1
0

db.go 50 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720
  1. // Package database provides database initialization, migration, and management utilities
  2. // for the 3x-ui panel using GORM with SQLite or PostgreSQL.
  3. package database
  4. import (
  5. "bytes"
  6. "context"
  7. "encoding/json"
  8. "errors"
  9. "fmt"
  10. "io"
  11. "log"
  12. "math"
  13. "os"
  14. "os/exec"
  15. "path"
  16. "runtime"
  17. "slices"
  18. "strconv"
  19. "strings"
  20. "time"
  21. "github.com/mhsanaei/3x-ui/v3/internal/config"
  22. "github.com/mhsanaei/3x-ui/v3/internal/database/model"
  23. "github.com/mhsanaei/3x-ui/v3/internal/util/crypto"
  24. "github.com/mhsanaei/3x-ui/v3/internal/util/random"
  25. "github.com/mhsanaei/3x-ui/v3/internal/xray"
  26. "gorm.io/driver/postgres"
  27. "gorm.io/driver/sqlite"
  28. "gorm.io/gorm"
  29. "gorm.io/gorm/logger"
  30. )
  31. var db *gorm.DB
  32. const (
  33. DialectSQLite = "sqlite"
  34. DialectPostgres = "postgres"
  35. )
  36. // IsPostgres reports whether the active connection is a PostgreSQL backend.
  37. func IsPostgres() bool {
  38. if db == nil {
  39. return config.GetDBKind() == "postgres"
  40. }
  41. return db.Name() == "postgres"
  42. }
  43. // Dialect returns the active GORM dialect name, or "" if the DB is not open.
  44. func Dialect() string {
  45. if db == nil {
  46. return ""
  47. }
  48. return db.Name()
  49. }
  50. const (
  51. defaultUsername = "admin"
  52. defaultPassword = "admin"
  53. )
  54. func initModels() error {
  55. models := []any{
  56. &model.User{},
  57. &model.Inbound{},
  58. &model.OutboundTraffics{},
  59. &model.Setting{},
  60. &model.InboundClientIps{},
  61. &xray.ClientTraffic{},
  62. &model.HistoryOfSeeders{},
  63. &model.Node{},
  64. &model.ApiToken{},
  65. &model.ClientRecord{},
  66. &model.ClientInbound{},
  67. &model.ClientExternalLink{},
  68. &model.ClientGroup{},
  69. &model.InboundFallback{},
  70. &model.Host{},
  71. &model.NodeClientTraffic{},
  72. &model.NodeClientIp{},
  73. &model.ClientGlobalTraffic{},
  74. &model.OutboundSubscription{},
  75. }
  76. for _, mdl := range models {
  77. if IsPostgres() && postgresModelSettled(mdl) {
  78. continue
  79. }
  80. if err := db.AutoMigrate(mdl); err != nil {
  81. if isIgnorableDuplicateColumnErr(err, mdl) {
  82. log.Printf("Ignoring duplicate column during auto migration for %T: %v", mdl, err)
  83. continue
  84. }
  85. log.Printf("Error auto migrating model: %v", err)
  86. return err
  87. }
  88. }
  89. if err := migrateHostVerifyPeerCertByNameColumn(); err != nil {
  90. return err
  91. }
  92. if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
  93. return err
  94. }
  95. if err := dropLegacyForeignKeys(); err != nil {
  96. return err
  97. }
  98. if err := pruneOrphanedClientInbounds(); err != nil {
  99. return err
  100. }
  101. if err := pruneOrphanedHosts(); err != nil {
  102. return err
  103. }
  104. if err := normalizeInboundSubSortIndex(); err != nil {
  105. return err
  106. }
  107. if err := repairOverflowedTrafficCounters(); err != nil {
  108. return err
  109. }
  110. if err := dedupeInboundSettingsClients(); err != nil {
  111. return err
  112. }
  113. if err := migrateLegacySocksInboundsToMixed(); err != nil {
  114. return err
  115. }
  116. if IsPostgres() {
  117. if err := resyncPostgresSequences(db, models); err != nil {
  118. log.Printf("Error resyncing postgres sequences: %v", err)
  119. return err
  120. }
  121. }
  122. return nil
  123. }
  124. // postgresModelSettled skips AutoMigrate when table, columns, and indexes all exist:
  125. // its catalog-filtered column probe misdetects on some setups and re-ADDs columns forever (#5665).
  126. func postgresModelSettled(mdl any) bool {
  127. migrator := db.Migrator()
  128. if !migrator.HasTable(mdl) {
  129. return false
  130. }
  131. stmt := &gorm.Statement{DB: db}
  132. if err := stmt.Parse(mdl); err != nil || stmt.Schema == nil {
  133. return false
  134. }
  135. for _, dbName := range stmt.Schema.DBNames {
  136. if !migrator.HasColumn(mdl, dbName) {
  137. return false
  138. }
  139. }
  140. for _, idx := range stmt.Schema.ParseIndexes() {
  141. if !migrator.HasIndex(mdl, idx.Name) {
  142. return false
  143. }
  144. }
  145. return true
  146. }
  147. func dropLegacyForeignKeys() error {
  148. if !IsPostgres() {
  149. return nil
  150. }
  151. if err := db.Exec("ALTER TABLE client_traffics DROP CONSTRAINT IF EXISTS fk_inbounds_client_stats").Error; err != nil {
  152. log.Printf("Error dropping legacy foreign key fk_inbounds_client_stats: %v", err)
  153. return err
  154. }
  155. return nil
  156. }
  157. // migrateHostVerifyPeerCertByNameColumn converts hosts.verify_peer_cert_by_name
  158. // from its original boolean shape to the comma-separated string xray-core's
  159. // verifyPeerCertByName (vcn) actually expects. The legacy boolean was dead
  160. // (never emitted into links), so its value carries no meaning and is discarded.
  161. // Idempotent by construction (no HistoryOfSeeders row — writing one here would
  162. // flip the fresh-DB detection in runSeeders). Runs right after AutoMigrate,
  163. // before anything reads or writes Host rows (critical on Postgres, where the
  164. // column stays boolean-typed until the ALTER below).
  165. func migrateHostVerifyPeerCertByNameColumn() error {
  166. if !db.Migrator().HasColumn(&model.Host{}, "verify_peer_cert_by_name") {
  167. return nil
  168. }
  169. if IsPostgres() {
  170. // Only convert a still-boolean column; once it is text this is a no-op,
  171. // so a user-set name is never wiped on a later restart.
  172. var dataType string
  173. if err := db.Raw(
  174. `SELECT data_type FROM information_schema.columns WHERE table_name = 'hosts' AND column_name = 'verify_peer_cert_by_name'`,
  175. ).Scan(&dataType).Error; err != nil {
  176. return err
  177. }
  178. if dataType != "boolean" {
  179. return nil
  180. }
  181. if err := db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name DROP DEFAULT`).Error; err != nil {
  182. return err
  183. }
  184. return db.Exec(`ALTER TABLE hosts ALTER COLUMN verify_peer_cert_by_name TYPE text USING ''`).Error
  185. }
  186. // SQLite keeps the original numeric-affinity column; blank any legacy
  187. // integer/null value so it doesn't read back as "0"/"1". After conversion
  188. // every value is text, so re-running touches nothing.
  189. return db.Exec(`UPDATE hosts SET verify_peer_cert_by_name = '' WHERE verify_peer_cert_by_name IS NULL OR typeof(verify_peer_cert_by_name) <> 'text'`).Error
  190. }
  191. // seedHostsFromExternalProxy is a one-time, self-gated migration that creates a
  192. // Host row for every legacy externalProxy entry on every inbound. Additive: the
  193. // externalProxy arrays are left intact in StreamSettings.
