db.go 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927
  1. package database
  2. import (
  3. "bytes"
  4. "context"
  5. "encoding/json"
  6. "errors"
  7. "fmt"
  8. "io"
  9. "log"
  10. "math"
  11. "os"
  12. "os/exec"
  13. "path"
  14. "runtime"
  15. "slices"
  16. "strconv"
  17. "strings"
  18. "time"
  19. "github.com/mhsanaei/3x-ui/v3/internal/config"
  20. "github.com/mhsanaei/3x-ui/v3/internal/database/model"
  21. "github.com/mhsanaei/3x-ui/v3/internal/util/crypto"
  22. "github.com/mhsanaei/3x-ui/v3/internal/util/random"
  23. "github.com/mhsanaei/3x-ui/v3/internal/xray"
  24. "gorm.io/driver/postgres"
  25. "gorm.io/driver/sqlite"
  26. "gorm.io/gorm"
  27. "gorm.io/gorm/logger"
  28. )
  29. var db *gorm.DB
  30. const (
  31. DialectSQLite = "sqlite"
  32. DialectPostgres = "postgres"
  33. )
  34. func IsPostgres() bool {
  35. if db == nil {
  36. return config.GetDBKind() == "postgres"
  37. }
  38. return db.Name() == "postgres"
  39. }
  40. func Dialect() string {
  41. if db == nil {
  42. return ""
  43. }
  44. return db.Name()
  45. }
  46. const (
  47. defaultUsername = "admin"
  48. defaultPassword = "admin"
  49. )
  50. func initModels() error {
  51. models := []any{
  52. &model.User{},
  53. &model.Inbound{},
  54. &model.OutboundTraffics{},
  55. &model.Setting{},
  56. &model.InboundClientIps{},
  57. &xray.ClientTraffic{},
  58. &model.HistoryOfSeeders{},
  59. &model.Node{},
  60. &model.ApiToken{},
  61. &model.ClientRecord{},
  62. &model.ClientInbound{},
  63. &model.ClientExternalLink{},
  64. &model.ClientGroup{},
  65. &model.InboundFallback{},
  66. &model.Host{},
  67. &model.NodeClientTraffic{},
  68. &model.NodeClientIp{},
  69. &model.ClientGlobalTraffic{},
  70. &model.OutboundSubscription{},
  71. }
  72. for _, mdl := range models {
  73. if IsPostgres() && postgresModelSettled(mdl) {
  74. continue
  75. }
  76. if err := db.AutoMigrate(mdl); err != nil {
  77. if isIgnorableDuplicateColumnErr(err, mdl) {
  78. log.Printf("Ignoring duplicate column during auto migration for %T: %v", mdl, err)
  79. continue
  80. }
  81. log.Printf("Error auto migrating model: %v", err)
  82. return err
  83. }
  84. }
  85. if err := dropLegacyInboundPortUnique(); err != nil {
  86. return err
  87. }
  88. if err := migrateHostVerifyPeerCertByNameColumn(); err != nil {
  89. return err
  90. }
  91. if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
  92. return err
  93. }
  94. if err := dropLegacyForeignKeys(); err != nil {
  95. return err
  96. }
  97. if err := pruneOrphanedClientInbounds(); err != nil {
  98. return err
  99. }
  100. if err := pruneOrphanedHosts(); err != nil {
  101. return err
  102. }
  103. if err := normalizeInboundSubSortIndex(); err != nil {
  104. return err
  105. }
  106. if err := repairOverflowedTrafficCounters(); err != nil {
  107. return err
  108. }
  109. if err := dedupeInboundSettingsClients(); err != nil {
  110. return err
  111. }
  112. if err := migrateLegacySocksInboundsToMixed(); err != nil {
  113. return err
  114. }
  115. if err := migrateShadowsocksRemovedCiphers(); err != nil {
  116. return err
  117. }
  118. if err := migrateVmessRemovedSecurities(); err != nil {
  119. return err
  120. }
  121. if IsPostgres() {
  122. if err := resyncPostgresSequences(db, models); err != nil {
  123. log.Printf("Error resyncing postgres sequences: %v", err)
  124. return err
  125. }
  126. }
  127. return nil
  128. }
  129. func postgresModelSettled(mdl any) bool {
  130. migrator := db.Migrator()
  131. if !migrator.HasTable(mdl) {
  132. return false
  133. }
  134. stmt := &gorm.Statement{DB: db}
  135. if err := stmt.Parse(mdl); err != nil || stmt.Schema == nil {
  136. return false
  137. }
  138. for _, dbName := range stmt.Schema.DBNames {
  139. if !migrator.HasColumn(mdl, dbName) {
  140. return false
  141. }
  142. }
  143. for _, idx := range stmt.Schema.ParseIndexes() {
  144. if !migrator.HasIndex(mdl, idx.Name) {
  145. return false
  146. }
  147. }
  148. return true
  149. }
  150. func dropLegacyForeignKeys() error {
  151. if !IsPostgres() {
  152. return nil
  153. }
  154. if err := db.Exec("ALTER TABLE client_traffics DROP CONSTRAINT IF EXISTS fk_inbounds_client_stats").Error; err != nil {
  155. log.Printf("Error dropping legacy foreign key fk_inbounds_client_stats: %v", err)
  156. return err
  157. }
  158. return nil
  159. }
  160. type sqliteIndexListRow struct {
  161. Name string `gorm:"column:name"`
  162. Unique int `gorm:"column:unique"`
  163. Origin string `gorm:"column:origin"`
  164. }
  165. func sqliteUniquePortIndexes() (autoIndexes, explicitIndexes []string, err error) {
  166. var list []sqliteIndexListRow
  167. if err = db.Raw(`PRAGMA index_list('inbounds')`).Scan(&list).Error; err != nil {
  168. return nil, nil, err
  169. }
  170. for _, idx := range list {
  171. if idx.Unique != 1 {
  172. continue
  173. }
  174. var cols []struct {
  175. Name string `gorm:"column:name"`
  176. }
  177. if err = db.Raw(`PRAGMA index_info("` + idx.Name + `")`).Scan(&cols).Error; err != nil {
  178. return nil, nil, err
  179. }
  180. if len(cols) != 1 || cols[0].Name != "port" {
  181. continue
  182. }
  183. if idx.Origin == "c" {
  184. explicitIndexes = append(explicitIndexes, idx.Name)
  185. } else {
  186. autoIndexes = append(autoIndexes, idx.Name)
  187. }
  188. }
  189. return autoIndexes, explicitIndexes, nil
  190. }
  191. // dropLegacyInboundPortUnique removes the pre-multi-node UNIQUE on inbounds.port,
  192. // which AutoMigrate never drops and which blocks cross-node port reuse on old SQLite DBs.
