccessLog, err := xray.GetAccessLogPath()
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
file, err := os.Open(pathToAccessLog)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
defer file.Close()
|
|
|
|
scanner := bufio.NewScanner(file)
|
|
|
|
for scanner.Scan() {
|
|
line := strings.TrimSpace(scanner.Text())
|
|
|
|
if line == "" || strings.Contains(line, "api -> api") {
|
|
//skipping empty lines and api calls
|
|
continue
|
|
}
|
|
|
|
if filter != "" && !strings.Contains(line, filter) {
|
|
//applying filter if it's not empty
|
|
continue
|
|
}
|
|
|
|
var entry LogEntry
|
|
parts := strings.Fields(line)
|
|
|
|
for i, part := range parts {
|
|
|
|
if i == 0 {
|
|
dateTime, err := time.ParseInLocation("2006/01/02 15:04:05.999999", parts[0]+" "+parts[1], time.Local)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
entry.DateTime = dateTime.UTC()
|
|
}
|
|
|
|
if part == "from" {
|
|
entry.FromAddress = strings.TrimLeft(parts[i+1], "/")
|
|
} else if part == "accepted" {
|
|
entry.ToAddress = strings.TrimLeft(parts[i+1], "/")
|
|
} else if strings.HasPrefix(part, "[") {
|
|
entry.Inbound = part[1:]
|
|
} else if strings.HasSuffix(part, "]") {
|
|
entry.Outbound = part[:len(part)-1]
|
|
} else if part == "email:" {
|
|
entry.Email = parts[i+1]
|
|
}
|
|
}
|
|
|
|
if logEntryContains(line, freedoms) {
|
|
if showDirect == "false" {
|
|
continue
|
|
}
|
|
entry.Event = Direct
|
|
} else if logEntryContains(line, blackholes) {
|
|
if showBlocked == "false" {
|
|
continue
|
|
}
|
|
entry.Event = Blocked
|
|
} else {
|
|
if showProxy == "false" {
|
|
continue
|
|
}
|
|
entry.Event = Proxied
|
|
}
|
|
|
|
entries = append(entries, entry)
|
|
}
|
|
|
|
if err := scanner.Err(); err != nil {
|
|
return nil
|
|
}
|
|
|
|
if len(entries) > countInt {
|
|
entries = entries[len(entries)-countInt:]
|
|
}
|
|
|
|
return entries
|
|
}
|
|
|
|
// isVirtualInterface returns true for loopback and virtual/tunnel interfaces
|
|
// that should be excluded from network traffic statistics.
|
|
func isVirtualInterface(name string) bool {
|
|
// Exact matches
|
|
if name == "lo" || name == "lo0" {
|
|
return true
|
|
}
|
|
// Prefix matches for virtual/tunnel interfaces
|
|
virtualPrefixes := []string{
|
|
"loopback",
|
|
"docker",
|
|
"br-",
|
|
"veth",
|
|
"virbr",
|
|
"tun",
|
|
"tap",
|
|
"wg",
|
|
"tailscale",
|
|
"zt",
|
|
}
|
|
for _, prefix := range virtualPrefixes {
|
|
if strings.HasPrefix(name, prefix) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func logEntryContains(line string, suffixes []string) bool {
|
|
for _, sfx := range suffixes {
|
|
if strings.Contains(line, sfx+"]") {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (s *ServerService) GetConfigJson() (any, error) {
|
|
config, err := s.xrayService.GetXrayConfig()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
contents, err := json.MarshalIndent(config, "", " ")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var jsonData any
|
|
err = json.Unmarshal(contents, &jsonData)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return jsonData, nil
|
|
}
|
|
|
|
func (s *ServerService) GetDb() ([]byte, error) {
|
|
// Update by manually trigger a checkpoint operation
|
|
err := database.Checkpoint()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Open the file for reading
|
|
file, err := os.Open(config.GetDBPath())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer file.Close()
|
|
|
|
// Read the file contents
|