  194. func seedHostsFromExternalProxy() error {
  195. var history []string
  196. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  197. return err
  198. }
  199. if slices.Contains(history, "HostsFromExternalProxy") {
  200. return nil
  201. }
  202. var inbounds []model.Inbound
  203. if err := db.Find(&inbounds).Error; err != nil {
  204. return err
  205. }
  206. return db.Transaction(func(tx *gorm.DB) error {
  207. for _, inbound := range inbounds {
  208. if _, err := CreateHostsFromExternalProxy(tx, inbound.Id, inbound.StreamSettings); err != nil {
  209. return err
  210. }
  211. }
  212. return tx.Create(&model.HistoryOfSeeders{SeederName: "HostsFromExternalProxy"}).Error
  213. })
  214. }
  215. // seedWireguardPeersToClients is a one-time, self-gated migration that converts
  216. // legacy single-config WireGuard inbounds into the multi-client model: each
  217. // settings.peers[] entry becomes a managed client in the clients table attached
  218. // to the inbound, and the inbound settings are rewritten so peers becomes a
  219. // clients[] array (GetXrayConfig re-projects clients back to peers for xray).
  220. // Idempotent: gated on the history row and skipped per-inbound once it already
  221. // has client links.
  222. func seedWireguardPeersToClients() error {
  223. var history []string
  224. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  225. return err
  226. }
  227. if slices.Contains(history, "WireguardPeersToClients") {
  228. return nil
  229. }
  230. var inbounds []model.Inbound
  231. if err := db.Where("protocol = ?", string(model.WireGuard)).Find(&inbounds).Error; err != nil {
  232. return err
  233. }
  234. return db.Transaction(func(tx *gorm.DB) error {
  235. usedEmails := map[string]struct{}{}
  236. var existingEmails []string
  237. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  238. return err
  239. }
  240. for _, e := range existingEmails {
  241. usedEmails[e] = struct{}{}
  242. }
  243. for _, inbound := range inbounds {
  244. if strings.TrimSpace(inbound.Settings) == "" {
  245. continue
  246. }
  247. var settings map[string]any
  248. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  249. log.Printf("WireguardPeersToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  250. continue
  251. }
  252. peers, ok := settings["peers"].([]any)
  253. if !ok || len(peers) == 0 {
  254. continue
  255. }
  256. var linkCount int64
  257. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  258. return err
  259. }
  260. if linkCount > 0 {
  261. continue
  262. }
  263. clientObjs := make([]any, 0, len(peers))
  264. for i, raw := range peers {
  265. obj, ok := raw.(map[string]any)
  266. if !ok {
  267. continue
  268. }
  269. email := wireguardPeerEmail(inbound.Remark, obj, i, usedEmails)
  270. usedEmails[email] = struct{}{}
  271. obj["email"] = email
  272. if sub, _ := obj["subId"].(string); strings.TrimSpace(sub) == "" {
  273. obj["subId"] = random.NumLower(16)
  274. }
  275. if _, ok := obj["enable"]; !ok {
  276. obj["enable"] = true
  277. }
  278. blob, err := json.Marshal(obj)
  279. if err != nil {
  280. continue
  281. }
  282. var c model.Client
  283. if err := json.Unmarshal(blob, &c); err != nil {
  284. log.Printf("WireguardPeersToClients: skip peer in inbound %d: %v", inbound.Id, err)
  285. continue
  286. }
  287. c.Email = email
  288. incoming := c.ToRecord()
  289. var row model.ClientRecord
  290. err = tx.Where("email = ?", email).First(&row).Error
  291. if errors.Is(err, gorm.ErrRecordNotFound) {
  292. if err := tx.Create(incoming).Error; err != nil {
  293. return err
  294. }
  295. row = *incoming
  296. } else if err != nil {
  297. return err
  298. } else {
  299. model.MergeClientRecord(&row, incoming)
  300. if err := tx.Save(&row).Error; err != nil {
  301. return err
  302. }
  303. }
  304. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  305. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  306. FirstOrCreate(&link).Error; err != nil {
  307. return err
  308. }
  309. clientObjs = append(clientObjs, obj)
  310. }
  311. delete(settings, "peers")
  312. settings["clients"] = clientObjs
  313. newSettings, err := json.Marshal(settings)
  314. if err != nil {
  315. return err
  316. }
  317. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  318. Update("settings", string(newSettings)).Error; err != nil {
  319. return err
  320. }
  321. }
  322. return tx.Create(&model.HistoryOfSeeders{SeederName: "WireguardPeersToClients"}).Error
  323. })
  324. }
  325. // wireguardPeerEmail derives a stable, unique client email for a migrated peer
  326. // from the inbound remark plus the peer's comment (or its 1-based index).
  327. func wireguardPeerEmail(remark string, peer map[string]any, index int, used map[string]struct{}) string {
  328. base := strings.TrimSpace(remark)
  329. if base == "" {
  330. base = "wg"
  331. }
  332. suffix := strconv.Itoa(index + 1)
  333. if c, ok := peer["comment"].(string); ok && strings.TrimSpace(c) != "" {
  334. suffix = strings.TrimSpace(c)
  335. }
  336. email := strings.ReplaceAll(base+"-"+suffix, " ", "-")
  337. candidate := email
  338. for n := 2; ; n++ {
  339. if _, taken := used[candidate]; !taken {
  340. return candidate
  341. }
  342. candidate = email + "-" + strconv.Itoa(n)
  343. }
  344. }
  345. // seedMtprotoSecretsToClients converts each legacy single-secret mtproto inbound
  346. // into a one-client inbound so MTProto joins the shared multi-client model: the
  347. // inbound-level secret becomes the first client's FakeTLS secret, and a
  348. // ClientRecord + client_inbounds link are created so per-client traffic, limits,
  349. // and share links work exactly like every other protocol. One-time, self-gated
  350. // on the "MtprotoSecretsToClients" seeder row. Mirrors seedWireguardPeersToClients.
  351. func seedMtprotoSecretsToClients() error {
  352. var history []string
  353. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  354. return err
  355. }
  356. if slices.Contains(history, "MtprotoSecretsToClients") {
  357. return nil
  358. }
  359. var inbounds []model.Inbound
  360. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  361. return err
  362. }
  363. return db.Transaction(func(tx *gorm.DB) error {
  364. usedEmails := map[string]struct{}{}
  365. var existingEmails []string
  366. if err := tx.Model(&model.ClientRecord{}).Pluck("email", &existingEmails).Error; err != nil {
  367. return err
  368. }
  369. for _, e := range existingEmails {
  370. usedEmails[e] = struct{}{}
  371. }
  372. for _, inbound := range inbounds {
  373. if strings.TrimSpace(inbound.Settings) == "" {
  374. continue
  375. }
  376. var settings map[string]any
  377. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  378. log.Printf("MtprotoSecretsToClients: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  379. continue
  380. }
  381. if clients, ok := settings["clients"].([]any); ok && len(clients) > 0 {
  382. continue
  383. }
  384. var linkCount int64
  385. if err := tx.Model(&model.ClientInbound{}).Where("inbound_id = ?", inbound.Id).Count(&linkCount).Error; err != nil {
  386. return err
  387. }
  388. if linkCount > 0 {
  389. continue
  390. }
  391. secret, _ := settings["secret"].(string)
  392. secret = strings.TrimSpace(secret)
  393. if secret == "" {
  394. domain, _ := settings["fakeTlsDomain"].(string)
  395. secret = model.GenerateFakeTLSSecret(strings.TrimSpace(domain))
  396. }
  397. email := mtprotoInboundClientEmail(inbound.Remark, usedEmails)
  398. usedEmails[email] = struct{}{}
  399. obj := map[string]any{
  400. "email": email,
  401. "secret": secret,
  402. "enable": true,
  403. "subId": random.NumLower(16),
  404. }
  405. c := model.Client{Email: email, Secret: secret, Enable: true, SubID: obj["subId"].(string)}
  406. incoming := c.ToRecord()
  407. var row model.ClientRecord
  408. err := tx.Where("email = ?", email).First(&row).Error
  409. if errors.Is(err, gorm.ErrRecordNotFound) {
  410. if err := tx.Create(incoming).Error; err != nil {
  411. return err
  412. }
  413. row = *incoming
  414. } else if err != nil {
  415. return err
  416. } else {
  417. model.MergeClientRecord(&row, incoming)
  418. if err := tx.Save(&row).Error; err != nil {
  419. return err
  420. }
  421. }
  422. link := model.ClientInbound{ClientId: row.Id, InboundId: inbound.Id}
  423. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  424. FirstOrCreate(&link).Error; err != nil {
  425. return err
  426. }
  427. delete(settings, "secret")
  428. settings["clients"] = []any{obj}
  429. newSettings, err := json.Marshal(settings)
  430. if err != nil {
  431. return err
  432. }
  433. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  434. Update("settings", string(newSettings)).Error; err != nil {
  435. return err
  436. }
  437. }
  438. return tx.Create(&model.HistoryOfSeeders{SeederName: "MtprotoSecretsToClients"}).Error
  439. })
  440. }
  441. // stripMtprotoInboundSecrets removes the vestigial inbound-level `secret` from
  442. // every mtproto inbound. seedMtprotoSecretsToClients already drops it while
  443. // converting legacy single-secret inbounds, but inbounds that already had clients
  444. // kept the dead field, and the old HealMtprotoSecret regenerated it on every
  445. // save. mtg and every share link read only per-client secrets, so the
  446. // inbound-level value is dead data that once leaked into stale, unusable links.
