db.go 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936
  1. package database
  2. import (
  3. "bytes"
  4. "context"
  5. "encoding/json"
  6. "errors"
  7. "fmt"
  8. "io"
  9. "log"
  10. "math"
  11. "os"
  12. "os/exec"
  13. "path"
  14. "runtime"
  15. "slices"
  16. "strconv"
  17. "strings"
  18. "time"
  19. "github.com/mhsanaei/3x-ui/v3/internal/config"
  20. "github.com/mhsanaei/3x-ui/v3/internal/database/model"
  21. "github.com/mhsanaei/3x-ui/v3/internal/util/crypto"
  22. "github.com/mhsanaei/3x-ui/v3/internal/util/random"
  23. "github.com/mhsanaei/3x-ui/v3/internal/xray"
  24. "gorm.io/driver/postgres"
  25. "gorm.io/driver/sqlite"
  26. "gorm.io/gorm"
  27. "gorm.io/gorm/logger"
  28. )
  29. var db *gorm.DB
  30. const (
  31. DialectSQLite = "sqlite"
  32. DialectPostgres = "postgres"
  33. )
  34. func IsPostgres() bool {
  35. if db == nil {
  36. return config.GetDBKind() == "postgres"
  37. }
  38. return db.Name() == "postgres"
  39. }
  40. func Dialect() string {
  41. if db == nil {
  42. return ""
  43. }
  44. return db.Name()
  45. }
  46. const (
  47. defaultUsername = "admin"
  48. defaultPassword = "admin"
  49. )
  50. func allModels() []any {
  51. return []any{
  52. &model.User{},
  53. &model.Inbound{},
  54. &model.OutboundTraffics{},
  55. &model.Setting{},
  56. &model.InboundClientIps{},
  57. &xray.ClientTraffic{},
  58. &model.HistoryOfSeeders{},
  59. &model.Node{},
  60. &model.ApiToken{},
  61. &model.ClientRecord{},
  62. &model.ClientInbound{},
  63. &model.ClientExternalLink{},
  64. &model.ClientGroup{},
  65. &model.InboundFallback{},
  66. &model.Host{},
  67. &model.NodeClientTraffic{},
  68. &model.NodeClientIp{},
  69. &model.ClientGlobalTraffic{},
  70. &model.OutboundSubscription{},
  71. }
  72. }
  73. func initModels() error {
  74. models := allModels()
  75. for _, mdl := range models {
  76. if IsPostgres() && postgresModelSettled(mdl) {
  77. continue
  78. }
  79. if err := db.AutoMigrate(mdl); err != nil {
  80. if isIgnorableDuplicateColumnErr(db, err, mdl) {
  81. log.Printf("Ignoring duplicate column during auto migration for %T: %v", mdl, err)
  82. continue
  83. }
  84. log.Printf("Error auto migrating model: %v", err)
  85. return err
  86. }
  87. }
  88. if err := dropLegacyInboundPortUnique(); err != nil {
  89. return err
  90. }
  91. if err := migrateHostVerifyPeerCertByNameColumn(); err != nil {
  92. return err
  93. }
  94. if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
  95. return err
  96. }
  97. if err := dropLegacyForeignKeys(); err != nil {
  98. return err
  99. }
  100. if err := pruneOrphanedClientInbounds(); err != nil {
  101. return err
  102. }
  103. if err := pruneOrphanedHosts(); err != nil {
  104. return err
  105. }
  106. if err := normalizeInboundSubSortIndex(); err != nil {
  107. return err
  108. }
  109. if err := repairOverflowedTrafficCounters(); err != nil {
  110. return err
  111. }
  112. if err := dedupeInboundSettingsClients(); err != nil {
  113. return err
  114. }
  115. if err := migrateLegacySocksInboundsToMixed(); err != nil {
  116. return err
  117. }
  118. if err := migrateShadowsocksRemovedCiphers(); err != nil {
  119. return err
  120. }
  121. if err := migrateVmessRemovedSecurities(); err != nil {
  122. return err
  123. }
  124. if IsPostgres() {
  125. if err := resyncPostgresSequences(db, models); err != nil {
  126. log.Printf("Error resyncing postgres sequences: %v", err)
  127. return err
  128. }
  129. }
  130. return nil
  131. }
  132. func postgresModelSettled(mdl any) bool {
  133. migrator := db.Migrator()
  134. if !migrator.HasTable(mdl) {
  135. return false
  136. }
  137. stmt := &gorm.Statement{DB: db}
  138. if err := stmt.Parse(mdl); err != nil || stmt.Schema == nil {
  139. return false
  140. }
  141. for _, dbName := range stmt.Schema.DBNames {
  142. if !migrator.HasColumn(mdl, dbName) {
  143. return false
  144. }
  145. }
  146. for _, idx := range stmt.Schema.ParseIndexes() {
  147. if !migrator.HasIndex(mdl, idx.Name) {
  148. return false
  149. }
  150. }
  151. return true
  152. }
  153. func dropLegacyForeignKeys() error {
  154. if !IsPostgres() {
  155. return nil
  156. }
  157. if err := db.Exec("ALTER TABLE client_traffics DROP CONSTRAINT IF EXISTS fk_inbounds_client_stats").Error; err != nil {
  158. log.Printf("Error dropping legacy foreign key fk_inbounds_client_stats: %v", err)
  159. return err
  160. }
  161. return nil
  162. }
  163. type sqliteIndexListRow struct {
  164. Name string `gorm:"column:name"`
  165. Unique int `gorm:"column:unique"`
  166. Origin string `gorm:"column:origin"`
  167. }
  168. func sqliteUniquePortIndexes() (autoIndexes, explicitIndexes []string, err error) {
  169. var list []sqliteIndexListRow
  170. if err = db.Raw(`PRAGMA index_list('inbounds')`).Scan(&list).Error; err != nil {
  171. return nil, nil, err
  172. }
  173. for _, idx := range list {
  174. if idx.Unique != 1 {
  175. continue
  176. }
  177. var cols []struct {
  178. Name string `gorm:"column:name"`
  179. }
  180. if err = db.Raw(`PRAGMA index_info("` + idx.Name + `")`).Scan(&cols).Error; err != nil {
  181. return nil, nil, err
  182. }
  183. if len(cols) != 1 || cols[0].Name != "port" {
  184. continue
  185. }
  186. if idx.Origin == "c" {
  187. explicitIndexes = append(explicitIndexes, idx.Name)
  188. } else {
  189. autoIndexes = append(autoIndexes, idx.Name)
  190. }
  191. }
  192. return autoIndexes, explicitIndexes, nil
  193. }
  194. // dropLegacyInboundPortUnique removes the pre-multi-node UNIQUE on inbounds.port,
  195. // which AutoMigrate never drops and which blocks cross-node port reuse on old SQLite DBs.