  193. func dropLegacyInboundPortUnique() error {
  194. if IsPostgres() {
  195. return nil
  196. }
  197. autoIndexes, explicitIndexes, err := sqliteUniquePortIndexes()
  198. if err != nil {
  199. return err
  200. }
  201. for _, name := range explicitIndexes {
  202. if err := db.Exec(`DROP INDEX IF EXISTS "` + name + `"`).Error; err != nil {
  203. return err
  204. }
  205. }
  206. if len(autoIndexes) == 0 {
  207. return nil
  208. }
  209. log.Printf("Rebuilding inbounds table to drop the legacy UNIQUE constraint on port")
  210. return rebuildInboundsWithoutInlineUniquePort()
  211. }
  212. func sqliteTableColumns(tx *gorm.DB, table string) ([]string, error) {
  213. var rows []struct {
  214. Name string `gorm:"column:name"`
  215. }
  216. if err := tx.Raw(`PRAGMA table_info("` + table + `")`).Scan(&rows).Error; err != nil {
  217. return nil, err
  218. }
  219. cols := make([]string, 0, len(rows))
  220. for _, r := range rows {
  221. cols = append(cols, r.Name)
  222. }
  223. return cols, nil
  224. }
  225. func rebuildInboundsWithoutInlineUniquePort() error {
  226. return db.Transaction(func(tx *gorm.DB) error {
  227. var list []sqliteIndexListRow
  228. if err := tx.Raw(`PRAGMA index_list('inbounds')`).Scan(&list).Error; err != nil {
  229. return err
  230. }
  231. for _, idx := range list {
  232. if idx.Origin != "c" {
  233. continue
  234. }
  235. if err := tx.Exec(`DROP INDEX IF EXISTS "` + idx.Name + `"`).Error; err != nil {
  236. return err
  237. }
  238. }
  239. if err := tx.Exec(`ALTER TABLE inbounds RENAME TO inbounds_legacy_rebuild`).Error; err != nil {
  240. return err
  241. }
  242. if err := tx.Migrator().CreateTable(&model.Inbound{}); err != nil {
  243. return err
  244. }
  245. newCols, err := sqliteTableColumns(tx, "inbounds")
  246. if err != nil {
  247. return err
  248. }
  249. oldCols, err := sqliteTableColumns(tx, "inbounds_legacy_rebuild")
  250. if err != nil {
  251. return err
  252. }
  253. oldSet := make(map[string]struct{}, len(oldCols))
  254. for _, c := range oldCols {
  255. oldSet[c] = struct{}{}
  256. }
  257. shared := make([]string, 0, len(newCols))
  258. for _, c := range newCols {
  259. if _, ok := oldSet[c]; ok {
  260. shared = append(shared, `"`+c+`"`)
  261. }
  262. }
  263. colList := strings.Join(shared, ", ")
  264. if err := tx.Exec(`INSERT INTO inbounds (` + colList + `) SELECT ` + colList + ` FROM inbounds_legacy_rebuild`).Error; err != nil {
  265. return err
  266. }
  267. return tx.Exec(`DROP TABLE inbounds_legacy_rebuild`).Error
  268. })
  269. }
  270. func migrateHostVerifyPeerCertByNameColumn() error {
  271. if !db.Migrator().HasColumn(&model.Host{}, "verify_peer_cert_by_name") {
  272. return nil
  273. }
  274. if IsPostgres() {
  275. var dataType string
  276. if err := db.Raw(
  277. `SELECT data_type FROM information_schema.columns WHERE table_name = 'hosts' AND column_name = 'verify_peer_cert_by_name'`,
  278. ).Scan(&dataType).Error; err != nil {
  279. return err
  280. }
  281. if dataType != "boolean" {
  282. return nil
  283. }
  284. if err := db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name DROP DEFAULT`).Error; err != nil {
  285. return err
  286. }
  287. return db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name TYPE text USING ''`).Error
  288. }
  289. return db.Exec(`UPDATE hosts SET verify_peer_cert_by_name = '' WHERE verify_peer_cert_by_name IS NULL OR typeof(verify_peer_cert_by_name) <> 'text'`).Error
  290. }
  291. func seedHostsFromExternalProxy() error {
  292. var history []string
  293. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  294. return err
  295. }
  296. if slices.Contains(history, "HostsFromExternalProxy") {
  297. return nil
  298. }
  299. var inbounds []model.Inbound
  300. if err := db.Find(&inbounds).Error; err != nil {
  301. return err
  302. }
  303. return db.Transaction(func(tx *gorm.DB) error {
  304. for _, inbound := range inbounds {
  305. if _, err := CreateHostsFromExternalProxy(tx, inbound.Id, inbound.StreamSettings); err != nil {
  306. return err
  307. }
  308. }
  309. return tx.Create(&model.HistoryOfSeeders{SeederName: "HostsFromExternalProxy"}).Error
  310. })
  311. }
  312. func seedWireguardPeersToClients() error {
  313. var history []string
  314. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  315. return err
  316. }
  317. if slices.Contains(history, "WireguardPeersToClients") {
  318. return nil
  319. }
  320. var inbounds []model.Inbound
  321. if err := db.Where("protocol = ?", string(model.WireGuard)).Find(&inbounds).Error; err != nil {
  322. return err
  323. }
  324. return db.Transaction(func(tx *gorm.DB) error {
  325. usedEmails := map[string]struct{}{}
  326. var existingEmails []string
  327. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  328. return err
  329. }
  330. for _, e := range existingEmails {
  331. usedEmails[e] = struct{}{}
  332. }
  333. for _, inbound := range inbounds {
  334. if strings.TrimSpace(inbound.Settings) == "" {
  335. continue
  336. }
  337. var settings map[string]any
  338. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  339. log.Printf("WireguardPeersToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  340. continue
  341. }
  342. peers, ok := settings["peers"].([]any)
  343. if !ok || len(peers) == 0 {
  344. continue
  345. }
  346. var linkCount int64
  347. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  348. return err
  349. }
  350. if linkCount > 0 {
  351. continue
  352. }
  353. clientObjs := make([]any, 0, len(peers))
  354. for i, raw := range peers {
  355. obj, ok := raw.(map[string]any)
  356. if !ok {
  357. continue
  358. }
  359. email := wireguardPeerEmail(inbound.Remark, obj, i, usedEmails)
  360. usedEmails[email] = struct{}{}
  361. obj["email"] = email
  362. if sub, _ := obj["subId"].(string); strings.TrimSpace(sub) == "" {
  363. obj["subId"] = random.NumLower(16)
  364. }
  365. if _, ok := obj["enable"]; !ok {
  366. obj["enable"] = true
  367. }
  368. blob, err := json.Marshal(obj)
  369. if err != nil {
  370. continue
  371. }
  372. var c model.Client
  373. if err := json.Unmarshal(blob, &c); err != nil {
  374. log.Printf("WireguardPeersToClients: skip peer in inbound %d: %v", inbound.Id, err)
  375. continue
  376. }
  377. c.Email = email
  378. incoming := c.ToRecord()
  379. var row model.ClientRecord
  380. err = tx.Where("email = ?", email).First(&row).Error
  381. if errors.Is(err, gorm.ErrRecordNotFound) {
  382. if err := tx.Create(incoming).Error; err != nil {
  383. return err
  384. }
  385. row = *incoming
  386. } else if err != nil {
  387. return err
  388. } else {
  389. model.MergeClientRecord(&row, incoming)
  390. if err := tx.Save(&row).Error; err != nil {
  391. return err
  392. }
  393. }
  394. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  395. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  396. FirstOrCreate(&link).Error; err != nil {
  397. return err
  398. }
  399. clientObjs = append(clientObjs, obj)
  400. }
  401. delete(settings, "peers")
  402. settings["clients"] = clientObjs
  403. newSettings, err := json.Marshal(settings)
  404. if err != nil {
  405. return err
  406. }
  407. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  408. Update("settings", string(newSettings)).Error; err != nil {
  409. return err
  410. }
  411. }
  412. return tx.Create(&model.HistoryOfSeeders{SeederName: "WireguardPeersToClients"}).Error
  413. })
  414. }
  415. func wireguardPeerEmail(remark string, peer map[string]any, index int, used map[string]struct{}) string {
  416. base := strings.TrimSpace(remark)
  417. if base == "" {
  418. base = "wg"
  419. }
  420. suffix := strconv.Itoa(index + 1)
  421. if c, ok := peer["comment"].(string); ok && strings.TrimSpace(c) != "" {
  422. suffix = strings.TrimSpace(c)
  423. }
  424. email := strings.ReplaceAll(base+"-"+suffix, " ", "-")
  425. candidate := email
  426. for n := 2; ; n++ {
  427. if _, taken := used[candidate]; !taken {
  428. return candidate
  429. }
  430. candidate = email + "-" + strconv.Itoa(n)
  431. }
  432. }
  433. // seedMtprotoSecretsToClients converts each legacy single-secret mtproto inbound
  434. // into a one-client inbound so MTProto joins the shared multi-client model: the
  435. // inbound-level secret becomes the first client's FakeTLS secret, and a
  436. // ClientRecord + client_inbounds link are created so per-client traffic, limits,
  437. // and share links work exactly like every other protocol. One-time, self-gated
  438. // on the "MtprotoSecretsToClients" seeder row. Mirrors seedWireguardPeersToClients.