  447. // One-time, self-gated on the "StripMtprotoInboundSecrets" seeder row.
  448. func stripMtprotoInboundSecrets() error {
  449. var history []string
  450. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  451. return err
  452. }
  453. if slices.Contains(history, "StripMtprotoInboundSecrets") {
  454. return nil
  455. }
  456. var inbounds []model.Inbound
  457. if err := db.Where("protocol = ?", string(model.MTProto)).Find(&inbounds).Error; err != nil {
  458. return err
  459. }
  460. return db.Transaction(func(tx *gorm.DB) error {
  461. for _, inbound := range inbounds {
  462. stripped, ok := model.StripMtprotoInboundSecret(inbound.Settings)
  463. if !ok {
  464. continue
  465. }
  466. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  467. Update("settings", stripped).Error; err != nil {
  468. return err
  469. }
  470. }
  471. return tx.Create(&model.HistoryOfSeeders{SeederName: "StripMtprotoInboundSecrets"}).Error
  472. })
  473. }
  474. // mtprotoInboundClientEmail derives a stable, unique client email for a migrated
  475. // mtproto inbound from its remark.
  476. func mtprotoInboundClientEmail(remark string, used map[string]struct{}) string {
  477. base := strings.TrimSpace(remark)
  478. if base == "" {
  479. base = "mtproto"
  480. }
  481. email := strings.ReplaceAll(base, " ", "-")
  482. candidate := email
  483. for n := 2; ; n++ {
  484. if _, taken := used[candidate]; !taken {
  485. return candidate
  486. }
  487. candidate = email + "-" + strconv.Itoa(n)
  488. }
  489. }
  490. // CreateHostsFromExternalProxy parses a legacy streamSettings.externalProxy array
  491. // and inserts one Host row per entry on tx, returning the number of rows created.
  492. // It is the shared core of both the one-time seedHostsFromExternalProxy startup
  493. // migration and the inbound-import path: an inbound exported from a build that
  494. // predated the hosts table carries its external proxies inline in
  495. // streamSettings.externalProxy, and the startup migration is gated off after its
  496. // first run, so a freshly imported inbound must be converted here instead. Blank
  497. // or malformed streamSettings, or one without externalProxy entries, is a no-op.
  498. func CreateHostsFromExternalProxy(tx *gorm.DB, inboundId int, streamSettings string) (int, error) {
  499. if strings.TrimSpace(streamSettings) == "" {
  500. return 0, nil
  501. }
  502. var stream map[string]any
  503. if err := json.Unmarshal([]byte(streamSettings), &stream); err != nil {
  504. return 0, nil
  505. }
  506. eps, ok := stream["externalProxy"].([]any)
  507. if !ok || len(eps) == 0 {
  508. return 0, nil
  509. }
  510. created := 0
  511. for i, raw := range eps {
  512. ep, ok := raw.(map[string]any)
  513. if !ok {
  514. continue
  515. }
  516. if err := tx.Create(externalProxyEntryToHost(inboundId, i, ep)).Error; err != nil {
  517. return created, err
  518. }
  519. created++
  520. }
  521. return created, nil
  522. }
  523. // externalProxyEntryToHost maps one legacy externalProxy entry onto a Host.
  524. // forceTls (same|tls|none) maps straight to Security; an unknown value falls back
  525. // to "same" (inherit). An empty remark gets a stable generated label so the row
  526. // stays valid/editable, and the remark is capped at the model's 256-char limit.
  527. func externalProxyEntryToHost(inboundId, index int, ep map[string]any) *model.Host {
  528. security, _ := ep["forceTls"].(string)
  529. switch security {
  530. case "same", "tls", "none":
  531. default:
  532. security = "same"
  533. }
  534. dest, _ := ep["dest"].(string)
  535. port := 0
  536. if p, ok := ep["port"].(float64); ok {
  537. port = int(p)
  538. }
  539. remark, _ := ep["remark"].(string)
  540. if strings.TrimSpace(remark) == "" {
  541. remark = "imported " + strconv.Itoa(index+1)
  542. }
  543. if len(remark) > 256 {
  544. remark = remark[:256]
  545. }
  546. sni, _ := ep["sni"].(string)
  547. fingerprint, _ := ep["fingerprint"].(string)
  548. ech, _ := ep["echConfigList"].(string)
  549. return &model.Host{
  550. InboundId: inboundId,
  551. SortOrder: index,
  552. Remark: remark,
  553. Address: dest,
  554. Port: port,
  555. Security: security,
  556. Sni: sni,
  557. Fingerprint: fingerprint,
  558. Alpn: anyToNonEmptyStrings(ep["alpn"]),
  559. PinnedPeerCertSha256: anyToNonEmptyStrings(ep["pinnedPeerCertSha256"]),
  560. EchConfigList: ech,
  561. }
  562. }
  563. func anyToNonEmptyStrings(v any) []string {
  564. switch t := v.(type) {
  565. case []any:
  566. out := make([]string, 0, len(t))
  567. for _, e := range t {
  568. if s, ok := e.(string); ok && s != "" {
  569. out = append(out, s)
  570. }
  571. }
  572. return out
  573. case []string:
  574. out := make([]string, 0, len(t))
  575. for _, s := range t {
  576. if s != "" {
  577. out = append(out, s)
  578. }
  579. }
  580. return out
  581. default:
  582. return nil
  583. }
  584. }
  585. func pruneOrphanedHosts() error {
  586. res := db.Exec("DELETE FROM hosts WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  587. if res.Error != nil {
  588. log.Printf("Error pruning orphaned hosts rows: %v", res.Error)
  589. return res.Error
  590. }
  591. if res.RowsAffected > 0 {
  592. log.Printf("Pruned %d orphaned hosts row(s)", res.RowsAffected)
  593. }
  594. return nil
  595. }
  596. func pruneOrphanedClientInbounds() error {
  597. res := db.Exec("DELETE FROM client_inbounds WHERE inbound_id NOT IN (SELECT id FROM inbounds)")
  598. if res.Error != nil {
  599. log.Printf("Error pruning orphaned client_inbounds rows: %v", res.Error)
  600. return res.Error
  601. }
  602. if res.RowsAffected > 0 {
  603. log.Printf("Pruned %d orphaned client_inbounds row(s)", res.RowsAffected)
  604. }
  605. return nil
  606. }
  607. // migrateLegacySocksInboundsToMixed renames legacy socks inbounds to mixed.
