| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554 |
- package panel
- import (
- "context"
- "encoding/json"
- "fmt"
- "io"
- "net/http"
- "os"
- "os/exec"
- "path/filepath"
- "regexp"
- "runtime"
- "strconv"
- "strings"
- "sync"
- "syscall"
- "time"
- "github.com/mhsanaei/3x-ui/v3/internal/config"
- "github.com/mhsanaei/3x-ui/v3/internal/logger"
- "github.com/mhsanaei/3x-ui/v3/internal/web/global"
- "github.com/mhsanaei/3x-ui/v3/internal/web/service"
- )
- // PanelService provides business logic for panel management operations.
- // It handles panel restart, updates, and system-level panel controls.
- type PanelService struct{}
- // PanelUpdateInfo contains the current and latest available panel versions.
- // On the dev channel the version fields carry a "dev+<sha>" label and the commit
- // fields hold the short SHAs that drive the update-available decision.
- type PanelUpdateInfo struct {
- Channel string `json:"channel"`
- CurrentVersion string `json:"currentVersion"`
- LatestVersion string `json:"latestVersion"`
- CurrentCommit string `json:"currentCommit,omitempty"`
- LatestCommit string `json:"latestCommit,omitempty"`
- UpdateAvailable bool `json:"updateAvailable"`
- }
- const (
- panelUpdaterURL = "https://raw.githubusercontent.com/MHSanaei/3x-ui/main/update.sh"
- maxPanelUpdaterBytes = 2 << 20
- // devReleaseTag is the fixed-tag rolling pre-release the CI force-moves to the
- // newest main commit; the dev update channel installs from it.
- devReleaseTag = "dev-latest"
- updateStatePending = "pending"
- updateStateSuccess = "success"
- updateStateFailed = "failed"
- )
- // PanelUpdateStatus reports the outcome of the most recently launched panel
- // self-update. RunID lets the caller confirm this status belongs to the
- // update it started rather than a stale result left over from an earlier
- // run; State is one of "pending", "success", or "failed". RunID is a decimal
- // string, not a JSON number: it's a formatted UnixNano timestamp, and
- // JavaScript's number type can't represent that precisely (it exceeds
- // Number.MAX_SAFE_INTEGER), which would let two different runs round to the
- // same value on the wire and defeat the whole point of this field.
- type PanelUpdateStatus struct {
- RunID string `json:"runId" example:"1735689600123456789"`
- State string `json:"state" example:"success"`
- ExitCode int `json:"exitCode" example:"0"`
- FinishedAt int64 `json:"finishedAt" example:"1735689612"`
- }
- var releaseCommitRegex = regexp.MustCompile(`(?i)commit=([0-9a-f]{7,40})`)
- // updateMu guards updateRunning/updateStarted/updateRunID/updatePID, which
- // stop a second self-update from launching while one is still in flight (two
- // concurrent update.sh runs would race each other extracting the release
- // tarball and swapping the service unit). A slot is released as soon as the
- // in-flight run's own status file reports success or failure -- checked
- // against updateRunID so a stale file from an even earlier run can't be
- // mistaken for this one finishing -- so a fast failure doesn't lock out a
- // retry.
- //
- // For a run that never reaches a terminal state at all, staleness is judged
- // primarily by whether the process we actually launched is still alive
- // (updatePID, via processAlive), not by wall-clock time alone: update.sh
- // runs install_base() (a package-manager update+install) before anything
- // else, plus several downloads, which can legitimately run past a short
- // fixed timeout on a slow or throttled host without anything being wrong.
- // updateStaleAfter/updatePID together are only a fallback for the systemd-run
- // launch path, where the process we can observe (systemd-run itself) has
- // already exited by the time startUpdate returns and the actual update.sh
- // unit's PID is never recorded -- for that path this is still a pure
- // wall-clock heuristic. updateHardCeiling is an absolute backstop so a
- // genuinely wedged run (alive but hung forever) can never lock out retries
- // permanently, even on the PID-tracked path.
