mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-06-28 16:44:21 +00:00
Rouzbeh†
abf6b8799e
* feat: add support for subscription-based outbounds with auto-update
- New OutboundSubscription model (full support on both SQLite and PostgreSQL)
- Go subscription link parser (vmess/vless/trojan/ss/hysteria2/wireguard) matching frontend behavior
- Stable tag assignment across refreshes (designed for balancer + routing use)
- Runtime merge of subscription outbounds into Xray config (additive only)
- Full CRUD + manual refresh + preview API
- Background auto-update job (per-subscription interval)
- Frontend management UI in Outbounds tab (Subscriptions drawer) + tag integration in balancers/routing rules
- Proper dual-database support including CLI migration path
Review & hardening notes:
- Fixed merge logic bug that could drop manual outbounds
- Added SSRF/private-IP protection on subscription URLs using SanitizePublicHTTPURL
- Improved update interval UX (hours + minutes)
- Auto-fetch on first subscription creation
- Added detailed comments on tag stability strategy and balancer implications when servers are added/removed/rotated
- Updated migrationModels() for CLI migrate-db support
* fix: resolve frontend lint/type errors and Go build break
Frontend (eslint + tsc clean):
- Destructure subscriptionOutboundTags prop in RoutingTab and
BalancersTab. It was declared in the interface and used in useMemo
but never destructured, so it resolved as an unresolved global
(react-hooks warning + tsc "Cannot find name"). The prop is passed
by XrayPage, so the feature was silently inert.
- OutboundsTab: remove unused useEffect import, add an OutboundSub
type to replace any[] state and the any/any table render signature,
type the subscriptionOutbounds cast, and replace unused catch (e)
bindings with parameter-less catch. Also type HttpUtil.post as
OutboundSub so r.obj?.id type-checks.
Backend (go build clean):
- outbound_subscription_job: websocket.MessageTypeXray is undefined;
use the existing MessageTypeOutbounds since the job refreshes
outbound subscriptions.
* fix(xray): make outbound subscription creation work end-to-end
- Correct API paths from /panel/xray/outbound-subs to
/panel/api/xray/outbound-subs. The controller is mounted under
/panel/api, so the old paths hit the SPA page route (GET-only)
and 404'd on POST.
- Send the create-subscription body as a plain object instead of
URLSearchParams. The axios request interceptor serializes bodies
with qs.stringify, which can't read URLSearchParams' internal
storage and produced an empty body, so the backend rejected it
with "subscription URL is required".
- Use message.useMessage() + context holder instead of the static
antd message API (resolves the "Static function can not consume
context" warning), matching XrayPage's pattern.
- Migrate the subscriptions Drawer to antd v6 props: width -> size,
destroyOnClose -> destroyOnHidden, and Space direction -> orientation.
* feat(xray): show traffic/test for subscription outbounds; harden + test the feature
Display (the reported issue):
- Replace the flat read-only pills with a proper read-only table (desktop)
and cards (mobile) in a new SubscriptionOutbounds component, showing
Address, Protocol, Traffic (matched by tag — already collected by Xray),
and a Test button with Latency. No edit/delete/move (read-only).
- Test subscription outbounds via the existing /testOutbound endpoint, with
results keyed by tag (subscriptionTestStates + testSubscriptionOutbound in
useXraySetting, wired through XrayPage). Generalize isTesting/testResult to
a string|number key so the same helpers serve index- and tag-keyed states.
i18n:
- Replace all hardcoded English subscription strings with t() calls and add
pages.xray.outboundSub.* keys to en-US.json (other locales fall back).
Backend hardening + tests:
- xray.go: drop the tautological `subSvc != nil` check.
- outbound_subscription: re-validate every redirect hop against private/
internal addresses (CheckRedirect) and cap the redirect chain, closing an
SSRF gap where only the initial host was checked.
- Extract assignStableTags as a pure function and add unit tests for tag
stability and SSRF rejection (the feature previously had no tests).
Misc:
- gofmt util/link/outbound.go (it was not gofmt-clean).
* fix(xray): make outbound-subs feature pass CI (test compile, route docs, openapi)
- outbound_test.go: remove unused `inner`/`lines` variables that broke the
`util/link` test build (declared and not used).
- Document the 7 outbound-subscription routes in endpoints.ts (list, create,
update, delete, del alias, refresh, parse) so TestAPIRoutesDocumented passes.
- Regenerate frontend/public/openapi.json (npm run gen) to include the new
endpoints, satisfying the codegen freshness check.
