Hexor/OutFleet
1
0
Fork 0
mirror of https://github.com/house-of-vanity/OutFleet.git synced 2025-10-26 10:09:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added usermanagement in TG admin

Browse Source
This commit is contained in:
AB from home.homenet
2025-10-24 18:11:34 +03:00
parent c6892b1a73
commit 78bf75b24e
89 changed files with 4389 additions and 2419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
src/services/acme/client.rs
View File

@@ -6,7 +6,7 @@ use std::time::{Duration, Instant};
use tokio::time::sleep;
use tracing::{debug, info, warn};
use crate::services::acme::{CloudflareClient, AcmeError};
use crate::services::acme::{AcmeError, CloudflareClient};
pub struct AcmeClient {
cloudflare: CloudflareClient,
@@ -21,7 +21,7 @@ impl AcmeClient {
directory_url: String,
) -> Result<Self, AcmeError> {
info!("Creating ACME client for directory: {}", directory_url);
let cloudflare = CloudflareClient::new(cloudflare_token)?;
// Create Let's Encrypt account
@@ -47,17 +47,24 @@ impl AcmeClient {
})
}
pub async fn get_certificate(&mut self, domain: &str, base_domain: &str) -> Result<(String, String), AcmeError> {
pub async fn get_certificate(
&mut self,
domain: &str,
base_domain: &str,
) -> Result<(String, String), AcmeError> {
info!("Starting certificate request for domain: {}", domain);
// Validate domain
if domain.is_empty() || base_domain.is_empty() {
return Err(AcmeError::InvalidDomain("Domain cannot be empty".to_string()));
return Err(AcmeError::InvalidDomain(
"Domain cannot be empty".to_string(),
));
}
// Create a new order
let identifiers = vec![Identifier::Dns(domain.to_string())];
let mut order = self.account
let mut order = self
.account
.new_order(&NewOrder::new(&identifiers))
.await
.map_err(|e| AcmeError::OrderCreation(e.to_string()))?;
@@ -66,13 +73,12 @@ impl AcmeClient {
// Process authorizations
let mut authorizations = order.authorizations();
while let Some(authz_result) = authorizations.next().await {
let mut authz = authz_result
.map_err(|e| AcmeError::Challenge(e.to_string()))?;
let mut authz = authz_result.map_err(|e| AcmeError::Challenge(e.to_string()))?;
let identifier = format!("{:?}", authz.identifier());
if authz.status == AuthorizationStatus::Valid {
info!("Authorization already valid for: {:?}", identifier);
continue;
@@ -93,7 +99,8 @@ impl AcmeClient {
// Create DNS record
let challenge_domain = format!("_acme-challenge.{}", domain);
let record_id = self.cloudflare
let record_id = self
.cloudflare
.create_txt_record(base_domain, &challenge_domain, &challenge_value)
.await?;
@@ -105,9 +112,11 @@ impl AcmeClient {
// Submit challenge
info!("Submitting challenge...");
challenge.set_ready().await
challenge
.set_ready()
.await
.map_err(|e| AcmeError::Challenge(e.to_string()))?;
(challenge_value, record_id)
};
@@ -129,7 +138,9 @@ impl AcmeClient {
return Err(AcmeError::Challenge("Order processing timeout".to_string()));
}
order.refresh().await
order
.refresh()
.await
.map_err(|e| AcmeError::OrderCreation(e.to_string()))?;
match order.state().status {
@@ -154,55 +165,73 @@ impl AcmeClient {
// Generate CSR
info!("Generating certificate signing request...");
let mut params = CertificateParams::new(vec![domain.to_string()]);
params.distinguished_name = DistinguishedName::new();
let key_pair = KeyPair::generate(&rcgen::PKCS_ECDSA_P256_SHA256)
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?;
// Set the key pair for CSR generation
params.key_pair = Some(key_pair);
// Generate CSR using rcgen certificate
let cert = rcgen::Certificate::from_params(params)
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?;
let csr_der = cert.serialize_request_der()
let csr_der = cert
.serialize_request_der()
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?;
// Finalize order with CSR
info!("Finalizing order with CSR...");
order.finalize_csr(&csr_der).await
order
.finalize_csr(&csr_der)
.await
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?;
// Wait for certificate to be ready
info!("Waiting for certificate to be generated...");
let start = Instant::now();
let timeout = Duration::from_secs(300); // 5 minutes
let cert_chain_pem = loop {
if start.elapsed() > timeout {
return Err(AcmeError::CertificateGeneration("Certificate generation timeout".to_string()));
return Err(AcmeError::CertificateGeneration(
"Certificate generation timeout".to_string(),
));
}
order.refresh().await
order
.refresh()
.await
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?;
match order.state().status {
OrderStatus::Valid => {
info!("Certificate is ready!");
break order.certificate().await
break order
.certificate()
.await
.map_err(|e| AcmeError::CertificateGeneration(e.to_string()))?
.ok_or_else(|| AcmeError::CertificateGeneration("Certificate not available".to_string()))?;
.ok_or_else(|| {
AcmeError::CertificateGeneration(
"Certificate not available".to_string(),
)
})?;
}
OrderStatus::Invalid => {
return Err(AcmeError::CertificateGeneration("Order became invalid during certificate generation".to_string()));
return Err(AcmeError::CertificateGeneration(
"Order became invalid during certificate generation".to_string(),
));
}
OrderStatus::Processing => {
debug!("Certificate still being processed, waiting...");
sleep(Duration::from_secs(3)).await;
}
_ => {
debug!("Waiting for certificate, order status: {:?}", order.state().status);
debug!(
"Waiting for certificate, order status: {:?}",
order.state().status
);
sleep(Duration::from_secs(3)).await;
}
}
@@ -214,12 +243,16 @@ impl AcmeClient {
Ok((cert_chain_pem, private_key_pem))
}
async fn wait_for_dns_propagation(&self, record_name: &str, expected_value: &str) -> Result<(), AcmeError> {
async fn wait_for_dns_propagation(
&self,
record_name: &str,
expected_value: &str,
) -> Result<(), AcmeError> {
info!("Checking DNS propagation for: {}", record_name);
let start = Instant::now();
let timeout = Duration::from_secs(120); // 2 minutes
while start.elapsed() < timeout {
match self.check_dns_txt_record(record_name, expected_value).await {
Ok(true) => {
@@ -233,17 +266,21 @@ impl AcmeClient {
debug!("DNS check failed: {:?}", e);
}
}
sleep(Duration::from_secs(10)).await;
}
warn!("DNS propagation timeout, but continuing anyway");
Ok(())
}
async fn check_dns_txt_record(&self, record_name: &str, expected_value: &str) -> Result<bool, AcmeError> {
async fn check_dns_txt_record(
&self,
record_name: &str,
expected_value: &str,
) -> Result<bool, AcmeError> {
use std::process::Command;
let output = Command::new("dig")
.args(&["+short", "TXT", record_name])
.output()
@@ -268,7 +305,11 @@ impl AcmeClient {
}
async fn cleanup_dns_record(&self, base_domain: &str, record_id: &str) {
if let Err(e) = self.cloudflare.delete_txt_record(base_domain, record_id).await {
if let Err(e) = self
.cloudflare
.delete_txt_record(base_domain, record_id)
.await
{
warn!("Failed to cleanup DNS record {}: {:?}", record_id, e);
}
}
@@ -277,11 +318,13 @@ impl AcmeClient {
pub fn get_base_domain(domain: &str) -> Result<String, AcmeError> {
let parts: Vec<&str> = domain.split('.').collect();
if parts.len() < 2 {
return Err(AcmeError::InvalidDomain("Domain must have at least 2 parts".to_string()));
return Err(AcmeError::InvalidDomain(
"Domain must have at least 2 parts".to_string(),
));
}
// Take the last two parts for base domain
let base_domain = format!("{}.{}", parts[parts.len() - 2], parts[parts.len() - 1]);
Ok(base_domain)
}
}
}

85
src/services/acme/cloudflare.rs
View File

@@ -74,10 +74,11 @@ impl CloudflareClient {
async fn get_zone_id(&self, domain: &str) -> Result<String, AcmeError> {
info!("Getting Cloudflare zone ID for domain: {}", domain);
let url = format!("https://api.cloudflare.com/client/v4/zones?name={}", domain);
let response = self.client
let response = self
.client
.get(&url)
.header("Authorization", format!("Bearer {}", self.api_token))
.header("Content-Type", "application/json")
@@ -87,7 +88,10 @@ impl CloudflareClient {
if !response.status().is_success() {
let status = response.status();
let body = response.text().await.unwrap_or_default();
return Err(AcmeError::CloudflareApi(format!("HTTP {}: {}", status, body)));
return Err(AcmeError::CloudflareApi(format!(
"HTTP {}: {}",
status, body
)));
}
let zones: CloudflareZonesResponse = response.json().await?;
@@ -95,17 +99,28 @@ impl CloudflareClient {
if !zones.success {
let errors = zones.errors.unwrap_or_default();
let error_messages: Vec<String> = errors.iter().map(|e| e.message.clone()).collect();
return Err(AcmeError::CloudflareApi(format!("API errors: {}", error_messages.join(", "))));
return Err(AcmeError::CloudflareApi(format!(
"API errors: {}",
error_messages.join(", ")
)));
}
zones.result
zones
.result
.into_iter()
.find(|z| z.name == domain)
.map(|z| z.id)
.ok_or_else(|| AcmeError::CloudflareApi(format!("Zone not found for domain: {}", domain)))
.ok_or_else(|| {
AcmeError::CloudflareApi(format!("Zone not found for domain: {}", domain))
})
}
pub async fn create_txt_record(&self, domain: &str, record_name: &str, content: &str) -> Result<String, AcmeError> {
pub async fn create_txt_record(
&self,
domain: &str,
record_name: &str,
content: &str,
) -> Result<String, AcmeError> {
let zone_id = self.get_zone_id(domain).await?;
info!("Creating TXT record {} in zone {}", record_name, domain);
@@ -116,9 +131,13 @@ impl CloudflareClient {
ttl: 120, // 2 minutes TTL for quick propagation
};
let url = format!("https://api.cloudflare.com/client/v4/zones/{}/dns_records", zone_id);
let url = format!(
"https://api.cloudflare.com/client/v4/zones/{}/dns_records",
zone_id
);
let response = self.client
let response = self
.client
.post(&url)
.header("Authorization", format!("Bearer {}", self.api_token))
.header("Content-Type", "application/json")
@@ -129,7 +148,10 @@ impl CloudflareClient {
if !response.status().is_success() {
let status = response.status();
let body = response.text().await.unwrap_or_default();
return Err(AcmeError::CloudflareApi(format!("Failed to create DNS record ({}): {}", status, body)));
return Err(AcmeError::CloudflareApi(format!(
"Failed to create DNS record ({}): {}",
status, body
)));
}
let result: CreateDnsRecordResponse = response.json().await?;
@@ -137,7 +159,10 @@ impl CloudflareClient {
if !result.success {
let errors = result.errors.unwrap_or_default();
let error_messages: Vec<String> = errors.iter().map(|e| e.message.clone()).collect();
return Err(AcmeError::CloudflareApi(format!("Failed to create record: {}", error_messages.join(", "))));
return Err(AcmeError::CloudflareApi(format!(
"Failed to create record: {}",
error_messages.join(", ")
)));
}
debug!("Created DNS record with ID: {}", result.result.id);
@@ -148,9 +173,13 @@ impl CloudflareClient {
let zone_id = self.get_zone_id(domain).await?;
info!("Deleting TXT record {} from zone {}", record_id, domain);
let url = format!("https://api.cloudflare.com/client/v4/zones/{}/dns_records/{}", zone_id, record_id);
let url = format!(
"https://api.cloudflare.com/client/v4/zones/{}/dns_records/{}",
zone_id, record_id
);
let response = self.client
let response = self
.client
.delete(&url)
.header("Authorization", format!("Bearer {}", self.api_token))
.send()
@@ -159,22 +188,30 @@ impl CloudflareClient {
if !response.status().is_success() {
let status = response.status();
let body = response.text().await.unwrap_or_default();
return Err(AcmeError::CloudflareApi(format!("Failed to delete DNS record ({}): {}", status, body)));
return Err(AcmeError::CloudflareApi(format!(
"Failed to delete DNS record ({}): {}",
status, body
)));
}
info!("Successfully deleted DNS record");
Ok(())
}
pub async fn find_txt_record(&self, domain: &str, record_name: &str) -> Result<Option<String>, AcmeError> {
pub async fn find_txt_record(
&self,
domain: &str,
record_name: &str,
) -> Result<Option<String>, AcmeError> {
let zone_id = self.get_zone_id(domain).await?;
let url = format!(
"https://api.cloudflare.com/client/v4/zones/{}/dns_records?type=TXT&name={}",
zone_id, record_name
);
let response = self.client
let response = self
.client
.get(&url)
.header("Authorization", format!("Bearer {}", self.api_token))
.send()
@@ -183,7 +220,10 @@ impl CloudflareClient {
if !response.status().is_success() {
let status = response.status();
let body = response.text().await.unwrap_or_default();
return Err(AcmeError::CloudflareApi(format!("Failed to list DNS records ({}): {}", status, body)));
return Err(AcmeError::CloudflareApi(format!(
"Failed to list DNS records ({}): {}",
status, body
)));
}
let records: CloudflareDnsRecordsResponse = response.json().await?;
@@ -191,9 +231,12 @@ impl CloudflareClient {
if !records.success {
let errors = records.errors.unwrap_or_default();
let error_messages: Vec<String> = errors.iter().map(|e| e.message.clone()).collect();
return Err(AcmeError::CloudflareApi(format!("Failed to list records: {}", error_messages.join(", "))));
return Err(AcmeError::CloudflareApi(format!(
"Failed to list records: {}",
error_messages.join(", ")
)));
}
Ok(records.result.first().map(|r| r.id.clone()))
}
}
}

24
src/services/acme/error.rs
View File

@@ -4,37 +4,37 @@ use thiserror::Error;
pub enum AcmeError {
#[error("ACME account creation failed: {0}")]
AccountCreation(String),
#[error("ACME order creation failed: {0}")]
OrderCreation(String),
#[error("ACME challenge failed: {0}")]
Challenge(String),
#[error("DNS propagation timeout")]
DnsPropagationTimeout,
#[error("Certificate generation failed: {0}")]
CertificateGeneration(String),
#[error("Cloudflare API error: {0}")]
CloudflareApi(String),
#[error("DNS provider not found")]
DnsProviderNotFound,
#[error("Invalid domain: {0}")]
InvalidDomain(String),
#[error("HTTP request failed: {0}")]
HttpRequest(#[from] reqwest::Error),
#[error("JSON parsing failed: {0}")]
JsonParsing(#[from] serde_json::Error),
#[error("IO error: {0}")]
Io(#[from] std::io::Error),
#[error("Instant ACME error: {0}")]
InstantAcme(String),
}
}

2
src/services/acme/mod.rs
View File

@@ -4,4 +4,4 @@ pub mod error;
pub use client::AcmeClient;
pub use cloudflare::CloudflareClient;
pub use error::AcmeError;
pub use error::AcmeError;