- var (
- updateMu sync.Mutex
- updateRunning bool
- updateStarted time.Time
- updateRunID int64
- updatePID int
- )
- const (
- updateStaleAfter = 20 * time.Minute
- updateHardCeiling = 2 * time.Hour
- )
- func (s *PanelService) RestartPanel(delay time.Duration) error {
- go func() {
- time.Sleep(delay)
- if global.TriggerRestart() {
- return
- }
- if runtime.GOOS == "windows" {
- logger.Error("panel restart: no restart hook registered (SIGHUP unsupported on Windows)")
- return
- }
- p, err := os.FindProcess(syscall.Getpid())
- if err != nil {
- logger.Error("panel restart: FindProcess failed:", err)
- return
- }
- if err := p.Signal(syscall.SIGHUP); err != nil {
- logger.Error("failed to send SIGHUP signal:", err)
- }
- }()
- return nil
- }
- // GetUpdateInfo checks GitHub for the latest 3x-ui release. When the dev channel
- // is enabled on a dev build it compares commits against the rolling dev release;
- // otherwise it compares versions against the latest stable tag.
- func (s *PanelService) GetUpdateInfo() (*PanelUpdateInfo, error) {
- if devChannelActive() {
- return getDevUpdateInfo()
- }
- latest, err := fetchLatestPanelVersion()
- if err != nil {
- return nil, err
- }
- current := config.GetBaseVersion()
- return &PanelUpdateInfo{
- Channel: "stable",
- CurrentVersion: current,
- LatestVersion: latest,
- UpdateAvailable: isNewerVersion(latest, current),
- }, nil
- }
- // devChannelActive reports whether self-update should track the rolling dev
- // release. It is driven solely by the opt-in setting so the panel can
- // cross-grade a stable build onto the dev channel once the user enables it;
- // nothing updates without an explicit user action, so an unattended stable
- // binary with the toggle off stays on the stable channel.
- func devChannelActive() bool {
- enabled, err := (&service.SettingService{}).GetDevChannelEnable()
- return err == nil && enabled
- }
- // getDevUpdateInfo compares the running commit against the commit recorded in the
- // rolling dev release.
- func getDevUpdateInfo() (*PanelUpdateInfo, error) {
- release, err := fetchPanelRelease(devReleaseTag)
- if err != nil {
- return nil, err
- }
- latestCommit := extractReleaseCommit(release)
- if latestCommit == "" {
- return nil, fmt.Errorf("dev release commit is unknown")
- }
- currentCommit := config.GetBuildCommit()
- return &PanelUpdateInfo{
- Channel: "dev",
- CurrentVersion: config.GetPanelVersion(),
- CurrentCommit: shortCommit(currentCommit),
- LatestCommit: shortCommit(latestCommit),
- LatestVersion: "dev+" + shortCommit(latestCommit),
- UpdateAvailable: !commitsEqual(currentCommit, latestCommit),
- }, nil
- }
- // StartUpdate starts the official updater using this panel's own channel
- // setting. Returns the run ID to pass to GetUpdateStatus so the caller can
- // tell this run's result apart from a stale one.
- func (s *PanelService) StartUpdate() (int64, error) {
- return s.startUpdate(devChannelActive())
- }
- // StartUpdateChannel runs the updater against an explicitly chosen channel,
- // overriding the local dev-channel setting. Used by the master node updater so
- // a node can be moved to the dev channel from the central panel.
- func (s *PanelService) StartUpdateChannel(dev bool) (int64, error) {
- return s.startUpdate(dev)
- }
- // GetUpdateStatus reports the outcome of the most recently launched panel
- // self-update, as recorded by update.sh's EXIT trap (see the script for why
- // that covers every exit path, not just the happy one). This is a best-effort
- // side channel: a missing or unreadable status file reads as "pending"
- // rather than an error, since the update itself is what matters, not this
- // status file.
