1
0

setting.go 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. package controller
  2. import (
  3. "errors"
  4. "strconv"
  5. "time"
  6. "github.com/mhsanaei/3x-ui/v3/internal/logger"
  7. "github.com/mhsanaei/3x-ui/v3/internal/util/crypto"
  8. "github.com/mhsanaei/3x-ui/v3/internal/web/entity"
  9. "github.com/mhsanaei/3x-ui/v3/internal/web/middleware"
  10. "github.com/mhsanaei/3x-ui/v3/internal/web/service"
  11. "github.com/mhsanaei/3x-ui/v3/internal/web/service/email"
  12. "github.com/mhsanaei/3x-ui/v3/internal/web/service/panel"
  13. "github.com/mhsanaei/3x-ui/v3/internal/web/session"
  14. "github.com/gin-gonic/gin"
  15. )
  16. // updateUserForm represents the form for updating user credentials.
  17. type updateUserForm struct {
  18. OldUsername string `json:"oldUsername" form:"oldUsername"`
  19. OldPassword string `json:"oldPassword" form:"oldPassword"`
  20. NewUsername string `json:"newUsername" form:"newUsername"`
  21. NewPassword string `json:"newPassword" form:"newPassword"`
  22. TwoFactorCode string `json:"twoFactorCode" form:"twoFactorCode"`
  23. }
  24. // updateSettingForm carries the persisted settings plus request-scoped fields
  25. // that must never land in the settings table: the 2FA confirmation code and
  26. // the explicit clear flags for redacted secrets (a blank secret alone means
  27. // "unchanged", so clearing needs its own signal — see #5724).
  28. type updateSettingForm struct {
  29. entity.AllSetting
  30. TwoFactorCode string `json:"twoFactorCode" form:"twoFactorCode"`
  31. ClearTgBotToken bool `json:"clearTgBotToken" form:"clearTgBotToken"`
  32. ClearLdapPassword bool `json:"clearLdapPassword" form:"clearLdapPassword"`
  33. ClearSmtpPassword bool `json:"clearSmtpPassword" form:"clearSmtpPassword"`
  34. }
  35. // SettingController handles settings and user management operations.
  36. type SettingController struct {
  37. settingService service.SettingService
  38. userService panel.UserService
  39. panelService panel.PanelService
  40. apiTokenService panel.ApiTokenService
  41. xrayService service.XrayService
  42. }
  43. // NewSettingController creates a new SettingController and initializes its routes.
  44. func NewSettingController(g *gin.RouterGroup) *SettingController {
  45. a := &SettingController{}
  46. a.initRouter(g)
  47. return a
  48. }
  49. // initRouter sets up the routes for settings management.
  50. func (a *SettingController) initRouter(g *gin.RouterGroup) {
  51. g = g.Group("/setting")
  52. g.POST("/all", a.getAllSetting)
  53. g.POST("/defaultSettings", a.getDefaultSettings)
  54. g.POST("/update", a.updateSetting)
  55. g.POST("/updateUser", a.updateUser)
  56. g.POST("/restartPanel", a.restartPanel)
  57. g.GET("/getDefaultJsonConfig", a.getDefaultXrayConfig)
  58. g.GET("/apiTokens", a.listApiTokens)
  59. g.POST("/apiTokens/create", a.createApiToken)
  60. g.POST("/apiTokens/delete/:id", a.deleteApiToken)
  61. g.POST("/apiTokens/setEnabled/:id", a.setApiTokenEnabled)
  62. g.POST("/testSmtp", a.testSmtp)
  63. g.POST("/testTgBot", a.testTgBot)
  64. }
  65. // getAllSetting retrieves all current settings as the browser-safe view:
  66. // secret values are redacted and surfaced as has* presence flags instead.
  67. func (a *SettingController) getAllSetting(c *gin.Context) {
  68. allSetting, err := a.settingService.GetAllSettingView()
  69. if err != nil {
  70. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
  71. return
  72. }
  73. jsonObj(c, allSetting, nil)
  74. }
  75. // getDefaultSettings retrieves the default settings based on the host.
  76. func (a *SettingController) getDefaultSettings(c *gin.Context) {
  77. result, err := a.settingService.GetDefaultSettings(c.Request.Host)
  78. if err != nil {
  79. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
  80. return
  81. }
  82. jsonObj(c, result, nil)
  83. }
  84. // updateSetting updates all settings with the provided data.
