client_inbound_apply.go 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299
  1. package service
  2. import (
  3. "context"
  4. "encoding/json"
  5. "fmt"
  6. "maps"
  7. "strings"
  8. "time"
  9. "github.com/mhsanaei/3x-ui/v3/internal/database"
  10. "github.com/mhsanaei/3x-ui/v3/internal/database/model"
  11. "github.com/mhsanaei/3x-ui/v3/internal/logger"
  12. "github.com/mhsanaei/3x-ui/v3/internal/util/common"
  13. "github.com/mhsanaei/3x-ui/v3/internal/util/random"
  14. "github.com/mhsanaei/3x-ui/v3/internal/web/runtime"
  15. "github.com/mhsanaei/3x-ui/v3/internal/xray"
  16. "gorm.io/gorm"
  17. )
  18. func sameClientConfigExceptUpdatedAt(a, b map[string]any) bool {
  19. aa := maps.Clone(a)
  20. bb := maps.Clone(b)
  21. delete(aa, "updated_at")
  22. delete(bb, "updated_at")
  23. an, aerr := json.Marshal(aa)
  24. bn, berr := json.Marshal(bb)
  25. return aerr == nil && berr == nil && string(an) == string(bn)
  26. }
  27. // advancePushedInbound advances the node's reconcile-skip fingerprint from the
  28. // pre-edit settings to the saved ones after every per-client push succeeded.
  29. func advancePushedInbound(rt runtime.Runtime, prevSettings string, ib *model.Inbound) {
  30. rem, ok := rt.(*runtime.Remote)
  31. if !ok {
  32. return
  33. }
  34. prev := *ib
  35. prev.Settings = prevSettings
  36. rem.AdvancePushedInbound(&prev, ib)
  37. }
  38. // delInboundClients removes several clients from a single inbound in one pass:
  39. // one settings rewrite, one runtime sweep, one Save and one SyncInbound for the
  40. // whole batch, instead of repeating the full per-client cycle. It mirrors the
  41. // semantics of DelInboundClientByEmail for each removed client. needRestart is
  42. // the OR across all removals.
  43. func (s *ClientService) delInboundClients(inboundSvc *InboundService, inboundId int, recs []*model.ClientRecord, keepTraffic bool) (bool, error) {
  44. if len(recs) == 0 {
  45. return false, nil
  46. }
  47. defer lockInbound(inboundId).Unlock()
  48. oldInbound, err := inboundSvc.GetInbound(inboundId)
  49. if err != nil {
  50. logger.Error("Load Old Data Error")
  51. return false, err
  52. }
  53. var settings map[string]any
  54. if err := json.Unmarshal([]byte(oldInbound.Settings), &settings); err != nil {
  55. return false, err
  56. }
  57. // Match by email — the client's stable identity (see Delete). Removes every
  58. // entry carrying a wanted email, independent of credential drift.
  59. wanted := make(map[string]struct{}, len(recs))
  60. for _, rec := range recs {
  61. if rec.Email != "" {
  62. wanted[rec.Email] = struct{}{}
  63. }
  64. }
  65. interfaceClients, ok := settings["clients"].([]any)
  66. if !ok {
  67. return false, common.NewError("invalid clients format in inbound settings")
  68. }
  69. type removedClient struct {
  70. email string
  71. needApiDel bool
  72. }
  73. removed := make([]removedClient, 0, len(wanted))
  74. newClients := make([]any, 0, len(interfaceClients))
  75. for _, client := range interfaceClients {
  76. c, ok := client.(map[string]any)
  77. if !ok {
  78. newClients = append(newClients, client)
  79. continue
  80. }
  81. email, _ := c["email"].(string)
  82. if _, hit := wanted[email]; hit && email != "" {
  83. enable, _ := c["enable"].(bool)
  84. removed = append(removed, removedClient{email: email, needApiDel: enable})
  85. continue
  86. }
  87. newClients = append(newClients, client)
  88. }
  89. if len(removed) == 0 {
  90. return false, nil
  91. }
  92. db := database.GetDB()
  93. newClients = compactOrphans(db, newClients)
  94. if newClients == nil {
  95. newClients = []any{}
  96. }
  97. settings["clients"] = newClients
  98. newSettings, err := json.MarshalIndent(settings, "", " ")
  99. if err != nil {
  100. return false, err
  101. }
  102. prevSettings := oldInbound.Settings
  103. oldInbound.Settings = string(newSettings)
  104. var sharedSet map[string]bool
  105. if !keepTraffic {
  106. removedEmails := make([]string, 0, len(removed))
  107. for _, r := range removed {
  108. if r.email != "" {
  109. removedEmails = append(removedEmails, r.email)
  110. }
  111. }
  112. var sharedErr error
  113. sharedSet, sharedErr = inboundSvc.emailsUsedByOtherInbounds(removedEmails, inboundId)
  114. if sharedErr != nil {
  115. return false, sharedErr
  116. }
  117. }
  118. needRestart := false
  119. // Read each client's live state before the DB write (DelClientStat would
  120. // erase the enable flag we need to decide on a runtime removal).
  121. type delTarget struct {
  122. email string
  123. emailShared bool
  124. notDepleted bool
  125. needApiDel bool
  126. }
  127. targets := make([]delTarget, 0, len(removed))
  128. for _, r := range removed {
  129. email := r.email
  130. emailShared := sharedSet[strings.ToLower(strings.TrimSpace(email))]
  131. notDepleted := false
  132. if len(email) > 0 {
  133. var enables []bool
  134. if err := db.Model(xray.ClientTraffic{}).Where("email = ?", email).Limit(1).Pluck("enable", &enables).Error; err != nil {
  135. logger.Error("Get stats error")
  136. return needRestart, err
  137. }
  138. notDepleted = len(enables) > 0 && enables[0]
  139. }
  140. targets = append(targets, delTarget{email: email, emailShared: emailShared, notDepleted: notDepleted, needApiDel: r.needApiDel})
  141. }
  142. // Persist the batch deletion atomically, serialized against the traffic poll
  143. // to avoid the cross-transaction lock-order deadlock (runSerializedTx).
