server.go 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529
  1. package controller
  2. import (
  3. "fmt"
  4. "net/http"
  5. "regexp"
  6. "slices"
  7. "strconv"
  8. "time"
  9. "github.com/mhsanaei/3x-ui/v3/internal/database/model"
  10. "github.com/mhsanaei/3x-ui/v3/internal/logger"
  11. "github.com/mhsanaei/3x-ui/v3/internal/web/entity"
  12. "github.com/mhsanaei/3x-ui/v3/internal/web/global"
  13. "github.com/mhsanaei/3x-ui/v3/internal/web/service"
  14. "github.com/mhsanaei/3x-ui/v3/internal/web/service/panel"
  15. "github.com/mhsanaei/3x-ui/v3/internal/web/websocket"
  16. "github.com/gin-gonic/gin"
  17. )
  18. var filenameRegex = regexp.MustCompile(`^[a-zA-Z0-9_\-.]+$`)
  19. // ServerController handles server management and status-related operations.
  20. type ServerController struct {
  21. BaseController
  22. serverService service.ServerService
  23. settingService service.SettingService
  24. panelService panel.PanelService
  25. xrayMetricsService service.XrayMetricsService
  26. }
  27. // NewServerController creates a new ServerController, initializes routes, and starts background tasks.
  28. func NewServerController(g *gin.RouterGroup) *ServerController {
  29. a := &ServerController{}
  30. service.RestoreSystemMetrics()
  31. a.initRouter(g)
  32. a.startTask()
  33. return a
  34. }
  35. // initRouter sets up the routes for server status, Xray management, and utility endpoints.
  36. func (a *ServerController) initRouter(g *gin.RouterGroup) {
  37. g.GET("/status", a.status)
  38. g.GET("/cpuHistory/:bucket", a.getCpuHistoryBucket)
  39. g.GET("/history/:metric/:bucket", a.getMetricHistoryBucket)
  40. g.GET("/xrayMetricsState", a.getXrayMetricsState)
  41. g.GET("/xrayMetricsHistory/:metric/:bucket", a.getXrayMetricsHistoryBucket)
  42. g.GET("/xrayObservatory", a.getXrayObservatory)
  43. g.GET("/xrayObservatoryHistory/:tag/:bucket", a.getXrayObservatoryHistoryBucket)
  44. g.GET("/getXrayVersion", a.getXrayVersion)
  45. g.GET("/getPanelUpdateInfo", a.getPanelUpdateInfo)
  46. g.GET("/getUpdateStatus", a.getUpdateStatus)
  47. g.GET("/getConfigJson", a.getConfigJson)
  48. g.GET("/getDb", a.getDb)
  49. g.GET("/getMigration", a.getMigration)
  50. g.GET("/getNewUUID", a.getNewUUID)
  51. g.GET("/getWebCertFiles", a.getWebCertFiles)
  52. g.GET("/descendants", a.descendants)
  53. g.GET("/getNewX25519Cert", a.getNewX25519Cert)
  54. g.GET("/getNewmldsa65", a.getNewmldsa65)
  55. g.GET("/getNewmlkem768", a.getNewmlkem768)
  56. g.GET("/getNewVlessEnc", a.getNewVlessEnc)
  57. g.GET("/clientIps", a.getClientIps)
  58. g.GET("/fail2banStatus", a.getFail2banStatus)
  59. g.POST("/stopXrayService", a.stopXrayService)
  60. g.POST("/restartXrayService", a.restartXrayService)
  61. g.POST("/installXray/:version", a.installXray)
  62. g.POST("/updatePanel", a.updatePanel)
  63. g.POST("/setUpdateChannel", a.setUpdateChannel)
  64. g.POST("/updateGeofile", a.updateGeofile)
  65. g.POST("/updateGeofile/:fileName", a.updateGeofile)
  66. g.POST("/logs/:count", a.getLogs)
  67. g.POST("/xraylogs/:count", a.getXrayLogs)
  68. g.POST("/importDB", a.importDB)
  69. g.POST("/getNewEchCert", a.getNewEchCert)
  70. g.POST("/getCertHash", a.getCertHash)
  71. g.POST("/getRemoteCertHash", a.getRemoteCertHash)
  72. g.POST("/scanRealityTarget", a.scanRealityTarget)
  73. g.POST("/scanRealityTargets", a.scanRealityTargets)
  74. g.POST("/clientIps", a.setClientIps)
  75. }
  76. // startTask registers the @2s ticker that refreshes server status, samples
  77. // xray metrics, and pushes the new snapshot to all websocket subscribers.
