mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-06-28 00:24:19 +00:00
Sanaei
41645255f1
* refactor(service): split client.go into focused files
client.go had grown to 4455 lines mixing ~10 responsibilities. Split it
verbatim into cohesive same-package files (no behavior change):
client.go foundation: ClientService, ClientWithAttachments,
ClientCreatePayload, ErrClientNotInInbound, sqlInChunk
client_locks.go inbound mutation locks, delete tombstones, compactOrphans
client_lookup.go read-only lookups (GetByID, List, EffectiveFlow, ...)
client_link.go inbound association sync (SyncInbound, DetachInbound, ...)
client_crud.go single-client CRUD + validation + protocol defaults
client_inbound_apply.go low-level inbound-settings mutators + by-email setters
client_bulk.go bulk attach/detach/adjust/delete/create + DelDepleted
client_traffic.go traffic-reset paths
client_groups.go client group management
client_paging.go paged listing, filtering, sorting, summary
Every declaration moved unchanged (verified: identical func/type/const/var
signature set before vs after). Imports redistributed per file via goimports.
go build ./..., go vet, and go test ./web/service/... all pass.
* refactor(service): split inbound.go into focused files
inbound.go was 4100 lines. Split it verbatim into cohesive same-package
files (no behavior change):
inbound.go core inbound CRUD + InboundService (keeps pkg doc)
inbound_protocol.go protocol / stream capability helpers
inbound_node.go node/runtime/remote coordination + online tracking
inbound_traffic.go traffic accounting, reset, client stats
inbound_client_ips.go per-client IP tracking
inbound_clients.go client lookups within inbounds + copy-clients
inbound_disable.go auto-disable invalid inbounds/clients
inbound_migration.go DB migrations
inbound_sublink.go subscription link providers
inbound_util.go generic slice/string helpers
Identical func/type/const/var signature set before vs after; package doc
comment preserved on inbound.go. Imports redistributed via goimports.
Build, vet, and go test ./web/service/... all pass.
* refactor(service): split tgbot.go into focused files
tgbot.go was 3738 lines dominated by a 1246-line answerCallback. Split it
verbatim into cohesive same-package files (no behavior change):
tgbot.go lifecycle, bot setup, caches, small utils
tgbot_router.go incoming update / command / callback dispatch
tgbot_send.go outbound messaging primitives
tgbot_client.go client views, actions, subscription links
tgbot_inbound.go inbound listing / pickers
tgbot_report.go server usage, exhausted, online, backups, notifications
Identical func/type/const/var signature set before vs after. Imports
redistributed via goimports. Build, vet, and go test ./web/service/... pass.
* refactor(client): dedupe single-field by-email setters
ResetClientIpLimitByEmail, ResetClientExpiryTimeByEmail, and
ResetClientTrafficLimitByEmail shared an identical ~50-line body that
resolves the inbound by email, confirms the client exists, rewrites a
single-client settings payload, and delegates to UpdateInboundClient.
Extract that into applyClientFieldByEmail(inboundSvc, email, mutate) and
reduce each setter to a 3-line wrapper. Behavior is unchanged: same checks
and error strings, same single-client payload contract, same totalGB guard.
SetClientTelegramUserID (resolves by traffic id, different error text) and
ToggleClientEnableByEmail/SetClientEnableByEmail (different return shape and
a pre-read of the old state) intentionally keep their own bodies.
* refactor(service): extract panel/ subpackage
Move the panel-administration leaf services out of the flat service
package into web/service/panel/ (package panel):
user.go UserService (auth / 2FA / LDAP)
panel.go PanelService (restart / self-update) + version helpers
panel_other.go non-unix RestartPanel
panel_unix.go unix RestartPanel
api_token.go ApiTokenService
websocket.go WebSocketService
panel_test.go version/shellQuote unit tests
These are leaves: they depend on core (SettingService, Release) but no
core file references them, so the extraction creates no import cycle.
Core references are now qualified (service.SettingService, service.Release);
callers in main.go, web/web.go, and web/controller/* updated to panel.*.
Build, vet, and go test ./web/... pass.
* refactor(service): extract integration/ subpackage
Move the external-provider integration leaves into web/service/integration/
(package integration):
warp.go WarpService (Cloudflare WARP)
nord.go NordService (NordVPN)
custom_geo.go CustomGeoService (custom geo asset management)
*_test.go custom_geo / panel-proxy tests
These depend on core (SettingService, ServerService, XraySettingService) but
no core file references them. xray_setting.go stays in core because it calls
the unexported SettingService.saveSetting. The shared isBlockedIP SSRF helper
(used by core url_safety.go and by custom_geo) now has a small copy in each
package rather than being exported. Core references qualified; callers in
web/web.go, web/job/*, and web/controller/* updated to integration.*.
Build, vet, and go test ./web/... pass.
* refactor(service): extract tgbot/ subpackage
Move the Telegram bot (6 files + test) into web/service/tgbot/ (package
tgbot). It is a leaf: it embeds five core services (Inbound/Client/Setting/
Server/Xray) and the core never references it, so no import cycle.
To support the package boundary without changing behavior:
- core exposes XrayProcess() *xray.Process so tgbot keeps calling the
exact same running-process methods it used via the package-level `p`;
- three core methods tgbot calls are exported: ClientService.checkIs-
EnabledByEmail -> CheckIsEnabledByEmail, InboundService.getAllEmails ->
GetAllEmails (callers updated in-package);
- tgbot's embedded-field types and the few core type refs (Status,
ClientCreatePayload, SanitizePublicHTTPURL) are now service-qualified.
Callers in main.go, web/web.go, web/job/*, and web/controller/* updated to
tgbot.*. Build, vet, and go test ./web/... pass.
* refactor(service): extract outbound/ subpackage
OutboundService (outbound.go) imports only neutral packages (config,
database, model, xray) and its production code is referenced by no core or
sibling service file — only by web/controller/xray_setting.go and
web/job/xray_traffic_job.go. Move it to web/service/outbound/ (package
outbound); no core qualification needed inside. Callers updated to outbound.*.
The one coupling was a tiny pure test helper, outboundsContainTag, used by
both outbound.go and the core outbound_subscription_test.go; it now has a
small copy in that test file rather than being shared across the boundary.
Build, vet, and go test ./web/... pass.
* refactor(util): move wireguard into its own subpackage
util/wireguard.go was the lone file of the root `util` package (24 lines,
one exported func GenerateWireguardKeypair), while every other util concern
lives in a focused subpackage (util/common, util/crypto, util/netsafe, ...).
Move it to util/wireguard/ (package wireguard) for consistency; its only
importer, web/service/integration/warp.go, is updated. The root `util`
package no longer exists.