  196. func dropLegacyInboundPortUnique() error {
  197. if IsPostgres() {
  198. return nil
  199. }
  200. autoIndexes, explicitIndexes, err := sqliteUniquePortIndexes()
  201. if err != nil {
  202. return err
  203. }
  204. for _, name := range explicitIndexes {
  205. if err := db.Exec(`DROP INDEX IF EXISTS "` + name + `"`).Error; err != nil {
  206. return err
  207. }
  208. }
  209. if len(autoIndexes) == 0 {
  210. return nil
  211. }
  212. log.Printf("Rebuilding inbounds table to drop the legacy UNIQUE constraint on port")
  213. return rebuildInboundsWithoutInlineUniquePort()
  214. }
  215. func sqliteTableColumns(tx *gorm.DB, table string) ([]string, error) {
  216. var rows []struct {
  217. Name string `gorm:"column:name"`
  218. }
  219. if err := tx.Raw(`PRAGMA table_info("` + table + `")`).Scan(&rows).Error; err != nil {
  220. return nil, err
  221. }
  222. cols := make([]string, 0, len(rows))
  223. for _, r := range rows {
  224. cols = append(cols, r.Name)
  225. }
  226. return cols, nil
  227. }
  228. func rebuildInboundsWithoutInlineUniquePort() error {
  229. return db.Transaction(func(tx *gorm.DB) error {
  230. var list []sqliteIndexListRow
  231. if err := tx.Raw(`PRAGMA index_list('inbounds')`).Scan(&list).Error; err != nil {
  232. return err
  233. }
  234. for _, idx := range list {
  235. if idx.Origin != "c" {
  236. continue
  237. }
  238. if err := tx.Exec(`DROP INDEX IF EXISTS "` + idx.Name + `"`).Error; err != nil {
  239. return err
  240. }
  241. }
  242. if err := tx.Exec(`ALTER TABLE inbounds RENAME TO inbounds_legacy_rebuild`).Error; err != nil {
  243. return err
  244. }
  245. if err := tx.Migrator().CreateTable(&model.Inbound{}); err != nil {
  246. return err
  247. }
  248. newCols, err := sqliteTableColumns(tx, "inbounds")
  249. if err != nil {
  250. return err
  251. }
  252. oldCols, err := sqliteTableColumns(tx, "inbounds_legacy_rebuild")
  253. if err != nil {
  254. return err
  255. }
  256. oldSet := make(map[string]struct{}, len(oldCols))
  257. for _, c := range oldCols {
  258. oldSet[c] = struct{}{}
  259. }
  260. shared := make([]string, 0, len(newCols))
  261. for _, c := range newCols {
  262. if _, ok := oldSet[c]; ok {
  263. shared = append(shared, `"`+c+`"`)
  264. }
  265. }
  266. colList := strings.Join(shared, ", ")
  267. if err := tx.Exec(`INSERT INTO inbounds (` + colList + `) SELECT ` + colList + ` FROM inbounds_legacy_rebuild`).Error; err != nil {
  268. return err
  269. }
  270. return tx.Exec(`DROP TABLE inbounds_legacy_rebuild`).Error
  271. })
  272. }
  273. func migrateHostVerifyPeerCertByNameColumn() error {
  274. if !db.Migrator().HasColumn(&model.Host{}, "verify_peer_cert_by_name") {
  275. return nil
  276. }
  277. if IsPostgres() {
  278. var dataType string
  279. if err := db.Raw(
  280. `SELECT data_type FROM information_schema.columns WHERE table_name = 'hosts' AND column_name = 'verify_peer_cert_by_name'`,
  281. ).Scan(&dataType).Error; err != nil {
  282. return err
  283. }
  284. if dataType != "boolean" {
  285. return nil
  286. }
  287. if err := db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name DROP DEFAULT`).Error; err != nil {
  288. return err
  289. }
  290. return db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name TYPE text USING ''`).Error
  291. }
  292. return db.Exec(`UPDATE hosts SET verify_peer_cert_by_name = '' WHERE verify_peer_cert_by_name IS NULL OR typeof(verify_peer_cert_by_name) <> 'text'`).Error
  293. }
  294. func seedHostsFromExternalProxy() error {
  295. var history []string
  296. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  297. return err
  298. }
  299. if slices.Contains(history, "HostsFromExternalProxy") {
  300. return nil
  301. }
  302. var inbounds []model.Inbound
  303. if err := db.Find(&inbounds).Error; err != nil {
  304. return err
  305. }
  306. return db.Transaction(func(tx *gorm.DB) error {
  307. for _, inbound := range inbounds {
  308. if _, err := CreateHostsFromExternalProxy(tx, inbound.Id, inbound.StreamSettings); err != nil {
  309. return err
  310. }
  311. }
  312. return tx.Create(&model.HistoryOfSeeders{SeederName: "HostsFromExternalProxy"}).Error
  313. })
  314. }
  315. func seedWireguardPeersToClients() error {
  316. var history []string
  317. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  318. return err
  319. }
  320. if slices.Contains(history, "WireguardPeersToClients") {
  321. return nil
  322. }
  323. var inbounds []model.Inbound
  324. if err := db.Where("protocol = ?", string(model.WireGuard)).Find(&inbounds).Error; err != nil {
  325. return err
  326. }
  327. return db.Transaction(func(tx *gorm.DB) error {
  328. usedEmails := map[string]struct{}{}
  329. var existingEmails []string
  330. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  331. return err
  332. }
  333. for _, e := range existingEmails {
  334. usedEmails[e] = struct{}{}
  335. }
  336. for _, inbound := range inbounds {
  337. if strings.TrimSpace(inbound.Settings) == "" {
  338. continue
  339. }
  340. var settings map[string]any
  341. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  342. log.Printf("WireguardPeersToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  343. continue
  344. }
  345. peers, ok := settings["peers"].([]any)
  346. if !ok || len(peers) == 0 {
  347. continue
  348. }
  349. var linkCount int64
  350. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  351. return err
  352. }
  353. if linkCount > 0 {
  354. continue
  355. }
  356. clientObjs := make([]any, 0, len(peers))
  357. for i, raw := range peers {
  358. obj, ok := raw.(map[string]any)
  359. if !ok {
  360. continue
  361. }
  362. email := wireguardPeerEmail(inbound.Remark, obj, i, usedEmails)
  363. usedEmails[email] = struct{}{}
  364. obj["email"] = email
  365. if sub, _ := obj["subId"].(string); strings.TrimSpace(sub) == "" {
  366. obj["subId"] = random.NumLower(16)
  367. }
  368. if _, ok := obj["enable"]; !ok {
  369. obj["enable"] = true
  370. }
  371. blob, err := json.Marshal(obj)
  372. if err != nil {
  373. continue
  374. }
  375. var c model.Client
  376. if err := json.Unmarshal(blob, &c); err != nil {
  377. log.Printf("WireguardPeersToClients: skip peer in inbound %d: %v", inbound.Id, err)
  378. continue
  379. }
  380. c.Email = email
  381. incoming := c.ToRecord()
  382. var row model.ClientRecord
  383. err = tx.Where("email = ?", email).First(&row).Error
  384. if errors.Is(err, gorm.ErrRecordNotFound) {
  385. if err := tx.Create(incoming).Error; err != nil {
  386. return err
  387. }
  388. row = *incoming
  389. } else if err != nil {
  390. return err
  391. } else {
  392. model.MergeClientRecord(&row, incoming)
  393. if err := tx.Save(&row).Error; err != nil {
  394. return err
  395. }
  396. }
  397. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  398. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  399. FirstOrCreate(&link).Error; err != nil {
  400. return err
  401. }
  402. clientObjs = append(clientObjs, obj)
  403. }
  404. delete(settings, "peers")
  405. settings["clients"] = clientObjs
  406. newSettings, err := json.Marshal(settings)
  407. if err != nil {
  408. return err
  409. }
  410. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  411. Update("settings", string(newSettings)).Error; err != nil {
  412. return err
  413. }
  414. }
  415. return tx.Create(&model.HistoryOfSeeders{SeederName: "WireguardPeersToClients"}).Error
  416. })
  417. }
  418. func wireguardPeerEmail(remark string, peer map[string]any, index int, used map[string]struct{}) string {
  419. base := strings.TrimSpace(remark)
  420. if base == "" {
  421. base = "wg"
  422. }
  423. suffix := strconv.Itoa(index + 1)
  424. if c, ok := peer["comment"].(string); ok && strings.TrimSpace(c) != "" {
  425. suffix = strings.TrimSpace(c)
  426. }
  427. email := strings.ReplaceAll(base+"-"+suffix, " ", "-")
  428. candidate := email
  429. for n := 2; ; n++ {
  430. if _, taken := used[candidate]; !taken {
  431. return candidate
  432. }
  433. candidate = email + "-" + strconv.Itoa(n)
  434. }
  435. }
  436. // seedMtprotoSecretsToClients converts each legacy single-secret mtproto inbound
  437. // into a one-client inbound so MTProto joins the shared multi-client model: the
  438. // inbound-level secret becomes the first client's FakeTLS secret, and a
  439. // ClientRecord + client_inbounds link are created so per-client traffic, limits,
  440. // and share links work exactly like every other protocol. One-time, self-gated
  441. // on the "MtprotoSecretsToClients" seeder row. Mirrors seedWireguardPeersToClients.
