Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-04-19 21:42:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

change blockedips to AllowedIps

Browse source 
now only those IPs that are allowed are able to establish a connection; other connections are dropped it will happen every 10 sec
after user offline that IPs will be removed from AllowedIps
This commit is contained in:
MHSanaei 2023-05-25 03:21:31 +03:30
parent 896cc5386c
commit 6f28a3a2fe
2 changed files with 60 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
web/job/check_client_ip_job.go
View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"os" "os"
"regexp" "regexp"
"sync"
"x-ui/database" "x-ui/database"
"x-ui/database/model" "x-ui/database/model"
"x-ui/logger" "x-ui/logger"
@ -20,34 +21,38 @@ import (
type CheckClientIpJob struct { type CheckClientIpJob struct {
xrayService service.XrayService xrayService service.XrayService
AllowedIps []string
mutex sync.Mutex
} }
var job *CheckClientIpJob var job *CheckClientIpJob
var disAllowedIps []string var AllowedIps []string
var ipRegx *regexp.Regexp = regexp.MustCompile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
var emailRegx *regexp.Regexp = regexp.MustCompile(`email:.+`)
func NewCheckClientIpJob() *CheckClientIpJob { func NewCheckClientIpJob() *CheckClientIpJob {
job = new(CheckClientIpJob) job := &CheckClientIpJob{}
return job return job
} }
func (j *CheckClientIpJob) Run() { func (j *CheckClientIpJob) Run() {
logger.Debug("Check Client IP Job...") logger.Debug("Check Client IP Job...")
processLogFile() j.processLogFile()
// disAllowedIps = []string{"192.168.1.183","192.168.1.197"} // AllowedIps = []string{"192.168.1.183","192.168.1.197"}
blockedIps := []byte(strings.Join(disAllowedIps, ",")) allowedIps := []byte(strings.Join(j.getAllowedIps(), ","))
// check if file exists, if not create one // check if file exists, if not create one
_, err := os.Stat(xray.GetBlockedIPsPath()) _, err := os.Stat(xray.GetAllowedIPsPath())
if os.IsNotExist(err) { if os.IsNotExist(err) {
_, err = os.OpenFile(xray.GetBlockedIPsPath(), os.O_RDWR|os.O_CREATE, 0755) _, err = os.OpenFile(xray.GetAllowedIPsPath(), os.O_RDWR|os.O_CREATE, 0755)
checkError(err) checkError(err)
} }
err = os.WriteFile(xray.GetBlockedIPsPath(), blockedIps, 0755) err = os.WriteFile(xray.GetAllowedIPsPath(), allowedIps, 0755)
checkError(err) checkError(err)
} }
func processLogFile() { func (j *CheckClientIpJob) processLogFile() {
accessLogPath := GetAccessLogPath() accessLogPath := GetAccessLogPath()
if accessLogPath == "" { if accessLogPath == "" {
logger.Warning("access.log doesn't exist in your config.json") logger.Warning("access.log doesn't exist in your config.json")
@ -65,8 +70,6 @@ func processLogFile() {
lines := strings.Split(string(data), "\n") lines := strings.Split(string(data), "\n")
for _, line := range lines { for _, line := range lines {
ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
emailRegx, _ := regexp.Compile(`email:.+`)
matchesIp := ipRegx.FindString(line) matchesIp := ipRegx.FindString(line)
if len(matchesIp) > 0 { if len(matchesIp) > 0 {
@ -81,19 +84,13 @@ func processLogFile() {
} }
matchesEmail = strings.TrimSpace(strings.Split(matchesEmail, "email: ")[1]) matchesEmail = strings.TrimSpace(strings.Split(matchesEmail, "email: ")[1])
if InboundClientIps[matchesEmail] != nil { if !contains(InboundClientIps[matchesEmail], ip) {
if contains(InboundClientIps[matchesEmail], ip) {
continue
}
InboundClientIps[matchesEmail] = append(InboundClientIps[matchesEmail], ip)
} else {
InboundClientIps[matchesEmail] = append(InboundClientIps[matchesEmail], ip) InboundClientIps[matchesEmail] = append(InboundClientIps[matchesEmail], ip)
} }
} }
} }
disAllowedIps = []string{} j.setAllowedIps([]string{})
for clientEmail, ips := range InboundClientIps { for clientEmail, ips := range InboundClientIps {
inboundClientIps, err := GetInboundClientIps(clientEmail) inboundClientIps, err := GetInboundClientIps(clientEmail)
@ -102,7 +99,7 @@ func processLogFile() {
addInboundClientIps(clientEmail, ips) addInboundClientIps(clientEmail, ips)
} else { } else {
updateInboundClientIps(inboundClientIps, clientEmail, ips) j.updateInboundClientIps(inboundClientIps, clientEmail, ips)
} }
} }
@ -115,6 +112,7 @@ func processLogFile() {
stop <- true stop <- true
} }
func GetAccessLogPath() string { func GetAccessLogPath() string {
config, err := os.ReadFile(xray.GetConfigPath()) config, err := os.ReadFile(xray.GetConfigPath())
@ -135,20 +133,22 @@ func GetAccessLogPath() string {
return "" return ""
} }
func checkError(e error) { func checkError(e error) {
if e != nil { if e != nil {
logger.Warning("client ip job err:", e) logger.Warning("client ip job err:", e)
} }
} }
func contains(s []string, str string) bool { func contains(s []string, str string) bool {