187
src/services/certificates.rs
View File

@@ -1,10 +1,13 @@
use rcgen::{Certificate, CertificateParams, DistinguishedName, DnType, SanType, KeyPair, PKCS_ECDSA_P256_SHA256};
use rcgen::{
Certificate, CertificateParams, DistinguishedName, DnType, KeyPair, SanType,
PKCS_ECDSA_P256_SHA256,
};
use std::net::IpAddr;
use time::{Duration, OffsetDateTime};
use uuid::Uuid;
use crate::database::repository::DnsProviderRepository;
use crate::database::entities::dns_provider::DnsProviderType;
use crate::database::repository::DnsProviderRepository;
use crate::services::acme::{AcmeClient, AcmeError};
use sea_orm::DatabaseConnection;
@@ -19,7 +22,7 @@ impl CertificateService {
pub fn new() -> Self {
Self { db: None }
}
pub fn with_db(db: DatabaseConnection) -> Self {
Self { db: Some(db) }
}
@@ -27,17 +30,17 @@ impl CertificateService {
/// Generate self-signed certificate optimized for Xray
pub async fn generate_self_signed(&self, domain: &str) -> anyhow::Result<(String, String)> {
tracing::info!("Generating self-signed certificate for domain: {}", domain);
// Create certificate parameters with ECDSA (recommended for Xray)
let mut params = CertificateParams::new(vec![domain.to_string()]);
// Use ECDSA P-256 which is recommended for Xray (equivalent to RSA-3072 in strength)
params.alg = &PKCS_ECDSA_P256_SHA256;
// Generate ECDSA key pair
let key_pair = KeyPair::generate(&PKCS_ECDSA_P256_SHA256)?;
params.key_pair = Some(key_pair);
// Set certificate subject with proper fields
let mut distinguished_name = DistinguishedName::new();
distinguished_name.push(DnType::CommonName, domain);
@@ -47,57 +50,60 @@ impl CertificateService {
distinguished_name.push(DnType::StateOrProvinceName, "State");
distinguished_name.push(DnType::LocalityName, "City");
params.distinguished_name = distinguished_name;
// Add comprehensive Subject Alternative Names for better compatibility
let mut san_list = vec![
SanType::DnsName(domain.to_string()),
SanType::DnsName("localhost".to_string()),
];
// Add IP addresses if domain looks like an IP
if let Ok(ip) = domain.parse::<IpAddr>() {
san_list.push(SanType::IpAddress(ip));
}
// Always add localhost IP for local testing
san_list.push(SanType::IpAddress(IpAddr::V4(std::net::Ipv4Addr::new(127, 0, 0, 1))));
san_list.push(SanType::IpAddress(IpAddr::V4(std::net::Ipv4Addr::new(
127, 0, 0, 1,
))));
// If domain is not an IP, also add wildcard subdomain
if domain.parse::<IpAddr>().is_err() && !domain.starts_with("*.") {
san_list.push(SanType::DnsName(format!("*.{}", domain)));
}
params.subject_alt_names = san_list;
// Set validity period (1 year as recommended)
params.not_before = OffsetDateTime::now_utc();
params.not_after = OffsetDateTime::now_utc() + Duration::days(365);
// Set serial number
params.serial_number = Some(rcgen::SerialNumber::from_slice(&[1, 2, 3, 4]));
// Generate certificate
let cert = Certificate::from_params(params)?;
// Get PEM format with proper formatting
let cert_pem = cert.serialize_pem()?;
let key_pem = cert.serialize_private_key_pem();
// Validate PEM format
if !cert_pem.starts_with("-----BEGIN CERTIFICATE-----") || !cert_pem.ends_with("-----END CERTIFICATE-----\n") {
if !cert_pem.starts_with("-----BEGIN CERTIFICATE-----")
|| !cert_pem.ends_with("-----END CERTIFICATE-----\n")
{
return Err(anyhow::anyhow!("Invalid certificate PEM format"));
}
if !key_pem.starts_with("-----BEGIN") || !key_pem.contains("PRIVATE KEY-----") {
return Err(anyhow::anyhow!("Invalid private key PEM format"));
}
tracing::debug!("Generated ECDSA P-256 certificate for domain: {}", domain);
Ok((cert_pem, key_pem))
}
/// Generate Let's Encrypt certificate using DNS challenge
pub async fn generate_letsencrypt_certificate(
&self,
@@ -106,123 +112,148 @@ impl CertificateService {
acme_email: &str,
staging: bool,
) -> Result<(String, String), AcmeError> {
tracing::info!("Generating Let's Encrypt certificate for domain: {} using DNS challenge", domain);
tracing::info!(
"Generating Let's Encrypt certificate for domain: {} using DNS challenge",
domain
);
// Get database connection
let db = self.db.as_ref()
let db = self
.db
.as_ref()
.ok_or_else(|| AcmeError::DnsProviderNotFound)?;
// Get DNS provider
let dns_repo = DnsProviderRepository::new(db.clone());
let dns_provider = dns_repo.find_by_id(dns_provider_id)
let dns_provider = dns_repo
.find_by_id(dns_provider_id)
.await
.map_err(|_| AcmeError::DnsProviderNotFound)?
.ok_or_else(|| AcmeError::DnsProviderNotFound)?;
// Verify provider is Cloudflare (only supported provider for now)
if dns_provider.provider_type != DnsProviderType::Cloudflare.as_str() {
return Err(AcmeError::CloudflareApi("Only Cloudflare provider is supported".to_string()));
return Err(AcmeError::CloudflareApi(
"Only Cloudflare provider is supported".to_string(),
));
}
if !dns_provider.is_active {
return Err(AcmeError::DnsProviderNotFound);
}
// Determine ACME directory URL
let directory_url = if staging {
"https://acme-staging-v02.api.letsencrypt.org/directory"
} else {
"https://acme-v02.api.letsencrypt.org/directory"
};
// Create ACME client
let mut acme_client = AcmeClient::new(
dns_provider.api_token.clone(),
acme_email,
directory_url.to_string(),
).await?;
)
.await?;
// Get base domain for DNS operations
let base_domain = AcmeClient::get_base_domain(domain)?;
// Generate certificate
let (cert_pem, key_pem) = acme_client
.get_certificate(domain, &base_domain)
.await?;
tracing::info!("Successfully generated Let's Encrypt certificate for domain: {}", domain);
let (cert_pem, key_pem) = acme_client.get_certificate(domain, &base_domain).await?;
tracing::info!(
"Successfully generated Let's Encrypt certificate for domain: {}",
domain
);
Ok((cert_pem, key_pem))
}
/// Renew certificate by ID (used for manual renewal)
pub async fn renew_certificate_by_id(&self, cert_id: Uuid) -> anyhow::Result<(String, String)> {
let db = self.db.as_ref()
let db = self
.db
.as_ref()
.ok_or_else(|| anyhow::anyhow!("Database connection not available"))?;
// Get the certificate from database
let cert_repo = crate::database::repository::CertificateRepository::new(db.clone());
let certificate = cert_repo.find_by_id(cert_id)
let certificate = cert_repo
.find_by_id(cert_id)
.await?
.ok_or_else(|| anyhow::anyhow!("Certificate not found"))?;
tracing::info!("Renewing certificate '{}' for domain: {}", certificate.name, certificate.domain);
tracing::info!(
"Renewing certificate '{}' for domain: {}",
certificate.name,
certificate.domain
);
match certificate.cert_type.as_str() {
"letsencrypt" => {
// For Let's Encrypt, we need to regenerate using ACME
// Find an active Cloudflare DNS provider
let dns_repo = crate::database::repository::DnsProviderRepository::new(db.clone());
let providers = dns_repo.find_active_by_type("cloudflare").await?;
if providers.is_empty() {
return Err(anyhow::anyhow!("No active Cloudflare DNS provider found for Let's Encrypt renewal"));
return Err(anyhow::anyhow!(
"No active Cloudflare DNS provider found for Let's Encrypt renewal"
));
}
let dns_provider = &providers[0];
let acme_email = "admin@example.com"; // TODO: Store this with certificate
// Generate new certificate
let (cert_pem, key_pem) = self.generate_letsencrypt_certificate(
&certificate.domain,
dns_provider.id,
acme_email,
false, // Production
).await?;
let (cert_pem, key_pem) = self
.generate_letsencrypt_certificate(
&certificate.domain,
dns_provider.id,
acme_email,
false, // Production
)
.await?;
// Update in database
cert_repo.update_certificate_data(
cert_id,
&cert_pem,
&key_pem,
chrono::Utc::now() + chrono::Duration::days(90),
).await?;
cert_repo
.update_certificate_data(
cert_id,
&cert_pem,
&key_pem,
chrono::Utc::now() + chrono::Duration::days(90),
)
.await?;
Ok((cert_pem, key_pem))
}
"self_signed" => {
// For self-signed, generate a new one
let (cert_pem, key_pem) = self.generate_self_signed(&certificate.domain).await?;
// Update in database
cert_repo.update_certificate_data(
cert_id,
&cert_pem,
&key_pem,
chrono::Utc::now() + chrono::Duration::days(365),
).await?;
cert_repo
.update_certificate_data(
cert_id,
&cert_pem,
&key_pem,
chrono::Utc::now() + chrono::Duration::days(365),
)
.await?;
Ok((cert_pem, key_pem))
}
_ => {
Err(anyhow::anyhow!("Cannot renew imported certificates automatically"))
}
_ => Err(anyhow::anyhow!(
"Cannot renew imported certificates automatically"
)),
}
}
/// Renew certificate (legacy method for backward compatibility)
pub async fn renew_certificate(&self, domain: &str) -> anyhow::Result<(String, String)> {
tracing::info!("Renewing certificate for domain: {}", domain);
// For backward compatibility, just generate a new self-signed certificate
self.generate_self_signed(domain).await
}
@@ -232,4 +263,4 @@ impl Default for CertificateService {
fn default() -> Self {
Self::new()
}
}
}

4
src/services/events.rs
View File

@@ -4,7 +4,7 @@ use uuid::Uuid;
#[derive(Clone, Debug)]
pub enum SyncEvent {
InboundChanged(Uuid), // server_id
InboundChanged(Uuid), // server_id
UserAccessChanged(Uuid), // server_id
}
@@ -27,4 +27,4 @@ pub fn send_sync_event(event: SyncEvent) {
} else {
tracing::error!("Event bus not initialized");
}
}
}

12
src/services/mod.rs
View File

@@ -1,13 +1,13 @@
pub mod xray;
pub mod acme;
pub mod certificates;
pub mod events;
pub mod tasks;
pub mod uri_generator;
pub mod telegram;
pub mod uri_generator;
pub mod xray;
pub use xray::XrayService;
pub use tasks::TaskScheduler;
pub use uri_generator::UriGeneratorService;
pub use certificates::CertificateService;
pub use telegram::TelegramService;
pub use tasks::TaskScheduler;
pub use telegram::TelegramService;
pub use uri_generator::UriGeneratorService;
pub use xray::XrayService;

377
src/services/tasks.rs
View File

@@ -1,18 +1,21 @@
use anyhow::Result;
use tokio_cron_scheduler::{JobScheduler, Job};
use tracing::{info, error, warn, debug};
use crate::database::DatabaseManager;
use crate::database::repository::{ServerRepository, ServerInboundRepository, InboundTemplateRepository, InboundUsersRepository, CertificateRepository, UserRepository};
use crate::database::entities::inbound_users;
use crate::services::XrayService;
use crate::database::repository::{
CertificateRepository, InboundTemplateRepository, InboundUsersRepository,
ServerInboundRepository, ServerRepository, UserRepository,
};
use crate::database::DatabaseManager;
use crate::services::events::SyncEvent;
use sea_orm::{EntityTrait, ColumnTrait, QueryFilter, RelationTrait, JoinType};
use uuid::Uuid;
use crate::services::XrayService;
use anyhow::Result;
use chrono::{DateTime, Utc};
use sea_orm::{ColumnTrait, EntityTrait, JoinType, QueryFilter, RelationTrait};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::collections::HashMap;
use std::sync::{Arc, RwLock};
use chrono::{DateTime, Utc};
use serde::{Serialize, Deserialize};
use tokio_cron_scheduler::{Job, JobScheduler};
use tracing::{debug, error, info, warn};
use uuid::Uuid;
pub struct TaskScheduler {
scheduler: JobScheduler,
@@ -47,7 +50,10 @@ impl TaskScheduler {
pub async fn new() -> Result<Self> {
let scheduler = JobScheduler::new().await?;
let task_status = Arc::new(RwLock::new(HashMap::new()));
Ok(Self { scheduler, task_status })
Ok(Self {
scheduler,
task_status,
})
}
/// Get current status of all tasks
@@ -56,15 +62,20 @@ impl TaskScheduler {
}
/// Start event-driven sync handler
pub async fn start_event_handler(db: DatabaseManager, mut event_receiver: tokio::sync::broadcast::Receiver<SyncEvent>) {
pub async fn start_event_handler(
db: DatabaseManager,
mut event_receiver: tokio::sync::broadcast::Receiver<SyncEvent>,
) {
let xray_service = XrayService::new();
tokio::spawn(async move {
while let Ok(event) = event_receiver.recv().await {
match event {
SyncEvent::InboundChanged(server_id) | SyncEvent::UserAccessChanged(server_id) => {
if let Err(e) = sync_single_server_by_id(&xray_service, &db, server_id).await {
SyncEvent::InboundChanged(server_id)
| SyncEvent::UserAccessChanged(server_id) => {
if let Err(e) =
sync_single_server_by_id(&xray_service, &db, server_id).await
{
error!("Failed to sync server {} from event: {}", server_id, e);
}
}
@@ -74,34 +85,36 @@ impl TaskScheduler {
}
pub async fn start(&mut self, db: DatabaseManager, xray_service: XrayService) -> Result<()> {
// Initialize task status
{
let mut status = self.task_status.write().unwrap();
status.insert("xray_sync".to_string(), TaskStatus {
name: "Xray Synchronization".to_string(),
description: "Synchronizes database state with xray servers".to_string(),
schedule: "0 * * * * * (every minute)".to_string(),
status: TaskState::Idle,
last_run: None,
next_run: Some(Utc::now() + chrono::Duration::minutes(1)),
total_runs: 0,
success_count: 0,
error_count: 0,
last_error: None,
last_duration_ms: None,
});
status.insert(
"xray_sync".to_string(),
TaskStatus {
name: "Xray Synchronization".to_string(),
description: "Synchronizes database state with xray servers".to_string(),
schedule: "0 * * * * * (every minute)".to_string(),
status: TaskState::Idle,
last_run: None,
next_run: Some(Utc::now() + chrono::Duration::minutes(1)),
total_runs: 0,
success_count: 0,
error_count: 0,
last_error: None,
last_duration_ms: None,
},
);
}
// Run initial sync in background to avoid blocking startup
let db_initial = db.clone();
let xray_service_initial = xray_service.clone();
let task_status_initial = self.task_status.clone();
tokio::spawn(async move {
info!("Starting initial xray sync in background...");
let start_time = Utc::now();
// Update status to running
{
let mut status = task_status_initial.write().unwrap();
@@ -111,7 +124,7 @@ impl TaskScheduler {
task.total_runs += 1;
}
}
match sync_xray_state(db_initial, xray_service_initial).await {
Ok(_) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
@@ -123,7 +136,7 @@ impl TaskScheduler {
task.last_error = None;
}
info!("Initial xray sync completed successfully in {}ms", duration);
},
}
Err(e) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
let mut status = task_status_initial.write().unwrap();
@@ -137,20 +150,20 @@ impl TaskScheduler {
}
}
});
// Add synchronization task that runs every minute
let db_clone = db.clone();
let xray_service_clone = xray_service.clone();
let task_status_clone = self.task_status.clone();
let sync_job = Job::new_async("0 */5 * * * *", move |_uuid, _l| {
let db = db_clone.clone();
let xray_service = xray_service_clone.clone();
let task_status = task_status_clone.clone();
Box::pin(async move {
let start_time = Utc::now();
// Update status to running
{
let mut status = task_status.write().unwrap();
@@ -161,7 +174,7 @@ impl TaskScheduler {
task.next_run = Some(start_time + chrono::Duration::minutes(1));
}
}
match sync_xray_state(db, xray_service).await {
Ok(_) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
@@ -172,7 +185,7 @@ impl TaskScheduler {
task.last_duration_ms = Some(duration);
task.last_error = None;
}
},
}
Err(e) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
let mut status = task_status.write().unwrap();
@@ -187,38 +200,42 @@ impl TaskScheduler {
}
})
})?;
self.scheduler.add(sync_job).await?;
// Add certificate renewal task that runs once a day at 2 AM
let db_clone_cert = db.clone();
let task_status_cert = self.task_status.clone();
// Initialize certificate renewal task status
{
let mut status = self.task_status.write().unwrap();
status.insert("cert_renewal".to_string(), TaskStatus {
name: "Certificate Renewal".to_string(),
description: "Renews Let's Encrypt certificates that expire within 15 days".to_string(),
schedule: "0 0 2 * * * (daily at 2 AM)".to_string(),
status: TaskState::Idle,
last_run: None,
next_run: Some(Utc::now() + chrono::Duration::days(1)),
total_runs: 0,
success_count: 0,
error_count: 0,
last_error: None,
last_duration_ms: None,
});
status.insert(
"cert_renewal".to_string(),
TaskStatus {
name: "Certificate Renewal".to_string(),
description: "Renews Let's Encrypt certificates that expire within 15 days"
.to_string(),
schedule: "0 0 2 * * * (daily at 2 AM)".to_string(),
status: TaskState::Idle,
last_run: None,
next_run: Some(Utc::now() + chrono::Duration::days(1)),
total_runs: 0,
success_count: 0,
error_count: 0,
last_error: None,
last_duration_ms: None,
},
);
}
let cert_renewal_job = Job::new_async("0 0 2 * * *", move |_uuid, _l| {
let db = db_clone_cert.clone();
let task_status = task_status_cert.clone();
Box::pin(async move {
let start_time = Utc::now();
// Update task status to running
{
let mut status = task_status.write().unwrap();
@@ -228,7 +245,7 @@ impl TaskScheduler {
task.total_runs += 1;
}
}
match check_and_renew_certificates(&db).await {
Ok(_) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
@@ -239,7 +256,7 @@ impl TaskScheduler {
task.last_duration_ms = Some(duration);
task.last_error = None;
}
},
}
Err(e) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
let mut status = task_status.write().unwrap();
@@ -254,9 +271,9 @@ impl TaskScheduler {
}
})
})?;
self.scheduler.add(cert_renewal_job).await?;
// Also run certificate check on startup
info!("Running initial certificate renewal check...");
tokio::spawn(async move {
@@ -264,7 +281,7 @@ impl TaskScheduler {
error!("Initial certificate renewal check failed: {}", e);
}
});
self.scheduler.start().await?;
Ok(())
}
@@ -281,7 +298,12 @@ impl TaskScheduler {
}
}
fn update_task_status_with_error(&self, task_id: &str, error: String, duration_ms: Option<u64>) {
fn update_task_status_with_error(
&self,
task_id: &str,
error: String,
duration_ms: Option<u64>,
) {
let mut status = self.task_status.write().unwrap();
if let Some(task) = status.get_mut(task_id) {
task.status = TaskState::Error;
@@ -301,11 +323,10 @@ impl TaskScheduler {
/// Synchronize xray server state with database state
async fn sync_xray_state(db: DatabaseManager, xray_service: XrayService) -> Result<()> {
let server_repo = ServerRepository::new(db.connection().clone());
let inbound_repo = ServerInboundRepository::new(db.connection().clone());
let template_repo = InboundTemplateRepository::new(db.connection().clone());
// Get all servers from database
let servers = match server_repo.find_all().await {
Ok(servers) => servers,
@@ -314,50 +335,50 @@ async fn sync_xray_state(db: DatabaseManager, xray_service: XrayService) -> Resu
return Err(e.into());
}
};
for server in servers {
let endpoint = server.get_grpc_endpoint();
// Test connection first
match xray_service.test_connection(server.id, &endpoint).await {
Ok(false) => {
warn!("Cannot connect to server {} at {}, skipping", server.name, endpoint);
warn!(
"Cannot connect to server {} at {}, skipping",
server.name, endpoint
);
continue;
},
}
Err(e) => {
error!("Error testing connection to server {}: {}", server.name, e);
continue;
}
_ => {}
}
// Get desired inbounds from database
let desired_inbounds = match get_desired_inbounds_from_db(&db, &server, &inbound_repo, &template_repo).await {
Ok(inbounds) => inbounds,
Err(e) => {
error!("Failed to get desired inbounds for server {}: {}", server.name, e);
continue;
}
};
let desired_inbounds =
match get_desired_inbounds_from_db(&db, &server, &inbound_repo, &template_repo).await {
Ok(inbounds) => inbounds,
Err(e) => {
error!(
"Failed to get desired inbounds for server {}: {}",
server.name, e
);
continue;
}
};
// Synchronize inbounds
if let Err(e) = sync_server_inbounds(
&xray_service,
server.id,
&endpoint,
&desired_inbounds
).await {
if let Err(e) =
sync_server_inbounds(&xray_service, server.id, &endpoint, &desired_inbounds).await
{
error!("Failed to sync inbounds for server {}: {}", server.name, e);
}
}
Ok(())
}
/// Get desired inbounds configuration from database
async fn get_desired_inbounds_from_db(
db: &DatabaseManager,
@@ -365,38 +386,47 @@ async fn get_desired_inbounds_from_db(
inbound_repo: &ServerInboundRepository,
template_repo: &InboundTemplateRepository,
) -> Result<HashMap<String, DesiredInbound>> {
// Get all inbounds for this server
let inbounds = inbound_repo.find_by_server_id(server.id).await?;
let mut desired_inbounds = HashMap::new();
for inbound in inbounds {
// Get template for this inbound
let template = match template_repo.find_by_id(inbound.template_id).await? {
Some(template) => template,
None => {
warn!("Template {} not found for inbound {}, skipping", inbound.template_id, inbound.tag);
warn!(
"Template {} not found for inbound {}, skipping",
inbound.template_id, inbound.tag
);
continue;
}
};
// Get users for this inbound
let users = get_users_for_inbound(db, inbound.id).await?;
// Get port from template or override
let port = inbound.port_override.unwrap_or(template.default_port);
// Get certificate if specified
let (cert_pem, key_pem) = if let Some(cert_id) = inbound.certificate_id {
match load_certificate_from_db(db, inbound.certificate_id).await {
Ok((cert, key)) => {
info!("Loaded certificate {} for inbound {}, has_cert={}, has_key={}",
cert_id, inbound.tag, cert.is_some(), key.is_some());
info!(
"Loaded certificate {} for inbound {}, has_cert={}, has_key={}",
cert_id,
inbound.tag,
cert.is_some(),
key.is_some()
);
(cert, key)
},
}
Err(e) => {
warn!("Failed to load certificate {} for inbound {}: {}", cert_id, inbound.tag, e);
warn!(
"Failed to load certificate {} for inbound {}: {}",
cert_id, inbound.tag, e
);
(None, None)
}
}
@@ -404,7 +434,7 @@ async fn get_desired_inbounds_from_db(
debug!("No certificate configured for inbound {}", inbound.tag);
(None, None)
};
let desired_inbound = DesiredInbound {
tag: inbound.tag.clone(),
port,
@@ -415,22 +445,24 @@ async fn get_desired_inbounds_from_db(
cert_pem,
key_pem,
};
desired_inbounds.insert(inbound.tag.clone(), desired_inbound);
}
Ok(desired_inbounds)
}
/// Get users for specific inbound from database
async fn get_users_for_inbound(db: &DatabaseManager, inbound_id: Uuid) -> Result<Vec<XrayUser>> {
let inbound_users_repo = InboundUsersRepository::new(db.connection().clone());
let inbound_users = inbound_users_repo.find_active_by_inbound_id(inbound_id).await?;
let inbound_users = inbound_users_repo
.find_active_by_inbound_id(inbound_id)
.await?;
// Get user details to generate emails
let user_repo = UserRepository::new(db.connection().clone());
let mut users: Vec<XrayUser> = Vec::new();
for inbound_user in inbound_users {
if let Some(user) = user_repo.find_by_id(inbound_user.user_id).await? {
@@ -442,23 +474,24 @@ async fn get_users_for_inbound(db: &DatabaseManager, inbound_id: Uuid) -> Result
});
}
}
Ok(users)
}
/// Load certificate from database
async fn load_certificate_from_db(db: &DatabaseManager, cert_id: Option<Uuid>) -> Result<(Option<String>, Option<String>)> {
async fn load_certificate_from_db(
db: &DatabaseManager,
cert_id: Option<Uuid>,
) -> Result<(Option<String>, Option<String>)> {
let cert_id = match cert_id {
Some(id) => id,
None => return Ok((None, None)),
};
let cert_repo = CertificateRepository::new(db.connection().clone());
match cert_repo.find_by_id(cert_id).await? {
Some(cert) => {
Ok((Some(cert.certificate_pem()), Some(cert.private_key_pem())))
},
Some(cert) => Ok((Some(cert.certificate_pem()), Some(cert.private_key_pem()))),
None => {
warn!("Certificate {} not found", cert_id);
Ok((None, None))
@@ -474,7 +507,9 @@ async fn sync_server_inbounds(
desired_inbounds: &HashMap<String, DesiredInbound>,
) -> Result<()> {
// Use optimized batch sync with single client
xray_service.sync_server_inbounds_optimized(server_id, endpoint, desired_inbounds).await
xray_service
.sync_server_inbounds_optimized(server_id, endpoint, desired_inbounds)
.await
}
/// Sync a single server by ID (for event-driven sync)
@@ -486,7 +521,7 @@ async fn sync_single_server_by_id(
let server_repo = ServerRepository::new(db.connection().clone());
let inbound_repo = ServerInboundRepository::new(db.connection().clone());
let template_repo = InboundTemplateRepository::new(db.connection().clone());
// Get server
let server = match server_repo.find_by_id(server_id).await? {
Some(server) => server,
@@ -495,22 +530,22 @@ async fn sync_single_server_by_id(
return Ok(());
}
};
// For now, sync all servers (can add active/inactive flag later)
// Get desired inbounds from database
let desired_inbounds = get_desired_inbounds_from_db(db, &server, &inbound_repo, &template_repo).await?;
let desired_inbounds =
get_desired_inbounds_from_db(db, &server, &inbound_repo, &template_repo).await?;
// Build endpoint
let endpoint = server.get_grpc_endpoint();
// Sync server
sync_server_inbounds(xray_service, server_id, &endpoint, &desired_inbounds).await?;
Ok(())
}
/// Represents desired inbound configuration from database
#[derive(Debug, Clone)]
pub struct DesiredInbound {
@@ -534,73 +569,79 @@ pub struct XrayUser {
/// Check and renew certificates that expire within 15 days
async fn check_and_renew_certificates(db: &DatabaseManager) -> Result<()> {
use crate::services::certificates::CertificateService;
use crate::database::repository::DnsProviderRepository;
use crate::services::certificates::CertificateService;
info!("Starting certificate renewal check...");
let cert_repo = CertificateRepository::new(db.connection().clone());
let dns_repo = DnsProviderRepository::new(db.connection().clone());
let cert_service = CertificateService::with_db(db.connection().clone());
// Get all certificates
let certificates = cert_repo.find_all().await?;
let mut renewed_count = 0;
let mut checked_count = 0;
for cert in certificates {
// Only check Let's Encrypt certificates with auto_renew enabled
if cert.cert_type != "letsencrypt" || !cert.auto_renew {
continue;
}
checked_count += 1;
// Check if certificate expires within 15 days
if cert.expires_soon(15) {
info!(
"Certificate '{}' (ID: {}) expires at {} - renewing...",
"Certificate '{}' (ID: {}) expires at {} - renewing...",
cert.name, cert.id, cert.expires_at
);
// Find the DNS provider used for this certificate
// For now, we'll use the first active Cloudflare provider
// In production, you might want to store the provider ID with the certificate
let providers = dns_repo.find_active_by_type("cloudflare").await?;
if providers.is_empty() {
error!(
"Cannot renew certificate '{}': No active Cloudflare DNS provider found",
"Cannot renew certificate '{}': No active Cloudflare DNS provider found",
cert.name
);
continue;
}
let dns_provider = &providers[0];
// Need to get the ACME email - for now using a default
// In production, this should be stored with the certificate
let acme_email = "admin@example.com"; // TODO: Store this with certificate
// Attempt to renew the certificate
match cert_service.generate_letsencrypt_certificate(
&cert.domain,
dns_provider.id,
acme_email,
false, // Use production Let's Encrypt
).await {
match cert_service
.generate_letsencrypt_certificate(
&cert.domain,
dns_provider.id,
acme_email,
false, // Use production Let's Encrypt
)
.await
{
Ok((new_cert_pem, new_key_pem)) => {
// Update the certificate in database
match cert_repo.update_certificate_data(
cert.id,
&new_cert_pem,
&new_key_pem,
chrono::Utc::now() + chrono::Duration::days(90), // Let's Encrypt certs are valid for 90 days
).await {
match cert_repo
.update_certificate_data(
cert.id,
&new_cert_pem,
&new_key_pem,
chrono::Utc::now() + chrono::Duration::days(90), // Let's Encrypt certs are valid for 90 days
)
.await
{
Ok(_) => {
info!("Successfully renewed certificate '{}'", cert.name);
renewed_count += 1;
// Trigger sync for all servers using this certificate
// This will be done via the event system
if let Err(e) = trigger_cert_renewal_sync(db, cert.id).await {
@@ -608,7 +649,10 @@ async fn check_and_renew_certificates(db: &DatabaseManager) -> Result<()> {
}
}
Err(e) => {
error!("Failed to save renewed certificate '{}' to database: {}", cert.name, e);
error!(
"Failed to save renewed certificate '{}' to database: {}",
cert.name, e
);
}
}
}
@@ -618,17 +662,17 @@ async fn check_and_renew_certificates(db: &DatabaseManager) -> Result<()> {
}
} else {
debug!(
"Certificate '{}' expires at {} - no renewal needed yet",
"Certificate '{}' expires at {} - no renewal needed yet",
cert.name, cert.expires_at
);
}
}
info!(
"Certificate renewal check completed: checked {}, renewed {}",
"Certificate renewal check completed: checked {}, renewed {}",
checked_count, renewed_count
);
Ok(())
}
@@ -636,23 +680,26 @@ async fn check_and_renew_certificates(db: &DatabaseManager) -> Result<()> {
async fn trigger_cert_renewal_sync(db: &DatabaseManager, cert_id: Uuid) -> Result<()> {
use crate::services::events::send_sync_event;
use crate::services::events::SyncEvent;
let inbound_repo = ServerInboundRepository::new(db.connection().clone());
// Find all server inbounds that use this certificate
let inbounds = inbound_repo.find_by_certificate_id(cert_id).await?;
// Collect unique server IDs
let mut server_ids = std::collections::HashSet::new();
for inbound in inbounds {
server_ids.insert(inbound.server_id);
}
// Trigger sync for each server
for server_id in server_ids {
info!("Triggering sync for server {} after certificate renewal", server_id);
info!(
"Triggering sync for server {} after certificate renewal",
server_id
);
send_sync_event(SyncEvent::InboundChanged(server_id));
}
Ok(())
}
}