  78. // State + sampling live in ServerService; the controller only orchestrates
  79. // the cross-service side effects (xrayMetrics sample + websocket broadcast).
  80. func (a *ServerController) startTask() {
  81. c := global.GetWebServer().GetCron()
  82. _, _ = c.AddFunc("@every 2s", func() {
  83. status := a.serverService.RefreshStatus()
  84. if status == nil {
  85. return
  86. }
  87. a.xrayMetricsService.Sample(time.Now())
  88. websocket.BroadcastStatus(status)
  89. })
  90. _, _ = c.AddFunc("@every 1m", func() {
  91. if err := service.PersistSystemMetrics(); err != nil {
  92. logger.Warning("persist system metrics failed:", err)
  93. }
  94. })
  95. }
  96. // status returns the current server status information.
  97. func (a *ServerController) status(c *gin.Context) { jsonObj(c, a.serverService.LastStatus(), nil) }
  98. func (a *ServerController) getFail2banStatus(c *gin.Context) {
  99. jsonObj(c, a.serverService.GetFail2banStatus(), nil)
  100. }
  101. func parseHistoryBucket(c *gin.Context) (int, bool) {
  102. bucket, err := strconv.Atoi(c.Param("bucket"))
  103. if err != nil || bucket <= 0 || !service.IsAllowedHistoryBucket(bucket) {
  104. jsonMsg(c, "invalid bucket", fmt.Errorf("unsupported bucket"))
  105. return 0, false
  106. }
  107. return bucket, true
  108. }
  109. // getCpuHistoryBucket retrieves aggregated CPU usage history based on the specified time bucket.
  110. // Kept for back-compat; new callers should use /history/cpu/:bucket which
  111. // returns {"t","v"} (uniform across all metrics) instead of {"t","cpu"}.
  112. func (a *ServerController) getCpuHistoryBucket(c *gin.Context) {
  113. bucket, ok := parseHistoryBucket(c)
  114. if !ok {
  115. return
  116. }
  117. jsonObj(c, a.serverService.AggregateCpuHistory(bucket, 60), nil)
  118. }
  119. // getMetricHistoryBucket returns up to 60 buckets of history for a single
  120. // system metric (cpu, mem, netUp, netDown, online, load1/5/15). The
  121. // SystemHistoryModal calls one endpoint per active tab.