- func (s *PanelService) GetUpdateStatus() *PanelUpdateStatus {
- data, err := os.ReadFile(config.GetUpdateStatusFilePath())
- if err != nil {
- return &PanelUpdateStatus{State: updateStatePending}
- }
- var status PanelUpdateStatus
- if err := json.Unmarshal(data, &status); err != nil {
- return &PanelUpdateStatus{State: updateStatePending}
- }
- if status.State != updateStateSuccess && status.State != updateStateFailed {
- status.State = updateStatePending
- }
- return &status
- }
- func (s *PanelService) startUpdate(useDev bool) (int64, error) {
- runID := time.Now().UnixNano()
- if !acquireUpdateSlot(runID) {
- return 0, fmt.Errorf("a panel update is already in progress")
- }
- launched := false
- defer func() {
- if !launched {
- releaseUpdateSlot()
- }
- }()
- if runtime.GOOS != "linux" {
- return 0, fmt.Errorf("panel web update is supported only on Linux installations")
- }
- bash, err := exec.LookPath("bash")
- if err != nil {
- return 0, fmt.Errorf("bash is required to run the panel updater: %w", err)
- }
- scriptPath, err := downloadPanelUpdater()
- if err != nil {
- return 0, err
- }
- statusFile := config.GetUpdateStatusFilePath()
- mainFolder, serviceFolder := resolveUpdateFolders()
- updateTag := ""
- if useDev {
- updateTag = devReleaseTag
- }
- updateScript := fmt.Sprintf("set -e; trap 'rm -f %s' EXIT; %s %s", shellQuote(scriptPath), shellQuote(bash), shellQuote(scriptPath))
- runIDEnv := "XUI_UPDATE_RUN_ID=" + strconv.FormatInt(runID, 10)
- statusFileEnv := "XUI_UPDATE_STATUS_FILE=" + statusFile
- if systemdRun, err := exec.LookPath("systemd-run"); err == nil {
- unitName := fmt.Sprintf("x-ui-web-update-%d", time.Now().Unix())
- cmd := exec.CommandContext(context.Background(), systemdRun,
- "--unit", unitName,
- "--setenv", "XUI_MAIN_FOLDER="+mainFolder,
- "--setenv", "XUI_SERVICE="+serviceFolder,
- "--setenv", "XUI_UPDATE_TAG="+updateTag,
- "--setenv", runIDEnv,
- "--setenv", statusFileEnv,
- bash, "-lc", updateScript,
- )
- out, err := cmd.CombinedOutput()
- if err != nil {
- output := strings.TrimSpace(string(out))
- if !strings.Contains(output, "System has not been booted with systemd") &&
- !strings.Contains(output, "Failed to connect to bus") {
- _ = os.Remove(scriptPath)
- return 0, fmt.Errorf("failed to start panel update job: %w: %s", err, output)
- }
- logger.Warning("systemd-run is unavailable, falling back to detached update process:", output)
- } else {
- logger.Infof("started panel update job via systemd-run unit %s", unitName)
- launched = true
- return runID, nil
- }
- }
- cmd := exec.CommandContext(context.Background(), bash, "-lc", updateScript)
- cmd.Env = append(os.Environ(),
- "XUI_MAIN_FOLDER="+mainFolder,
- "XUI_SERVICE="+serviceFolder,
- "XUI_UPDATE_TAG="+updateTag,
- runIDEnv,
- statusFileEnv,
- )
- setDetachedProcess(cmd)
- if err := cmd.Start(); err != nil {
- _ = os.Remove(scriptPath)
- return 0, fmt.Errorf("failed to start panel update job: %w", err)
- }
- if err := cmd.Process.Release(); err != nil {
- logger.Warning("failed to release panel update process:", err)
- }
- logger.Infof("started panel update job with pid %d", cmd.Process.Pid)
- recordUpdatePID(cmd.Process.Pid)
- launched = true
- return runID, nil
- }
- // acquireUpdateSlot claims the single in-flight-update slot for runID. It
- // refuses while another run is genuinely still in flight, but grants the
- // slot immediately once that run's own status file reports a terminal
- // result (success or failure) -- a fast failure shouldn't force the next
- // attempt to wait out updateStaleAfter for no reason. Past updateStaleAfter
- // with no terminal status yet, it grants the slot anyway UNLESS the process
- // we recorded (updatePID) is confirmed still alive, so a merely-slow run
- // isn't mistaken for a crashed one; past updateHardCeiling it grants the
- // slot unconditionally regardless of liveness, so a truly wedged run can
- // never lock out retries forever.