  608. // The protocol enum dropped socks in favor of mixed (identical settings shape,
  609. // same behavior plus HTTP on the shared port), so rows predating the rename
  610. // fail model validation — most visibly when pushed to a node, where one legacy
  611. // inbound stalled the entire node's config and traffic sync (#5685).
  612. func migrateLegacySocksInboundsToMixed() error {
  613. res := db.Exec("UPDATE inbounds SET protocol = 'mixed' WHERE protocol = 'socks'")
  614. if res.Error != nil {
  615. log.Printf("Error migrating legacy socks inbounds to mixed: %v", res.Error)
  616. return res.Error
  617. }
  618. if res.RowsAffected > 0 {
  619. log.Printf("Migrated %d legacy socks inbound(s) to mixed", res.RowsAffected)
  620. }
  621. return nil
  622. }
  623. // normalizeInboundSubSortIndex lifts sub_sort_index values below the 1-based
  624. // minimum (rows written by builds that defaulted the column to 0, or by nodes
  625. // predating the field) so they cannot sort ahead of explicitly ranked inbounds.
  626. func normalizeInboundSubSortIndex() error {
  627. res := db.Exec("UPDATE inbounds SET sub_sort_index = 1 WHERE sub_sort_index < 1")
  628. if res.Error != nil {
  629. log.Printf("Error normalizing inbound sub_sort_index: %v", res.Error)
  630. return res.Error
  631. }
  632. if res.RowsAffected > 0 {
  633. log.Printf("Normalized sub_sort_index on %d inbound(s)", res.RowsAffected)
  634. }
  635. return nil
  636. }
  637. // repairOverflowedTrafficCounters heals traffic counters that historic
  638. // compounding bugs pushed past int64: on SQLite an overflowing INTEGER is
  639. // silently promoted to REAL, after which the column no longer scans into the
  640. // Go int64 field and every reader of the table fails (#5762). REAL cells are
  641. // cast back to INTEGER (SQLite caps the cast at math.MaxInt64), then values
  642. // are clamped into [0, TrafficMax] on both backends so the next delta cannot
  643. // overflow again.
  644. func repairOverflowedTrafficCounters() error {
  645. targets := []struct {
  646. table string
  647. columns []string
  648. }{
  649. {"client_traffics", []string{"up", "down"}},
  650. {"inbounds", []string{"up", "down"}},
  651. {"outbound_traffics", []string{"up", "down", "total"}},
  652. {"node_client_traffics", []string{"up", "down"}},
  653. }
  654. for _, target := range targets {
  655. for _, col := range target.columns {
  656. statements := []string{
  657. fmt.Sprintf("UPDATE %s SET %s = %d WHERE %s > %d", target.table, col, TrafficMax, col, TrafficMax),
  658. fmt.Sprintf("UPDATE %s SET %s = 0 WHERE %s < 0", target.table, col, col),
  659. }
  660. if !IsPostgres() {
  661. statements = append([]string{
  662. fmt.Sprintf("UPDATE %s SET %s = CAST(%s AS INTEGER) WHERE typeof(%s) = 'real'", target.table, col, col, col),
  663. }, statements...)
  664. }
  665. var repaired int64
  666. for _, statement := range statements {
  667. res := db.Exec(statement)
  668. if res.Error != nil {
  669. log.Printf("Error repairing %s.%s: %v", target.table, col, res.Error)
  670. return res.Error
  671. }
  672. repaired += res.RowsAffected
  673. }
  674. if repaired > 0 {
  675. log.Printf("Repaired %d overflowed %s.%s value(s)", repaired, target.table, col)
  676. }
  677. }
  678. }
  679. return nil
  680. }
  681. // dedupeInboundSettingsClients collapses duplicate same-email entries inside
  682. // every inbound's settings.clients array, keeping the first occurrence.
  683. // Retried or raced multi-node client adds on older builds appended the same
  684. // client several times (#5770), which the client lists then rendered as
  685. // phantom duplicates. Runs on every start (idempotent, writes only changed
  686. // rows) because a restored backup or a not-yet-upgraded node's snapshot can
  687. // reintroduce duplicates.
  688. func dedupeInboundSettingsClients() error {
  689. var inbounds []model.Inbound
  690. if err := db.Find(&inbounds).Error; err != nil {
  691. return err
  692. }
  693. repaired := int64(0)
  694. for _, inbound := range inbounds {
  695. if strings.TrimSpace(inbound.Settings) == "" {
  696. continue
  697. }
  698. var settings map[string]any
  699. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  700. continue
  701. }
  702. clients, _ := settings["clients"].([]any)
  703. if len(clients) < 2 {
  704. continue
  705. }
  706. seen := make(map[string]struct{}, len(clients))
  707. kept := make([]any, 0, len(clients))
  708. for _, c := range clients {
  709. if cm, ok := c.(map[string]any); ok {
  710. if email, _ := cm["email"].(string); email != "" {
  711. key := strings.ToLower(email)
  712. if _, dup := seen[key]; dup {
  713. continue
  714. }
  715. seen[key] = struct{}{}
  716. }
  717. }
  718. kept = append(kept, c)
  719. }
  720. if len(kept) == len(clients) {
  721. continue
  722. }
  723. settings["clients"] = kept
  724. newSettings, err := json.MarshalIndent(settings, "", " ")
  725. if err != nil {
  726. log.Printf("dedupeInboundSettingsClients: skip inbound %d (marshal failed): %v", inbound.Id, err)
  727. continue
  728. }
  729. if err := db.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  730. Update("settings", string(newSettings)).Error; err != nil {
  731. return err
  732. }
  733. repaired++
  734. }
  735. if repaired > 0 {
  736. log.Printf("Removed duplicate client entries from %d inbound(s)", repaired)
  737. }
  738. return nil
  739. }
  740. func isIgnorableDuplicateColumnErr(err error, mdl any) bool {
  741. if err == nil {
  742. return false
  743. }
  744. errMsg := strings.ToLower(err.Error())
  745. // SQLite: "duplicate column name: foo"
  746. // Postgres: `pq: column "foo" of relation "bar" already exists` / `sqlstate 42701`
  747. const sqlitePrefix = "duplicate column name:"
  748. if _, after, ok := strings.Cut(errMsg, sqlitePrefix); ok {
  749. col := strings.TrimSpace(after)
  750. col = strings.Trim(col, "`\"[]")
  751. return col != "" && db != nil && db.Migrator().HasColumn(mdl, col)
  752. }
  753. if strings.Contains(errMsg, "already exists") && strings.Contains(errMsg, "column ") {
  754. // Best effort: extract the column name between the first pair of double quotes.
  755. if _, after, ok := strings.Cut(errMsg, "column \""); ok {
  756. rest := after
  757. if e := strings.Index(rest, "\""); e > 0 {
  758. col := rest[:e]
  759. return col != "" && db != nil && db.Migrator().HasColumn(mdl, col)
  760. }
  761. }
  762. }
  763. return false
  764. }
  765. // initUser creates a default admin user if the users table is empty.
  766. func initUser() error {
  767. empty, err := isTableEmpty("users")
  768. if err != nil {
  769. log.Printf("Error checking if users table is empty: %v", err)
  770. return err
  771. }
  772. if empty {
  773. hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)
  774. if err != nil {
  775. log.Printf("Error hashing default password: %v", err)
  776. return err
  777. }
  778. user := &model.User{
  779. Username: defaultUsername,
  780. Password: hashedPassword,
  781. }
  782. return db.Create(user).Error
  783. }
  784. return nil
  785. }
  786. // runSeeders migrates user passwords to bcrypt and records seeder execution to prevent re-running.
