1
0

hot_diff.go 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498
  1. package xray
  2. import (
  3. "bytes"
  4. "encoding/json"
  5. "github.com/mhsanaei/3x-ui/v3/internal/logger"
  6. "github.com/mhsanaei/3x-ui/v3/internal/util/json_util"
  7. )
  8. // HotDiff describes the gRPC API operations needed to bring a running Xray
  9. // instance from one generated config to another without restarting the
  10. // process. It only covers the sections Xray can reload at runtime: inbounds,
  11. // outbounds and routing rules/balancers.
  12. type HotDiff struct {
  13. RemovedInboundTags []string
  14. AddedInbounds [][]byte
  15. RemovedUsers []UserOp
  16. AddedUsers []UserOp
  17. RemovedOutboundTags []string
  18. AddedOutbounds [][]byte
  19. RoutingConfig []byte // full new routing section; nil when unchanged
  20. }
  21. // UserOp is a per-user AlterInbound operation; User is nil for removals.
  22. type UserOp struct {
  23. Tag string
  24. Protocol string
  25. Email string
  26. User map[string]any
  27. }
  28. // Empty reports whether the diff contains no operations.
  29. func (d *HotDiff) Empty() bool {
  30. return len(d.RemovedInboundTags) == 0 &&
  31. len(d.AddedInbounds) == 0 &&
  32. len(d.RemovedUsers) == 0 &&
  33. len(d.AddedUsers) == 0 &&
  34. len(d.RemovedOutboundTags) == 0 &&
  35. len(d.AddedOutbounds) == 0 &&
  36. d.RoutingConfig == nil
  37. }
  38. // ComputeHotDiff compares two generated configs and returns the API operations
  39. // that transform a running instance from oldCfg to newCfg. ok is false when
  40. // the change touches anything that has no runtime reload API (log, dns,
  41. // policy, ...) and therefore requires a full process restart.
  42. func ComputeHotDiff(oldCfg, newCfg *Config) (*HotDiff, bool) {
  43. if oldCfg == nil || newCfg == nil {
  44. return nil, false
  45. }
  46. // Sections without a reload API must be semantically identical.
  47. // Comparison is whitespace-insensitive: a template save that merely
  48. // reformats the JSON (frontend textarea, API clients) must not be
  49. // mistaken for a real change that forces a restart.
  50. static := []struct {
  51. name string
  52. old, new json_util.RawMessage
  53. }{
  54. {"log", oldCfg.LogConfig, newCfg.LogConfig},
  55. {"dns", oldCfg.DNSConfig, newCfg.DNSConfig},
  56. {"transport", oldCfg.Transport, newCfg.Transport},
  57. {"policy", oldCfg.Policy, newCfg.Policy},
  58. {"api", oldCfg.API, newCfg.API},
  59. {"stats", oldCfg.Stats, newCfg.Stats},
  60. {"reverse", oldCfg.Reverse, newCfg.Reverse},
  61. {"fakedns", oldCfg.FakeDNS, newCfg.FakeDNS},
  62. {"observatory", oldCfg.Observatory, newCfg.Observatory},
  63. {"burstObservatory", oldCfg.BurstObservatory, newCfg.BurstObservatory},
  64. {"metrics", oldCfg.Metrics, newCfg.Metrics},
  65. {"geodata", oldCfg.Geodata, newCfg.Geodata},
  66. }
  67. for _, section := range static {
  68. if !rawEqualNormalized(section.old, section.new) {
  69. logger.Debug("hot diff: section [", section.name, "] changed and has no reload API")
  70. return nil, false
  71. }
  72. }
  73. diff := &HotDiff{}
  74. if ok := diffInbounds(oldCfg, newCfg, diff); !ok {
  75. logger.Debug("hot diff: inbound change is not API-applicable")
  76. return nil, false
  77. }
  78. if ok := diffOutbounds(oldCfg, newCfg, diff); !ok {
  79. logger.Debug("hot diff: outbound change is not API-applicable (default outbound or tags)")
  80. return nil, false
  81. }
  82. if ok := diffRouting(oldCfg, newCfg, diff); !ok {
  83. logger.Debug("hot diff: routing change is not API-applicable (domainStrategy or section shape)")
  84. return nil, false
  85. }
  86. return diff, true
  87. }
  88. // diffInbounds fills diff with inbound removals/additions (a changed inbound
  89. // becomes remove+add). The api inbound carries the gRPC server the panel is
  90. // talking through, so any change touching it forces a restart.