  439. func seedMtprotoSecretsToClients() error {
  440. var history []string
  441. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  442. return err
  443. }
  444. if slices.Contains(history, "MtprotoSecretsToClients") {
  445. return nil
  446. }
  447. var inbounds []model.Inbound
  448. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  449. return err
  450. }
  451. return db.Transaction(func(tx *gorm.DB) error {
  452. usedEmails := map[string]struct{}{}
  453. var existingEmails []string
  454. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  455. return err
  456. }
  457. for _, e := range existingEmails {
  458. usedEmails[e] = struct{}{}
  459. }
  460. for _, inbound := range inbounds {
  461. if strings.TrimSpace(inbound.Settings) == "" {
  462. continue
  463. }
  464. var settings map[string]any
  465. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  466. log.Printf("MtprotoSecretsToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  467. continue
  468. }
  469. if clients, ok := settings["clients"].([]any); ok && len(clients) > 0 {
  470. continue
  471. }
  472. var linkCount int64
  473. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  474. return err
  475. }
  476. if linkCount > 0 {
  477. continue
  478. }
  479. secret, _ := settings["secret"].(string)
  480. secret = strings.TrimSpace(secret)
  481. if secret == "" {
  482. domain, _ := settings["fakeTlsDomain"].(string)
  483. secret = model.GenerateFakeTLSSecret(strings.TrimSpace(domain))
  484. }
  485. email := mtprotoInboundClientEmail(inbound.Remark, usedEmails)
  486. usedEmails[email] = struct{}{}
  487. obj := map[string]any{
  488. "email": email,
  489. "secret": secret,
  490. "enable": true,
  491. "subId": random.NumLower(16),
  492. }
  493. c := model.Client{Email: email, Secret: secret, Enable: true, SubID: obj["subId"].(string)}
  494. incoming := c.ToRecord()
  495. var row model.ClientRecord
  496. err := tx.Where("email = ?", email).First(&row).Error
  497. if errors.Is(err, gorm.ErrRecordNotFound) {
  498. if err := tx.Create(incoming).Error; err != nil {
  499. return err
  500. }
  501. row = *incoming
  502. } else if err != nil {
  503. return err
  504. } else {
  505. model.MergeClientRecord(&row, incoming)
  506. if err := tx.Save(&row).Error; err != nil {
  507. return err
  508. }
  509. }
  510. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  511. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  512. FirstOrCreate(&link).Error; err != nil {
  513. return err
  514. }
  515. delete(settings, "secret")
  516. settings["clients"] = []any{obj}
  517. newSettings, err := json.Marshal(settings)
  518. if err != nil {
  519. return err
  520. }
  521. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  522. Update("settings", string(newSettings)).Error; err != nil {
  523. return err
  524. }
  525. }
  526. return tx.Create(&model.HistoryOfSeeders{SeederName: "MtprotoSecretsToClients"}).Error
  527. })
  528. }
  529. // stripMtprotoInboundSecrets removes the vestigial inbound-level `secret` from
  530. // every mtproto inbound. seedMtprotoSecretsToClients already drops it while
  531. // converting legacy single-secret inbounds, but inbounds that already had clients
  532. // kept the dead field, and the old HealMtprotoSecret regenerated it on every
  533. // save. mtg and every share link read only per-client secrets, so the
  534. // inbound-level value is dead data that once leaked into stale, unusable links.
  535. // One-time, self-gated on the "StripMtprotoInboundSecrets" seeder row.
  536. func stripMtprotoInboundSecrets() error {
  537. var history []string
  538. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  539. return err
  540. }
  541. if slices.Contains(history, "StripMtprotoInboundSecrets") {
  542. return nil
  543. }
  544. var inbounds []model.Inbound
  545. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  546. return err
  547. }
  548. return db.Transaction(func(tx *gorm.DB) error {
  549. for _, inbound := range inbounds {
  550. stripped, ok := model.StripMtprotoInboundSecret(inbound.Settings)
  551. if !ok {
  552. continue
  553. }
  554. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  555. Update("settings", stripped).Error; err != nil {
  556. return err
  557. }
  558. }
  559. return tx.Create(&model.HistoryOfSeeders{SeederName: "StripMtprotoInboundSecrets"}).Error
  560. })
  561. }
  562. // mtprotoInboundClientEmail derives a stable, unique client email for a migrated
  563. // mtproto inbound from its remark.
  564. func mtprotoInboundClientEmail(remark string, used map[string]struct{}) string {
  565. base := strings.TrimSpace(remark)
  566. if base == "" {
  567. base = "mtproto"
  568. }
  569. email := strings.ReplaceAll(base, " ", "-")
  570. candidate := email
  571. for n := 2; ; n++ {
  572. if _, taken := used[candidate]; !taken {
  573. return candidate
  574. }
  575. candidate = email + "-" + strconv.Itoa(n)
  576. }
  577. }
  578. // CreateHostsFromExternalProxy parses a legacy streamSettings.externalProxy array
  579. // and inserts one Host row per entry on tx, returning the number of rows created.
  580. // It is the shared core of both the one-time seedHostsFromExternalProxy startup
  581. // migration and the inbound-import path: an inbound exported from a build that
  582. // predated the hosts table carries its external proxies inline in
  583. // streamSettings.externalProxy, and the startup migration is gated off after its
  584. // first run, so a freshly imported inbound must be converted here instead. Blank
  585. // or malformed streamSettings, or one without externalProxy entries, is a no-op.
  586. func CreateHostsFromExternalProxy(tx *gorm.DB, inboundId int, streamSettings string) (int, error) {
  587. if strings.TrimSpace(streamSettings) == "" {
  588. return 0, nil
  589. }
  590. var stream map[string]any
  591. if err := json.Unmarshal([]byte(streamSettings), &stream); err != nil {
  592. return 0, nil
  593. }
  594. eps, ok := stream["externalProxy"].([]any)
  595. if !ok || len(eps) == 0 {
  596. return 0, nil
  597. }
  598. created := 0
  599. for i, raw := range eps {
  600. ep, ok := raw.(map[string]any)
  601. if !ok {
  602. continue
  603. }
  604. if err := tx.Create(externalProxyEntryToHost(inboundId, i, ep)).Error; err != nil {
  605. return created, err
  606. }
  607. created++
  608. }
  609. return created, nil
  610. }
  611. func externalProxyEntryToHost(inboundId, index int, ep map[string]any) *model.Host {
  612. security, _ := ep["forceTls"].(string)
  613. switch security {
  614. case "same", "tls", "none":
  615. default:
  616. security = "same"
  617. }
  618. dest, _ := ep["dest"].(string)
  619. port := 0
  620. if p, ok := ep["port"].(float64); ok {
  621. port = int(p)
  622. }
  623. remark, _ := ep["remark"].(string)
  624. if strings.TrimSpace(remark) == "" {
  625. remark = "imported " + strconv.Itoa(index+1)
  626. }
  627. if len(remark) > 256 {
  628. remark = remark[:256]
  629. }
  630. sni, _ := ep["sni"].(string)
  631. fingerprint, _ := ep["fingerprint"].(string)
  632. ech, _ := ep["echConfigList"].(string)
  633. return &model.Host{
  634. InboundId: inboundId,
  635. SortOrder: index,
  636. Remark: remark,
  637. Address: dest,
  638. Port: port,
  639. Security: security,
  640. Sni: sni,
  641. Fingerprint: fingerprint,
  642. Alpn: anyToNonEmptyStrings(ep["alpn"]),
  643. PinnedPeerCertSha256: anyToNonEmptyStrings(ep["pinnedPeerCertSha256"]),
  644. EchConfigList: ech,
  645. }
  646. }
  647. func anyToNonEmptyStrings(v any) []string {
  648. switch t := v.(type) {
  649. case []any:
  650. out := make([]string, 0, len(t))
  651. for _, e := range t {
  652. if s, ok := e.(string); ok && s != "" {
  653. out = append(out, s)
  654. }
  655. }
  656. return out
  657. case []string:
  658. out := make([]string, 0, len(t))
  659. for _, s := range t {
  660. if s != "" {
  661. out = append(out, s)
  662. }
  663. }
  664. return out
  665. default:
  666. return nil
  667. }
  668. }
  669. func pruneOrphanedHosts() error {
  670. res := db.Exec("DELETE FROM hosts WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  671. if res.Error != nil {
  672. log.Printf("Error pruning orphaned hosts rows: %v", res.Error)
  673. return res.Error
  674. }
  675. if res.RowsAffected > 0 {
  676. log.Printf("Pruned %d orphaned hosts row(s)", res.RowsAffected)
  677. }
  678. return nil
  679. }
  680. func pruneOrphanedClientInbounds() error {
  681. res := db.Exec("DELETE FROM client_inbounds WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  682. if res.Error != nil {
  683. log.Printf("Error pruning orphaned client_inbounds rows: %v", res.Error)
  684. return res.Error
  685. }
  686. if res.RowsAffected > 0 {
  687. log.Printf("Pruned %d orphaned client_inbounds row(s)", res.RowsAffected)
  688. }
  689. return nil
  690. }
  691. // migrateLegacySocksInboundsToMixed renames legacy socks inbounds to mixed.