  787. func runSeeders(isUsersEmpty bool) error {
  788. empty, err := isTableEmpty("history_of_seeders")
  789. if err != nil {
  790. log.Printf("Error checking if users table is empty: %v", err)
  791. return err
  792. }
  793. if empty && isUsersEmpty {
  794. seeders := []string{"UserPasswordHash", "ClientsTable", "InboundClientsArrayFix", "InboundClientTgIdFix", "InboundClientSubIdFix", "FreedomFinalRulesReverseFix", "ApiTokensHash", "LegacyProxySettingsCleanup", "WireguardPeersToClients", "MtprotoSecretsToClients"}
  795. for _, name := range seeders {
  796. if err := db.Create(&model.HistoryOfSeeders{SeederName: name}).Error; err != nil {
  797. return err
  798. }
  799. }
  800. return seedApiTokens()
  801. }
  802. var seedersHistory []string
  803. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory).Error; err != nil {
  804. log.Printf("Error fetching seeder history: %v", err)
  805. return err
  806. }
  807. if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {
  808. var users []model.User
  809. if err := db.Find(&users).Error; err != nil {
  810. log.Printf("Error fetching users for password migration: %v", err)
  811. return err
  812. }
  813. for _, user := range users {
  814. if crypto.IsHashed(user.Password) {
  815. continue
  816. }
  817. hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
  818. if err != nil {
  819. log.Printf("Error hashing password for user '%s': %v", user.Username, err)
  820. return err
  821. }
  822. if err := db.Model(&user).Update("password", hashedPassword).Error; err != nil {
  823. log.Printf("Error updating password for user '%s': %v", user.Username, err)
  824. return err
  825. }
  826. }
  827. hashSeeder := &model.HistoryOfSeeders{
  828. SeederName: "UserPasswordHash",
  829. }
  830. if err := db.Create(hashSeeder).Error; err != nil {
  831. return err
  832. }
  833. }
  834. if !slices.Contains(seedersHistory, "ApiTokensTable") {
  835. if err := seedApiTokens(); err != nil {
  836. return err
  837. }
  838. }
  839. if !slices.Contains(seedersHistory, "ApiTokensHash") {
  840. if err := hashExistingApiTokens(); err != nil {
  841. return err
  842. }
  843. }
  844. if !slices.Contains(seedersHistory, "ClientsTable") {
  845. if err := seedClientsFromInboundJSON(); err != nil {
  846. return err
  847. }
  848. }
  849. if !slices.Contains(seedersHistory, "InboundClientsArrayFix") {
  850. if err := normalizeInboundClientsArray(); err != nil {
  851. return err
  852. }
  853. }
  854. if !slices.Contains(seedersHistory, "InboundClientTgIdFix") {
  855. if err := normalizeInboundClientTgId(); err != nil {
  856. return err
  857. }
  858. }
  859. if !slices.Contains(seedersHistory, "InboundClientSubIdFix") {
  860. if err := normalizeInboundClientSubId(); err != nil {
  861. return err
  862. }
  863. }
  864. if !slices.Contains(seedersHistory, "FreedomFinalRulesReverseFix") {
  865. if err := normalizeFreedomFinalRules(); err != nil {
  866. return err
  867. }
  868. }
  869. if !slices.Contains(seedersHistory, "LegacyProxySettingsCleanup") {
  870. if err := clearLegacyProxySettings(); err != nil {
  871. return err
  872. }
  873. }
  874. // Self-gated on the "HostsFromExternalProxy" row, so it is safe to call
  875. // unconditionally here.
  876. if err := seedHostsFromExternalProxy(); err != nil {
  877. return err
  878. }
  879. // Self-gated on the "ResetIpLimitNoFail2ban" row.
  880. if err := resetIpLimitsWithoutFail2ban(); err != nil {
  881. return err
  882. }
  883. // Self-gated on the "WireguardPeersToClients" row.
  884. if err := seedWireguardPeersToClients(); err != nil {
  885. return err
  886. }
  887. // Self-gated on the "MtprotoSecretsToClients" row.
  888. if err := seedMtprotoSecretsToClients(); err != nil {
  889. return err
  890. }
  891. // Self-gated on the "StripMtprotoInboundSecrets" row. Must run after the
  892. // seeder above so legacy single-secret inbounds are first converted to a
  893. // client (which preserves the secret) before the inbound-level copy is
  894. // dropped from every mtproto inbound.
  895. if err := stripMtprotoInboundSecrets(); err != nil {
  896. return err
  897. }
  898. // Idempotent, not seeder-gated: bad values can re-enter via a restored
  899. // backup, so re-check on every start.
  900. return normalizeSettingPaths()
  901. }
  902. // resetIpLimitsWithoutFail2ban zeroes every client's IP limit on hosts where
  903. // fail2ban can't enforce it (not installed, or the integration disabled). The
  904. // limit silently does nothing there yet kept logging a repeated warning, so a
  905. // stale value is just misleading — the panel also disables the field on these
  906. // hosts. One-time, self-gated on the seeder row.
  907. func resetIpLimitsWithoutFail2ban() error {
  908. var history []string
  909. if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &history).Error; err != nil {
  910. return err
  911. }
  912. if slices.Contains(history, "ResetIpLimitNoFail2ban") {
  913. return nil
  914. }
  915. if fail2banCanEnforce() {
  916. return db.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  917. }
  918. var inbounds []model.Inbound
  919. if err := db.Find(&inbounds).Error; err != nil {
  920. return err
  921. }
  922. return db.Transaction(func(tx *gorm.DB) error {
  923. for _, inbound := range inbounds {
  924. if strings.TrimSpace(inbound.Settings) == "" {
  925. continue
  926. }
  927. var settings map[string]any
  928. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  929. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  930. continue
  931. }
  932. clients, ok := settings["clients"].([]any)
  933. if !ok {
  934. continue
  935. }
  936. mutated := false
  937. for i, raw := range clients {
  938. obj, ok := raw.(map[string]any)
  939. if !ok {
  940. continue
  941. }
  942. v, present := obj["limitIp"]
  943. if !present {
  944. continue
  945. }
  946. if n, isNum := v.(float64); isNum && n == 0 {
  947. continue
  948. }
  949. obj["limitIp"] = 0
  950. clients[i] = obj
  951. mutated = true
  952. }
  953. if !mutated {
  954. continue
  955. }
  956. settings["clients"] = clients
  957. newSettings, err := json.MarshalIndent(settings, "", " ")
  958. if err != nil {
  959. log.Printf("ResetIpLimitNoFail2ban: skip inbound %d (marshal failed): %v", inbound.Id, err)
  960. continue
  961. }
  962. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  963. Update("settings", string(newSettings)).Error; err != nil {
  964. return err
  965. }
  966. }
  967. if err := tx.Model(&model.ClientRecord{}).Where("limit_ip <> ?", 0).
  968. Update("limit_ip", 0).Error; err != nil {
  969. return err
  970. }
  971. return tx.Create(&model.HistoryOfSeeders{SeederName: "ResetIpLimitNoFail2ban"}).Error
  972. })
  973. }
  974. // fail2banCanEnforce reports whether per-client IP limits can actually be
  975. // enforced on this host: the integration must be enabled (XUI_ENABLE_FAIL2BAN)
  976. // and fail2ban-client must be present. Mirrors the service-layer check, kept
  977. // local to avoid an import cycle.
  978. func fail2banCanEnforce() bool {
  979. if v, ok := os.LookupEnv("XUI_ENABLE_FAIL2BAN"); ok && v != "true" {
  980. return false
  981. }
  982. if runtime.GOOS == "windows" {
  983. return false
  984. }
  985. return exec.CommandContext(context.Background(), "fail2ban-client", "-h").Run() == nil
  986. }
  987. // clearLegacyProxySettings drops the deprecated panelProxy/tgBotProxy rows so a
  988. // stale tgBotProxy no longer masks the panelOutbound egress fallback.
  989. func clearLegacyProxySettings() error {
  990. return db.Transaction(func(tx *gorm.DB) error {
  991. if err := tx.Where("key IN ?", []string{"panelProxy", "tgBotProxy"}).