* refactor(sub): drop redundant sub prefix from filenames
Inside package sub the subXxx.go prefix just repeats the package name
(like client_*.go did inside service). Rename for consistency; content and
type names are unchanged:
subController.go -> controller.go
subService.go -> service.go
subClashService.go -> clash_service.go
subJsonService.go -> json_service.go
(+ matching _test.go files)
* refactor(controller): rename xui.go -> spa.go
XUIController serves the panel's single-page-app shell; spa.go names that
role plainly (the other controller files are domain-named). File rename only
— the type stays XUIController. api_docs_test.go keys route base paths by
filename, so its "xui.go" case is updated to "spa.go".
* refactor: move backend packages under internal/
Adopt the idiomatic Go application layout: the backend packages now live
under internal/ (a boundary the toolchain enforces), signalling private
implementation instead of a library-style flat root. No runtime behavior
changes — only import paths and a few build/config paths move.
Moved: config, database, logger, mtproto, sub, util, web, xray -> internal/.
main.go stays at the repo root and tools/openapigen stays under tools/ (both
still import internal/* because the internal rule keys off the module root).
The module path github.com/mhsanaei/3x-ui/v3 is unchanged; 149 .go files had
their import prefix rewritten to .../internal/<pkg>.
Couplings the Go compiler can't see, updated to the new layout:
- frontend i18n imports of web/translation (react.ts, setup.components.ts)
- vite outDir + eslint/tsconfig ignore globs -> internal/web/dist
- Dockerfile COPY paths for web/dist and web/translation
- locale.go os.DirFS("web") disk fallback -> "internal/web"
- .gitignore and ci.yml go:embed stub for internal/web/dist
- api_docs_test.go repo-root relative walk (one level deeper)
- tools/openapigen filesystem package paths; ApiTokenView repointed to the
web/service/panel subpackage and codegen regenerated (clears a stale
type the ci.yml codegen check was failing on)
Verified: go build/vet/test (all packages), and frontend typecheck, lint,
vitest (478 tests), and production build into internal/web/dist.
* fix(config): keep test runs from writing logs into the source tree
GetLogFolder() returns a CWD-relative "./log" on Windows. Under `go test`
the working directory is each package's own folder, so InitLogger (called by
tests in web/job, web/service, xray, web/websocket) created stray log/
directories scattered through the source tree (e.g. internal/web/job/log/).
Redirect to a shared temp folder when testing.Testing() reports a test run.
Production behavior is unchanged: Windows still uses ./log next to the binary
and Linux /var/log/x-ui. The log files were always gitignored (*.log) and
never committed; this just stops the noise at the source.
* docs: move subscription-template guide out of root into docs/
sub_templates/ was a top-level folder holding only a README and no actual
templates (3x-ui ships none by design), referenced nowhere and unlinked from
any doc — it read like an empty placeholder cluttering the repo root.
Move the guide to docs/custom-subscription-templates.md (a proper docs home),
reword its intro to read as documentation rather than a folder note, link it
from the Features list in README.md, and drop the empty sub_templates/ folder.
* fix: update stale web/ path references after the internal/ move
The internal/ migration rewrote Go import paths but left some references to
the old top-level layout in docs, comments, and a few runtime disk paths.
Functional (dev-mode only): the disk-serving fallbacks that read the Vite
build from disk when running from source still pointed at web/dist/, which
moved to internal/web/dist/ — so `os.DirFS`/`os.Stat`/`os.ReadFile` in
internal/web/web.go and internal/sub/{sub,controller}.go are corrected.
Production was unaffected (it serves the embedded FS; verified by the Docker
build), but `go run` with a live frontend build silently fell back to embed.
Docs/comments: frontend/README.md, CONTRIBUTING.md, the claude-issue-bot and
release workflows, the openapigen -root help text, and assorted Go comments
now reference internal/web, internal/database, internal/sub, internal/xray,
etc. Package-name mentions (the "web" package), root paths (main.go,
frontend/, install scripts, /etc/x-ui), routes (/panel/api/xray), and the
historical "web/assets no longer exists" note were intentionally left as-is.
* refactor(web): remove the legacy /xui -> /panel redirect middleware
RedirectMiddleware existed only for backward compatibility with the old
`/xui` URL scheme (301-redirecting /xui and /xui/API to /panel and
/panel/api). That cutover was long ago, so drop the middleware, its
registration in initRouter, and the now-inaccurate "URL redirection"
mention in the middleware package doc. Old /xui URLs now 404 like any other
unknown path. HTTPS auto-redirect and auth redirects are unrelated and stay.
* build: fix .dockerignore for internal/ layout and exclude runtime dir
- web/dist -> internal/web/dist: the embedded frontend moved under internal/,
so the stale exclude no longer matched and the locally-built dist could be
sent to the build context (the frontend stage rebuilds it fresh anyway).
- exclude x-ui/: the local runtime directory (SQLite db, geo .dat files, xray
binaries, certs — ~150MB) was being shipped into the build context for no
reason. Verified the pattern excludes only the directory and still keeps
x-ui.sh, which the Dockerfile copies to /usr/bin/x-ui.
1000 lines
30 KiB
Go
1000 lines
30 KiB
Go
package sub
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/mhsanaei/3x-ui/v3/internal/database/model"
|
|
)
|
|
|
|
func TestSubscriptionExpiryFromClient(t *testing.T) {
|
|
const now = int64(1_700_000_000_000)
|
|
const oneDayMs = int64(86_400_000)
|
|
if got := subscriptionExpiryFromClient(now, 0); got != 0 {
|
|
t.Fatalf("zero expiry should stay zero, got %d", got)
|
|
}
|
|
if got := subscriptionExpiryFromClient(now, 1_700_000_000_000); got != 1_700_000_000_000 {
|
|
t.Fatalf("positive expiry should pass through, got %d", got)
|
|
}
|
|
if got := subscriptionExpiryFromClient(now, -oneDayMs); got != now+oneDayMs {
|
|
t.Fatalf("delayed-start expiry should be now+|value|, got %d, want %d", got, now+oneDayMs)
|
|
}
|
|
if a, b := subscriptionExpiryFromClient(now, -oneDayMs), subscriptionExpiryFromClient(now, -oneDayMs); a != b {
|
|
t.Fatalf("same now+value should be deterministic across calls, got %d vs %d (#4545 review)", a, b)
|
|
}
|
|
}
|
|
|
|
func TestFindClientIndex(t *testing.T) {
|
|
clients := []model.Client{
|
|
{Email: "a@example.com"},
|
|
{Email: "b@example.com"},
|
|
{Email: "c@example.com"},
|
|
}
|
|
if got := findClientIndex(clients, "b@example.com"); got != 1 {
|
|
t.Fatalf("findClientIndex middle = %d, want 1", got)
|
|
}
|
|
if got := findClientIndex(clients, "a@example.com"); got != 0 {
|
|
t.Fatalf("findClientIndex first = %d, want 0", got)
|
|
}
|
|
if got := findClientIndex(clients, "missing@example.com"); got != -1 {
|
|
t.Fatalf("findClientIndex missing = %d, want -1", got)
|
|
}
|
|
if got := findClientIndex(nil, "x"); got != -1 {
|
|
t.Fatalf("findClientIndex on nil slice = %d, want -1", got)
|
|
}
|
|
}
|
|
|
|
func TestIsRoutableHost(t *testing.T) {
|
|
routable := []string{"example.com", "sub.example.com", "10.0.0.1", "192.168.1.5", "1.2.3.4", "2001:db8::1"}
|
|
for _, v := range routable {
|
|
if !isRoutableHost(v) {
|
|
t.Fatalf("isRoutableHost(%q) = false, want true", v)
|
|
}
|
|
}
|
|
notRoutable := []string{"", "0.0.0.0", "::", "::0", "127.0.0.1", "127.0.0.2", "::1", "[::1]"}
|
|
for _, v := range notRoutable {
|
|
if isRoutableHost(v) {
|
|
t.Fatalf("isRoutableHost(%q) = true, want false", v)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestListenIsInternalOnly(t *testing.T) {
|
|
// Reachable only from the same host -> a fallback child here must be
|
|
// projected through its master.