  442. func seedMtprotoSecretsToClients() error {
  443. var history []string
  444. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  445. return err
  446. }
  447. if slices.Contains(history, "MtprotoSecretsToClients") {
  448. return nil
  449. }
  450. var inbounds []model.Inbound
  451. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  452. return err
  453. }
  454. return db.Transaction(func(tx *gorm.DB) error {
  455. usedEmails := map[string]struct{}{}
  456. var existingEmails []string
  457. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  458. return err
  459. }
  460. for _, e := range existingEmails {
  461. usedEmails[e] = struct{}{}
  462. }
  463. for _, inbound := range inbounds {
  464. if strings.TrimSpace(inbound.Settings) == "" {
  465. continue
  466. }
  467. var settings map[string]any
  468. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  469. log.Printf("MtprotoSecretsToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  470. continue
  471. }
  472. if clients, ok := settings["clients"].([]any); ok && len(clients) > 0 {
  473. continue
  474. }
  475. var linkCount int64
  476. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  477. return err
  478. }
  479. if linkCount > 0 {
  480. continue
  481. }
  482. secret, _ := settings["secret"].(string)
  483. secret = strings.TrimSpace(secret)
  484. if secret == "" {
  485. domain, _ := settings["fakeTlsDomain"].(string)
  486. secret = model.GenerateFakeTLSSecret(strings.TrimSpace(domain))
  487. }
  488. email := mtprotoInboundClientEmail(inbound.Remark, usedEmails)
  489. usedEmails[email] = struct{}{}
  490. obj := map[string]any{
  491. "email": email,
  492. "secret": secret,
  493. "enable": true,
  494. "subId": random.NumLower(16),
  495. }
  496. c := model.Client{Email: email, Secret: secret, Enable: true, SubID: obj["subId"].(string)}
  497. incoming := c.ToRecord()
  498. var row model.ClientRecord
  499. err := tx.Where("email = ?", email).First(&row).Error
  500. if errors.Is(err, gorm.ErrRecordNotFound) {
  501. if err := tx.Create(incoming).Error; err != nil {
  502. return err
  503. }
  504. row = *incoming
  505. } else if err != nil {
  506. return err
  507. } else {
  508. model.MergeClientRecord(&row, incoming)
  509. if err := tx.Save(&row).Error; err != nil {
  510. return err
  511. }
  512. }
  513. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  514. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  515. FirstOrCreate(&link).Error; err != nil {
  516. return err
  517. }
  518. delete(settings, "secret")
  519. settings["clients"] = []any{obj}
  520. newSettings, err := json.Marshal(settings)
  521. if err != nil {
  522. return err
  523. }
  524. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  525. Update("settings", string(newSettings)).Error; err != nil {
  526. return err
  527. }
  528. }
  529. return tx.Create(&model.HistoryOfSeeders{SeederName: "MtprotoSecretsToClients"}).Error
  530. })
  531. }
  532. // stripMtprotoInboundSecrets removes the vestigial inbound-level `secret` from
  533. // every mtproto inbound. seedMtprotoSecretsToClients already drops it while
  534. // converting legacy single-secret inbounds, but inbounds that already had clients
  535. // kept the dead field, and the old HealMtprotoSecret regenerated it on every
  536. // save. mtg and every share link read only per-client secrets, so the
  537. // inbound-level value is dead data that once leaked into stale, unusable links.
  538. // One-time, self-gated on the "StripMtprotoInboundSecrets" seeder row.
  539. func stripMtprotoInboundSecrets() error {
  540. var history []string
  541. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  542. return err
  543. }
  544. if slices.Contains(history, "StripMtprotoInboundSecrets") {
  545. return nil
  546. }
  547. var inbounds []model.Inbound
  548. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  549. return err
  550. }
  551. return db.Transaction(func(tx *gorm.DB) error {
  552. for _, inbound := range inbounds {
  553. stripped, ok := model.StripMtprotoInboundSecret(inbound.Settings)
  554. if !ok {
  555. continue
  556. }
  557. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  558. Update("settings", stripped).Error; err != nil {
  559. return err
  560. }
  561. }
  562. return tx.Create(&model.HistoryOfSeeders{SeederName: "StripMtprotoInboundSecrets"}).Error
  563. })
  564. }
  565. // mtprotoInboundClientEmail derives a stable, unique client email for a migrated
  566. // mtproto inbound from its remark.
  567. func mtprotoInboundClientEmail(remark string, used map[string]struct{}) string {
  568. base := strings.TrimSpace(remark)
  569. if base == "" {
  570. base = "mtproto"
  571. }
  572. email := strings.ReplaceAll(base, " ", "-")
  573. candidate := email
  574. for n := 2; ; n++ {
  575. if _, taken := used[candidate]; !taken {
  576. return candidate
  577. }
  578. candidate = email + "-" + strconv.Itoa(n)
  579. }
  580. }
  581. // CreateHostsFromExternalProxy parses a legacy streamSettings.externalProxy array
  582. // and inserts one Host row per entry on tx, returning the number of rows created.
  583. // It is the shared core of both the one-time seedHostsFromExternalProxy startup
  584. // migration and the inbound-import path: an inbound exported from a build that
  585. // predated the hosts table carries its external proxies inline in
  586. // streamSettings.externalProxy, and the startup migration is gated off after its
  587. // first run, so a freshly imported inbound must be converted here instead. Blank
  588. // or malformed streamSettings, or one without externalProxy entries, is a no-op.
  589. func CreateHostsFromExternalProxy(tx *gorm.DB, inboundId int, streamSettings string) (int, error) {
  590. if strings.TrimSpace(streamSettings) == "" {
  591. return 0, nil
  592. }
  593. var stream map[string]any
  594. if err := json.Unmarshal([]byte(streamSettings), &stream); err != nil {
  595. return 0, nil
  596. }
  597. eps, ok := stream["externalProxy"].([]any)
  598. if !ok || len(eps) == 0 {
  599. return 0, nil
  600. }
  601. created := 0
  602. for i, raw := range eps {
  603. ep, ok := raw.(map[string]any)
  604. if !ok {
  605. continue
  606. }
  607. if err := tx.Create(externalProxyEntryToHost(inboundId, i, ep)).Error; err != nil {
  608. return created, err
  609. }
  610. created++
  611. }
  612. return created, nil
  613. }
  614. func externalProxyEntryToHost(inboundId, index int, ep map[string]any) *model.Host {
  615. security, _ := ep["forceTls"].(string)
  616. switch security {
  617. case "same", "tls", "none":
  618. default:
  619. security = "same"
  620. }
  621. dest, _ := ep["dest"].(string)
  622. port := 0
  623. if p, ok := ep["port"].(float64); ok {
  624. port = int(p)
  625. }
  626. remark, _ := ep["remark"].(string)
  627. if strings.TrimSpace(remark) == "" {
  628. remark = "imported " + strconv.Itoa(index+1)
  629. }
  630. if len(remark) > 256 {
  631. remark = remark[:256]
  632. }
  633. sni, _ := ep["sni"].(string)
  634. fingerprint, _ := ep["fingerprint"].(string)
  635. ech, _ := ep["echConfigList"].(string)
  636. return &model.Host{
  637. InboundId: inboundId,
  638. SortOrder: index,
  639. Remark: remark,
  640. Address: dest,
  641. Port: port,
  642. Security: security,
  643. Sni: sni,
  644. Fingerprint: fingerprint,
  645. Alpn: anyToNonEmptyStrings(ep["alpn"]),
  646. PinnedPeerCertSha256: anyToNonEmptyStrings(ep["pinnedPeerCertSha256"]),
  647. EchConfigList: ech,
  648. }
  649. }
  650. func anyToNonEmptyStrings(v any) []string {
  651. switch t := v.(type) {
  652. case []any:
  653. out := make([]string, 0, len(t))
  654. for _, e := range t {
  655. if s, ok := e.(string); ok && s != "" {
  656. out = append(out, s)
  657. }
  658. }
  659. return out
  660. case []string:
  661. out := make([]string, 0, len(t))
  662. for _, s := range t {
  663. if s != "" {
  664. out = append(out, s)
  665. }
  666. }
  667. return out
  668. default:
  669. return nil
  670. }
  671. }
  672. func pruneOrphanedHosts() error {
  673. res := db.Exec("DELETE FROM hosts WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  674. if res.Error != nil {
  675. log.Printf("Error pruning orphaned hosts rows: %v", res.Error)
  676. return res.Error
  677. }
  678. if res.RowsAffected > 0 {
  679. log.Printf("Pruned %d orphaned hosts row(s)", res.RowsAffected)
  680. }
  681. return nil
  682. }
  683. func pruneOrphanedClientInbounds() error {
  684. res := db.Exec("DELETE FROM client_inbounds WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  685. if res.Error != nil {
  686. log.Printf("Error pruning orphaned client_inbounds rows: %v", res.Error)
  687. return res.Error
  688. }
  689. if res.RowsAffected > 0 {
  690. log.Printf("Pruned %d orphaned client_inbounds row(s)", res.RowsAffected)
  691. }
  692. return nil
  693. }
  694. // migrateLegacySocksInboundsToMixed renames legacy socks inbounds to mixed.