  692. // The protocol enum dropped socks in favor of mixed (identical settings shape,
  693. // same behavior plus HTTP on the shared port), so rows predating the rename
  694. // fail model validation — most visibly when pushed to a node, where one legacy
  695. // inbound stalled the entire node's config and traffic sync (#5685).
  696. func migrateLegacySocksInboundsToMixed() error {
  697. res := db.Exec("UPDATE inbounds SET protocol = 'mixed' WHERE protocol = 'socks'")
  698. if res.Error != nil {
  699. log.Printf("Error migrating legacy socks inbounds to mixed: %v", res.Error)
  700. return res.Error
  701. }
  702. if res.RowsAffected > 0 {
  703. log.Printf("Migrated %d legacy socks inbound(s) to mixed", res.RowsAffected)
  704. }
  705. return nil
  706. }
  707. // migrateShadowsocksRemovedCiphers rewrites shadowsocks inbounds still using
  708. // the "none"/"plain" ciphers that xray-core v26.7.11 removed; one such row
  709. // makes the whole generated config unbuildable and keeps xray from starting.
  710. func migrateShadowsocksRemovedCiphers() error {
  711. var inbounds []model.Inbound
  712. if err := db.Where("protocol = ?", model.Shadowsocks).Find(&inbounds).Error; err != nil {
  713. return err
  714. }
  715. migrated := int64(0)
  716. for _, inbound := range inbounds {
  717. if strings.TrimSpace(inbound.Settings) == "" {
  718. continue
  719. }
  720. var settings map[string]any
  721. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  722. continue
  723. }
  724. changed := false
  725. if method, _ := settings["method"].(string); method != "" {
  726. if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
  727. settings["method"] = replacement
  728. changed = true
  729. }
  730. }
  731. if clients, ok := settings["clients"].([]any); ok {
  732. for i := range clients {
  733. cm, ok := clients[i].(map[string]any)
  734. if !ok {
  735. continue
  736. }
  737. method, _ := cm["method"].(string)
  738. if replacement, removed := model.ReplaceRemovedShadowsocksCipher(method); removed {
  739. cm["method"] = replacement
  740. clients[i] = cm
  741. changed = true
  742. }
  743. }
  744. }
  745. if !changed {
  746. continue
  747. }
  748. newSettings, err := json.MarshalIndent(settings, "", " ")
  749. if err != nil {
  750. log.Printf("migrateShadowsocksRemovedCiphers: skip inbound %d (marshal failed): %v", inbound.Id, err)
  751. continue
  752. }
  753. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  754. Update("settings", string(newSettings)).Error; err != nil {
  755. return err
  756. }
  757. migrated++
  758. }
  759. if migrated > 0 {
  760. log.Printf("Rewrote removed shadowsocks cipher on %d inbound(s)", migrated)
  761. }
  762. return nil
  763. }
  764. // migrateVmessRemovedSecurities rewrites the vmess "none"/"zero" security
  765. // values that xray-core v26.7.11 removed to "auto" (what the core now treats
  766. // them as), on both the clients column and each vmess inbound's settings.
  767. func migrateVmessRemovedSecurities() error {
  768. res := db.Exec("UPDATE clients SET security = 'auto' WHERE security IN ('none', 'zero')")
  769. if res.Error != nil {
  770. log.Printf("Error migrating removed vmess security values on clients: %v", res.Error)
  771. return res.Error
  772. }
  773. if res.RowsAffected > 0 {
  774. log.Printf("Migrated %d client(s) off removed vmess security values", res.RowsAffected)
  775. }
  776. var inbounds []model.Inbound
  777. if err := db.Where("protocol = ?", model.VMESS).Find(&inbounds).Error; err != nil {
  778. return err
  779. }
  780. migrated := int64(0)
  781. for _, inbound := range inbounds {
  782. if strings.TrimSpace(inbound.Settings) == "" {
  783. continue
  784. }
  785. var settings map[string]any
  786. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  787. continue
  788. }
  789. clients, ok := settings["clients"].([]any)
  790. if !ok {
  791. continue
  792. }
  793. changed := false
  794. for i := range clients {
  795. cm, ok := clients[i].(map[string]any)
  796. if !ok {
  797. continue
  798. }
  799. if security, _ := cm["security"].(string); security == "none" || security == "zero" {
  800. cm["security"] = "auto"
  801. clients[i] = cm
  802. changed = true
  803. }
  804. }
  805. if !changed {
  806. continue
  807. }
  808. newSettings, err := json.MarshalIndent(settings, "", " ")
  809. if err != nil {
  810. log.Printf("migrateVmessRemovedSecurities: skip inbound %d (marshal failed): %v", inbound.Id, err)
  811. continue
  812. }
  813. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  814. Update("settings", string(newSettings)).Error; err != nil {
  815. return err
  816. }
  817. migrated++
  818. }
  819. if migrated > 0 {
  820. log.Printf("Rewrote removed vmess security values on %d inbound(s)", migrated)
  821. }
  822. return nil
  823. }
  824. // normalizeInboundSubSortIndex lifts sub_sort_index values below the 1-based
  825. // minimum (rows written by builds that defaulted the column to 0, or by nodes
  826. // predating the field) so they cannot sort ahead of explicitly ranked inbounds.
  827. func normalizeInboundSubSortIndex() error {
  828. res := db.Exec("UPDATE inbounds SET sub_sort_index = 1 WHERE sub_sort_index < 1")
  829. if res.Error != nil {
  830. log.Printf("Error normalizing inbound sub_sort_index: %v", res.Error)
  831. return res.Error
  832. }
  833. if res.RowsAffected > 0 {
  834. log.Printf("Normalized sub_sort_index on %d inbound(s)", res.RowsAffected)
  835. }
  836. return nil
  837. }
  838. // repairOverflowedTrafficCounters heals traffic counters that historic
  839. // compounding bugs pushed past int64: on SQLite an overflowing INTEGER is
  840. // silently promoted to REAL, after which the column no longer scans into the
  841. // Go int64 field and every reader of the table fails (#5762). REAL cells are
  842. // cast back to INTEGER (SQLite caps the cast at math.MaxInt64), then values
  843. // are clamped into [0, TrafficMax] on both backends so the next delta cannot
  844. // overflow again.
  845. func repairOverflowedTrafficCounters() error {
  846. targets := []struct {
  847. table string
  848. columns []string
  849. }{
  850. {"client_traffics", []string{"up", "down"}},
  851. {"inbounds", []string{"up", "down"}},
  852. {"outbound_traffics", []string{"up", "down", "total"}},
  853. {"node_client_traffics", []string{"up", "down"}},
  854. }
  855. for _, target := range targets {
  856. for _, col := range target.columns {
  857. statements := []string{
  858. fmt.Sprintf("UPDATE %s SET %s = %d WHERE %s > %d", target.table, col, TrafficMax, col, TrafficMax),
  859. fmt.Sprintf("UPDATE %s SET %s = 0 WHERE %s < 0", target.table, col, col),
  860. }
  861. if !IsPostgres() {
  862. statements = append([]string{
  863. fmt.Sprintf("UPDATE %s SET %s = CAST(%s AS INTEGER) WHERE typeof(%s) = 'real'", target.table, col, col, col),
  864. }, statements...)
  865. }
  866. var repaired int64
  867. for _, statement := range statements {
  868. res := db.Exec(statement)
  869. if res.Error != nil {
  870. log.Printf("Error repairing %s.%s: %v", target.table, col, res.Error)
  871. return res.Error
  872. }
  873. repaired += res.RowsAffected
  874. }
  875. if repaired > 0 {
  876. log.Printf("Repaired %d overflowed %s.%s value(s)", repaired, target.table, col)
  877. }
  878. }
  879. }
  880. return nil
  881. }
  882. // dedupeInboundSettingsClients collapses duplicate same-email entries inside
  883. // every inbound's settings.clients array, keeping the first occurrence.