|
|
internalOnly := []string{"127.0.0.1", "127.0.0.2", "::1", "[::1]", "@fallback", "/run/x.sock"}
|
|
for _, v := range internalOnly {
|
|
if !listenIsInternalOnly(v) {
|
|
t.Fatalf("listenIsInternalOnly(%q) = false, want true", v)
|
|
}
|
|
}
|
|
// Directly reachable on its own port -> never projected, even if a stale
|
|
// fallback rule names it as a child (#4987).
|
|
reachable := []string{"", "0.0.0.0", "::", "::0", "1.2.3.4", "10.0.0.5", "192.168.1.10", "vpn.example.com"}
|
|
for _, v := range reachable {
|
|
if listenIsInternalOnly(v) {
|
|
t.Fatalf("listenIsInternalOnly(%q) = true, want false", v)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestResolveInboundAddress(t *testing.T) {
|
|
const reqHost = "sub.example.com"
|
|
|
|
// A routable bind Listen (a real IP or hostname the operator set as the
|
|
// inbound's advertised endpoint) becomes the link's connect host.
|
|
t.Run("routable listen is advertised as the link host", func(t *testing.T) {
|
|
s := &SubService{address: reqHost}
|
|
for _, listen := range []string{"1.2.3.4", "10.0.0.5", "192.168.1.10", "203.0.113.7", "vpn.example.com"} {
|
|
ib := &model.Inbound{Listen: listen}
|
|
if got := s.resolveInboundAddress(ib); got != listen {
|
|
t.Fatalf("listen %q: address = %q, want %q (advertised listen)", listen, got, listen)
|
|
}
|
|
}
|
|
})
|
|
|
|
// A loopback/wildcard bind or a unix-domain-socket listen is a
|
|
// server-side detail and must never leak into the link host.
|
|
t.Run("non-routable listen falls back to subscriber host", func(t *testing.T) {
|
|
s := &SubService{address: reqHost}
|
|
for _, listen := range []string{"", "0.0.0.0", "::", "::0", "127.0.0.1", "::1", "@fallback", "/run/x.sock"} {
|
|
ib := &model.Inbound{Listen: listen}
|
|
if got := s.resolveInboundAddress(ib); got != reqHost {
|
|
t.Fatalf("listen %q: address = %q, want %q (subscriber host, not bind detail)", listen, got, reqHost)
|
|
}
|
|
}
|
|
})
|
|
|
|
t.Run("node-managed inbound uses the node address", func(t *testing.T) {
|
|
id := 7
|
|
s := &SubService{
|
|
address: reqHost,
|
|
nodesByID: map[int]*model.Node{7: {Id: 7, Address: "node7.example.com"}},
|
|
}
|
|
ib := &model.Inbound{NodeID: &id, Listen: "1.2.3.4"}
|
|
if got := s.resolveInboundAddress(ib); got != "node7.example.com" {
|
|
t.Fatalf("node-managed address = %q, want node7.example.com", got)
|
|
}
|
|
})
|
|
|
|
t.Run("node id with no known node falls back to subscriber host", func(t *testing.T) {
|
|
id := 9
|
|
s := &SubService{address: reqHost, nodesByID: map[int]*model.Node{}}
|
|
ib := &model.Inbound{NodeID: &id, Listen: "0.0.0.0"}
|
|
if got := s.resolveInboundAddress(ib); got != reqHost {
|
|
t.Fatalf("unknown-node address = %q, want subscriber host %q", got, reqHost)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestUnmarshalStreamSettings(t *testing.T) {
|
|
got := unmarshalStreamSettings(`{"network":"ws","wsSettings":{"path":"/api"}}`)
|
|
if got["network"] != "ws" {
|
|
t.Fatalf("network = %v, want ws", got["network"])
|
|
}
|
|
ws, ok := got["wsSettings"].(map[string]any)
|
|
if !ok || ws["path"] != "/api" {
|
|
t.Fatalf("wsSettings = %v, want map with path=/api", got["wsSettings"])
|
|
}
|
|
}
|
|
|
|
func TestUnmarshalStreamSettings_InvalidJSON(t *testing.T) {
|
|
if got := unmarshalStreamSettings("not json"); got != nil {
|
|
t.Fatalf("invalid JSON should produce nil map, got %#v", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_StringValue(t *testing.T) {
|
|
headers := map[string]any{"Host": "example.com"}
|
|
if got := searchHost(headers); got != "example.com" {
|
|
t.Fatalf("searchHost = %q, want example.com", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_CaseInsensitiveKey(t *testing.T) {
|
|
headers := map[string]any{"host": "example.com"}
|
|
if got := searchHost(headers); got != "example.com" {
|
|
t.Fatalf("searchHost = %q, want example.com", got)
|
|
}
|
|
headers2 := map[string]any{"HOST": "example.com"}
|
|
if got := searchHost(headers2); got != "example.com" {
|
|
t.Fatalf("searchHost uppercase = %q, want example.com", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_ArrayValue(t *testing.T) {
|
|
headers := map[string]any{"Host": []any{"first.example.com", "second.example.com"}}
|
|
if got := searchHost(headers); got != "first.example.com" {
|
|
t.Fatalf("searchHost array = %q, want first.example.com", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_EmptyArray(t *testing.T) {
|
|
headers := map[string]any{"Host": []any{}}
|
|
if got := searchHost(headers); got != "" {
|
|
t.Fatalf("searchHost empty array = %q, want empty", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_NoHostKey(t *testing.T) {
|
|
headers := map[string]any{"X-Other": "value"}
|
|
if got := searchHost(headers); got != "" {
|
|
t.Fatalf("searchHost no host = %q, want empty", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchHost_NotAMap(t *testing.T) {
|
|
if got := searchHost("not a map"); got != "" {
|
|
t.Fatalf("searchHost non-map = %q, want empty", got)
|
|
}
|
|
if got := searchHost(nil); got != "" {
|
|
t.Fatalf("searchHost nil = %q, want empty", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchKey_FoundAtTopLevel(t *testing.T) {
|
|
data := map[string]any{"foo": 42, "bar": "x"}
|
|
got, ok := searchKey(data, "foo")
