Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-14 01:56:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/web/service/xray_setting_test.go

206 lines
6.9 KiB
Go
Raw Normal View History

Fix blank Xray Settings page from wrapped xrayTemplateConfig (#4059) (#4069) `getXraySetting` builds its response as { "xraySetting": <db value>, "inboundTags": ..., "outboundTestUrl": ... } and embeds the raw DB value as the `xraySetting` field without checking whether the stored value already has that exact shape. The frontend pulls the textarea content from `result.xraySetting` and saves it back verbatim. If the DB ever ends up holding the response-shaped wrapper instead of a real xray config (older installs where this happened at least once, users who imported a copy-pasted response into the textarea, a botched migration, etc.), the next save nests another layer, the one after that nests a third, and the Vue-side JSON.parse of the resulting blob silently fails — the Xray Settings page goes blank. Fix both ends of the round-trip: * Add `service.UnwrapXrayTemplateConfig`. It peels off any number of `xraySetting`-keyed layers, leaving a real xray config behind. The check is conservative: if the outer object already contains any top-level xray key (`inbounds`, `outbounds`, `routing`, `api`, `dns`, `log`, `policy`, `stats`), it is returned unchanged, and there is a depth cap to avoid pathological inputs. * `SaveXraySetting` unwraps before validation so a round-tripped wrapper from an already-corrupted page can no longer re-poison the DB on save. * `getXraySetting` unwraps on read and, when it finds a wrapper, rewrites the DB with the corrected value. Existing broken installs heal themselves on the next visit to the page. Includes unit tests for the passthrough, single-wrap, multi-wrap, string-encoded-inner, and false-positive cases. Co-authored-by: pwnnex <eternxles@gmail.com>
2026-04-21 18:30:02 +00:00
package service
import (
"encoding/json"
"strings"
"testing"
)
func TestUnwrapXrayTemplateConfig(t *testing.T) {
real := `{"log":{},"inbounds":[],"outbounds":[],"routing":{}}`
t.Run("passes through a clean config", func(t *testing.T) {
if got := UnwrapXrayTemplateConfig(real); got != real {
t.Fatalf("clean config was modified: %s", got)
}
})
t.Run("passes through invalid JSON unchanged", func(t *testing.T) {
in := "not json at all"
if got := UnwrapXrayTemplateConfig(in); got != in {
t.Fatalf("invalid input was modified: %s", got)
}
})
t.Run("unwraps one layer of response-shaped wrapper", func(t *testing.T) {
wrapper := `{"inboundTags":["tag"],"outboundTestUrl":"x","xraySetting":` + real + `}`
got := UnwrapXrayTemplateConfig(wrapper)
if !equalJSON(t, got, real) {
t.Fatalf("want %s, got %s", real, got)
}
})
t.Run("unwraps multiple stacked layers", func(t *testing.T) {
lvl1 := `{"xraySetting":` + real + `}`
lvl2 := `{"xraySetting":` + lvl1 + `}`
lvl3 := `{"xraySetting":` + lvl2 + `}`
got := UnwrapXrayTemplateConfig(lvl3)
if !equalJSON(t, got, real) {
t.Fatalf("want %s, got %s", real, got)
}
})
t.Run("handles an xraySetting stored as a JSON-encoded string", func(t *testing.T) {
encoded, _ := json.Marshal(real) // becomes a quoted string
wrapper := `{"xraySetting":` + string(encoded) + `}`
got := UnwrapXrayTemplateConfig(wrapper)
if !equalJSON(t, got, real) {
t.Fatalf("want %s, got %s", real, got)
}
})
t.Run("does not unwrap when top level already has real xray keys", func(t *testing.T) {
// Pathological but defensible: if a user's actual config somehow
// has both the real keys and an unrelated `xraySetting` key, we
// must not strip it.
in := `{"inbounds":[],"xraySetting":{"some":"thing"}}`
got := UnwrapXrayTemplateConfig(in)
if got != in {
t.Fatalf("should have left real config alone, got %s", got)
}
})
t.Run("stops at a reasonable depth", func(t *testing.T) {
// Build a deeper-than-maxDepth chain that ends at something
// non-wrapped, and confirm we end up at some valid JSON (we
// don't loop forever and we don't blow the stack).
s := real
for i := 0; i < 16; i++ {
s = `{"xraySetting":` + s + `}`
}
got := UnwrapXrayTemplateConfig(s)
if !strings.Contains(got, `"inbounds"`) && !strings.Contains(got, `"xraySetting"`) {
t.Fatalf("unexpected tail: %s", got)
}
})
}
func equalJSON(t *testing.T, a, b string) bool {
t.Helper()
var va, vb any
if err := json.Unmarshal([]byte(a), &va); err != nil {
return false
}
if err := json.Unmarshal([]byte(b), &vb); err != nil {
return false
}
ja, _ := json.Marshal(va)
jb, _ := json.Marshal(vb)
return string(ja) == string(jb)
}
xray-setting: pin api routing rule to index 0 on save (#4124) when the admin adds a custom outbound (eg vless cascade to a second server) and a routing rule sending all inbound traffic to it, that catch-all gets evaluated before the existing api->api rule, so the panel's internal stats inbound's traffic ends up on the cascade outbound. the grpc stats query then can't see anything, GetTraffic returns no inbound/user counters, and every client appears offline with zero traffic even though the actual proxy path works fine. before save, find the api rule and move it to the front of routing.rules. if it's missing entirely, insert a default. other rules keep their relative order. closes #4113. probably also fixes the long-standing #2818 where the documented workaround was "manually move the api rule to the top".