  85. func (a *SettingController) updateSetting(c *gin.Context) {
  86. form, ok := middleware.BindAndValidate[updateSettingForm](c)
  87. if !ok {
  88. return
  89. }
  90. allSetting := &form.AllSetting
  91. oldTwoFactor, twoFactorErr := a.settingService.GetTwoFactorEnable()
  92. oldPanelOutbound, _ := a.settingService.GetPanelOutbound()
  93. oldTgEnable, _ := a.settingService.GetTgbotEnabled()
  94. oldTgToken, _ := a.settingService.GetTgBotToken()
  95. oldTgChatId, _ := a.settingService.GetTgBotChatId()
  96. oldTgAPIServer, _ := a.settingService.GetTgBotAPIServer()
  97. if twoFactorErr == nil && oldTwoFactor && !allSetting.TwoFactorEnable {
  98. if err := a.settingService.VerifyTwoFactorCode(form.TwoFactorCode); err != nil {
  99. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  100. return
  101. }
  102. }
  103. err := a.settingService.UpdateAllSetting(allSetting, service.SecretClears{
  104. TgBotToken: form.ClearTgBotToken,
  105. LdapPassword: form.ClearLdapPassword,
  106. SmtpPassword: form.ClearSmtpPassword,
  107. })
  108. if err == nil && twoFactorErr == nil && !oldTwoFactor && allSetting.TwoFactorEnable {
  109. if bumpErr := a.userService.BumpLoginEpoch(); bumpErr != nil {
  110. err = bumpErr
  111. }
  112. }
  113. if err == nil && form.PanelOutbound != oldPanelOutbound {
  114. // The egress bridge lives in the generated config; reconcile the
  115. // running core. One SOCKS inbound plus one routing rule — both
  116. // hot-appliable, so this normally does not restart Xray.
  117. if applyErr := a.xrayService.RestartXray(false); applyErr != nil {
  118. logger.Warning("apply panel outbound change failed:", applyErr)
  119. }
  120. }
  121. // UpdateAllSetting already restored a redacted-blank token, so allSetting.TgBotToken is the effective value to compare.
  122. if err == nil && reloadTgbotFunc != nil {
  123. tgChanged := oldTgEnable != allSetting.TgBotEnable ||
  124. (allSetting.TgBotEnable && (oldTgToken != allSetting.TgBotToken ||
  125. oldTgChatId != allSetting.TgBotChatId ||
  126. oldTgAPIServer != allSetting.TgBotAPIServer))
  127. if tgChanged {
  128. reloadTgbotFunc()
  129. }
  130. }
  131. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  132. }
  133. // updateUser updates the current user's username and password.
  134. func (a *SettingController) updateUser(c *gin.Context) {
  135. form := &updateUserForm{}
  136. err := c.ShouldBind(form)
  137. if err != nil {
  138. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  139. return
  140. }
  141. user := session.GetLoginUser(c)
  142. if user.Username != form.OldUsername || !crypto.CheckPasswordHash(user.Password, form.OldPassword) {
  143. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.originalUserPassIncorrect")))
  144. return
  145. }
  146. if form.NewUsername == "" || form.NewPassword == "" {
  147. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), errors.New(I18nWeb(c, "pages.settings.toasts.userPassMustBeNotEmpty")))
  148. return
  149. }
  150. if err := a.settingService.VerifyTwoFactorCode(form.TwoFactorCode); err != nil {
  151. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUserError"), err)
  152. return
  153. }
  154. err = a.userService.UpdateUser(user.Id, form.NewUsername, form.NewPassword)
  155. if err == nil {
  156. user.Username = form.NewUsername
  157. user.Password, _ = crypto.HashPasswordAsBcrypt(form.NewPassword)
  158. if saveErr := session.SetLoginUser(c, user); saveErr != nil {
  159. err = saveErr
  160. }
  161. }
  162. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err)
  163. }
  164. // restartPanel restarts the panel service after a delay.
  165. func (a *SettingController) restartPanel(c *gin.Context) {
  166. err := a.panelService.RestartPanel(time.Second * 3)
  167. jsonMsg(c, I18nWeb(c, "pages.settings.restartPanelSuccess"), err)
  168. }
  169. // getDefaultXrayConfig retrieves the default Xray configuration.
