mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-07 13:24:21 +00:00
d97bd8643e
Replace the upstream 9seconds/mtg sidecar with the dolonet/mtg-multi fork so a single MTProto inbound can serve many per-user secrets. Each panel client is now one named FakeTLS secret in the fork's [secrets] section: clients are first-class (attach/detach, limits, expiry, per-client tg:// links) exactly like every other protocol, mirroring the WireGuard multi-client model. Per-client traffic and online status come from the fork's /stats JSON API (its Prometheus output has no per-user label), fed into the existing email-keyed client_traffics accumulator; an optional throttle caps concurrent connections. A one-time seeder converts each legacy single-secret inbound into a one-client inbound. The fork ships only linux/darwin amd64/arm64 binaries but is pure Go, so provisioning builds it from source for every supported platform (release.yml, DockerInit.sh) while keeping the panel-expected mtg-<os>-<arch> filename and the 'run' verb, so process.go is untouched. Also fixes a pre-existing update.sh gap that never renamed the mtg binary for armv6/armv7 updates.
109 lines
3.6 KiB
Go
109 lines
3.6 KiB
Go
package model
|
|
|
|
import (
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestGenerateFakeTLSSecret(t *testing.T) {
|
|
domain := "www.cloudflare.com"
|
|
s := GenerateFakeTLSSecret(domain)
|
|
if !strings.HasPrefix(s, "ee") {
|
|
t.Fatalf("secret must start with ee, got %q", s)
|
|
}
|
|
wantSuffix := hex.EncodeToString([]byte(domain))
|
|
if !strings.HasSuffix(s, wantSuffix) {
|
|
t.Fatalf("secret must end with hex(domain) %q, got %q", wantSuffix, s)
|
|
}
|
|
if len(s) != 2+32+len(wantSuffix) {
|
|
t.Fatalf("unexpected secret length %d", len(s))
|
|
}
|
|
if _, err := hex.DecodeString(s[2:34]); err != nil {
|
|
t.Fatalf("middle is not valid hex: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestHealMtprotoSecret(t *testing.T) {
|
|
domain := "example.com"
|
|
suffix := hex.EncodeToString([]byte(domain))
|
|
|
|
in := `{"fakeTlsDomain":"example.com","secret":""}`
|
|
out, changed := HealMtprotoSecret(in)
|
|
if !changed {
|
|
t.Fatal("expected heal to populate an empty secret")
|
|
}
|
|
var parsed map[string]any
|
|
if err := json.Unmarshal([]byte(out), &parsed); err != nil {
|
|
t.Fatalf("healed settings not valid json: %v", err)
|
|
}
|
|
got, _ := parsed["secret"].(string)
|
|
if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, suffix) {
|
|
t.Fatalf("healed secret malformed: %q", got)
|
|
}
|
|
|
|
if _, changed2 := HealMtprotoSecret(out); changed2 {
|
|
t.Fatal("expected no change for an already-valid secret")
|
|
}
|
|
|
|
mid := got[2:34]
|
|
newDomain := "telegram.org"
|
|
in3 := `{"fakeTlsDomain":"telegram.org","secret":"` + got + `"}`
|
|
out3, changed3 := HealMtprotoSecret(in3)
|
|
if !changed3 {
|
|
t.Fatal("expected heal to rewrite the domain suffix")
|
|
}
|
|
if err := json.Unmarshal([]byte(out3), &parsed); err != nil {
|
|
t.Fatalf("healed settings not valid json: %v", err)
|
|
}
|
|
got3, _ := parsed["secret"].(string)
|
|
if got3[2:34] != mid {
|
|
t.Fatalf("random middle should be preserved on domain change: %q vs %q", got3[2:34], mid)
|
|
}
|
|
if !strings.HasSuffix(got3, hex.EncodeToString([]byte(newDomain))) {
|
|
t.Fatalf("suffix not updated for new domain: %q", got3)
|
|
}
|
|
|
|
if _, changed4 := HealMtprotoSecret(`{"secret":"ee"}`); changed4 {
|
|
t.Fatal("expected no change when fakeTlsDomain is missing")
|
|
}
|
|
}
|
|
|
|
func TestHealMtprotoClientSecrets(t *testing.T) {
|
|
// An empty client secret is filled from the inbound-level default domain.
|
|
in := `{"fakeTlsDomain":"a.com","clients":[{"email":"x","secret":""}]}`
|
|
out, changed := HealMtprotoClientSecrets(in)
|
|
if !changed {
|
|
t.Fatal("expected an empty client secret to be filled")
|
|
}
|
|
var parsed map[string]any
|
|
if err := json.Unmarshal([]byte(out), &parsed); err != nil {
|
|
t.Fatalf("healed settings not valid json: %v", err)
|
|
}
|
|
clients := parsed["clients"].([]any)
|
|
got := clients[0].(map[string]any)["secret"].(string)
|
|
if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, hex.EncodeToString([]byte("a.com"))) {
|
|
t.Fatalf("filled client secret malformed: %q", got)
|
|
}
|
|
|
|
// Healing is idempotent once every client secret is valid.
|
|
if _, changed2 := HealMtprotoClientSecrets(out); changed2 {
|
|
t.Fatal("expected no change for already-valid client secrets")
|
|
}
|
|
|
|
// A client's own embedded domain is preserved even when it differs from the
|
|
// inbound-level default (per-client domain fronting).
|
|
own := "ee00112233445566778899aabbccddeeff" + hex.EncodeToString([]byte("b.com"))
|
|
in3 := `{"fakeTlsDomain":"a.com","clients":[{"email":"y","secret":"` + own + `"}]}`
|
|
out3, changed3 := HealMtprotoClientSecrets(in3)
|
|
if changed3 {
|
|
t.Fatalf("a valid per-client secret must be left untouched, got %q", out3)
|
|
}
|
|
|
|
// No clients array — nothing to heal.
|
|
if _, changed4 := HealMtprotoClientSecrets(`{"fakeTlsDomain":"a.com"}`); changed4 {
|
|
t.Fatal("expected no change when there are no clients")
|
|
}
|
|
}
|