  992. Delete(&model.Setting{}).Error; err != nil {
  993. return err
  994. }
  995. return tx.Create(&model.HistoryOfSeeders{SeederName: "LegacyProxySettingsCleanup"}).Error
  996. })
  997. }
  998. // normalizeSettingPaths repairs URI-path settings persisted before the
  999. // leading/trailing-slash rules existed (or restored from an old backup),
  1000. // mirroring entity.AllSetting.CheckValid. CheckValid self-heals these on save,
  1001. // but the frontend rejects the whole Settings form on the bad stored value
  1002. // before a save can ever reach it (#5726), so the stored rows themselves must
  1003. // be fixed. Idempotent; runs on every start.
  1004. func normalizeSettingPaths() error {
  1005. pathKeys := []string{"webBasePath", "subPath", "subJsonPath", "subClashPath"}
  1006. var rows []model.Setting
  1007. if err := db.Where("key IN ?", pathKeys).Find(&rows).Error; err != nil {
  1008. return err
  1009. }
  1010. for _, row := range rows {
  1011. fixed := row.Value
  1012. if !strings.HasPrefix(fixed, "/") {
  1013. fixed = "/" + fixed
  1014. }
  1015. if !strings.HasSuffix(fixed, "/") {
  1016. fixed += "/"
  1017. }
  1018. if fixed == row.Value {
  1019. continue
  1020. }
  1021. if err := db.Model(&model.Setting{}).Where("id = ?", row.Id).
  1022. Update("value", fixed).Error; err != nil {
  1023. return err
  1024. }
  1025. }
  1026. return nil
  1027. }
  1028. func normalizeInboundClientTgId() error {
  1029. var inbounds []model.Inbound
  1030. if err := db.Find(&inbounds).Error; err != nil {
  1031. return err
  1032. }
  1033. return db.Transaction(func(tx *gorm.DB) error {
  1034. for _, inbound := range inbounds {
  1035. if strings.TrimSpace(inbound.Settings) == "" {
  1036. continue
  1037. }
  1038. var settings map[string]any
  1039. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1040. log.Printf("InboundClientTgIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1041. continue
  1042. }
  1043. clients, ok := settings["clients"].([]any)
  1044. if !ok {
  1045. continue
  1046. }
  1047. mutated := false
  1048. for i, raw := range clients {
  1049. obj, ok := raw.(map[string]any)
  1050. if !ok {
  1051. continue
  1052. }
  1053. tgRaw, present := obj["tgId"]
  1054. if !present {
  1055. continue
  1056. }
  1057. v, isFloat := tgRaw.(float64)
  1058. if isFloat && !math.IsNaN(v) && !math.IsInf(v, 0) && v == math.Trunc(v) {
  1059. continue
  1060. }
  1061. obj["tgId"] = int64(0)
  1062. clients[i] = obj
  1063. mutated = true
  1064. }
  1065. if !mutated {
  1066. continue
  1067. }
  1068. settings["clients"] = clients
  1069. newSettings, err := json.MarshalIndent(settings, "", " ")
  1070. if err != nil {
  1071. log.Printf("InboundClientTgIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1072. continue
  1073. }
  1074. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1075. Update("settings", string(newSettings)).Error; err != nil {
  1076. return err
  1077. }
  1078. }
  1079. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientTgIdFix"}).Error
  1080. })
  1081. }
  1082. func normalizeInboundClientSubId() error {
  1083. var inbounds []model.Inbound
  1084. if err := db.Find(&inbounds).Error; err != nil {
  1085. return err
  1086. }
  1087. return db.Transaction(func(tx *gorm.DB) error {
  1088. for _, inbound := range inbounds {
  1089. if strings.TrimSpace(inbound.Settings) == "" {
  1090. continue
  1091. }
  1092. var settings map[string]any
  1093. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1094. log.Printf("InboundClientSubIdFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1095. continue
  1096. }
  1097. clients, ok := settings["clients"].([]any)
  1098. if !ok {
  1099. continue
  1100. }
  1101. mutated := false
  1102. for i, raw := range clients {
  1103. obj, ok := raw.(map[string]any)
  1104. if !ok {
  1105. continue
  1106. }
  1107. existing, _ := obj["subId"].(string)
  1108. if strings.TrimSpace(existing) != "" {
  1109. continue
  1110. }
  1111. obj["subId"] = random.NumLower(16)
  1112. clients[i] = obj
  1113. mutated = true
  1114. }
  1115. if !mutated {
  1116. continue
  1117. }
  1118. settings["clients"] = clients
  1119. newSettings, err := json.MarshalIndent(settings, "", " ")
  1120. if err != nil {
  1121. log.Printf("InboundClientSubIdFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1122. continue
  1123. }
  1124. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1125. Update("settings", string(newSettings)).Error; err != nil {
  1126. return err
  1127. }
  1128. }
  1129. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientSubIdFix"}).Error
  1130. })
  1131. }
  1132. func normalizeInboundClientsArray() error {
  1133. var inbounds []model.Inbound
  1134. if err := db.Find(&inbounds).Error; err != nil {
  1135. return err
  1136. }
  1137. return db.Transaction(func(tx *gorm.DB) error {
  1138. for _, inbound := range inbounds {
  1139. if strings.TrimSpace(inbound.Settings) == "" {
  1140. continue
  1141. }
  1142. var settings map[string]any
  1143. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1144. log.Printf("InboundClientsArrayFix: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1145. continue
  1146. }
  1147. raw, exists := settings["clients"]
  1148. if !exists || raw != nil {
  1149. continue
  1150. }
  1151. settings["clients"] = []any{}
  1152. newSettings, err := json.MarshalIndent(settings, "", " ")
  1153. if err != nil {
  1154. log.Printf("InboundClientsArrayFix: skip inbound %d (marshal failed): %v", inbound.Id, err)
  1155. continue
  1156. }
  1157. if err := tx.Model(&model.Inbound{}).Where("id = ?", inbound.Id).
  1158. Update("settings", string(newSettings)).Error; err != nil {
  1159. return err
  1160. }
  1161. }
  1162. return tx.Create(&model.HistoryOfSeeders{SeederName: "InboundClientsArrayFix"}).Error
  1163. })
  1164. }
  1165. func normalizeFreedomFinalRules() error {
  1166. var setting model.Setting
  1167. err := db.Model(model.Setting{}).Where("key = ?", "xrayTemplateConfig").First(&setting).Error
  1168. if errors.Is(err, gorm.ErrRecordNotFound) {
  1169. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1170. }
  1171. if err != nil {
  1172. return err
  1173. }
  1174. updated, changed, rErr := rewriteFreedomFinalRules(setting.Value)
  1175. if rErr != nil {
  1176. log.Printf("FreedomFinalRulesReverseFix: skip (invalid xrayTemplateConfig json): %v", rErr)
  1177. return db.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1178. }
  1179. return db.Transaction(func(tx *gorm.DB) error {
  1180. if changed {
  1181. if err := tx.Model(&model.Setting{}).Where("key = ?", "xrayTemplateConfig").