  695. // The protocol enum dropped socks in favor of mixed (identical settings shape,
  696. // same behavior plus HTTP on the shared port), so rows predating the rename
  697. // fail model validation — most visibly when pushed to a node, where one legacy
  698. // inbound stalled the entire node's config and traffic sync (#5685).
  699. func migrateLegacySocksInboundsToMixed() error {
  700. res := db.Exec("UPDATE inbounds SET protocol = 'mixed' WHERE protocol = 'socks'")
  701. if res.Error != nil {
  702. log.Printf("Error migrating legacy socks inbounds to mixed: %v", res.Error)
  703. return res.Error
  704. }
  705. if res.RowsAffected > 0 {
  706. log.Printf("Migrated %d legacy socks inbound(s) to mixed", res.RowsAffected)
  707. }
  708. return nil
  709. }
  710. // migrateShadowsocksRemovedCiphers rewrites shadowsocks inbounds still using
  711. // the "none"/"plain" ciphers that xray-core v26.7.11 removed; one such row
  712. // makes the whole generated config unbuildable and keeps xray from starting.
  713. func migrateShadowsocksRemovedCiphers() error {
  714. var inbounds []model.Inbound
  715. if err := db.Where("protocol = ?", model.Shadowsocks).Find(&inbounds).Error; err != nil {
  716. return err
  717. }
  718. migrated := int64(0)
  719. for _, inbound := range inbounds {
  720. if strings.TrimSpace(inbound.Settings) == "" {
  721. continue
  722. }
  723. var settings map[string]any
  724. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  725. continue
  726. }
  727. changed := false
  728. if method, _ := settings["method"].(string); method != "" {
  729. if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
  730. settings["method"] = replacement
  731. changed = true
  732. }
  733. }
  734. if clients, ok := settings["clients"].([]any); ok {
  735. for i := range clients {
  736. cm, ok := clients[i].(map[string]any)
  737. if !ok {
  738. continue
  739. }
  740. method, _ := cm["method"].(string)
  741. if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
  742. cm["method"] = replacement
  743. clients[i] = cm
  744. changed = true
  745. }
  746. }
  747. }
  748. if !changed {
  749. continue
  750. }
  751. newSettings, err := json.MarshalIndent(settings, "", " ")
  752. if err != nil {
  753. log.Printf("migrateShadowsocksRemovedCiphers: skip inbound %d (marshal failed): %v", inbound.Id, err)
  754. continue
  755. }
  756. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  757. Update("settings", string(newSettings)).Error; err != nil {
  758. return err
  759. }
  760. migrated++
  761. }
  762. if migrated > 0 {
  763. log.Printf("Rewrote removed shadowsocks cipher on %d inbound(s)", migrated)
  764. }
  765. return nil
  766. }
  767. // migrateVmessRemovedSecurities rewrites the vmess "none"/"zero" security
  768. // values that xray-core v26.7.11 removed to "auto" (what the core now treats
  769. // them as), on both the clients column and each vmess inbound's settings.
  770. func migrateVmessRemovedSecurities() error {
  771. res := db.Exec("UPDATE clients SET security = 'auto' WHERE security IN ('none', 'zero')")
  772. if res.Error != nil {
  773. log.Printf("Error migrating removed vmess security values on clients: %v", res.Error)
  774. return res.Error
  775. }
  776. if res.RowsAffected > 0 {
  777. log.Printf("Migrated %d client(s) off removed vmess security values", res.RowsAffected)
  778. }
  779. var inbounds []model.Inbound
  780. if err := db.Where("protocol = ?", model.VMESS).Find(&inbounds).Error; err != nil {
  781. return err
  782. }
  783. migrated := int64(0)
  784. for _, inbound := range inbounds {
  785. if strings.TrimSpace(inbound.Settings) == "" {
  786. continue
  787. }
  788. var settings map[string]any
  789. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  790. continue
  791. }
  792. clients, ok := settings["clients"].([]any)
  793. if !ok {
  794. continue
  795. }
  796. changed := false
  797. for i := range clients {
  798. cm, ok := clients[i].(map[string]any)
  799. if !ok {
  800. continue
  801. }
  802. if security, _ := cm["security"].(string); security == "none" || security == "zero" {
  803. cm["security"] = "auto"
  804. clients[i] = cm
  805. changed = true
  806. }
  807. }
  808. if !changed {
  809. continue
  810. }
  811. newSettings, err := json.MarshalIndent(settings, "", " ")
  812. if err != nil {
  813. log.Printf("migrateVmessRemovedSecurities: skip inbound %d (marshal failed): %v", inbound.Id, err)
  814. continue
  815. }
  816. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  817. Update("settings", string(newSettings)).Error; err != nil {
  818. return err
  819. }
  820. migrated++
  821. }
  822. if migrated > 0 {
  823. log.Printf("Rewrote removed vmess security values on %d inbound(s)", migrated)
  824. }
  825. return nil
  826. }
  827. // normalizeInboundSubSortIndex lifts sub_sort_index values below the 1-based
  828. // minimum (rows written by builds that defaulted the column to 0, or by nodes
  829. // predating the field) so they cannot sort ahead of explicitly ranked inbounds.
  830. func normalizeInboundSubSortIndex() error {
  831. res := db.Exec("UPDATE inbounds SET sub_sort_index = 1 WHERE sub_sort_index < 1")
  832. if res.Error != nil {
  833. log.Printf("Error normalizing inbound sub_sort_index: %v", res.Error)
  834. return res.Error
  835. }
  836. if res.RowsAffected > 0 {
  837. log.Printf("Normalized sub_sort_index on %d inbound(s)", res.RowsAffected)
  838. }
  839. return nil
  840. }
  841. // repairOverflowedTrafficCounters heals traffic counters that historic
  842. // compounding bugs pushed past int64: on SQLite an overflowing INTEGER is
  843. // silently promoted to REAL, after which the column no longer scans into the
  844. // Go int64 field and every reader of the table fails (#5762). REAL cells are
  845. // cast back to INTEGER (SQLite caps the cast at math.MaxInt64), then values
  846. // are clamped into [0, TrafficMax] on both backends so the next delta cannot
  847. // overflow again.
  848. func repairOverflowedTrafficCounters() error {
  849. targets := []struct {
  850. table string
  851. columns []string
  852. }{
  853. {"client_traffics", []string{"up", "down"}},
  854. {"inbounds", []string{"up", "down"}},
  855. {"outbound_traffics", []string{"up", "down", "total"}},
  856. {"node_client_traffics", []string{"up", "down"}},
  857. }
  858. for _, target := range targets {
  859. for _, col := range target.columns {
  860. statements := []string{
  861. fmt.Sprintf("UPDATE %s SET %s = %d WHERE %s > %d", target.table, col, TrafficMax, col, TrafficMax),
  862. fmt.Sprintf("UPDATE %s SET %s = 0 WHERE %s < 0", target.table, col, col),
  863. }
  864. if !IsPostgres() {
  865. statements = append([]string{
  866. fmt.Sprintf("UPDATE %s SET %s = CAST(%s AS INTEGER) WHERE typeof(%s) = 'real'", target.table, col, col, col),
  867. }, statements...)
  868. }
  869. var repaired int64
  870. for _, statement := range statements {
  871. res := db.Exec(statement)
  872. if res.Error != nil {
  873. log.Printf("Error repairing %s.%s: %v", target.table, col, res.Error)
  874. return res.Error
  875. }
  876. repaired += res.RowsAffected
  877. }
  878. if repaired > 0 {
  879. log.Printf("Repaired %d overflowed %s.%s value(s)", repaired, target.table, col)
  880. }
  881. }
  882. }
  883. return nil
  884. }
  885. // dedupeInboundSettingsClients collapses duplicate same-email entries inside
  886. // every inbound's settings.clients array, keeping the first occurrence.