|
|
if !ok {
|
|
t.Fatal("expected to find foo")
|
|
}
|
|
if got != 42 {
|
|
t.Fatalf("got %v, want 42", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchKey_FoundInNested(t *testing.T) {
|
|
data := map[string]any{
|
|
"outer": map[string]any{
|
|
"inner": map[string]any{
|
|
"target": "hit",
|
|
},
|
|
},
|
|
}
|
|
got, ok := searchKey(data, "target")
|
|
if !ok {
|
|
t.Fatal("expected to find target in nested map")
|
|
}
|
|
if got != "hit" {
|
|
t.Fatalf("got %v, want hit", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchKey_FoundInsideArray(t *testing.T) {
|
|
data := map[string]any{
|
|
"list": []any{
|
|
map[string]any{"other": 1},
|
|
map[string]any{"needle": "found"},
|
|
},
|
|
}
|
|
got, ok := searchKey(data, "needle")
|
|
if !ok {
|
|
t.Fatal("expected to find needle in array element")
|
|
}
|
|
if got != "found" {
|
|
t.Fatalf("got %v, want found", got)
|
|
}
|
|
}
|
|
|
|
func TestSearchKey_NotFound(t *testing.T) {
|
|
data := map[string]any{"foo": "bar"}
|
|
if _, ok := searchKey(data, "missing"); ok {
|
|
t.Fatal("expected ok=false for missing key")
|
|
}
|
|
}
|
|
|
|
func TestSearchKey_OnScalar(t *testing.T) {
|
|
if _, ok := searchKey(42, "anything"); ok {
|
|
t.Fatal("expected ok=false searching on a scalar")
|
|
}
|
|
}
|
|
|
|
func TestBuildXhttpExtra_IncludesClientSideFieldsWhenPresent(t *testing.T) {
|
|
extra := buildXhttpExtra(map[string]any{
|
|
"path": "/xhttp",
|
|
"host": "example.com",
|
|
"mode": "packet-up",
|
|
"xPaddingBytes": "100-1000",
|
|
"uplinkHTTPMethod": "GET",
|
|
"uplinkChunkSize": float64(4096),
|
|
"noGRPCHeader": true,
|
|
"scMinPostsIntervalMs": "20-40",
|
|
"xmux": map[string]any{
|
|
"maxConcurrency": "16-32",
|
|
"hMaxRequestTimes": "600-900",
|
|
"hMaxReusableSecs": "1800-3000",
|
|
"hKeepAlivePeriod": float64(15),
|
|
},
|
|
"downloadSettings": map[string]any{
|
|
"network": "xhttp",
|
|
},
|
|
"headers": map[string]any{
|
|
"Host": "ignored.example.com",
|
|
"X-Forwarded": "1",
|
|
"X-Test-Empty": "",
|
|
},
|
|
})
|
|
|
|
if extra["path"] != nil || extra["host"] != nil {
|
|
t.Fatalf("path/host should stay top-level, got extra %#v", extra)
|
|
}
|
|
for _, key := range []string{
|
|
"xPaddingBytes",
|
|
"uplinkHTTPMethod",
|
|
"uplinkChunkSize",
|
|
"noGRPCHeader",
|
|
"scMinPostsIntervalMs",
|
|
"xmux",
|
|
"downloadSettings",
|
|
} {
|
|
if _, ok := extra[key]; !ok {
|
|
t.Fatalf("extra missing %q: %#v", key, extra)
|
|
}
|
|
}
|
|
if _, ok := extra["mode"]; ok {
|
|
t.Fatalf("mode should stay as a top-level query parameter, got extra %#v", extra)
|
|
}
|
|
|
|
headers, ok := extra["headers"].(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("headers = %#v, want map", extra["headers"])
|
|
}
|
|
if _, ok := headers["Host"]; ok {
|
|
t.Fatalf("headers should not include Host: %#v", headers)
|
|
}
|
|
if headers["X-Forwarded"] != "1" {
|
|
t.Fatalf("headers[X-Forwarded] = %#v, want 1", headers["X-Forwarded"])
|
|
}
|
|
}
|
|
|
|
func TestBuildXhttpExtra_LeavesDefaultClientSideFieldsOut(t *testing.T) {
|
|
extra := buildXhttpExtra(map[string]any{
|
|
"uplinkHTTPMethod": "",
|
|
"uplinkChunkSize": float64(0),
|
|
"noGRPCHeader": false,
|
|
"xmux": map[string]any{},
|
|
"downloadSettings": map[string]any{},
|
|
})
|
|
if extra != nil {
|
|
t.Fatalf("default-only xhttp extra = %#v, want nil", extra)
|
|
}
|
|
}
|
|
|
|
func TestCloneStringMap(t *testing.T) {
|
|
src := map[string]string{"a": "1", "b": "2"}
|
|
dst := cloneStringMap(src)
|
|
if len(dst) != len(src) {
|
|
t.Fatalf("clone length = %d, want %d", len(dst), len(src))
|
|
}
|
|
for k, v := range src {
|
|
if dst[k] != v {
|
|
t.Fatalf("clone[%q] = %q, want %q", k, dst[k], v)
|
|
}
|
|
}
|
|
dst["a"] = "changed"
|
|
if src["a"] == "changed" {
|
|
t.Fatal("modifying clone leaked into source")
|
|
}
|
|
}
|
|
|
|
func TestCloneStringMap_Empty(t *testing.T) {
|
|
dst := cloneStringMap(map[string]string{})
|
|
if dst == nil {
|
|
t.Fatal("clone of empty map should not be nil")
|
|
}
|
|
if len(dst) != 0 {
|
|
t.Fatalf("clone of empty map should be empty, got %v", dst)
|
|
}
|
|
}
|
|
|
|
func TestGetHostFromXFH_HostOnly(t *testing.T) {
|
|
got, err := getHostFromXFH("example.com")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if got != "example.com" {
|
|
t.Fatalf("got %q, want example.com", got)
|
|
}
|
|
}
|
|
|
|
func TestGetHostFromXFH_HostWithPort(t *testing.T) {
|
|
got, err := getHostFromXFH("example.com:8443")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if got != "example.com" {
|
|
t.Fatalf("got %q, want example.com", got)
|
|
}
|
|
}
|
|
|
|
func TestGetHostFromXFH_IPv6WithPort(t *testing.T) {
|
|
got, err := getHostFromXFH("[2606:4700::1111]:443")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if got != "2606:4700::1111" {
|
|
t.Fatalf("got %q, want 2606:4700::1111", got)
|
|
}
|
|
}
|
|
|
|
func TestGetHostFromXFH_BadHostPort(t *testing.T) {
|
|
if _, err := getHostFromXFH("example.com:8443:9999"); err == nil {
|
|
t.Fatal("expected error for malformed host:port")
|
|
}
|
|
}
|
|
|
|
func TestReadPositiveInt(t *testing.T) {
|
|
cases := []struct {
|
|
name string
|
|
in any
|
|
wantVal int
|
|
wantOk bool
|
|
}{
|
|
{"int_positive", int(5), 5, true},
|
|
{"int_zero", int(0), 0, false},
|
|
{"int_negative", int(-3), -3, false},