19
src/services/telegram/bot.rs
View File

@@ -1,9 +1,9 @@
use teloxide::{Bot, prelude::*};
use teloxide::{prelude::*, Bot};
use tokio::sync::oneshot;
use crate::database::DatabaseManager;
use crate::config::AppConfig;
use super::handlers::{self, Command};
use crate::config::AppConfig;
use crate::database::DatabaseManager;
/// Run the bot polling loop
pub async fn run_polling(
@@ -20,16 +20,11 @@ pub async fn run_polling(
.branch(
dptree::entry()
.filter_command::<Command>()
.endpoint(handlers::handle_command)
)
.branch(
dptree::endpoint(handlers::handle_message)
.endpoint(handlers::handle_command),
)
.branch(dptree::endpoint(handlers::handle_message)),
)
.branch(
Update::filter_callback_query()
.endpoint(handlers::handle_callback_query)
);
.branch(Update::filter_callback_query().endpoint(handlers::handle_callback_query));
let mut dispatcher = Dispatcher::builder(bot.clone(), handler)
.dependencies(dptree::deps![db, app_config])
@@ -45,4 +40,4 @@ pub async fn run_polling(
tracing::info!("Telegram bot received shutdown signal");
}
}
}
}

2
src/services/telegram/error.rs
View File

@@ -43,4 +43,4 @@ impl From<anyhow::Error> for TelegramError {
fn from(err: anyhow::Error) -> Self {
Self::Other(err.to_string())
}
}
}

1349
src/services/telegram/handlers/admin.rs
View File

File diff suppressed because it is too large Load Diff

218
src/services/telegram/handlers/mod.rs
View File

@@ -1,15 +1,15 @@
pub mod admin;
pub mod user;
pub mod types;
pub mod user;
// Re-export main handler functions for easier access
pub use admin::*;
pub use user::*;
pub use types::*;
pub use user::*;
use teloxide::{prelude::*, types::CallbackQuery};
use crate::database::DatabaseManager;
use crate::config::AppConfig;
use crate::database::DatabaseManager;
use teloxide::{prelude::*, types::CallbackQuery};
/// Handle bot commands
pub async fn handle_command(
@@ -30,44 +30,62 @@ pub async fn handle_command(
}
Command::Requests => {
// Check if user is admin
if user_repo.is_telegram_id_admin(telegram_id).await.unwrap_or(false) {
if user_repo
.is_telegram_id_admin(telegram_id)
.await
.unwrap_or(false)
{
// Create a fake callback query for admin requests
// This is a workaround since the admin_requests function expects a callback query
// In practice, we could refactor this to not need a callback query
tracing::info!("Admin {} requested to view requests", telegram_id);
let message = "📋 Use the inline keyboard to view recent requests.";
let keyboard = teloxide::types::InlineKeyboardMarkup::new(vec![
vec![teloxide::types::InlineKeyboardButton::callback("📋 Recent Requests", "admin_requests")],
]);
let keyboard = teloxide::types::InlineKeyboardMarkup::new(vec![vec![
teloxide::types::InlineKeyboardButton::callback(
"📋 Recent Requests",
"admin_requests",
),
]]);
bot.send_message(chat_id, message)
.reply_markup(keyboard)
.await?;
} else {
let lang = get_user_language(from);
let l10n = super::localization::LocalizationService::new();
bot.send_message(chat_id, l10n.get(lang, "unauthorized")).await?;
bot.send_message(chat_id, l10n.get(lang, "unauthorized"))
.await?;
}
}
Command::Stats => {
// Check if user is admin
if user_repo.is_telegram_id_admin(telegram_id).await.unwrap_or(false) {
if user_repo
.is_telegram_id_admin(telegram_id)
.await
.unwrap_or(false)
{
handle_stats(bot, chat_id, &db).await?;
} else {
let lang = get_user_language(from);
let l10n = super::localization::LocalizationService::new();
bot.send_message(chat_id, l10n.get(lang, "unauthorized")).await?;
bot.send_message(chat_id, l10n.get(lang, "unauthorized"))
.await?;
}
}
Command::Broadcast { message } => {
// Check if user is admin
if user_repo.is_telegram_id_admin(telegram_id).await.unwrap_or(false) {
if user_repo
.is_telegram_id_admin(telegram_id)
.await
.unwrap_or(false)
{
handle_broadcast(bot, chat_id, message, &user_repo).await?;
} else {
let lang = get_user_language(from);
let l10n = super::localization::LocalizationService::new();
bot.send_message(chat_id, l10n.get(lang, "unauthorized")).await?;
bot.send_message(chat_id, l10n.get(lang, "unauthorized"))
.await?;
}
}
}
@@ -100,68 +118,120 @@ pub async fn handle_callback_query(
db: DatabaseManager,
app_config: AppConfig,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
if let Some(data) = &q.data {
if let Some(callback_data) = CallbackData::parse(data) {
match callback_data {
CallbackData::RequestAccess => {
handle_request_access(bot, &q, &db).await?;
}
CallbackData::MyConfigs => {
handle_my_configs_edit(bot, &q, &db).await?;
}
CallbackData::SubscriptionLink => {
handle_subscription_link(bot, &q, &db, &app_config).await?;
}
CallbackData::Support => {
handle_support(bot, &q).await?;
}
CallbackData::AdminRequests => {
handle_admin_requests_edit(bot, &q, &db).await?;
}
CallbackData::ApproveRequest(request_id) => {
handle_approve_request(bot, &q, &request_id, &db).await?;
}
CallbackData::DeclineRequest(request_id) => {
handle_decline_request(bot, &q, &request_id, &db).await?;
}
CallbackData::ViewRequest(request_id) => {
handle_view_request(bot, &q, &request_id, &db).await?;
}
CallbackData::ShowServerConfigs(encoded_server_name) => {
handle_show_server_configs(bot, &q, &encoded_server_name, &db).await?;
}
CallbackData::SelectServerAccess(request_id) => {
// The request_id is now the full UUID from the mapping
let short_id = types::generate_short_request_id(&request_id);
handle_select_server_access(bot, &q, &short_id, &db).await?;
}
CallbackData::ToggleServer(request_id, server_id) => {
// Both IDs are now full UUIDs from the mapping
let short_request_id = types::generate_short_request_id(&request_id);
let short_server_id = types::generate_short_server_id(&server_id);
handle_toggle_server(bot, &q, &short_request_id, &short_server_id, &db).await?;
}
CallbackData::ApplyServerAccess(request_id) => {
// The request_id is now the full UUID from the mapping
let short_id = types::generate_short_request_id(&request_id);
handle_apply_server_access(bot, &q, &short_id, &db).await?;
}
CallbackData::Back => {
// Back to main menu - edit the existing message
handle_start_edit(bot, &q, &db).await?;
}
CallbackData::BackToConfigs => {
handle_my_configs_edit(bot, &q, &db).await?;
}
CallbackData::BackToRequests => {
handle_admin_requests_edit(bot, &q, &db).await?;
// Wrap all callback handling in a try-catch to send main menu on any error
let result = async {
if let Some(data) = &q.data {
if let Some(callback_data) = CallbackData::parse(data) {
match callback_data {
CallbackData::RequestAccess => {
handle_request_access(bot.clone(), &q, &db).await?;
}
CallbackData::MyConfigs => {
handle_my_configs_edit(bot.clone(), &q, &db).await?;
}
CallbackData::SubscriptionLink => {
handle_subscription_link(bot.clone(), &q, &db, &app_config).await?;
}
CallbackData::Support => {
handle_support(bot.clone(), &q).await?;
}
CallbackData::AdminRequests => {
handle_admin_requests_edit(bot.clone(), &q, &db).await?;
}
CallbackData::RequestList(page) => {
handle_request_list(bot.clone(), &q, &db, page).await?;
}
CallbackData::ApproveRequest(request_id) => {
handle_approve_request(bot.clone(), &q, &request_id, &db).await?;
}
CallbackData::DeclineRequest(request_id) => {
handle_decline_request(bot.clone(), &q, &request_id, &db).await?;
}
CallbackData::ViewRequest(request_id) => {
handle_view_request(bot.clone(), &q, &request_id, &db).await?;
}
CallbackData::ShowServerConfigs(encoded_server_name) => {
handle_show_server_configs(bot.clone(), &q, &encoded_server_name, &db).await?;
}
CallbackData::SelectServerAccess(request_id) => {
// The request_id is now the full UUID from the mapping
let short_id = types::generate_short_request_id(&request_id);
handle_select_server_access(bot.clone(), &q, &short_id, &db).await?;
}
CallbackData::ToggleServer(request_id, server_id) => {
// Both IDs are now full UUIDs from the mapping
let short_request_id = types::generate_short_request_id(&request_id);
let short_server_id = types::generate_short_server_id(&server_id);
handle_toggle_server(bot.clone(), &q, &short_request_id, &short_server_id, &db).await?;
}
CallbackData::ApplyServerAccess(request_id) => {
// The request_id is now the full UUID from the mapping
let short_id = types::generate_short_request_id(&request_id);
handle_apply_server_access(bot.clone(), &q, &short_id, &db).await?;
}
CallbackData::Back => {
// Back to main menu - edit the existing message
handle_start_edit(bot.clone(), &q, &db).await?;
}
CallbackData::BackToConfigs => {
handle_my_configs_edit(bot.clone(), &q, &db).await?;
}
CallbackData::BackToRequests => {
handle_admin_requests_edit(bot.clone(), &q, &db).await?;
}
CallbackData::ManageUsers => {
handle_manage_users(bot.clone(), &q, &db).await?;
}
CallbackData::UserList(page) => {
handle_user_list(bot.clone(), &q, &db, page).await?;
}
CallbackData::UserDetails(user_id) => {
handle_user_details(bot.clone(), &q, &db, &user_id).await?;
}
CallbackData::UserManageAccess(user_id) => {
handle_user_manage_access(bot.clone(), &q, &db, &user_id).await?;
}
CallbackData::UserToggleServer(user_id, server_id) => {
handle_user_toggle_server(bot.clone(), &q, &db, &user_id, &server_id).await?;
}
CallbackData::UserApplyAccess(user_id) => {
handle_user_apply_access(bot.clone(), &q, &db, &user_id).await?;
}
CallbackData::BackToUsers(page) => {
handle_user_list(bot.clone(), &q, &db, page).await?;
}
CallbackData::BackToMenu => {
handle_start_edit(bot.clone(), &q, &db).await?;
}
}
} else {
tracing::warn!("Unknown callback data: {}", data);
return Err("Invalid callback data".into());
}
}
Ok::<(), Box<dyn std::error::Error + Send + Sync>>(())
}.await;
// If any error occurred, send main menu and answer callback query
if let Err(e) = result {
tracing::warn!("Error handling callback query '{}': {}", q.data.as_deref().unwrap_or("None"), e);
// Answer the callback query first to remove loading state
let _ = bot.answer_callback_query(q.id.clone()).await;
// Try to send main menu
if let Some(message) = q.message {
let chat_id = message.chat().id;
let from = &q.from;
let telegram_id = from.id.0 as i64;
let user_repo = crate::database::repository::UserRepository::new(db.connection());
// Try to send main menu - if this fails too, just log it
if let Err(menu_error) = handle_start(bot, chat_id, telegram_id, from, &user_repo, &db).await {
tracing::error!("Failed to send main menu after callback error: {}", menu_error);
}
} else {
tracing::warn!("Unknown callback data: {}", data);
bot.answer_callback_query(q.id.clone()).await?;
}
}
Ok(())
}
}