  144. if txErr := runSerializedTx(func(tx *gorm.DB) error {
  145. for _, t := range targets {
  146. if t.emailShared || keepTraffic {
  147. continue
  148. }
  149. if e := inboundSvc.DelClientIPs(tx, t.email); e != nil {
  150. logger.Error("Error in delete client IPs")
  151. return e
  152. }
  153. if len(t.email) > 0 {
  154. if e := inboundSvc.DelClientStat(tx, t.email); e != nil {
  155. logger.Error("Delete stats Data Error")
  156. return e
  157. }
  158. }
  159. }
  160. if e := tx.Save(oldInbound).Error; e != nil {
  161. return e
  162. }
  163. finalClients, gcErr := inboundSvc.GetClients(oldInbound)
  164. if gcErr != nil {
  165. return gcErr
  166. }
  167. if err := s.SyncInbound(tx, inboundId, finalClients); err != nil {
  168. return err
  169. }
  170. if oldInbound.NodeID != nil {
  171. return (&NodeService{}).MarkNodeDirtyTx(tx, *oldInbound.NodeID)
  172. }
  173. return nil
  174. }); txErr != nil {
  175. return needRestart, txErr
  176. }
  177. // Resolve the node push plan once for the whole batch instead of per email.
  178. var nodeRt runtime.Runtime
  179. nodePush := false
  180. if oldInbound.NodeID != nil {
  181. rt, push, _, perr := inboundSvc.nodePushPlan(oldInbound)
  182. if perr != nil {
  183. return needRestart, perr
  184. }
  185. nodeRt, nodePush = rt, push
  186. // Large batches collapse into one reconcile push rather than M deletes.
  187. if nodePush && len(targets) > nodeBulkPushThreshold {
  188. nodePush = false
  189. }
  190. }
  191. // Apply runtime deletes after commit — outside the serialized writer so a
  192. // slow node call can't stall traffic accounting.
  193. nodePushFailed := false
  194. for _, t := range targets {
  195. if len(t.email) == 0 {
  196. continue
  197. }
  198. if oldInbound.NodeID == nil {
  199. if t.needApiDel && t.notDepleted {
  200. rt, rterr := inboundSvc.runtimeFor(oldInbound)
  201. if rterr != nil {
  202. needRestart = true
  203. } else if err1 := rt.RemoveUser(context.Background(), oldInbound, t.email); err1 != nil {
  204. if !strings.Contains(err1.Error(), fmt.Sprintf("User %s not found.", t.email)) {
  205. needRestart = true
  206. }
  207. }
  208. }
  209. } else if nodePush {
  210. if err1 := nodeRt.DeleteUser(context.Background(), oldInbound, t.email); err1 != nil {
  211. logger.Warning("Error in deleting client on", nodeRt.Name(), ":", err1)
  212. nodePushFailed = true
  213. }
  214. }
  215. }
  216. if nodePush && !nodePushFailed {
  217. advancePushedInbound(nodeRt, prevSettings, oldInbound)
  218. }
  219. return needRestart, nil
  220. }
  221. func (s *ClientService) checkEmailsExistForClients(inboundSvc *InboundService, clients []model.Client, emailSubIDs map[string]string) (string, error) {
  222. if emailSubIDs == nil {
  223. var err error
  224. emailSubIDs, err = inboundSvc.getAllEmailSubIDs()
  225. if err != nil {
  226. return "", err
  227. }
  228. }
  229. seen := make(map[string]string, len(clients))
  230. for _, client := range clients {
  231. if client.Email == "" {
  232. continue
  233. }
  234. key := strings.ToLower(client.Email)
  235. if prev, ok := seen[key]; ok {
  236. if prev != client.SubID || client.SubID == "" {
  237. return client.Email, nil
  238. }
  239. continue
  240. }
  241. seen[key] = client.SubID
  242. if existingSub, ok := emailSubIDs[key]; ok {
  243. if client.SubID == "" || existingSub == "" || existingSub != client.SubID {
  244. return client.Email, nil
  245. }
  246. }
  247. }
  248. return "", nil
  249. }
  250. func (s *ClientService) AddInboundClient(inboundSvc *InboundService, data *model.Inbound) (bool, error) {
  251. return s.addInboundClient(inboundSvc, data, nil)
  252. }
  253. // addInboundClient is AddInboundClient with an optional precomputed email→subId
  254. // map. Bulk callers pass a single snapshot so the global getAllEmailSubIDs scan
  255. // runs once for the whole batch instead of once per target inbound; a nil map
  256. // makes it compute its own (the single-add path).
  257. func (s *ClientService) addInboundClient(inboundSvc *InboundService, data *model.Inbound, emailSubIDs map[string]string) (bool, error) {
  258. defer lockInbound(data.Id).Unlock()
  259. clients, err := inboundSvc.GetClients(data)
  260. if err != nil {
  261. return false, err
  262. }
  263. var settings map[string]any
  264. err = json.Unmarshal([]byte(data.Settings), &settings)
  265. if err != nil {
  266. return false, err
  267. }
  268. interfaceClients := settings["clients"].([]any)
  269. nowTs := time.Now().Unix() * 1000
  270. for i := range interfaceClients {
  271. if cm, ok := interfaceClients[i].(map[string]any); ok {
  272. if _, ok2 := cm["created_at"]; !ok2 {
  273. cm["created_at"] = nowTs
  274. }
  275. cm["updated_at"] = nowTs
  276. existingSub, _ := cm["subId"].(string)
  277. if strings.TrimSpace(existingSub) == "" {
  278. cm["subId"] = random.NumLower(16)
  279. }
  280. interfaceClients[i] = cm
  281. }
  282. }
  283. existEmail, err := s.checkEmailsExistForClients(inboundSvc, clients, emailSubIDs)
  284. if err != nil {
  285. return false, err
  286. }
  287. if existEmail != "" {
  288. return false, common.NewError("Duplicate email:", existEmail)
  289. }
  290. oldInbound, err := inboundSvc.GetInbound(data.Id)
  291. if err != nil {
  292. return false, err
  293. }
  294. existingClients, err := inboundSvc.GetClients(oldInbound)
  295. if err != nil {
  296. return false, err
  297. }
  298. // A client already on this inbound is skipped instead of appended again:
  299. // checkEmailsExistForClients exempts a matching subId so one identity can
  300. // live on several inbounds, which let retried or raced adds duplicate the
  301. // same email inside a single settings array (#5770). clients and
  302. // interfaceClients are parsed from the same data.Settings array, so they
  303. // stay index-aligned while filtering.