|
|
{"int32_positive", int32(7), 7, true},
|
|
{"int64_positive", int64(99), 99, true},
|
|
{"float64_positive", float64(12), 12, true},
|
|
{"float64_zero", float64(0.0), 0, false},
|
|
{"float64_negative", float64(-1.5), -1, false},
|
|
{"float32_positive", float32(3), 3, true},
|
|
{"string", "not a number", 0, false},
|
|
{"nil", nil, 0, false},
|
|
}
|
|
for _, c := range cases {
|
|
t.Run(c.name, func(t *testing.T) {
|
|
gotVal, gotOk := readPositiveInt(c.in)
|
|
if gotVal != c.wantVal || gotOk != c.wantOk {
|
|
t.Fatalf("readPositiveInt(%v) = (%d, %v), want (%d, %v)", c.in, gotVal, gotOk, c.wantVal, c.wantOk)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSetStringParam(t *testing.T) {
|
|
p := map[string]string{"existing": "value"}
|
|
|
|
setStringParam(p, "new", "hello")
|
|
if p["new"] != "hello" {
|
|
t.Fatalf("missing key after set: %v", p)
|
|
}
|
|
|
|
setStringParam(p, "existing", "")
|
|
if _, ok := p["existing"]; ok {
|
|
t.Fatalf("empty value should delete the key, got %v", p)
|
|
}
|
|
}
|
|
|
|
func TestSetIntParam(t *testing.T) {
|
|
p := map[string]string{"existing": "10"}
|
|
|
|
setIntParam(p, "n", 42)
|
|
if p["n"] != "42" {
|
|
t.Fatalf("set positive int: got %v", p)
|
|
}
|
|
|
|
setIntParam(p, "existing", 0)
|
|
if _, ok := p["existing"]; ok {
|
|
t.Fatalf("zero value should delete the key, got %v", p)
|
|
}
|
|
|
|
p["other"] = "5"
|
|
setIntParam(p, "other", -1)
|
|
if _, ok := p["other"]; ok {
|
|
t.Fatalf("negative value should delete the key, got %v", p)
|
|
}
|
|
}
|
|
|
|
func TestSetStringField(t *testing.T) {
|
|
f := map[string]any{"existing": "value"}
|
|
|
|
setStringField(f, "new", "hello")
|
|
if f["new"] != "hello" {
|
|
t.Fatalf("missing key after set: %v", f)
|
|
}
|
|
|
|
setStringField(f, "existing", "")
|
|
if _, ok := f["existing"]; ok {
|
|
t.Fatalf("empty value should delete the key, got %v", f)
|
|
}
|
|
}
|
|
|
|
func TestSetIntField(t *testing.T) {
|
|
f := map[string]any{"existing": 10}
|
|
|
|
setIntField(f, "n", 7)
|
|
if f["n"] != 7 {
|
|
t.Fatalf("set positive int: got %v", f)
|
|
}
|
|
|
|
setIntField(f, "existing", 0)
|
|
if _, ok := f["existing"]; ok {
|
|
t.Fatalf("zero value should delete the key, got %v", f)
|
|
}
|
|
}
|
|
|
|
func TestBuildVmessLink(t *testing.T) {
|
|
obj := map[string]any{
|
|
"v": "2",
|
|
"ps": "remark",
|
|
"add": "example.com",
|
|
"port": 443,
|
|
"net": "tcp",
|
|
}
|
|
link := buildVmessLink(obj)
|
|
if !strings.HasPrefix(link, "vmess://") {
|
|
t.Fatalf("missing vmess:// prefix: %q", link)
|
|
}
|
|
payload := strings.TrimPrefix(link, "vmess://")
|
|
decoded, err := base64.StdEncoding.DecodeString(payload)
|
|
if err != nil {
|
|
t.Fatalf("base64 decode failed: %v", err)
|
|
}
|
|
var roundTrip map[string]any
|
|
if err := json.Unmarshal(decoded, &roundTrip); err != nil {
|
|
t.Fatalf("decoded payload is not JSON: %v\n%s", err, decoded)
|
|
}
|
|
if roundTrip["add"] != "example.com" {
|
|
t.Fatalf("round-trip add = %v, want example.com", roundTrip["add"])
|
|
}
|
|
if roundTrip["ps"] != "remark" {
|
|
t.Fatalf("round-trip ps = %v, want remark", roundTrip["ps"])
|
|
}
|
|
}
|
|
|
|
func TestCloneVmessShareObj_CopiesEverythingByDefault(t *testing.T) {
|
|
base := map[string]any{
|
|
"v": "2",
|
|
"sni": "example.com",
|
|
"alpn": "h2",
|
|
"fp": "chrome",
|
|
"net": "tcp",
|
|
}
|
|
out := cloneVmessShareObj(base, "tls")
|
|
for _, key := range []string{"sni", "alpn", "fp", "net", "v"} {
|
|
if _, ok := out[key]; !ok {
|
|
t.Fatalf("expected key %q to be preserved when security=tls, got %v", key, out)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestCloneVmessShareObj_NoneStripsTLSOnlyKeys(t *testing.T) {
|
|
base := map[string]any{
|
|
"v": "2",
|
|
"sni": "example.com",
|
|
"alpn": "h2",
|
|
"fp": "chrome",
|
|
"net": "tcp",
|
|
}
|
|
out := cloneVmessShareObj(base, "none")
|
|
for _, key := range []string{"sni", "alpn", "fp"} {
|
|
if _, ok := out[key]; ok {
|
|
t.Fatalf("security=none should strip %q, got %v", key, out)
|
|
}
|
|
}
|
|
if out["v"] != "2" || out["net"] != "tcp" {
|
|
t.Fatalf("non-TLS keys should remain, got %v", out)
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSParams_UsesProxyDomainAndOverrides(t *testing.T) {
|
|
params := map[string]string{
|
|
"security": "tls",
|
|
"sni": "origin.example.com",
|
|
"fp": "firefox",
|
|
"alpn": "h2",
|
|
}
|
|
ep := map[string]any{
|
|
"dest": "proxy.example.com",
|
|
"sni": "tls.example.com",
|
|
"fingerprint": "chrome",
|
|
"alpn": []any{"h3", "h2"},
|
|
}
|
|
|
|
applyExternalProxyTLSParams(ep, params, "tls")
|
|
|
|
if params["sni"] != "tls.example.com" {
|
|
t.Fatalf("sni = %q, want tls.example.com", params["sni"])
|
|
}
|
|
if params["fp"] != "chrome" {
|
|
t.Fatalf("fp = %q, want chrome", params["fp"])
|
|
}
|
|
if params["alpn"] != "h3,h2" {
|
|
t.Fatalf("alpn = %q, want h3,h2", params["alpn"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSParams_PreservesUpstreamSNI(t *testing.T) {
|
|
// External-proxy entry has no SNI of its own; its dest must not
|
|
// clobber the upstream tlsSettings.serverName already written into
|
|
// params. Regression: the dest fallback used to overwrite "222" with
|
|
// "111" whenever an operator set forceTls=same and left the proxy's
|
|
// SNI field blank.
