|
|
@@ -3,6 +3,8 @@ package mtproto
|
|
|
import (
|
|
|
"bytes"
|
|
|
"context"
|
|
|
+ "crypto/rand"
|
|
|
+ "encoding/hex"
|
|
|
"encoding/json"
|
|
|
"fmt"
|
|
|
"net"
|
|
|
@@ -20,10 +22,13 @@ import (
|
|
|
|
|
|
// SecretEntry is one named FakeTLS secret served by an mtg-multi process. Name is
|
|
|
// the client email, used both as the [secrets] key and as the per-user key in the
|
|
|
-// /stats API so traffic can be attributed back to the client.
|
|
|
+// /stats API so traffic can be attributed back to the client. AdTag is the
|
|
|
+// client's own advertising-tag override, emitted into the [secret-ad-tags]
|
|
|
+// section; empty falls back to the instance-level tag.
|
|
|
type SecretEntry struct {
|
|
|
Name string
|
|
|
Secret string
|
|
|
+ AdTag string
|
|
|
}
|
|
|
|
|
|
// Instance is the desired runtime configuration of one mtproto inbound. A single
|
|
|
@@ -49,13 +54,9 @@ type Instance struct {
|
|
|
// fair-share algorithm; zero disables throttling.
|
|
|
ThrottleMaxConnections int
|
|
|
|
|
|
- // AdTag is a 32-hex Telegram advertising tag; when set, mtg routes clients
|
|
|
- // through Telegram middle proxies so a sponsored channel shows in their chat
|
|
|
- // list. It is part of the reloadable secret config, so a change is applied
|
|
|
- // via /reload without dropping connections. PublicIPv4/PublicIPv6 pin the
|
|
|
- // proxy's reachable address the middle proxy needs; they are omitted when
|
|
|
- // empty so mtg auto-detects, and a change forces a restart.
|
|
|
- AdTag string
|
|
|
+ // PublicIPv4/PublicIPv6 pin the proxy's reachable address the Telegram
|
|
|
+ // middle proxy needs when clients carry advertising tags; they are omitted
|
|
|
+ // when empty so mtg auto-detects, and a change forces a restart.
|
|
|
PublicIPv4 string
|
|
|
PublicIPv6 string
|
|
|
|
|
|
@@ -98,16 +99,16 @@ func (inst Instance) structuralFingerprint() string {
|
|
|
|
|
|
// secretsFingerprint identifies the reloadable secret config regardless of
|
|
|
// client order, so a reordered clients array in the stored settings does not
|
|
|
-// read as a change. It moves whenever a client is added, removed, disabled, or
|
|
|
-// re-keyed, or the advertising tag changes — all of which mtg applies through
|
|
|
-// /reload without dropping connections.
|
|
|
+// read as a change. It moves whenever a client is added, removed, disabled,
|
|
|
+// re-keyed, or re-tagged — all of which mtg applies in place without dropping
|
|
|
+// connections.
|
|
|
func (inst Instance) secretsFingerprint() string {
|
|
|
pairs := make([]string, 0, len(inst.Secrets))
|
|
|
for _, e := range inst.Secrets {
|
|
|
- pairs = append(pairs, e.Name+"="+e.Secret)
|
|
|
+ pairs = append(pairs, e.Name+"="+e.Secret+";tag="+e.AdTag)
|
|
|
}
|
|
|
slices.Sort(pairs)
|
|
|
- return "adtag=" + inst.AdTag + "|" + strings.Join(pairs, "|")
|
|
|
+ return strings.Join(pairs, "|")
|
|
|
}
|
|
|
|
|
|
// Traffic is a per-client traffic delta scraped from an mtg /stats endpoint. Tag
|
|
|
@@ -130,6 +131,7 @@ type managed struct {
|
|
|
structuralFP string
|
|
|
secretsFP string
|
|
|
apiPort int
|
|
|
+ apiToken string
|
|
|
last map[string]clientCounters
|
|
|
}
|
|
|
|
|
|
@@ -177,12 +179,12 @@ func InstanceFromInbound(ib *model.Inbound) (Instance, bool) {
|
|
|
ThrottleMaxConnections int `json:"throttleMaxConnections"`
|
|
|
RouteThroughXray bool `json:"routeThroughXray"`
|
|
|
RouteXrayPort int `json:"routeXrayPort"`
|
|
|
