Hexor/OutFleet
1
0
Fork 0
mirror of https://github.com/house-of-vanity/OutFleet.git synced 2025-10-24 09:19:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

API works. next: generate URI

Browse Source
This commit is contained in:
Ultradesu
2025-09-23 14:17:32 +01:00
parent 2b5b09a213
commit 572b5e19c0
12 changed files with 1026 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

392
API.md
View File

@@ -1,11 +1,27 @@
# User Management API
# OutFleet Xray Admin API
Base URL: `http://localhost:8080/api`
Base URL: `http://localhost:8080`
## Endpoints
## Overview
Complete API documentation for OutFleet - a web admin panel for managing xray-core VPN proxy servers.
## Base Endpoints
### Health Check
- `GET /` - Service health check
- `GET /health` - Service health check
**Response:**
```json
{
"status": "ok",
"service": "xray-admin",
"version": "0.1.0"
}
```
## API Endpoints
All API endpoints are prefixed with `/api`.
### Users
@@ -13,7 +29,26 @@ Base URL: `http://localhost:8080/api`
- `GET /users?page=1&per_page=20` - Get paginated list of users
#### Search Users
- `GET /users/search?q=john&page=1&per_page=20` - Search users by name
- `GET /users/search?q=john` - Universal search for users
**Search capabilities:**
- By name (partial match, case-insensitive): `?q=john`
- By telegram_id: `?q=123456789`
- By user UUID: `?q=550e8400-e29b-41d4-a716-446655440000`
**Response:** Array of user objects (limited to 100 results)
```json
[
{
"id": "uuid",
"name": "string",
"comment": "string|null",
"telegram_id": "number|null",
"created_at": "timestamp",
"updated_at": "timestamp"
}
]
```
#### Get User
- `GET /users/{id}` - Get user by ID
@@ -41,6 +76,259 @@ Base URL: `http://localhost:8080/api`
#### Delete User
- `DELETE /users/{id}` - Delete user by ID
#### Get User Access
- `GET /users/{id}/access` - Get user access to inbounds
**Response:**
```json
[
{
"id": "uuid",
"user_id": "uuid",
"server_inbound_id": "uuid",
"xray_user_id": "string",
"level": 0,
"is_active": true
}
]
```
### Servers
#### List Servers
- `GET /servers` - Get all servers
**Response:**
```json
[
{
"id": "uuid",
"name": "string",
"hostname": "string",
"grpc_hostname": "string",
"grpc_port": 2053,
"status": "online|offline|error|unknown",
"default_certificate_id": "uuid|null",
"created_at": "timestamp",
"updated_at": "timestamp",
"has_credentials": true
}
]
```
#### Get Server
- `GET /servers/{id}` - Get server by ID
#### Create Server
- `POST /servers` - Create new server
**Request:**
```json
{
"name": "Server Name",
"hostname": "server.example.com",
"grpc_hostname": "192.168.1.100", // optional, defaults to hostname
"grpc_port": 2053, // optional, defaults to 2053
"api_credentials": "optional credentials",
"default_certificate_id": "uuid" // optional
}
```
#### Update Server
- `PUT /servers/{id}` - Update server
**Request:** (all fields optional)
```json
{
"name": "New Server Name",
"hostname": "new.server.com",
"grpc_hostname": "192.168.1.200",
"grpc_port": 2054,
"api_credentials": "new credentials",
"status": "online",
"default_certificate_id": "uuid"
}
```
#### Delete Server
- `DELETE /servers/{id}` - Delete server
#### Test Server Connection
- `POST /servers/{id}/test` - Test connection to server
**Response:**
```json
{
"connected": true,
"endpoint": "192.168.1.100:2053"
}
```
#### Get Server Statistics
- `GET /servers/{id}/stats` - Get server statistics
### Server Inbounds
#### List Server Inbounds
- `GET /servers/{server_id}/inbounds` - Get all inbounds for a server
**Response:**
```json
[
{
"id": "uuid",
"server_id": "uuid",
"template_id": "uuid",
"template_name": "string",
"tag": "string",
"port_override": 8080,
"certificate_id": "uuid|null",
"variable_values": {},
"is_active": true,
"created_at": "timestamp",
"updated_at": "timestamp"
}
]
```
#### Get Server Inbound
- `GET /servers/{server_id}/inbounds/{inbound_id}` - Get specific inbound
#### Create Server Inbound
- `POST /servers/{server_id}/inbounds` - Create new inbound for server
**Request:**
```json
{
"template_id": "uuid",
"port": 8080,
"certificate_id": "uuid", // optional
"is_active": true
}
```
#### Update Server Inbound
- `PUT /servers/{server_id}/inbounds/{inbound_id}` - Update inbound
**Request:** (all fields optional)
```json
{
"tag": "new-tag",
"port_override": 8081,
"certificate_id": "uuid",
"variable_values": {"domain": "example.com"},
"is_active": false
}
```
#### Delete Server Inbound
- `DELETE /servers/{server_id}/inbounds/{inbound_id}` - Delete inbound
### User-Inbound Management
#### Add User to Inbound
- `POST /servers/{server_id}/inbounds/{inbound_id}/users` - Grant user access to inbound
**Request:**
```json
{
"user_id": "uuid", // optional, will create new user if not provided
"name": "username",
"comment": "User description", // optional
"telegram_id": 123456789, // optional
"level": 0 // optional, defaults to 0
}
```
#### Remove User from Inbound
- `DELETE /servers/{server_id}/inbounds/{inbound_id}/users/{email}` - Remove user access
### Certificates
#### List Certificates
- `GET /certificates` - Get all certificates
#### Get Certificate
- `GET /certificates/{id}` - Get certificate by ID
#### Create Certificate
- `POST /certificates` - Create new certificate
**Request:**
```json
{
"name": "Certificate Name",
"cert_type": "self_signed|letsencrypt",
"domain": "example.com",
"auto_renew": true,
"certificate_pem": "-----BEGIN CERTIFICATE-----...",
"private_key": "-----BEGIN PRIVATE KEY-----..."