  170. func (a *SettingController) getDefaultXrayConfig(c *gin.Context) {
  171. defaultJsonConfig, err := a.settingService.GetDefaultXrayConfig()
  172. if err != nil {
  173. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
  174. return
  175. }
  176. jsonObj(c, defaultJsonConfig, nil)
  177. }
  178. type apiTokenCreateForm struct {
  179. Name string `json:"name" form:"name"`
  180. }
  181. type apiTokenEnabledForm struct {
  182. Enabled bool `json:"enabled" form:"enabled"`
  183. }
  184. func (a *SettingController) listApiTokens(c *gin.Context) {
  185. rows, err := a.apiTokenService.List()
  186. if err != nil {
  187. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.getSettings"), err)
  188. return
  189. }
  190. jsonObj(c, rows, nil)
  191. }
  192. func (a *SettingController) createApiToken(c *gin.Context) {
  193. form := &apiTokenCreateForm{}
  194. if err := c.ShouldBind(form); err != nil {
  195. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  196. return
  197. }
  198. row, err := a.apiTokenService.Create(form.Name)
  199. if err != nil {
  200. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  201. return
  202. }
  203. jsonObj(c, row, nil)
  204. }
  205. func (a *SettingController) deleteApiToken(c *gin.Context) {
  206. id, err := strconv.Atoi(c.Param("id"))
  207. if err != nil {
  208. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  209. return
  210. }
  211. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.Delete(id))
  212. }
  213. func (a *SettingController) setApiTokenEnabled(c *gin.Context) {
  214. id, err := strconv.Atoi(c.Param("id"))
  215. if err != nil {
  216. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), err)
  217. return
  218. }
  219. form := &apiTokenEnabledForm{}
  220. if bindErr := c.ShouldBind(form); bindErr != nil {
  221. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), bindErr)
  222. return
  223. }
  224. jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifySettings"), a.apiTokenService.SetEnabled(id, form.Enabled))
  225. }
  226. func (a *SettingController) testSmtp(c *gin.Context) {
  227. if emailService == nil {
  228. jsonMsg(c, I18nWeb(c, "pages.settings.smtpNotInitialized"), errors.New("email service not available"))
  229. return
  230. }
  231. logger.Info("SMTP test: starting...")
  232. result := emailService.TestConnection()
  233. if !result.Success {
  234. logger.Warning("SMTP test failed at", result.Stage+":", result.Message)
  235. c.JSON(200, gin.H{
  236. "success": false,
  237. "stage": result.Stage,
  238. "msg": result.Message,
  239. })
  240. return
  241. }
  242. logger.Info("SMTP test: success")
  243. c.JSON(200, gin.H{
  244. "success": true,
  245. "stage": result.Stage,
  246. "msg": result.Message,
  247. })
  248. }
  249. func (a *SettingController) testTgBot(c *gin.Context) {
  250. enabled, err := a.settingService.GetTgbotEnabled()
  251. if err != nil || !enabled {
  252. jsonMsg(c, I18nWeb(c, "pages.settings.tgBotNotEnabled"), errors.New("telegram bot disabled"))
  253. return
  254. }
  255. // Import tgbot package would create a circular dependency, so we call
  256. // the test through the global function registered at startup.
  257. if testTgFunc != nil {
  258. if err := testTgFunc(); err != nil {
  259. jsonMsg(c, I18nWeb(c, "pages.settings.tgTestFailed")+": "+err.Error(), err)
  260. return
  261. }
  262. jsonMsg(c, I18nWeb(c, "pages.settings.tgTestSuccess"), nil)
  263. return
  264. }
  265. jsonMsg(c, I18nWeb(c, "pages.settings.tgBotNotRunning"), errors.New("bot not started"))
  266. }
  267. // testTgFunc is set from web layer to test Telegram sending without circular imports.
  268. var testTgFunc func() error
  269. // SetTestTgFunc registers the function used to test Telegram sending.
  270. func SetTestTgFunc(fn func() error) { testTgFunc = fn }
  271. // reloadTgbotFunc is wired from the web layer; importing tgbot here would be a circular dependency.
  272. var reloadTgbotFunc func()
  273. func SetReloadTgbotFunc(fn func()) { reloadTgbotFunc = fn }
  274. // emailService is set from web layer.
  275. var emailService *email.EmailService
  276. // SetEmailService registers the email service for test endpoints.
  277. func SetEmailService(s *email.EmailService) { emailService = s }