- AdTag string `json:"adTag"`
|
|
|
PublicIPv4 string `json:"publicIpv4"`
|
|
|
PublicIPv6 string `json:"publicIpv6"`
|
|
|
Clients []struct {
|
|
|
Email string `json:"email"`
|
|
|
Secret string `json:"secret"`
|
|
|
+ AdTag string `json:"adTag"`
|
|
|
Enable bool `json:"enable"`
|
|
|
} `json:"clients"`
|
|
|
}
|
|
|
@@ -194,7 +196,7 @@ func InstanceFromInbound(ib *model.Inbound) (Instance, bool) {
|
|
|
if !c.Enable || c.Secret == "" || c.Email == "" {
|
|
|
continue
|
|
|
}
|
|
|
- secrets = append(secrets, SecretEntry{Name: c.Email, Secret: c.Secret})
|
|
|
+ secrets = append(secrets, SecretEntry{Name: c.Email, Secret: c.Secret, AdTag: usableAdTag(c.AdTag)})
|
|
|
}
|
|
|
if len(secrets) == 0 {
|
|
|
return Instance{}, false
|
|
|
@@ -214,12 +216,23 @@ func InstanceFromInbound(ib *model.Inbound) (Instance, bool) {
|
|
|
ThrottleMaxConnections: parsed.ThrottleMaxConnections,
|
|
|
RouteThroughXray: parsed.RouteThroughXray,
|
|
|
XrayRoutePort: parsed.RouteXrayPort,
|
|
|
- AdTag: strings.TrimSpace(parsed.AdTag),
|
|
|
PublicIPv4: strings.TrimSpace(parsed.PublicIPv4),
|
|
|
PublicIPv6: strings.TrimSpace(parsed.PublicIPv6),
|
|
|
}, true
|
|
|
}
|
|
|
|
|
|
+// usableAdTag returns a stored advertising tag only when it is well-formed.
|
|
|
+// The save paths validate tags, but settings can arrive from raw API payloads
|
|
|
+// or older data, and one malformed tag in a generated config makes mtg reject
|
|
|
+// the whole file — taking every client of the inbound down with it.
|
|
|
+func usableAdTag(tag string) string {
|
|
|
+ tag = strings.TrimSpace(tag)
|
|
|
+ if !model.ValidMtprotoAdTag(tag) {
|
|
|
+ return ""
|
|
|
+ }
|
|
|
+ return tag
|
|
|
+}
|
|
|
+
|
|
|
// Ensure starts the mtg process for an instance, or restarts it when its
|
|
|
// configuration changed. A no-op when the desired process is already running.
|
|
|
func (m *Manager) Ensure(inst Instance) error {
|
|
|
@@ -277,10 +290,10 @@ func (m *Manager) ensureLocked(inst Instance) error {
|
|
|
cur.tag = inst.Tag
|
|
|
return nil
|
|
|
case ensureReload:
|
|
|
- if err := writeConfig(configPathForID(inst.Id), inst, cur.apiPort); err != nil {
|
|
|
+ if err := writeConfig(configPathForID(inst.Id), inst, cur.apiPort, cur.apiToken); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- if applySecrets(cur.apiPort, inst) {
|
|
|
+ if applySecrets(cur.apiPort, cur.apiToken, inst) {
|
|
|
cur.tag = inst.Tag
|
|
|
cur.secretsFP = secFP
|
|
|
logger.Infof("mtproto: applied secret update to inbound %d in place", inst.Id)
|
|
|
@@ -297,8 +310,12 @@ func (m *Manager) ensureLocked(inst Instance) error {
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+ apiToken, err := newAPIToken()
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
cfgPath := configPathForID(inst.Id)
|
|
|
- if err := writeConfig(cfgPath, inst, apiPort); err != nil {
|
|
|
+ if err := writeConfig(cfgPath, inst, apiPort, apiToken); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
proc := newProcess(cfgPath, fmt.Sprintf("inbound %d", inst.Id))
|
|
|
@@ -311,6 +328,7 @@ func (m *Manager) ensureLocked(inst Instance) error {
|
|
|
structuralFP: structFP,
|
|
|
secretsFP: secFP,
|
|
|
apiPort: apiPort,
|
|
|
+ apiToken: apiToken,
|
|
|
last: map[string]clientCounters{},
|
|
|
}
|
|
|
logger.Infof("mtproto: started mtg for inbound %d on %s", inst.Id, inst.bindTo())
|
|
|
@@ -370,10 +388,11 @@ func (m *Manager) StopAll() {
|
|
|
// with at least one live connection.