* feat(xray): per-subscription allow-private, gap-filled tags, UI tweaks, delete refresh
Backend:
- Add a per-subscription AllowPrivate flag (default off). Create/Update/refresh
and the redirect check sanitize the URL with it, so localhost/LAN sources work
only when explicitly opted in; the SSRF guard still blocks private targets by
default. Controller reads the allowPrivate form field on create/update/parse.
- Default outbound tag prefix now uses the smallest free "subN-" number instead
of the auto-increment id, so deleting a subscription frees its number for reuse
(a fresh start gives sub1) while staying stable per subscription. Extracted a
pure defaultPrefixNumber() with unit tests.
- deleteOutboundSub now signals SetToNeedRestart so xray drops the outbounds.
Frontend:
- "Allow private address" toggle in the add form (sends allowPrivate).
- Delete now refreshes the xray view immediately (no manual page reload).
- Subscriptions manager opens as a centered Modal instead of a right-side Drawer.
- Move Outbounds to a top-level sidebar item under Nodes (out of Xray Configs).
- Collapse WARP/NordVPN into a "more" dropdown.
- Document the allowPrivate param in endpoints.ts.
* i18n(xray): translate outbound-subscription UI into all locales
- Translate the pages.xray.outboundSub.* strings (and allowPrivate label/hint)
into all 12 non-English locales, matching each file's existing terminology.
- Remove the unused outboundSub.add ("Add subscription") key from every locale.
* feat: add custom subscription page template support
Allow panel admins to use a custom HTML template for the subscription
page instead of the default React-based SPA.
Changes
-------
Backend
- web/service/setting.go: Add subThemeDir setting (default: empty)
with a getter GetSubThemeDir().
- web/entity/entity.go: Add SubThemeDir field to AllSetting.
- sub/subController.go: In serveSubPage, before falling back to the
embedded SPA, check if subThemeDir is set and the directory exists.
Look for sub.html first, then index.html. Parse with Go html/template
and execute, injecting all standard page variables as template context.
On any parse/execute error, log and fall through to the default page.
Two backward-compat aliases added to the template data map:
- result = links (for tx-ui v2 templates using {{ range .result }})
- jsonUrl = subJsonUrl
Frontend
- frontend/src/models/setting.ts: Add subThemeDir = '' to AllSetting.
- frontend/src/pages/settings/SubscriptionGeneralTab.tsx: Add a Sub
Theme Directory input in Subscription settings.
Templates
- sub_templates/README.md: Full authoring guide with all variables.
- sub_templates/tx-ui/index.html: The tx-ui subscription page template
migrated from v2 to v3 data shape.
Credits
-------
Bundled tx-ui template from AghayeCoder: https://github.com/AghayeCoder/tx-ui
* chore: regenerate OpenAPI schemas and types for custom sub-template feature
* feat(xray): subscription manager — edit, reorder/priority, status, preview, refresh-all
Backend:
- Per-subscription Priority + Prepend: subscriptions are ordered by Priority and
placed before (Prepend) or after the manual template outbounds in the merge, so
a subscription server can become the default. New Move(up/down) endpoint
re-normalizes priorities; merge split into prepend/template/append.
- List now returns a derived OutboundCount and orders by priority, and strips the
heavy LastFetchedOutbounds/LinkIdentities blobs from the list payload.
- Create/Update accept the prepend flag; new subs append at the end of priority.
Frontend (Outbound Subscriptions modal):
- Edit existing subscriptions (reuses the form + Update endpoint).
- Inline enable/disable Switch, Status column (OK / error tooltip), Outbounds
count column, per-row refresh spinner, "Refresh all" button.
- Reorder (move up/down) controls + a "Before manual outbounds" toggle.
- Preview button: fetch+parse a URL via /parse without saving.
- Document the move route + prepend param in endpoints.ts; regenerate openapi.json.
* i18n(xray): translate new subscription-manager strings into all locales
Add the prepend/prependHint, preview/previewEmpty, refreshAll, statusOk and
toastUpdated keys to all 12 non-English locales, matching each file's terminology.
* refactor(sub): harden custom template rendering, drop bundled tx-ui template
Builds on the custom subscription page template feature.
Rendering hardening (sub/subController.go):
- Render the custom template into a buffer and only write the response on
success. Previously template.Execute wrote straight to the ResponseWriter,
so a mid-render failure left a partially-written body and then fell through
to the default page, corrupting the response (superfluous WriteHeader).