}
```
#### Update Certificate
- `PUT /certificates/{id}` - Update certificate
**Request:** (all fields optional)
```json
{
"name": "New Certificate Name",
"auto_renew": false
}
```
#### Delete Certificate
- `DELETE /certificates/{id}` - Delete certificate
#### Get Certificate Details
- `GET /certificates/{id}/details` - Get detailed certificate information
#### Get Expiring Certificates
- `GET /certificates/expiring` - Get certificates that are expiring soon
### Templates
#### List Templates
- `GET /templates` - Get all inbound templates
#### Get Template
- `GET /templates/{id}` - Get template by ID
#### Create Template
- `POST /templates` - Create new inbound template
**Request:**
```json
{
"name": "Template Name",
"protocol": "vmess|vless|trojan|shadowsocks",
"default_port": 8080,
"requires_tls": true,
"config_template": "JSON template string"
}
```
#### Update Template
- `PUT /templates/{id}` - Update template
**Request:** (all fields optional)
```json
{
"name": "New Template Name",
"description": "Template description",
"default_port": 8081,
"base_settings": {},
"stream_settings": {},
"requires_tls": false,
"requires_domain": true,
"variables": [],
"is_active": true
}
```
#### Delete Template
- `DELETE /templates/{id}` - Delete template
## Response Format
### User Object
@@ -65,9 +353,101 @@ Base URL: `http://localhost:8080/api`
}
```
### Server Object
```json
{
"id": "uuid",
"name": "string",
"hostname": "string",
"grpc_hostname": "string",
"grpc_port": 2053,
"status": "online|offline|error|unknown",
"default_certificate_id": "uuid|null",
"created_at": "timestamp",
"updated_at": "timestamp",
"has_credentials": true
}
```
### Server Inbound Object
```json
{
"id": "uuid",
"server_id": "uuid",
"template_id": "uuid",
"template_name": "string",
"tag": "string",
"port_override": 8080,
"certificate_id": "uuid|null",
"variable_values": {},
"is_active": true,
"created_at": "timestamp",
"updated_at": "timestamp"
}
```
### Certificate Object
```json
{
"id": "uuid",
"name": "string",
"cert_type": "self_signed|letsencrypt",
"domain": "string",
"auto_renew": true,
"expires_at": "timestamp|null",
"created_at": "timestamp",
"updated_at": "timestamp"
}
```
### Template Object
```json
{
"id": "uuid",
"name": "string",
"description": "string|null",
"protocol": "vmess|vless|trojan|shadowsocks",
"default_port": 8080,
"base_settings": {},
"stream_settings": {},
"requires_tls": true,
"requires_domain": false,
"variables": [],
"is_active": true,
"created_at": "timestamp",
"updated_at": "timestamp"
}
```
### Inbound User Object
```json
{
"id": "uuid",
"user_id": "uuid",
"server_inbound_id": "uuid",
"xray_user_id": "string",
"password": "string|null",
"level": 0,
"is_active": true,
"created_at": "timestamp",
"updated_at": "timestamp"
}
```
## Status Codes
- `200` - Success
- `201` - Created
- `204` - No Content (successful deletion)
- `400` - Bad Request (invalid data)
- `404` - Not Found
- `409` - Conflict (duplicate telegram_id)
- `409` - Conflict (duplicate data, e.g. telegram_id)
- `500` - Internal Server Error
## Error Response Format
```json
{
"error": "Error message description",
"code": "ERROR_CODE",
"details": "Additional error details"
}
```

151
URI.md Normal file
View File

@@ -0,0 +1,151 @@
# Xray Client URI Generation
## VMess URI Format
VMess URIs use two formats:
### 1. Query Parameter Format
```
vmess://uuid@hostname:port?parameters#alias
```
**Parameters:**
- `encryption=auto` - Encryption method
- `security=tls|none` - Security layer (TLS or none)
- `sni=domain` - Server Name Indication for TLS
- `fp=chrome|firefox|safari` - TLS fingerprint
- `type=ws|tcp|grpc|http` - Transport type
- `path=/path` - WebSocket/HTTP path
- `host=domain` - Host header for WebSocket
**Example:**
```
vmess://2c981164-9b93-4bca-94ff-b78d3f8498d7@v2ray.codefyinc.com:443?encryption=auto&security=tls&sni=example.com&fp=chrome&type=ws&path=/ws&host=v2ray.codefyinc.com#MyServer