  884. // Retried or raced multi-node client adds on older builds appended the same
  885. // client several times (#5770), which the client lists then rendered as
  886. // phantom duplicates. Runs on every start (idempotent, writes only changed
  887. // rows) because a restored backup or a not-yet-upgraded node's snapshot can
  888. // reintroduce duplicates.
  889. func dedupeInboundSettingsClients() error {
  890. var inbounds []model.Inbound
  891. if err := db.Find(&inbounds).Error; err != nil {
  892. return err
  893. }
  894. repaired := int64(0)
  895. for _, inbound := range inbounds {
  896. if strings.TrimSpace(inbound.Settings) == "" {
  897. continue
  898. }
  899. var settings map[string]any
  900. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  901. continue
  902. }
  903. clients, _ := settings["clients"].([]any)
  904. if len(clients) < 2 {
  905. continue
  906. }
  907. seen := make(map[string]struct{}, len(clients))
  908. kept := make([]any, 0, len(clients))
  909. for _, c := range clients {
  910. if cm, ok := c.(map[string]any); ok {
  911. if email, _ := cm["email"].(string); email != "" {
  912. key := strings.ToLower(email)
  913. if _, dup := seen[key]; dup {
  914. continue
  915. }
  916. seen[key] = struct{}{}
  917. }
  918. }
  919. kept = append(kept, c)
  920. }
  921. if len(kept) == len(clients) {
  922. continue
  923. }
  924. settings["clients"] = kept
  925. newSettings, err := json.MarshalIndent(settings, "", " ")
  926. if err != nil {
  927. log.Printf("dedupeInboundSettingsClients: skip inbound %d (marshal failed): %v", inbound.Id, err)
  928. continue
  929. }
  930. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  931. Update("settings", string(newSettings)).Error; err != nil {
  932. return err
  933. }
  934. repaired++
  935. }
  936. if repaired > 0 {
  937. log.Printf("Removed duplicate client entries from %d inbound(s)", repaired)
  938. }
  939. return nil
  940. }
  941. func isIgnorableDuplicateColumnErr(err error, mdl any) bool {
  942. if err == nil {
  943. return false
  944. }
  945. errMsg := strings.ToLower(err.Error())
  946. const sqlitePrefix = "duplicate column name:"
  947. if _, after, ok := strings.Cut(errMsg, sqlitePrefix); ok {
  948. col := strings.TrimSpace(after)
  949. col = strings.Trim(col, "`\"[]")
  950. return col != "" && db != nil && db.Migrator().HasColumn(mdl, col)
  951. }
  952. if strings.Contains(errMsg, "already exists") && strings.Contains(errMsg, "column ") {
  953. if _, after, ok := strings.Cut(errMsg, "column \""); ok {
  954. rest := after
  955. if e := strings.Index(rest, "\""); e > 0 {
  956. col := rest[:e]
  957. return col != "" && db != nil && db.Migrator().HasColumn(mdl, col)
  958. }
  959. }
  960. }
  961. return false
  962. }
  963. func initUser() error {
  964. empty, err := isTableEmpty("users")
  965. if err != nil {
  966. log.Printf("Error checking if users table is empty: %v", err)
  967. return err
  968. }
  969. if empty {
  970. hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)
  971. if err != nil {
  972. log.Printf("Error hashing default password: %v", err)
  973. return err
  974. }
  975. user := &model.User{
  976. Username: defaultUsername,
  977. Password: hashedPassword,
  978. }
  979. return db.Create(user).Error
  980. }
  981. return nil
  982. }
  983. func runSeeders(isUsersEmpty bool) error {
  984. empty, err := isTableEmpty("history_of_seeders")
  985. if err != nil {
  986. log.Printf("Error checking if users table is empty: %v", err)
  987. return err
  988. }
  989. if empty && isUsersEmpty {
  990. seeders := []string{"UserPasswordHash", "ClientsTable", "InboundClientsArrayFix", "InboundClientTgIdFix", "InboundClientSubIdFix", "FreedomFinalRulesReverseFix", "ApiTokensHash", "LegacyProxySettingsCleanup", "WireguardPeersToClients", "MtprotoSecretsToClients", "NodeInboundsAdopted"}
  991. for _, name := range seeders {
  992. if err := db.Create(&model.HistoryOfSeeders{SeederName: name}).Error; err != nil {
  993. return err
  994. }
  995. }
  996. return seedApiTokens()
  997. }
  998. var seedersHistory []string
  999. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory).Error; err != nil {
  1000. log.Printf("Error fetching seeder history: %v", err)
  1001. return err
  1002. }
  1003. if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {
  1004. var users []model.User
  1005. if err := db.Find(&users).Error; err != nil {
  1006. log.Printf("Error fetching users for password migration: %v", err)
  1007. return err
  1008. }
  1009. for _, user := range users {
  1010. if crypto.IsHashed(user.Password) {
  1011. continue
  1012. }
  1013. hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
  1014. if err != nil {
  1015. log.Printf("Error hashing password for user '%s': %v", user.Username, err)
  1016. return err
  1017. }
  1018. if err := db.Model(&user).Update("password", hashedPassword).Error; err != nil {
  1019. log.Printf("Error updating password for user '%s': %v", user.Username, err)
  1020. return err
  1021. }
  1022. }
  1023. hashSeeder := &model.HistoryOfSeeders{
  1024. SeederName: "UserPasswordHash",
  1025. }
  1026. if err := db.Create(hashSeeder).Error; err != nil {
  1027. return err
  1028. }
  1029. }
  1030. if !slices.Contains(seedersHistory, "ApiTokensTable") {
  1031. if err := seedApiTokens(); err != nil {
  1032. return err
  1033. }
  1034. }
  1035. if !slices.Contains(seedersHistory, "ApiTokensHash") {
  1036. if err := hashExistingApiTokens(); err != nil {
  1037. return err
  1038. }
  1039. }
  1040. if !slices.Contains(seedersHistory, "ClientsTable") {
  1041. if err := seedClientsFromInboundJSON(); err != nil {
  1042. return err
  1043. }
  1044. }
  1045. if !slices.Contains(seedersHistory, "InboundClientsArrayFix") {
  1046. if err := normalizeInboundClientsArray(); err != nil {
  1047. return err
  1048. }
  1049. }
  1050. if !slices.Contains(seedersHistory, "InboundClientTgIdFix") {
  1051. if err := normalizeInboundClientTgId(); err != nil {
  1052. return err
  1053. }
  1054. }
  1055. if !slices.Contains(seedersHistory, "InboundClientSubIdFix") {
  1056. if err := normalizeInboundClientSubId(); err != nil {
  1057. return err
  1058. }
  1059. }
  1060. if !slices.Contains(seedersHistory, "FreedomFinalRulesReverseFix") {
  1061. if err := normalizeFreedomFinalRules(); err != nil {
  1062. return err
  1063. }
  1064. }
  1065. if !slices.Contains(seedersHistory, "LegacyProxySettingsCleanup") {
  1066. if err := clearLegacyProxySettings(); err != nil {
  1067. return err
  1068. }
  1069. }
  1070. if !slices.Contains(seedersHistory, "NodeInboundsAdopted") {
  1071. if err := seedNodeInboundsAdopted(); err != nil {
  1072. return err
  1073. }
  1074. }
  1075. if err := seedHostsFromExternalProxy(); err != nil {
  1076. return err
  1077. }
  1078. if err := resetIpLimitsWithoutFail2ban(); err != nil {
  1079. return err
  1080. }
  1081. if err := seedWireguardPeersToClients(); err != nil {
  1082. return err
  1083. }
  1084. if err := seedHostGroupIds(); err != nil {
  1085. return err
  1086. }
  1087. // Self-gated on the "MtprotoSecretsToClients" row.
  1088. if err := seedMtprotoSecretsToClients(); err != nil {
  1089. return err
  1090. }
  1091. // Self-gated on the "StripMtprotoInboundSecrets" row. Must run after the
  1092. // seeder above so legacy single-secret inbounds are first converted to a
  1093. // client (which preserves the secret) before the inbound-level copy is
  1094. // dropped from every mtproto inbound.