|
fileContents, err := io.ReadAll(file)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return fileContents, nil
|
|
}
|
|
|
|
func (s *ServerService) ImportDB(file multipart.File) error {
|
|
// Check if the file is a SQLite database
|
|
isValidDb, err := database.IsSQLiteDB(file)
|
|
if err != nil {
|
|
return common.NewErrorf("Error checking db file format: %v", err)
|
|
}
|
|
if !isValidDb {
|
|
return common.NewError("Invalid db file format")
|
|
}
|
|
|
|
// Reset the file reader to the beginning
|
|
_, err = file.Seek(0, 0)
|
|
if err != nil {
|
|
return common.NewErrorf("Error resetting file reader: %v", err)
|
|
}
|
|
|
|
// Save the file as a temporary file
|
|
tempPath := fmt.Sprintf("%s.temp", config.GetDBPath())
|
|
|
|
// Remove the existing temporary file (if any)
|
|
if _, err := os.Stat(tempPath); err == nil {
|
|
if errRemove := os.Remove(tempPath); errRemove != nil {
|
|
return common.NewErrorf("Error removing existing temporary db file: %v", errRemove)
|
|
}
|
|
}
|
|
|
|
// Create the temporary file
|
|
tempFile, err := os.Create(tempPath)
|
|
if err != nil {
|
|
return common.NewErrorf("Error creating temporary db file: %v", err)
|
|
}
|
|
|
|
// Robust deferred cleanup for the temporary file
|
|
defer func() {
|
|
if tempFile != nil {
|
|
if cerr := tempFile.Close(); cerr != nil {
|
|
logger.Warningf("Warning: failed to close temp file: %v", cerr)
|
|
}
|
|
}
|
|
if _, err := os.Stat(tempPath); err == nil {
|
|
if rerr := os.Remove(tempPath); rerr != nil {
|
|
logger.Warningf("Warning: failed to remove temp file: %v", rerr)
|
|
}
|
|
}
|
|
}()
|
|
|
|
// Save uploaded file to temporary file
|
|
if _, err = io.Copy(tempFile, file); err != nil {
|
|
return common.NewErrorf("Error saving db: %v", err)
|
|
}
|
|
|
|
// Close temp file before opening via sqlite
|
|
if err = tempFile.Close(); err != nil {
|
|
return common.NewErrorf("Error closing temporary db file: %v", err)
|
|
}
|
|
tempFile = nil
|
|
|
|
// Validate integrity (no migrations / side effects)
|
|
if err = database.ValidateSQLiteDB(tempPath); err != nil {
|
|
return common.NewErrorf("Invalid or corrupt db file: %v", err)
|
|
}
|
|
|
|
xrayStopped := true
|
|
defer func() {
|
|
if xrayStopped {
|
|
if errR := s.RestartXrayService(); errR != nil {
|
|
logger.Warningf("Failed to restart Xray after DB import error: %v", errR)
|
|
}
|
|
}
|
|
}()
|
|
if errStop := s.StopXrayService(); errStop != nil {
|
|
logger.Warningf("Failed to stop Xray before DB import: %v", errStop)
|
|
}
|
|
|
|
if errClose := database.CloseDB(); errClose != nil {
|
|
logger.Warningf("Failed to close existing DB before replacement: %v", errClose)
|
|
}
|
|
|
|
// Backup the current database for fallback
|
|
fallbackPath := fmt.Sprintf("%s.backup", config.GetDBPath())
|
|
|
|
// Remove the existing fallback file (if any)
|
|
if _, err := os.Stat(fallbackPath); err == nil {
|
|
if errRemove := os.Remove(fallbackPath); errRemove != nil {
|
|
return common.NewErrorf("Error removing existing fallback db file: %v", errRemove)
|
|
}
|
|
}
|
|
|
|
// Move the current database to the fallback location
|
|
if err = os.Rename(config.GetDBPath(), fallbackPath); err != nil {
|
|
return common.NewErrorf("Error backing up current db file: %v", err)
|
|
}
|
|
|
|
// Defer fallback cleanup ONLY if everything goes well
|
|
defer func() {
|
|
if _, err := os.Stat(fallbackPath); err == nil {
|
|
if rerr := os.Remove(fallbackPath); rerr != nil {
|
|