  304. if len(existingClients) > 0 && len(clients) > 0 {
  305. existingEmails := make(map[string]struct{}, len(existingClients))
  306. for _, c := range existingClients {
  307. if c.Email != "" {
  308. existingEmails[strings.ToLower(c.Email)] = struct{}{}
  309. }
  310. }
  311. keptClients := make([]model.Client, 0, len(clients))
  312. keptWire := make([]any, 0, len(interfaceClients))
  313. for i, c := range clients {
  314. if c.Email != "" {
  315. if _, dup := existingEmails[strings.ToLower(c.Email)]; dup {
  316. continue
  317. }
  318. }
  319. keptClients = append(keptClients, c)
  320. if i < len(interfaceClients) {
  321. keptWire = append(keptWire, interfaceClients[i])
  322. }
  323. }
  324. if len(keptClients) == 0 {
  325. return false, nil
  326. }
  327. clients = keptClients
  328. interfaceClients = keptWire
  329. }
  330. if oldInbound.Protocol == model.WireGuard {
  331. if dErr := defaultWireguardClients(existingClients, clients, interfaceClients); dErr != nil {
  332. return false, dErr
  333. }
  334. }
  335. for _, client := range clients {
  336. if strings.TrimSpace(client.Email) == "" {
  337. return false, common.NewError("client email is required")
  338. }
  339. switch oldInbound.Protocol {
  340. case "trojan":
  341. if client.Password == "" {
  342. return false, common.NewError("empty client ID")
  343. }
  344. case "shadowsocks":
  345. if client.Email == "" {
  346. return false, common.NewError("empty client ID")
  347. }
  348. case "hysteria":
  349. if client.Auth == "" {
  350. return false, common.NewError("empty client ID")
  351. }
  352. case "wireguard":
  353. if client.PublicKey == "" {
  354. return false, common.NewError("wireguard client requires a key")
  355. }
  356. case "mtproto":
  357. if client.Secret == "" {
  358. return false, common.NewError("mtproto client requires a secret")
  359. }
  360. default:
  361. if client.ID == "" {
  362. return false, common.NewError("empty client ID")
  363. }
  364. }
  365. }
  366. var oldSettings map[string]any
  367. err = json.Unmarshal([]byte(oldInbound.Settings), &oldSettings)
  368. if err != nil {
  369. return false, err
  370. }
  371. if oldInbound.Protocol == model.Shadowsocks {
  372. applyShadowsocksClientMethod(interfaceClients, oldSettings)
  373. }
  374. oldClients, _ := oldSettings["clients"].([]any)
  375. oldClients = compactOrphans(database.GetDB(), oldClients)
  376. oldClients = append(oldClients, interfaceClients...)
  377. oldSettings["clients"] = oldClients
  378. newSettings, err := json.MarshalIndent(oldSettings, "", " ")
  379. if err != nil {
  380. return false, err
  381. }
  382. prevSettings := oldInbound.Settings
  383. oldInbound.Settings = string(newSettings)
  384. needRestart := false
  385. rt, push, _, perr := inboundSvc.nodePushPlan(oldInbound)
  386. if perr != nil {
  387. return false, perr
  388. }
  389. // Persist client stats + inbound atomically, serialized against the traffic
  390. // poll to avoid the cross-transaction lock-order deadlock (runSerializedTx).
  391. if txErr := runSerializedTx(func(tx *gorm.DB) error {
  392. for i := range clients {
  393. if len(clients[i].Email) == 0 {
  394. continue
  395. }
  396. if e := inboundSvc.AddClientStat(tx, data.Id, &clients[i]); e != nil {
  397. return e
  398. }
  399. }
  400. if e := tx.Save(oldInbound).Error; e != nil {
  401. return e
  402. }
  403. finalClients, gcErr := inboundSvc.GetClients(oldInbound)
  404. if gcErr != nil {
  405. return gcErr
  406. }
  407. if err := s.SyncInbound(tx, oldInbound.Id, finalClients); err != nil {
  408. return err
  409. }
  410. if oldInbound.NodeID != nil {
  411. return (&NodeService{}).MarkNodeDirtyTx(tx, *oldInbound.NodeID)
  412. }
  413. return nil
  414. }); txErr != nil {
  415. return false, txErr
  416. }
  417. // Apply to the running runtime after commit — outside the serialized writer
  418. // so a slow node call can't stall traffic accounting.
  419. if oldInbound.NodeID == nil {
  420. if !push {
  421. needRestart = true
  422. } else if oldInbound.Protocol == model.MTProto {
  423. inboundSvc.applyLocalMtproto(oldInbound.Id)
  424. } else {
  425. for _, client := range clients {
  426. if len(client.Email) == 0 {
  427. needRestart = true
  428. continue
  429. }
  430. if !client.Enable {
  431. continue
  432. }
  433. cipher := ""
  434. if oldInbound.Protocol == "shadowsocks" {
  435. cipher = oldSettings["method"].(string)
  436. }
  437. err1 := rt.AddUser(context.Background(), oldInbound, map[string]any{
  438. "email": client.Email,
  439. "id": client.ID,
  440. "auth": client.Auth,
  441. "security": client.Security,
  442. "flow": client.Flow,
  443. "password": client.Password,
  444. "cipher": cipher,
  445. "publicKey": client.PublicKey,
  446. "allowedIPs": client.AllowedIPs,
  447. "preSharedKey": client.PreSharedKey,
  448. "keepAlive": keepAliveStr(client.KeepAlive),
  449. })
  450. if err1 == nil {
  451. logger.Debug("Client added on", rt.Name(), ":", client.Email)
  452. } else {
  453. logger.Debug("Error in adding client on", rt.Name(), ":", err1)
  454. needRestart = true
  455. }
  456. }
  457. }
  458. } else {
  459. // Large batches would be M sequential per-client RPCs; the inbound's saved
  460. // settings already hold the final set, so mark dirty and let one reconcile
  461. // push converge the node instead.