  887. // Retried or raced multi-node client adds on older builds appended the same
  888. // client several times (#5770), which the client lists then rendered as
  889. // phantom duplicates. Runs on every start (idempotent, writes only changed
  890. // rows) because a restored backup or a not-yet-upgraded node's snapshot can
  891. // reintroduce duplicates.
  892. func dedupeInboundSettingsClients() error {
  893. var inbounds []model.Inbound
  894. if err := db.Find(&inbounds).Error; err != nil {
  895. return err
  896. }
  897. repaired := int64(0)
  898. for _, inbound := range inbounds {
  899. if strings.TrimSpace(inbound.Settings) == "" {
  900. continue
  901. }
  902. var settings map[string]any
  903. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  904. continue
  905. }
  906. clients, _ := settings["clients"].([]any)
  907. if len(clients) < 2 {
  908. continue
  909. }
  910. seen := make(map[string]struct{}, len(clients))
  911. kept := make([]any, 0, len(clients))
  912. for _, c := range clients {
  913. if cm, ok := c.(map[string]any); ok {
  914. if email, _ := cm["email"].(string); email != "" {
  915. key := strings.ToLower(email)
  916. if _, dup := seen[key]; dup {
  917. continue
  918. }
  919. seen[key] = struct{}{}
  920. }
  921. }
  922. kept = append(kept, c)
  923. }
  924. if len(kept) == len(clients) {
  925. continue
  926. }
  927. settings["clients"] = kept
  928. newSettings, err := json.MarshalIndent(settings, "", " ")
  929. if err != nil {
  930. log.Printf("dedupeInboundSettingsClients: skip inbound %d (marshal failed): %v", inbound.Id, err)
  931. continue
  932. }
  933. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  934. Update("settings", string(newSettings)).Error; err != nil {
  935. return err
  936. }
  937. repaired++
  938. }
  939. if repaired > 0 {
  940. log.Printf("Removed duplicate client entries from %d inbound(s)", repaired)
  941. }
  942. return nil
  943. }
  944. func isIgnorableDuplicateColumnErr(gdb *gorm.DB, err error, mdl any) bool {
  945. if err == nil {
  946. return false
  947. }
  948. errMsg := strings.ToLower(err.Error())
  949. const sqlitePrefix = "duplicate column name:"
  950. if _, after, ok := strings.Cut(errMsg, sqlitePrefix); ok {
  951. col := strings.TrimSpace(after)
  952. col = strings.Trim(col, "`\"[]")
  953. return col != "" && gdb != nil && gdb.Migrator().HasColumn(mdl, col)
  954. }
  955. if strings.Contains(errMsg, "already exists") && strings.Contains(errMsg, "column ") {
  956. if _, after, ok := strings.Cut(errMsg, "column \""); ok {
  957. rest := after
  958. if e := strings.Index(rest, "\""); e > 0 {
  959. col := rest[:e]
  960. return col != "" && gdb != nil && gdb.Migrator().HasColumn(mdl, col)
  961. }
  962. }
  963. }
  964. return false
  965. }
  966. func initUser() error {
  967. empty, err := isTableEmpty("users")
  968. if err != nil {
  969. log.Printf("Error checking if users table is empty: %v", err)
  970. return err
  971. }
  972. if empty {
  973. hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)
  974. if err != nil {
  975. log.Printf("Error hashing default password: %v", err)
  976. return err
  977. }
  978. user := &model.User{
  979. Username: defaultUsername,
  980. Password: hashedPassword,
  981. }
  982. return db.Create(user).Error
  983. }
  984. return nil
  985. }
  986. func runSeeders(isUsersEmpty bool) error {
  987. empty, err := isTableEmpty("history_of_seeders")
  988. if err != nil {
  989. log.Printf("Error checking if users table is empty: %v", err)
  990. return err
  991. }
  992. if empty && isUsersEmpty {
  993. seeders := []string{"UserPasswordHash", "ClientsTable", "InboundClientsArrayFix", "InboundClientTgIdFix2", "InboundClientSubIdFix", "FreedomFinalRulesReverseFix", "ApiTokensHash", "LegacyProxySettingsCleanup", "WireguardPeersToClients", "MtprotoSecretsToClients", "NodeInboundsAdopted", "ResetIpLimitNoFail2ban"}
  994. for _, name := range seeders {
  995. if err := db.Create(&model.HistoryOfSeeders{SeederName: name}).Error; err != nil {
  996. return err
  997. }
  998. }
  999. return seedApiTokens()
  1000. }
  1001. var seedersHistory []string
  1002. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory).Error; err != nil {
  1003. log.Printf("Error fetching seeder history: %v", err)
  1004. return err
  1005. }
  1006. if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {
  1007. var users []model.User
  1008. if err := db.Find(&users).Error; err != nil {
  1009. log.Printf("Error fetching users for password migration: %v", err)
  1010. return err
  1011. }
  1012. for _, user := range users {
  1013. if crypto.IsHashed(user.Password) {
  1014. continue
  1015. }
  1016. hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
  1017. if err != nil {
  1018. log.Printf("Error hashing password for user '%s': %v", user.Username, err)
  1019. return err
  1020. }
  1021. if err := db.Model(&user).Update("password", hashedPassword).Error; err != nil {
  1022. log.Printf("Error updating password for user '%s': %v", user.Username, err)
  1023. return err
  1024. }
  1025. }
  1026. hashSeeder := &model.HistoryOfSeeders{
  1027. SeederName: "UserPasswordHash",
  1028. }
  1029. if err := db.Create(hashSeeder).Error; err != nil {
  1030. return err
  1031. }
  1032. }
  1033. if !slices.Contains(seedersHistory, "ApiTokensTable") {
  1034. if err := seedApiTokens(); err != nil {
  1035. return err
  1036. }
  1037. }
  1038. if !slices.Contains(seedersHistory, "ApiTokensHash") {
  1039. if err := hashExistingApiTokens(); err != nil {
  1040. return err
  1041. }
  1042. }
  1043. if !slices.Contains(seedersHistory, "ClientsTable") {
  1044. if err := seedClientsFromInboundJSON(); err != nil {
  1045. return err
  1046. }
  1047. }
  1048. if !slices.Contains(seedersHistory, "InboundClientsArrayFix") {
  1049. if err := normalizeInboundClientsArray(); err != nil {
  1050. return err
  1051. }
  1052. }
  1053. if !slices.Contains(seedersHistory, "InboundClientTgIdFix2") {
  1054. if err := normalizeInboundClientTgId(); err != nil {
  1055. return err
  1056. }
  1057. }
  1058. if !slices.Contains(seedersHistory, "InboundClientSubIdFix") {
  1059. if err := normalizeInboundClientSubId(); err != nil {
  1060. return err
  1061. }
  1062. }
  1063. if !slices.Contains(seedersHistory, "FreedomFinalRulesReverseFix") {
  1064. if err := normalizeFreedomFinalRules(); err != nil {
  1065. return err
  1066. }
  1067. }
  1068. if !slices.Contains(seedersHistory, "LegacyProxySettingsCleanup") {
  1069. if err := clearLegacyProxySettings(); err != nil {
  1070. return err
  1071. }
  1072. }
  1073. if !slices.Contains(seedersHistory, "NodeInboundsAdopted") {
  1074. if err := seedNodeInboundsAdopted(); err != nil {
  1075. return err
  1076. }
  1077. }
  1078. if err := seedHostsFromExternalProxy(); err != nil {
  1079. return err
  1080. }
  1081. if err := resetIpLimitsWithoutFail2ban(); err != nil {
  1082. return err
  1083. }
  1084. if err := seedWireguardPeersToClients(); err != nil {
  1085. return err
  1086. }
  1087. if err := seedHostGroupIds(); err != nil {
  1088. return err
  1089. }
  1090. // Self-gated on the "MtprotoSecretsToClients" row.
  1091. if err := seedMtprotoSecretsToClients(); err != nil {
  1092. return err
  1093. }
  1094. // Self-gated on the "StripMtprotoInboundSecrets" row. Must run after the
  1095. // seeder above so legacy single-secret inbounds are first converted to a
  1096. // client (which preserves the secret) before the inbound-level copy is
  1097. // dropped from every mtproto inbound.
