mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-10 22:56:06 +00:00
d97bd8643e
Replace the upstream 9seconds/mtg sidecar with the dolonet/mtg-multi fork so a single MTProto inbound can serve many per-user secrets. Each panel client is now one named FakeTLS secret in the fork's [secrets] section: clients are first-class (attach/detach, limits, expiry, per-client tg:// links) exactly like every other protocol, mirroring the WireGuard multi-client model. Per-client traffic and online status come from the fork's /stats JSON API (its Prometheus output has no per-user label), fed into the existing email-keyed client_traffics accumulator; an optional throttle caps concurrent connections. A one-time seeder converts each legacy single-secret inbound into a one-client inbound. The fork ships only linux/darwin amd64/arm64 binaries but is pure Go, so provisioning builds it from source for every supported platform (release.yml, DockerInit.sh) while keeping the panel-expected mtg-<os>-<arch> filename and the 'run' verb, so process.go is untouched. Also fixes a pre-existing update.sh gap that never renamed the mtg binary for armv6/armv7 updates.
144 lines
5.2 KiB
Go
144 lines
5.2 KiB
Go
package service
|
|
|
|
import (
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/mhsanaei/3x-ui/v3/internal/database/model"
|
|
)
|
|
|
|
func TestMtprotoRoutesThroughXray(t *testing.T) {
|
|
cases := map[string]struct {
|
|
ib *model.Inbound
|
|
want bool
|
|
}{
|
|
"routed": {&model.Inbound{Protocol: model.MTProto, Settings: `{"routeThroughXray":true}`}, true},
|
|
"off": {&model.Inbound{Protocol: model.MTProto, Settings: `{"routeThroughXray":false}`}, false},
|
|
"absent": {&model.Inbound{Protocol: model.MTProto, Settings: `{}`}, false},
|
|
"non-mtproto": {&model.Inbound{Protocol: model.VLESS, Settings: `{"routeThroughXray":true}`}, false},
|
|
"bad json": {&model.Inbound{Protocol: model.MTProto, Settings: `{nope`}, false},
|
|
"nil": {nil, false},
|
|
}
|
|
for name, c := range cases {
|
|
if got := mtprotoRoutesThroughXray(c.ib); got != c.want {
|
|
t.Fatalf("%s: got %v want %v", name, got, c.want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func routeXrayPortOf(t *testing.T, settings string) int {
|
|
t.Helper()
|
|
var parsed map[string]any
|
|
if err := json.Unmarshal([]byte(settings), &parsed); err != nil {
|
|
t.Fatalf("settings not valid JSON: %v\n%s", err, settings)
|
|
}
|
|
return settingsRouteXrayPort(parsed)
|
|
}
|
|
|
|
func TestNormalizeMtprotoXrayPort(t *testing.T) {
|
|
s := &InboundService{}
|
|
|
|
// Non-mtproto inbounds are left alone.
|
|
ib := &model.Inbound{Protocol: model.VLESS, Settings: `{"x":1}`}
|
|
if err := s.normalizeMtprotoXrayPort(ib, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if ib.Settings != `{"x":1}` {
|
|
t.Fatalf("non-mtproto settings must be untouched, got %s", ib.Settings)
|
|
}
|
|
|
|
// Routing on with no existing port allocates a fresh one.
|
|
ib = &model.Inbound{Protocol: model.MTProto, Settings: `{"routeThroughXray":true}`}
|
|
if err := s.normalizeMtprotoXrayPort(ib, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if p := routeXrayPortOf(t, ib.Settings); p <= 0 {
|
|
t.Fatalf("a routed inbound must get a port, got %d", p)
|
|
}
|
|
|
|
// On update, the stored port wins over both a missing and a client-echoed
|
|
// value — the backend owns it, so no churn and no client override.