```
### 2. Base64 JSON Format
```
vmess://base64(json_config)#alias
```
**JSON Structure:**
```json
{
"v": "2",
"ps": "Server Name",
"add": "hostname",
"port": "443",
"id": "uuid",
"aid": "0",
"scy": "auto",
"net": "ws",
"type": "none",
"host": "domain",
"path": "/path",
"tls": "tls",
"sni": "domain",
"alpn": "",
"fp": "chrome"
}
```
## VLESS URI Format
```
vless://uuid@hostname:port?parameters#alias
```
**Key Parameters:**
- `encryption=none` - VLESS uses no encryption
- `security=tls|reality|none` - Security layer
- `type=ws|tcp|grpc|http|httpupgrade|xhttp` - Transport type
- `flow=xtls-rprx-vision` - Flow control (for XTLS)
- `headerType=none|http` - Header type for TCP
- `mode=auto|gun|stream-one` - Transport mode
- `serviceName=name` - gRPC service name
- `authority=domain` - gRPC authority
- `spx=/path` - Split HTTP path (for xhttp)
**REALITY Parameters:**
- `pbk=public_key` - Public key
- `sid=short_id` - Short ID
- `fp=chrome|firefox|safari` - TLS fingerprint
- `sni=domain` - Server Name Indication
**Examples:**
```
vless://uuid@server.com:443?type=tcp&security=none&headerType=none#Basic
vless://uuid@server.com:443?type=ws&security=tls&path=/ws&host=example.com#WebSocket
vless://uuid@server.com:443?type=grpc&security=reality&serviceName=grpcService&pbk=key&sid=id#gRPC-Reality
```
## Generation Algorithm
1. **UUID**: Use `inbound_users.xray_user_id`
2. **Hostname**: From `servers.hostname`
3. **Port**: From `server_inbounds.port_override` or template default
4. **Transport**: From inbound template `stream_settings`
5. **Security**: Based on certificate configuration
6. **Path**: From WebSocket stream settings
7. **Alias**: User name + server name
## Shadowsocks URI Format
```
ss://password@hostname:port?parameters#alias
```
**Parameters:**
- `encryption=none` - Usually none for modern configs
- `security=tls|reality|none` - Security layer
- `type=ws|tcp|grpc|xhttp` - Transport type
- `path=/path` - WebSocket/HTTP path
- `host=domain` - Host header
- `mode=auto|gun|stream-one` - Transport mode
- `headerType=none|http` - Header type for TCP
- `flow=xtls-rprx-vision` - Flow control (for REALITY)
- `pbk=key` - Public key (for REALITY)
- `sid=id` - Short ID (for REALITY)
**Example:**
```
ss://my-password@server.com:443?type=ws&security=tls&path=/ws&host=example.com#MyServer
```
## Trojan URI Format
```
trojan://password@hostname:port?parameters#alias
```
**Parameters:**
- `security=tls|reality|none` - Security layer
- `type=ws|tcp|grpc` - Transport type
- `sni=domain` - Server Name Indication
- `fp=chrome|firefox|randomized` - TLS fingerprint
- `flow=xtls-rprx-vision` - Flow control
- `allowInsecure=1` - Allow insecure connections
- `headerType=http|none` - Header type for TCP
- `mode=gun` - gRPC mode
- `serviceName=name` - gRPC service name
**WebSocket Parameters:**
- `path=/path` - WebSocket path
- `host=domain` - Host header
- `alpn=http/1.1|h2` - ALPN protocols
**Examples:**
```
trojan://password@server.com:443?type=tcp&security=tls&sni=example.com#Basic
trojan://password@server.com:443?type=ws&security=tls&path=/ws&host=example.com&sni=example.com#WebSocket
trojan://password@server.com:443?type=grpc&security=tls&serviceName=grpcService&mode=gun&sni=example.com#gRPC
```
## Implementation Notes
- VMess requires `aid=0` for modern clients
- VLESS doesn't use `aid` parameter
- Shadowsocks uses password instead of UUID
- Base64 encoding required for VMess JSON format
- URL encoding needed for special characters in parameters
- REALITY parameters: `pbk`, `sid`, `fp`, `sni`

25
src/database/entities/server.rs
View File

@@ -12,6 +12,8 @@ pub struct Model {
pub hostname: String,
pub grpc_hostname: String,
pub grpc_port: i32,
#[serde(skip_serializing)]
@@ -117,6 +119,7 @@ impl From<String> for ServerStatus {
pub struct CreateServerDto {
pub name: String,
pub hostname: String,