  91. func diffInbounds(oldCfg, newCfg *Config, diff *HotDiff) bool {
  92. oldByTag, ok := inboundsByTag(oldCfg.InboundConfigs)
  93. if !ok {
  94. return false
  95. }
  96. newByTag, ok := inboundsByTag(newCfg.InboundConfigs)
  97. if !ok {
  98. return false
  99. }
  100. apiTag := apiTagFromConfig(newCfg.API)
  101. for i := range oldCfg.InboundConfigs {
  102. oldIb := &oldCfg.InboundConfigs[i]
  103. newIb, exists := newByTag[oldIb.Tag]
  104. if exists && inboundEqualNormalized(oldIb, newIb) {
  105. continue
  106. }
  107. if oldIb.Tag == apiTag || oldIb.Tag == "api" {
  108. return false
  109. }
  110. if exists && (inboundHasReverseClient(oldIb) || inboundHasReverseClient(newIb)) {
  111. logger.Debug("hot diff: inbound [", oldIb.Tag, "] carries a reverse-tagged client, forcing a full restart instead of a hot swap")
  112. return false
  113. }
  114. if exists && diffInboundUsers(oldIb, newIb, diff) {
  115. continue
  116. }
  117. diff.RemovedInboundTags = append(diff.RemovedInboundTags, oldIb.Tag)
  118. if exists {
  119. raw, err := json.Marshal(newIb)
  120. if err != nil {
  121. return false
  122. }
  123. diff.AddedInbounds = append(diff.AddedInbounds, raw)
  124. }
  125. }
  126. for i := range newCfg.InboundConfigs {
  127. newIb := &newCfg.InboundConfigs[i]
  128. if _, exists := oldByTag[newIb.Tag]; exists {
  129. continue
  130. }
  131. if newIb.Tag == apiTag || newIb.Tag == "api" {
  132. return false
  133. }
  134. raw, err := json.Marshal(newIb)
  135. if err != nil {
  136. return false
  137. }
  138. diff.AddedInbounds = append(diff.AddedInbounds, raw)
  139. }
  140. return true
  141. }
  142. var userDiffableProtocols = map[string]struct{}{"vless": {}, "vmess": {}, "trojan": {}}
  143. // diffInboundUsers emits per-user AlterInbound ops when two same-tag inbounds
  144. // differ only in settings.clients, so the handler (and its listener) survives.
  145. func diffInboundUsers(oldIb, newIb *InboundConfig, diff *HotDiff) bool {
  146. if oldIb.Port != newIb.Port || oldIb.Protocol != newIb.Protocol || oldIb.Tag != newIb.Tag {
  147. return false
  148. }
  149. if _, ok := userDiffableProtocols[oldIb.Protocol]; !ok {
  150. return false
  151. }
  152. if !rawEqualNormalized(oldIb.Listen, newIb.Listen) ||
  153. !rawEqualNormalized(oldIb.StreamSettings, newIb.StreamSettings) ||
  154. !rawEqualNormalized(oldIb.Sniffing, newIb.Sniffing) {
  155. return false
  156. }
  157. oldClients, oldRest, ok := splitSettingsClients(oldIb.Settings)
  158. if !ok {
  159. return false
  160. }
  161. newClients, newRest, ok := splitSettingsClients(newIb.Settings)
  162. if !ok {
  163. return false
  164. }
  165. if !bytes.Equal(oldRest, newRest) {
  166. return false
  167. }
  168. for email, oldC := range oldClients {
  169. newC, exists := newClients[email]
  170. if exists && bytes.Equal(oldC.norm, newC.norm) {
  171. continue
  172. }
  173. diff.RemovedUsers = append(diff.RemovedUsers, UserOp{Tag: oldIb.Tag, Protocol: oldIb.Protocol, Email: email})
  174. if exists {
  175. diff.AddedUsers = append(diff.AddedUsers, UserOp{Tag: oldIb.Tag, Protocol: oldIb.Protocol, Email: email, User: newC.user})
  176. }
  177. }
  178. for email, newC := range newClients {
  179. if _, exists := oldClients[email]; !exists {
  180. diff.AddedUsers = append(diff.AddedUsers, UserOp{Tag: oldIb.Tag, Protocol: oldIb.Protocol, Email: email, User: newC.user})
  181. }
  182. }
  183. return true
  184. }
  185. type clientEntry struct {
  186. user map[string]any
  187. norm []byte
  188. }
  189. // splitSettingsClients indexes settings.clients by email and returns the rest of
  190. // the settings in canonical form; ok is false when a client has no unique email.