- func acquireUpdateSlot(runID int64) bool {
- updateMu.Lock()
- defer updateMu.Unlock()
- if updateRunning && !previousRunIsTerminal() {
- elapsed := time.Since(updateStarted)
- if elapsed < updateHardCeiling {
- stale := elapsed >= updateStaleAfter
- alive := updatePID > 0 && processAlive(updatePID)
- if !stale || alive {
- return false
- }
- }
- }
- updateRunning = true
- updateStarted = time.Now()
- updateRunID = runID
- updatePID = 0
- return true
- }
- // recordUpdatePID notes the PID of the detached update.sh process the
- // current slot is tracking, so a later acquireUpdateSlot call can check
- // whether it is actually still running instead of only how long ago it
- // started. Only reachable for the detached-fallback launch path -- the
- // systemd-run path never learns update.sh's own PID, since the process it
- // directly observes (systemd-run) has already exited by the time it returns.
- func recordUpdatePID(pid int) {
- updateMu.Lock()
- updatePID = pid
- updateMu.Unlock()
- }
- // previousRunIsTerminal reports whether the run currently recorded in
- // updateRunID has reached success or failure per its status file. Must be
- // called with updateMu held.
- func previousRunIsTerminal() bool {
- status := (&PanelService{}).GetUpdateStatus()
- return status.RunID == strconv.FormatInt(updateRunID, 10) && status.State != updateStatePending
- }
- func releaseUpdateSlot() {
- updateMu.Lock()
- updateRunning = false
- updateMu.Unlock()
- }
- func downloadPanelUpdater() (string, error) {
- client := (&service.SettingService{}).NewProxiedHTTPClient(15 * time.Second)
- req, reqErr := http.NewRequestWithContext(context.Background(), http.MethodGet, panelUpdaterURL, nil)
- if reqErr != nil {
- return "", fmt.Errorf("download panel updater: %w", reqErr)
- }
- resp, err := client.Do(req)
- if err != nil {
- return "", fmt.Errorf("download panel updater: %w", err)
- }
- defer resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- return "", fmt.Errorf("download panel updater: unexpected HTTP %d", resp.StatusCode)
- }
- file, err := os.CreateTemp("", "3x-ui-update-*.sh")
- if err != nil {
- return "", err
- }
- path := file.Name()
- ok := false
- defer func() {
- _ = file.Close()
- if !ok {
- _ = os.Remove(path)
- }
- }()
- n, err := io.Copy(file, io.LimitReader(resp.Body, maxPanelUpdaterBytes+1))
- if err != nil {
- return "", fmt.Errorf("write panel updater: %w", err)
- }
- if n == 0 {
- return "", fmt.Errorf("panel updater download is empty")
- }
- if n > maxPanelUpdaterBytes {
- return "", fmt.Errorf("panel updater exceeds %d bytes", maxPanelUpdaterBytes)
- }
- if err := file.Chmod(0o700); err != nil {
- return "", err
- }
- ok = true
- return path, nil
- }
- func fetchLatestPanelVersion() (string, error) {
- release, err := fetchPanelRelease("")
- if err != nil {
- return "", err
- }
- if release.TagName == "" {
- return "", fmt.Errorf("latest panel release tag is empty")
- }
- return release.TagName, nil
- }
- // fetchPanelRelease fetches a release from GitHub. An empty tag resolves the
- // latest stable release; a non-empty tag (e.g. dev-latest) resolves that tag.