pub grpc_hostname: Option<String>, // Optional, defaults to hostname if not provided
pub grpc_port: Option<i32>,
pub api_credentials: Option<String>,
pub default_certificate_id: Option<Uuid>,
@@ -126,6 +129,7 @@ pub struct CreateServerDto {
pub struct UpdateServerDto {
pub name: Option<String>,
pub hostname: Option<String>,
pub grpc_hostname: Option<String>,
pub grpc_port: Option<i32>,
pub api_credentials: Option<String>,
pub status: Option<String>,
@@ -137,6 +141,7 @@ pub struct ServerResponse {
pub id: Uuid,
pub name: String,
pub hostname: String,
pub grpc_hostname: String,
pub grpc_port: i32,
pub status: String,
pub default_certificate_id: Option<Uuid>,
@@ -148,8 +153,9 @@ pub struct ServerResponse {
impl From<CreateServerDto> for ActiveModel {
fn from(dto: CreateServerDto) -> Self {
Self {
name: Set(dto.name),
hostname: Set(dto.hostname),
name: Set(dto.name.clone()),
hostname: Set(dto.hostname.clone()),
grpc_hostname: Set(dto.grpc_hostname.unwrap_or(dto.hostname)), // Default to hostname if not provided
grpc_port: Set(dto.grpc_port.unwrap_or(2053)),
api_credentials: Set(dto.api_credentials),
status: Set("unknown".to_string()),
@@ -165,6 +171,7 @@ impl From<Model> for ServerResponse {
id: server.id,
name: server.name,
hostname: server.hostname,
grpc_hostname: server.grpc_hostname,
grpc_port: server.grpc_port,
status: server.status,
default_certificate_id: server.default_certificate_id,
@@ -185,6 +192,9 @@ impl Model {
if let Some(hostname) = dto.hostname {
active_model.hostname = Set(hostname);
}
if let Some(grpc_hostname) = dto.grpc_hostname {
active_model.grpc_hostname = Set(grpc_hostname);
}
if let Some(grpc_port) = dto.grpc_port {
active_model.grpc_port = Set(grpc_port);
}
@@ -202,7 +212,16 @@ impl Model {
}
pub fn get_grpc_endpoint(&self) -> String {
format!("{}:{}", self.hostname, self.grpc_port)
let hostname = if self.grpc_hostname.is_empty() {
tracing::debug!("Using public hostname '{}' for gRPC (grpc_hostname is empty)", self.hostname);
&self.hostname
} else {
tracing::debug!("Using dedicated gRPC hostname '{}' (different from public hostname '{}')", self.grpc_hostname, self.hostname);
&self.grpc_hostname
};
let endpoint = format!("{}:{}", hostname, self.grpc_port);
tracing::info!("gRPC endpoint for server '{}': {}", self.name, endpoint);
endpoint
}
#[allow(dead_code)]

50
src/database/migrations/m20250922_000001_add_grpc_hostname_to_servers.rs Normal file
View File

@@ -0,0 +1,50 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(Servers::Table)
.add_column(
ColumnDef::new(Servers::GrpcHostname)
.string()
.not_null()
.default(""),
)
.to_owned(),
)
.await?;
// Update existing servers: set grpc_hostname to hostname value
let db = manager.get_connection();
// Use raw SQL to copy hostname to grpc_hostname for existing records
// Handle both empty strings and default empty values
db.execute_unprepared("UPDATE servers SET grpc_hostname = hostname WHERE grpc_hostname = '' OR grpc_hostname IS NULL")
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(Servers::Table)
.drop_column(Servers::GrpcHostname)
.to_owned(),
)
.await
}
}
#[derive(Iden)]
enum Servers {
Table,
GrpcHostname,
}

2
src/database/migrations/mod.rs
View File

@@ -8,6 +8,7 @@ mod m20241201_000005_create_server_inbounds_table;
mod m20241201_000006_create_user_access_table;
mod m20241201_000007_create_inbound_users_table;
mod m20250919_000001_update_inbound_users_schema;
mod m20250922_000001_add_grpc_hostname_to_servers;
pub struct Migrator;
@@ -23,6 +24,7 @@ impl MigratorTrait for Migrator {
Box::new(m20241201_000006_create_user_access_table::Migration),
Box::new(m20241201_000007_create_inbound_users_table::Migration),
Box::new(m20250919_000001_update_inbound_users_schema::Migration),
Box::new(m20250922_000001_add_grpc_hostname_to_servers::Migration),
]
}
}

2
src/database/repository/server.rs
View File

@@ -74,6 +74,6 @@ impl ServerRepository {
let server = self.find_by_id(id).await?