- Cache parsed templates keyed by path, invalidated by file mtime, so each
subscription page load no longer re-reads and re-parses the file from disk;
admin edits are still picked up automatically.
- Verify the configured path is a directory (IsDir) and log a Warning when it
is set but unusable / an Error when a template fails to parse, instead of
silently falling back.
- Expose two new template variables: subTitle and subSupportUrl.
Cleanup:
- Remove the bundled tx-ui template and all tx-ui / AghayeCoder references
(including the result/jsonUrl v2-compat aliases); use a generic my-theme
example path in docs/UI/translation.
- i18n the "Sub Theme Directory" setting (en-US subThemeDir/subThemeDirDesc)
instead of hardcoded English.
- Fix README: expire is seconds (not ms), lastOnline is ms; correct the
settings tab name; note templates are admin-provided, not bundled/deployed.
Tests:
- Add sub/subController_test.go covering loadSubTemplate: render, sub.html
precedence, fallback cases, malformed template, and mtime cache invalidation.
Verified end-to-end in Docker: custom template renders with all variables,
all fallback paths return the clean default page (no corruption), and the
mtime cache reflects live edits.
* i18n(settings): translate subThemeDir into all locales
Add the subThemeDir / subThemeDirDesc keys (Sub Theme Directory setting) to
all 12 non-English locales, matching each file's existing terminology. They
previously fell back to en-US.
---------
Co-authored-by: MHSanaei <ho3ein.sanaei@gmail.com>
Co-authored-by: Rqzbeh <rqzbeh@users.noreply.github.com>
244 lines
14 KiB
Go
244 lines
14 KiB
Go
// Package entity defines data structures and entities used by the web layer of the 3x-ui panel.
|
|
package entity
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"math"
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/mhsanaei/3x-ui/v3/util/common"
|
|
)
|
|
|
|
// Msg represents a standard API response message with success status, message text, and optional data object.
|
|
type Msg struct {
|
|
Success bool `json:"success"` // Indicates if the operation was successful
|
|
Msg string `json:"msg"` // Response message text
|
|
Obj any `json:"obj"` // Optional data object
|
|
}
|
|
|
|
// AllSetting contains all configuration settings for the 3x-ui panel including web server, Telegram bot, and subscription settings.
|
|
type AllSetting struct {
|
|
// Web server settings
|
|
WebListen string `json:"webListen" form:"webListen"` // Web server listen IP address
|
|
WebDomain string `json:"webDomain" form:"webDomain"` // Web server domain for domain validation
|
|
WebPort int `json:"webPort" form:"webPort" validate:"gte=1,lte=65535"` // Web server port number
|
|
WebCertFile string `json:"webCertFile" form:"webCertFile"` // Path to SSL certificate file for web server
|
|
WebKeyFile string `json:"webKeyFile" form:"webKeyFile"` // Path to SSL private key file for web server
|
|
WebBasePath string `json:"webBasePath" form:"webBasePath"` // Base path for web panel URLs
|
|
SessionMaxAge int `json:"sessionMaxAge" form:"sessionMaxAge" validate:"gte=1,lte=525600"` // Session maximum age in minutes (cap at one year)
|
|
TrustedProxyCIDRs string `json:"trustedProxyCIDRs" form:"trustedProxyCIDRs"` // Trusted reverse proxy IPs/CIDRs for forwarded headers
|
|
PanelProxy string `json:"panelProxy" form:"panelProxy"` // Proxy URL for the panel's own outbound requests (GitHub/Telegram)
|
|
|
|
// UI settings
|
|
PageSize int `json:"pageSize" form:"pageSize" validate:"gte=0,lte=1000"` // Number of items per page in lists (0 disables pagination)
|
|
ExpireDiff int `json:"expireDiff" form:"expireDiff" validate:"gte=0"` // Expiration warning threshold in days
|
|