  191. func splitSettingsClients(raw json_util.RawMessage) (map[string]clientEntry, []byte, bool) {
  192. if len(raw) == 0 {
  193. return nil, nil, false
  194. }
  195. settings := map[string]any{}
  196. decoder := json.NewDecoder(bytes.NewReader(raw))
  197. decoder.UseNumber()
  198. if err := decoder.Decode(&settings); err != nil {
  199. return nil, nil, false
  200. }
  201. clientsRaw, hasClients := settings["clients"].([]any)
  202. if !hasClients {
  203. return nil, nil, false
  204. }
  205. clients := make(map[string]clientEntry, len(clientsRaw))
  206. for _, c := range clientsRaw {
  207. obj, ok := c.(map[string]any)
  208. if !ok {
  209. return nil, nil, false
  210. }
  211. email, _ := obj["email"].(string)
  212. if email == "" {
  213. return nil, nil, false
  214. }
  215. if _, dup := clients[email]; dup {
  216. return nil, nil, false
  217. }
  218. norm, err := json.Marshal(obj)
  219. if err != nil {
  220. return nil, nil, false
  221. }
  222. clients[email] = clientEntry{user: obj, norm: norm}
  223. }
  224. delete(settings, "clients")
  225. rest, err := json.Marshal(settings)
  226. if err != nil {
  227. return nil, nil, false
  228. }
  229. return clients, rest, true
  230. }
  231. func inboundHasReverseClient(ib *InboundConfig) bool {
  232. if ib == nil {
  233. return false
  234. }
  235. var settings struct {
  236. Clients []struct {
  237. Reverse json.RawMessage `json:"reverse"`
  238. } `json:"clients"`
  239. }
  240. if err := json.Unmarshal(ib.Settings, &settings); err != nil {
  241. return false
  242. }
  243. for _, c := range settings.Clients {
  244. if len(c.Reverse) == 0 {
  245. continue
  246. }
  247. var tag any
  248. if err := json.Unmarshal(c.Reverse, &tag); err != nil || tag == nil {
  249. continue
  250. }
  251. return true
  252. }
  253. return false
  254. }
  255. // diffOutbounds fills diff with outbound removals/additions keyed by tag.
  256. // The first outbound is xray's default handler and the API can only append,
  257. // so any change to its identity or content forces a restart. Reordering of
  258. // the remaining outbounds is ignored — routing addresses them by tag.