|
|
ib = &model.Inbound{Protocol: model.MTProto, Settings: `{"routeThroughXray":true,"routeXrayPort":99999}`}
|
|
if err := s.normalizeMtprotoXrayPort(ib, `{"routeThroughXray":true,"routeXrayPort":51000}`); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if p := routeXrayPortOf(t, ib.Settings); p != 51000 {
|
|
t.Fatalf("stored port must win, got %d", p)
|
|
}
|
|
|
|
// An already-present port (no old settings) is stable and not re-marshaled.
|
|
const stable = `{"routeThroughXray":true,"routeXrayPort":52000}`
|
|
ib = &model.Inbound{Protocol: model.MTProto, Settings: stable}
|
|
if err := s.normalizeMtprotoXrayPort(ib, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if ib.Settings != stable {
|
|
t.Fatalf("stable settings must pass through untouched, got %s", ib.Settings)
|
|
}
|
|
|
|
// Turning routing off strips both the bridge port and the inert outbound.
|
|
ib = &model.Inbound{Protocol: model.MTProto, Settings: `{"routeThroughXray":false,"routeXrayPort":53000,"outboundTag":"warp"}`}
|
|
if err := s.normalizeMtprotoXrayPort(ib, ""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if p := routeXrayPortOf(t, ib.Settings); p != 0 {
|
|
t.Fatalf("disabling routing must drop the port, got %d", p)
|
|
}
|
|
var parsed map[string]any
|
|
if err := json.Unmarshal([]byte(ib.Settings), &parsed); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if _, ok := parsed["outboundTag"]; ok {
|
|
t.Fatalf("disabling routing must drop the inert outbound tag, got %s", ib.Settings)
|
|
}
|
|
}
|
|
|
|
func TestFillProtocolDefaultsMtproto(t *testing.T) {
|
|
cs := &ClientService{}
|
|
ib := &model.Inbound{Protocol: model.MTProto, Settings: `{"fakeTlsDomain":"example.com"}`}
|
|
|
|
c := &model.Client{Email: "u"}
|
|
if err := cs.fillProtocolDefaults(c, ib); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !strings.HasPrefix(c.Secret, "ee") || !strings.HasSuffix(c.Secret, hex.EncodeToString([]byte("example.com"))) {
|
|
t.Fatalf("mtproto client should get a FakeTLS secret fronting the inbound domain, got %q", c.Secret)
|
|
}
|
|
|
|
// An existing secret is not overwritten.
|
|
pre := &model.Client{Email: "v", Secret: "eepreset"}
|
|
if err := cs.fillProtocolDefaults(pre, ib); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if pre.Secret != "eepreset" {
|
|
t.Fatalf("an existing secret must be preserved, got %q", pre.Secret)
|
|
}
|
|
|
|
// With no inbound domain the default fronting host is used.
|
|
c2 := &model.Client{Email: "w"}
|
|
if err := cs.fillProtocolDefaults(c2, &model.Inbound{Protocol: model.MTProto, Settings: `{}`}); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !strings.HasSuffix(c2.Secret, hex.EncodeToString([]byte(defaultMtprotoDomain))) {
|
|
t.Fatalf("a domainless inbound should front the default host, got %q", c2.Secret)
|
|
}
|
|
}
|
|
|
|
func TestNormalizeMtprotoSecretHealsClients(t *testing.T) {
|
|
s := &InboundService{}
|
|
ib := &model.Inbound{Protocol: model.MTProto, Settings: `{"fakeTlsDomain":"a.com","clients":[{"email":"x","secret":""}]}`}
|
|
s.normalizeMtprotoSecret(ib)
|
|
|
|
var parsed map[string]any
|
|
if err := json.Unmarshal([]byte(ib.Settings), &parsed); err != nil {
|
|
t.Fatalf("healed settings not valid json: %v", err)
|
|
}
|
|
clients := parsed["clients"].([]any)
|
|
got := clients[0].(map[string]any)["secret"].(string)
|
|
if !strings.HasPrefix(got, "ee") || !strings.HasSuffix(got, hex.EncodeToString([]byte("a.com"))) {
|
|
t.Fatalf("client secret should be healed to front the inbound domain, got %q", got)
|
|
}
|
|
}
|