- func fetchPanelRelease(tag string) (*service.Release, error) {
- url := "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest"
- if tag != "" {
- url = "https://api.github.com/repos/MHSanaei/3x-ui/releases/tags/" + tag
- }
- client := (&service.SettingService{}).NewProxiedHTTPClient(10 * time.Second)
- req, reqErr := http.NewRequestWithContext(context.Background(), http.MethodGet, url, nil)
- if reqErr != nil {
- return nil, reqErr
- }
- resp, err := client.Do(req)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
- return nil, fmt.Errorf("GitHub API returned status %d: %s", resp.StatusCode, resp.Status)
- }
- var release service.Release
- if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
- return nil, err
- }
- return &release, nil
- }
- // extractReleaseCommit reads the build commit recorded in the dev release: first
- // the `commit=<sha>` marker the CI writes into the body, falling back to the
- // tag's target commit.
- func extractReleaseCommit(release *service.Release) string {
- if m := releaseCommitRegex.FindStringSubmatch(release.Body); m != nil {
- return strings.ToLower(m[1])
- }
- if isCommitSHA(release.TargetCommitish) {
- return strings.ToLower(release.TargetCommitish)
- }
- return ""
- }
- func isCommitSHA(s string) bool {
- s = strings.TrimSpace(s)
- if len(s) < 7 || len(s) > 40 {
- return false
- }
- for _, r := range s {
- if (r < '0' || r > '9') && (r < 'a' || r > 'f') && (r < 'A' || r > 'F') {
- return false
- }
- }
- return true
- }
- func shortCommit(sha string) string {
- sha = strings.TrimSpace(sha)
- if len(sha) > 8 {
- return sha[:8]
- }
- return sha
- }
- // commitsEqual compares a short (injected) commit against a full release commit
- // by prefix, so an 8-char build stamp matches the 40-char release SHA.
- func commitsEqual(a, b string) bool {
- a = strings.ToLower(strings.TrimSpace(a))
- b = strings.ToLower(strings.TrimSpace(b))
- if a == "" || b == "" {
- return false
- }
- if len(a) > len(b) {
- a, b = b, a
- }
- return strings.HasPrefix(b, a)
- }
- func resolveUpdateFolders() (string, string) {
- mainFolder := os.Getenv("XUI_MAIN_FOLDER")
- if mainFolder == "" {
- if exePath, err := os.Executable(); err == nil {
- mainFolder = filepath.Dir(exePath)
- }
- }
- if mainFolder == "" {
- mainFolder = "/usr/local/x-ui"
- }
- serviceFolder := os.Getenv("XUI_SERVICE")
- if serviceFolder == "" {
- serviceFolder = "/etc/systemd/system"
- }
- return mainFolder, serviceFolder
- }
- func isNewerVersion(latest string, current string) bool {
- cmp, ok := compareVersionStrings(latest, current)
- if !ok {
- return normalizeVersionTag(latest) != normalizeVersionTag(current)
- }
- return cmp > 0
- }
- func compareVersionStrings(a string, b string) (int, bool) {
- aParts, okA := parseVersionParts(a)
- bParts, okB := parseVersionParts(b)
- if !okA || !okB {
- return 0, false
- }
- for i := range len(aParts) {
- if aParts[i] > bParts[i] {
- return 1, true
- }
- if aParts[i] < bParts[i] {
- return -1, true
- }
- }
- return 0, true
- }
- func parseVersionParts(version string) ([3]int, bool) {
- var result [3]int
- parts := strings.Split(normalizeVersionTag(version), ".")
- if len(parts) != 3 {
- return result, false
- }
- for i, part := range parts {
- n, err := strconv.Atoi(part)
- if err != nil {
- return result, false
- }
- result[i] = n
- }
- return result, true
- }
- func normalizeVersionTag(version string) string {
- return strings.TrimPrefix(strings.TrimSpace(version), "v")
- }
- func shellQuote(value string) string {
- return "'" + strings.ReplaceAll(value, "'", "'\\''") + "'"
- }
|