  1095. if err := stripMtprotoInboundSecrets(); err != nil {
  1096. return err
  1097. }
  1098. // Idempotent, not seeder-gated: bad values can re-enter via a restored
  1099. // backup, so re-check on every start.
  1100. return normalizeSettingPaths()
  1101. }
  1102. // seedNodeInboundsAdopted keeps the pre-existing reconcile behavior for nodes
  1103. // that were already syncing before the inbounds_adopted_at gate was introduced.
  1104. func seedNodeInboundsAdopted() error {
  1105. if err := db.Model(&model.Node{}).
  1106. Where("inbounds_adopted_at = 0").
  1107. Update("inbounds_adopted_at", time.Now().Unix()).Error; err != nil {
  1108. return err
  1109. }
  1110. return db.Create(&model.HistoryOfSeeders{SeederName: "NodeInboundsAdopted"}).Error
  1111. }
  1112. func seedHostGroupIds() error {
  1113. var history []string
  1114. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  1115. return err
  1116. }
  1117. if slices.Contains(history, "HostGroupIds") {
  1118. return nil
  1119. }
  1120. var hosts []*model.Host
  1121. if err := db.Where("group_id = '' OR group_id IS NULL").Find(&hosts).Error; err != nil {
  1122. return err
  1123. }
  1124. if len(hosts) > 0 {
  1125. err := db.Transaction(func(tx *gorm.DB) error {
  1126. for _, h := range hosts {
  1127. h.GroupId = random.NumLower(16)
  1128. if err := tx.Model(h).Update("group_id", h.GroupId).Error; err != nil {
  1129. return err
  1130. }
  1131. }
  1132. return nil
  1133. })
  1134. if err != nil {
  1135. return err
  1136. }
  1137. }
  1138. return db.Create(&model.HistoryOfSeeders{SeederName: "HostGroupIds"}).Error
  1139. }
  1140. func resetIpLimitsWithoutFail2ban() error {
  1141. var history []string
  1142. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  1143. return err
  1144. }
  1145. if slices.Contains(history, "ResetIpLimitNoFail2ban") {
  1146. return nil
  1147. }
  1148. if fail2banCanEnforce() {
  1149. return db.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  1150. }
  1151. var inbounds []model.Inbound
  1152. if err := db.Find(&inbounds).Error; err != nil {
  1153. return err
  1154. }
  1155. return db.Transaction(func(tx *gorm.DB) error {
  1156. for _, inbound := range inbounds {
  1157. if strings.TrimSpace(inbound.Settings) == "" {
  1158. continue
  1159. }
  1160. var settings map[string]any
  1161. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1162. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1163. continue
  1164. }
  1165. clients, ok := settings["clients"].([]any)
  1166. if !ok {
  1167. continue
  1168. }
  1169. mutated := false
  1170. for i, raw := range clients {
  1171. obj, ok := raw.(map[string]any)
  1172. if !ok {
  1173. continue
  1174. }
  1175. v, present := obj["limitIp"]
  1176. if !present {
  1177. continue
  1178. }
  1179. if n, isNum := v.(float64); isNum && n == 0 {
  1180. continue
  1181. }
  1182. obj["limitIp"] = 0
  1183. clients[i] = obj
  1184. mutated = true
  1185. }
  1186. if !mutated {
  1187. continue
  1188. }
  1189. settings["clients"] = clients
  1190. newSettings, err := json.MarshalIndent(settings, "", " ")
  1191. if err != nil {
  1192. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1193. continue
  1194. }
  1195. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1196. Update("settings", string(newSettings)).Error; err != nil {
  1197. return err
  1198. }
  1199. }
  1200. if err := tx.Model(&model.ClientRecord{}).Where("limit_ip <> ?", 0).
  1201. Update("limit_ip", 0).Error; err != nil {
  1202. return err
  1203. }
  1204. return tx.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  1205. })
  1206. }
  1207. func fail2banCanEnforce() bool {
  1208. if v, ok := os.LookupEnv("XUI_ENABLE_FAIL2BAN"); ok && v != "true" {
  1209. return false
  1210. }
  1211. if runtime.GOOS == "windows" {
  1212. return false
  1213. }
  1214. return exec.CommandContext(context.Background(), "fail2ban-client", "-h").Run() == nil
  1215. }
  1216. func clearLegacyProxySettings() error {
  1217. return db.Transaction(func(tx *gorm.DB) error {
  1218. if err := tx.Where("key IN ?", []string{"panelProxy", "tgBotProxy"}).
  1219. Delete(&model.Setting{}).Error; err != nil {
  1220. return err
  1221. }
  1222. return tx.Create(&model.HistoryOfSeeders{SeederName: "LegacyProxySettingsCleanup"}).Error
  1223. })
  1224. }
  1225. func normalizeSettingPaths() error {
  1226. pathKeys := []string{"webBasePath", "subPath", "subJsonPath", "subClashPath"}
  1227. var rows []model.Setting
  1228. if err := db.Where("key IN ?", pathKeys).Find(&rows).Error; err != nil {
  1229. return err
  1230. }
  1231. for _, row := range rows {
  1232. fixed := row.Value
  1233. if !strings.HasPrefix(fixed, "/") {
  1234. fixed = "/" + fixed
  1235. }
  1236. if !strings.HasSuffix(fixed, "/") {
  1237. fixed += "/"
  1238. }
  1239. if fixed == row.Value {
  1240. continue
  1241. }
  1242. if err := db.Model(&model.Setting{}).Where("id = ?", row.Id).
  1243. Update("value", fixed).Error; err != nil {
  1244. return err
  1245. }
  1246. }
  1247. return nil
  1248. }
  1249. func normalizeInboundClientTgId() error {
  1250. var inbounds []model.Inbound
  1251. if err := db.Find(&inbounds).Error; err != nil {
  1252. return err
  1253. }
  1254. return db.Transaction(func(tx *gorm.DB) error {
  1255. for _, inbound := range inbounds {
  1256. if strings.TrimSpace(inbound.Settings) == "" {
  1257. continue
  1258. }
  1259. var settings map[string]any
  1260. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1261. log.Printf("InboundClientTgIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1262. continue
  1263. }
  1264. clients, ok := settings["clients"].([]any)
  1265. if !ok {
  1266. continue
  1267. }
  1268. mutated := false
  1269. for i, raw := range clients {
  1270. obj, ok := raw.(map[string]any)
  1271. if !ok {
  1272. continue
  1273. }
  1274. tgRaw, present := obj["tgId"]
  1275. if !present {
  1276. continue
  1277. }
  1278. v, isFloat := tgRaw.(float64)
  1279. if isFloat && !math.IsNaN(v) && !math.IsInf(v, 0) && v == math.Trunc(v) {
  1280. continue
  1281. }
  1282. obj["tgId"] = int64(0)
  1283. clients[i] = obj
  1284. mutated = true
  1285. }
  1286. if !mutated {
  1287. continue
  1288. }
  1289. settings["clients"] = clients
  1290. newSettings, err := json.MarshalIndent(settings, "", " ")
  1291. if err != nil {
  1292. log.Printf("InboundClientTgIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1293. continue
  1294. }
  1295. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1296. Update("settings", string(newSettings)).Error; err != nil {
  1297. return err
  1298. }
  1299. }
  1300. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientTgIdFix"}).Error
  1301. })
  1302. }
  1303. func normalizeInboundClientSubId() error {
  1304. var inbounds []model.Inbound
  1305. if err := db.Find(&inbounds).Error; err != nil {
  1306. return err
  1307. }
  1308. return db.Transaction(func(tx *gorm.DB) error {
  1309. for _, inbound := range inbounds {
  1310. if strings.TrimSpace(inbound.Settings) == "" {
  1311. continue
  1312. }
  1313. var settings map[string]any
  1314. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1315. log.Printf("InboundClientSubIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1316. continue
  1317. }
  1318. clients, ok := settings["clients"].([]any)
