3x-ui/web/job/check_client_ip_job_test.go

package job

import (
	"reflect"
	"testing"
)

func TestMergeClientIps_EvictsStaleOldEntries(t *testing.T) {
	// #4077: after a ban expires, a single IP that reconnects used to get
	// banned again immediately because a long-disconnected IP stayed in the
	// DB with an ancient timestamp and kept "protecting" itself against
	// eviction. Guard against that regression here.
	old := []IPWithTimestamp{
		{IP: "1.1.1.1", Timestamp: 100},  // stale — client disconnected long ago
		{IP: "2.2.2.2", Timestamp: 1900}, // fresh — still connecting
	}
	new := []IPWithTimestamp{
		{IP: "2.2.2.2", Timestamp: 2000}, // same IP, newer log line
	}

	got := mergeClientIps(old, new, 1000)

	want := map[string]int64{"2.2.2.2": 2000}
	if !reflect.DeepEqual(got, want) {
		t.Fatalf("stale 1.1.1.1 should have been dropped\ngot:  %v\nwant: %v", got, want)
	}
}

func TestMergeClientIps_KeepsFreshOldEntriesUnchanged(t *testing.T) {
	// Backwards-compat: entries that aren't stale are still carried forward,
	// so enforcement survives access-log rotation.
	old := []IPWithTimestamp{
		{IP: "1.1.1.1", Timestamp: 1500},
	}
	got := mergeClientIps(old, nil, 1000)

	want := map[string]int64{"1.1.1.1": 1500}
	if !reflect.DeepEqual(got, want) {
		t.Fatalf("fresh old IP should have been retained\ngot:  %v\nwant: %v", got, want)
	}
}

func TestMergeClientIps_PrefersLaterTimestampForSameIp(t *testing.T) {
	old := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 1500}}
	new := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 1700}}

	got := mergeClientIps(old, new, 1000)

	if got["1.1.1.1"] != 1700 {
		t.Fatalf("expected latest timestamp 1700, got %d", got["1.1.1.1"])
	}
}

func TestMergeClientIps_DropsStaleNewEntries(t *testing.T) {
	// A log line with a clock-skewed old timestamp must not resurrect a
	// stale IP past the cutoff.
	new := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 500}}
	got := mergeClientIps(nil, new, 1000)

	if len(got) != 0 {
		t.Fatalf("stale new IP should have been dropped, got %v", got)
	}
}

func TestMergeClientIps_NoStaleCutoffStillWorks(t *testing.T) {
	// Defensive: a zero cutoff (e.g. during very first run on a fresh
	// install) must not over-evict.
	old := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 100}}
	new := []IPWithTimestamp{{IP: "2.2.2.2", Timestamp: 200}}

	got := mergeClientIps(old, new, 0)

	want := map[string]int64{"1.1.1.1": 100, "2.2.2.2": 200}
	if !reflect.DeepEqual(got, want) {
		t.Fatalf("zero cutoff should keep everything\ngot:  %v\nwant: %v", got, want)
	}
}
Fix IP Limit continuous ban loop from stale DB entries (#4077) After 60abeaa flipped the excess-IP selector to "oldest wins, newest loses" (to protect the original/current connections), the per-client IP table in `inbound_client_ips.ips` never evicted IPs that stopped connecting. Their stored timestamp stayed ancient, so on every subsequent run they counted as the "oldest protected" slot(s) and whichever IP was actually using the config now was classified as "new excess" and re-banned via fail2ban. This is exactly the #4077 scenario: two IPs connect once and get recorded, the ban lifts after the configured duration, the lone legitimate IP that reconnects gets banned again, and again, and again — a permanent 3xipl.log loop with no real abuser anywhere. Fix: when merging the persisted `old` list with the freshly observed `new` log lines, drop entries whose last-seen timestamp is older than `ipStaleAfterSeconds` (30 minutes). A client that's actually still active refreshes its timestamp any time xray emits a new `accepted` line for a fresh TCP, so the cutoff is far above even idle streaming sessions; a client that's genuinely gone falls out of the table in bounded time and frees its slot. Extracted the merge into `mergeClientIps` so it can be exercised by unit tests without spinning up the full DB-backed job. Tests cover: - stale old entry is dropped (the #4077 regression) - fresh old entries are still carried forward (access-log rotation is still backed by the persisted table) - newer timestamp wins when the same IP appears in both lists - a clock-skewed old `new` entry can't resurrect a stale IP - a zero cutoff never over-evicts Closes #4077 2026-04-22 13:53:32 +00:00			`package job`