  1098. if err := stripMtprotoInboundSecrets(); err != nil {
  1099. return err
  1100. }
  1101. // Idempotent, not seeder-gated: bad values can re-enter via a restored
  1102. // backup, so re-check on every start.
  1103. return normalizeSettingPaths()
  1104. }
  1105. // seedNodeInboundsAdopted keeps the pre-existing reconcile behavior for nodes
  1106. // that were already syncing before the inbounds_adopted_at gate was introduced.
  1107. func seedNodeInboundsAdopted() error {
  1108. if err := db.Model(&model.Node{}).
  1109. Where("inbounds_adopted_at = 0").
  1110. Update("inbounds_adopted_at", time.Now().Unix()).Error; err != nil {
  1111. return err
  1112. }
  1113. return db.Create(&model.HistoryOfSeeders{SeederName: "NodeInboundsAdopted"}).Error
  1114. }
  1115. func seedHostGroupIds() error {
  1116. var history []string
  1117. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  1118. return err
  1119. }
  1120. if slices.Contains(history, "HostGroupIds") {
  1121. return nil
  1122. }
  1123. var hosts []*model.Host
  1124. if err := db.Where("group_id = '' OR group_id IS NULL").Find(&hosts).Error; err != nil {
  1125. return err
  1126. }
  1127. if len(hosts) > 0 {
  1128. err := db.Transaction(func(tx *gorm.DB) error {
  1129. for _, h := range hosts {
  1130. h.GroupId = random.NumLower(16)
  1131. if err := tx.Model(h).Update("group_id", h.GroupId).Error; err != nil {
  1132. return err
  1133. }
  1134. }
  1135. return nil
  1136. })
  1137. if err != nil {
  1138. return err
  1139. }
  1140. }
  1141. return db.Create(&model.HistoryOfSeeders{SeederName: "HostGroupIds"}).Error
  1142. }
  1143. func resetIpLimitsWithoutFail2ban() error {
  1144. var history []string
  1145. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  1146. return err
  1147. }
  1148. if slices.Contains(history, "ResetIpLimitNoFail2ban") {
  1149. return nil
  1150. }
  1151. if fail2banCanEnforce() {
  1152. return db.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  1153. }
  1154. var inbounds []model.Inbound
  1155. if err := db.Find(&inbounds).Error; err != nil {
  1156. return err
  1157. }
  1158. return db.Transaction(func(tx *gorm.DB) error {
  1159. for _, inbound := range inbounds {
  1160. if strings.TrimSpace(inbound.Settings) == "" {
  1161. continue
  1162. }
  1163. var settings map[string]any
  1164. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1165. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1166. continue
  1167. }
  1168. clients, ok := settings["clients"].([]any)
  1169. if !ok {
  1170. continue
  1171. }
  1172. mutated := false
  1173. for i, raw := range clients {
  1174. obj, ok := raw.(map[string]any)
  1175. if !ok {
  1176. continue
  1177. }
  1178. v, present := obj["limitIp"]
  1179. if !present {
  1180. continue
  1181. }
  1182. if n, isNum := v.(float64); isNum && n == 0 {
  1183. continue
  1184. }
  1185. obj["limitIp"] = 0
  1186. clients[i] = obj
  1187. mutated = true
  1188. }
  1189. if !mutated {
  1190. continue
  1191. }
  1192. settings["clients"] = clients
  1193. newSettings, err := json.MarshalIndent(settings, "", " ")
  1194. if err != nil {
  1195. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1196. continue
  1197. }
  1198. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1199. Update("settings", string(newSettings)).Error; err != nil {
  1200. return err
  1201. }
  1202. }
  1203. if err := tx.Model(&model.ClientRecord{}).Where("limit_ip <> ?", 0).
  1204. Update("limit_ip", 0).Error; err != nil {
  1205. return err
  1206. }
  1207. return tx.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  1208. })
  1209. }
  1210. func fail2banCanEnforce() bool {
  1211. if v, ok := os.LookupEnv("XUI_ENABLE_FAIL2BAN"); ok && v != "true" {
  1212. return false
  1213. }
  1214. if runtime.GOOS == "windows" {
  1215. return false
  1216. }
  1217. return exec.CommandContext(context.Background(), "fail2ban-client", "-h").Run() == nil
  1218. }
  1219. func clearLegacyProxySettings() error {
  1220. return db.Transaction(func(tx *gorm.DB) error {
  1221. if err := tx.Where("key IN ?", []string{"panelProxy", "tgBotProxy"}).
  1222. Delete(&model.Setting{}).Error; err != nil {
  1223. return err
  1224. }
  1225. return tx.Create(&model.HistoryOfSeeders{SeederName: "LegacyProxySettingsCleanup"}).Error
  1226. })
  1227. }
  1228. func normalizeSettingPaths() error {
  1229. pathKeys := []string{"webBasePath", "subPath", "subJsonPath", "subClashPath"}
  1230. var rows []model.Setting
  1231. if err := db.Where("key IN ?", pathKeys).Find(&rows).Error; err != nil {
  1232. return err
  1233. }
  1234. for _, row := range rows {
  1235. fixed := row.Value
  1236. if !strings.HasPrefix(fixed, "/") {
  1237. fixed = "/" + fixed
  1238. }
  1239. if !strings.HasSuffix(fixed, "/") {
  1240. fixed += "/"
  1241. }
  1242. if fixed == row.Value {
  1243. continue
  1244. }
  1245. if err := db.Model(&model.Setting{}).Where("id = ?", row.Id).
  1246. Update("value", fixed).Error; err != nil {
  1247. return err
  1248. }
  1249. }
  1250. return nil
  1251. }
  1252. func normalizeInboundClientTgId() error {
  1253. var inbounds []model.Inbound
  1254. if err := db.Find(&inbounds).Error; err != nil {
  1255. return err
  1256. }
  1257. return db.Transaction(func(tx *gorm.DB) error {
  1258. for _, inbound := range inbounds {
  1259. if strings.TrimSpace(inbound.Settings) == "" {
  1260. continue
  1261. }
  1262. var settings map[string]any
  1263. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1264. log.Printf("InboundClientTgIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1265. continue
  1266. }
  1267. clients, ok := settings["clients"].([]any)
  1268. if !ok {
  1269. continue
  1270. }
  1271. mutated := false
  1272. for i, raw := range clients {
  1273. obj, ok := raw.(map[string]any)
  1274. if !ok {
  1275. continue
  1276. }
  1277. tgRaw, present := obj["tgId"]
  1278. if !present {
  1279. continue
  1280. }
  1281. v, isFloat := tgRaw.(float64)
  1282. if isFloat && !math.IsNaN(v) && !math.IsInf(v, 0) && v == math.Trunc(v) {
  1283. continue
  1284. }
  1285. obj["tgId"] = int64(0)
  1286. if s, isStr := tgRaw.(string); isStr {
  1287. if id, err := strconv.ParseInt(strings.ReplaceAll(strings.TrimSpace(s), " ", ""), 10, 64); err == nil {
  1288. obj["tgId"] = id
  1289. }
  1290. }
  1291. clients[i] = obj
  1292. mutated = true
  1293. }
  1294. if !mutated {
  1295. continue
  1296. }
  1297. settings["clients"] = clients
  1298. newSettings, err := json.MarshalIndent(settings, "", " ")
  1299. if err != nil {
  1300. log.Printf("InboundClientTgIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1301. continue
  1302. }
  1303. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1304. Update("settings", string(newSettings)).Error; err != nil {
  1305. return err
  1306. }
  1307. }
  1308. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientTgIdFix2"}).Error
  1309. })
  1310. }
  1311. func normalizeInboundClientSubId() error {
  1312. var inbounds []model.Inbound
  1313. if err := db.Find(&inbounds).Error; err != nil {
  1314. return err
  1315. }
  1316. return db.Transaction(func(tx *gorm.DB) error {
  1317. for _, inbound := range inbounds {
  1318. if strings.TrimSpace(inbound.Settings) == "" {
  1319. continue
  1320. }
  1321. var settings map[string]any