|
|
params := map[string]string{"security": "tls", "sni": "real.example.com"}
|
|
ep := map[string]any{"dest": "proxy.example.com"}
|
|
|
|
applyExternalProxyTLSParams(ep, params, "tls")
|
|
|
|
if params["sni"] != "real.example.com" {
|
|
t.Fatalf("sni = %q, want upstream sni preserved (real.example.com)", params["sni"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSParams_ExplicitSNIOverridesUpstream(t *testing.T) {
|
|
params := map[string]string{"security": "tls", "sni": "real.example.com"}
|
|
ep := map[string]any{"dest": "proxy.example.com", "sni": "edge.example.com"}
|
|
|
|
applyExternalProxyTLSParams(ep, params, "tls")
|
|
|
|
if params["sni"] != "edge.example.com" {
|
|
t.Fatalf("sni = %q, want edge.example.com", params["sni"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxy_ECHPropagates(t *testing.T) {
|
|
const ech = "ech-config-base64"
|
|
|
|
t.Run("url params", func(t *testing.T) {
|
|
params := map[string]string{"security": "tls"}
|
|
ep := map[string]any{"dest": "proxy.example.com", "echConfigList": ech}
|
|
applyExternalProxyTLSParams(ep, params, "tls")
|
|
if params["ech"] != ech {
|
|
t.Fatalf("ech param = %q, want %q", params["ech"], ech)
|
|
}
|
|
})
|
|
|
|
t.Run("vmess obj", func(t *testing.T) {
|
|
obj := map[string]any{}
|
|
ep := map[string]any{"dest": "proxy.example.com", "echConfigList": ech}
|
|
applyExternalProxyTLSObj(ep, obj, "tls")
|
|
if obj["ech"] != ech {
|
|
t.Fatalf("ech obj = %v, want %q", obj["ech"], ech)
|
|
}
|
|
})
|
|
|
|
t.Run("json stream settings", func(t *testing.T) {
|
|
stream := map[string]any{"security": "tls", "tlsSettings": map[string]any{}}
|
|
ep := map[string]any{"dest": "proxy.example.com", "echConfigList": ech}
|
|
applyExternalProxyTLSToStream(ep, stream, "tls")
|
|
settings, _ := stream["tlsSettings"].(map[string]any)["settings"].(map[string]any)
|
|
if settings["echConfigList"] != ech {
|
|
t.Fatalf("echConfigList = %v, want %q", settings["echConfigList"], ech)
|
|
}
|
|
})
|
|
|
|
t.Run("non-tls security drops ech", func(t *testing.T) {
|
|
params := map[string]string{}
|
|
ep := map[string]any{"echConfigList": ech}
|
|
applyExternalProxyTLSParams(ep, params, "none")
|
|
if _, ok := params["ech"]; ok {
|
|
t.Fatalf("ech must not be set when security != tls")
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSToStream_DoesNotLeakAcrossProxies(t *testing.T) {
|
|
stream := map[string]any{
|
|
"security": "tls",
|
|
"tlsSettings": map[string]any{
|
|
"serverName": "upstream.example.com",
|
|
},
|
|
}
|
|
proxies := []map[string]any{
|
|
{"dest": "a.example.com", "sni": "a-sni.example.com", "fingerprint": "chrome", "alpn": []any{"h3"}},
|
|
{"dest": "b.example.com"},
|
|
}
|
|
|
|
results := make([]map[string]any, 0, len(proxies))
|
|
for _, ep := range proxies {
|
|
working := cloneStreamForExternalProxy(stream)
|
|
applyExternalProxyTLSToStream(ep, working, "tls")
|
|
ts := working["tlsSettings"].(map[string]any)
|
|
snapshot := map[string]any{
|
|
"serverName": ts["serverName"],
|
|
"fingerprint": ts["fingerprint"],
|
|
"alpn": ts["alpn"],
|
|
}
|
|
results = append(results, snapshot)
|
|
}
|
|
|
|
if results[0]["serverName"] != "a-sni.example.com" || results[0]["fingerprint"] != "chrome" {
|
|
t.Fatalf("proxy A snapshot = %v", results[0])
|
|
}
|
|
// Proxy B has no SNI of its own — the upstream tlsSettings serverName
|
|
// must remain in place (no dest fallback) and no fingerprint/alpn
|
|
// must leak from proxy A.