.ok_or_else(|| anyhow::anyhow!("Server not found"))?;
Ok(format!("{}:{}", server.hostname, server.grpc_port))
Ok(server.get_grpc_endpoint())
}
}

33
src/database/repository/user.rs
View File

@@ -1,5 +1,5 @@
use anyhow::Result;
use sea_orm::{DatabaseConnection, EntityTrait, QueryFilter, ColumnTrait, QueryOrder, PaginatorTrait};
use sea_orm::{DatabaseConnection, EntityTrait, QueryFilter, ColumnTrait, QueryOrder, PaginatorTrait, QuerySelect};
use uuid::Uuid;
use crate::database::entities::user::{Entity as User, Column, Model, ActiveModel, CreateUserDto, UpdateUserDto};
@@ -44,7 +44,7 @@ impl UserRepository {
Ok(user)
}
/// Search users by name
/// Search users by name (with pagination for backward compatibility)
pub async fn search_by_name(&self, query: &str, page: u64, per_page: u64) -> Result<Vec<Model>> {
let users = User::find()
.filter(Column::Name.contains(query))
@@ -56,6 +56,35 @@ impl UserRepository {
Ok(users)
}
/// Universal search - searches by name, telegram_id, or user_id
pub async fn search(&self, query: &str) -> Result<Vec<Model>> {
use sea_orm::Condition;
let mut condition = Condition::any();
// Search by name (case-insensitive partial match)
condition = condition.add(Column::Name.contains(query));
// Try to parse as telegram_id (i64)
if let Ok(telegram_id) = query.parse::<i64>() {
condition = condition.add(Column::TelegramId.eq(telegram_id));
}
// Try to parse as UUID (user_id)
if let Ok(user_id) = Uuid::parse_str(query) {
condition = condition.add(Column::Id.eq(user_id));
}
let users = User::find()
.filter(condition)
.order_by_desc(Column::CreatedAt)
.limit(100) // Reasonable limit to prevent huge results
.all(&self.db)
.await?;
Ok(users)
}
/// Create a new user
pub async fn create(&self, dto: CreateUserDto) -> Result<Model> {
let active_model: ActiveModel = dto.into();

4
src/services/tasks.rs
View File

@@ -215,7 +215,7 @@ async fn sync_xray_state(db: DatabaseManager, xray_service: XrayService) -> Resu
for server in servers {
let endpoint = format!("{}:{}", server.hostname, server.grpc_port);
let endpoint = server.get_grpc_endpoint();
// Test connection first
match xray_service.test_connection(server.id, &endpoint).await {
@@ -394,7 +394,7 @@ async fn sync_single_server_by_id(
let desired_inbounds = get_desired_inbounds_from_db(db, &server, &inbound_repo, &template_repo).await?;
// Build endpoint
let endpoint = format!("{}:{}", server.hostname, server.grpc_port);
let endpoint = server.get_grpc_endpoint();
// Sync server
sync_server_inbounds(xray_service, server_id, &endpoint, &desired_inbounds).await?;

4
src/web/handlers/servers.rs
View File

@@ -108,6 +108,7 @@ pub async fn test_server_connection(
let update_dto = server::UpdateServerDto {
name: None,
hostname: None,
grpc_hostname: None,
grpc_port: None,
api_credentials: None,
default_certificate_id: None,
@@ -126,6 +127,7 @@ pub async fn test_server_connection(
let update_dto = server::UpdateServerDto {
name: None,
hostname: None,
grpc_hostname: None,
grpc_port: None,
api_credentials: None,
default_certificate_id: None,
@@ -586,7 +588,7 @@ pub async fn remove_user_from_inbound(
let inbound_tag = &inbound.tag;
// Remove user from xray server
match app_state.xray_service.remove_user(server_id, &format!("{}:{}", server.hostname, server.grpc_port), &inbound_tag, &email).await {
match app_state.xray_service.remove_user(server_id, &server.get_grpc_endpoint(), &inbound_tag, &email).await {
Ok(_) => {
tracing::info!("Removed user '{}' from inbound", email);
Ok(StatusCode::NO_CONTENT)

55
src/web/handlers/users.rs
View File

@@ -23,8 +23,6 @@ pub struct PaginationQuery {
#[derive(Debug, Deserialize)]
pub struct SearchQuery {
pub q: Option<String>,
#[serde(flatten)]
pub pagination: PaginationQuery,
}
#[derive(Debug, Serialize)]
@@ -86,34 +84,24 @@ pub async fn get_users(
Ok(Json(response))
}
/// Search users by name
/// Search users by name, telegram_id or user_id
pub async fn search_users(
State(app_state): State<AppState>,
Query(query): Query<SearchQuery>,
) -> Result<Json<UsersResponse>, StatusCode> {
) -> Result<Json<Vec<UserResponse>>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
let users = if let Some(search_query) = query.q {
repo.search_by_name(&search_query, query.pagination.page, query.pagination.per_page)
// Search by name, telegram_id, or UUID
repo.search(&search_query)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
} else {
repo.get_all(query.pagination.page, query.pagination.per_page)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
};
let total = repo.count()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let response = UsersResponse {
users: users.into_iter().map(UserResponse::from).collect(),
total,
page: query.pagination.page,
per_page: query.pagination.per_page,
// If no query, return empty array
Vec::new()
};
let response: Vec<UserResponse> = users.into_iter().map(UserResponse::from).collect();
Ok(Json(response))
}
@@ -204,3 +192,32 @@ pub async fn delete_user(
Err(StatusCode::NOT_FOUND)
}
}
/// Get user access (inbound associations)
pub async fn get_user_access(
State(app_state): State<AppState>,
Path(user_id): Path<Uuid>,
) -> Result<Json<Vec<serde_json::Value>>, StatusCode> {