  259. func diffOutbounds(oldCfg, newCfg *Config, diff *HotDiff) bool {
  260. oldOut, ok := parseOutbounds(oldCfg.OutboundConfigs)
  261. if !ok {
  262. return false
  263. }
  264. newOut, ok := parseOutbounds(newCfg.OutboundConfigs)
  265. if !ok {
  266. return false
  267. }
  268. if (len(oldOut) == 0) != (len(newOut) == 0) {
  269. return false
  270. }
  271. if len(oldOut) > 0 {
  272. if oldOut[0].tag != newOut[0].tag || !bytes.Equal(oldOut[0].norm, newOut[0].norm) {
  273. return false
  274. }
  275. }
  276. oldByTag := make(map[string]outboundEntry, len(oldOut))
  277. for _, e := range oldOut {
  278. oldByTag[e.tag] = e
  279. }
  280. newByTag := make(map[string]outboundEntry, len(newOut))
  281. for _, e := range newOut {
  282. newByTag[e.tag] = e
  283. }
  284. for _, oldE := range oldOut {
  285. newE, exists := newByTag[oldE.tag]
  286. if exists && bytes.Equal(oldE.norm, newE.norm) {
  287. continue
  288. }
  289. diff.RemovedOutboundTags = append(diff.RemovedOutboundTags, oldE.tag)
  290. if exists {
  291. diff.AddedOutbounds = append(diff.AddedOutbounds, newE.raw)
  292. }
  293. }
  294. for _, newE := range newOut {
  295. if _, exists := oldByTag[newE.tag]; !exists {
  296. diff.AddedOutbounds = append(diff.AddedOutbounds, newE.raw)
  297. }
  298. }
  299. return true
  300. }
  301. // diffRouting decides whether the routing change is limited to rules and
  302. // balancers — the only parts RoutingService.AddRule can replace at runtime.
  303. // domainStrategy/domainMatcher and any other key in the section are fixed at
  304. // process start.
  305. func diffRouting(oldCfg, newCfg *Config, diff *HotDiff) bool {
  306. if bytes.Equal(oldCfg.RouterConfig, newCfg.RouterConfig) {
  307. return true
  308. }
  309. // No routing section at start likely means no router feature (and no
  310. // RoutingService) in the running instance — only a restart can add it.
  311. if len(oldCfg.RouterConfig) == 0 || len(newCfg.RouterConfig) == 0 {
  312. return false
  313. }
  314. oldRest, ok := routingWithoutReloadable(oldCfg.RouterConfig)
  315. if !ok {
  316. return false
  317. }
  318. newRest, ok := routingWithoutReloadable(newCfg.RouterConfig)
  319. if !ok {
  320. return false
  321. }
  322. if !bytes.Equal(oldRest, newRest) {
  323. return false
  324. }
  325. diff.RoutingConfig = newCfg.RouterConfig
  326. return true
  327. }
  328. // routingWithoutReloadable returns the routing section normalized with the
  329. // runtime-reloadable keys removed, for comparing the restart-only remainder.
  330. func routingWithoutReloadable(raw []byte) ([]byte, bool) {
  331. parsed := map[string]any{}
  332. if len(raw) > 0 {
  333. decoder := json.NewDecoder(bytes.NewReader(raw))
  334. decoder.UseNumber()
  335. if err := decoder.Decode(&parsed); err != nil {
  336. return nil, false
  337. }
  338. }
  339. delete(parsed, "rules")
  340. delete(parsed, "balancers")
  341. out, err := json.Marshal(parsed)
  342. if err != nil {
  343. return nil, false
  344. }
  345. return out, true
  346. }
  347. // inboundEqualNormalized compares two inbounds ignoring JSON formatting in
  348. // their raw sections, so a reformatted template does not read as a changed
  349. // inbound.
  350. func inboundEqualNormalized(a, b *InboundConfig) bool {
  351. return a.Port == b.Port &&
  352. a.Protocol == b.Protocol &&
  353. a.Tag == b.Tag &&
  354. rawEqualNormalized(a.Listen, b.Listen) &&
  355. rawEqualNormalized(a.Settings, b.Settings) &&
  356. rawEqualNormalized(a.StreamSettings, b.StreamSettings) &&
  357. rawEqualNormalized(a.Sniffing, b.Sniffing)
  358. }
  359. // rawEqualNormalized reports whether two raw JSON values are semantically
  360. // equal: whitespace, object key order and an explicit `null` versus an
  361. // absent section are all ignored. UI editors rebuild objects on save (new
  362. // key order) and emit `null` for switched-off sections — none of that is a
  363. // reason to restart the core. Number precision is preserved via json.Number,
  364. // so genuinely different values never compare equal. Unparsable values only
  365. // compare equal byte-for-byte.