for _, v := range s { for _, v := range s {
if v == str { if v == str {
return true return true
} }
} }
return false return false
} }
func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) { func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) {
db := database.GetDB() db := database.GetDB()
InboundClientIps := &model.InboundClientIps{} InboundClientIps := &model.InboundClientIps{}
@ -158,6 +158,7 @@ func GetInboundClientIps(clientEmail string) (*model.InboundClientIps, error) {
} }
return InboundClientIps, nil return InboundClientIps, nil
} }
func addInboundClientIps(clientEmail string, ips []string) error { func addInboundClientIps(clientEmail string, ips []string) error {
inboundClientIps := &model.InboundClientIps{} inboundClientIps := &model.InboundClientIps{}
jsonIps, err := json.Marshal(ips) jsonIps, err := json.Marshal(ips)
@ -170,10 +171,10 @@ func addInboundClientIps(clientEmail string, ips []string) error {
tx := db.Begin() tx := db.Begin()
defer func() { defer func() {
if err == nil { if r := recover(); r != nil {
tx.Commit()
} else {
tx.Rollback() tx.Rollback()
} else {
tx.Commit()
} }
}() }()
@ -183,13 +184,7 @@ func addInboundClientIps(clientEmail string, ips []string) error {
} }
return nil return nil
} }
func updateInboundClientIps(inboundClientIps *model.InboundClientIps, clientEmail string, ips []string) error { func (j *CheckClientIpJob) updateInboundClientIps(inboundClientIps *model.InboundClientIps, clientEmail string, ips []string) error {
jsonIps, err := json.Marshal(ips)
checkError(err)
inboundClientIps.ClientEmail = clientEmail
inboundClientIps.Ips = string(jsonIps)
// check inbound limitation // check inbound limitation
inbound, err := GetInboundByEmail(clientEmail) inbound, err := GetInboundByEmail(clientEmail)
@ -206,17 +201,22 @@ func updateInboundClientIps(inboundClientIps *model.InboundClientIps, clientEmai
for _, client := range clients { for _, client := range clients {
if client.Email == clientEmail { if client.Email == clientEmail {
limitIp := client.LimitIP limitIp := client.LimitIP
if limitIp < len(ips) && limitIp != 0 && inbound.Enable { if limitIp < len(ips) && limitIp != 0 && inbound.Enable {
for _, ip := range ips[:limitIp] {
disAllowedIps = append(disAllowedIps, ips[limitIp:]...) j.addAllowedIp(ip)
}
} }
} }
} }
logger.Debug("disAllowedIps ", disAllowedIps)
sort.Strings(disAllowedIps) jsonIps, err := json.Marshal(ips) // marshal the possibly truncated list of IPs
checkError(err)
inboundClientIps.ClientEmail = clientEmail
inboundClientIps.Ips = string(jsonIps)
logger.Debug("Allowed IPs: ", ips)
db := database.GetDB() db := database.GetDB()
err = db.Save(inboundClientIps).Error err = db.Save(inboundClientIps).Error
@ -225,6 +225,25 @@ func updateInboundClientIps(inboundClientIps *model.InboundClientIps, clientEmai
} }
return nil return nil
} }
func (j *CheckClientIpJob) setAllowedIps(ips []string) {
j.mutex.Lock()
defer j.mutex.Unlock()
j.AllowedIps = ips
}
func (j *CheckClientIpJob) addAllowedIp(ip string) {
j.mutex.Lock()
defer j.mutex.Unlock()
j.AllowedIps = append(j.AllowedIps, ip)
}
func (j *CheckClientIpJob) getAllowedIps() []string {
j.mutex.Lock()
defer j.mutex.Unlock()
return j.AllowedIps
}
func DisableInbound(id int) error { func DisableInbound(id int) error {
db := database.GetDB() db := database.GetDB()
result := db.Model(model.Inbound{}). result := db.Model(model.Inbound{}).
@ -278,7 +297,7 @@ func LimitDevice() {
srcPort = portRegx.FindString(data[1]) srcPort = portRegx.FindString(data[1])
srcPort = strings.Replace(srcPort, ":", "", -1) srcPort = strings.Replace(srcPort, ":", "", -1)
if contains(disAllowedIps, srcIp) { if contains(AllowedIps, srcIp) {
dropCmd := cmd.NewCmd("bash", "-c", "ss -K dport = "+srcPort) dropCmd := cmd.NewCmd("bash", "-c", "ss -K dport = "+srcPort)
dropCmd.Start() dropCmd.Start()

6
xray/process.go
View file

@ -51,8 +51,8 @@ func GetIranPath() string {
return config.GetBinFolderPath() + "/iran.dat" return config.GetBinFolderPath() + "/iran.dat"
} }
func GetBlockedIPsPath() string { func GetAllowedIPsPath() string {
return config.GetBinFolderPath() + "/blockedIPs" return config.GetBinFolderPath() + "/AllowedIPs"
} }
func stopProcess(p *Process) { func stopProcess(p *Process) {
@ -173,7 +173,7 @@ func (p *process) Start() (err error) {
return common.NewErrorf("Failed to write configuration file: %v", err) return common.NewErrorf("Failed to write configuration file: %v", err)
} }
cmd := exec.Command(GetBinaryPath(), "-c", configPath, "-restrictedIPsPath", GetBlockedIPsPath()) cmd := exec.Command(GetBinaryPath(), "-c", configPath, "-restrictedIPsPath", GetAllowedIPsPath())
p.cmd = cmd p.cmd = cmd
stdReader, err := cmd.StdoutPipe() stdReader, err := cmd.StdoutPipe()