  462. if push && len(clients) > nodeBulkPushThreshold {
  463. push = false
  464. }
  465. for _, client := range clients {
  466. if push {
  467. if err1 := rt.AddClient(context.Background(), oldInbound, client); err1 != nil {
  468. logger.Warning("Error in adding client on", rt.Name(), ":", err1)
  469. push = false
  470. }
  471. }
  472. }
  473. if push {
  474. advancePushedInbound(rt, prevSettings, oldInbound)
  475. }
  476. }
  477. return needRestart, nil
  478. }
  479. func (s *ClientService) UpdateInboundClient(inboundSvc *InboundService, data *model.Inbound, oldEmail string) (bool, error) {
  480. defer lockInbound(data.Id).Unlock()
  481. clients, err := inboundSvc.GetClients(data)
  482. if err != nil {
  483. return false, err
  484. }
  485. var settings map[string]any
  486. err = json.Unmarshal([]byte(data.Settings), &settings)
  487. if err != nil {
  488. return false, err
  489. }
  490. interfaceClients := settings["clients"].([]any)
  491. oldInbound, err := inboundSvc.GetInbound(data.Id)
  492. if err != nil {
  493. return false, err
  494. }
  495. oldClients, err := inboundSvc.GetClients(oldInbound)
  496. if err != nil {
  497. return false, err
  498. }
  499. newClientId := ""
  500. switch oldInbound.Protocol {
  501. case "trojan":
  502. newClientId = clients[0].Password
  503. case "shadowsocks":
  504. newClientId = clients[0].Email
  505. case "hysteria":
  506. newClientId = clients[0].Auth
  507. case "wireguard":
  508. newClientId = clients[0].Email
  509. case "mtproto":
  510. newClientId = clients[0].Email
  511. default:
  512. newClientId = clients[0].ID
  513. }
  514. // Locate the client to replace by email — the client's stable identity.
  515. // Credentials (uuid/password/auth) can drift from the inbound JSON, so they
  516. // are never used for matching.
  517. clientIndex := -1
  518. for index, oldClient := range oldClients {
  519. if strings.EqualFold(oldClient.Email, oldEmail) {
  520. oldEmail = oldClient.Email
  521. clientIndex = index
  522. break
  523. }
  524. }
  525. if newClientId == "" || clientIndex == -1 {
  526. return false, common.NewError("empty client ID")
  527. }
  528. if strings.TrimSpace(clients[0].Email) == "" {
  529. return false, common.NewError("client email is required")
  530. }
  531. if clients[0].Email != oldEmail {
  532. existEmail, err := s.checkEmailsExistForClients(inboundSvc, clients, nil)
  533. if err != nil {
  534. return false, err
  535. }
  536. if existEmail != "" {
  537. return false, common.NewError("Duplicate email:", existEmail)
  538. }
  539. }
  540. // WireGuard keys are never rotated by an edit: when the incoming payload omits
  541. // them (a metadata-only change), carry the stored credentials forward so the
  542. // settings JSON and the running peer keep the client's identity.
  543. if oldInbound.Protocol == model.WireGuard && clientIndex >= 0 && clientIndex < len(oldClients) {
  544. old := oldClients[clientIndex]
  545. if clients[0].PrivateKey == "" {
  546. clients[0].PrivateKey = old.PrivateKey
  547. }
  548. if clients[0].PublicKey == "" {
  549. clients[0].PublicKey = old.PublicKey
  550. }
  551. if len(clients[0].AllowedIPs) == 0 {
  552. clients[0].AllowedIPs = old.AllowedIPs
  553. } else {
  554. normalized, nErr := normalizeWireguardAllowedIPs(clients[0].AllowedIPs)
  555. if nErr != nil {
  556. return false, nErr
  557. }
  558. if len(normalized) == 0 {
  559. clients[0].AllowedIPs = old.AllowedIPs
  560. } else {
  561. peers := make([]string, 0, len(oldClients))
  562. for i := range oldClients {
  563. if i == clientIndex {
  564. continue
  565. }
  566. peers = append(peers, oldClients[i].AllowedIPs...)
  567. }
  568. if hit := wireguardAllowedIPsCollision(normalized, peers); hit != "" {
  569. return false, common.NewError("wireguard: allowedIPs entry already used by another client:", hit)
  570. }
  571. clients[0].AllowedIPs = normalized
  572. }
  573. }
  574. if clients[0].PreSharedKey == "" {
  575. clients[0].PreSharedKey = old.PreSharedKey
  576. }
  577. if clients[0].KeepAlive == 0 {
  578. clients[0].KeepAlive = old.KeepAlive
  579. }
  580. }
  581. var oldSettings map[string]any
  582. err = json.Unmarshal([]byte(oldInbound.Settings), &oldSettings)
  583. if err != nil {
  584. return false, err
  585. }
  586. settingsClients, _ := oldSettings["clients"].([]any)
  587. var preservedCreated any
  588. var preservedSubID string
  589. var oldClientMap map[string]any
  590. if clientIndex >= 0 && clientIndex < len(settingsClients) {
  591. if oldMap, ok := settingsClients[clientIndex].(map[string]any); ok {
  592. oldClientMap = oldMap
  593. if v, ok2 := oldMap["created_at"]; ok2 {
  594. preservedCreated = v
  595. }
  596. preservedSubID, _ = oldMap["subId"].(string)
  597. }
  598. }
  599. if oldInbound.Protocol == model.Shadowsocks {
  600. applyShadowsocksClientMethod(interfaceClients, oldSettings)
  601. }
  602. if len(interfaceClients) > 0 {
  603. if newMap, ok := interfaceClients[0].(map[string]any); ok {
