From 3e4fda09132bd988fe5875dbb14666175c901a0f Mon Sep 17 00:00:00 2001 From: Mehdikhody Date: Sat, 10 Feb 2024 05:21:49 +0330 Subject: [PATCH] Add support for processing xray stdout when access log path is empty --- web/job/check_client_ip_job.go | 59 ++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/web/job/check_client_ip_job.go b/web/job/check_client_ip_job.go index 65e2a0ca..f8b84c36 100644 --- a/web/job/check_client_ip_job.go +++ b/web/job/check_client_ip_job.go @@ -38,6 +38,17 @@ func NewCheckClientIpJob() *CheckClientIpJob { } func (j *CheckClientIpJob) Run() { + // check if access log path is empty + // if it is, process xray stdout and not the access log file + accessLogPath := xray.GetAccessLogPath() + if accessLogPath == "" { + err := j.processXrayStdout() + if err != nil { + j.checkError(err) + } + + return + } // create files required for iplimit if not exists for i := 0; i < len(ipFiles); i++ { @@ -92,6 +103,54 @@ func (j *CheckClientIpJob) checkFail2BanInstalled() { } } +// processXrayStdout processes the xray stdout for client IPs +// this is used when the access log is set to empty string or null +// in the xray config +// +// This is the same as the processLogfile function but for xray stdout +// instead of the access log file, it processes the xray stdout +// witch is more efficient and faster because it doesn't need to do +// any system call to read the file +// +// This potentially can prevent the database look in lower specs machines, +// because of lower I/O operations +func (j *CheckClientIpJob) processXrayStdout() error { + listener, err := xray.GetClientIPListener() + if err != nil { + return err + } + + // unban every banned ip eveytime the job runs + // in our case, every 10 seconds + listener.UnbanAllIPs() + + for clientEmail, ips := range listener.InboundClientIps { + logger.Info("Inbound Client IPs: ", clientEmail, " => ", ips) + + inboundClientIps, err := j.getInboundClientIps(clientEmail) + sort.Strings(ips) + + if err != nil { + _ = j.addInboundClientIps(clientEmail, ips) + } else { + j.updateInboundClientIps(inboundClientIps, clientEmail, ips) + } + + // add disallowed ips to the banned list + for _, ip := range j.disAllowedIps { + listener.BanIP(ip) + } + + // clears the inbound client IPs after processing + delete(listener.InboundClientIps, clientEmail) + } + + // block the banned ips + listener.ProcessBlacklist() + + return nil +} + func (j *CheckClientIpJob) processLogFile() { accessLogPath := xray.GetAccessLogPath()