xinyin025/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-28 00:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9c8cd08f90205d449427705e4483e3eb3b790223
3x-ui/internal/database/wireguard_migration_test.go
T
MHSanaei 9c8cd08f90 feat(wireguard): multi-client support 
WireGuard inbounds now manage per-client peers using xray-core's native WireGuard users (AddUser/RemoveUser). Each client lives in settings.clients (canonical, like every other protocol) and is projected to peers[] only when emitting the xray config, at level 0 so the dispatcher's per-user traffic/online counters work with no extra plumbing.

Backend: internal/util/wireguard gains KeyToHex (base64 to hex for the gRPC path), PublicKeyFromPrivate and GenerateWireguardPSK; xray/api.go builds a wireguard account in AddUser with hex keys (RemoveUser already worked); client CRUD generates a keypair and allocates a unique tunnel address per client and never rotates keys on edit; an idempotent migration converts legacy settings.peers into managed clients; WireGuard is included in the raw subscription.

Frontend: WireGuard in the add-client modal with keys on the credential tab, client schema, per-client QR/link/.conf, inbound form reduced to server settings; i18n added across 13 locales.

Fix: guard the settings[clients] assertion in add/update so a legacy WireGuard inbound stored without a clients key no longer panics.
2026-06-28 00:44:38 +02:00