			`import (`
			`"reflect"`
			`"testing"`
			`)`

			`func TestMergeClientIps_EvictsStaleOldEntries(t *testing.T) {`
			`// #4077: after a ban expires, a single IP that reconnects used to get`
			`// banned again immediately because a long-disconnected IP stayed in the`
			`// DB with an ancient timestamp and kept "protecting" itself against`
			`// eviction. Guard against that regression here.`
			`old := []IPWithTimestamp{`
			`{IP: "1.1.1.1", Timestamp: 100}, // stale — client disconnected long ago`
			`{IP: "2.2.2.2", Timestamp: 1900}, // fresh — still connecting`
			`}`
			`new := []IPWithTimestamp{`
			`{IP: "2.2.2.2", Timestamp: 2000}, // same IP, newer log line`
			`}`

			`got := mergeClientIps(old, new, 1000)`

			`want := map[string]int64{"2.2.2.2": 2000}`
			`if !reflect.DeepEqual(got, want) {`
			`t.Fatalf("stale 1.1.1.1 should have been dropped\ngot: %v\nwant: %v", got, want)`
			`}`
			`}`

			`func TestMergeClientIps_KeepsFreshOldEntriesUnchanged(t *testing.T) {`
			`// Backwards-compat: entries that aren't stale are still carried forward,`
			`// so enforcement survives access-log rotation.`
			`old := []IPWithTimestamp{`
			`{IP: "1.1.1.1", Timestamp: 1500},`
			`}`
			`got := mergeClientIps(old, nil, 1000)`

			`want := map[string]int64{"1.1.1.1": 1500}`
			`if !reflect.DeepEqual(got, want) {`
			`t.Fatalf("fresh old IP should have been retained\ngot: %v\nwant: %v", got, want)`
			`}`
			`}`

			`func TestMergeClientIps_PrefersLaterTimestampForSameIp(t *testing.T) {`
			`old := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 1500}}`
			`new := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 1700}}`

			`got := mergeClientIps(old, new, 1000)`

			`if got["1.1.1.1"] != 1700 {`
			`t.Fatalf("expected latest timestamp 1700, got %d", got["1.1.1.1"])`
			`}`
			`}`

			`func TestMergeClientIps_DropsStaleNewEntries(t *testing.T) {`
			`// A log line with a clock-skewed old timestamp must not resurrect a`
			`// stale IP past the cutoff.`
			`new := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 500}}`
			`got := mergeClientIps(nil, new, 1000)`

			`if len(got) != 0 {`
			`t.Fatalf("stale new IP should have been dropped, got %v", got)`
			`}`
			`}`

			`func TestMergeClientIps_NoStaleCutoffStillWorks(t *testing.T) {`
			`// Defensive: a zero cutoff (e.g. during very first run on a fresh`
			`// install) must not over-evict.`
			`old := []IPWithTimestamp{{IP: "1.1.1.1", Timestamp: 100}}`
			`new := []IPWithTimestamp{{IP: "2.2.2.2", Timestamp: 200}}`

			`got := mergeClientIps(old, new, 0)`

			`want := map[string]int64{"1.1.1.1": 100, "2.2.2.2": 200}`
			`if !reflect.DeepEqual(got, want) {`
			`t.Fatalf("zero cutoff should keep everything\ngot: %v\nwant: %v", got, want)`
			`}`
			`}`