  1322. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1323. log.Printf("InboundClientSubIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1324. continue
  1325. }
  1326. clients, ok := settings["clients"].([]any)
  1327. if !ok {
  1328. continue
  1329. }
  1330. mutated := false
  1331. for i, raw := range clients {
  1332. obj, ok := raw.(map[string]any)
  1333. if !ok {
  1334. continue
  1335. }
  1336. existing, _ := obj["subId"].(string)
  1337. if strings.TrimSpace(existing) != "" {
  1338. continue
  1339. }
  1340. obj["subId"] = random.NumLower(16)
  1341. clients[i] = obj
  1342. mutated = true
  1343. }
  1344. if !mutated {
  1345. continue
  1346. }
  1347. settings["clients"] = clients
  1348. newSettings, err := json.MarshalIndent(settings, "", " ")
  1349. if err != nil {
  1350. log.Printf("InboundClientSubIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1351. continue
  1352. }
  1353. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1354. Update("settings", string(newSettings)).Error; err != nil {
  1355. return err
  1356. }
  1357. }
  1358. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientSubIdFix"}).Error
  1359. })
  1360. }
  1361. func normalizeInboundClientsArray() error {
  1362. var inbounds []model.Inbound
  1363. if err := db.Find(&inbounds).Error; err != nil {
  1364. return err
  1365. }
  1366. return db.Transaction(func(tx *gorm.DB) error {
  1367. for _, inbound := range inbounds {
  1368. if strings.TrimSpace(inbound.Settings) == "" {
  1369. continue
  1370. }
  1371. var settings map[string]any
  1372. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1373. log.Printf("InboundClientsArrayFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1374. continue
  1375. }
  1376. raw, exists := settings["clients"]
  1377. if !exists || raw != nil {
  1378. continue
  1379. }
  1380. settings["clients"] = []any{}
  1381. newSettings, err := json.MarshalIndent(settings, "", " ")
  1382. if err != nil {
  1383. log.Printf("InboundClientsArrayFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1384. continue
  1385. }
  1386. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1387. Update("settings", string(newSettings)).Error; err != nil {
  1388. return err
  1389. }
  1390. }
  1391. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientsArrayFix"}).Error
  1392. })
  1393. }
  1394. func normalizeFreedomFinalRules() error {
  1395. var setting model.Setting
  1396. err := db.Model(model.Setting{}).Where("key = ?", "xrayTemplateConfig").First(&setting).Error
  1397. if errors.Is(err, gorm.ErrRecordNotFound) {
  1398. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1399. }
  1400. if err != nil {
  1401. return err
  1402. }
  1403. updated, changed, rErr := rewriteFreedomFinalRules(setting.Value)
  1404. if rErr != nil {
  1405. log.Printf("FreedomFinalRulesReverseFix: skip (invalid xrayTemplateConfig json): %v", rErr)
  1406. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1407. }
  1408. return db.Transaction(func(tx *gorm.DB) error {
  1409. if changed {
  1410. if err := tx.Model(&model.Setting{}).Where("key = ?", "xrayTemplateConfig").
  1411. Update("value", updated).Error; err != nil {
  1412. return err
  1413. }
  1414. }
  1415. return tx.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1416. })
  1417. }
  1418. func rewriteFreedomFinalRules(raw string) (string, bool, error) {
  1419. if strings.TrimSpace(raw) == "" {
  1420. return raw, false, nil
  1421. }
  1422. var cfg map[string]any
  1423. if err := json.Unmarshal([]byte(raw), &cfg); err != nil {
  1424. return raw, false, err
  1425. }
  1426. outbounds, ok := cfg["outbounds"].([]any)
  1427. if !ok {
  1428. return raw, false, nil
  1429. }
  1430. changed := false
  1431. for _, ob := range outbounds {
  1432. obj, ok := ob.(map[string]any)
  1433. if !ok {
  1434. continue
  1435. }
  1436. if proto, _ := obj["protocol"].(string); proto != "freedom" {
  1437. continue
  1438. }
  1439. settings, ok := obj["settings"].(map[string]any)
  1440. if !ok {
  1441. continue
  1442. }
  1443. if !isLegacyPrivateOnlyFinalRules(settings["finalRules"]) {
  1444. continue
  1445. }
  1446. settings["finalRules"] = []any{map[string]any{"action": "allow"}}
  1447. changed = true
  1448. }
  1449. if !changed {
  1450. return raw, false, nil
  1451. }
  1452. out, err := json.MarshalIndent(cfg, "", " ")
  1453. if err != nil {
  1454. return raw, false, err
  1455. }
  1456. return string(out), true, nil
  1457. }
  1458. func isLegacyPrivateOnlyFinalRules(v any) bool {
  1459. rules, ok := v.([]any)
  1460. if !ok || len(rules) != 1 {
  1461. return false
  1462. }
  1463. rule, ok := rules[0].(map[string]any)
  1464. if !ok {
  1465. return false
  1466. }
  1467. if action, _ := rule["action"].(string); action != "allow" {
  1468. return false
  1469. }
  1470. ips, ok := rule["ip"].([]any)
  1471. if !ok || len(ips) != 1 {
  1472. return false
  1473. }
  1474. if s, _ := ips[0].(string); s != "geoip:private" {
  1475. return false
  1476. }
  1477. for k := range rule {
  1478. if k != "action" && k != "ip" {
  1479. return false
  1480. }
  1481. }
  1482. return true
  1483. }
  1484. func normalizeClientJSONFields(obj map[string]any) {
  1485. normalizeInt := func(key string) {
  1486. raw, exists := obj[key]
  1487. if !exists {
  1488. return
  1489. }
  1490. s, ok := raw.(string)
  1491. if !ok {
  1492. return
  1493. }
  1494. trimmed := strings.ReplaceAll(strings.TrimSpace(s), " ", "")
  1495. if trimmed == "" {
  1496. delete(obj, key)
  1497. return
  1498. }
  1499. if n, err := strconv.ParseInt(trimmed, 10, 64); err == nil {
  1500. obj[key] = n
  1501. } else {
  1502. delete(obj, key)
  1503. }
  1504. }
  1505. for _, k := range []string{"tgId", "limitIp", "totalGB", "expiryTime", "reset", "created_at", "updated_at"} {
  1506. normalizeInt(k)
  1507. }
  1508. }
  1509. func seedClientsFromInboundJSON() error {
  1510. var inbounds []model.Inbound
  1511. if err := db.Find(&inbounds).Error; err != nil {
  1512. return err
  1513. }
  1514. return db.Transaction(func(tx *gorm.DB) error {
  1515. byEmail := map[string]*model.ClientRecord{}
  1516. var existing []model.ClientRecord
  1517. if err := tx.Find(&existing).Error; err != nil {
  1518. return err
  1519. }
  1520. for i := range existing {
  1521. byEmail[existing[i].Email] = &existing[i]
  1522. }
  1523. for _, inbound := range inbounds {
  1524. if strings.TrimSpace(inbound.Settings) == "" {
  1525. continue
  1526. }
  1527. var settings map[string]any
  1528. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1529. log.Printf("ClientsTable seed: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1530. continue
  1531. }
  1532. rawList, ok := settings["clients"].([]any)
  1533. if !ok {
  1534. continue
  1535. }
  1536. for _, raw := range rawList {
  1537. obj, ok := raw.(map[string]any)
  1538. if !ok {
  1539. continue
  1540. }
  1541. normalizeClientJSONFields(obj)
  1542. blob, err := json.Marshal(obj)
  1543. if err != nil {
  1544. continue
  1545. }
  1546. var c model.Client
  1547. if err := json.Unmarshal(blob, &c); err != nil {
  1548. log.Printf("ClientsTable seed: skip client in inbound %d (unmarshal failed): %v; payload=%s",
  1549. inbound.Id, err, string(blob))
  1550. continue
  1551. }
  1552. email := strings.TrimSpace(c.Email)
  1553. if email == "" {
  1554. continue
  1555. }
  1556. incoming := c.ToRecord()
  1557. row, dup := byEmail[email]
