Files
3x-ui/internal/web/service/xray_config_inject_test.go
T
MHSanaei 7bcc5830c6 feat(online): use xray online-stats API for onlines and access-log-free IP limit
Adopt xray-core's statsUserOnline policy and GetUsersStats RPC so online
detection is connection-based and IP limiting no longer requires an access
log. Falls back to the legacy traffic-delta onlines and access-log parsing
when the running core lacks the RPCs (Unimplemented), probed lazily per
process so a panel-driven version switch re-evaluates automatically.

Backend:
- xray/api.go: GetOnlineUsers (one GetUsersStats call returns all online
  users and their source IPs) and IsUnimplementedErr.
- xray/process.go: per-process OnlineAPISupport tri-state capability cache.
- service/xray.go: ensureStatsPolicy injects statsUserOnline into every
  policy level of the generated config; XrayService.GetOnlineUsers probes
  and falls back.
- job/xray_traffic_job.go: union API onlines into the delta-derived active
  set; bump last_online for idle-but-connected clients.
- job/check_client_ip_job.go: API-first IP source with shared enforcement;
  live observations bypass the 30-min stale cutoff; access-log path
  unchanged for older cores.
- service/setting.go: GetIpLimitEnable always true; new accessLogEnable
  default for features that genuinely read the access log.

Frontend:
- Client form split into Basic and Config tabs; IP Limit and IP Log no
  longer gated on access log; compact Auto Renew next to Start After First
  Use; tabBasic/tabConfig added to all 13 locales.
- Xray logs button on the dashboard now gated on accessLogEnable.
2026-06-11 19:42:03 +02:00