  366. func rawEqualNormalized(a, b json_util.RawMessage) bool {
  367. if bytes.Equal(a, b) {
  368. return true
  369. }
  370. na, ok := canonicalJSON(a)
  371. if !ok {
  372. return false
  373. }
  374. nb, ok := canonicalJSON(b)
  375. if !ok {
  376. return false
  377. }
  378. return bytes.Equal(na, nb)
  379. }
  380. // canonicalJSON renders a JSON value in canonical form: sorted object keys,
  381. // no insignificant whitespace, exact number digits (json.Number). Empty
  382. // input and JSON null both canonicalize to nil.
  383. func canonicalJSON(raw json_util.RawMessage) ([]byte, bool) {
  384. if len(raw) == 0 {
  385. return nil, true
  386. }
  387. decoder := json.NewDecoder(bytes.NewReader(raw))
  388. decoder.UseNumber()
  389. var value any
  390. if err := decoder.Decode(&value); err != nil {
  391. return nil, false
  392. }
  393. if value == nil {
  394. return nil, true
  395. }
  396. out, err := json.Marshal(value)
  397. if err != nil {
  398. return nil, false
  399. }
  400. return out, true
  401. }
  402. // inboundsByTag indexes inbounds by tag; ok is false when a tag is empty or
  403. // duplicated, since such handlers can't be addressed through the API.
  404. func inboundsByTag(inbounds []InboundConfig) (map[string]*InboundConfig, bool) {
  405. byTag := make(map[string]*InboundConfig, len(inbounds))
  406. for i := range inbounds {
  407. tag := inbounds[i].Tag
  408. if tag == "" {
  409. return nil, false
  410. }
  411. if _, dup := byTag[tag]; dup {
  412. return nil, false
  413. }
  414. byTag[tag] = &inbounds[i]
  415. }
  416. return byTag, true
  417. }
  418. type outboundEntry struct {
  419. tag string
  420. raw []byte // original JSON, used for AddOutbound
  421. norm []byte // canonical JSON, used for change detection
  422. }
  423. // parseOutbounds splits the outbounds array into per-entry raw/normalized
  424. // JSON. ok is false when the array is unparsable or an entry has an empty or
  425. // duplicate tag — those can't be addressed through the API.
  426. func parseOutbounds(raw json_util.RawMessage) ([]outboundEntry, bool) {
  427. if len(raw) == 0 {
  428. return nil, true
  429. }
  430. var elems []json.RawMessage
  431. if err := json.Unmarshal(raw, &elems); err != nil {
  432. return nil, false
  433. }
  434. entries := make([]outboundEntry, 0, len(elems))
  435. seen := make(map[string]struct{}, len(elems))
  436. for _, elem := range elems {
  437. var meta struct {
  438. Tag string `json:"tag"`
  439. }
  440. if err := json.Unmarshal(elem, &meta); err != nil {
  441. return nil, false
  442. }
  443. if meta.Tag == "" {
  444. return nil, false
  445. }
  446. if _, dup := seen[meta.Tag]; dup {
  447. return nil, false
  448. }
  449. seen[meta.Tag] = struct{}{}
  450. norm, ok := canonicalJSON(json_util.RawMessage(elem))
  451. if !ok {
  452. return nil, false
  453. }
  454. entries = append(entries, outboundEntry{tag: meta.Tag, raw: elem, norm: norm})
  455. }
  456. return entries, true
  457. }
  458. // apiTagFromConfig extracts api.tag from the api section, defaulting to "api".
  459. func apiTagFromConfig(api json_util.RawMessage) string {
  460. var parsed struct {
  461. Tag string `json:"tag"`
  462. }
  463. if len(api) > 0 && json.Unmarshal(api, &parsed) == nil && parsed.Tag != "" {
  464. return parsed.Tag
  465. }
  466. return "api"
  467. }