mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-17 01:56:06 +00:00
feat(mtproto): adopt dolonet/mtg-multi and make MTProto inbounds multi-client
Replace the upstream 9seconds/mtg sidecar with the dolonet/mtg-multi fork so a single MTProto inbound can serve many per-user secrets. Each panel client is now one named FakeTLS secret in the fork's [secrets] section: clients are first-class (attach/detach, limits, expiry, per-client tg:// links) exactly like every other protocol, mirroring the WireGuard multi-client model. Per-client traffic and online status come from the fork's /stats JSON API (its Prometheus output has no per-user label), fed into the existing email-keyed client_traffics accumulator; an optional throttle caps concurrent connections. A one-time seeder converts each legacy single-secret inbound into a one-client inbound. The fork ships only linux/darwin amd64/arm64 binaries but is pure Go, so provisioning builds it from source for every supported platform (release.yml, DockerInit.sh) while keeping the panel-expected mtg-<os>-<arch> filename and the 'run' verb, so process.go is untouched. Also fixes a pre-existing update.sh gap that never renamed the mtg binary for armv6/armv7 updates.
This commit is contained in:
@@ -63,8 +63,21 @@ exports[`InboundSettingsSchema fixtures > parses mtproto-basic byte-stably 1`] =
|
||||
{
|
||||
"protocol": "mtproto",
|
||||
"settings": {
|
||||
"clients": [
|
||||
{
|
||||
"comment": "",
|
||||
"email": "mtproto-user",
|
||||
"enable": true,
|
||||
"expiryTime": 0,
|
||||
"limitIp": 0,
|
||||
"reset": 0,
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"subId": "",
|
||||
"tgId": 0,
|
||||
"totalGB": 0,
|
||||
},
|
||||
],
|
||||
"fakeTlsDomain": "www.cloudflare.com",
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
},
|
||||
}
|
||||
`;
|
||||
@@ -73,6 +86,20 @@ exports[`InboundSettingsSchema fixtures > parses mtproto-domain-fronting byte-st
|
||||
{
|
||||
"protocol": "mtproto",
|
||||
"settings": {
|
||||
"clients": [
|
||||
{
|
||||
"comment": "",
|
||||
"email": "mtproto-user",
|
||||
"enable": true,
|
||||
"expiryTime": 0,
|
||||
"limitIp": 0,
|
||||
"reset": 0,
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"subId": "",
|
||||
"tgId": 0,
|
||||
"totalGB": 0,
|
||||
},
|
||||
],
|
||||
"debug": true,
|
||||
"domainFronting": {
|
||||
"ip": "127.0.0.1",
|
||||
@@ -82,7 +109,7 @@ exports[`InboundSettingsSchema fixtures > parses mtproto-domain-fronting byte-st
|
||||
"fakeTlsDomain": "www.cloudflare.com",
|
||||
"preferIp": "prefer-ipv4",
|
||||
"proxyProtocolListener": true,
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"throttleMaxConnections": 5000,
|
||||
},
|
||||
}
|
||||
`;
|
||||
|
||||
@@ -2,6 +2,12 @@
|
||||
"protocol": "mtproto",
|
||||
"settings": {
|
||||
"fakeTlsDomain": "www.cloudflare.com",
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d"
|
||||
"clients": [
|
||||
{
|
||||
"email": "mtproto-user",
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"enable": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,10 +2,17 @@
|
||||
"protocol": "mtproto",
|
||||
"settings": {
|
||||
"fakeTlsDomain": "www.cloudflare.com",
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"clients": [
|
||||
{
|
||||
"email": "mtproto-user",
|
||||
"secret": "ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d",
|
||||
"enable": true
|
||||
}
|
||||
],
|
||||
"proxyProtocolListener": true,
|
||||
"preferIp": "prefer-ipv4",
|
||||
"debug": true,
|
||||
"throttleMaxConnections": 5000,
|
||||
"domainFronting": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": 9443,
|
||||
|
||||
@@ -26,4 +26,18 @@ describe('link-label parseLinkParts', () => {
|
||||
it('returns null for an unparseable scheme', () => {
|
||||
expect(parseLinkParts('not-a-link')).toBeNull();
|
||||
});
|
||||
|
||||
// MTProto share links are tg://proxy deep links whose port rides in a query
|
||||
// param, not the URL authority; they carry no transport and use FakeTLS.
|
||||
it('labels an mtproto tg://proxy link with its query-param port and FakeTLS', () => {
|
||||
const parts = parseLinkParts(
|
||||
'tg://proxy?server=host.example.com&port=8443&secret=ee00#mt-inbound',
|
||||
);
|
||||
expect(parts?.protocol).toBe('MTProto');
|
||||
expect(parts?.network).toBe('');
|
||||
expect(parts?.security).toBe('FAKETLS');
|
||||
expect(parts?.port).toBe('8443');
|
||||
expect(parts?.remark).toBe('mt-inbound');
|
||||
expect(parts && linkMetaText(parts)).toBe('mt-inbound:8443');
|
||||
});
|
||||
});
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
import { describe, expect, it } from 'vitest';
|
||||
|
||||
import { genInboundLinks } from '@/lib/xray/inbound-link';
|
||||
import { InboundSchema } from '@/schemas/api/inbound';
|
||||
|
||||
// Multi-client MTProto renders one tg://proxy deep link per entry in
|
||||
// settings.clients, each carrying that client's own FakeTLS secret.
|
||||
function mtprotoInbound() {
|
||||
return InboundSchema.parse({
|
||||
id: 70,
|
||||
remark: 'mt-mc',
|
||||
port: 8443,
|
||||
protocol: 'mtproto',
|
||||
settings: {
|
||||
fakeTlsDomain: 'www.cloudflare.com',
|
||||
clients: [
|
||||
{
|
||||
email: 'alice',
|
||||
secret: 'ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d',
|
||||
enable: true,
|
||||
},
|
||||
{
|
||||
email: 'bob',
|
||||
secret: 'eeabcdefabcdefabcdefabcdefabcdef01676f6f676c652e636f6d',
|
||||
enable: true,
|
||||
},
|
||||
],
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
describe('mtproto multi-client link fan-out', () => {
|
||||
it('emits one tg://proxy per client from settings.clients', () => {
|
||||
const out = genInboundLinks({ inbound: mtprotoInbound(), remark: 'mt-mc', fallbackHostname: 'mt.example.test' });
|
||||
const links = out.split('\r\n').filter(Boolean);
|
||||
expect(links).toHaveLength(2);
|
||||
expect(links[0]).toContain('tg://proxy');
|
||||
expect(links[0]).toContain('secret=ee0123456789abcdef0123456789abcdef7777772e636c6f7564666c6172652e636f6d');
|
||||
expect(links[1]).toContain('secret=eeabcdefabcdefabcdefabcdefabcdef01676f6f676c652e636f6d');
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user