  604. if preservedCreated == nil {
  605. preservedCreated = time.Now().Unix() * 1000
  606. }
  607. newMap["created_at"] = preservedCreated
  608. newSub, _ := newMap["subId"].(string)
  609. if strings.TrimSpace(newSub) == "" {
  610. if strings.TrimSpace(preservedSubID) != "" {
  611. newMap["subId"] = preservedSubID
  612. } else {
  613. newMap["subId"] = random.NumLower(16)
  614. }
  615. }
  616. if v, ok2 := newMap["subId"].(string); ok2 {
  617. clients[0].SubID = v
  618. }
  619. if oldInbound.Protocol == model.WireGuard {
  620. newMap["privateKey"] = clients[0].PrivateKey
  621. newMap["publicKey"] = clients[0].PublicKey
  622. newMap["allowedIPs"] = clients[0].AllowedIPs
  623. if clients[0].PreSharedKey != "" {
  624. newMap["preSharedKey"] = clients[0].PreSharedKey
  625. }
  626. if clients[0].KeepAlive > 0 {
  627. newMap["keepAlive"] = clients[0].KeepAlive
  628. }
  629. }
  630. if oldClientMap != nil && sameClientConfigExceptUpdatedAt(oldClientMap, newMap) {
  631. if v, ok2 := oldClientMap["updated_at"]; ok2 {
  632. newMap["updated_at"] = v
  633. } else {
  634. delete(newMap, "updated_at")
  635. }
  636. } else {
  637. newMap["updated_at"] = time.Now().Unix() * 1000
  638. }
  639. interfaceClients[0] = newMap
  640. }
  641. }
  642. settingsClients[clientIndex] = interfaceClients[0]
  643. oldSettings["clients"] = settingsClients
  644. if oldInbound.Protocol == model.VLESS {
  645. hasVisionFlow := false
  646. for _, c := range settingsClients {
  647. cm, ok := c.(map[string]any)
  648. if !ok {
  649. continue
  650. }
  651. if flow, _ := cm["flow"].(string); flow == "xtls-rprx-vision" {
  652. hasVisionFlow = true
  653. break
  654. }
  655. }
  656. if !hasVisionFlow {
  657. delete(oldSettings, "testseed")
  658. }
  659. }
  660. newSettings, err := json.MarshalIndent(oldSettings, "", " ")
  661. if err != nil {
  662. return false, err
  663. }
  664. if string(newSettings) == oldInbound.Settings {
  665. return false, nil
  666. }
  667. prevSettings := oldInbound.Settings
  668. oldInbound.Settings = string(newSettings)
  669. needRestart := false
  670. // Resolve the push plan before the DB write so a node-state lookup failure
  671. // still aborts the whole update without committing anything (it used to roll
  672. // the transaction back). nodePushPlan only reads, so order doesn't matter.
  673. var rt runtime.Runtime
  674. var push bool
  675. if len(oldEmail) > 0 {
  676. var perr error
  677. rt, push, _, perr = inboundSvc.nodePushPlan(oldInbound)
  678. if perr != nil {
  679. return false, perr
  680. }
  681. }
  682. // Persist client stats + inbound atomically, serialized against the traffic
  683. // poll to avoid the cross-transaction lock-order deadlock (runSerializedTx).
  684. if txErr := runSerializedTx(func(tx *gorm.DB) error {
  685. if len(clients[0].Email) > 0 {
  686. if len(oldEmail) > 0 {
  687. emailUnchanged := strings.EqualFold(oldEmail, clients[0].Email)
  688. targetExists := int64(0)
  689. if !emailUnchanged {
  690. if e := tx.Model(xray.ClientTraffic{}).Where("email = ?", clients[0].Email).Count(&targetExists).Error; e != nil {
  691. return e
  692. }
  693. }
  694. if emailUnchanged || targetExists == 0 {
  695. if e := inboundSvc.UpdateClientStat(tx, oldEmail, &clients[0]); e != nil {
  696. return e
  697. }
  698. if e := inboundSvc.UpdateClientIPs(tx, oldEmail, clients[0].Email); e != nil {
  699. return e
  700. }
  701. } else {
  702. stillUsed, sErr := inboundSvc.emailUsedByOtherInbounds(oldEmail, data.Id)
  703. if sErr != nil {
  704. return sErr
  705. }
  706. if !stillUsed {
  707. if e := inboundSvc.DelClientStat(tx, oldEmail); e != nil {
  708. return e
  709. }
  710. if e := inboundSvc.DelClientIPs(tx, oldEmail); e != nil {
  711. return e
  712. }
  713. }
  714. if e := inboundSvc.UpdateClientStat(tx, clients[0].Email, &clients[0]); e != nil {
  715. return e
  716. }
  717. }
  718. } else {
  719. if e := inboundSvc.AddClientStat(tx, data.Id, &clients[0]); e != nil {
  720. return e
  721. }
  722. }
  723. } else {
  724. stillUsed, sErr := inboundSvc.emailUsedByOtherInbounds(oldEmail, data.Id)
  725. if sErr != nil {
  726. return sErr
  727. }
  728. if !stillUsed {
  729. if e := inboundSvc.DelClientStat(tx, oldEmail); e != nil {
  730. return e
  731. }
  732. if e := inboundSvc.DelClientIPs(tx, oldEmail); e != nil {
  733. return e
  734. }
  735. }
  736. }
  737. if e := tx.Save(oldInbound).Error; e != nil {
  738. return e
  739. }
  740. finalClients, gcErr := inboundSvc.GetClients(oldInbound)
  741. if gcErr != nil {
  742. return gcErr
  743. }
  744. if err := s.SyncInbound(tx, oldInbound.Id, finalClients); err != nil {
  745. return err
  746. }
  747. if oldInbound.NodeID != nil {
  748. return (&NodeService{}).MarkNodeDirtyTx(tx, *oldInbound.NodeID)
  749. }
  750. return nil
  751. }); txErr != nil {
  752. return false, txErr
  753. }
  754. // Apply to the running runtime after the DB is committed — outside the
  755. // serialized writer so a slow node call can't stall traffic accounting.
