Files
3x-ui/internal/database/model/model_mtproto_test.go
T
MHSanaei d97bd8643e feat(mtproto): adopt dolonet/mtg-multi and make MTProto inbounds multi-client
Replace the upstream 9seconds/mtg sidecar with the dolonet/mtg-multi fork so a single MTProto inbound can serve many per-user secrets. Each panel client is now one named FakeTLS secret in the fork's [secrets] section: clients are first-class (attach/detach, limits, expiry, per-client tg:// links) exactly like every other protocol, mirroring the WireGuard multi-client model. Per-client traffic and online status come from the fork's /stats JSON API (its Prometheus output has no per-user label), fed into the existing email-keyed client_traffics accumulator; an optional throttle caps concurrent connections. A one-time seeder converts each legacy single-secret inbound into a one-client inbound.

The fork ships only linux/darwin amd64/arm64 binaries but is pure Go, so provisioning builds it from source for every supported platform (release.yml, DockerInit.sh) while keeping the panel-expected mtg-<os>-<arch> filename and the 'run' verb, so process.go is untouched. Also fixes a pre-existing update.sh gap that never renamed the mtg binary for armv6/armv7 updates.
2026-07-06 16:04:32 +02:00

109 lines
3.6 KiB
Go

package model
import (
"encoding/hex"
"encoding/json"
"strings"
"testing"
)
func TestGenerateFakeTLSSecret(t *testing.T) {
domain := "www.cloudflare.com"
s := GenerateFakeTLSSecret(domain)
if !strings.HasPrefix(s, "ee") {
t.Fatalf("secret must start with ee, got %q", s)
}
wantSuffix := hex.EncodeToString([]byte(domain))
if !strings.HasSuffix(s, wantSuffix) {
t.Fatalf("secret must end with hex(domain) %q, got %q", wantSuffix, s)
}
if len(s) != 2+32+len(wantSuffix) {
t.Fatalf("unexpected secret length %d", len(s))
}
if _, err := hex.DecodeString(s[2:34]); err != nil {
t.Fatalf("middle is not valid hex: %v", err)
}
}
func TestHealMtprotoSecret(t *testing.T) {
domain := "example.com"
suffix := hex.EncodeToString([]byte(domain))
in := `{"fakeTlsDomain":"example.com","secret":""}`
out, changed := HealMtprotoSecret(in)
if !changed {
t.Fatal("expected heal to populate an empty secret")
}
var parsed map[string]any
if err := json.Unmarshal([]byte(out), &parsed); err != nil {
t.Fatalf("healed settings not valid json: %v", err)
}
got, _ := parsed["secret"].(string)
if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, suffix) {
t.Fatalf("healed secret malformed: %q", got)
}
if _, changed2 := HealMtprotoSecret(out); changed2 {
t.Fatal("expected no change for an already-valid secret")
}
mid := got[2:34]
newDomain := "telegram.org"
in3 := `{"fakeTlsDomain":"telegram.org","secret":"` + got + `"}`
out3, changed3 := HealMtprotoSecret(in3)
if !changed3 {
t.Fatal("expected heal to rewrite the domain suffix")
}
if err := json.Unmarshal([]byte(out3), &parsed); err != nil {
t.Fatalf("healed settings not valid json: %v", err)
}
got3, _ := parsed["secret"].(string)
if got3[2:34] != mid {
t.Fatalf("random middle should be preserved on domain change: %q vs %q", got3[2:34], mid)
}
if !strings.HasSuffix(got3, hex.EncodeToString([]byte(newDomain))) {
t.Fatalf("suffix not updated for new domain: %q", got3)
}
if _, changed4 := HealMtprotoSecret(`{"secret":"ee"}`); changed4 {
t.Fatal("expected no change when fakeTlsDomain is missing")
}
}
func TestHealMtprotoClientSecrets(t *testing.T) {
// An empty client secret is filled from the inbound-level default domain.
in := `{"fakeTlsDomain":"a.com","clients":[{"email":"x","secret":""}]}`
out, changed := HealMtprotoClientSecrets(in)
if !changed {
t.Fatal("expected an empty client secret to be filled")
}
var parsed map[string]any
if err := json.Unmarshal([]byte(out), &parsed); err != nil {
t.Fatalf("healed settings not valid json: %v", err)
}
clients := parsed["clients"].([]any)
got := clients[0].(map[string]any)["secret"].(string)
if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, hex.EncodeToString([]byte("a.com"))) {
t.Fatalf("filled client secret malformed: %q", got)
}
// Healing is idempotent once every client secret is valid.
if _, changed2 := HealMtprotoClientSecrets(out); changed2 {
t.Fatal("expected no change for already-valid client secrets")
}
// A client's own embedded domain is preserved even when it differs from the
// inbound-level default (per-client domain fronting).
own := "ee00112233445566778899aabbccddeeff" + hex.EncodeToString([]byte("b.com"))
in3 := `{"fakeTlsDomain":"a.com","clients":[{"email":"y","secret":"` + own + `"}]}`
out3, changed3 := HealMtprotoClientSecrets(in3)
if changed3 {
t.Fatalf("a valid per-client secret must be left untouched, got %q", out3)
}
// No clients array — nothing to heal.
if _, changed4 := HealMtprotoClientSecrets(`{"fakeTlsDomain":"a.com"}`); changed4 {
t.Fatal("expected no change when there are no clients")
}
}