  1319. if !ok {
  1320. continue
  1321. }
  1322. mutated := false
  1323. for i, raw := range clients {
  1324. obj, ok := raw.(map[string]any)
  1325. if !ok {
  1326. continue
  1327. }
  1328. existing, _ := obj["subId"].(string)
  1329. if strings.TrimSpace(existing) != "" {
  1330. continue
  1331. }
  1332. obj["subId"] = random.NumLower(16)
  1333. clients[i] = obj
  1334. mutated = true
  1335. }
  1336. if !mutated {
  1337. continue
  1338. }
  1339. settings["clients"] = clients
  1340. newSettings, err := json.MarshalIndent(settings, "", " ")
  1341. if err != nil {
  1342. log.Printf("InboundClientSubIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1343. continue
  1344. }
  1345. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1346. Update("settings", string(newSettings)).Error; err != nil {
  1347. return err
  1348. }
  1349. }
  1350. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientSubIdFix"}).Error
  1351. })
  1352. }
  1353. func normalizeInboundClientsArray() error {
  1354. var inbounds []model.Inbound
  1355. if err := db.Find(&inbounds).Error; err != nil {
  1356. return err
  1357. }
  1358. return db.Transaction(func(tx *gorm.DB) error {
  1359. for _, inbound := range inbounds {
  1360. if strings.TrimSpace(inbound.Settings) == "" {
  1361. continue
  1362. }
  1363. var settings map[string]any
  1364. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1365. log.Printf("InboundClientsArrayFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1366. continue
  1367. }
  1368. raw, exists := settings["clients"]
  1369. if !exists || raw != nil {
  1370. continue
  1371. }
  1372. settings["clients"] = []any{}
  1373. newSettings, err := json.MarshalIndent(settings, "", " ")
  1374. if err != nil {
  1375. log.Printf("InboundClientsArrayFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1376. continue
  1377. }
  1378. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1379. Update("settings", string(newSettings)).Error; err != nil {
  1380. return err
  1381. }
  1382. }
  1383. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientsArrayFix"}).Error
  1384. })
  1385. }
  1386. func normalizeFreedomFinalRules() error {
  1387. var setting model.Setting
  1388. err := db.Model(model.Setting{}).Where("key = ?", "xrayTemplateConfig").First(&setting).Error
  1389. if errors.Is(err, gorm.ErrRecordNotFound) {
  1390. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1391. }
  1392. if err != nil {
  1393. return err
  1394. }
  1395. updated, changed, rErr := rewriteFreedomFinalRules(setting.Value)
  1396. if rErr != nil {
  1397. log.Printf("FreedomFinalRulesReverseFix: skip (invalid xrayTemplateConfig json): %v", rErr)
  1398. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1399. }
  1400. return db.Transaction(func(tx *gorm.DB) error {
  1401. if changed {
  1402. if err := tx.Model(&model.Setting{}).Where("key = ?", "xrayTemplateConfig").
  1403. Update("value", updated).Error; err != nil {
  1404. return err
  1405. }
  1406. }
  1407. return tx.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1408. })
  1409. }
  1410. func rewriteFreedomFinalRules(raw string) (string, bool, error) {
  1411. if strings.TrimSpace(raw) == "" {
  1412. return raw, false, nil
  1413. }
  1414. var cfg map[string]any
  1415. if err := json.Unmarshal([]byte(raw), &cfg); err != nil {
  1416. return raw, false, err
  1417. }
  1418. outbounds, ok := cfg["outbounds"].([]any)
  1419. if !ok {
  1420. return raw, false, nil
  1421. }
  1422. changed := false
  1423. for _, ob := range outbounds {
  1424. obj, ok := ob.(map[string]any)
  1425. if !ok {
  1426. continue
  1427. }
  1428. if proto, _ := obj["protocol"].(string); proto != "freedom" {
  1429. continue
  1430. }
  1431. settings, ok := obj["settings"].(map[string]any)
  1432. if !ok {
  1433. continue
  1434. }
  1435. if !isLegacyPrivateOnlyFinalRules(settings["finalRules"]) {
  1436. continue
  1437. }
  1438. settings["finalRules"] = []any{map[string]any{"action": "allow"}}
  1439. changed = true
  1440. }
  1441. if !changed {
  1442. return raw, false, nil
  1443. }
  1444. out, err := json.MarshalIndent(cfg, "", " ")
  1445. if err != nil {
  1446. return raw, false, err
  1447. }
  1448. return string(out), true, nil
  1449. }
  1450. func isLegacyPrivateOnlyFinalRules(v any) bool {
  1451. rules, ok := v.([]any)
  1452. if !ok || len(rules) != 1 {
  1453. return false
  1454. }
  1455. rule, ok := rules[0].(map[string]any)
  1456. if !ok {
  1457. return false
  1458. }
  1459. if action, _ := rule["action"].(string); action != "allow" {
  1460. return false
  1461. }
  1462. ips, ok := rule["ip"].([]any)
  1463. if !ok || len(ips) != 1 {
  1464. return false
  1465. }
  1466. if s, _ := ips[0].(string); s != "geoip:private" {
  1467. return false
  1468. }
  1469. for k := range rule {
  1470. if k != "action" && k != "ip" {
  1471. return false
  1472. }
  1473. }
  1474. return true
  1475. }
  1476. func normalizeClientJSONFields(obj map[string]any) {
  1477. normalizeInt := func(key string) {
  1478. raw, exists := obj[key]
  1479. if !exists {
  1480. return
  1481. }
  1482. s, ok := raw.(string)
  1483. if !ok {
  1484. return
  1485. }
  1486. trimmed := strings.ReplaceAll(strings.TrimSpace(s), " ", "")
  1487. if trimmed == "" {
  1488. delete(obj, key)
  1489. return
  1490. }
  1491. if n, err := strconv.ParseInt(trimmed, 10, 64); err == nil {
  1492. obj[key] = n
  1493. } else {
  1494. delete(obj, key)
  1495. }
  1496. }
  1497. for _, k := range []string{"tgId", "limitIp", "totalGB", "expiryTime", "reset", "created_at", "updated_at"} {
  1498. normalizeInt(k)
  1499. }
  1500. }
  1501. func seedClientsFromInboundJSON() error {
  1502. var inbounds []model.Inbound
  1503. if err := db.Find(&inbounds).Error; err != nil {
  1504. return err
  1505. }
  1506. return db.Transaction(func(tx *gorm.DB) error {
  1507. byEmail := map[string]*model.ClientRecord{}
  1508. var existing []model.ClientRecord
  1509. if err := tx.Find(&existing).Error; err != nil {
  1510. return err
  1511. }
  1512. for i := range existing {
  1513. byEmail[existing[i].Email] = &existing[i]
  1514. }
  1515. for _, inbound := range inbounds {
  1516. if strings.TrimSpace(inbound.Settings) == "" {
  1517. continue
  1518. }
  1519. var settings map[string]any
  1520. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1521. log.Printf("ClientsTable seed: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1522. continue
  1523. }
  1524. rawList, ok := settings["clients"].([]any)
  1525. if !ok {
  1526. continue
  1527. }
  1528. for _, raw := range rawList {
  1529. obj, ok := raw.(map[string]any)
  1530. if !ok {
  1531. continue
  1532. }
  1533. normalizeClientJSONFields(obj)
  1534. blob, err := json.Marshal(obj)
  1535. if err != nil {
  1536. continue
  1537. }
  1538. var c model.Client
  1539. if err := json.Unmarshal(blob, &c); err != nil {
  1540. log.Printf("ClientsTable seed: skip client in inbound %d (unmarshal failed): %v; payload=%s",
  1541. inbound.Id, err, string(blob))
  1542. continue
  1543. }
  1544. email := strings.TrimSpace(c.Email)
  1545. if email == "" {
  1546. continue
  1547. }
  1548. incoming := c.ToRecord()
  1549. row, dup := byEmail[email]
  1550. if !dup {
  1551. if err := tx.Create(incoming).Error; err != nil {