153
src/services/telegram/handlers/types.rs
View File

@@ -1,7 +1,7 @@
use teloxide::utils::command::BotCommands;
use teloxide::types::{InlineKeyboardButton, InlineKeyboardMarkup, User};
use teloxide::utils::command::BotCommands;
use super::super::localization::{LocalizationService, Language};
use super::super::localization::{Language, LocalizationService};
use std::collections::HashMap;
use std::sync::{Arc, Mutex, OnceLock};
@@ -27,16 +27,25 @@ pub enum CallbackData {
SubscriptionLink,
Support,
AdminRequests,
ApproveRequest(String), // request_id
DeclineRequest(String), // request_id
ViewRequest(String), // request_id
RequestList(u32), // page number
ApproveRequest(String), // request_id
DeclineRequest(String), // request_id
ViewRequest(String), // request_id
ShowServerConfigs(String), // server_name encoded
Back,
BackToConfigs, // Back to configs list from server view
BackToRequests, // Back to requests list from request view
SelectServerAccess(String), // request_id - show server selection after approval
BackToConfigs, // Back to configs list from server view
BackToRequests, // Back to requests list from request view
SelectServerAccess(String), // request_id - show server selection after approval
ToggleServer(String, String), // request_id, server_id - toggle server selection
ApplyServerAccess(String), // request_id - apply selected servers
ApplyServerAccess(String), // request_id - apply selected servers
ManageUsers,
UserList(u32), // page number
UserDetails(String), // user_id
UserManageAccess(String), // user_id
UserToggleServer(String, String), // user_id, server_id
UserApplyAccess(String), // user_id
BackToUsers(u32), // page number
BackToMenu,
}
impl CallbackData {
@@ -47,9 +56,11 @@ impl CallbackData {
"subscription_link" => Some(CallbackData::SubscriptionLink),
"support" => Some(CallbackData::Support),
"admin_requests" => Some(CallbackData::AdminRequests),
"manage_users" => Some(CallbackData::ManageUsers),
"back" => Some(CallbackData::Back),
"back_to_configs" => Some(CallbackData::BackToConfigs),
"back_to_requests" => Some(CallbackData::BackToRequests),
"back_to_menu" => Some(CallbackData::BackToMenu),
_ => {
if let Some(id) = data.strip_prefix("approve:") {
Some(CallbackData::ApproveRequest(id.to_string()))
@@ -64,7 +75,9 @@ impl CallbackData {
} else if let Some(rest) = data.strip_prefix("t:") {
let parts: Vec<&str> = rest.split(':').collect();
if parts.len() == 2 {
if let (Some(request_id), Some(server_id)) = (get_full_request_id(parts[0]), get_full_server_id(parts[1])) {
if let (Some(request_id), Some(server_id)) =
(get_full_request_id(parts[0]), get_full_server_id(parts[1]))
{
Some(CallbackData::ToggleServer(request_id, server_id))
} else {
None
@@ -74,6 +87,31 @@ impl CallbackData {
}
} else if let Some(short_id) = data.strip_prefix("a:") {
get_full_request_id(short_id).map(CallbackData::ApplyServerAccess)
} else if let Some(page_str) = data.strip_prefix("request_list:") {
page_str.parse::<u32>().ok().map(CallbackData::RequestList)
} else if let Some(page_str) = data.strip_prefix("user_list:") {
page_str.parse::<u32>().ok().map(CallbackData::UserList)
} else if let Some(short_user_id) = data.strip_prefix("user_details:") {
get_full_user_id(short_user_id).map(CallbackData::UserDetails)
} else if let Some(short_user_id) = data.strip_prefix("user_manage:") {
get_full_user_id(short_user_id).map(CallbackData::UserManageAccess)
} else if let Some(rest) = data.strip_prefix("user_toggle:") {
let parts: Vec<&str> = rest.split(':').collect();
if parts.len() == 2 {
if let (Some(user_id), Some(server_id)) =
(get_full_user_id(parts[0]), get_full_server_id(parts[1]))
{
Some(CallbackData::UserToggleServer(user_id, server_id))
} else {
None
}
} else {
None
}
} else if let Some(short_user_id) = data.strip_prefix("user_apply:") {
get_full_user_id(short_user_id).map(CallbackData::UserApplyAccess)
} else if let Some(page_str) = data.strip_prefix("back_users:") {
page_str.parse::<u32>().ok().map(CallbackData::BackToUsers)
} else {
None
}
@@ -93,6 +131,10 @@ static REQUEST_COUNTER: OnceLock<Arc<Mutex<u32>>> = OnceLock::new();
static SERVER_ID_MAP: OnceLock<Arc<Mutex<HashMap<String, String>>>> = OnceLock::new();
static SERVER_COUNTER: OnceLock<Arc<Mutex<u32>>> = OnceLock::new();
// Global storage for user ID mappings (short ID -> full UUID)
static USER_ID_MAP: OnceLock<Arc<Mutex<HashMap<String, String>>>> = OnceLock::new();
static USER_COUNTER: OnceLock<Arc<Mutex<u32>>> = OnceLock::new();
pub fn get_selected_servers() -> &'static Arc<Mutex<HashMap<String, Vec<String>>>> {
SELECTED_SERVERS.get_or_init(|| Arc::new(Mutex::new(HashMap::new())))
}
@@ -113,23 +155,31 @@ pub fn get_server_counter() -> &'static Arc<Mutex<u32>> {
SERVER_COUNTER.get_or_init(|| Arc::new(Mutex::new(0)))
}
pub fn get_user_id_map() -> &'static Arc<Mutex<HashMap<String, String>>> {
USER_ID_MAP.get_or_init(|| Arc::new(Mutex::new(HashMap::new())))
}
pub fn get_user_counter() -> &'static Arc<Mutex<u32>> {
USER_COUNTER.get_or_init(|| Arc::new(Mutex::new(0)))
}
/// Generate a short ID for a request UUID and store the mapping
pub fn generate_short_request_id(request_uuid: &str) -> String {
let mut counter = get_request_counter().lock().unwrap();
let mut map = get_request_id_map().lock().unwrap();
// Check if we already have a short ID for this UUID
for (short_id, uuid) in map.iter() {
if uuid == request_uuid {
return short_id.clone();
}
}
// Generate new short ID
*counter += 1;
let short_id = format!("r{}", counter);
map.insert(short_id.clone(), request_uuid.to_string());
short_id
}
@@ -143,19 +193,19 @@ pub fn get_full_request_id(short_id: &str) -> Option<String> {
pub fn generate_short_server_id(server_uuid: &str) -> String {
let mut counter = get_server_counter().lock().unwrap();
let mut map = get_server_id_map().lock().unwrap();
// Check if we already have a short ID for this UUID
for (short_id, uuid) in map.iter() {
if uuid == server_uuid {
return short_id.clone();
}
}
// Generate new short ID
*counter += 1;
let short_id = format!("s{}", counter);
map.insert(short_id.clone(), server_uuid.to_string());
short_id
}
@@ -165,6 +215,32 @@ pub fn get_full_server_id(short_id: &str) -> Option<String> {
map.get(short_id).cloned()
}
/// Generate a short ID for a user UUID and store the mapping
pub fn generate_short_user_id(user_uuid: &str) -> String {
let mut counter = get_user_counter().lock().unwrap();
let mut map = get_user_id_map().lock().unwrap();
// Check if we already have a short ID for this UUID
for (short_id, uuid) in map.iter() {
if uuid == user_uuid {
return short_id.clone();
}
}
// Generate new short ID
*counter += 1;
let short_id = format!("u{}", counter);
map.insert(short_id.clone(), user_uuid.to_string());
short_id
}
/// Get full user UUID from short ID
pub fn get_full_user_id(short_id: &str) -> Option<String> {
let map = get_user_id_map().lock().unwrap();
map.get(short_id).cloned()
}
/// Helper function to get user language from Telegram user data
pub fn get_user_language(user: &User) -> Language {
Language::from_telegram_code(user.language_code.as_deref())
@@ -173,27 +249,44 @@ pub fn get_user_language(user: &User) -> Language {
/// Main keyboard for registered users
pub fn get_main_keyboard(is_admin: bool, lang: Language) -> InlineKeyboardMarkup {
let l10n = LocalizationService::new();
let mut keyboard = vec![
vec![InlineKeyboardButton::callback("🔗 Subscription Link", "subscription_link")],
vec![InlineKeyboardButton::callback(l10n.get(lang.clone(), "my_configs"), "my_configs")],
vec![InlineKeyboardButton::callback(l10n.get(lang.clone(), "support"), "support")],
vec![InlineKeyboardButton::callback(
l10n.get(lang.clone(), "subscription_link"),
"subscription_link",
)],
vec![InlineKeyboardButton::callback(
l10n.get(lang.clone(), "my_configs"),
"my_configs",
)],
vec![InlineKeyboardButton::callback(
l10n.get(lang.clone(), "support"),
"support",
)],
];
if is_admin {
keyboard.push(vec![InlineKeyboardButton::callback(l10n.get(lang, "user_requests"), "admin_requests")]);
keyboard.push(vec![InlineKeyboardButton::callback(
l10n.get(lang.clone(), "user_requests"),
"admin_requests",
)]);
keyboard.push(vec![InlineKeyboardButton::callback(
l10n.get(lang, "manage_users"),
"manage_users",
)]);
}
InlineKeyboardMarkup::new(keyboard)
}
/// Keyboard for new users
pub fn get_new_user_keyboard(lang: Language) -> InlineKeyboardMarkup {
let l10n = LocalizationService::new();
InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "get_vpn_access"), "request_access")],
])
InlineKeyboardMarkup::new(vec![vec![InlineKeyboardButton::callback(
l10n.get(lang, "get_vpn_access"),
"request_access",
)]])
}
/// Restore UUID from compact format (without dashes)
@@ -201,7 +294,7 @@ fn restore_uuid(compact: &str) -> Option<String> {
if compact.len() != 32 {
return None;
}
// Insert dashes at proper positions for UUID format
let uuid_str = format!(
"{}-{}-{}-{}-{}",
@@ -211,6 +304,6 @@ fn restore_uuid(compact: &str) -> Option<String> {
&compact[16..20],
&compact[20..32]
);
Some(uuid_str)
}
}