logger.Warningf("Warning: failed to remove fallback file: %v", rerr)
|
|
}
|
|
}
|
|
}()
|
|
|
|
// Move temp to DB path
|
|
if err = os.Rename(tempPath, config.GetDBPath()); err != nil {
|
|
// Restore from fallback
|
|
if errRename := os.Rename(fallbackPath, config.GetDBPath()); errRename != nil {
|
|
return common.NewErrorf("Error moving db file and restoring fallback: %v", errRename)
|
|
}
|
|
return common.NewErrorf("Error moving db file: %v", err)
|
|
}
|
|
|
|
// Open & migrate new DB
|
|
if err = database.InitDB(config.GetDBPath()); err != nil {
|
|
if errRename := os.Rename(fallbackPath, config.GetDBPath()); errRename != nil {
|
|
return common.NewErrorf("Error migrating db and restoring fallback: %v", errRename)
|
|
}
|
|
return common.NewErrorf("Error migrating db: %v", err)
|
|
}
|
|
|
|
s.inboundService.MigrateDB()
|
|
|
|
xrayStopped = false
|
|
if err = s.RestartXrayService(); err != nil {
|
|
return common.NewErrorf("Imported DB but failed to start Xray: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// IsValidGeofileName validates that the filename is safe for geofile operations.
|
|
// It checks for path traversal attempts and ensures the filename contains only safe characters.
|
|
func (s *ServerService) IsValidGeofileName(filename string) bool {
|
|
if filename == "" {
|
|
return false
|
|
}
|
|
|
|
// Check for path traversal attempts
|
|
if strings.Contains(filename, "..") {
|
|
return false
|
|
}
|
|
|
|
// Check for path separators (both forward and backward slash)
|
|
if strings.ContainsAny(filename, `/\`) {
|
|
return false
|
|
}
|
|
|
|
// Check for absolute path indicators
|
|
if filepath.IsAbs(filename) {
|
|
return false
|
|
}
|
|
|
|
// Additional security: only allow alphanumeric, dots, underscores, and hyphens
|
|
// This is stricter than the general filename regex
|
|
validGeofilePattern := `^[a-zA-Z0-9._-]+\.dat$`
|
|
matched, _ := regexp.MatchString(validGeofilePattern, filename)
|
|
return matched
|
|
}
|
|
|
|
func (s *ServerService) UpdateGeofile(fileName string) error {
|
|
type geofileEntry struct {
|
|
URL string
|
|
FileName string
|
|
}
|
|
geofileAllowlist := map[string]geofileEntry{
|
|
"geoip.dat": {"https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat", "geoip.dat"},
|
|
"geosite.dat": {"https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat", "geosite.dat"},
|
|
"geoip_IR.dat": {"https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat", "geoip_IR.dat"},
|
|
"geosite_IR.dat": {"https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat", "geosite_IR.dat"},
|
|
"geoip_RU.dat": {"https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat", "geoip_RU.dat"},
|
|
"geosite_RU.dat": {"https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat", "geosite_RU.dat"},
|
|
}
|
|
|
|
// Strict allowlist check to avoid writing uncontrolled files
|
|
if fileName != "" {
|
|
if _, ok := geofileAllowlist[fileName]; !ok {
|
|
return common.NewErrorf("Invalid geofile name: %q not in allowlist", fileName)
|
|
}
|
|
}
|
|
|
|
downloadFile := func(url, destPath string) error {
|
|
var req *http.Request
|
|
req, err := http.NewRequest("GET", url, nil)
|
|
if err != nil {
|
|
return common.NewErrorf("Failed to create HTTP request for %s: %v", url, err)
|
|
}
|
|
|
|
var localFileModTime time.Time
|
|
if fileInfo, err := os.Stat(destPath); err == nil {
|
|
localFileModTime = fileInfo.ModTime()
|
|
if !localFileModTime.IsZero() {
|
|