use crate::database::repository::InboundUsersRepository;
let inbound_users_repo = InboundUsersRepository::new(app_state.db.connection().clone());
let access_list = inbound_users_repo
.find_by_user_id(user_id)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let response: Vec<serde_json::Value> = access_list
.into_iter()
.map(|access| serde_json::json!({
"id": access.id,
"user_id": access.user_id,
"server_inbound_id": access.server_inbound_id,
"xray_user_id": access.xray_user_id,
"level": access.level,
"is_active": access.is_active,
}))
.collect();
Ok(Json(response))
}

1
src/web/routes/mod.rs
View File

@@ -24,4 +24,5 @@ fn user_routes() -> Router<AppState> {
.route("/:id", get(handlers::get_user)
.put(handlers::update_user)
.delete(handlers::delete_user))
.route("/:id/access", get(handlers::get_user_access))
}

374
static/admin.html
View File

@@ -296,6 +296,85 @@
display: block;
}
.modal-overlay {
position: fixed;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: rgba(0, 0, 0, 0.5);
display: flex;
justify-content: center;
align-items: center;
z-index: 1000;
}
.modal-content {
background: white;
border-radius: 12px;
padding: 24px;
max-width: 600px;
width: 90%;
max-height: 80vh;
overflow-y: auto;
box-shadow: 0 10px 30px rgba(0, 0, 0, 0.2);
}
.modal-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 20px;
}
.modal-header h2 {
margin: 0;
}
.modal-body {
margin-bottom: 20px;
}
.modal-actions {
display: flex;
justify-content: flex-end;
gap: 10px;
padding-top: 20px;
border-top: 1px solid #eee;
}
.server-section {
margin-bottom: 20px;
padding: 15px;
background: #f8f9fa;
border-radius: 8px;
}
.server-section h3 {
margin: 0 0 10px 0;
font-size: 14px;
color: #333;
}
.inbound-item {
margin: 5px 0;
}
.inbound-item label {
display: flex;
align-items: center;
gap: 8px;
cursor: pointer;
}
.inbound-item input[type="checkbox"] {
cursor: pointer;
}
.required {
color: #dc3545;
}
.form-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
@@ -594,8 +673,14 @@
<input type="text" id="serverName" class="form-input" placeholder="Enter server name">
</div>
<div class="form-group">
<label class="form-label" for="serverHostname">Hostname *</label>
<label class="form-label" for="serverHostname">Public Hostname *</label>
<input type="text" id="serverHostname" class="form-input" placeholder="server.example.com">
<small class="form-help">Hostname that clients will connect to</small>
</div>
<div class="form-group">
<label class="form-label" for="serverGrpcHostname">gRPC Hostname</label>
<input type="text" id="serverGrpcHostname" class="form-input" placeholder="192.168.1.100 or leave empty to use public hostname">
<small class="form-help">Internal address for gRPC API (optional, defaults to public hostname)</small>
</div>
<div class="form-group">
<label class="form-label" for="serverPort">gRPC Port</label>
@@ -654,6 +739,7 @@
<div class="page-header">
<h1 class="page-title">Users</h1>
<p class="page-subtitle">Manage user accounts and access</p>
<button class="btn btn-primary" onclick="showCreateUserModal()">+ Create User</button>
</div>
<div class="card">
@@ -775,8 +861,8 @@
<thead>
<tr>
<th>Name</th>
<th>Hostname</th>
<th>Port</th>
<th>Public Hostname</th>
<th>gRPC Address</th>
<th>Status</th>
<th>Actions</th>
</tr>
@@ -786,10 +872,11 @@
<tr>
<td><strong>${escapeHtml(server.name)}</strong></td>
<td>${escapeHtml(server.hostname)}</td>
<td>${server.grpc_port}</td>
<td>${escapeHtml(server.grpc_hostname)}:${server.grpc_port}</td>
<td><span class="status-badge status-${server.status}">${server.status}</span></td>
<td>
<div class="actions">
<button class="btn btn-small btn-primary" onclick="editServer('${server.id}')">Edit</button>
<button class="btn btn-small btn-success" onclick="testConnection('${server.id}')">Test</button>
<button class="btn btn-small btn-danger" onclick="deleteServer('${server.id}', '${escapeHtml(server.name)}')">Delete</button>
</div>
@@ -958,6 +1045,7 @@
const name = document.getElementById('serverName').value.trim();
const hostname = document.getElementById('serverHostname').value.trim();
const grpc_hostname = document.getElementById('serverGrpcHostname').value.trim();
const grpc_port = document.getElementById('serverPort').value;
const api_credentials = document.getElementById('serverCredentials').value.trim();
@@ -967,6 +1055,7 @@
}
const serverData = { name, hostname };
if (grpc_hostname) serverData.grpc_hostname = grpc_hostname;
if (grpc_port) serverData.grpc_port = parseInt(grpc_port);
if (api_credentials) serverData.api_credentials = api_credentials;
@@ -1005,6 +1094,113 @@
}
}
async function editServer(serverId) {
try {
// Fetch server data
const response = await fetch(`${API_BASE}/servers/${serverId}`);
if (!response.ok) throw new Error('Failed to fetch server');
const server = await response.json();
// Create edit modal
const modalContent = `
<div class="modal-overlay" onclick="closeEditServerModal()">
<div class="modal-content" onclick="event.stopPropagation()">
<div class="modal-header">
<h2>Edit Server: ${escapeHtml(server.name)}</h2>
<button class="btn btn-small" onclick="closeEditServerModal()">Close</button>
</div>
<div class="modal-body">
<form id="editServerForm">