590
src/services/telegram/handlers/user.rs
View File

@@ -1,11 +1,14 @@
use teloxide::{prelude::*, types::{InlineKeyboardButton, InlineKeyboardMarkup}};
use base64::{Engine, engine::general_purpose};
use base64::{engine::general_purpose, Engine};
use teloxide::{
prelude::*,
types::{InlineKeyboardButton, InlineKeyboardMarkup},
};
use crate::database::DatabaseManager;
use crate::database::repository::{UserRepository, UserRequestRepository};
use super::super::localization::{Language, LocalizationService};
use super::types::{get_main_keyboard, get_new_user_keyboard, get_user_language};
use crate::database::entities::user_request::{CreateUserRequestDto, RequestStatus};
use super::super::localization::{LocalizationService, Language};
use super::types::{get_user_language, get_main_keyboard, get_new_user_keyboard};
use crate::database::repository::{UserRepository, UserRequestRepository};
use crate::database::DatabaseManager;
/// Handle start command and main menu
pub async fn handle_start(
@@ -28,23 +31,24 @@ pub async fn handle_start_edit(
let from = &q.from;
let telegram_id = from.id.0 as i64;
let user_repo = UserRepository::new(db.connection());
if let Some(msg) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(regular_msg) = msg {
let chat_id = regular_msg.chat.id;
handle_start_impl(
bot.clone(),
chat_id,
telegram_id,
from,
&user_repo,
db,
bot.clone(),
chat_id,
telegram_id,
from,
&user_repo,
db,
Some(regular_msg.id),
Some(q.id.clone())
).await?;
Some(q.id.clone()),
)
.await?;
}
}
Ok(())
}
@@ -61,37 +65,53 @@ async fn handle_start_impl(
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let lang = get_user_language(from);
let l10n = LocalizationService::new();
// Check if user exists in our database
match user_repo.get_by_telegram_id(telegram_id).await {
Ok(Some(user)) => {
// Check if user is admin
let is_admin = user_repo.is_telegram_id_admin(telegram_id).await.unwrap_or(false);
let is_admin = user_repo
.is_telegram_id_admin(telegram_id)
.await
.unwrap_or(false);
// Check if user has any pending requests
let request_repo = UserRequestRepository::new(db.connection().clone());
// Check for existing requests
if let Ok(existing_requests) = request_repo.find_by_telegram_id(telegram_id).await {
if let Some(latest_request) = existing_requests.into_iter()
.filter(|r| r.status == "pending" || r.status == "approved" || r.status == "declined")
.max_by_key(|r| r.created_at) {
if let Some(latest_request) = existing_requests
.into_iter()
.filter(|r| {
r.status == "pending" || r.status == "approved" || r.status == "declined"
})
.max_by_key(|r| r.created_at)
{
match latest_request.status.as_str() {
"pending" => {
let message = l10n.format(lang.clone(), "request_pending", &[
("status", "⏳ pending"),
("date", &latest_request.created_at.format("%Y-%m-%d %H:%M UTC").to_string())
]);
let message = l10n.format(
lang.clone(),
"request_pending",
&[
("status", "⏳ pending"),
(
"date",
&latest_request
.created_at
.format("%Y-%m-%d %H:%M UTC")
.to_string(),
),
],
);
let keyboard = get_new_user_keyboard(lang);
if let Some(msg_id) = edit_message_id {
bot.edit_message_text(chat_id, msg_id, message)
.parse_mode(teloxide::types::ParseMode::Html)
.reply_markup(keyboard)
.await?;
if let Some(cb_id) = callback_query_id {
bot.answer_callback_query(cb_id).await?;
}
@@ -104,19 +124,29 @@ async fn handle_start_impl(
return Ok(());
}
"declined" => {
let message = l10n.format(lang.clone(), "request_pending", &[
("status", &l10n.get(lang.clone(), "request_declined_status")),
("date", &latest_request.created_at.format("%Y-%m-%d %H:%M UTC").to_string())
]);
let message = l10n.format(
lang.clone(),
"request_pending",
&[
("status", &l10n.get(lang.clone(), "request_declined_status")),
(
"date",
&latest_request
.created_at
.format("%Y-%m-%d %H:%M UTC")
.to_string(),
),
],
);
let keyboard = get_new_user_keyboard(lang);
if let Some(msg_id) = edit_message_id {
bot.edit_message_text(chat_id, msg_id, message)
.parse_mode(teloxide::types::ParseMode::Html)
.reply_markup(keyboard)
.await?;
if let Some(cb_id) = callback_query_id {
bot.answer_callback_query(cb_id).await?;
}
@@ -132,16 +162,16 @@ async fn handle_start_impl(
}
}
}
// Existing user - show main menu
let message = l10n.format(lang.clone(), "welcome_back", &[("name", &user.name)]);
let keyboard = get_main_keyboard(is_admin, lang);
if let Some(msg_id) = edit_message_id {
bot.edit_message_text(chat_id, msg_id, message)
.reply_markup(keyboard)
.await?;
if let Some(cb_id) = callback_query_id {
bot.answer_callback_query(cb_id).await?;
}
@@ -156,12 +186,12 @@ async fn handle_start_impl(
let username = from.username.as_deref().unwrap_or("Unknown");
let message = l10n.format(lang.clone(), "welcome_new_user", &[("username", username)]);
let keyboard = get_new_user_keyboard(lang);
if let Some(msg_id) = edit_message_id {
bot.edit_message_text(chat_id, msg_id, message)
.reply_markup(keyboard)
.await?;
if let Some(cb_id) = callback_query_id {
bot.answer_callback_query(cb_id).await?;
}
@@ -176,7 +206,7 @@ async fn handle_start_impl(
bot.send_message(chat_id, "Database error occurred").await?;
}
}
Ok(())
}
@@ -190,56 +220,73 @@ pub async fn handle_request_access(
let lang = get_user_language(from);
let l10n = LocalizationService::new();
let telegram_id = from.id.0 as i64;
let chat_id = q.message.as_ref().and_then(|m| {
match m {
let chat_id = q
.message
.as_ref()
.and_then(|m| match m {
teloxide::types::MaybeInaccessibleMessage::Regular(msg) => Some(msg.chat.id),
_ => None,
}
}).ok_or("No chat ID")?;
})
.ok_or("No chat ID")?;
let user_repo = UserRepository::new(db.connection());
let request_repo = UserRequestRepository::new(db.connection().clone());
// Check if user already exists
if let Some(_) = user_repo.get_by_telegram_id(telegram_id).await.unwrap_or(None) {
if let Some(_) = user_repo
.get_by_telegram_id(telegram_id)
.await
.unwrap_or(None)
{
bot.answer_callback_query(q.id.clone())
.text(l10n.get(lang, "already_approved"))
.await?;
return Ok(());
}
// Check for existing requests
if let Ok(existing_requests) = request_repo.find_by_telegram_id(telegram_id).await {
if let Some(latest_request) = existing_requests.iter()
if let Some(latest_request) = existing_requests
.iter()
.filter(|r| r.status == "pending")
.max_by_key(|r| r.created_at) {
.max_by_key(|r| r.created_at)
{
// Show pending status in the message instead of just an alert
let message = l10n.format(lang.clone(), "request_pending", &[
("status", "⏳ pending"),
("date", &latest_request.created_at.format("%Y-%m-%d %H:%M UTC").to_string())
]);
let message = l10n.format(
lang.clone(),
"request_pending",
&[
("status", "⏳ pending"),
(
"date",
&latest_request
.created_at
.format("%Y-%m-%d %H:%M UTC")
.to_string(),
),
],
);
if let Some(message_ref) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(msg) = message_ref {
let _ = bot.edit_message_text(chat_id, msg.id, message)
let _ = bot
.edit_message_text(chat_id, msg.id, message)
.parse_mode(teloxide::types::ParseMode::Html)
.reply_markup(InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "back"), "back")],
]))
.reply_markup(InlineKeyboardMarkup::new(vec![vec![
InlineKeyboardButton::callback(l10n.get(lang, "back"), "back"),
]]))
.await;
}
}
bot.answer_callback_query(q.id.clone()).await?;
return Ok(());
}
// Check for declined requests - allow new request after decline
let _has_declined = existing_requests.iter()
.any(|r| r.status == "declined");
let _has_declined = existing_requests.iter().any(|r| r.status == "declined");
}
// Create new access request
let dto = CreateUserRequestDto {
telegram_id,
@@ -249,23 +296,28 @@ pub async fn handle_request_access(
request_message: Some("Access request via Telegram bot".to_string()),
language: lang.code().to_string(),
};
match request_repo.create(dto).await {
Ok(request) => {
// Edit message to show success
if let Some(message) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(msg) = message {
let _ = bot.edit_message_text(chat_id, msg.id, l10n.get(lang.clone(), "request_submitted"))
.reply_markup(InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "back"), "back")],
]))
let _ = bot
.edit_message_text(
chat_id,
msg.id,
l10n.get(lang.clone(), "request_submitted"),
)
.reply_markup(InlineKeyboardMarkup::new(vec![vec![
InlineKeyboardButton::callback(l10n.get(lang, "back"), "back"),
]]))
.await;
}
}
// Notify admins
notify_admins_new_request(&bot, &request, db).await?;
bot.answer_callback_query(q.id.clone()).await?;
}
Err(e) => {
@@ -275,7 +327,7 @@ pub async fn handle_request_access(
.await?;
}
}
Ok(())
}
@@ -289,64 +341,83 @@ pub async fn handle_my_configs_edit(
let lang = get_user_language(from);
let l10n = LocalizationService::new();
let telegram_id = from.id.0 as i64;
let chat_id = q.message.as_ref().and_then(|m| {
match m {
let chat_id = q
.message
.as_ref()
.and_then(|m| match m {
teloxide::types::MaybeInaccessibleMessage::Regular(msg) => Some(msg.chat.id),
_ => None,
}
}).ok_or("No chat ID")?;
})
.ok_or("No chat ID")?;
let user_repo = UserRepository::new(db.connection());
let inbound_users_repo = crate::database::repository::InboundUsersRepository::new(db.connection().clone());
let inbound_users_repo =
crate::database::repository::InboundUsersRepository::new(db.connection().clone());
let uri_service = crate::services::UriGeneratorService::new();
if let Some(user) = user_repo.get_by_telegram_id(telegram_id).await.unwrap_or(None) {
if let Some(user) = user_repo
.get_by_telegram_id(telegram_id)
.await
.unwrap_or(None)
{
// Get all active inbound users for this user
let inbound_users = inbound_users_repo.find_by_user_id(user.id).await.unwrap_or_default();
let inbound_users = inbound_users_repo
.find_by_user_id(user.id)
.await
.unwrap_or_default();
if inbound_users.is_empty() {
// Edit message to show no configs available
if let Some(msg) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(regular_msg) = msg {
bot.edit_message_text(chat_id, regular_msg.id, l10n.get(lang.clone(), "no_configs_available"))
.reply_markup(InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "back"), "back")],
]))
.await?;
bot.edit_message_text(
chat_id,
regular_msg.id,
l10n.get(lang.clone(), "no_configs_available"),
)
.reply_markup(InlineKeyboardMarkup::new(vec![vec![
InlineKeyboardButton::callback(l10n.get(lang, "back"), "back"),
]]))
.await?;
}
}
bot.answer_callback_query(q.id.clone()).await?;
return Ok(());
}
// Structure to hold config with inbound_id
#[derive(Debug, Clone)]
struct ConfigWithInbound {
client_config: crate::services::uri_generator::ClientConfig,
server_inbound_id: uuid::Uuid,
}
// Group configurations by server name
let mut servers: std::collections::HashMap<String, Vec<ConfigWithInbound>> = std::collections::HashMap::new();
let mut servers: std::collections::HashMap<String, Vec<ConfigWithInbound>> =
std::collections::HashMap::new();
for inbound_user in inbound_users {
if !inbound_user.is_active {
continue;
}
// Get client config data for this specific inbound
if let Ok(Some(config_data)) = inbound_users_repo.get_client_config_data(user.id, inbound_user.server_inbound_id).await {
if let Ok(Some(config_data)) = inbound_users_repo
.get_client_config_data(user.id, inbound_user.server_inbound_id)
.await
{
match uri_service.generate_client_config(user.id, &config_data) {
Ok(client_config) => {
let config_with_inbound = ConfigWithInbound {
client_config: client_config.clone(),
server_inbound_id: inbound_user.server_inbound_id,
};
servers.entry(client_config.server_name.clone())
servers
.entry(client_config.server_name.clone())
.or_insert_with(Vec::new)
.push(config_with_inbound);
},
}
Err(e) => {
tracing::warn!("Failed to generate client config: {}", e);
continue;
@@ -354,14 +425,14 @@ pub async fn handle_my_configs_edit(
}
}
}
// Build message with statistics only
let mut message_lines = vec![l10n.get(lang.clone(), "your_configurations")];
// Calculate statistics
let server_count = servers.len();
let total_configs = servers.values().map(|configs| configs.len()).sum::<usize>();
// Count unique protocols
let mut protocols = std::collections::HashSet::new();
for configs in servers.values() {
@@ -369,96 +440,122 @@ pub async fn handle_my_configs_edit(
protocols.insert(config_with_inbound.client_config.protocol.clone());
}
}
let server_word = match lang {
Language::Russian => {
if server_count == 1 { "сервер" }
else if server_count < 5 { "сервера" }
else { "серверов" }
},
if server_count == 1 {
"сервер"
} else if server_count < 5 {
"сервера"
} else {
"серверов"
}
}
Language::English => {
if server_count == 1 { "server" }
else { "servers" }
if server_count == 1 {
"server"
} else {
"servers"
}
}
};
let config_word = match lang {
Language::Russian => {
if total_configs == 1 { "конфигурация" }
else if total_configs < 5 { "конфигурации" }
else { "конфигураций" }
},
if total_configs == 1 {
"конфигурация"
} else if total_configs < 5 {
"конфигурации"
} else {
"конфигураций"
}
}
Language::English => {
if total_configs == 1 { "configuration" }
else { "configurations" }
if total_configs == 1 {
"configuration"
} else {
"configurations"
}
}
};
let protocol_word = match lang {
Language::Russian => {
if protocols.len() == 1 { "протокол" }
else if protocols.len() < 5 { "протокола" }
else { "протоколов" }
},
if protocols.len() == 1 {
"протокол"
} else if protocols.len() < 5 {
"протокола"
} else {
"протоколов"
}
}
Language::English => {
if protocols.len() == 1 { "protocol" }
else { "protocols" }
if protocols.len() == 1 {
"protocol"
} else {
"protocols"
}
}
};
message_lines.push(format!(
"\n📊 {} {}{} {}{} {}",
server_count, server_word,
total_configs, config_word,
protocols.len(), protocol_word
server_count,
server_word,
total_configs,
config_word,
protocols.len(),
protocol_word
));
// Create keyboard with buttons for each server
let mut keyboard_buttons = vec![];
for (server_name, configs) in servers.iter() {
// Encode server name to avoid issues with special characters
let encoded_server_name = general_purpose::STANDARD.encode(server_name.as_bytes());
let config_count = configs.len();
let config_suffix = match lang {
Language::Russian => {
if config_count == 1 {
""
} else if config_count < 5 {
"а"
} else {
"ов"
if config_count == 1 {
""
} else if config_count < 5 {
"а"
} else {
"ов"
}
},
}
Language::English => {
if config_count == 1 {
""
} else {
"s"
if config_count == 1 {
""
} else {
"s"
}
}
};
let config_word = match lang {
Language::Russian => "конфиг",
Language::English => "config",
};
keyboard_buttons.push(vec![
InlineKeyboardButton::callback(
format!("🖥️ {} ({} {}{})", server_name, config_count, config_word, config_suffix),
format!("server_configs:{}", encoded_server_name)
)
]);
keyboard_buttons.push(vec![InlineKeyboardButton::callback(
format!(
"🖥️ {} ({} {}{})",
server_name, config_count, config_word, config_suffix
),
format!("server_configs:{}", encoded_server_name),
)]);
}
keyboard_buttons.push(vec![
InlineKeyboardButton::callback(l10n.get(lang, "back"), "back")
]);
keyboard_buttons.push(vec![InlineKeyboardButton::callback(
l10n.get(lang, "back"),
"back",
)]);
let message = message_lines.join("\n");
// Edit the existing message instead of sending a new one
if let Some(msg) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(regular_msg) = msg {
@@ -468,10 +565,10 @@ pub async fn handle_my_configs_edit(
.await?;
}
}
bot.answer_callback_query(q.id.clone()).await?;
}
Ok(())
}
@@ -486,42 +583,55 @@ pub async fn handle_show_server_configs(
let lang = get_user_language(from);
let l10n = LocalizationService::new();
let telegram_id = from.id.0 as i64;
let chat_id = q.message.as_ref().and_then(|m| {
match m {
let chat_id = q
.message
.as_ref()
.and_then(|m| match m {
teloxide::types::MaybeInaccessibleMessage::Regular(msg) => Some(msg.chat.id),
_ => None,
}
}).ok_or("No chat ID")?;
})
.ok_or("No chat ID")?;
// Decode server name
let server_name = match general_purpose::STANDARD.decode(encoded_server_name) {
Ok(bytes) => String::from_utf8(bytes).map_err(|_| "Invalid server name encoding")?,
Err(_) => return Ok(()), // Invalid encoding, ignore
};
let user_repo = UserRepository::new(db.connection());
let inbound_users_repo = crate::database::repository::InboundUsersRepository::new(db.connection().clone());
let inbound_users_repo =
crate::database::repository::InboundUsersRepository::new(db.connection().clone());
let uri_service = crate::services::UriGeneratorService::new();
// Get user from telegram_id
if let Some(user) = user_repo.get_by_telegram_id(telegram_id).await.unwrap_or(None) {
if let Some(user) = user_repo
.get_by_telegram_id(telegram_id)
.await
.unwrap_or(None)
{
// Get all active inbound users for this user
let inbound_users = inbound_users_repo.find_by_user_id(user.id).await.unwrap_or_default();
let inbound_users = inbound_users_repo
.find_by_user_id(user.id)
.await
.unwrap_or_default();
let mut server_configs = Vec::new();
for inbound_user in inbound_users {
if !inbound_user.is_active {
continue;
}
// Get client config data for this specific inbound
if let Ok(Some(config_data)) = inbound_users_repo.get_client_config_data(user.id, inbound_user.server_inbound_id).await {
if let Ok(Some(config_data)) = inbound_users_repo
.get_client_config_data(user.id, inbound_user.server_inbound_id)
.await
{
if config_data.server_name == server_name {
match uri_service.generate_client_config(user.id, &config_data) {
Ok(client_config) => {
server_configs.push(client_config);
},
}
Err(e) => {
tracing::warn!("Failed to generate client config: {}", e);
continue;
@@ -530,28 +640,30 @@ pub async fn handle_show_server_configs(
}
}
}
if server_configs.is_empty() {
bot.answer_callback_query(q.id.clone())
.text(l10n.get(lang, "config_not_found"))
.await?;
return Ok(());
}
// Build message with all configs for this server
let mut message_lines = vec![
l10n.format(lang.clone(), "server_configs_title", &[("server_name", &server_name)])
];
let mut message_lines = vec![l10n.format(
lang.clone(),
"server_configs_title",
&[("server_name", &server_name)],
)];
for config in &server_configs {
let protocol_emoji = match config.protocol.as_str() {
"vless" => "🔵",
"vmess" => "🟢",
"vmess" => "🟢",
"trojan" => "🔴",
"shadowsocks" => "🟡",
_ => ""
_ => "",
};
message_lines.push(format!(
"\n{} <b>{} - {}</b> ({})",
protocol_emoji,
@@ -559,17 +671,18 @@ pub async fn handle_show_server_configs(
config.template_name,
config.protocol.to_uppercase()
));
message_lines.push(format!("<code>{}</code>", config.uri));
}
// Create back button
let keyboard = InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "back"), "back_to_configs")],
]);
let keyboard = InlineKeyboardMarkup::new(vec![vec![InlineKeyboardButton::callback(
l10n.get(lang, "back"),
"back_to_configs",
)]]);
let message = message_lines.join("\n");
// Edit the existing message instead of sending a new one
if let Some(msg) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(regular_msg) = msg {
@@ -579,14 +692,14 @@ pub async fn handle_show_server_configs(
.await?;
}
}
bot.answer_callback_query(q.id.clone()).await?;
} else {
bot.answer_callback_query(q.id.clone())
.text(l10n.get(lang, "unauthorized"))
.await?;
}
Ok(())
}
@@ -598,17 +711,20 @@ pub async fn handle_support(
let from = &q.from;
let lang = get_user_language(from);
let l10n = LocalizationService::new();
let chat_id = q.message.as_ref().and_then(|m| {
match m {
let chat_id = q
.message
.as_ref()
.and_then(|m| match m {
teloxide::types::MaybeInaccessibleMessage::Regular(msg) => Some(msg.chat.id),
_ => None,
}
}).ok_or("No chat ID")?;
let keyboard = InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang.clone(), "back"), "back")],
]);
})
.ok_or("No chat ID")?;
let keyboard = InlineKeyboardMarkup::new(vec![vec![InlineKeyboardButton::callback(
l10n.get(lang.clone(), "back"),
"back",
)]]);
// Edit the existing message instead of sending a new one
if let Some(msg) = &q.message {
if let teloxide::types::MaybeInaccessibleMessage::Regular(regular_msg) = msg {
@@ -618,9 +734,9 @@ pub async fn handle_support(
.await?;
}
}
bot.answer_callback_query(q.id.clone()).await?;
Ok(())
}
@@ -631,40 +747,61 @@ async fn notify_admins_new_request(
db: &DatabaseManager,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let user_repo = UserRepository::new(db.connection());
// Get all admins
let admins = user_repo.get_telegram_admins().await.unwrap_or_default();
if !admins.is_empty() {
let lang = Language::English; // Default admin language
let l10n = LocalizationService::new();
let message = l10n.format(lang.clone(), "new_access_request", &[
("first_name", &request.telegram_first_name.as_deref().unwrap_or("")),
("last_name", &request.telegram_last_name.as_deref().unwrap_or("")),
("username", &request.telegram_username.as_deref().unwrap_or("unknown")),
]);
let message = l10n.format(
lang.clone(),
"new_access_request",
&[
(
"first_name",
&request.telegram_first_name.as_deref().unwrap_or(""),
),
(
"last_name",
&request.telegram_last_name.as_deref().unwrap_or(""),
),
(
"username",
&request.telegram_username.as_deref().unwrap_or("unknown"),
),
],
);
let keyboard = InlineKeyboardMarkup::new(vec![
vec![
InlineKeyboardButton::callback(l10n.get(lang.clone(), "approve"), format!("approve:{}", request.id)),
InlineKeyboardButton::callback(l10n.get(lang.clone(), "decline"), format!("decline:{}", request.id)),
],
vec![
InlineKeyboardButton::callback("📋 All Requests", "back_to_requests"),
InlineKeyboardButton::callback(
l10n.get(lang.clone(), "approve"),
format!("approve:{}", request.id),
),
InlineKeyboardButton::callback(
l10n.get(lang.clone(), "decline"),
format!("decline:{}", request.id),
),
],
vec![InlineKeyboardButton::callback(
"📋 All Requests",
"back_to_requests",
)],
]);
for admin in admins {
if let Some(telegram_id) = admin.telegram_id {
let _ = bot.send_message(ChatId(telegram_id), &message)
let _ = bot
.send_message(ChatId(telegram_id), &message)
.parse_mode(teloxide::types::ParseMode::Html)
.reply_markup(keyboard.clone())
.await;
}
}
}
Ok(())
}
@@ -685,7 +822,7 @@ pub async fn handle_subscription_link(
if let Ok(Some(user)) = user_repo.get_by_telegram_id(telegram_id).await {
// Generate subscription URL
let subscription_url = format!("{}/sub/{}", app_config.web.base_url, user.id);
let message = match lang {
Language::Russian => {
format!(
@@ -695,7 +832,7 @@ pub async fn handle_subscription_link(
💡 <i>Эта ссылка содержит все ваши конфигурации и автоматически обновляется при изменениях</i>",
subscription_url
)
},
}
Language::English => {
format!(
"🔗 <b>Your Subscription Link</b>\n\n\
@@ -707,9 +844,10 @@ pub async fn handle_subscription_link(
}
};
let keyboard = InlineKeyboardMarkup::new(vec![
vec![InlineKeyboardButton::callback(l10n.get(lang, "back"), "back")],
]);
let keyboard = InlineKeyboardMarkup::new(vec![vec![InlineKeyboardButton::callback(
l10n.get(lang, "back"),
"back",
)]]);
// Edit the existing message
if let Some(msg) = &q.message {
@@ -731,4 +869,4 @@ pub async fn handle_subscription_link(
bot.answer_callback_query(q.id.clone()).await?;
Ok(())
}
}

