瀏覽代碼

fix(mtproto): drop the remark fragment from tg proxy deep links

genMtprotoLink appended the panel remark as a URL fragment (tg://proxy?...&secret=...#remark). Because secret/server is the last query value, lenient Telegram parsers fold the "#remark" into it and the imported proxy breaks with "incorrect client random". Telegram proxy deep links have no name field, so emit a clean link on both the backend (internal/sub) and frontend (inbound-link.ts). The remark still shows as a separate tag in the inbound info modal, which reads it from genAllLinks, not the URL.

Guards: Go TestGenMtprotoLinkFields asserts no fragment; the frontend mtproto link test asserts no '#'.
MHSanaei 14 小時之前
父節點
當前提交
27fd19895a

+ 6 - 5
frontend/src/lib/xray/inbound-link.ts

@@ -779,20 +779,21 @@ export interface GenMtprotoLinkInput {
   address: string;
   port?: number;
   clientSecret?: string;
-  remark?: string;
 }
 
 // Builds a per-client Telegram proxy deep link for an mtproto inbound from the
-// client's own FakeTLS secret.
+// client's own FakeTLS secret. No remark fragment is added: Telegram proxy deep
+// links have no name field, and a trailing "#remark" gets folded into the last
+// query value by lenient parsers, breaking the server address. The panel shows
+// the remark separately from the link.
 export function genMtprotoLink(input: GenMtprotoLinkInput): string {
-  const { inbound, address, port = inbound.port, clientSecret = '', remark = '' } = input;
+  const { inbound, address, port = inbound.port, clientSecret = '' } = input;
   if (inbound.protocol !== 'mtproto') return '';
   if (clientSecret.length === 0) return '';
   const url = new URL('tg://proxy');
   url.searchParams.set('server', address);
   url.searchParams.set('port', String(port));
   url.searchParams.set('secret', clientSecret);
-  if (remark) url.hash = encodeURIComponent(remark);
   return url.toString();
 }
 
@@ -1130,7 +1131,7 @@ export function genLink(input: GenLinkInput): string {
         externalProxy,
       });
     case 'mtproto':
-      return genMtprotoLink({ inbound, address, port, clientSecret: client.secret ?? '', remark });
+      return genMtprotoLink({ inbound, address, port, clientSecret: client.secret ?? '' });
     default:
       return '';
   }

+ 2 - 0
frontend/src/test/mtproto-clients-link.test.ts

@@ -37,5 +37,7 @@ describe('mtproto multi-client link fan-out', () => {
     expect(links[0]).toContain('tg://proxy');
     expect(links[0]).toContain('secret=ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d');
     expect(links[1]).toContain('secret=eeabcdefabcdefabcdefabcdefabcdef01676f6f676c652e636f6d');
+    expect(links[0]).not.toContain('#');
+    expect(links[1]).not.toContain('#');
   });
 });

+ 6 - 3
internal/sub/service.go

@@ -663,8 +663,11 @@ func (s *SubService) genWireguardLink(inbound *model.Inbound, email string) stri
 }
 
 // genMtprotoLink builds a per-client Telegram proxy deep link for an mtproto
-// inbound: the server/port pair plus the client's own FakeTLS secret. Returns ""
-// when the client has no secret.
+// inbound: the server/port pair plus the client's own FakeTLS secret. The link
+// carries no remark fragment — Telegram proxy deep links have no name field, and
+// a trailing "#remark" is appended to the last query value by lenient parsers,
+// corrupting the server address. The remark is shown separately in the panel UI.
+// Returns "" when the client has no secret.
 func (s *SubService) genMtprotoLink(inbound *model.Inbound, email string) string {
 	if inbound.Protocol != model.MTProto {
 		return ""
@@ -678,7 +681,7 @@ func (s *SubService) genMtprotoLink(inbound *model.Inbound, email string) string
 		"port":   fmt.Sprintf("%d", inbound.Port),
 		"secret": resolved.Secret,
 	}
-	return buildLinkWithParams("tg://proxy", params, s.genRemark(inbound, email, "", ""))
+	return buildLinkWithParams("tg://proxy", params, "")
 }
 
 // Protocol link generators are intentionally ordered as:

+ 3 - 0
internal/sub/service_mtproto_test.go

@@ -40,6 +40,9 @@ func TestGenMtprotoLinkFields(t *testing.T) {
 	if q.Get("secret") != mtprotoTestSecret {
 		t.Fatalf("secret = %q, want the client's FakeTLS secret", q.Get("secret"))
 	}
+	if u.Fragment != "" {
+		t.Fatalf("link carries a #%s fragment; tg://proxy links must have no remark fragment", u.Fragment)
+	}
 }
 
 func TestGenMtprotoLinkWrongProtocol(t *testing.T) {