  756. if len(oldEmail) > 0 {
  757. if oldInbound.NodeID == nil {
  758. if !push {
  759. needRestart = true
  760. } else if oldInbound.Protocol == model.MTProto {
  761. inboundSvc.applyLocalMtproto(oldInbound.Id)
  762. } else {
  763. if oldClients[clientIndex].Enable {
  764. err1 := rt.RemoveUser(context.Background(), oldInbound, oldEmail)
  765. if err1 == nil {
  766. logger.Debug("Old client deleted on", rt.Name(), ":", oldEmail)
  767. } else if strings.Contains(err1.Error(), fmt.Sprintf("User %s not found.", oldEmail)) {
  768. logger.Debug("User is already deleted. Nothing to do more...")
  769. } else {
  770. logger.Debug("Error in deleting client on", rt.Name(), ":", err1)
  771. needRestart = true
  772. }
  773. }
  774. if clients[0].Enable {
  775. cipher := ""
  776. if oldInbound.Protocol == "shadowsocks" {
  777. cipher = oldSettings["method"].(string)
  778. }
  779. err1 := rt.AddUser(context.Background(), oldInbound, map[string]any{
  780. "email": clients[0].Email,
  781. "id": clients[0].ID,
  782. "security": clients[0].Security,
  783. "flow": clients[0].Flow,
  784. "auth": clients[0].Auth,
  785. "password": clients[0].Password,
  786. "cipher": cipher,
  787. "publicKey": clients[0].PublicKey,
  788. "allowedIPs": clients[0].AllowedIPs,
  789. "preSharedKey": clients[0].PreSharedKey,
  790. "keepAlive": keepAliveStr(clients[0].KeepAlive),
  791. })
  792. if err1 == nil {
  793. logger.Debug("Client edited on", rt.Name(), ":", clients[0].Email)
  794. } else {
  795. logger.Debug("Error in adding client on", rt.Name(), ":", err1)
  796. needRestart = true
  797. }
  798. }
  799. }
  800. } else if push {
  801. if err1 := rt.UpdateUser(context.Background(), oldInbound, oldEmail, clients[0]); err1 != nil {
  802. logger.Warning("Error in updating client on", rt.Name(), ":", err1)
  803. } else {
  804. advancePushedInbound(rt, prevSettings, oldInbound)
  805. }
  806. }
  807. } else {
  808. logger.Debug("Client old email not found")
  809. needRestart = true
  810. }
  811. return needRestart, nil
  812. }
  813. func (s *ClientService) DelInboundClientByEmail(inboundSvc *InboundService, inboundId int, email string, keepTraffic bool, fullDelete bool) (bool, error) {
  814. defer lockInbound(inboundId).Unlock()
  815. oldInbound, err := inboundSvc.GetInbound(inboundId)
  816. if err != nil {
  817. logger.Error("Load Old Data Error")
  818. return false, err
  819. }
  820. var settings map[string]any
  821. if err := json.Unmarshal([]byte(oldInbound.Settings), &settings); err != nil {
  822. return false, err
  823. }
  824. interfaceClients, ok := settings["clients"].([]any)
  825. if !ok {
  826. return false, common.NewError("invalid clients format in inbound settings")
  827. }
  828. var newClients []any
  829. needApiDel := false
  830. found := false
  831. for _, client := range interfaceClients {
  832. c, ok := client.(map[string]any)
  833. if !ok {
  834. continue
  835. }
  836. if cEmail, ok := c["email"].(string); ok && cEmail == email {
  837. found = true
  838. needApiDel, _ = c["enable"].(bool)
  839. } else {
  840. newClients = append(newClients, client)
  841. }
  842. }
  843. if !found {
  844. return false, fmt.Errorf("%w for email: %s", ErrClientNotInInbound, email)
  845. }
  846. db := database.GetDB()
  847. newClients = compactOrphans(db, newClients)
  848. if newClients == nil {
  849. newClients = []any{}
  850. }
  851. settings["clients"] = newClients
  852. newSettings, err := json.MarshalIndent(settings, "", " ")
  853. if err != nil {
  854. return false, err
  855. }
  856. prevSettings := oldInbound.Settings
  857. oldInbound.Settings = string(newSettings)
  858. emailShared, err := inboundSvc.emailUsedByOtherInbounds(email, inboundId)
  859. if err != nil {
  860. return false, err
  861. }
  862. needRestart := false
  863. // Decide what to delete and the push plan before the serialized DB write —
  864. // these are reads, and nodePushPlan failing should abort before committing.
  865. delStat := false
  866. if len(email) > 0 && !emailShared && !keepTraffic {
  867. traffic, tErr := inboundSvc.GetClientTrafficByEmail(email)
  868. if tErr != nil {
  869. return false, tErr
  870. }
  871. delStat = traffic != nil
  872. }
  873. // The runtime user is scoped to this inbound's tag + email, so the push plan
  874. // is resolved independently of emailShared — a sibling inbound still carrying
  875. // the email must not suppress removing the user from this inbound's Xray.
  876. var rt runtime.Runtime
  877. var push bool
  878. if len(email) > 0 && (oldInbound.NodeID != nil || needApiDel) {
  879. r, p, _, perr := inboundSvc.nodePushPlan(oldInbound)
  880. if perr != nil {
  881. return false, perr
  882. }
  883. rt, push = r, p
  884. }
  885. // Persist the deletion atomically, serialized against the traffic poll to
  886. // avoid the cross-transaction lock-order deadlock (runSerializedTx).
  887. if txErr := runSerializedTx(func(tx *gorm.DB) error {
  888. if !emailShared && !keepTraffic {
  889. if e := inboundSvc.DelClientIPs(tx, email); e != nil {
  890. logger.Error("Error in delete client IPs")
  891. return e
  892. }
  893. }
  894. if delStat {
  895. if e := inboundSvc.DelClientStat(tx, email); e != nil {
  896. logger.Error("Delete stats Data Error")
  897. return e
  898. }
  899. }
  900. if e := tx.Save(oldInbound).Error; e != nil {
  901. return e
  902. }
  903. finalClients, gcErr := inboundSvc.GetClients(oldInbound)
  904. if gcErr != nil {
  905. return gcErr
  906. }
  907. if err := s.SyncInbound(tx, inboundId, finalClients); err != nil {
  908. return err
  909. }
  910. if oldInbound.NodeID != nil {
  911. return (&NodeService{}).MarkNodeDirtyTx(tx, *oldInbound.NodeID)
  912. }
  913. return nil
  914. }); txErr != nil {
  915. return false, txErr
  916. }
  917. // Apply the runtime delete after commit — outside the serialized writer so a
  918. // slow node call can't stall traffic accounting. Independent of emailShared:
  919. // Xray users are keyed by inbound tag, so the user must be removed from this
  920. // inbound's runtime even when the same email survives in another inbound.