TrafficDiff int `json:"trafficDiff" form:"trafficDiff" validate:"gte=0,lte=100"` // Traffic warning threshold percentage
|
|
RemarkModel string `json:"remarkModel" form:"remarkModel"` // Remark model pattern for inbounds
|
|
Datepicker string `json:"datepicker" form:"datepicker"` // Date picker format
|
|
|
|
// Telegram bot settings
|
|
TgBotEnable bool `json:"tgBotEnable" form:"tgBotEnable"` // Enable Telegram bot notifications
|
|
TgBotToken string `json:"tgBotToken" form:"tgBotToken"` // Telegram bot token
|
|
TgBotProxy string `json:"tgBotProxy" form:"tgBotProxy"` // Proxy URL for Telegram bot
|
|
TgBotAPIServer string `json:"tgBotAPIServer" form:"tgBotAPIServer"` // Custom API server for Telegram bot
|
|
TgBotChatId string `json:"tgBotChatId" form:"tgBotChatId"` // Telegram chat ID for notifications
|
|
TgRunTime string `json:"tgRunTime" form:"tgRunTime"` // Cron schedule for Telegram notifications
|
|
TgBotBackup bool `json:"tgBotBackup" form:"tgBotBackup"` // Enable database backup via Telegram
|
|
TgBotLoginNotify bool `json:"tgBotLoginNotify" form:"tgBotLoginNotify"` // Send login notifications
|
|
TgCpu int `json:"tgCpu" form:"tgCpu" validate:"gte=0,lte=100"` // CPU usage threshold for alerts (percent)
|
|
TgLang string `json:"tgLang" form:"tgLang"` // Telegram bot language
|
|
|
|
// Security settings
|
|
TimeLocation string `json:"timeLocation" form:"timeLocation"` // Time zone location
|
|
TwoFactorEnable bool `json:"twoFactorEnable" form:"twoFactorEnable"` // Enable two-factor authentication
|
|
TwoFactorToken string `json:"twoFactorToken" form:"twoFactorToken"` // Two-factor authentication token
|
|
|
|
// Subscription server settings
|
|
SubEnable bool `json:"subEnable" form:"subEnable"` // Enable subscription server
|
|
SubJsonEnable bool `json:"subJsonEnable" form:"subJsonEnable"` // Enable JSON subscription endpoint
|
|
SubTitle string `json:"subTitle" form:"subTitle"` // Subscription title
|
|
SubSupportUrl string `json:"subSupportUrl" form:"subSupportUrl"` // Subscription support URL
|
|
SubProfileUrl string `json:"subProfileUrl" form:"subProfileUrl"` // Subscription profile URL
|
|
SubAnnounce string `json:"subAnnounce" form:"subAnnounce"` // Subscription announce
|
|
SubEnableRouting bool `json:"subEnableRouting" form:"subEnableRouting"` // Enable routing for subscription
|
|
SubRoutingRules string `json:"subRoutingRules" form:"subRoutingRules"` // Subscription global routing rules (Only for Happ)
|
|
SubListen string `json:"subListen" form:"subListen"` // Subscription server listen IP
|
|
SubPort int `json:"subPort" form:"subPort" validate:"gte=1,lte=65535"` // Subscription server port
|
|
SubPath string `json:"subPath" form:"subPath"` // Base path for subscription URLs
|
|
SubDomain string `json:"subDomain" form:"subDomain"` // Domain for subscription server validation
|
|
SubCertFile string `json:"subCertFile" form:"subCertFile"` // SSL certificate file for subscription server
|
|
SubKeyFile string `json:"subKeyFile" form:"subKeyFile"` // SSL private key file for subscription server
|
|
SubUpdates int `json:"subUpdates" form:"subUpdates" validate:"gte=0,lte=525600"` // Subscription update interval in minutes
|
|
ExternalTrafficInformEnable bool `json:"externalTrafficInformEnable" form:"externalTrafficInformEnable"` // Enable external traffic reporting
|
|
ExternalTrafficInformURI string `json:"externalTrafficInformURI" form:"externalTrafficInformURI"` // URI for external traffic reporting
|
|
RestartXrayOnClientDisable bool `json:"restartXrayOnClientDisable" form:"restartXrayOnClientDisable"` // Restart Xray when clients are auto-disabled by expiry/traffic limit
|
|
SubEncrypt bool `json:"subEncrypt" form:"subEncrypt"` // Encrypt subscription responses
|
|