120
src/services/telegram/localization/mod.rs
View File

@@ -1,5 +1,5 @@
use std::collections::HashMap;
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub enum Language {
@@ -37,20 +37,20 @@ pub struct Translations {
pub back: String,
pub approve: String,
pub decline: String,
// Request handling
pub already_pending: String,
pub already_approved: String,
pub already_declined: String,
pub request_submitted: String,
pub request_submit_failed: String,
// Approval/Decline messages
pub request_approved: String,
pub request_declined: String,
pub request_approved_notification: String,
pub request_declined_notification: String,
// Admin messages
pub new_access_request: String,
pub no_pending_requests: String,
@@ -59,22 +59,22 @@ pub struct Translations {
pub request_approved_admin: String,
pub request_declined_admin: String,
pub user_creation_failed: String,
// Support
pub support_info: String,
// Stats
pub statistics: String,
pub total_users: String,
pub total_servers: String,
pub total_inbounds: String,
pub pending_requests: String,
// Broadcast
pub broadcast_complete: String,
pub sent: String,
pub failed: String,
// Configs
pub configs_coming_soon: String,
pub your_configurations: String,
@@ -83,7 +83,28 @@ pub struct Translations {
pub config_copied: String,
pub config_not_found: String,
pub server_configs_title: String,
// Subscription
pub subscription_link: String,
// User Management
pub manage_users: String,
pub user_list: String,
pub user_details: String,
pub manage_access: String,
pub remove_access: String,
pub grant_access: String,
pub user_info: String,
pub no_users_found: String,
pub page_info: String,
pub next_page: String,
pub prev_page: String,
pub back_to_users: String,
pub back_to_menu: String,
pub access_updated: String,
pub access_removed: String,
pub access_granted: String,
// Errors
pub error_occurred: String,
pub admin_not_found: String,
@@ -98,20 +119,22 @@ pub struct LocalizationService {
impl LocalizationService {
pub fn new() -> Self {
let mut translations = HashMap::new();
// Load English translations
translations.insert(Language::English, Self::load_english());
// Load Russian translations
translations.insert(Language::Russian, Self::load_russian());
Self { translations }
}
pub fn get(&self, lang: Language, key: &str) -> String {
let translations = self.translations.get(&lang)
let translations = self
.translations
.get(&lang)
.unwrap_or_else(|| self.translations.get(&Language::English).unwrap());
match key {
"welcome_new_user" => translations.welcome_new_user.clone(),
"welcome_back" => translations.welcome_back.clone(),
@@ -157,6 +180,23 @@ impl LocalizationService {
"config_copied" => translations.config_copied.clone(),
"config_not_found" => translations.config_not_found.clone(),
"server_configs_title" => translations.server_configs_title.clone(),
"subscription_link" => translations.subscription_link.clone(),
"manage_users" => translations.manage_users.clone(),
"user_list" => translations.user_list.clone(),
"user_details" => translations.user_details.clone(),
"manage_access" => translations.manage_access.clone(),
"remove_access" => translations.remove_access.clone(),
"grant_access" => translations.grant_access.clone(),
"user_info" => translations.user_info.clone(),
"no_users_found" => translations.no_users_found.clone(),
"page_info" => translations.page_info.clone(),
"next_page" => translations.next_page.clone(),
"prev_page" => translations.prev_page.clone(),
"back_to_users" => translations.back_to_users.clone(),
"back_to_menu" => translations.back_to_menu.clone(),
"access_updated" => translations.access_updated.clone(),
"access_removed" => translations.access_removed.clone(),
"access_granted" => translations.access_granted.clone(),
"error_occurred" => translations.error_occurred.clone(),
"admin_not_found" => translations.admin_not_found.clone(),
"request_not_found" => translations.request_not_found.clone(),
@@ -183,7 +223,7 @@ impl LocalizationService {
get_vpn_access: "🚀 Get VPN Access".to_string(),
my_configs: "📋 My Configs".to_string(),
support: "💬 Support".to_string(),
user_requests: "👥 User Requests".to_string(),
user_requests: " User Requests".to_string(),
back: "🔙 Back".to_string(),
approve: "✅ Approve".to_string(),
decline: "❌ Decline".to_string(),
@@ -201,13 +241,13 @@ impl LocalizationService {
new_access_request: "🔔 <b>New Access Request</b>\n\n👤 Name: {first_name} {last_name}\n🆔 Username: @{username}\n\nUse /requests to review".to_string(),
no_pending_requests: "No pending access requests".to_string(),
access_request_details: "📋 <b>Access Request</b>\n\n👤 Name: {full_name}\n🆔 Telegram: {telegram_link}\n📅 Requested: {date}\n\nMessage: {message}".to_string(),
access_request_details: " <b>Access Request</b>\n\n👤 Name: {full_name}\n🆔 Telegram: {telegram_link}\n📅 Requested: {date}\n\nMessage: {message}".to_string(),
unauthorized: "❌ You are not authorized to use this command".to_string(),
request_approved_admin: "✅ Request approved".to_string(),
request_declined_admin: "❌ Request declined".to_string(),
user_creation_failed: "❌ Failed to create user account: {error}\n\nPlease try again or contact technical support.".to_string(),
support_info: "💬 <b>Support Information</b>\n\nIf you need help, please contact the administrators.\n\nYou can also check the documentation at:\nhttps://github.com/OutFleet".to_string(),
support_info: "💬 <b>Support Information</b>\n\n📱 <b>How to connect:</b>\n1. Download v2raytun app for Android or iOS from:\n https://v2raytun.com/\n\n2. Add your subscription link from \"🔗 Subscription Link\" menu\n OR\n Add individual server links from \"📋 My Configs\"\n\n3. Connect and enjoy secure VPN!\n\n❓ If you need help, please contact the administrators.".to_string(),
statistics: "📊 <b>Statistics</b>\n\n👥 Total Users: {users}\n🖥️ Total Servers: {servers}\n📡 Total Inbounds: {inbounds}\n⏳ Pending Requests: {pending}".to_string(),
total_users: "👥 Total Users".to_string(),
@@ -227,6 +267,25 @@ impl LocalizationService {
config_not_found: "❌ Configuration not found".to_string(),
server_configs_title: "🖥️ <b>{server_name}</b> - Connection Links".to_string(),
subscription_link: "🔗 Subscription Link".to_string(),
manage_users: "👥 Manage Users".to_string(),
user_list: "👥 User List".to_string(),
user_details: "👤 User Details".to_string(),
manage_access: "🔧 Manage Access".to_string(),
remove_access: "❌ Remove Access".to_string(),
grant_access: "✅ Grant Access".to_string(),
user_info: "User Information".to_string(),
no_users_found: "No users found".to_string(),
page_info: "Page {page} of {total}".to_string(),
next_page: "Next →".to_string(),
prev_page: "← Previous".to_string(),
back_to_users: "👥 Back to Users".to_string(),
back_to_menu: "🏠 Main Menu".to_string(),
access_updated: "✅ Access updated successfully".to_string(),
access_removed: "❌ Access removed successfully".to_string(),
access_granted: "✅ Access granted successfully".to_string(),
error_occurred: "An error occurred".to_string(),
admin_not_found: "Admin not found".to_string(),
request_not_found: "Request not found".to_string(),
@@ -244,7 +303,7 @@ impl LocalizationService {
get_vpn_access: "🚀 Получить доступ к VPN".to_string(),
my_configs: "📋 Мои конфигурации".to_string(),
support: "💬 Поддержка".to_string(),
user_requests: "👥 Запросы пользователей".to_string(),
user_requests: " Запросы пользователей".to_string(),
back: "🔙 Назад".to_string(),
approve: "✅ Одобрить".to_string(),
decline: "❌ Отклонить".to_string(),
@@ -262,13 +321,13 @@ impl LocalizationService {
new_access_request: "🔔 <b>Новый запрос на доступ</b>\n\n👤 Имя: {first_name} {last_name}\n🆔 Имя пользователя: @{username}\n\nИспользуйте /requests для просмотра".to_string(),
no_pending_requests: "Нет ожидающих запросов на доступ".to_string(),
access_request_details: "📋 <b>Запрос на доступ</b>\n\n👤 Имя: {full_name}\n🆔 Telegram: {telegram_link}\n📅 Запрошено: {date}\n\nСообщение: {message}".to_string(),
access_request_details: " <b>Запрос на доступ</b>\n\n👤 Имя: {full_name}\n🆔 Telegram: {telegram_link}\n📅 Запрошено: {date}\n\nСообщение: {message}".to_string(),
unauthorized: "У вас нет прав для использования этой команды".to_string(),
request_approved_admin: "✅ Запрос одобрен".to_string(),
request_declined_admin: "❌ Запрос отклонен".to_string(),
user_creation_failed: "Не удалось создать аккаунт пользователя: {error}\n\nПожалуйста, попробуйте еще раз или обратитесь в техническую поддержку.".to_string(),
support_info: "💬 <b>Информация о поддержке</b>\n\nЕсли вам нужна помощь, пожалуйста, свяжитесь с администраторами.\n\nВы также можете ознакомиться с документацией по адресу:\nhttps://github.com/OutFleet".to_string(),
support_info: "💬 <b>Информация о поддержке</b>\n\n📱 <b>Как подключиться:</b>\n1. Скачайте приложение v2raytun для Android или iOS с сайта:\n https://v2raytun.com/\n\n2. Добавьте ссылку подписки из меню \"🔗 Ссылка подписки\"\n ИЛИ\n Добавьте отдельные ссылки серверов из \"📋 Мои конфигурации\"\n\n3. Подключайтесь и наслаждайтесь безопасным VPN!\n\n❓ Если нужна помощь, обратитесь к администраторам.".to_string(),
statistics: "📊 <b>Статистика</b>\n\n👥 Всего пользователей: {users}\n🖥️ Всего серверов: {servers}\n📡 Всего входящих подключений: {inbounds}\n⏳ Ожидающих запросов: {pending}".to_string(),
total_users: "👥 Всего пользователей".to_string(),
@@ -288,10 +347,29 @@ impl LocalizationService {
config_not_found: "❌ Конфигурация не найдена".to_string(),
server_configs_title: "🖥️ <b>{server_name}</b> - Ссылки для подключения".to_string(),
subscription_link: "🔗 Ссылка подписки".to_string(),
manage_users: "👥 Управление пользователями".to_string(),
user_list: "👥 Список пользователей".to_string(),
user_details: "👤 Данные пользователя".to_string(),
manage_access: "🔧 Управление доступом".to_string(),
remove_access: "❌ Убрать доступ".to_string(),
grant_access: "✅ Предоставить доступ".to_string(),
user_info: "Информация о пользователе".to_string(),
no_users_found: "Пользователи не найдены".to_string(),
page_info: "Страница {page} из {total}".to_string(),
next_page: "Далее →".to_string(),
prev_page: "← Назад".to_string(),
back_to_users: "👥 К пользователям".to_string(),
back_to_menu: "🏠 Главное меню".to_string(),
access_updated: "✅ Доступ успешно обновлен".to_string(),
access_removed: "❌ Доступ успешно убран".to_string(),
access_granted: "✅ Доступ успешно предоставлен".to_string(),
error_occurred: "Произошла ошибка".to_string(),
admin_not_found: "Администратор не найден".to_string(),
request_not_found: "Запрос не найден".to_string(),
invalid_request_id: "Неверный ID запроса".to_string(),
}
}
}
}

45
src/services/telegram/mod.rs
View File

@@ -1,17 +1,17 @@
use anyhow::Result;
use std::sync::Arc;
use teloxide::{Bot, prelude::*};
use teloxide::{prelude::*, Bot};
use tokio::sync::RwLock;
use uuid::Uuid;
use crate::database::DatabaseManager;
use crate::database::repository::TelegramConfigRepository;
use crate::database::entities::telegram_config::Model as TelegramConfig;
use crate::config::AppConfig;
use crate::database::entities::telegram_config::Model as TelegramConfig;
use crate::database::repository::TelegramConfigRepository;
use crate::database::DatabaseManager;
pub mod bot;
pub mod handlers;
pub mod error;
pub mod handlers;
pub mod localization;
pub use error::TelegramError;
@@ -40,12 +40,12 @@ impl TelegramService {
/// Initialize and start the bot if active configuration exists
pub async fn initialize(&self) -> Result<()> {
let repo = TelegramConfigRepository::new(self.db.connection());
// Get active configuration
if let Some(config) = repo.get_active().await? {
self.start_with_config(config).await?;
}
Ok(())
}
@@ -56,7 +56,7 @@ impl TelegramService {
// Create new bot instance
let bot = Bot::new(&config.bot_token);
// Verify token by calling getMe
match bot.get_me().await {
Ok(me) => {
@@ -87,7 +87,7 @@ impl TelegramService {
let db = self.db.clone();
let app_config = self.app_config.clone();
// Spawn polling task
tokio::spawn(async move {
bot::run_polling(bot, db, app_config, rx).await;
@@ -114,7 +114,7 @@ impl TelegramService {
/// Update configuration and restart if needed
pub async fn update_config(&self, config_id: Uuid) -> Result<()> {
let repo = TelegramConfigRepository::new(self.db.connection());
if let Some(config) = repo.find_by_id(config_id).await? {
if config.is_active {
self.start_with_config(config).await?;
@@ -122,7 +122,7 @@ impl TelegramService {
self.stop().await?;
}
}
Ok(())
}
@@ -130,7 +130,7 @@ impl TelegramService {
pub async fn get_status(&self) -> BotStatus {
let bot_guard = self.bot.read().await;
let config_guard = self.config.read().await;
BotStatus {
is_running: bot_guard.is_some(),
config: config_guard.clone(),
@@ -140,7 +140,7 @@ impl TelegramService {
/// Send message to user
pub async fn send_message(&self, chat_id: i64, text: String) -> Result<()> {
let bot_guard = self.bot.read().await;
if let Some(bot) = bot_guard.as_ref() {
bot.send_message(ChatId(chat_id), text).await?;
Ok(())
@@ -148,11 +148,16 @@ impl TelegramService {
Err(anyhow::anyhow!("Bot is not running"))
}
}
/// Send message to user with inline keyboard
pub async fn send_message_with_keyboard(&self, chat_id: i64, text: String, keyboard: teloxide::types::InlineKeyboardMarkup) -> Result<()> {
pub async fn send_message_with_keyboard(
&self,
chat_id: i64,
text: String,
keyboard: teloxide::types::InlineKeyboardMarkup,
) -> Result<()> {
let bot_guard = self.bot.read().await;
if let Some(bot) = bot_guard.as_ref() {
bot.send_message(ChatId(chat_id), text)
.parse_mode(teloxide::types::ParseMode::Html)
@@ -167,11 +172,11 @@ impl TelegramService {
/// Send message to all admins
pub async fn broadcast_to_admins(&self, text: String) -> Result<()> {
let bot_guard = self.bot.read().await;
if let Some(bot) = bot_guard.as_ref() {
let user_repo = crate::database::repository::UserRepository::new(self.db.connection());
let admins = user_repo.get_telegram_admins().await?;
for admin in admins {
if let Some(telegram_id) = admin.telegram_id {
if let Err(e) = bot.send_message(ChatId(telegram_id), text.clone()).await {
@@ -179,7 +184,7 @@ impl TelegramService {
}
}
}
Ok(())
} else {
Err(anyhow::anyhow!("Bot is not running"))
@@ -192,4 +197,4 @@ impl TelegramService {
pub struct BotStatus {
pub is_running: bool,
pub config: Option<TelegramConfig>,
}
}

62
src/services/uri_generator/builders/mod.rs
View File

@@ -1,30 +1,36 @@
use crate::services::uri_generator::{ClientConfigData, error::UriGeneratorError};
use crate::services::uri_generator::{error::UriGeneratorError, ClientConfigData};
pub mod shadowsocks;
pub mod trojan;
pub mod vless;
pub mod vmess;
pub mod trojan;
pub mod shadowsocks;
pub use shadowsocks::ShadowsocksUriBuilder;
pub use trojan::TrojanUriBuilder;
pub use vless::VlessUriBuilder;
pub use vmess::VmessUriBuilder;
pub use trojan::TrojanUriBuilder;
pub use shadowsocks::ShadowsocksUriBuilder;
/// Common trait for all URI builders
pub trait UriBuilder {
/// Build URI string from client configuration data
fn build_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError>;
/// Validate configuration for this protocol
fn validate_config(&self, config: &ClientConfigData) -> Result<(), UriGeneratorError> {
if config.hostname.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("hostname".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"hostname".to_string(),
));
}
if config.port <= 0 || config.port > 65535 {
return Err(UriGeneratorError::InvalidConfiguration("Invalid port number".to_string()));
return Err(UriGeneratorError::InvalidConfiguration(
"Invalid port number".to_string(),
));
}
if config.xray_user_id.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("xray_user_id".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"xray_user_id".to_string(),
));
}
Ok(())
}
@@ -32,28 +38,28 @@ pub trait UriBuilder {
/// Helper functions for URI building
pub mod utils {
use std::collections::HashMap;
use serde_json::Value;
use crate::services::uri_generator::error::UriGeneratorError;
use serde_json::Value;
use std::collections::HashMap;
/// URL encode a string safely
pub fn url_encode(input: &str) -> String {
urlencoding::encode(input).to_string()
}
/// Build query string from parameters
pub fn build_query_string(params: &HashMap<String, String>) -> String {
let mut query_parts: Vec<String> = Vec::new();
for (key, value) in params {
if !value.is_empty() {
query_parts.push(format!("{}={}", url_encode(key), url_encode(value)));
}
}
query_parts.join("&")
}
/// Extract transport type from stream settings
pub fn extract_transport_type(stream_settings: &Value) -> String {
stream_settings
@@ -62,7 +68,7 @@ pub mod utils {
.unwrap_or("tcp")
.to_string()
}
/// Extract security type from stream settings
pub fn extract_security_type(stream_settings: &Value, has_certificate: bool) -> String {
if has_certificate {
@@ -75,7 +81,7 @@ pub mod utils {
"none".to_string()
}
}
/// Extract WebSocket path from stream settings
pub fn extract_ws_path(stream_settings: &Value) -> Option<String> {
stream_settings
@@ -84,7 +90,7 @@ pub mod utils {
.and_then(|p| p.as_str())
.map(|s| s.to_string())
}
/// Extract WebSocket host from stream settings
pub fn extract_ws_host(stream_settings: &Value) -> Option<String> {
stream_settings
@@ -94,7 +100,7 @@ pub mod utils {
.and_then(|host| host.as_str())
.map(|s| s.to_string())
}
/// Extract gRPC service name from stream settings
pub fn extract_grpc_service_name(stream_settings: &Value) -> Option<String> {
stream_settings
@@ -103,23 +109,27 @@ pub mod utils {
.and_then(|name| name.as_str())
.map(|s| s.to_string())
}
/// Extract TLS SNI from stream settings
pub fn extract_tls_sni(stream_settings: &Value, certificate_domain: Option<&str>) -> Option<String> {
pub fn extract_tls_sni(
stream_settings: &Value,
certificate_domain: Option<&str>,
) -> Option<String> {
// Try stream settings first
if let Some(sni) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("serverName"))
.and_then(|sni| sni.as_str()) {
.and_then(|sni| sni.as_str())
{
return Some(sni.to_string());
}
// Fall back to certificate domain
certificate_domain.map(|s| s.to_string())
}
/// Determine alias for the URI
pub fn generate_alias(server_name: &str, template_name: &str) -> String {
format!("{} - {}", server_name, template_name)
}
}
}

57
src/services/uri_generator/builders/shadowsocks.rs
View File

@@ -1,8 +1,8 @@
use base64::{Engine as _, engine::general_purpose};
use base64::{engine::general_purpose, Engine as _};
use serde_json::Value;
use crate::services::uri_generator::{ClientConfigData, error::UriGeneratorError};
use super::{UriBuilder, utils};
use super::{utils, UriBuilder};
use crate::services::uri_generator::{error::UriGeneratorError, ClientConfigData};
pub struct ShadowsocksUriBuilder;
@@ -10,54 +10,56 @@ impl ShadowsocksUriBuilder {
pub fn new() -> Self {
Self
}
/// Map Xray cipher type to Shadowsocks method name
fn map_xray_cipher_to_shadowsocks_method(&self, cipher: &str) -> &str {
match cipher {
// AES GCM variants
"AES_256_GCM" | "aes-256-gcm" => "aes-256-gcm",
"AES_128_GCM" | "aes-128-gcm" => "aes-128-gcm",
// ChaCha20 variants
"CHACHA20_POLY1305" | "chacha20-ietf-poly1305" | "chacha20-poly1305" => "chacha20-ietf-poly1305",
// ChaCha20 variants
"CHACHA20_POLY1305" | "chacha20-ietf-poly1305" | "chacha20-poly1305" => {
"chacha20-ietf-poly1305"
}
// AES CFB variants
"AES_256_CFB" | "aes-256-cfb" => "aes-256-cfb",
"AES_128_CFB" | "aes-128-cfb" => "aes-128-cfb",
// Legacy ciphers
"RC4_MD5" | "rc4-md5" => "rc4-md5",
"AES_256_CTR" | "aes-256-ctr" => "aes-256-ctr",
"AES_128_CTR" | "aes-128-ctr" => "aes-128-ctr",
// Default to most secure and widely supported
_ => "aes-256-gcm",
}
}
}
impl UriBuilder for ShadowsocksUriBuilder {
fn build_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
self.validate_config(config)?;
// Get cipher type from base_settings and map to Shadowsocks method
let cipher = config.base_settings
let cipher = config
.base_settings
.get("cipherType")
.and_then(|c| c.as_str())
.or_else(|| config.base_settings.get("method").and_then(|m| m.as_str()))
.unwrap_or("AES_256_GCM");
let method = self.map_xray_cipher_to_shadowsocks_method(cipher);
// Shadowsocks SIP002 format: ss://base64(method:password)@hostname:port#remark
// Use xray_user_id as password (following Marzban approach)
let credentials = format!("{}:{}", method, config.xray_user_id);
let encoded_credentials = general_purpose::STANDARD.encode(credentials.as_bytes());
// Generate alias for the URI
let alias = utils::generate_alias(&config.server_name, &config.template_name);
// Build simple SIP002 URI (no plugin parameters for standard Shadowsocks)
let uri = format!(
"ss://{}@{}:{}#{}",
@@ -66,24 +68,30 @@ impl UriBuilder for ShadowsocksUriBuilder {
config.port,
utils::url_encode(&alias)
);
Ok(uri)
}
fn validate_config(&self, config: &ClientConfigData) -> Result<(), UriGeneratorError> {
// Basic validation
if config.hostname.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("hostname".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"hostname".to_string(),
));
}
if config.port <= 0 || config.port > 65535 {
return Err(UriGeneratorError::InvalidConfiguration("Invalid port number".to_string()));
return Err(UriGeneratorError::InvalidConfiguration(
"Invalid port number".to_string(),
));
}
if config.xray_user_id.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("xray_user_id".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"xray_user_id".to_string(),
));
}
// Shadowsocks uses xray_user_id as password, already validated above
Ok(())
}
}
@@ -93,4 +101,3 @@ impl Default for ShadowsocksUriBuilder {
Self::new()
}
}