  122. func (a *ServerController) getMetricHistoryBucket(c *gin.Context) {
  123. metric := c.Param("metric")
  124. if !slices.Contains(service.SystemMetricKeys, metric) {
  125. jsonMsg(c, "invalid metric", fmt.Errorf("unknown metric"))
  126. return
  127. }
  128. bucket, ok := parseHistoryBucket(c)
  129. if !ok {
  130. return
  131. }
  132. jsonObj(c, a.serverService.AggregateSystemMetric(metric, bucket, 60), nil)
  133. }
  134. func (a *ServerController) getXrayMetricsState(c *gin.Context) {
  135. jsonObj(c, a.xrayMetricsService.State(), nil)
  136. }
  137. func (a *ServerController) getXrayMetricsHistoryBucket(c *gin.Context) {
  138. metric := c.Param("metric")
  139. if !slices.Contains(service.XrayMetricKeys, metric) {
  140. jsonMsg(c, "invalid metric", fmt.Errorf("unknown metric"))
  141. return
  142. }
  143. bucket, ok := parseHistoryBucket(c)
  144. if !ok {
  145. return
  146. }
  147. jsonObj(c, a.xrayMetricsService.AggregateMetric(metric, bucket, 60), nil)
  148. }
  149. func (a *ServerController) getXrayObservatory(c *gin.Context) {
  150. jsonObj(c, a.xrayMetricsService.ObservatorySnapshot(), nil)
  151. }
  152. func (a *ServerController) getXrayObservatoryHistoryBucket(c *gin.Context) {
  153. tag := c.Param("tag")
  154. if !a.xrayMetricsService.HasObservatoryTag(tag) {
  155. jsonMsg(c, "invalid tag", fmt.Errorf("unknown observatory tag"))
  156. return
  157. }
  158. bucket, ok := parseHistoryBucket(c)
  159. if !ok {
  160. return
  161. }
  162. jsonObj(c, a.xrayMetricsService.AggregateObservatory(tag, bucket, 60), nil)
  163. }
  164. func (a *ServerController) getXrayVersion(c *gin.Context) {
  165. versions, err := a.serverService.GetXrayVersionsCached()
  166. if err != nil {
  167. jsonMsg(c, I18nWeb(c, "getVersion"), err)
  168. return
  169. }
  170. jsonObj(c, versions, nil)
  171. }
  172. // getPanelUpdateInfo retrieves the current and latest panel version.
  173. func (a *ServerController) getPanelUpdateInfo(c *gin.Context) {
  174. info, err := a.panelService.GetUpdateInfo()
  175. if err != nil {
  176. logger.Debug("panel update check failed:", err)
  177. c.JSON(http.StatusOK, entity.Msg{Success: false})
  178. return
  179. }
  180. jsonObj(c, info, nil)
  181. }
  182. // installXray installs or updates Xray to the specified version.
  183. func (a *ServerController) installXray(c *gin.Context) {
  184. version := c.Param("version")
  185. err := a.serverService.UpdateXray(version)
  186. jsonMsg(c, I18nWeb(c, "pages.index.xraySwitchVersionPopover"), err)
  187. }
  188. // updatePanel starts a panel self-update. With no "dev" form value it follows
  189. // this panel's own channel setting; an explicit "dev" (sent by the master node
  190. // updater) overrides it for this run. The response's runId identifies this
  191. // update for a later getUpdateStatus poll.
  192. func (a *ServerController) updatePanel(c *gin.Context) {
  193. devParam := c.PostForm("dev")
  194. var runID int64
  195. var err error
  196. if devParam == "" {
  197. runID, err = a.panelService.StartUpdate()
  198. } else {
  199. dev, perr := strconv.ParseBool(devParam)
  200. if perr != nil {
  201. jsonMsg(c, "invalid data", perr)
  202. return
  203. }
  204. runID, err = a.panelService.StartUpdateChannel(dev)
  205. }
  206. var obj any
  207. if err == nil {
  208. obj = gin.H{"runId": strconv.FormatInt(runID, 10)}
  209. }
  210. jsonMsgObj(c, I18nWeb(c, "pages.index.panelUpdateStartedPopover"), obj, err)
  211. }
  212. // getUpdateStatus reports the outcome of the most recently launched panel
  213. // self-update (see updatePanel). Compare the returned runId against the one
  214. // updatePanel returned to tell this run's result apart from a stale one.
  215. func (a *ServerController) getUpdateStatus(c *gin.Context) {
  216. jsonObj(c, a.panelService.GetUpdateStatus(), nil)
  217. }
  218. // setUpdateChannel toggles whether self-update tracks the rolling dev release.
  219. func (a *ServerController) setUpdateChannel(c *gin.Context) {
  220. dev, err := strconv.ParseBool(c.PostForm("dev"))
  221. if err != nil {
  222. jsonMsg(c, "invalid data", err)
  223. return
  224. }
  225. err = a.settingService.SetDevChannelEnable(dev)
  226. jsonMsg(c, I18nWeb(c, "pages.index.updateChannelChanged"), err)
  227. }
  228. // updateGeofile updates the specified geo file for Xray.