SubShowInfo bool `json:"subShowInfo" form:"subShowInfo"` // Show client information in subscriptions
|
|
SubEmailInRemark bool `json:"subEmailInRemark" form:"subEmailInRemark"` // Include email in subscription remark/name
|
|
SubURI string `json:"subURI" form:"subURI"` // Subscription server URI
|
|
SubJsonPath string `json:"subJsonPath" form:"subJsonPath"` // Path for JSON subscription endpoint
|
|
SubJsonURI string `json:"subJsonURI" form:"subJsonURI"` // JSON subscription server URI
|
|
SubClashEnable bool `json:"subClashEnable" form:"subClashEnable"` // Enable Clash/Mihomo subscription endpoint
|
|
SubClashPath string `json:"subClashPath" form:"subClashPath"` // Path for Clash/Mihomo subscription endpoint
|
|
SubClashURI string `json:"subClashURI" form:"subClashURI"` // Clash/Mihomo subscription server URI
|
|
SubClashEnableRouting bool `json:"subClashEnableRouting" form:"subClashEnableRouting"` // Enable global routing rules for Clash/Mihomo
|
|
SubClashRules string `json:"subClashRules" form:"subClashRules"` // Clash/Mihomo global routing rules
|
|
SubJsonMux string `json:"subJsonMux" form:"subJsonMux"` // JSON subscription mux configuration
|
|
SubJsonRules string `json:"subJsonRules" form:"subJsonRules"`
|
|
SubJsonFinalMask string `json:"subJsonFinalMask" form:"subJsonFinalMask"` // JSON subscription global finalmask (tcp/udp masks + quicParams)
|
|
SubThemeDir string `json:"subThemeDir" form:"subThemeDir"` // Absolute path to a folder containing a custom subscription page template
|
|
|
|
// LDAP settings
|
|
LdapEnable bool `json:"ldapEnable" form:"ldapEnable"`
|
|
LdapHost string `json:"ldapHost" form:"ldapHost"`
|
|
LdapPort int `json:"ldapPort" form:"ldapPort" validate:"gte=0,lte=65535"`
|
|
LdapUseTLS bool `json:"ldapUseTLS" form:"ldapUseTLS"`
|
|
LdapBindDN string `json:"ldapBindDN" form:"ldapBindDN"`
|
|
LdapPassword string `json:"ldapPassword" form:"ldapPassword"`
|
|
LdapBaseDN string `json:"ldapBaseDN" form:"ldapBaseDN"`
|
|
LdapUserFilter string `json:"ldapUserFilter" form:"ldapUserFilter"`
|
|
LdapUserAttr string `json:"ldapUserAttr" form:"ldapUserAttr"` // e.g., mail or uid
|
|
LdapVlessField string `json:"ldapVlessField" form:"ldapVlessField"`
|
|
LdapSyncCron string `json:"ldapSyncCron" form:"ldapSyncCron"`
|
|
// Generic flag configuration
|
|
LdapFlagField string `json:"ldapFlagField" form:"ldapFlagField"`
|
|
LdapTruthyValues string `json:"ldapTruthyValues" form:"ldapTruthyValues"`
|
|
LdapInvertFlag bool `json:"ldapInvertFlag" form:"ldapInvertFlag"`
|
|
LdapInboundTags string `json:"ldapInboundTags" form:"ldapInboundTags"`
|
|
LdapAutoCreate bool `json:"ldapAutoCreate" form:"ldapAutoCreate"`
|
|
LdapAutoDelete bool `json:"ldapAutoDelete" form:"ldapAutoDelete"`
|
|
LdapDefaultTotalGB int `json:"ldapDefaultTotalGB" form:"ldapDefaultTotalGB" validate:"gte=0"`
|
|
LdapDefaultExpiryDays int `json:"ldapDefaultExpiryDays" form:"ldapDefaultExpiryDays" validate:"gte=0"`
|
|
LdapDefaultLimitIP int `json:"ldapDefaultLimitIP" form:"ldapDefaultLimitIP" validate:"gte=0"`
|
|
// JSON subscription routing rules
|
|
}
|
|
|
|
// AllSettingView is the browser-safe settings read model. Secret values
|
|
// are redacted from the embedded write model and represented by presence
|
|
// flags so the UI can show configured/not configured state.
|
|
type AllSettingView struct {
|
|
AllSetting
|
|
|
|
HasTgBotToken bool `json:"hasTgBotToken"`
|
|
HasTwoFactorToken bool `json:"hasTwoFactorToken"`
|
|
HasLdapPassword bool `json:"hasLdapPassword"`
|
|
HasApiToken bool `json:"hasApiToken"`
|
|
HasWarpSecret bool `json:"hasWarpSecret"`
|
|
HasNordSecret bool `json:"hasNordSecret"`
|
|
}
|
|
|
|
// CheckValid validates all settings in the AllSetting struct, checking IP addresses, ports, SSL certificates, and other configuration values.