225 lines
7.8 KiB
Go

package service
import (
"encoding/json"
"os"
"testing"
xuilogger "github.com/mhsanaei/3x-ui/v3/internal/logger"
"github.com/mhsanaei/3x-ui/v3/internal/util/json_util"
"github.com/mhsanaei/3x-ui/v3/internal/xray"
"github.com/op/go-logging"
)
func TestMain(m *testing.M) {
// injectPanelEgress logs when it skips injection; the package logger must
// exist before any test exercises a skipped path.
xuilogger.InitLogger(logging.ERROR)
os.Exit(m.Run())
}
func TestEnsureAPIServices(t *testing.T) {
// legacy template without RoutingService gets it injected
out := ensureAPIServices(json_util.RawMessage(`{"services":["HandlerService","LoggerService","StatsService"],"tag":"api"}`))
var parsed struct {
Services []string `json:"services"`
Tag string `json:"tag"`
}
if err := json.Unmarshal(out, &parsed); err != nil {
t.Fatal(err)
}
want := map[string]bool{"HandlerService": true, "StatsService": true, "RoutingService": true, "LoggerService": true}
if len(parsed.Services) != 4 {
t.Fatalf("expected 4 services, got %v", parsed.Services)
}
for _, svc := range parsed.Services {
if !want[svc] {
t.Fatalf("unexpected service %q", svc)
}
}
if parsed.Tag != "api" {
t.Fatalf("tag must be preserved, got %q", parsed.Tag)
}
// complete api block is returned unchanged (no marshal churn)
full := json_util.RawMessage(`{"services":["HandlerService","StatsService","RoutingService"],"tag":"api"}`)
if got := ensureAPIServices(full); string(got) != string(full) {
t.Fatalf("complete api block must pass through untouched, got %s", got)
}
// absent api block stays absent
if got := ensureAPIServices(nil); got != nil {
t.Fatalf("nil api block must stay nil, got %s", got)
}
}
func TestEnsureStatsPolicy(t *testing.T) {
// default-template shape: level "0" exists with traffic flags — the online
// flag is added and the siblings survive untouched
out := ensureStatsPolicy(json_util.RawMessage(`{"levels":{"0":{"handshake":4,"statsUserUplink":true,"statsUserDownlink":true}},"system":{"statsInboundDownlink":true}}`))
var parsed struct {
Levels map[string]map[string]any `json:"levels"`
System map[string]any `json:"system"`
}
if err := json.Unmarshal(out, &parsed); err != nil {
t.Fatal(err)
}
level0 := parsed.Levels["0"]
if level0["statsUserOnline"] != true {
t.Fatalf("statsUserOnline must be injected into level 0, got %v", level0)
}
if level0["statsUserUplink"] != true || level0["statsUserDownlink"] != true || level0["handshake"] != float64(4) {
t.Fatalf("sibling keys must be preserved, got %v", level0)
}
if parsed.System["statsInboundDownlink"] != true {
t.Fatalf("system block must be preserved, got %v", parsed.System)
}
// missing levels block: level "0" is created with the flag
out = ensureStatsPolicy(json_util.RawMessage(`{"system":{}}`))
if err := json.Unmarshal(out, &parsed); err != nil {
t.Fatal(err)
}
if parsed.Levels["0"]["statsUserOnline"] != true {
t.Fatalf("level 0 must be created with statsUserOnline, got %s", out)
}
// every level gets the flag, an explicit false included — the flag is
// panel infrastructure, like the api services
out = ensureStatsPolicy(json_util.RawMessage(`{"levels":{"0":{"statsUserOnline":false},"1":{"connIdle":300}}}`))
if err := json.Unmarshal(out, &parsed); err != nil {
t.Fatal(err)
}
for _, key := range []string{"0", "1"} {
if parsed.Levels[key]["statsUserOnline"] != true {
t.Fatalf("level %s must have statsUserOnline forced on, got %s", key, out)
}
}
if parsed.Levels["1"]["connIdle"] != float64(300) {
t.Fatalf("level 1 siblings must be preserved, got %s", out)
}
// already-enabled input passes through byte-identical (no marshal churn,
// no spurious restart)
full := json_util.RawMessage(`{"levels":{"0":{"statsUserOnline":true}}}`)
if got := ensureStatsPolicy(full); string(got) != string(full) {
t.Fatalf("already-enabled policy must pass through untouched, got %s", got)
}
// absent policy block stays absent
if got := ensureStatsPolicy(nil); got != nil {
t.Fatalf("nil policy must stay nil, got %s", got)
}
// unparsable policy is left untouched
bad := json_util.RawMessage(`{not json`)
if got := ensureStatsPolicy(bad); string(got) != string(bad) {
t.Fatalf("unparsable policy must be left untouched, got %s", got)
}
}
func egressTestConfig() *xray.Config {
return &xray.Config{
RouterConfig: json_util.RawMessage(`{"domainStrategy":"AsIs","rules":[{"type":"field","inboundTag":["api"],"outboundTag":"api"}]}`),
InboundConfigs: []xray.InboundConfig{
{Port: 62789, Protocol: "tunnel", Tag: "api", Listen: json_util.RawMessage(`"127.0.0.1"`)},
},
}
}
type egressRouting struct {
DomainStrategy string `json:"domainStrategy"`
Rules []struct {
InboundTag []string `json:"inboundTag"`
OutboundTag string `json:"outboundTag"`
Type string `json:"type"`
} `json:"rules"`
}
func TestInjectPanelEgress(t *testing.T) {
cfg := egressTestConfig()
injectPanelEgress(cfg, "warp")
if len(cfg.InboundConfigs) != 2 {
t.Fatalf("expected the egress inbound to be appended, got %d inbounds", len(cfg.InboundConfigs))
}
ib := cfg.InboundConfigs[1]
if ib.Tag != PanelEgressInboundTag || ib.Protocol != "socks" || ib.Port != panelEgressBasePort {
t.Fatalf("unexpected egress inbound: %+v", ib)
}
if string(ib.Listen) != `"127.0.0.1"` {
t.Fatalf("egress inbound must listen on loopback, got %s", ib.Listen)
}
var routing egressRouting
if err := json.Unmarshal(cfg.RouterConfig, &routing); err != nil {
t.Fatal(err)
}
if routing.DomainStrategy != "AsIs" {
t.Fatalf("routing keys outside rules must be preserved, got %+v", routing)
}
if len(routing.Rules) != 2 {
t.Fatalf("expected egress rule + existing rule, got %+v", routing.Rules)
}
first := routing.Rules[0]
if first.Type != "field" || first.OutboundTag != "warp" ||
len(first.InboundTag) != 1 || first.InboundTag[0] != PanelEgressInboundTag {
t.Fatalf("egress rule must be prepended, got %+v", first)
}
}
func TestInjectPanelEgress_PortCollision(t *testing.T) {
cfg := egressTestConfig()
cfg.InboundConfigs = append(cfg.InboundConfigs,
xray.InboundConfig{Port: panelEgressBasePort, Protocol: "vless", Tag: "in-1"},
xray.InboundConfig{Port: panelEgressBasePort + 1, Protocol: "vless", Tag: "in-2"},
)
injectPanelEgress(cfg, "direct")
got := cfg.InboundConfigs[len(cfg.InboundConfigs)-1]
if got.Tag != PanelEgressInboundTag || got.Port != panelEgressBasePort+2 {
t.Fatalf("egress inbound must skip taken ports, got %+v", got)
}
}
func TestInjectPanelEgress_TagCollisionSkips(t *testing.T) {
cfg := egressTestConfig()
cfg.InboundConfigs = append(cfg.InboundConfigs,
xray.InboundConfig{Port: 1234, Protocol: "socks", Tag: PanelEgressInboundTag},
)
before := string(cfg.RouterConfig)
injectPanelEgress(cfg, "direct")
if len(cfg.InboundConfigs) != 2 || string(cfg.RouterConfig) != before {
t.Fatal("a user inbound owning the egress tag must make injection a no-op")
}
}
func TestInjectPanelEgress_NoRoutingSection(t *testing.T) {
cfg := egressTestConfig()
cfg.RouterConfig = nil
injectPanelEgress(cfg, "direct")
var routing egressRouting
if err := json.Unmarshal(cfg.RouterConfig, &routing); err != nil {
t.Fatal(err)
}
if len(routing.Rules) != 1 || routing.Rules[0].OutboundTag != "direct" {
t.Fatalf("a routing section must be created with the egress rule, got %+v", routing)
}
if len(cfg.InboundConfigs) != 2 {
t.Fatal("egress inbound must still be appended")
}
}
func TestInjectPanelEgress_BadRoutingSkips(t *testing.T) {
cfg := egressTestConfig()
cfg.RouterConfig = json_util.RawMessage(`{not json`)
injectPanelEgress(cfg, "direct")
if len(cfg.InboundConfigs) != 1 {
t.Fatal("unparsable routing must skip the whole injection, inbound included")
}
if string(cfg.RouterConfig) != `{not json` {
t.Fatal("unparsable routing must be left untouched")
}
}