  1182. Update("value", updated).Error; err != nil {
  1183. return err
  1184. }
  1185. }
  1186. return tx.Create(&model.HistoryOfSeeders{SeederName: "FreedomFinalRulesReverseFix"}).Error
  1187. })
  1188. }
  1189. func rewriteFreedomFinalRules(raw string) (string, bool, error) {
  1190. if strings.TrimSpace(raw) == "" {
  1191. return raw, false, nil
  1192. }
  1193. var cfg map[string]any
  1194. if err := json.Unmarshal([]byte(raw), &cfg); err != nil {
  1195. return raw, false, err
  1196. }
  1197. outbounds, ok := cfg["outbounds"].([]any)
  1198. if !ok {
  1199. return raw, false, nil
  1200. }
  1201. changed := false
  1202. for _, ob := range outbounds {
  1203. obj, ok := ob.(map[string]any)
  1204. if !ok {
  1205. continue
  1206. }
  1207. if proto, _ := obj["protocol"].(string); proto != "freedom" {
  1208. continue
  1209. }
  1210. settings, ok := obj["settings"].(map[string]any)
  1211. if !ok {
  1212. continue
  1213. }
  1214. if !isLegacyPrivateOnlyFinalRules(settings["finalRules"]) {
  1215. continue
  1216. }
  1217. settings["finalRules"] = []any{map[string]any{"action": "allow"}}
  1218. changed = true
  1219. }
  1220. if !changed {
  1221. return raw, false, nil
  1222. }
  1223. out, err := json.MarshalIndent(cfg, "", " ")
  1224. if err != nil {
  1225. return raw, false, err
  1226. }
  1227. return string(out), true, nil
  1228. }
  1229. func isLegacyPrivateOnlyFinalRules(v any) bool {
  1230. rules, ok := v.([]any)
  1231. if !ok || len(rules) != 1 {
  1232. return false
  1233. }
  1234. rule, ok := rules[0].(map[string]any)
  1235. if !ok {
  1236. return false
  1237. }
  1238. if action, _ := rule["action"].(string); action != "allow" {
  1239. return false
  1240. }
  1241. ips, ok := rule["ip"].([]any)
  1242. if !ok || len(ips) != 1 {
  1243. return false
  1244. }
  1245. if s, _ := ips[0].(string); s != "geoip:private" {
  1246. return false
  1247. }
  1248. for k := range rule {
  1249. if k != "action" && k != "ip" {
  1250. return false
  1251. }
  1252. }
  1253. return true
  1254. }
  1255. // normalizeClientJSONFields coerces loosely-typed numeric fields in a raw
  1256. // settings.clients entry so json.Unmarshal into model.Client doesn't fail
  1257. // when older rows wrote tgId/limitIp/totalGB/etc. as strings. Empty strings
  1258. // drop the key so the field falls back to its zero value.
  1259. func normalizeClientJSONFields(obj map[string]any) {
  1260. normalizeInt := func(key string) {
  1261. raw, exists := obj[key]
  1262. if !exists {
  1263. return
  1264. }
  1265. s, ok := raw.(string)
  1266. if !ok {
  1267. return
  1268. }
  1269. trimmed := strings.ReplaceAll(strings.TrimSpace(s), " ", "")
  1270. if trimmed == "" {
  1271. delete(obj, key)
  1272. return
  1273. }
  1274. if n, err := strconv.ParseInt(trimmed, 10, 64); err == nil {
  1275. obj[key] = n
  1276. } else {
  1277. delete(obj, key)
  1278. }
  1279. }
  1280. for _, k := range []string{"tgId", "limitIp", "totalGB", "expiryTime", "reset", "created_at", "updated_at"} {
  1281. normalizeInt(k)
  1282. }
  1283. }
  1284. func seedClientsFromInboundJSON() error {
  1285. var inbounds []model.Inbound
  1286. if err := db.Find(&inbounds).Error; err != nil {
  1287. return err
  1288. }
  1289. return db.Transaction(func(tx *gorm.DB) error {
  1290. byEmail := map[string]*model.ClientRecord{}
  1291. var existing []model.ClientRecord
  1292. if err := tx.Find(&existing).Error; err != nil {
  1293. return err
  1294. }
  1295. for i := range existing {
  1296. byEmail[existing[i].Email] = &existing[i]
  1297. }
  1298. for _, inbound := range inbounds {
  1299. if strings.TrimSpace(inbound.Settings) == "" {
  1300. continue
  1301. }
  1302. var settings map[string]any
  1303. if err := json.Unmarshal([]byte(inbound.Settings), &settings); err != nil {
  1304. log.Printf("ClientsTable seed: skip inbound %d (invalid settings json): %v", inbound.Id, err)
  1305. continue
  1306. }
  1307. rawList, ok := settings["clients"].([]any)
  1308. if !ok {
  1309. continue
  1310. }
  1311. for _, raw := range rawList {
  1312. obj, ok := raw.(map[string]any)
  1313. if !ok {
  1314. continue
  1315. }
  1316. normalizeClientJSONFields(obj)
  1317. blob, err := json.Marshal(obj)
  1318. if err != nil {
  1319. continue
  1320. }
  1321. var c model.Client
  1322. if err := json.Unmarshal(blob, &c); err != nil {
  1323. log.Printf("ClientsTable seed: skip client in inbound %d (unmarshal failed): %v; payload=%s",
  1324. inbound.Id, err, string(blob))
  1325. continue
  1326. }
  1327. email := strings.TrimSpace(c.Email)
  1328. if email == "" {
  1329. continue
  1330. }
  1331. incoming := c.ToRecord()
  1332. row, dup := byEmail[email]
  1333. if !dup {
  1334. if err := tx.Create(incoming).Error; err != nil {
  1335. return err
  1336. }
  1337. byEmail[email] = incoming
  1338. row = incoming
  1339. } else {
  1340. conflicts := model.MergeClientRecord(row, incoming)
  1341. for _, x := range conflicts {
  1342. log.Printf("client merge: email=%s conflict on %s old=%v new=%v kept=%v",
  1343. email, x.Field, x.Old, x.New, x.Kept)
  1344. }
  1345. if err := tx.Save(row).Error; err != nil {
  1346. return err
  1347. }
  1348. }
  1349. link := model.ClientInbound{
  1350. ClientId: row.Id,
  1351. InboundId: inbound.Id,
  1352. FlowOverride: c.Flow,
  1353. }
  1354. if err := tx.Where("client_id = ? AND inbound_id = ?", row.Id, inbound.Id).
  1355. FirstOrCreate(&link).Error; err != nil {
  1356. return err
  1357. }
  1358. }
  1359. }
  1360. return tx.Create(&model.HistoryOfSeeders{SeederName: "ClientsTable"}).Error
  1361. })
  1362. }
  1363. // seedApiTokens copies the legacy `apiToken` setting into the new
  1364. // api_tokens table as a row named "default" so existing central panels
  1365. // keep working after the upgrade. Idempotent — records itself in
  1366. // history_of_seeders and only runs when api_tokens is empty.
  1367. func seedApiTokens() error {
  1368. empty, err := isTableEmpty("api_tokens")
  1369. if err != nil {
  1370. return err
  1371. }
  1372. if empty {
  1373. var legacy model.Setting
  1374. err := db.Model(model.Setting{}).Where("key = ?", "apiToken").First(&legacy).Error
  1375. if err == nil && legacy.Value != "" {
  1376. row := &model.ApiToken{
  1377. Name: "default",
  1378. Token: legacy.Value,
  1379. Enabled: true,
  1380. }
  1381. if err := db.Create(row).Error; err != nil {
  1382. log.Printf("Error migrating legacy apiToken: %v", err)
  1383. return err
  1384. }
  1385. }
  1386. }
  1387. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensTable"}).Error
  1388. }
  1389. // hashExistingApiTokens replaces any plaintext token stored before tokens were
  1390. // hashed at rest with its SHA-256 digest. Callers keep their plaintext copy
  1391. // (used on remote nodes), so existing tokens keep authenticating; the panel
  1392. // just can no longer reveal them. Idempotent — already-hashed rows are skipped.
  1393. func hashExistingApiTokens() error {
  1394. var rows []*model.ApiToken
  1395. if err := db.Find(&rows).Error; err != nil {
  1396. return err
  1397. }
  1398. for _, r := range rows {
  1399. if crypto.IsSHA256Hex(r.Token) {
  1400. continue
  1401. }
  1402. hashed := crypto.HashTokenSHA256(r.Token)
  1403. if err := db.Model(model.ApiToken{}).Where("id = ?", r.Id).Update("token", hashed).Error; err != nil {
  1404. log.Printf("Error hashing api token %d: %v", r.Id, err)
  1405. return err
  1406. }
  1407. }
  1408. return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensHash"}).Error
  1409. }
  1410. // isTableEmpty returns true if the named table contains zero rows.
  1411. func isTableEmpty(tableName string) (bool, error) {
  1412. var count int64
  1413. err := db.Table(tableName).Count(&count).Error
  1414. return count == 0, err
  1415. }
  1416. // InitDB sets up the database connection, migrates models, and runs seeders.