|
|
func pathHasForbiddenChar(s string) bool {
|
|
for _, r := range s {
|
|
if r == '\\' || r == ' ' || r < 0x20 || r == 0x7f {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (s *AllSetting) CheckValid() error {
|
|
if s.WebListen != "" {
|
|
ip := net.ParseIP(s.WebListen)
|
|
if ip == nil {
|
|
return common.NewError("web listen is not valid ip:", s.WebListen)
|
|
}
|
|
}
|
|
|
|
if s.SubListen != "" {
|
|
ip := net.ParseIP(s.SubListen)
|
|
if ip == nil {
|
|
return common.NewError("Sub listen is not valid ip:", s.SubListen)
|
|
}
|
|
}
|
|
|
|
if s.WebPort <= 0 || s.WebPort > math.MaxUint16 {
|
|
return common.NewError("web port is not a valid port:", s.WebPort)
|
|
}
|
|
|
|
if s.SubPort <= 0 || s.SubPort > math.MaxUint16 {
|
|
return common.NewError("Sub port is not a valid port:", s.SubPort)
|
|
}
|
|
|
|
if (s.SubPort == s.WebPort) && (s.WebListen == s.SubListen) {
|
|
return common.NewError("Sub and Web could not use same ip:port, ", s.SubListen, ":", s.SubPort, " & ", s.WebListen, ":", s.WebPort)
|
|
}
|
|
|
|
if s.WebCertFile != "" || s.WebKeyFile != "" {
|
|
_, err := tls.LoadX509KeyPair(s.WebCertFile, s.WebKeyFile)
|
|
if err != nil {
|
|
return common.NewErrorf("cert file <%v> or key file <%v> invalid: %v", s.WebCertFile, s.WebKeyFile, err)
|
|
}
|
|
}
|
|
|
|
if s.SubCertFile != "" || s.SubKeyFile != "" {
|
|
_, err := tls.LoadX509KeyPair(s.SubCertFile, s.SubKeyFile)
|
|
if err != nil {
|
|
return common.NewErrorf("cert file <%v> or key file <%v> invalid: %v", s.SubCertFile, s.SubKeyFile, err)
|
|
}
|
|
}
|
|
|
|
for _, p := range []struct {
|
|
name string
|
|
value string
|
|
}{
|
|
{"web base path", s.WebBasePath},
|
|
{"subscription path", s.SubPath},
|
|
{"subscription JSON path", s.SubJsonPath},
|
|
{"subscription Clash path", s.SubClashPath},
|
|
} {
|
|
if pathHasForbiddenChar(p.value) {
|
|
return common.NewError("URI path contains an invalid character:", p.name)
|
|
}
|
|
}
|
|
|
|
if !strings.HasPrefix(s.WebBasePath, "/") {
|
|
s.WebBasePath = "/" + s.WebBasePath
|
|
}
|
|
if !strings.HasSuffix(s.WebBasePath, "/") {
|
|
s.WebBasePath += "/"
|
|
}
|
|
if !strings.HasPrefix(s.SubPath, "/") {
|
|
s.SubPath = "/" + s.SubPath
|
|
}
|
|
if !strings.HasSuffix(s.SubPath, "/") {
|
|
s.SubPath += "/"
|
|
}
|
|
|
|
if !strings.HasPrefix(s.SubJsonPath, "/") {
|
|
s.SubJsonPath = "/" + s.SubJsonPath
|
|
}
|
|
if !strings.HasSuffix(s.SubJsonPath, "/") {
|
|
s.SubJsonPath += "/"
|
|
}
|
|
|
|
if !strings.HasPrefix(s.SubClashPath, "/") {
|
|
s.SubClashPath = "/" + s.SubClashPath
|
|
}
|
|
if !strings.HasSuffix(s.SubClashPath, "/") {
|
|
s.SubClashPath += "/"
|
|
}
|
|
|
|
for cidr := range strings.SplitSeq(s.TrustedProxyCIDRs, ",") {
|
|
cidr = strings.TrimSpace(cidr)
|
|
if cidr == "" {
|
|
continue
|
|
}
|
|
if ip := net.ParseIP(cidr); ip != nil {
|
|
continue
|
|
}
|
|
if _, _, err := net.ParseCIDR(cidr); err != nil {
|
|
return common.NewError("trusted proxy CIDR is not valid:", cidr)
|
|
}
|
|
}
|
|
|
|
_, err := time.LoadLocation(s.TimeLocation)
|
|
if err != nil {
|
|
return common.NewError("time location not exist:", s.TimeLocation)
|
|
}
|
|
|
|
return nil
|
|
}
|