|
|
if results[1]["serverName"] != "upstream.example.com" {
|
|
t.Fatalf("proxy B serverName = %v, want upstream.example.com preserved", results[1]["serverName"])
|
|
}
|
|
if results[1]["fingerprint"] != nil {
|
|
t.Fatalf("proxy B should inherit no fingerprint, got %v (leaked from A)", results[1]["fingerprint"])
|
|
}
|
|
if results[1]["alpn"] != nil {
|
|
t.Fatalf("proxy B should inherit no alpn, got %v (leaked from A)", results[1]["alpn"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSParams_SetsPinnedPeerCert(t *testing.T) {
|
|
params := map[string]string{"security": "tls"}
|
|
ep := map[string]any{
|
|
"dest": "proxy.example.com",
|
|
"pinnedPeerCertSha256": []any{"aa11", "bb22"},
|
|
}
|
|
|
|
applyExternalProxyTLSParams(ep, params, "tls")
|
|
|
|
if params["pcs"] != "aa11,bb22" {
|
|
t.Fatalf("pcs = %q, want aa11,bb22", params["pcs"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSObj_SetsPinnedPeerCert(t *testing.T) {
|
|
obj := map[string]any{"tls": "tls"}
|
|
ep := map[string]any{
|
|
"dest": "proxy.example.com",
|
|
"pinnedPeerCertSha256": []any{"aa11"},
|
|
}
|
|
|
|
applyExternalProxyTLSObj(ep, obj, "tls")
|
|
|
|
if obj["pcs"] != "aa11" {
|
|
t.Fatalf("pcs = %v, want aa11", obj["pcs"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSToStream_SetsPinnedPeerCert(t *testing.T) {
|
|
stream := map[string]any{
|
|
"security": "tls",
|
|
"tlsSettings": map[string]any{"serverName": "upstream.example.com"},
|
|
}
|
|
ep := map[string]any{"dest": "edge.example.com", "pinnedPeerCertSha256": []any{"aa11", "bb22"}}
|
|
|
|
working := cloneStreamForExternalProxy(stream)
|
|
applyExternalProxyTLSToStream(ep, working, "tls")
|
|
|
|
ts := working["tlsSettings"].(map[string]any)
|
|
settings, _ := ts["settings"].(map[string]any)
|
|
pins, ok := settings["pinnedPeerCertSha256"].([]any)
|
|
if !ok || len(pins) != 2 || pins[0] != "aa11" || pins[1] != "bb22" {
|
|
t.Fatalf("pinnedPeerCertSha256 = %v, want [aa11 bb22]", settings["pinnedPeerCertSha256"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyHysteriaParams_PinIsHexNormalized(t *testing.T) {
|
|
// base64 SHA-256 pin must come out as bare lowercase hex for Hysteria's
|
|
// pinSHA256, which other (pcs) protocols leave untouched.
|
|
params := map[string]string{"security": "tls", "sni": "server.example.com"}
|
|
ep := map[string]any{
|
|
"dest": "edge.example.com",
|
|
"pinnedPeerCertSha256": []any{"yEfdI5XQl4wHgLggHEsomosoFZfUfCdfLXfT+W2N6cQ="},
|
|
}
|
|
|
|
applyExternalProxyHysteriaParams(ep, params)
|
|
|
|
if params["pinSHA256"] != "c847dd2395d0978c0780b8201c4b289a8b281597d47c275f2d77d3f96d8de9c4" {
|
|
t.Fatalf("pinSHA256 = %q, want hex-normalized pin", params["pinSHA256"])
|
|
}
|
|
if _, ok := params["pcs"]; ok {
|
|
t.Fatalf("pcs must not be set for Hysteria, got %v", params)
|
|
}
|
|
if params["sni"] != "server.example.com" {
|
|
t.Fatalf("sni = %q, want inbound sni preserved (no override for Hysteria)", params["sni"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyHysteriaParams_NoPinLeavesMainPin(t *testing.T) {
|
|
params := map[string]string{"security": "tls", "pinSHA256": "deadbeef"}
|
|
ep := map[string]any{"dest": "edge.example.com"}
|
|
|
|
applyExternalProxyHysteriaParams(ep, params)
|
|
|
|
if params["pinSHA256"] != "deadbeef" {
|
|
t.Fatalf("pinSHA256 = %q, want main pin preserved when proxy has none", params["pinSHA256"])
|
|
}
|
|
}
|
|
|
|
func TestApplyExternalProxyTLSParams_DoesNotApplyForNone(t *testing.T) {
|
|
params := map[string]string{
|
|
"security": "none",
|
|
"sni": "origin.example.com",
|
|
}
|
|
ep := map[string]any{
|
|
"dest": "proxy.example.com",
|
|
"fingerprint": "chrome",
|
|
"alpn": []any{"h3"},
|
|
}
|
|
|
|
applyExternalProxyTLSParams(ep, params, "none")
|
|
|
|
if params["sni"] != "origin.example.com" {
|
|
t.Fatalf("sni should not change for security=none, got %q", params["sni"])
|
|
}
|
|
if _, ok := params["fp"]; ok {
|
|
t.Fatalf("fp should not be set for security=none, got %v", params)
|
|
}
|
|
if _, ok := params["alpn"]; ok {
|
|
t.Fatalf("alpn should not be set for security=none, got %v", params)
|
|
}
|
|
}
|
|
|
|
func TestExtractKcpShareFields_Defaults(t *testing.T) {
|
|
stream := map[string]any{}
|
|
got := extractKcpShareFields(stream)
|
|
if got.headerType != "none" {
|
|
t.Fatalf("default headerType = %q, want none", got.headerType)
|
|
}
|
|
if got.seed != "" || got.mtu != 0 || got.tti != 0 {
|
|
t.Fatalf("default kcpShareFields should be zero except headerType, got %+v", got)
|
|
}
|
|
}
|
|
|
|
func TestExtractKcpShareFields_ReadsAllFields(t *testing.T) {
|
|
stream := map[string]any{
|
|
"kcpSettings": map[string]any{
|
|
"header": map[string]any{"type": "wechat-video"},
|
|
"seed": "secret-seed",
|
|
"mtu": float64(1350),
|
|
"tti": float64(50),
|
|
},
|
|
}
|
|
got := extractKcpShareFields(stream)
|
|
if got.headerType != "wechat-video" {
|
|
t.Fatalf("headerType = %q, want wechat-video", got.headerType)
|
|
}
|
|
if got.seed != "secret-seed" {
|
|
t.Fatalf("seed = %q, want secret-seed", got.seed)
|
|
}
|
|
if got.mtu != 1350 {
|
|
t.Fatalf("mtu = %d, want 1350", got.mtu)
|
|
}
|
|
if got.tti != 50 {
|
|
t.Fatalf("tti = %d, want 50", got.tti)
|
|
}
|
|
}
|
|
|
|
func TestExtractKcpShareFields_FinalMaskLegacyHeader(t *testing.T) {
|
|
stream := map[string]any{
|
|
"finalmask": map[string]any{
|
|
"udp": []any{
|
|
map[string]any{
|
|
"type": "mkcp-legacy",
|
|
"settings": map[string]any{"header": "wechat", "value": ""},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
got := extractKcpShareFields(stream)
|
|