  921. if len(email) > 0 {
  922. if oldInbound.NodeID == nil {
  923. if oldInbound.Protocol == model.MTProto {
  924. // mtg serves the full secret set, so any client delete re-applies
  925. // it (removing the last client stops the sidecar) regardless of the
  926. // client's enable state.
  927. inboundSvc.applyLocalMtproto(oldInbound.Id)
  928. } else if needApiDel {
  929. // Local inbound: a disabled client isn't in the running Xray, so only
  930. // a live one (needApiDel) needs an API removal.
  931. if !push {
  932. needRestart = true
  933. } else if err1 := rt.RemoveUser(context.Background(), oldInbound, email); err1 == nil {
  934. logger.Debug("Client deleted on", rt.Name(), ":", email)
  935. needRestart = false
  936. } else if strings.Contains(err1.Error(), fmt.Sprintf("User %s not found.", email)) {
  937. logger.Debug("User is already deleted. Nothing to do more...")
  938. } else {
  939. logger.Debug("Error in deleting client on", rt.Name(), ":", email)
  940. needRestart = true
  941. }
  942. }
  943. } else {
  944. // Node inbound: propagate the delete regardless of the enable flag —
  945. // the node's own DB still carries a disabled client and would
  946. // resurrect it on the next snapshot otherwise. A full client delete
  947. // must remove the node's client record too, not just detach it from
  948. // this inbound (#5797).
  949. if push {
  950. var err1 error
  951. if fullDelete {
  952. err1 = rt.DeleteClient(context.Background(), email)
  953. } else {
  954. err1 = rt.DeleteUser(context.Background(), oldInbound, email)
  955. }
  956. if err1 != nil {
  957. logger.Warning("Error in deleting client on", rt.Name(), ":", err1)
  958. } else {
  959. advancePushedInbound(rt, prevSettings, oldInbound)
  960. }
  961. }
  962. }
  963. }
  964. return needRestart, nil
  965. }
  966. func (s *ClientService) SetClientTelegramUserID(inboundSvc *InboundService, trafficId int, tgId int64) (bool, error) {
  967. traffic, inbound, err := inboundSvc.GetClientInboundByTrafficID(trafficId)
  968. if err != nil {
  969. return false, err
  970. }
  971. if inbound == nil {
  972. return false, common.NewError("Inbound Not Found For Traffic ID:", trafficId)
  973. }
  974. clientEmail := traffic.Email
  975. oldClients, err := inboundSvc.GetClients(inbound)
  976. if err != nil {
  977. return false, err
  978. }
  979. found := false
  980. for _, oldClient := range oldClients {
  981. if oldClient.Email == clientEmail {
  982. found = true
  983. break
  984. }
  985. }
  986. if !found {
  987. return false, common.NewError("Client Not Found For Email:", clientEmail)
  988. }
  989. var settings map[string]any
  990. err = json.Unmarshal([]byte(inbound.Settings), &settings)
  991. if err != nil {
  992. return false, err
  993. }
  994. clients := settings["clients"].([]any)
  995. var newClients []any
  996. for client_index := range clients {
  997. c := clients[client_index].(map[string]any)
  998. if c["email"] == clientEmail {
  999. c["tgId"] = tgId
  1000. c["updated_at"] = time.Now().Unix() * 1000
  1001. newClients = append(newClients, any(c))
  1002. }
  1003. }
  1004. settings["clients"] = newClients
  1005. modifiedSettings, err := json.MarshalIndent(settings, "", " ")
  1006. if err != nil {
  1007. return false, err
  1008. }
  1009. inbound.Settings = string(modifiedSettings)
  1010. needRestart, err := s.UpdateInboundClient(inboundSvc, inbound, clientEmail)
  1011. return needRestart, err
  1012. }
  1013. func (s *ClientService) CheckIsEnabledByEmail(inboundSvc *InboundService, clientEmail string) (bool, error) {
  1014. _, inbound, err := inboundSvc.GetClientInboundByEmail(clientEmail)
  1015. if err != nil {
  1016. return false, err
  1017. }
  1018. if inbound == nil {
  1019. return false, common.NewError("Inbound Not Found For Email:", clientEmail)
  1020. }
  1021. clients, err := inboundSvc.GetClients(inbound)
  1022. if err != nil {
  1023. return false, err
  1024. }
  1025. isEnable := false
  1026. for _, client := range clients {
  1027. if client.Email == clientEmail {
  1028. isEnable = client.Enable
  1029. break
  1030. }
  1031. }
  1032. return isEnable, err
  1033. }
  1034. func (s *ClientService) ToggleClientEnableByEmail(inboundSvc *InboundService, clientEmail string) (bool, bool, error) {
  1035. _, inbound, err := inboundSvc.GetClientInboundByEmail(clientEmail)
  1036. if err != nil {
  1037. return false, false, err
  1038. }
  1039. if inbound == nil {
  1040. return false, false, common.NewError("Inbound Not Found For Email:", clientEmail)
  1041. }
  1042. oldClients, err := inboundSvc.GetClients(inbound)
  1043. if err != nil {
  1044. return false, false, err
  1045. }
  1046. found := false
  1047. clientOldEnabled := false
  1048. for _, oldClient := range oldClients {
  1049. if oldClient.Email == clientEmail {
  1050. found = true
  1051. clientOldEnabled = oldClient.Enable
  1052. break
  1053. }
  1054. }
  1055. if !found {
  1056. return false, false, common.NewError("Client Not Found For Email:", clientEmail)
  1057. }
  1058. var settings map[string]any
  1059. err = json.Unmarshal([]byte(inbound.Settings), &settings)
  1060. if err != nil {
  1061. return false, false, err
  1062. }
  1063. clients := settings["clients"].([]any)
  1064. var newClients []any
  1065. for client_index := range clients {
  1066. c := clients[client_index].(map[string]any)
  1067. if c["email"] == clientEmail {