96
src/services/uri_generator/builders/trojan.rs
View File

@@ -1,8 +1,8 @@
use std::collections::HashMap;
use serde_json::Value;
use std::collections::HashMap;
use crate::services::uri_generator::{ClientConfigData, error::UriGeneratorError};
use super::{UriBuilder, utils};
use super::{utils, UriBuilder};
use crate::services::uri_generator::{error::UriGeneratorError, ClientConfigData};
pub struct TrojanUriBuilder;
@@ -15,32 +15,32 @@ impl TrojanUriBuilder {
impl UriBuilder for TrojanUriBuilder {
fn build_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
self.validate_config(config)?;
// Trojan uses xray_user_id as password
let password = &config.xray_user_id;
// Apply variable substitution to stream settings
let stream_settings = if !config.variable_values.is_null() {
apply_variables(&config.stream_settings, &config.variable_values)?
} else {
config.stream_settings.clone()
};
let mut params = HashMap::new();
// Determine security layer (Trojan typically uses TLS)
let has_certificate = config.certificate_domain.is_some();
let security = utils::extract_security_type(&stream_settings, has_certificate);
// Trojan usually requires TLS, but allow other security types
if security != "none" {
params.insert("security".to_string(), security.clone());
}
// Transport type - always specify explicitly
let transport_type = utils::extract_transport_type(&stream_settings);
params.insert("type".to_string(), transport_type.clone());
// Transport-specific parameters
match transport_type.as_str() {
"ws" => {
@@ -50,48 +50,53 @@ impl UriBuilder for TrojanUriBuilder {
if let Some(host) = utils::extract_ws_host(&stream_settings) {
params.insert("host".to_string(), host);
}
},
}
"grpc" => {
if let Some(service_name) = utils::extract_grpc_service_name(&stream_settings) {
params.insert("serviceName".to_string(), service_name);
}
// gRPC mode for Trojan
params.insert("mode".to_string(), "gun".to_string());
},
}
"tcp" => {
// Check for HTTP header type
if let Some(header_type) = stream_settings
.get("tcpSettings")
.and_then(|tcp| tcp.get("header"))
.and_then(|header| header.get("type"))
.and_then(|t| t.as_str()) {
.and_then(|t| t.as_str())
{
if header_type != "none" {
params.insert("headerType".to_string(), header_type.to_string());
}
}
},
}
_ => {} // Other transport types
}
// TLS/Security specific parameters
if security == "tls" || security == "reality" {
if let Some(sni) = utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref()) {
if let Some(sni) =
utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref())
{
params.insert("sni".to_string(), sni);
}
// TLS fingerprint
if let Some(fp) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("fingerprint"))
.and_then(|fp| fp.as_str()) {
.and_then(|fp| fp.as_str())
{
params.insert("fp".to_string(), fp.to_string());
}
// ALPN
if let Some(alpn) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("alpn"))
.and_then(|alpn| alpn.as_array()) {
.and_then(|alpn| alpn.as_array())
{
let alpn_str = alpn
.iter()
.filter_map(|v| v.as_str())
@@ -101,46 +106,47 @@ impl UriBuilder for TrojanUriBuilder {
params.insert("alpn".to_string(), alpn_str);
}
}
// Allow insecure connections (optional)
if let Some(allow_insecure) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("allowInsecure"))
.and_then(|ai| ai.as_bool()) {
.and_then(|ai| ai.as_bool())
{
if allow_insecure {
params.insert("allowInsecure".to_string(), "1".to_string());
}
}
// REALITY specific parameters
if security == "reality" {
if let Some(pbk) = stream_settings
.get("realitySettings")
.and_then(|reality| reality.get("publicKey"))
.and_then(|pbk| pbk.as_str()) {
.and_then(|pbk| pbk.as_str())
{
params.insert("pbk".to_string(), pbk.to_string());
}
if let Some(sid) = stream_settings
.get("realitySettings")
.and_then(|reality| reality.get("shortId"))
.and_then(|sid| sid.as_str()) {
.and_then(|sid| sid.as_str())
{
params.insert("sid".to_string(), sid.to_string());
}
}
}
// Flow control for XTLS (if supported)
if let Some(flow) = stream_settings
.get("flow")
.and_then(|f| f.as_str()) {
if let Some(flow) = stream_settings.get("flow").and_then(|f| f.as_str()) {
params.insert("flow".to_string(), flow.to_string());
}
// Build the URI
let query_string = utils::build_query_string(&params);
let alias = utils::generate_alias(&config.server_name, &config.template_name);
let uri = if query_string.is_empty() {
format!(
"trojan://{}@{}:{}#{}",
@@ -159,24 +165,30 @@ impl UriBuilder for TrojanUriBuilder {
utils::url_encode(&alias)
)
};
Ok(uri)
}
fn validate_config(&self, config: &ClientConfigData) -> Result<(), UriGeneratorError> {
// Basic validation
if config.hostname.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("hostname".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"hostname".to_string(),
));
}
if config.port <= 0 || config.port > 65535 {
return Err(UriGeneratorError::InvalidConfiguration("Invalid port number".to_string()));
return Err(UriGeneratorError::InvalidConfiguration(
"Invalid port number".to_string(),
));
}
if config.xray_user_id.is_empty() {
return Err(UriGeneratorError::MissingRequiredField("xray_user_id".to_string()));
return Err(UriGeneratorError::MissingRequiredField(
"xray_user_id".to_string(),
));
}
// Trojan uses xray_user_id as password, already validated above
Ok(())
}
}
@@ -191,7 +203,7 @@ impl Default for TrojanUriBuilder {
fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGeneratorError> {
let template_str = template.to_string();
let mut result = template_str;
if let Value::Object(var_map) = variables {
for (key, value) in var_map {
let placeholder = format!("${{{}}}", key);
@@ -204,7 +216,7 @@ fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGene
result = result.replace(&placeholder, &replacement);
}
}
serde_json::from_str(&result)
.map_err(|e| UriGeneratorError::VariableSubstitution(e.to_string()))
}
}

66
src/services/uri_generator/builders/vless.rs
View File

@@ -1,8 +1,8 @@
use std::collections::HashMap;
use serde_json::Value;
use std::collections::HashMap;
use crate::services::uri_generator::{ClientConfigData, error::UriGeneratorError};
use super::{UriBuilder, utils};
use super::{utils, UriBuilder};
use crate::services::uri_generator::{error::UriGeneratorError, ClientConfigData};
pub struct VlessUriBuilder;
@@ -15,7 +15,7 @@ impl VlessUriBuilder {
impl UriBuilder for VlessUriBuilder {
fn build_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
self.validate_config(config)?;
// Apply variable substitution to stream settings
let stream_settings = if !config.variable_values.is_null() {
// Simple variable substitution for stream settings
@@ -23,23 +23,23 @@ impl UriBuilder for VlessUriBuilder {
} else {
config.stream_settings.clone()
};
let mut params = HashMap::new();
// VLESS always uses no encryption
params.insert("encryption".to_string(), "none".to_string());
// Determine security layer
let has_certificate = config.certificate_domain.is_some();
let security = utils::extract_security_type(&stream_settings, has_certificate);
if security != "none" {
params.insert("security".to_string(), security.clone());
}
// Transport type - always specify explicitly
let transport_type = utils::extract_transport_type(&stream_settings);
params.insert("type".to_string(), transport_type.clone());
// Transport-specific parameters
match transport_type.as_str() {
"ws" => {
@@ -49,72 +49,76 @@ impl UriBuilder for VlessUriBuilder {
if let Some(host) = utils::extract_ws_host(&stream_settings) {
params.insert("host".to_string(), host);
}
},
}
"grpc" => {
if let Some(service_name) = utils::extract_grpc_service_name(&stream_settings) {
params.insert("serviceName".to_string(), service_name);
}
// Default gRPC mode
params.insert("mode".to_string(), "gun".to_string());
},
}
"tcp" => {
// Check for HTTP header type
if let Some(header_type) = stream_settings
.get("tcpSettings")
.and_then(|tcp| tcp.get("header"))
.and_then(|header| header.get("type"))
.and_then(|t| t.as_str()) {
.and_then(|t| t.as_str())
{
if header_type != "none" {
params.insert("headerType".to_string(), header_type.to_string());
}
}
},
}
_ => {} // Other transport types can be added as needed
}
// TLS/Security specific parameters
if security == "tls" || security == "reality" {
if let Some(sni) = utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref()) {
if let Some(sni) =
utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref())
{
params.insert("sni".to_string(), sni);
}
// TLS fingerprint
if let Some(fp) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("fingerprint"))
.and_then(|fp| fp.as_str()) {
.and_then(|fp| fp.as_str())
{
params.insert("fp".to_string(), fp.to_string());
}
// REALITY specific parameters
if security == "reality" {
if let Some(pbk) = stream_settings
.get("realitySettings")
.and_then(|reality| reality.get("publicKey"))
.and_then(|pbk| pbk.as_str()) {
.and_then(|pbk| pbk.as_str())
{
params.insert("pbk".to_string(), pbk.to_string());
}
if let Some(sid) = stream_settings
.get("realitySettings")
.and_then(|reality| reality.get("shortId"))
.and_then(|sid| sid.as_str()) {
.and_then(|sid| sid.as_str())
{
params.insert("sid".to_string(), sid.to_string());
}
}
}
// Flow control for XTLS
if let Some(flow) = stream_settings
.get("flow")
.and_then(|f| f.as_str()) {
if let Some(flow) = stream_settings.get("flow").and_then(|f| f.as_str()) {
params.insert("flow".to_string(), flow.to_string());
}
// Build the URI
let query_string = utils::build_query_string(&params);
let alias = utils::generate_alias(&config.server_name, &config.template_name);
let uri = if query_string.is_empty() {
format!(
"vless://{}@{}:{}#{}",
@@ -133,7 +137,7 @@ impl UriBuilder for VlessUriBuilder {
utils::url_encode(&alias)
)
};
Ok(uri)
}
}
@@ -148,7 +152,7 @@ impl Default for VlessUriBuilder {
fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGeneratorError> {
let template_str = template.to_string();
let mut result = template_str;
if let Value::Object(var_map) = variables {
for (key, value) in var_map {
let placeholder = format!("${{{}}}", key);
@@ -161,7 +165,7 @@ fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGene
result = result.replace(&placeholder, &replacement);
}
}
serde_json::from_str(&result)
.map_err(|e| UriGeneratorError::VariableSubstitution(e.to_string()))
}
}

106
src/services/uri_generator/builders/vmess.rs
View File

@@ -1,9 +1,9 @@
use base64::{engine::general_purpose, Engine as _};
use serde_json::{json, Value};
use std::collections::HashMap;
use serde_json::{Value, json};
use base64::{Engine as _, engine::general_purpose};
use crate::services::uri_generator::{ClientConfigData, error::UriGeneratorError};
use super::{UriBuilder, utils};
use super::{utils, UriBuilder};
use crate::services::uri_generator::{error::UriGeneratorError, ClientConfigData};
pub struct VmessUriBuilder;
@@ -11,20 +11,23 @@ impl VmessUriBuilder {
pub fn new() -> Self {
Self
}
/// Build VMess URI in Base64 JSON format (following Marzban approach)
fn build_base64_json_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
fn build_base64_json_uri(
&self,
config: &ClientConfigData,
) -> Result<String, UriGeneratorError> {
// Apply variable substitution to stream settings
let stream_settings = if !config.variable_values.is_null() {
apply_variables(&config.stream_settings, &config.variable_values)?
} else {
config.stream_settings.clone()
};
let transport_type = utils::extract_transport_type(&stream_settings);
let has_certificate = config.certificate_domain.is_some();
let security = utils::extract_security_type(&stream_settings, has_certificate);
// Build VMess JSON configuration following Marzban structure
let mut vmess_config = json!({
"add": config.hostname,
@@ -40,7 +43,7 @@ impl VmessUriBuilder {
"type": "none",
"v": "2"
});
// Transport-specific settings
match transport_type.as_str() {
"ws" => {
@@ -50,23 +53,24 @@ impl VmessUriBuilder {
if let Some(host) = utils::extract_ws_host(&stream_settings) {
vmess_config["host"] = Value::String(host);
}
},
}
"grpc" => {
if let Some(service_name) = utils::extract_grpc_service_name(&stream_settings) {
vmess_config["path"] = Value::String(service_name);
}
// For gRPC in VMess, use "gun" type
vmess_config["type"] = Value::String("gun".to_string());
},
}
"tcp" => {
// Check for HTTP header type
if let Some(header_type) = stream_settings
.get("tcpSettings")
.and_then(|tcp| tcp.get("header"))
.and_then(|header| header.get("type"))
.and_then(|t| t.as_str()) {
.and_then(|t| t.as_str())
{
vmess_config["type"] = Value::String(header_type.to_string());
// If HTTP headers, get host and path
if header_type == "http" {
if let Some(host) = stream_settings
@@ -77,10 +81,11 @@ impl VmessUriBuilder {
.and_then(|headers| headers.get("Host"))
.and_then(|host| host.as_array())
.and_then(|arr| arr.first())
.and_then(|h| h.as_str()) {
.and_then(|h| h.as_str())
{
vmess_config["host"] = Value::String(host.to_string());
}
if let Some(path) = stream_settings
.get("tcpSettings")
.and_then(|tcp| tcp.get("header"))
@@ -88,34 +93,39 @@ impl VmessUriBuilder {
.and_then(|request| request.get("path"))
.and_then(|path| path.as_array())
.and_then(|arr| arr.first())
.and_then(|p| p.as_str()) {
.and_then(|p| p.as_str())
{
vmess_config["path"] = Value::String(path.to_string());
}
}
}
},
}
_ => {} // Other transport types
}
// TLS settings
if security != "none" {
if let Some(sni) = utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref()) {
if let Some(sni) =
utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref())
{
vmess_config["sni"] = Value::String(sni);
}
// TLS fingerprint
if let Some(fp) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("fingerprint"))
.and_then(|fp| fp.as_str()) {
.and_then(|fp| fp.as_str())
{
vmess_config["fp"] = Value::String(fp.to_string());
}
// ALPN
if let Some(alpn) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("alpn"))
.and_then(|alpn| alpn.as_array()) {
.and_then(|alpn| alpn.as_array())
{
let alpn_str = alpn
.iter()
.filter_map(|v| v.as_str())
@@ -126,41 +136,44 @@ impl VmessUriBuilder {
}
}
}
// Convert to JSON string and encode in Base64
let json_string = vmess_config.to_string();
let encoded = general_purpose::STANDARD.encode(json_string.as_bytes());
Ok(format!("vmess://{}", encoded))
}
/// Build VMess URI in query parameter format (alternative)
fn build_query_param_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
fn build_query_param_uri(
&self,
config: &ClientConfigData,
) -> Result<String, UriGeneratorError> {
// Apply variable substitution to stream settings
let stream_settings = if !config.variable_values.is_null() {
apply_variables(&config.stream_settings, &config.variable_values)?
} else {
config.stream_settings.clone()
};
let mut params = HashMap::new();
// VMess uses auto encryption
params.insert("encryption".to_string(), "auto".to_string());
// Determine security layer
let has_certificate = config.certificate_domain.is_some();
let security = utils::extract_security_type(&stream_settings, has_certificate);
if security != "none" {
params.insert("security".to_string(), security.clone());
}
// Transport type
let transport_type = utils::extract_transport_type(&stream_settings);
if transport_type != "tcp" {
params.insert("type".to_string(), transport_type.clone());
}
// Transport-specific parameters
match transport_type.as_str() {
"ws" => {
@@ -170,34 +183,37 @@ impl VmessUriBuilder {
if let Some(host) = utils::extract_ws_host(&stream_settings) {
params.insert("host".to_string(), host);
}
},
}
"grpc" => {
if let Some(service_name) = utils::extract_grpc_service_name(&stream_settings) {
params.insert("serviceName".to_string(), service_name);
}
params.insert("mode".to_string(), "gun".to_string());
},
}
_ => {}
}
// TLS specific parameters
if security != "none" {
if let Some(sni) = utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref()) {
if let Some(sni) =
utils::extract_tls_sni(&stream_settings, config.certificate_domain.as_deref())
{
params.insert("sni".to_string(), sni);
}
if let Some(fp) = stream_settings
.get("tlsSettings")
.and_then(|tls| tls.get("fingerprint"))
.and_then(|fp| fp.as_str()) {
.and_then(|fp| fp.as_str())
{
params.insert("fp".to_string(), fp.to_string());
}
}
// Build the URI
let query_string = utils::build_query_string(&params);
let alias = utils::generate_alias(&config.server_name, &config.template_name);
let uri = if query_string.is_empty() {
format!(
"vmess://{}@{}:{}#{}",
@@ -216,7 +232,7 @@ impl VmessUriBuilder {
utils::url_encode(&alias)
)
};
Ok(uri)
}
}
@@ -224,7 +240,7 @@ impl VmessUriBuilder {
impl UriBuilder for VmessUriBuilder {
fn build_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
self.validate_config(config)?;
// Prefer Base64 JSON format as it's more widely supported
self.build_base64_json_uri(config)
}
@@ -240,7 +256,7 @@ impl Default for VmessUriBuilder {
fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGeneratorError> {
let template_str = template.to_string();
let mut result = template_str;
if let Value::Object(var_map) = variables {
for (key, value) in var_map {
let placeholder = format!("${{{}}}", key);
@@ -253,7 +269,7 @@ fn apply_variables(template: &Value, variables: &Value) -> Result<Value, UriGene
result = result.replace(&placeholder, &replacement);
}
}
serde_json::from_str(&result)
.map_err(|e| UriGeneratorError::VariableSubstitution(e.to_string()))
}
}

2
src/services/uri_generator/error.rs
View File

@@ -48,4 +48,4 @@ impl From<serde_json::Error> for UriGeneratorError {
// fn from(err: urlencoding::EncodingError) -> Self {
// UriGeneratorError::UriEncoding(err.to_string())
// }
// }
// }

50
src/services/uri_generator/mod.rs
View File

@@ -6,7 +6,9 @@ use uuid::Uuid;
pub mod builders;
pub mod error;
use builders::{UriBuilder, VlessUriBuilder, VmessUriBuilder, TrojanUriBuilder, ShadowsocksUriBuilder};
use builders::{
ShadowsocksUriBuilder, TrojanUriBuilder, UriBuilder, VlessUriBuilder, VmessUriBuilder,
};
use error::UriGeneratorError;
/// Complete client configuration data aggregated from database
@@ -17,23 +19,23 @@ pub struct ClientConfigData {
pub xray_user_id: String,
pub password: Option<String>,
pub level: i32,
// Server connection
pub hostname: String,
pub port: i32,
// Protocol & transport
pub protocol: String,
pub stream_settings: Value,
pub base_settings: Value,
// Security
pub certificate_domain: Option<String>,
pub requires_tls: bool,
// Variable substitution
pub variable_values: Value,
// Metadata
pub server_name: String,
pub inbound_tag: String,
@@ -60,36 +62,40 @@ impl UriGeneratorService {
pub fn new() -> Self {
Self
}
/// Generate URI for specific protocol and configuration
pub fn generate_uri(&self, config: &ClientConfigData) -> Result<String, UriGeneratorError> {
let protocol = config.protocol.as_str();
match protocol {
"vless" => {
let builder = VlessUriBuilder::new();
builder.build_uri(config)
},
}
"vmess" => {
let builder = VmessUriBuilder::new();
builder.build_uri(config)
},
}
"trojan" => {
let builder = TrojanUriBuilder::new();
builder.build_uri(config)
},
}
"shadowsocks" => {
let builder = ShadowsocksUriBuilder::new();
builder.build_uri(config)
},
}
_ => Err(UriGeneratorError::UnsupportedProtocol(protocol.to_string())),
}
}
/// Generate complete client configuration
pub fn generate_client_config(&self, user_id: Uuid, config: &ClientConfigData) -> Result<ClientConfig, UriGeneratorError> {
pub fn generate_client_config(
&self,
user_id: Uuid,
config: &ClientConfigData,
) -> Result<ClientConfig, UriGeneratorError> {
let uri = self.generate_uri(config)?;
Ok(ClientConfig {
user_id,
server_name: config.server_name.clone(),
@@ -100,12 +106,16 @@ impl UriGeneratorService {
qr_code: None, // TODO: Implement QR code generation if needed
})
}
/// Apply variable substitution to JSON values
pub fn apply_variable_substitution(&self, template: &Value, variables: &Value) -> Result<Value, UriGeneratorError> {
pub fn apply_variable_substitution(
&self,
template: &Value,
variables: &Value,
) -> Result<Value, UriGeneratorError> {
let template_str = template.to_string();
let mut result = template_str;
if let Value::Object(var_map) = variables {
for (key, value) in var_map {
let placeholder = format!("${{{}}}", key);
@@ -118,7 +128,7 @@ impl UriGeneratorService {
result = result.replace(&placeholder, &replacement);
}
}
serde_json::from_str(&result)
.map_err(|e| UriGeneratorError::VariableSubstitution(e.to_string()))
}
@@ -128,4 +138,4 @@ impl Default for UriGeneratorService {
fn default() -> Self {
Self::new()
}
}
}