<input type="hidden" id="editServerId" value="${server.id}">
<div class="form-group">
<label class="form-label" for="editServerName">Server Name *</label>
<input type="text" id="editServerName" class="form-input" value="${escapeHtml(server.name)}" required>
</div>
<div class="form-group">
<label class="form-label" for="editServerHostname">Public Hostname *</label>
<input type="text" id="editServerHostname" class="form-input" value="${escapeHtml(server.hostname)}" required>
<small class="form-help">Hostname that clients will connect to</small>
</div>
<div class="form-group">
<label class="form-label" for="editServerGrpcHostname">gRPC Hostname</label>
<input type="text" id="editServerGrpcHostname" class="form-input" value="${escapeHtml(server.grpc_hostname || '')}" placeholder="Leave empty to use public hostname">
<small class="form-help">Internal address for gRPC API (optional)</small>
</div>
<div class="form-group">
<label class="form-label" for="editServerPort">gRPC Port</label>
<input type="number" id="editServerPort" class="form-input" value="${server.grpc_port}">
</div>
<div class="form-group">
<label class="form-label" for="editServerCredentials">API Credentials</label>
<input type="text" id="editServerCredentials" class="form-input" placeholder="${server.has_credentials ? 'Leave empty to keep existing credentials' : 'Optional credentials'}">
</div>
<div class="modal-actions">
<button type="submit" class="btn btn-primary">Update Server</button>
<button type="button" class="btn btn-secondary" onclick="closeEditServerModal()">Cancel</button>
</div>
</form>
</div>
</div>
</div>
`;
document.body.insertAdjacentHTML('beforeend', modalContent);
// Handle form submission
document.getElementById('editServerForm').addEventListener('submit', async (e) => {
e.preventDefault();
await updateServer();
});
} catch (error) {
showAlert('Error loading server: ' + error.message, 'error');
}
}
function closeEditServerModal() {
const modal = document.querySelector('.modal-overlay');
if (modal) {
modal.remove();
}
}
async function updateServer() {
const serverId = document.getElementById('editServerId').value;
const name = document.getElementById('editServerName').value.trim();
const hostname = document.getElementById('editServerHostname').value.trim();
const grpc_hostname = document.getElementById('editServerGrpcHostname').value.trim();
const grpc_port = document.getElementById('editServerPort').value;
const api_credentials = document.getElementById('editServerCredentials').value.trim();
if (!name || !hostname) {
showAlert('Name and hostname are required', 'error');
return;
}
const serverData = { name, hostname };
if (grpc_hostname) serverData.grpc_hostname = grpc_hostname;
if (grpc_port) serverData.grpc_port = parseInt(grpc_port);
if (api_credentials) serverData.api_credentials = api_credentials;
try {
const response = await fetch(`${API_BASE}/servers/${serverId}`, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(serverData)
});
if (!response.ok) throw new Error('Failed to update server');
showAlert('Server updated successfully', 'success');
closeEditServerModal();
loadServers();
} catch (error) {
showAlert('Error updating server: ' + error.message, 'error');
}
}
async function deleteServer(serverId, serverName) {
if (!confirm(`Are you sure you want to delete server "${serverName}"?`)) return;
@@ -1043,6 +1239,10 @@
// User Access Management
async function editUserAccess(userId, userName) {
try {
// First, load existing user access
const userAccessResponse = await fetch(`${API_BASE}/users/${userId}/access`);
const existingAccess = await userAccessResponse.ok ? await userAccessResponse.json() : [];
// Load servers and their inbounds
const serversResponse = await fetch(`${API_BASE}/servers`);
const servers = await serversResponse.json();
@@ -1057,12 +1257,14 @@
<div class="modal-body">
<form id="userAccessForm">
<input type="hidden" id="editUserId" value="${userId}">
<input type="hidden" id="editUserName" value="${escapeHtml(userName)}">
`;
for (const server of servers) {
modalContent += `
<div class="server-section">
<h3>${escapeHtml(server.name)} (${escapeHtml(server.hostname)}:${server.grpc_port})</h3>
<h3>${escapeHtml(server.name)} (${escapeHtml(server.hostname)})</h3>
<p><small>gRPC: ${escapeHtml(server.grpc_hostname)}:${server.grpc_port}</small></p>
`;
try {
@@ -1071,6 +1273,11 @@
if (inbounds.length > 0) {
for (const inbound of inbounds) {
// Check if user already has access to this inbound
const hasAccess = existingAccess.some(a =>
a.server_inbound_id === inbound.id
);
modalContent += `
<div class="inbound-item">
<label>
@@ -1079,8 +1286,10 @@
data-server-id="${server.id}"
data-inbound-id="${inbound.id}"
data-server-name="${escapeHtml(server.name)}"
data-inbound-port="${inbound.port_override || 'default'}">
data-inbound-port="${inbound.port_override || 'default'}"
${hasAccess ? 'checked' : ''}>
${escapeHtml(inbound.template_name || 'Unknown Template')}
${hasAccess ? '<span class="status-badge status-online">Active</span>' : ''}
</label>
</div>
`;
@@ -1096,20 +1305,6 @@
}
modalContent += `
<div class="user-details">
<label>Email for Xray:
<input type="email" id="xrayEmail" placeholder="user@example.com" required>
</label>