  1558. if !dup {
  1559. if err := tx.Create(incoming).Error; err != nil {
  1560. return err
  1561. }
  1562. byEmail[email] = incoming
  1563. row = incoming
  1564. } else {
  1565. conflicts := model.MergeClientRecord(row, incoming)
  1566. for _, x := range conflicts {
  1567. log.Printf("client merge: email=%s conflict on %s old=%v new=%v kept=%v",
  1568. email, x.Field, x.Old, x.New, x.Kept)
  1569. }
  1570. if err := tx.Save(row).Error; err != nil {
  1571. return err
  1572. }
  1573. }
  1574. link := model.ClientInbound{
  1575. ClientId: row.Id,
  1576. InboundId: inbound.Id,
  1577. FlowOverride: c.Flow,
  1578. }
  1579. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  1580. FirstOrCreate(&link).Error; err != nil {
  1581. return err
  1582. }
  1583. }
  1584. }
  1585. return tx.Create(&model.HistoryOfSeeders{SeederName: "ClientsTable"}).Error
  1586. })
  1587. }
  1588. func seedApiTokens() error {
  1589. empty, err := isTableEmpty("api_tokens")
  1590. if err != nil {
  1591. return err
  1592. }
  1593. if empty {
  1594. var legacy model.Setting
  1595. err := db.Model(model.Setting{}).Where("key = ?", "apiToken").First(&legacy).Error
  1596. if err == nil && legacy.Value != "" {
  1597. row := &model.ApiToken{
  1598. Name: "default",
  1599. Token: legacy.Value,
  1600. Enabled: true,
  1601. }
  1602. if err := db.Create(row).Error; err != nil {
  1603. log.Printf("Error migrating legacy apiToken: %v", err)
  1604. return err
  1605. }
  1606. }
  1607. }
  1608. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensTable"}).Error
  1609. }
  1610. func hashExistingApiTokens() error {
  1611. var rows []*model.ApiToken
  1612. if err := db.Find(&rows).Error; err != nil {
  1613. return err
  1614. }
  1615. for _, r := range rows {
  1616. if crypto.IsSHA256Hex(r.Token) {
  1617. continue
  1618. }
  1619. hashed := crypto.HashTokenSHA256(r.Token)
  1620. if err := db.Model(model.ApiToken{}).Where("id = ?", r.Id).Update("token", hashed).Error; err != nil {
  1621. log.Printf("Error hashing api token %d: %v", r.Id, err)
  1622. return err
  1623. }
  1624. }
  1625. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensHash"}).Error
  1626. }
  1627. func isTableEmpty(tableName string) (bool, error) {
  1628. var count int64
  1629. err := db.Table(tableName).Count(&count).Error
  1630. return count == 0, err
  1631. }
  1632. func InitDB(dbPath string) error {
  1633. var gormLogger logger.Interface
  1634. if config.IsDebug() {
  1635. gormLogger = logger.New(
  1636. log.New(os.Stdout, "\r\n", log.LstdFlags),
  1637. logger.Config{
  1638. SlowThreshold: time.Second,
  1639. LogLevel: logger.Info,
  1640. IgnoreRecordNotFoundError: true,
  1641. Colorful: true,
  1642. },
  1643. )
  1644. } else {
  1645. gormLogger = logger.Discard
  1646. }
  1647. c := &gorm.Config{Logger: gormLogger, DisableForeignKeyConstraintWhenMigrating: true}
  1648. var err error
  1649. switch config.GetDBKind() {
  1650. case "postgres":
  1651. dsn := config.GetDBDSN()
  1652. if dsn == "" {
  1653. return errors.New("XUI_DB_TYPE=postgres but XUI_DB_DSN is empty")
  1654. }
  1655. db, err = gorm.Open(postgres.Open(dsn), c)
  1656. if err != nil {
  1657. return err
  1658. }
  1659. default:
  1660. dir := path.Dir(dbPath)
  1661. if err = os.MkdirAll(dir, 0o755); err != nil {
  1662. return err
  1663. }
  1664. sync := sqliteSynchronous()
  1665. dsn := dbPath + "?_journal_mode=DELETE&_busy_timeout=10000&_synchronous=" + sync + "&_txlock=immediate"
  1666. db, err = gorm.Open(sqlite.Open(dsn), c)
  1667. if err != nil {
  1668. return err
  1669. }
  1670. sqlDB, err := db.DB()
  1671. if err != nil {
  1672. return err
  1673. }
  1674. pragmas := []string{
  1675. "PRAGMA journal_mode=DELETE",
  1676. "PRAGMA busy_timeout=10000",
  1677. "PRAGMA synchronous=" + sync,
  1678. fmt.Sprintf("PRAGMA cache_size=-%d", envInt("XUI_DB_CACHE_MB", 32)*1024),
  1679. fmt.Sprintf("PRAGMA mmap_size=%d", int64(envInt("XUI_DB_MMAP_MB", 256))*1024*1024),
  1680. "PRAGMA temp_store=MEMORY",
  1681. }
  1682. for _, p := range pragmas {
  1683. if _, err := sqlDB.ExecContext(context.Background(), p); err != nil {
  1684. return err
  1685. }
  1686. }
  1687. }
  1688. sqlDB, err := db.DB()
  1689. if err != nil {
  1690. return err
  1691. }
  1692. var maxOpen, maxIdle int
  1693. switch config.GetDBKind() {
  1694. case "postgres":
  1695. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 25)
  1696. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 25)
  1697. default:
  1698. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 8)
  1699. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 4)
  1700. }
  1701. sqlDB.SetMaxOpenConns(maxOpen)
  1702. sqlDB.SetMaxIdleConns(maxIdle)
  1703. sqlDB.SetConnMaxLifetime(time.Hour)
  1704. sqlDB.SetConnMaxIdleTime(30 * time.Minute)
  1705. if err := initModels(); err != nil {
  1706. return err
  1707. }
  1708. isUsersEmpty, err := isTableEmpty("users")
  1709. if err != nil {
  1710. return err
  1711. }
  1712. if err := initUser(); err != nil {
  1713. return err
  1714. }
  1715. return runSeeders(isUsersEmpty)
  1716. }
  1717. func normalizeApiTokenCreatedAtSeconds() error {
  1718. return db.Model(&model.ApiToken{}).
  1719. Where("created_at >= ?", model.ApiTokenUnixMillisecondsThreshold).
  1720. UpdateColumn("created_at", gorm.Expr("created_at / ?", 1000)).Error
  1721. }
  1722. func sqliteSynchronous() string {
  1723. switch strings.ToUpper(strings.TrimSpace(os.Getenv("XUI_DB_SYNCHRONOUS"))) {
  1724. case "OFF":
  1725. return "OFF"
  1726. case "NORMAL":
  1727. return "NORMAL"
  1728. case "EXTRA":
  1729. return "EXTRA"
  1730. default:
  1731. return "FULL"
  1732. }
  1733. }
  1734. func envInt(key string, def int) int {
  1735. v := strings.TrimSpace(os.Getenv(key))
  1736. if v == "" {
  1737. return def
  1738. }
  1739. n, err := strconv.Atoi(v)
  1740. if err != nil || n <= 0 {
  1741. return def
  1742. }
  1743. return n
  1744. }
  1745. func CloseDB() error {
  1746. if db != nil {
  1747. sqlDB, err := db.DB()
  1748. if err != nil {
  1749. return err
  1750. }
  1751. return sqlDB.Close()
  1752. }
  1753. return nil
  1754. }
  1755. func GetDB() *gorm.DB {
  1756. return db
  1757. }
  1758. func IsNotFound(err error) bool {
  1759. return errors.Is(err, gorm.ErrRecordNotFound)
  1760. }
  1761. func IsSQLiteDB(file io.ReaderAt) (bool, error) {
  1762. signature := []byte("SQLite format 3\x00")
  1763. buf := make([]byte, len(signature))
  1764. _, err := file.ReadAt(buf, 0)
  1765. if err != nil {
  1766. return false, err
  1767. }
  1768. return bytes.Equal(buf, signature), nil
  1769. }
  1770. func Checkpoint() error {
  1771. if IsPostgres() {
  1772. return nil
  1773. }
  1774. return db.Exec("PRAGMA wal_checkpoint;").Error
  1775. }
  1776. func ValidateSQLiteDB(dbPath string) error {
  1777. if _, err := os.Stat(dbPath); err != nil {
  1778. return err
  1779. }
  1780. gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})
  1781. if err != nil {
  1782. return err
  1783. }
  1784. sqlDB, err := gdb.DB()
  1785. if err != nil {
  1786. return err
  1787. }
  1788. defer sqlDB.Close()
  1789. var res string
  1790. if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {
  1791. return err
  1792. }
  1793. if res != "ok" {
  1794. return errors.New("sqlite integrity check failed: " + res)
  1795. }
  1796. return nil
  1797. }