  229. func (a *ServerController) updateGeofile(c *gin.Context) {
  230. fileName := c.Param("fileName")
  231. if fileName != "" && !a.serverService.IsValidGeofileName(fileName) {
  232. jsonMsg(c, I18nWeb(c, "pages.index.geofileUpdatePopover"),
  233. fmt.Errorf("invalid filename: contains unsafe characters or path traversal patterns"))
  234. return
  235. }
  236. err := a.serverService.UpdateGeofile(fileName)
  237. jsonMsg(c, I18nWeb(c, "pages.index.geofileUpdatePopover"), err)
  238. }
  239. // stopXrayService stops the Xray service.
  240. func (a *ServerController) stopXrayService(c *gin.Context) {
  241. err := a.serverService.StopXrayService()
  242. if err != nil {
  243. jsonMsg(c, I18nWeb(c, "pages.xray.stopError"), err)
  244. websocket.BroadcastXrayState("error", err.Error())
  245. return
  246. }
  247. jsonMsg(c, I18nWeb(c, "pages.xray.stopSuccess"), err)
  248. websocket.BroadcastXrayState("stop", "")
  249. websocket.BroadcastNotification(
  250. I18nWeb(c, "pages.xray.stopSuccess"),
  251. "Xray service has been stopped",
  252. "warning",
  253. )
  254. }
  255. // restartXrayService restarts the Xray service.
  256. func (a *ServerController) restartXrayService(c *gin.Context) {
  257. err := a.serverService.RestartXrayService()
  258. if err != nil {
  259. jsonMsg(c, I18nWeb(c, "pages.xray.restartError"), err)
  260. websocket.BroadcastXrayState("error", err.Error())
  261. return
  262. }
  263. jsonMsg(c, I18nWeb(c, "pages.xray.restartSuccess"), err)
  264. websocket.BroadcastXrayState("running", "")
  265. websocket.BroadcastNotification(
  266. I18nWeb(c, "pages.xray.restartSuccess"),
  267. "Xray service has been restarted successfully",
  268. "success",
  269. )
  270. }
  271. // getLogs retrieves the application logs based on count, level, and syslog filters.
  272. func (a *ServerController) getLogs(c *gin.Context) {
  273. logs := a.serverService.GetLogs(c.Param("count"), c.PostForm("level"), c.PostForm("syslog"))
  274. jsonObj(c, logs, nil)
  275. }
  276. // getXrayLogs retrieves Xray logs with filtering options for direct, blocked, and proxy traffic.
  277. func (a *ServerController) getXrayLogs(c *gin.Context) {
  278. freedoms, blackholes := a.serverService.GetDefaultLogOutboundTags()
  279. logs := a.serverService.GetXrayLogs(
  280. c.Param("count"),
  281. c.PostForm("filter"),
  282. c.PostForm("showDirect"),
  283. c.PostForm("showBlocked"),
  284. c.PostForm("showProxy"),
  285. freedoms,
  286. blackholes,
  287. )
  288. jsonObj(c, logs, nil)
  289. }
  290. // getConfigJson retrieves the Xray configuration as JSON.
  291. func (a *ServerController) getConfigJson(c *gin.Context) {
  292. configJson, err := a.serverService.GetConfigJson()
  293. if err != nil {
  294. jsonMsg(c, I18nWeb(c, "pages.index.getConfigError"), err)
  295. return
  296. }
  297. jsonObj(c, configJson, nil)
  298. }
  299. // getDb downloads the database file.
  300. func (a *ServerController) getDb(c *gin.Context) {
  301. db, err := a.serverService.GetDb()
  302. if err != nil {
  303. jsonMsg(c, I18nWeb(c, "pages.index.getDatabaseError"), err)
  304. return
  305. }
  306. filename := a.serverService.BackupFilename(c.Request.Host)
  307. if !filenameRegex.MatchString(filename) {
  308. _ = c.AbortWithError(http.StatusBadRequest, fmt.Errorf("invalid filename"))
  309. return
  310. }
  311. c.Header("Content-Type", "application/octet-stream")
  312. c.Header("Content-Disposition", "attachment; filename="+filename)
  313. _, _ = c.Writer.Write(db)
  314. }
  315. // getMigration downloads a cross-engine migration file: a .dump on SQLite or a
  316. // .db SQLite database on PostgreSQL, so the data can seed the other backend.