req.Header.Set("If-Modified-Since", localFileModTime.UTC().Format(http.TimeFormat))
|
|
}
|
|
}
|
|
|
|
client := &http.Client{}
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return common.NewErrorf("Failed to download Geofile from %s: %v", url, err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Parse Last-Modified header from server
|
|
var serverModTime time.Time
|
|
serverModTimeStr := resp.Header.Get("Last-Modified")
|
|
if serverModTimeStr != "" {
|
|
parsedTime, err := time.Parse(http.TimeFormat, serverModTimeStr)
|
|
if err != nil {
|
|
logger.Warningf("Failed to parse Last-Modified header for %s: %v", url, err)
|
|
} else {
|
|
serverModTime = parsedTime
|
|
}
|
|
}
|
|
|
|
// Function to update local file's modification time
|
|
updateFileModTime := func() {
|
|
if !serverModTime.IsZero() {
|
|
if err := os.Chtimes(destPath, serverModTime, serverModTime); err != nil {
|
|
logger.Warningf("Failed to update modification time for %s: %v", destPath, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Handle 304 Not Modified
|
|
if resp.StatusCode == http.StatusNotModified {
|
|
updateFileModTime()
|
|
return nil
|
|
}
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return common.NewErrorf("Failed to download Geofile from %s: received status code %d", url, resp.StatusCode)
|
|
}
|
|
|
|
file, err := os.Create(destPath)
|
|
if err != nil {
|
|
return common.NewErrorf("Failed to create Geofile %s: %v", destPath, err)
|
|
}
|
|
defer file.Close()
|
|
|
|
_, err = io.Copy(file, resp.Body)
|
|
if err != nil {
|
|
return common.NewErrorf("Failed to save Geofile %s: %v", destPath, err)
|
|
}
|
|
|
|
updateFileModTime()
|
|
return nil
|
|
}
|
|
|
|
var errorMessages []string
|
|
|
|
if fileName == "" {
|
|
// Download all geofiles
|
|
for _, entry := range geofileAllowlist {
|
|
destPath := filepath.Join(config.GetBinFolderPath(), entry.FileName)
|
|
if err := downloadFile(entry.URL, destPath); err != nil {
|
|
errorMessages = append(errorMessages, fmt.Sprintf("Error downloading Geofile '%s': %v", entry.FileName, err))
|
|
}
|
|
}
|
|
} else {
|
|
entry := geofileAllowlist[fileName]
|
|
destPath := filepath.Join(config.GetBinFolderPath(), entry.FileName)
|
|
if err := downloadFile(entry.URL, destPath); err != nil {
|
|
errorMessages = append(errorMessages, fmt.Sprintf("Error downloading Geofile '%s': %v", entry.FileName, err))
|
|
}
|
|
}
|
|
|
|
err := s.RestartXrayService()
|
|
if err != nil {
|
|
errorMessages = append(errorMessages, fmt.Sprintf("Updated Geofile '%s' but Failed to start Xray: %v", fileName, err))
|
|
}
|
|
|
|
if len(errorMessages) > 0 {
|
|
return common.NewErrorf("%s", strings.Join(errorMessages, "\r\n"))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *ServerService) GetNewX25519Cert() (any, error) {
|
|
// Run the command
|
|
cmd := exec.Command(xray.GetBinaryPath(), "x25519")
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
lines := strings.Split(out.String(), "\n")
|
|
|
|
privateKeyLine := strings.Split(lines[0], ":")
|
|
publicKeyLine := strings.Split(lines[1], ":")
|
|
|
|
privateKey := strings.TrimSpace(privateKeyLine[1])
|
|
publicKey := strings.TrimSpace(publicKeyLine[1])
|
|
|
|
keyPair := map[string]any{
|
|
"privateKey": privateKey,
|
|
"publicKey": publicKey,
|
|
}
|
|
|
|
return keyPair, nil
|
|
}
|
|
|
|
func (s *ServerService) GetNewmldsa65() (any, error) {
|
|
// Run the command
|
|
cmd := exec.Command(xray.GetBinaryPath(), "mldsa65")
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