|
|
|
func (m *Manager) CollectTraffic() ([]Traffic, []string) {
|
|
|
type snap struct {
|
|
|
- id int
|
|
|
- apiPort int
|
|
|
- tag string
|
|
|
- last map[string]clientCounters
|
|
|
+ id int
|
|
|
+ apiPort int
|
|
|
+ apiToken string
|
|
|
+ tag string
|
|
|
+ last map[string]clientCounters
|
|
|
}
|
|
|
m.mu.Lock()
|
|
|
snaps := make([]snap, 0, len(m.procs))
|
|
|
@@ -385,14 +404,14 @@ func (m *Manager) CollectTraffic() ([]Traffic, []string) {
|
|
|
for k, v := range cur.last {
|
|
|
lastCopy[k] = v
|
|
|
}
|
|
|
- snaps = append(snaps, snap{id: id, apiPort: cur.apiPort, tag: cur.tag, last: lastCopy})
|
|
|
+ snaps = append(snaps, snap{id: id, apiPort: cur.apiPort, apiToken: cur.apiToken, tag: cur.tag, last: lastCopy})
|
|
|
}
|
|
|
m.mu.Unlock()
|
|
|
|
|
|
var out []Traffic
|
|
|
var online []string
|
|
|
for _, s := range snaps {
|
|
|
- users, ok := scrapeStats(s.apiPort)
|
|
|
+ users, ok := scrapeStats(s.apiPort, s.apiToken)
|
|
|
if !ok {
|
|
|
continue
|
|
|
}
|
|
|
@@ -445,9 +464,11 @@ func FreeLocalPort() (int, error) {
|
|
|
// renderConfig builds the mtg-multi TOML for an instance. Top-level keys must
|
|
|
// precede any [section] header in TOML, and [secrets] must be the final section
|
|
|
// so trailing keys are not swallowed by another table. The layout is therefore:
|
|
|
-// top-level scalars (incl. api-bind-to), then [domain-fronting], [network] and
|
|
|
-// [throttle], and finally [secrets] with one named secret per active client.
|
|
|
-func renderConfig(inst Instance, apiPort int) string {
|
|
|
+// top-level scalars (incl. api-bind-to and api-token), then [domain-fronting],
|
|
|
+// [network] and [throttle], then [secret-ad-tags] for clients overriding the
|
|
|
+// global advertising tag, and finally [secrets] with one named secret per
|
|
|
+// active client.
|
|
|
+func renderConfig(inst Instance, apiPort int, apiToken string) string {
|
|
|
var b strings.Builder
|
|
|
fmt.Fprintf(&b, "bind-to = %q\n", inst.bindTo())
|
|
|
if inst.Debug {
|
|
|
@@ -460,8 +481,8 @@ func renderConfig(inst Instance, apiPort int) string {
|
|
|
fmt.Fprintf(&b, "prefer-ip = %q\n", inst.PreferIP)
|
|
|
}
|
|
|
fmt.Fprintf(&b, "api-bind-to = \"127.0.0.1:%d\"\n", apiPort)
|
|
|
- if inst.AdTag != "" {
|
|
|
- fmt.Fprintf(&b, "ad-tag = %q\n", inst.AdTag)
|
|
|
+ if apiToken != "" {
|
|
|
+ fmt.Fprintf(&b, "api-token = %q\n", apiToken)
|
|
|
}
|
|
|
if inst.PublicIPv4 != "" {
|
|
|
fmt.Fprintf(&b, "public-ipv4 = %q\n", inst.PublicIPv4)
|
|
|
@@ -490,6 +511,20 @@ func renderConfig(inst Instance, apiPort int) string {
|
|
|
if inst.ThrottleMaxConnections > 0 {
|
|
|
fmt.Fprintf(&b, "\n[throttle]\nmax-connections = %d\n", inst.ThrottleMaxConnections)
|
|
|
}
|
|
|
+ // Only clients present in [secrets] may appear here: mtg rejects a config
|
|
|
+ // whose [secret-ad-tags] names an unknown secret, so a disabled client's
|
|
|
+ // override must vanish together with its secret.