  1552. return err
  1553. }
  1554. byEmail[email] = incoming
  1555. row = incoming
  1556. } else {
  1557. conflicts := model.MergeClientRecord(row, incoming)
  1558. for _, x := range conflicts {
  1559. log.Printf("client merge: email=%s conflict on %s old=%v new=%v kept=%v",
  1560. email, x.Field, x.Old, x.New, x.Kept)
  1561. }
  1562. if err := tx.Save(row).Error; err != nil {
  1563. return err
  1564. }
  1565. }
  1566. link := model.ClientInbound{
  1567. ClientId: row.Id,
  1568. InboundId: inbound.Id,
  1569. FlowOverride: c.Flow,
  1570. }
  1571. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  1572. FirstOrCreate(&link).Error; err != nil {
  1573. return err
  1574. }
  1575. }
  1576. }
  1577. return tx.Create(&model.HistoryOfSeeders{SeederName: "ClientsTable"}).Error
  1578. })
  1579. }
  1580. func seedApiTokens() error {
  1581. empty, err := isTableEmpty("api_tokens")
  1582. if err != nil {
  1583. return err
  1584. }
  1585. if empty {
  1586. var legacy model.Setting
  1587. err := db.Model(model.Setting{}).Where("key = ?", "apiToken").First(&legacy).Error
  1588. if err == nil && legacy.Value != "" {
  1589. row := &model.ApiToken{
  1590. Name: "default",
  1591. Token: legacy.Value,
  1592. Enabled: true,
  1593. }
  1594. if err := db.Create(row).Error; err != nil {
  1595. log.Printf("Error migrating legacy apiToken: %v", err)
  1596. return err
  1597. }
  1598. }
  1599. }
  1600. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensTable"}).Error
  1601. }
  1602. func hashExistingApiTokens() error {
  1603. var rows []*model.ApiToken
  1604. if err := db.Find(&rows).Error; err != nil {
  1605. return err
  1606. }
  1607. for _, r := range rows {
  1608. if crypto.IsSHA256Hex(r.Token) {
  1609. continue
  1610. }
  1611. hashed := crypto.HashTokenSHA256(r.Token)
  1612. if err := db.Model(model.ApiToken{}).Where("id = ?", r.Id).Update("token", hashed).Error; err != nil {
  1613. log.Printf("Error hashing api token %d: %v", r.Id, err)
  1614. return err
  1615. }
  1616. }
  1617. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensHash"}).Error
  1618. }
  1619. func isTableEmpty(tableName string) (bool, error) {
  1620. var count int64
  1621. err := db.Table(tableName).Count(&count).Error
  1622. return count == 0, err
  1623. }
  1624. func InitDB(dbPath string) error {
  1625. var gormLogger logger.Interface
  1626. if config.IsDebug() {
  1627. gormLogger = logger.New(
  1628. log.New(os.Stdout, "\r\n", log.LstdFlags),
  1629. logger.Config{
  1630. SlowThreshold: time.Second,
  1631. LogLevel: logger.Info,
  1632. IgnoreRecordNotFoundError: true,
  1633. Colorful: true,
  1634. },
  1635. )
  1636. } else {
  1637. gormLogger = logger.Discard
  1638. }
  1639. c := &gorm.Config{Logger: gormLogger, DisableForeignKeyConstraintWhenMigrating: true}
  1640. var err error
  1641. switch config.GetDBKind() {
  1642. case "postgres":
  1643. dsn := config.GetDBDSN()
  1644. if dsn == "" {
  1645. return errors.New("XUI_DB_TYPE=postgres but XUI_DB_DSN is empty")
  1646. }
  1647. db, err = gorm.Open(postgres.Open(dsn), c)
  1648. if err != nil {
  1649. return err
  1650. }
  1651. default:
  1652. dir := path.Dir(dbPath)
  1653. if err = os.MkdirAll(dir, 0o755); err != nil {
  1654. return err
  1655. }
  1656. sync := sqliteSynchronous()
  1657. dsn := dbPath + "?_journal_mode=DELETE&_busy_timeout=10000&_synchronous=" + sync + "&_txlock=immediate"
  1658. db, err = gorm.Open(sqlite.Open(dsn), c)
  1659. if err != nil {
  1660. return err
  1661. }
  1662. sqlDB, err := db.DB()
  1663. if err != nil {
  1664. return err
  1665. }
  1666. pragmas := []string{
  1667. "PRAGMA journal_mode=DELETE",
  1668. "PRAGMA busy_timeout=10000",
  1669. "PRAGMA synchronous=" + sync,
  1670. fmt.Sprintf("PRAGMA cache_size=-%d", envInt("XUI_DB_CACHE_MB", 32)*1024),
  1671. fmt.Sprintf("PRAGMA mmap_size=%d", int64(envInt("XUI_DB_MMAP_MB", 256))*1024*1024),
  1672. "PRAGMA temp_store=MEMORY",
  1673. }
  1674. for _, p := range pragmas {
  1675. if _, err := sqlDB.ExecContext(context.Background(), p); err != nil {
  1676. return err
  1677. }
  1678. }
  1679. }
  1680. sqlDB, err := db.DB()
  1681. if err != nil {
  1682. return err
  1683. }
  1684. var maxOpen, maxIdle int
  1685. switch config.GetDBKind() {
  1686. case "postgres":
  1687. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 25)
  1688. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 25)
  1689. default:
  1690. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 8)
  1691. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 4)
  1692. }
  1693. sqlDB.SetMaxOpenConns(maxOpen)
  1694. sqlDB.SetMaxIdleConns(maxIdle)
  1695. sqlDB.SetConnMaxLifetime(time.Hour)
  1696. sqlDB.SetConnMaxIdleTime(30 * time.Minute)
  1697. if err := initModels(); err != nil {
  1698. return err
  1699. }
  1700. isUsersEmpty, err := isTableEmpty("users")
  1701. if err != nil {
  1702. return err
  1703. }
  1704. if err := initUser(); err != nil {
  1705. return err
  1706. }
  1707. return runSeeders(isUsersEmpty)
  1708. }
  1709. func normalizeApiTokenCreatedAtSeconds() error {
  1710. return db.Model(&model.ApiToken{}).
  1711. Where("created_at >= ?", model.ApiTokenUnixMillisecondsThreshold).
  1712. UpdateColumn("created_at", gorm.Expr("created_at / ?", 1000)).Error
  1713. }
  1714. func sqliteSynchronous() string {
  1715. switch strings.ToUpper(strings.TrimSpace(os.Getenv("XUI_DB_SYNCHRONOUS"))) {
  1716. case "OFF":
  1717. return "OFF"
  1718. case "NORMAL":
  1719. return "NORMAL"
  1720. case "EXTRA":
  1721. return "EXTRA"
  1722. default:
  1723. return "FULL"
  1724. }
  1725. }
  1726. func envInt(key string, def int) int {
  1727. v := strings.TrimSpace(os.Getenv(key))
  1728. if v == "" {
  1729. return def
  1730. }
  1731. n, err := strconv.Atoi(v)
  1732. if err != nil || n <= 0 {
  1733. return def
  1734. }
  1735. return n
  1736. }
  1737. func CloseDB() error {
  1738. if db != nil {
  1739. sqlDB, err := db.DB()
  1740. if err != nil {
  1741. return err
  1742. }
  1743. return sqlDB.Close()
  1744. }
  1745. return nil
  1746. }
  1747. func GetDB() *gorm.DB {
  1748. return db
  1749. }
  1750. func IsNotFound(err error) bool {
  1751. return errors.Is(err, gorm.ErrRecordNotFound)
  1752. }
  1753. func IsSQLiteDB(file io.ReaderAt) (bool, error) {
  1754. signature := []byte("SQLite format 3\x00")
  1755. buf := make([]byte, len(signature))
  1756. _, err := file.ReadAt(buf, 0)
  1757. if err != nil {
  1758. return false, err
  1759. }
  1760. return bytes.Equal(buf, signature), nil
  1761. }
  1762. func Checkpoint() error {
  1763. if IsPostgres() {
  1764. return nil
  1765. }
  1766. return db.Exec("PRAGMA wal_checkpoint;").Error
  1767. }
  1768. func ValidateSQLiteDB(dbPath string) error {
  1769. if _, err := os.Stat(dbPath); err != nil {
  1770. return err
  1771. }
  1772. gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})
  1773. if err != nil {
  1774. return err
  1775. }
  1776. sqlDB, err := gdb.DB()
  1777. if err != nil {
  1778. return err
  1779. }
  1780. defer sqlDB.Close()
  1781. var res string
  1782. if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {
  1783. return err
  1784. }
  1785. if res != "ok" {
  1786. return errors.New("sqlite integrity check failed: " + res)
  1787. }
  1788. return nil
  1789. }