lines := strings.Split(out.String(), "\n")
|
|
|
|
SeedLine := strings.Split(lines[0], ":")
|
|
VerifyLine := strings.Split(lines[1], ":")
|
|
|
|
seed := strings.TrimSpace(SeedLine[1])
|
|
verify := strings.TrimSpace(VerifyLine[1])
|
|
|
|
keyPair := map[string]any{
|
|
"seed": seed,
|
|
"verify": verify,
|
|
}
|
|
|
|
return keyPair, nil
|
|
}
|
|
|
|
func (s *ServerService) GetNewEchCert(sni string) (any, error) {
|
|
// Run the command
|
|
cmd := exec.Command(xray.GetBinaryPath(), "tls", "ech", "--serverName", sni)
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
lines := strings.Split(out.String(), "\n")
|
|
if len(lines) < 4 {
|
|
return nil, common.NewError("invalid ech cert")
|
|
}
|
|
|
|
configList := lines[1]
|
|
serverKeys := lines[3]
|
|
|
|
return map[string]any{
|
|
"echServerKeys": serverKeys,
|
|
"echConfigList": configList,
|
|
}, nil
|
|
}
|
|
|
|
func (s *ServerService) GetNewVlessEnc() (any, error) {
|
|
cmd := exec.Command(xray.GetBinaryPath(), "vlessenc")
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
if err := cmd.Run(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return map[string]any{
|
|
"auths": parseVlessEncAuths(out.String()),
|
|
}, nil
|
|
}
|
|
|
|
func parseVlessEncAuths(output string) []map[string]string {
|
|
lines := strings.Split(output, "\n")
|
|
var auths []map[string]string
|
|
var current map[string]string
|
|
|
|
for _, line := range lines {
|
|
line = strings.TrimSpace(line)
|
|
if strings.HasPrefix(line, "Authentication:") {
|
|
if current != nil {
|
|
auths = append(auths, current)
|
|
}
|
|
label := strings.TrimSpace(strings.TrimPrefix(line, "Authentication:"))
|
|
current = map[string]string{
|
|
"id": vlessEncAuthID(label),
|
|
"label": label,
|
|
}
|
|
} else if strings.HasPrefix(line, `"decryption"`) || strings.HasPrefix(line, `"encryption"`) {
|
|
parts := strings.SplitN(line, ":", 2)
|
|
if len(parts) == 2 && current != nil {
|
|
key := strings.Trim(parts[0], `" `)
|
|
val := strings.TrimSpace(parts[1])
|
|
val = strings.TrimSuffix(val, ",")
|
|
val = strings.Trim(val, `" `)
|
|
current[key] = val
|
|
}
|
|
}
|
|
}
|
|
|
|
if current != nil {
|
|
auths = append(auths, current)
|
|
}
|
|
|
|
return auths
|
|
}
|
|
|
|
func vlessEncAuthID(label string) string {
|
|
normalized := strings.NewReplacer("-", "", "_", "", " ", "").Replace(strings.ToLower(label))
|
|
switch {
|
|
case strings.Contains(normalized, "mlkem768"):
|
|
return "mlkem768"
|
|
case strings.Contains(normalized, "x25519"):
|
|
return "x25519"
|
|
default:
|
|
return normalized
|
|
}
|
|
}
|
|
|
|
func (s *ServerService) GetNewUUID() (map[string]string, error) {
|
|
newUUID, err := uuid.NewRandom()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to generate UUID: %w", err)
|
|
}
|
|
|
|
return map[string]string{
|
|
"uuid": newUUID.String(),
|
|
}, nil
|
|
}
|
|
|
|
func (s *ServerService) GetNewmlkem768() (any, error) {
|
|
// Run the command
|
|
cmd := exec.Command(xray.GetBinaryPath(), "mlkem768")
|
|
var out bytes.Buffer
|
|
cmd.Stdout = &out
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
lines := strings.Split(out.String(), "\n")
|
|
|
|
SeedLine := strings.Split(lines[0], ":")
|
|
ClientLine := strings.Split(lines[1], ":")
|
|
|
|
seed := strings.TrimSpace(SeedLine[1])
|
|
client := strings.TrimSpace(ClientLine[1])
|
|
|
|
keyPair := map[string]any{
|
|
"seed": seed,
|
|
"client": client,
|
|
}
|
|
|
|
return keyPair, nil
|
|
}
|