  1417. // When XUI_DB_TYPE=postgres, dbPath is ignored and XUI_DB_DSN is used instead.
  1418. func InitDB(dbPath string) error {
  1419. var gormLogger logger.Interface
  1420. if config.IsDebug() {
  1421. gormLogger = logger.New(
  1422. log.New(os.Stdout, "\r\n", log.LstdFlags),
  1423. logger.Config{
  1424. SlowThreshold: time.Second,
  1425. LogLevel: logger.Info,
  1426. IgnoreRecordNotFoundError: true,
  1427. Colorful: true,
  1428. },
  1429. )
  1430. } else {
  1431. gormLogger = logger.Discard
  1432. }
  1433. c := &gorm.Config{Logger: gormLogger, DisableForeignKeyConstraintWhenMigrating: true}
  1434. var err error
  1435. switch config.GetDBKind() {
  1436. case "postgres":
  1437. dsn := config.GetDBDSN()
  1438. if dsn == "" {
  1439. return errors.New("XUI_DB_TYPE=postgres but XUI_DB_DSN is empty")
  1440. }
  1441. db, err = gorm.Open(postgres.Open(dsn), c)
  1442. if err != nil {
  1443. return err
  1444. }
  1445. default:
  1446. dir := path.Dir(dbPath)
  1447. if err = os.MkdirAll(dir, 0o755); err != nil {
  1448. return err
  1449. }
  1450. // Keep journal_mode=DELETE so the DB stays a single file (no -wal/-shm
  1451. // sidecars). synchronous defaults to FULL for durability but is tunable.
  1452. sync := sqliteSynchronous()
  1453. dsn := dbPath + "?_journal_mode=DELETE&_busy_timeout=10000&_synchronous=" + sync + "&_txlock=immediate"
  1454. db, err = gorm.Open(sqlite.Open(dsn), c)
  1455. if err != nil {
  1456. return err
  1457. }
  1458. sqlDB, err := db.DB()
  1459. if err != nil {
  1460. return err
  1461. }
  1462. // Re-assert the DSN pragmas plus scan-friendly ones for large datasets.
  1463. // cache_size/mmap_size/temp_store create no extra files, so the single-file
  1464. // guarantee holds; they just cut disk I/O on the 50k-row hot paths.
  1465. pragmas := []string{
  1466. "PRAGMA journal_mode=DELETE",
  1467. "PRAGMA busy_timeout=10000",
  1468. "PRAGMA synchronous=" + sync,
  1469. fmt.Sprintf("PRAGMA cache_size=-%d", envInt("XUI_DB_CACHE_MB", 32)*1024),
  1470. fmt.Sprintf("PRAGMA mmap_size=%d", int64(envInt("XUI_DB_MMAP_MB", 256))*1024*1024),
  1471. "PRAGMA temp_store=MEMORY",
  1472. }
  1473. for _, p := range pragmas {
  1474. if _, err := sqlDB.ExecContext(context.Background(), p); err != nil {
  1475. return err
  1476. }
  1477. }
  1478. }
  1479. sqlDB, err := db.DB()
  1480. if err != nil {
  1481. return err
  1482. }
  1483. var maxOpen, maxIdle int
  1484. switch config.GetDBKind() {
  1485. case "postgres":
  1486. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 25)
  1487. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 25)
  1488. default:
  1489. maxOpen = envInt("XUI_DB_MAX_OPEN_CONNS", 8)
  1490. maxIdle = envInt("XUI_DB_MAX_IDLE_CONNS", 4)
  1491. }
  1492. sqlDB.SetMaxOpenConns(maxOpen)
  1493. sqlDB.SetMaxIdleConns(maxIdle)
  1494. sqlDB.SetConnMaxLifetime(time.Hour)
  1495. sqlDB.SetConnMaxIdleTime(30 * time.Minute)
  1496. if err := initModels(); err != nil {
  1497. return err
  1498. }
  1499. isUsersEmpty, err := isTableEmpty("users")
  1500. if err != nil {
  1501. return err
  1502. }
  1503. if err := initUser(); err != nil {
  1504. return err
  1505. }
  1506. return runSeeders(isUsersEmpty)
  1507. }
  1508. // normalizeApiTokenCreatedAtSeconds repairs rows written while ApiToken used
  1509. // autoCreateTime:milli. The threshold separates modern Unix milliseconds from
  1510. // Unix seconds and makes this safe to run on every startup.
  1511. func normalizeApiTokenCreatedAtSeconds() error {
  1512. return db.Model(&model.ApiToken{}).
  1513. Where("created_at >= ?", model.ApiTokenUnixMillisecondsThreshold).
  1514. UpdateColumn("created_at", gorm.Expr("created_at / ?", 1000)).Error
  1515. }
  1516. // sqliteSynchronous returns the SQLite synchronous mode, defaulting to FULL.
  1517. // Whitelisted because the value is interpolated directly into a PRAGMA string.
  1518. func sqliteSynchronous() string {
  1519. switch strings.ToUpper(strings.TrimSpace(os.Getenv("XUI_DB_SYNCHRONOUS"))) {
  1520. case "OFF":
  1521. return "OFF"
  1522. case "NORMAL":
  1523. return "NORMAL"
  1524. case "EXTRA":
  1525. return "EXTRA"
  1526. default:
  1527. return "FULL"
  1528. }
  1529. }
  1530. func envInt(key string, def int) int {
  1531. v := strings.TrimSpace(os.Getenv(key))
  1532. if v == "" {
  1533. return def
  1534. }
  1535. n, err := strconv.Atoi(v)
  1536. if err != nil || n <= 0 {
  1537. return def
  1538. }
  1539. return n
  1540. }
  1541. // CloseDB closes the database connection if it exists.
  1542. func CloseDB() error {
  1543. if db != nil {
  1544. sqlDB, err := db.DB()
  1545. if err != nil {
  1546. return err
  1547. }
  1548. return sqlDB.Close()
  1549. }
  1550. return nil
  1551. }
  1552. // GetDB returns the global GORM database instance.
  1553. func GetDB() *gorm.DB {
  1554. return db
  1555. }
  1556. func IsNotFound(err error) bool {
  1557. return errors.Is(err, gorm.ErrRecordNotFound)
  1558. }
  1559. // IsSQLiteDB checks if the given file is a valid SQLite database by reading its signature.
  1560. func IsSQLiteDB(file io.ReaderAt) (bool, error) {
  1561. signature := []byte("SQLite format 3\x00")
  1562. buf := make([]byte, len(signature))
  1563. _, err := file.ReadAt(buf, 0)
  1564. if err != nil {
  1565. return false, err
  1566. }
  1567. return bytes.Equal(buf, signature), nil
  1568. }
  1569. // Checkpoint performs a WAL checkpoint on the SQLite database to ensure data consistency.
  1570. // No-op on PostgreSQL (WAL there is managed by the server).
  1571. func Checkpoint() error {
  1572. if IsPostgres() {
  1573. return nil
  1574. }
  1575. return db.Exec("PRAGMA wal_checkpoint;").Error
  1576. }
  1577. // ValidateSQLiteDB opens the provided sqlite DB path with a throw-away connection
  1578. // and runs a PRAGMA integrity_check to ensure the file is structurally sound.
  1579. // It does not mutate global state or run migrations.
  1580. func ValidateSQLiteDB(dbPath string) error {
  1581. if _, err := os.Stat(dbPath); err != nil { // file must exist
  1582. return err
  1583. }
  1584. gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})
  1585. if err != nil {
  1586. return err
  1587. }
  1588. sqlDB, err := gdb.DB()
  1589. if err != nil {
  1590. return err
  1591. }
  1592. defer sqlDB.Close()
  1593. var res string
  1594. if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {
  1595. return err
  1596. }
  1597. if res != "ok" {
  1598. return errors.New("sqlite integrity check failed: " + res)
  1599. }
  1600. return nil
  1601. }