191 lines
5.3 KiB
Go
Raw Blame History

package database
import (
"encoding/json"
"path/filepath"
"testing"
"github.com/mhsanaei/3x-ui/v3/internal/database/model"
)
func initWGMigrationDB(t *testing.T) {
t.Helper()
dbDir := t.TempDir()
t.Setenv("XUI_DB_FOLDER", dbDir)
if err := InitDB(filepath.Join(dbDir, "x-ui.db")); err != nil {
t.Fatalf("InitDB failed: %v", err)
}
t.Cleanup(func() { _ = CloseDB() })
}
func createWGInbound(t *testing.T, remark string, port int, peers []any) *model.Inbound {
t.Helper()
settings, err := json.Marshal(map[string]any{
"secretKey": "c2VjcmV0LWtleS1iYXNlNjQtMzJieXRlcy1wbGFjZWg=",
"mtu": 1420,
"peers": peers,
})
if err != nil {
t.Fatalf("marshal settings: %v", err)
}
in := &model.Inbound{
UserId: 1,
Remark: remark,
Port: port,
Protocol: model.WireGuard,
Settings: string(settings),
Tag: remark,
}
if err := db.Create(in).Error; err != nil {
t.Fatalf("create wg inbound: %v", err)
}
return in
}
func clearWGMigrationHistory(t *testing.T) {
t.Helper()
if err := db.Where("seeder_name = ?", "WireguardPeersToClients").Delete(&model.HistoryOfSeeders{}).Error; err != nil {
t.Fatalf("clear history: %v", err)
}
}
func reloadInboundSettings(t *testing.T, id int) map[string]any {
t.Helper()
var in model.Inbound
if err := db.First(&in, id).Error; err != nil {
t.Fatalf("reload inbound: %v", err)
}
var settings map[string]any
if err := json.Unmarshal([]byte(in.Settings), &settings); err != nil {
t.Fatalf("unmarshal settings: %v", err)
}
return settings
}
func wgPeer(comment, priv, pub, ip string, keepAlive int) any {
m := map[string]any{
"privateKey": priv,
"publicKey": pub,
"allowedIPs": []any{ip},
"keepAlive": keepAlive,
}
if comment != "" {
m["comment"] = comment
}
return m
}
func TestSeedWireguardPeersToClientsCreatesClients(t *testing.T) {
initWGMigrationDB(t)
in := createWGInbound(t, "wg-server", 51820, []any{
wgPeer("laptop", "priv-1", "pub-1", "10.0.0.2/32", 25),
})
clearWGMigrationHistory(t)
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("seedWireguardPeersToClients: %v", err)
}
var rec model.ClientRecord
if err := db.Where("email = ?", "wg-server-laptop").First(&rec).Error; err != nil {
t.Fatalf("migrated client not found: %v", err)
}
if rec.PrivateKey != "priv-1" || rec.PublicKey != "pub-1" || rec.AllowedIPs != "10.0.0.2/32" {
t.Fatalf("wg columns not migrated: %+v", rec)
}
var linkCount int64
db.Model(&model.ClientInbound{}).Where("inbound_id = ? AND client_id = ?", in.Id, rec.Id).Count(&linkCount)
if linkCount != 1 {
t.Fatalf("expected 1 client_inbounds link, got %d", linkCount)
}
settings := reloadInboundSettings(t, in.Id)
if _, ok := settings["peers"]; ok {
t.Fatalf("peers key must be removed from stored settings")
}
clients, ok := settings["clients"].([]any)
if !ok || len(clients) != 1 {
t.Fatalf("settings.clients not written: %v", settings["clients"])
}
if settings["secretKey"] == nil || settings["mtu"] == nil {
t.Fatalf("server fields not preserved: %v", settings)
}
}
func TestSeedWireguardPeersToClientsIdempotent(t *testing.T) {
initWGMigrationDB(t)
in := createWGInbound(t, "wg-idem", 51823, []any{
wgPeer("", "priv-a", "pub-a", "10.0.0.2/32", 0),
})
clearWGMigrationHistory(t)
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("first run: %v", err)
}
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("second run (history gate): %v", err)
}
clearWGMigrationHistory(t)
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("third run (linkCount gate): %v", err)
}
var clientCount int64
db.Model(&model.ClientInbound{}).Where("inbound_id = ?", in.Id).Count(&clientCount)
if clientCount != 1 {
t.Fatalf("expected exactly 1 link after repeated runs, got %d", clientCount)
}
}
func TestSeedWireguardPeersToClientsSkipsNonWireguard(t *testing.T) {
initWGMigrationDB(t)
vless := &model.Inbound{UserId: 1, Port: 41001, Protocol: model.VLESS, Tag: "vless-x", Settings: `{"clients":[]}`}
if err := db.Create(vless).Error; err != nil {
t.Fatalf("create vless: %v", err)
}
clearWGMigrationHistory(t)
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("seed: %v", err)
}
var linkCount int64
db.Model(&model.ClientInbound{}).Where("inbound_id = ?", vless.Id).Count(&linkCount)
if linkCount != 0 {
t.Fatalf("vless inbound must be untouched, got %d links", linkCount)
}
}
func TestSeedWireguardPeersToClientsMultiplePeers(t *testing.T) {
initWGMigrationDB(t)
in := createWGInbound(t, "wg-multi", 51824, []any{
wgPeer("alpha", "p1", "pub1", "10.0.0.2/32", 0),
wgPeer("beta", "p2", "pub2", "10.0.0.3/32", 0),
})
clearWGMigrationHistory(t)
if err := seedWireguardPeersToClients(); err != nil {
t.Fatalf("seed: %v", err)
}
var links []model.ClientInbound
if err := db.Where("inbound_id = ?", in.Id).Find(&links).Error; err != nil {
t.Fatalf("load links: %v", err)
}
if len(links) != 2 {
t.Fatalf("expected 2 links, got %d", len(links))
}
settings := reloadInboundSettings(t, in.Id)
clients := settings["clients"].([]any)
ips := map[string]bool{}
emails := map[string]bool{}
for _, c := range clients {
m := c.(map[string]any)
emails[m["email"].(string)] = true
ip := m["allowedIPs"].([]any)[0].(string)
ips[ip] = true
}
if len(ips) != 2 || len(emails) != 2 {
t.Fatalf("expected distinct emails/ips, got emails=%v ips=%v", emails, ips)
}
}
Reference in New Issue View Git Blame Copy Permalink