Compare commits

..

1 commit

Author SHA1 Message Date
konstpic
f5b299137c
Merge 685b9a0e81 into 172f2ddaa7 2025-09-26 22:44:58 +03:00
3 changed files with 45 additions and 12 deletions

2
go.mod
View file

@ -104,7 +104,7 @@ require (
lukechampine.com/blake3 v1.4.1 // indirect lukechampine.com/blake3 v1.4.1 // indirect
) )
// Local module replacements // Локальные подмены модулей
replace github.com/mhsanaei/3x-ui/v2/util/ldap => ./util/ldap replace github.com/mhsanaei/3x-ui/v2/util/ldap => ./util/ldap
replace github.com/mhsanaei/3x-ui/v2/web/service => ./web/service replace github.com/mhsanaei/3x-ui/v2/web/service => ./web/service
replace github.com/mhsanaei/3x-ui/v2/web/job => ./web/job replace github.com/mhsanaei/3x-ui/v2/web/job => ./web/job

View file

@ -27,7 +27,7 @@ func FetchVlessFlags(cfg Config) (map[string]bool, error) {
var conn *ldap.Conn var conn *ldap.Conn
var err error var err error
if cfg.UseTLS { if cfg.UseTLS {
conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false}) conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: true})
} else { } else {
conn, err = ldap.Dial("tcp", addr) conn, err = ldap.Dial("tcp", addr)
} }
@ -94,7 +94,7 @@ func AuthenticateUser(cfg Config, username, password string) (bool, error) {
var conn *ldap.Conn var conn *ldap.Conn
var err error var err error
if cfg.UseTLS { if cfg.UseTLS {
conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false}) conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: true})
} else { } else {
conn, err = ldap.Dial("tcp", addr) conn, err = ldap.Dial("tcp", addr)
} }

View file

@ -13,15 +13,13 @@ import (
"strconv" "strconv"
) )
var DefaultTruthyValues = []string{"true", "1", "yes", "on"}
type LdapSyncJob struct { type LdapSyncJob struct {
settingService service.SettingService settingService service.SettingService
inboundService service.InboundService inboundService service.InboundService
xrayService service.XrayService xrayService service.XrayService
} }
// --- Helper functions for mustGet --- // --- Вспомогательные функции для mustGet ---
func mustGetString(fn func() (string, error)) string { func mustGetString(fn func() (string, error)) string {
v, err := fn() v, err := fn()
if err != nil { if err != nil {
@ -174,7 +172,7 @@ func (j *LdapSyncJob) Run() {
func splitCsv(s string) []string { func splitCsv(s string) []string {
if s == "" { if s == "" {
return DefaultTruthyValues return []string{"true", "1", "yes", "on"}
} }
parts := strings.Split(s, ",") parts := strings.Split(s, ",")
out := make([]string, 0, len(parts)) out := make([]string, 0, len(parts))
@ -188,7 +186,7 @@ func splitCsv(s string) []string {
} }
// buildClient creates a new client for auto-create // buildClient собирает нового клиента для auto-create
func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExpiryDays, defLimitIP int) model.Client { func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExpiryDays, defLimitIP int) model.Client {
c := model.Client{ c := model.Client{
Email: email, Email: email,
@ -208,7 +206,7 @@ func (j *LdapSyncJob) buildClient(ib *model.Inbound, email string, defGB, defExp
return c return c
} }
// batchSetEnable enables/disables clients in batch through a single call // batchSetEnable массово включает/выключает клиентов через один вызов
func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable bool) { func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable bool) {
if len(emails) == 0 { if len(emails) == 0 {
return return
@ -228,7 +226,7 @@ func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable
Settings: j.clientsToJSON(clients), Settings: j.clientsToJSON(clients),
} }
// Use a single AddInboundClient call to update enable // Используем один вызов AddInboundClient для обновления enable
if _, err := j.inboundService.AddInboundClient(payload); err != nil { if _, err := j.inboundService.AddInboundClient(payload); err != nil {
logger.Warningf("Batch set enable failed for inbound %s: %v", ib.Tag, err) logger.Warningf("Batch set enable failed for inbound %s: %v", ib.Tag, err)
return return
@ -238,7 +236,7 @@ func (j *LdapSyncJob) batchSetEnable(ib *model.Inbound, emails []string, enable
j.xrayService.SetToNeedRestart() j.xrayService.SetToNeedRestart()
} }
// deleteClientsNotInLDAP performs batch deletion of clients not in LDAP // deleteClientsNotInLDAP массовое удаление клиентов, которых нет в LDAP
func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) { func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) {
inbounds, err := j.inboundService.GetAllInbounds() inbounds, err := j.inboundService.GetAllInbounds()
if err != nil { if err != nil {
@ -259,7 +257,7 @@ func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[s
toDelete := []model.Client{} toDelete := []model.Client{}
for _, c := range clients { for _, c := range clients {
if _, ok := ldapEmails[c.Email]; !ok { if _, ok := ldapEmails[c.Email]; !ok {
// Use appropriate field depending on protocol // В зависимости от протокола используем нужное поле
client := model.Client{Email: c.Email, ID: c.ID, Password: c.Password} client := model.Client{Email: c.Email, ID: c.ID, Password: c.Password}
toDelete = append(toDelete, client) toDelete = append(toDelete, client)
} }
@ -356,6 +354,41 @@ func (j *LdapSyncJob) ensureClientExists(inboundTag string, email string, defGB
} }
} }
// deleteClientsNotInLDAP removes clients from inbound tag that are not in ldapEmails
// func (j *LdapSyncJob) deleteClientsNotInLDAP(inboundTag string, ldapEmails map[string]struct{}) {
// inbounds, err := j.inboundService.GetAllInbounds()
// if err != nil {
// return
// }
// for _, ib := range inbounds {
// if ib.Tag != inboundTag {
// continue
// }
// clients, err := j.inboundService.GetClients(ib)
// if err != nil {
// continue
// }
// for _, c := range clients {
// if _, ok := ldapEmails[c.Email]; !ok {
// // determine clientId per protocol
// clientId := c.ID
// if ib.Protocol == model.Trojan {
// clientId = c.Password
// } else if ib.Protocol == model.Shadowsocks {
// clientId = c.Email
// }
// needRestart, err := j.inboundService.DelInboundClient(ib.Id, clientId)
// if err == nil {
// if needRestart {
// j.xrayService.SetToNeedRestart()
// }
// logger.Infof("LDAP auto-delete: %s from %s", c.Email, inboundTag)
// }
// }
// }
// }
// }
// clientToJSON serializes minimal client fields to JSON object string without extra deps // clientToJSON serializes minimal client fields to JSON object string without extra deps
func (j *LdapSyncJob) clientToJSON(c model.Client) string { func (j *LdapSyncJob) clientToJSON(c model.Client) string {
// construct minimal JSON manually to avoid importing json for simple case // construct minimal JSON manually to avoid importing json for simple case