  317. func (a *ServerController) getMigration(c *gin.Context) {
  318. data, filename, err := a.serverService.GetMigration()
  319. if err != nil {
  320. jsonMsg(c, I18nWeb(c, "pages.index.getDatabaseError"), err)
  321. return
  322. }
  323. if !filenameRegex.MatchString(filename) {
  324. _ = c.AbortWithError(http.StatusBadRequest, fmt.Errorf("invalid filename"))
  325. return
  326. }
  327. c.Header("Content-Type", "application/octet-stream")
  328. c.Header("Content-Disposition", "attachment; filename="+filename)
  329. _, _ = c.Writer.Write(data)
  330. }
  331. // importDB imports a database file and restarts the Xray service.
  332. func (a *ServerController) importDB(c *gin.Context) {
  333. file, _, err := c.Request.FormFile("db")
  334. if err != nil {
  335. jsonMsg(c, I18nWeb(c, "pages.index.readDatabaseError"), err)
  336. return
  337. }
  338. defer file.Close()
  339. if err := a.serverService.ImportDB(file); err != nil {
  340. jsonMsg(c, I18nWeb(c, "pages.index.importDatabaseError"), err)
  341. return
  342. }
  343. jsonObj(c, I18nWeb(c, "pages.index.importDatabaseSuccess"), nil)
  344. }
  345. // descendants publishes read-only summaries of the nodes this panel manages so
  346. // a parent panel can surface them as transitive sub-nodes in a chained
  347. // topology. Called by the parent via the node's API token (#4983).
  348. func (a *ServerController) descendants(c *gin.Context) {
  349. data, err := (&service.NodeService{}).LocalDescendants()
  350. jsonObj(c, data, err)
  351. }
  352. // getWebCertFiles returns this panel's own web TLS certificate and key file
  353. // paths. The central panel calls it on a node (via the node's API token) so
  354. // "Set Cert from Panel" can fill a node-assigned inbound with paths that exist
  355. // on the node's filesystem instead of the central panel's — see issue #4854.
  356. func (a *ServerController) getWebCertFiles(c *gin.Context) {
  357. certFile, err := a.settingService.GetCertFile()
  358. if err != nil {
  359. jsonMsg(c, I18nWeb(c, "somethingWentWrong"), err)
  360. return
  361. }
  362. keyFile, err := a.settingService.GetKeyFile()
  363. if err != nil {
  364. jsonMsg(c, I18nWeb(c, "somethingWentWrong"), err)
  365. return
  366. }
  367. jsonObj(c, gin.H{"webCertFile": certFile, "webKeyFile": keyFile}, nil)
  368. }
  369. // getNewX25519Cert generates a new X25519 certificate.
  370. func (a *ServerController) getNewX25519Cert(c *gin.Context) {
  371. cert, err := a.serverService.GetNewX25519Cert()
  372. if err != nil {
  373. jsonMsg(c, I18nWeb(c, "pages.inbounds.toasts.getNewX25519CertError"), err)
  374. return
  375. }
  376. jsonObj(c, cert, nil)
  377. }
  378. // getNewmldsa65 generates a new ML-DSA-65 key.
  379. func (a *ServerController) getNewmldsa65(c *gin.Context) {
  380. cert, err := a.serverService.GetNewmldsa65()
  381. if err != nil {
  382. jsonMsg(c, I18nWeb(c, "pages.inbounds.toasts.getNewmldsa65Error"), err)
  383. return
  384. }
  385. jsonObj(c, cert, nil)
  386. }
  387. // getNewEchCert generates a new ECH certificate for the given SNI.
  388. func (a *ServerController) getNewEchCert(c *gin.Context) {
  389. cert, err := a.serverService.GetNewEchCert(c.PostForm("sni"))
  390. if err != nil {
  391. jsonMsg(c, "get ech certificate", err)
  392. return
  393. }
  394. jsonObj(c, cert, nil)
  395. }
  396. // getCertHash returns the hex SHA-256 of the given certificate (file path or
  397. // inline content) so the panel can fill the pinned-cert field.