|
|
|
+ tagged := false
|
|
|
+ for _, e := range inst.Secrets {
|
|
|
+ if e.AdTag == "" {
|
|
|
+ continue
|
|
|
+ }
|
|
|
+ if !tagged {
|
|
|
+ b.WriteString("\n[secret-ad-tags]\n")
|
|
|
+ tagged = true
|
|
|
+ }
|
|
|
+ fmt.Fprintf(&b, "%q = %q\n", e.Name, e.AdTag)
|
|
|
+ }
|
|
|
b.WriteString("\n[secrets]\n")
|
|
|
for _, e := range inst.Secrets {
|
|
|
fmt.Fprintf(&b, "%q = %q\n", e.Name, e.Secret)
|
|
|
@@ -497,11 +532,11 @@ func renderConfig(inst Instance, apiPort int) string {
|
|
|
return b.String()
|
|
|
}
|
|
|
|
|
|
-func writeConfig(path string, inst Instance, apiPort int) error {
|
|
|
+func writeConfig(path string, inst Instance, apiPort int, apiToken string) error {
|
|
|
if err := os.MkdirAll(configDir(), 0o750); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- return os.WriteFile(path, []byte(renderConfig(inst, apiPort)), 0o640)
|
|
|
+ return os.WriteFile(path, []byte(renderConfig(inst, apiPort, apiToken)), 0o640)
|
|
|
}
|
|
|
|
|
|
// statsUser is one entry of the mtg-multi /stats users map. bytes_in is traffic
|
|
|
@@ -515,29 +550,50 @@ type statsUser struct {
|
|
|
|
|
|
type secretPutEntry struct {
|
|
|
Secret string `json:"secret"`
|
|
|
+ AdTag string `json:"ad_tag,omitempty"`
|
|
|
}
|
|
|
|
|
|
type secretsPutBody struct {
|
|
|
Secrets map[string]secretPutEntry `json:"secrets"`
|
|
|
- AdTag string `json:"ad_tag,omitempty"`
|
|
|
}
|
|
|
|
|
|
func secretsPayload(inst Instance) secretsPutBody {
|
|
|
secrets := make(map[string]secretPutEntry, len(inst.Secrets))
|
|
|
for _, e := range inst.Secrets {
|
|
|
- secrets[e.Name] = secretPutEntry{Secret: e.Secret}
|
|
|
+ secrets[e.Name] = secretPutEntry{Secret: e.Secret, AdTag: e.AdTag}
|
|
|
+ }
|
|
|
+ return secretsPutBody{Secrets: secrets}
|
|
|
+}
|
|
|
+
|
|
|
+// newAPIToken mints the bearer token one mtg process and its manager share for
|
|
|
+// the lifetime of that process. The management API can replace the whole
|
|
|
+// secret set, so even though it only listens on loopback it must not be open
|
|
|
+// to every local process. The token lives in the generated config (mtg reads
|
|
|
+// it at startup only — a rewritten token would not apply until a restart,
|
|
|
+// which is why the reload path reuses the stored one) and in the manager's
|
|
|
+// memory, nowhere else.
|
|
|
+func newAPIToken() (string, error) {
|
|
|
+ buf := make([]byte, 16)
|
|
|
+ if _, err := rand.Read(buf); err != nil {
|
|
|
+ return "", err
|
|
|
+ }
|
|
|
+ return hex.EncodeToString(buf), nil
|
|
|
+}
|
|
|
+
|
|
|
+func authorize(req *http.Request, token string) {
|
|
|
+ if token != "" {
|
|
|
+ req.Header.Set("Authorization", "Bearer "+token)
|
|
|
}
|
|
|
- return secretsPutBody{Secrets: secrets, AdTag: inst.AdTag}
|
|
|
}
|
|
|
|
|
|
-// applySecrets pushes the desired secret set and advertising tag to a running
|
|
|
+// applySecrets pushes the desired secret set and advertising tags to a running
|
|
|
// mtg-multi through its management API (PUT /secrets on the same loopback port
|
|
|
// that serves /stats), so a client add, removal, re-key, or ad-tag change is
|
|
|
// applied in place. mtg keeps every connection whose secret is unchanged and
|
|
|
// closes only the removed or re-keyed ones. It returns true only on a 200: an
|
|
|
// older binary without the endpoint (404), a refused connection, or any other
|
|
|
// status yields false, so the caller falls back to a full restart.
|
|
|
-func applySecrets(port int, inst Instance) bool {
|
|
|
+func applySecrets(port int, token string, inst Instance) bool {
|
|
|
body, err := json.Marshal(secretsPayload(inst))
|
|
|
if err != nil {
|
|
|
return false
|
|
|
@@ -548,6 +604,7 @@ func applySecrets(port int, inst Instance) bool {
|
|
|
return false
|
|
|
}
|
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
+ authorize(req, token)
|
|
|
resp, err := client.Do(req)
|
|
|
if err != nil {
|
|
|
return false
|
|
|
@@ -559,12 +616,13 @@ func applySecrets(port int, inst Instance) bool {
|
|
|
// scrapeStats reads the mtg-multi /stats JSON API and returns the per-user
|
|
|
// cumulative counters. Best-effort: an unreachable endpoint or unparseable body
|
|
|
// yields ok=false.
|
|
|
-func scrapeStats(port int) (map[string]statsUser, bool) {
|
|
|
+func scrapeStats(port int, token string) (map[string]statsUser, bool) {
|
|
|
client := http.Client{Timeout: 3 * time.Second}
|
|
|
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, fmt.Sprintf("http://127.0.0.1:%d/stats", port), nil)
|
|
|
if err != nil {
|
|
|
return nil, false
|
|
|
}
|
|
|
+ authorize(req, token)
|
|
|
resp, err := client.Do(req)
|
|
|
if err != nil {
|
|
|
return nil, false
|