  1068. c["enable"] = !clientOldEnabled
  1069. c["updated_at"] = time.Now().Unix() * 1000
  1070. newClients = append(newClients, any(c))
  1071. }
  1072. }
  1073. settings["clients"] = newClients
  1074. modifiedSettings, err := json.MarshalIndent(settings, "", " ")
  1075. if err != nil {
  1076. return false, false, err
  1077. }
  1078. inbound.Settings = string(modifiedSettings)
  1079. needRestart, err := s.UpdateInboundClient(inboundSvc, inbound, clientEmail)
  1080. if err != nil {
  1081. return false, needRestart, err
  1082. }
  1083. return !clientOldEnabled, needRestart, nil
  1084. }
  1085. func (s *ClientService) SetClientEnableByEmail(inboundSvc *InboundService, clientEmail string, enable bool) (bool, bool, error) {
  1086. current, err := s.CheckIsEnabledByEmail(inboundSvc, clientEmail)
  1087. if err != nil {
  1088. return false, false, err
  1089. }
  1090. if current == enable {
  1091. return false, false, nil
  1092. }
  1093. newEnabled, needRestart, err := s.ToggleClientEnableByEmail(inboundSvc, clientEmail)
  1094. if err != nil {
  1095. return false, needRestart, err
  1096. }
  1097. return newEnabled == enable, needRestart, nil
  1098. }
  1099. // applyClientFieldByEmail loads the inbound currently hosting clientEmail,
  1100. // confirms the client exists, applies mutate to the matching client (plus a
  1101. // refreshed updated_at), and hands a single-client update payload to
  1102. // UpdateInboundClient. The rebuilt clients array intentionally contains only
  1103. // the matched client — that is the input contract UpdateInboundClient expects
  1104. // (clients[0] is the new data; clientEmail locates the row to replace). It
  1105. // backs the single-field by-email setters below.
  1106. // applyClientFieldByEmail mutates a client field on every inbound the email is
  1107. // attached to. A multi-inbound client is one logical identity: patching only
  1108. // the first inbound's JSON would leave the siblings stale, and the next
  1109. // SyncInbound over a stale sibling would revert the edit in the normalized
  1110. // records (#5039).
  1111. func (s *ClientService) applyClientFieldByEmail(inboundSvc *InboundService, clientEmail string, mutate func(c map[string]any)) (bool, error) {
  1112. inboundIds, err := s.GetInboundIdsForEmail(database.GetDB(), clientEmail)
  1113. if err != nil {
  1114. return false, err
  1115. }
  1116. if len(inboundIds) == 0 {
  1117. // Legacy fallback for clients that only live in the inbound JSON and
  1118. // were never normalized into client_inbounds.
  1119. _, inbound, gErr := inboundSvc.GetClientInboundByEmail(clientEmail)
  1120. if gErr != nil {
  1121. return false, gErr
  1122. }
  1123. if inbound == nil {
  1124. return false, common.NewError("Inbound Not Found For Email:", clientEmail)
  1125. }
  1126. inboundIds = []int{inbound.Id}
  1127. }
  1128. needRestart := false
  1129. found := false
  1130. for _, ibId := range inboundIds {
  1131. inbound, gErr := inboundSvc.GetInbound(ibId)
  1132. if gErr != nil {
  1133. return needRestart, gErr
  1134. }
  1135. var settings map[string]any
  1136. if uErr := json.Unmarshal([]byte(inbound.Settings), &settings); uErr != nil {
  1137. return needRestart, uErr
  1138. }
  1139. clients, _ := settings["clients"].([]any)
  1140. // UpdateInboundClient expects a single-client payload, so keep only the
  1141. // matching entry in the scratch copy; it splices the result back into
  1142. // the inbound's full client list itself.
  1143. var newClients []any
  1144. for client_index := range clients {
  1145. c, ok := clients[client_index].(map[string]any)
  1146. if !ok {
  1147. continue
  1148. }
  1149. if c["email"] == clientEmail {
  1150. mutate(c)
  1151. c["updated_at"] = time.Now().Unix() * 1000
  1152. newClients = append(newClients, any(c))
  1153. }
  1154. }
  1155. if len(newClients) == 0 {
  1156. continue
  1157. }
  1158. found = true
  1159. settings["clients"] = newClients
  1160. modifiedSettings, mErr := json.MarshalIndent(settings, "", " ")
  1161. if mErr != nil {
  1162. return needRestart, mErr
  1163. }
  1164. inbound.Settings = string(modifiedSettings)
  1165. nr, uErr := s.UpdateInboundClient(inboundSvc, inbound, clientEmail)
  1166. if uErr != nil {
  1167. return needRestart, uErr
  1168. }
  1169. needRestart = needRestart || nr
  1170. }
  1171. if !found {
  1172. return needRestart, common.NewError("Client Not Found For Email:", clientEmail)
  1173. }
  1174. return needRestart, nil
  1175. }
  1176. func (s *ClientService) ResetClientIpLimitByEmail(inboundSvc *InboundService, clientEmail string, count int) (bool, error) {
  1177. return s.applyClientFieldByEmail(inboundSvc, clientEmail, func(c map[string]any) {
  1178. c["limitIp"] = count
  1179. })
  1180. }
  1181. func (s *ClientService) ResetClientExpiryTimeByEmail(inboundSvc *InboundService, clientEmail string, expiry_time int64) (bool, error) {
  1182. return s.applyClientFieldByEmail(inboundSvc, clientEmail, func(c map[string]any) {
  1183. c["expiryTime"] = expiry_time
  1184. })
  1185. }
  1186. func (s *ClientService) ResetClientTrafficLimitByEmail(inboundSvc *InboundService, clientEmail string, totalGB int) (bool, error) {
  1187. if totalGB < 0 {
  1188. return false, common.NewError("totalGB must be >= 0")
  1189. }
  1190. return s.applyClientFieldByEmail(inboundSvc, clientEmail, func(c map[string]any) {
  1191. c["totalGB"] = totalGB * 1024 * 1024 * 1024
  1192. })
  1193. }