  398. func (a *ServerController) getCertHash(c *gin.Context) {
  399. hashes, err := a.serverService.GetCertHash(c.PostForm("certFile"), c.PostForm("certContent"))
  400. if err != nil {
  401. jsonMsg(c, "get cert hash", err)
  402. return
  403. }
  404. jsonObj(c, hashes, nil)
  405. }
  406. // getRemoteCertHash runs `xray tls ping` against the given server and returns
  407. // its live certificate SHA-256 hash(es) for pinning.
  408. func (a *ServerController) getRemoteCertHash(c *gin.Context) {
  409. hashes, err := a.serverService.GetRemoteCertHash(c.PostForm("server"))
  410. if err != nil {
  411. jsonMsg(c, "get remote cert hash", err)
  412. return
  413. }
  414. jsonObj(c, hashes, nil)
  415. }
  416. // scanRealityTarget runs a live TLS 1.3 probe against the candidate REALITY
  417. // target and returns a structured feasibility verdict plus the cert SAN names.
  418. func (a *ServerController) scanRealityTarget(c *gin.Context) {
  419. res, err := a.serverService.ScanRealityTarget(c.PostForm("target"))
  420. if err != nil {
  421. jsonMsg(c, I18nWeb(c, "pages.inbounds.toasts.scanRealityTargetError"), err)
  422. return
  423. }
  424. jsonObj(c, res, nil)
  425. }
  426. // scanRealityTargets probes a batch of candidate REALITY targets (the supplied
  427. // comma-separated list, or the built-in seed set when empty) and returns each
  428. // verdict ranked by feasibility then latency.
  429. func (a *ServerController) scanRealityTargets(c *gin.Context) {
  430. res, err := a.serverService.ScanRealityTargets(c.PostForm("targets"))
  431. if err != nil {
  432. jsonMsg(c, I18nWeb(c, "pages.inbounds.toasts.scanRealityTargetError"), err)
  433. return
  434. }
  435. jsonObj(c, res, nil)
  436. }
  437. // getNewVlessEnc generates a new VLESS encryption key.
  438. func (a *ServerController) getNewVlessEnc(c *gin.Context) {
  439. out, err := a.serverService.GetNewVlessEnc()
  440. if err != nil {
  441. jsonMsg(c, I18nWeb(c, "pages.inbounds.toasts.getNewVlessEncError"), err)
  442. return
  443. }
  444. jsonObj(c, out, nil)
  445. }
  446. // getNewUUID generates a new UUID.
  447. func (a *ServerController) getNewUUID(c *gin.Context) {
  448. uuidResp, err := a.serverService.GetNewUUID()
  449. if err != nil {
  450. jsonMsg(c, "Failed to generate UUID", err)
  451. return
  452. }
  453. jsonObj(c, uuidResp, nil)
  454. }
  455. // getNewmlkem768 generates a new ML-KEM-768 key.
  456. func (a *ServerController) getNewmlkem768(c *gin.Context) {
  457. out, err := a.serverService.GetNewmlkem768()
  458. if err != nil {
  459. jsonMsg(c, "Failed to generate mlkem768 keys", err)
  460. return
  461. }
  462. jsonObj(c, out, nil)
  463. }
  464. func (a *ServerController) getClientIps(c *gin.Context) {
  465. ips, err := (&service.InboundService{}).GetAllInboundClientIps()
  466. jsonObj(c, ips, err)
  467. }
  468. func (a *ServerController) setClientIps(c *gin.Context) {
  469. var ips []model.InboundClientIps
  470. if err := c.ShouldBindJSON(&ips); err != nil {
  471. jsonMsg(c, "invalid data", err)
  472. return
  473. }
  474. err := (&service.InboundService{}).MergeInboundClientIps(ips)
  475. jsonMsg(c, "Client IPs merged", err)
  476. }