if got.headerType != "wechat-video" {
|
|
t.Fatalf("headerType = %q, want wechat-video", got.headerType)
|
|
}
|
|
if got.seed != "" {
|
|
t.Fatalf("seed = %q, want empty for header mask", got.seed)
|
|
}
|
|
}
|
|
|
|
func TestExtractKcpShareFields_FinalMaskLegacySeed(t *testing.T) {
|
|
stream := map[string]any{
|
|
"finalmask": map[string]any{
|
|
"udp": []any{
|
|
map[string]any{
|
|
"type": "mkcp-legacy",
|
|
"settings": map[string]any{"header": "", "value": "obfs-pass"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
got := extractKcpShareFields(stream)
|
|
if got.headerType != "none" {
|
|
t.Fatalf("headerType = %q, want none for empty-header legacy mask", got.headerType)
|
|
}
|
|
if got.seed != "obfs-pass" {
|
|
t.Fatalf("seed = %q, want obfs-pass", got.seed)
|
|
}
|
|
}
|
|
|
|
func TestKcpShareFields_ApplyToParams(t *testing.T) {
|
|
params := map[string]string{}
|
|
kcpShareFields{headerType: "wechat-video", seed: "s", mtu: 1350, tti: 50}.applyToParams(params)
|
|
if params["headerType"] != "wechat-video" {
|
|
t.Fatalf("headerType param = %q", params["headerType"])
|
|
}
|
|
if params["seed"] != "s" {
|
|
t.Fatalf("seed param = %q", params["seed"])
|
|
}
|
|
if params["mtu"] != "1350" {
|
|
t.Fatalf("mtu param = %q", params["mtu"])
|
|
}
|
|
if params["tti"] != "50" {
|
|
t.Fatalf("tti param = %q", params["tti"])
|
|
}
|
|
}
|
|
|
|
func TestKcpShareFields_ApplyToParams_NoneHeaderNotAdded(t *testing.T) {
|
|
params := map[string]string{}
|
|
kcpShareFields{headerType: "none"}.applyToParams(params)
|
|
if _, ok := params["headerType"]; ok {
|
|
t.Fatalf("headerType=none should not be added, got %v", params)
|
|
}
|
|
}
|
|
|
|
func TestMarshalFinalMask_EmptyReturnsFalse(t *testing.T) {
|
|
if _, ok := marshalFinalMask(map[string]any{}); ok {
|
|
t.Fatal("expected ok=false for empty finalmask")
|
|
}
|
|
if _, ok := marshalFinalMask(nil); ok {
|
|
t.Fatal("expected ok=false for nil finalmask")
|
|
}
|
|
}
|
|
|
|
func TestMarshalFinalMask_WithContent(t *testing.T) {
|
|
fm := map[string]any{
|
|
"tcp": []any{
|
|
map[string]any{"type": "fragment"},
|
|
},
|
|
}
|
|
out, ok := marshalFinalMask(fm)
|
|
if !ok {
|
|
t.Fatal("expected ok=true for finalmask with valid tcp mask")
|
|
}
|
|
if !strings.Contains(out, `"tcp"`) {
|
|
t.Fatalf("marshaled finalmask missing tcp key: %s", out)
|
|
}
|
|
if !strings.Contains(out, "fragment") {
|
|
t.Fatalf("marshaled finalmask missing mask type: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestMarshalFinalMask_UnknownTypeIsDropped(t *testing.T) {
|
|
fm := map[string]any{
|
|
"tcp": []any{
|
|
map[string]any{"type": "not-a-real-mask"},
|
|
},
|
|
}
|
|
if _, ok := marshalFinalMask(fm); ok {
|
|
t.Fatal("unknown mask types should be dropped, leaving nothing to marshal")
|
|
}
|
|
}
|
|
|
|
func TestHasFinalMaskContent(t *testing.T) {
|
|
if hasFinalMaskContent(nil) {
|
|
t.Fatal("nil should not count as content")
|
|
}
|
|
if hasFinalMaskContent(map[string]any{}) {
|
|
t.Fatal("empty map should not count as content")
|
|
}
|
|
if !hasFinalMaskContent(map[string]any{"x": 1}) {
|
|
t.Fatal("non-empty map should count as content")
|
|
}
|
|
}
|
|
|
|
func TestHysteriaPinHex(t *testing.T) {
|
|
const hexPin = "c847dd2395d0978c0780b8201c4b289a8b281597d47c275f2d77d3f96d8de9c4"
|
|
|
|
cases := []struct {
|
|
name string
|
|
in string
|
|
want string
|
|
}{
|
|
// Std base64 (xray-core's native TLS format / the panel generate button)
|
|
// must be re-encoded to the hex form Hysteria2 clients expect (#4818).
|
|
{"std base64", "yEfdI5XQl4wHgLggHEsomosoFZfUfCdfLXfT+W2N6cQ=", hexPin},
|
|
// A manually pasted hex fingerprint passes through (lowercased).
|
|
{"hex passthrough", hexPin, hexPin},
|
|
{"uppercase hex lowercased", strings.ToUpper(hexPin), hexPin},
|
|
// openssl x509 -fingerprint -sha256 emits colon-separated hex.
|
|
{"colon hex stripped", "C8:47:DD:23:95:D0:97:8C:07:80:B8:20:1C:4B:28:9A:8B:28:15:97:D4:7C:27:5F:2D:77:D3:F9:6D:8D:E9:C4", hexPin},
|
|
{"surrounding whitespace trimmed", " " + hexPin + " ", hexPin},
|
|
// URL-safe base64 with the same 32 bytes decodes identically.
|
|
{"url-safe base64", "yEfdI5XQl4wHgLggHEsomosoFZfUfCdfLXfT-W2N6cQ=", hexPin},
|
|
// Garbage that is neither valid hex nor a 32-byte base64 is left as-is
|
|
// rather than silently dropped.
|
|
{"unrecognized passthrough", "not-a-pin", "not-a-pin"},
|
|
{"empty", "", ""},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
if got := hysteriaPinHex(tc.in); got != tc.want {
|
|
t.Fatalf("hysteriaPinHex(%q) = %q, want %q", tc.in, got, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestHysteriaHopPorts(t *testing.T) {
|
|
withHop := func(ports any) map[string]any {
|
|
return map[string]any{
|
|
"finalmask": map[string]any{
|
|
"quicParams": map[string]any{
|
|
"udpHop": map[string]any{"ports": ports, "interval": "5-10"},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
cases := []struct {
|
|
name string
|
|
stream map[string]any
|
|
want string
|
|
}{
|
|
{"range", withHop("20000-50000"), "20000-50000"},
|
|
{"trimmed", withHop(" 443,20000-50000 "), "443,20000-50000"},
|
|
{"empty string", withHop(""), ""},
|
|
{"non-string", withHop(float64(443)), ""},
|
|
{"no udpHop", map[string]any{"finalmask": map[string]any{"quicParams": map[string]any{}}}, ""},
|
|
{"no finalmask", map[string]any{}, ""},
|
|
{"nil stream", nil, ""},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
if got := hysteriaHopPorts(tc.stream); got != tc.want {
|
|
t.Fatalf("hysteriaHopPorts() = %q, want %q", got, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|