2026-04-28 15:49:39 +00:00
// firstRuleOutbound parses the (post-hoisted) config and returns
// routing.rules[0].outboundTag, or "" if anything is missing.
func firstRuleOutbound(t *testing.T, raw string) string {
t.Helper()
var cfg map[string]any
if err := json.Unmarshal([]byte(raw), &cfg); err != nil {
t.Fatalf("unmarshal cfg: %v", err)
}
routing, _ := cfg["routing"].(map[string]any)
rules, _ := routing["rules"].([]any)
if len(rules) == 0 {
return ""
}
first, _ := rules[0].(map[string]any)
tag, _ := first["outboundTag"].(string)
return tag
}
func TestEnsureStatsRouting_HoistsApiRuleFromMiddle(t *testing.T) {
// #4113 repro shape: admin added a cascade outbound and put a
// catch-all routing rule above the api rule. stats query path
// gets starved by the catch-all unless we hoist the api rule.
in := `{
"routing": {
"rules": [
{"type":"field","inboundTag":["inbound-vless"],"outboundTag":"vless-cascade"},
{"type":"field","inboundTag":["api"],"outboundTag":"api"},
{"type":"field","outboundTag":"blocked","ip":["geoip:private"]}
]
}
}`
out, err := EnsureStatsRouting(in)
if err != nil {
t.Fatalf("unexpected err: %v", err)
}
if got := firstRuleOutbound(t, out); got != "api" {
t.Fatalf("api rule should be at index 0 after hoist, got first outboundTag = %q\nfull: %s", got, out)
}
}
func TestEnsureStatsRouting_NoOpWhenAlreadyFirst(t *testing.T) {
// Don't churn the JSON when nothing needs fixing — same string in,
// same string out. Lets the diff in the panel UI stay quiet for
// well-formed configs.
in := `{"routing":{"rules":[{"type":"field","inboundTag":["api"],"outboundTag":"api"},{"type":"field","outboundTag":"blocked","ip":["geoip:private"]}]}}`
out, err := EnsureStatsRouting(in)
if err != nil {
t.Fatalf("unexpected err: %v", err)
}
if out != in {
t.Fatalf("expected unchanged input, got: %s", out)
}
}
func TestEnsureStatsRouting_InsertsDefaultWhenMissing(t *testing.T) {
// Some admins delete the api rule by accident. Re-add a default
// at the front so stats keep working after the next save.
in := `{"routing":{"rules":[{"type":"field","outboundTag":"vless-cascade","inboundTag":["inbound-vless"]}]}}`
out, err := EnsureStatsRouting(in)
if err != nil {
t.Fatalf("unexpected err: %v", err)
}
if got := firstRuleOutbound(t, out); got != "api" {
t.Fatalf("default api rule should be inserted at index 0, got %q\nfull: %s", got, out)
}
// The original rule should still be there, just shifted.
var cfg map[string]any
json.Unmarshal([]byte(out), &cfg)
rules := cfg["routing"].(map[string]any)["rules"].([]any)
if len(rules) != 2 {
t.Fatalf("expected 2 rules after insert, got %d: %v", len(rules), rules)
}
}
func TestEnsureStatsRouting_NoRoutingBlock(t *testing.T) {
// Pathological but possible: empty config or one without a routing
// section. Don't crash, and create the section with the api rule.
in := `{"log":{}}`
out, err := EnsureStatsRouting(in)
if err != nil {
t.Fatalf("unexpected err: %v", err)
}
if got := firstRuleOutbound(t, out); got != "api" {
t.Fatalf("api rule should be created when routing was missing, got %q\nfull: %s", got, out)
}
}
func TestEnsureStatsRouting_InvalidJsonReturnsAsIs(t *testing.T) {
// SaveXraySetting calls CheckXrayConfig before this helper, so
// invalid JSON shouldn't reach us in practice — but be defensive
// about garbage in (return same garbage out plus an error) so the
// caller can choose to skip the hoist instead of corrupting input.
in := "definitely not json"
out, err := EnsureStatsRouting(in)
if err == nil {
t.Fatalf("expected error for invalid json, got none")
}
if out != in {
t.Fatalf("expected raw passthrough on error, got %q", out)
}
}
func TestEnsureStatsRouting_AcceptsInboundTagAsString(t *testing.T) {
// Some manually-edited configs use a single string instead of an
// array for inboundTag. Make sure we still recognize the api rule.
in := `{"routing":{"rules":[{"type":"field","inboundTag":["other"],"outboundTag":"vless-cascade"},{"type":"field","inboundTag":"api","outboundTag":"api"}]}}`
out, err := EnsureStatsRouting(in)
if err != nil {
t.Fatalf("unexpected err: %v", err)
}
if got := firstRuleOutbound(t, out); got != "api" {
t.Fatalf("api rule with string-form inboundTag should hoist to front, got %q\nfull: %s", got, out)
}
}
Reference in a new issue Copy permalink