<label>User ID (UUID for VLESS/VMess, password for Trojan):
<div class="input-group">
<input type="text" id="xrayUserId" placeholder="Generated UUID" required>
<button type="button" class="refresh-btn" onclick="generateUUID()" title="Generate new UUID">⟳</button>
</div>
</label>
<label>Level (0-255):
<input type="number" id="xrayLevel" min="0" max="255" value="0">
</label>
</div>
<div class="modal-actions">
<button type="submit" class="btn btn-primary">Save Access</button>
<button type="button" class="btn btn-secondary" onclick="closeUserAccessModal()">Cancel</button>
@@ -1122,9 +1317,6 @@
document.body.insertAdjacentHTML('beforeend', modalContent);
// Generate initial UUID
generateUUID();
// Handle form submission
document.getElementById('userAccessForm').addEventListener('submit', saveUserAccess);
@@ -1140,6 +1332,85 @@
}
}
// Show create user modal
function showCreateUserModal() {
const modalContent = `
<div class="modal-overlay" onclick="closeCreateUserModal()">
<div class="modal-content" onclick="event.stopPropagation()">
<div class="modal-header">
<h2>Create New User</h2>
<button class="btn btn-small" onclick="closeCreateUserModal()">Close</button>
</div>
<div class="modal-body">
<form id="createUserForm">
<div class="form-grid">
<label>
Name: <span class="required">*</span>
<input type="text" name="name" required placeholder="User name">
</label>
<label>
Comment:
<input type="text" name="comment" placeholder="Optional comment">
</label>
<label>
Telegram ID:
<input type="number" name="telegram_id" placeholder="Optional Telegram ID">
</label>
</div>
<div class="modal-actions">
<button type="submit" class="btn btn-primary">Create User</button>
<button type="button" class="btn btn-secondary" onclick="closeCreateUserModal()">Cancel</button>
</div>
</form>
</div>
</div>
</div>
`;
document.body.insertAdjacentHTML('beforeend', modalContent);
document.getElementById('createUserForm').addEventListener('submit', createUser);
}
function closeCreateUserModal() {
const modal = document.querySelector('.modal-overlay');
if (modal) {
modal.remove();
}
}
async function createUser(event) {
event.preventDefault();
const formData = new FormData(event.target);
const userData = {
name: formData.get('name'),
comment: formData.get('comment') || null,
telegram_id: formData.get('telegram_id') ? parseInt(formData.get('telegram_id')) : null
};
try {
const response = await fetch(`${API_BASE}/users`, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(userData)
});
if (!response.ok) {
const error = await response.json();
throw new Error(error.message || 'Failed to create user');
}
showAlert('User created successfully', 'success');
closeCreateUserModal();
loadUsers(); // Reload users table
} catch (error) {
showAlert('Error creating user: ' + error.message, 'error');
}
}
function generateUUID() {
const uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
const r = Math.random() * 16 | 0;
@@ -1153,31 +1424,30 @@
event.preventDefault();
const userId = document.getElementById('editUserId').value;
const email = document.getElementById('xrayEmail').value;
const xrayUserId = document.getElementById('xrayUserId').value;
const level = parseInt(document.getElementById('xrayLevel').value) || 0;
const userName = document.getElementById('editUserName').value;
const checkedAccess = document.querySelectorAll('input[name="access"]:checked');
if (checkedAccess.length === 0) {
showAlert('Please select at least one server/inbound', 'error');
return;
}
if (!email || !xrayUserId) {
showAlert('Please fill in all required fields', 'error');
return;
}
const allCheckboxes = document.querySelectorAll('input[name="access"]');
try {
for (const checkbox of checkedAccess) {
// Get current user access
const currentAccessResponse = await fetch(`${API_BASE}/users/${userId}/access`);
const currentAccess = await currentAccessResponse.ok ? await currentAccessResponse.json() : [];
// Process each checkbox
for (const checkbox of allCheckboxes) {
const serverId = checkbox.dataset.serverId;
const inboundId = checkbox.dataset.inboundId;
const userData = {
email: email,
id: xrayUserId,
level: level
const currentlyHasAccess = currentAccess.some(a =>
a.server_inbound_id === inboundId
);
if (checkbox.checked && !currentlyHasAccess) {
// Grant access - pass user_id to use existing user
const grantData = {
user_id: userId,
name: userName,
level: 0
};
const response = await fetch(`${API_BASE}/servers/${serverId}/inbounds/${inboundId}/users`, {
@@ -1185,11 +1455,27 @@
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(userData)
body: JSON.stringify(grantData)
});
if (!response.ok && response.status !== 409) { // 409 = already exists
throw new Error(`Failed to grant access`);
}
} else if (!checkbox.checked && currentlyHasAccess) {
// Revoke access
const accessRecord = currentAccess.find(a =>
a.server_inbound_id === inboundId
);
if (accessRecord) {
const response = await fetch(`${API_BASE}/servers/${serverId}/inbounds/${inboundId}/users/${accessRecord.id}`, {
method: 'DELETE'
});
if (!response.ok) {
throw new Error(`Failed to add user to ${checkbox.dataset.serverName} inbound ${checkbox.dataset.inboundPort}`);
throw new Error(`Failed to revoke access`);
}
}
}
}