59
src/services/xray/client.rs
View File

@@ -1,12 +1,12 @@
use anyhow::{Result, anyhow};
use anyhow::{anyhow, Result};
use serde_json::Value;
use xray_core::Client;
use std::sync::Arc;
use tokio::time::{timeout, Duration};
use xray_core::Client;
// Import submodules from the same directory
use super::stats::StatsClient;
use super::inbounds::InboundClient;
use super::stats::StatsClient;
use super::users::UserClient;
/// Xray gRPC client wrapper
@@ -22,20 +22,17 @@ impl XrayClient {
pub async fn connect(endpoint: &str) -> Result<Self> {
// Apply a 5-second timeout to the connection attempt
let connect_future = Client::from_url(endpoint);
match timeout(Duration::from_secs(5), connect_future).await {
Ok(Ok(client)) => {
Ok(Self {
endpoint: endpoint.to_string(),
client: Arc::new(client),
})
},
Ok(Err(e)) => {
Err(anyhow!("Failed to connect to Xray at {}: {}", endpoint, e))
},
Err(_) => {
Err(anyhow!("Connection to Xray at {} timed out after 5 seconds", endpoint))
}
Ok(Ok(client)) => Ok(Self {
endpoint: endpoint.to_string(),
client: Arc::new(client),
}),
Ok(Err(e)) => Err(anyhow!("Failed to connect to Xray at {}: {}", endpoint, e)),
Err(_) => Err(anyhow!(
"Connection to Xray at {} timed out after 5 seconds",
endpoint
)),
}
}
@@ -52,7 +49,10 @@ impl XrayClient {
}
/// Restart Xray with new configuration
pub async fn restart_with_config(&self, config: &crate::services::xray::XrayConfig) -> Result<()> {
pub async fn restart_with_config(
&self,
config: &crate::services::xray::XrayConfig,
) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &*self.client);
inbound_client.restart_with_config(config).await
}
@@ -64,15 +64,30 @@ impl XrayClient {
}
/// Add inbound configuration with TLS certificate
pub async fn add_inbound_with_certificate(&self, inbound: &Value, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
pub async fn add_inbound_with_certificate(
&self,
inbound: &Value,
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &*self.client);
inbound_client.add_inbound_with_certificate(inbound, None, cert_pem, key_pem).await
inbound_client
.add_inbound_with_certificate(inbound, None, cert_pem, key_pem)
.await
}
/// Add inbound configuration with users and TLS certificate
pub async fn add_inbound_with_users_and_certificate(&self, inbound: &Value, users: &[Value], cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
pub async fn add_inbound_with_users_and_certificate(
&self,
inbound: &Value,
users: &[Value],
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &*self.client);
inbound_client.add_inbound_with_certificate(inbound, Some(users), cert_pem, key_pem).await
inbound_client
.add_inbound_with_certificate(inbound, Some(users), cert_pem, key_pem)
.await
}
/// Remove inbound by tag
@@ -97,4 +112,4 @@ impl XrayClient {
pub fn endpoint(&self) -> &str {
&self.endpoint
}
}
}

33
src/services/xray/config.rs
View File

@@ -171,25 +171,26 @@ impl XrayConfig {
dns: None,
routing: Some(RoutingConfig {
domain_strategy: Some("IPIfNonMatch".to_string()),
rules: vec![
RoutingRule {
rule_type: "field".to_string(),
domain: None,
ip: Some(vec!["geoip:private".to_string()]),
port: None,
outbound_tag: "direct".to_string(),
}
],
rules: vec![RoutingRule {
rule_type: "field".to_string(),
domain: None,
ip: Some(vec!["geoip:private".to_string()]),
port: None,
outbound_tag: "direct".to_string(),
}],
}),
policy: Some(PolicyConfig {
levels: {
let mut levels = HashMap::new();
levels.insert("0".to_string(), PolicyLevel {
handshake_timeout: Some(4),
conn_idle: Some(300),
uplink_only: Some(2),
downlink_only: Some(5),
});
levels.insert(
"0".to_string(),
PolicyLevel {
handshake_timeout: Some(4),
conn_idle: Some(300),
uplink_only: Some(2),
downlink_only: Some(5),
},
);
levels
},
system: Some(SystemPolicy {
@@ -282,4 +283,4 @@ impl Default for XrayConfig {
fn default() -> Self {
Self::new()
}
}
}

160
src/services/xray/inbounds.rs
View File

@@ -1,42 +1,44 @@
use anyhow::{Result, anyhow};
use anyhow::{anyhow, Result};
use prost::Message;
use serde_json::Value;
use uuid;
use xray_core::{
tonic::Request,
app::proxyman::command::{AddInboundRequest, RemoveInboundRequest},
core::InboundHandlerConfig,
common::serial::TypedMessage,
common::protocol::User,
app::proxyman::ReceiverConfig,
common::net::{PortList, PortRange, IpOrDomain, ip_or_domain::Address, Network},
transport::internet::StreamConfig,
transport::internet::tls::{Config as TlsConfig, Certificate as TlsCertificate},
common::net::{ip_or_domain::Address, IpOrDomain, Network, PortList, PortRange},
common::protocol::User,
common::serial::TypedMessage,
core::InboundHandlerConfig,
prost_types,
proxy::shadowsocks::ServerConfig as ShadowsocksServerConfig,
proxy::shadowsocks::{Account as ShadowsocksAccount, CipherType},
proxy::trojan::Account as TrojanAccount,
proxy::trojan::ServerConfig as TrojanServerConfig,
proxy::vless::inbound::Config as VlessInboundConfig,
proxy::vless::Account as VlessAccount,
proxy::vmess::inbound::Config as VmessInboundConfig,
proxy::vmess::Account as VmessAccount,
proxy::trojan::ServerConfig as TrojanServerConfig,
proxy::trojan::Account as TrojanAccount,
proxy::shadowsocks::ServerConfig as ShadowsocksServerConfig,
proxy::shadowsocks::{Account as ShadowsocksAccount, CipherType},
tonic::Request,
transport::internet::tls::{Certificate as TlsCertificate, Config as TlsConfig},
transport::internet::StreamConfig,
Client,
prost_types,
};
use prost::Message;
/// Convert PEM format to DER (x509) format
fn pem_to_der(pem_data: &str) -> Result<Vec<u8>> {
// Remove PEM headers and whitespace, then decode base64
let base64_data: String = pem_data.lines()
let base64_data: String = pem_data
.lines()
.filter(|line| !line.starts_with("-----") && !line.trim().is_empty())
.map(|line| line.trim())
.collect::<Vec<&str>>()
.join("");
tracing::debug!("PEM to DER conversion: {} bytes", base64_data.len());
use base64::{Engine as _, engine::general_purpose};
general_purpose::STANDARD.decode(&base64_data)
use base64::{engine::general_purpose, Engine as _};
general_purpose::STANDARD
.decode(&base64_data)
.map_err(|e| anyhow!("Failed to decode base64 PEM data: {}", e))
}
@@ -52,22 +54,32 @@ impl<'a> InboundClient<'a> {
/// Add inbound configuration
pub async fn add_inbound(&self, inbound: &Value) -> Result<()> {
self.add_inbound_with_certificate(inbound, None, None, None).await
self.add_inbound_with_certificate(inbound, None, None, None)
.await
}
/// Add inbound configuration with TLS certificate and users
pub async fn add_inbound_with_certificate(&self, inbound: &Value, users: Option<&[Value]>, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
pub async fn add_inbound_with_certificate(
&self,
inbound: &Value,
users: Option<&[Value]>,
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
let tag = inbound["tag"].as_str().unwrap_or("").to_string();
let port = inbound["port"].as_u64().unwrap_or(8080) as u32;
let protocol = inbound["protocol"].as_str().unwrap_or("vless");
let _user_count = users.map_or(0, |u| u.len());
tracing::info!(
"Adding inbound '{}' with protocol={}, port={}, has_cert={}, has_key={}",
tag, protocol, port, cert_pem.is_some(), key_pem.is_some()
"Adding inbound '{}' with protocol={}, port={}, has_cert={}, has_key={}",
tag,
protocol,
port,
cert_pem.is_some(),
key_pem.is_some()
);
// Create receiver configuration (port binding) - use simple port number
let port_list = PortList {
range: vec![PortRange {
@@ -80,39 +92,42 @@ impl<'a> InboundClient<'a> {
let stream_settings = if cert_pem.is_some() && key_pem.is_some() {
let cert_pem = cert_pem.unwrap();
let key_pem = key_pem.unwrap();
// Create TLS certificate exactly like working example - PEM content as bytes
let tls_cert = TlsCertificate {
certificate: cert_pem.as_bytes().to_vec(), // PEM content as bytes like working example
key: key_pem.as_bytes().to_vec(), // PEM content as bytes like working example
usage: 0,
ocsp_stapling: 3600, // From working example
ocsp_stapling: 3600, // From working example
one_time_loading: true, // From working example
build_chain: false,
certificate_path: "".to_string(), // Empty paths since we use content
key_path: "".to_string(), // Empty paths since we use content
key_path: "".to_string(), // Empty paths since we use content
};
// Create TLS config with proper fields like working example
let mut tls_config = TlsConfig::default();
tls_config.certificate = vec![tls_cert];
tls_config.next_protocol = vec!["h2".to_string(), "http/1.1".to_string()]; // From working example
tls_config.server_name = "localhost".to_string(); // From working example
tls_config.min_version = "1.2".to_string(); // From Marzban examples
// Create TypedMessage for TLS config
let tls_message = TypedMessage {
r#type: "xray.transport.internet.tls.Config".to_string(),
value: tls_config.encode_to_vec(),
};
tracing::debug!("TLS config: server_name={}, protocols={:?}",
tls_config.server_name, tls_config.next_protocol);
tracing::debug!(
"TLS config: server_name={}, protocols={:?}",
tls_config.server_name,
tls_config.next_protocol
);
// Create StreamConfig like working example
Some(StreamConfig {
address: None, // No address in streamSettings according to working example
port: 0, // No port in working example streamSettings
port: 0, // No port in working example streamSettings
protocol_name: "tcp".to_string(),
transport_settings: vec![],
security_type: "xray.transport.internet.tls.Config".to_string(), // Full type like working example
@@ -125,8 +140,8 @@ impl<'a> InboundClient<'a> {
let receiver_config = ReceiverConfig {
port_list: Some(port_list),
listen: Some(IpOrDomain {
address: Some(Address::Ip(vec![0, 0, 0, 0])) // "0.0.0.0" as IPv4 bytes
listen: Some(IpOrDomain {
address: Some(Address::Ip(vec![0, 0, 0, 0])), // "0.0.0.0" as IPv4 bytes
}),
allocation_strategy: None,
stream_settings: stream_settings,
@@ -138,7 +153,7 @@ impl<'a> InboundClient<'a> {
r#type: "xray.app.proxyman.ReceiverConfig".to_string(),
value: receiver_config.encode_to_vec(),
};
// Create proxy configuration based on protocol with users
let proxy_message = match protocol {
"vless" => {
@@ -148,7 +163,7 @@ impl<'a> InboundClient<'a> {
let user_id = user["id"].as_str().unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !user_id.is_empty() && !email.is_empty() {
let account = VlessAccount {
id: user_id,
@@ -166,7 +181,7 @@ impl<'a> InboundClient<'a> {
}
}
}
let vless_config = VlessInboundConfig {
clients,
decryption: "none".to_string(),
@@ -176,7 +191,7 @@ impl<'a> InboundClient<'a> {
r#type: "xray.proxy.vless.inbound.Config".to_string(),
value: vless_config.encode_to_vec(),
}
},
}
"vmess" => {
let mut vmess_users = vec![];
if let Some(users) = users {
@@ -184,18 +199,18 @@ impl<'a> InboundClient<'a> {
let user_id = user["id"].as_str().unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
// Validate required fields
if user_id.is_empty() || email.is_empty() {
tracing::warn!("Skipping VMess user: missing id or email");
continue;
}
// Validate UUID format
if uuid::Uuid::parse_str(&user_id).is_err() {
tracing::warn!("VMess user '{}' has invalid UUID format", user_id);
}
if !user_id.is_empty() && !email.is_empty() {
let account = VmessAccount {
id: user_id.clone(),
@@ -203,7 +218,7 @@ impl<'a> InboundClient<'a> {
tests_enabled: "".to_string(), // Keep empty as in examples
};
let account_bytes = account.encode_to_vec();
vmess_users.push(User {
email: email.clone(),
level,
@@ -215,7 +230,7 @@ impl<'a> InboundClient<'a> {
}
}
}
let vmess_config = VmessInboundConfig {
user: vmess_users,
default: None,
@@ -225,19 +240,21 @@ impl<'a> InboundClient<'a> {
r#type: "xray.proxy.vmess.inbound.Config".to_string(),
value: vmess_config.encode_to_vec(),
}
},
}
"trojan" => {
let mut trojan_users = vec![];
if let Some(users) = users {
for user in users {
let password = user["password"].as_str().or_else(|| user["id"].as_str()).unwrap_or("").to_string();
let password = user["password"]
.as_str()
.or_else(|| user["id"].as_str())
.unwrap_or("")
.to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !password.is_empty() && !email.is_empty() {
let account = TrojanAccount {
password,
};
let account = TrojanAccount { password };
trojan_users.push(User {
email,
level,
@@ -249,7 +266,7 @@ impl<'a> InboundClient<'a> {
}
}
}
let trojan_config = TrojanServerConfig {
users: trojan_users,
fallbacks: vec![],
@@ -258,21 +275,24 @@ impl<'a> InboundClient<'a> {
r#type: "xray.proxy.trojan.ServerConfig".to_string(),
value: trojan_config.encode_to_vec(),
}
},
}
"shadowsocks" => {
let mut ss_users = vec![];
if let Some(users) = users {
for user in users {
let password = user["password"].as_str().or_else(|| user["id"].as_str()).unwrap_or("").to_string();
let password = user["password"]
.as_str()
.or_else(|| user["id"].as_str())
.unwrap_or("")
.to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !password.is_empty() && !email.is_empty() {
let account = ShadowsocksAccount {
password,
cipher_type: CipherType::Aes256Gcm as i32, // Use AES-256-GCM cipher
iv_check: false, // Default IV check
iv_check: false, // Default IV check
};
ss_users.push(User {
email: email.clone(),
@@ -285,7 +305,7 @@ impl<'a> InboundClient<'a> {
}
}
}
let shadowsocks_config = ShadowsocksServerConfig {
users: ss_users,
network: vec![Network::Tcp as i32, Network::Udp as i32], // Support TCP and UDP
@@ -294,7 +314,7 @@ impl<'a> InboundClient<'a> {
r#type: "xray.proxy.shadowsocks.ServerConfig".to_string(),
value: shadowsocks_config.encode_to_vec(),
}
},
}
_ => {
return Err(anyhow!("Unsupported protocol: {}", protocol));
}
@@ -328,12 +348,12 @@ impl<'a> InboundClient<'a> {
let request = Request::new(RemoveInboundRequest {
tag: tag.to_string(),
});
match handler_client.remove_inbound(request).await {
Ok(_) => {
tracing::info!("Removed inbound '{}' from {}", tag, self.endpoint);
Ok(())
},
}
Err(e) => {
tracing::error!("Failed to remove inbound '{}': {}", tag, e);
Err(anyhow!("Failed to remove inbound: {}", e))
@@ -342,11 +362,17 @@ impl<'a> InboundClient<'a> {
}
/// Restart Xray with new configuration
pub async fn restart_with_config(&self, config: &crate::services::xray::XrayConfig) -> Result<()> {
tracing::debug!("Restarting Xray server at {} with new config", self.endpoint);
pub async fn restart_with_config(
&self,
config: &crate::services::xray::XrayConfig,
) -> Result<()> {
tracing::debug!(
"Restarting Xray server at {} with new config",
self.endpoint
);
// TODO: Implement restart with config using xray-core
// For now just return success
Ok(())
}
}
}

173
src/services/xray/mod.rs
View File

@@ -1,16 +1,16 @@
use anyhow::Result;
use serde_json::Value;
use uuid::Uuid;
use std::collections::HashMap;
use std::sync::Arc;
use tokio::sync::RwLock;
use tokio::time::{Duration, Instant, timeout};
use tokio::time::{timeout, Duration, Instant};
use tracing::{error, warn};
use uuid::Uuid;
pub mod client;
pub mod config;
pub mod stats;
pub mod inbounds;
pub mod stats;
pub mod users;
pub use client::XrayClient;
@@ -30,7 +30,7 @@ impl CachedConnection {
created_at: Instant::now(),
}
}
fn is_expired(&self, ttl: Duration) -> bool {
self.created_at.elapsed() > ttl
}
@@ -51,7 +51,7 @@ impl XrayService {
connection_ttl: Duration::from_secs(300), // 5 minutes TTL
}
}
/// Get or create cached client for endpoint
async fn get_or_create_client(&self, endpoint: &str) -> Result<XrayClient> {
// Check cache first
@@ -63,21 +63,20 @@ impl XrayService {
}
}
}
// Create new connection
let client = XrayClient::connect(endpoint).await?;
let cached_connection = CachedConnection::new(client.clone());
// Update cache
{
let mut cache = self.connection_cache.write().await;
cache.insert(endpoint.to_string(), cached_connection);
}
Ok(client)
}
/// Test connection to Xray server with timeout
pub async fn test_connection(&self, _server_id: Uuid, endpoint: &str) -> Result<bool> {
// Apply a 3-second timeout to the entire test operation
@@ -85,12 +84,12 @@ impl XrayService {
Ok(Ok(_client)) => {
// Connection successful
Ok(true)
},
}
Ok(Err(e)) => {
// Connection failed with error
warn!("Failed to connect to Xray at {}: {}", endpoint, e);
Ok(false)
},
}
Err(_) => {
// Operation timed out
warn!("Connection test to Xray at {} timed out", endpoint);
@@ -100,7 +99,12 @@ impl XrayService {
}
/// Apply full configuration to Xray server
pub async fn apply_config(&self, _server_id: Uuid, endpoint: &str, config: &XrayConfig) -> Result<()> {
pub async fn apply_config(
&self,
_server_id: Uuid,
endpoint: &str,
config: &XrayConfig,
) -> Result<()> {
let client = self.get_or_create_client(endpoint).await?;
client.restart_with_config(config).await
}
@@ -124,8 +128,9 @@ impl XrayService {
"settings": base_settings,
"streamSettings": stream_settings
});
self.add_inbound(_server_id, endpoint, &inbound_config).await
self.add_inbound(_server_id, endpoint, &inbound_config)
.await
}
/// Create inbound from template with TLS certificate
@@ -149,26 +154,51 @@ impl XrayService {
"settings": base_settings,
"streamSettings": stream_settings
});
self.add_inbound_with_certificate(_server_id, endpoint, &inbound_config, cert_pem, key_pem).await
self.add_inbound_with_certificate(_server_id, endpoint, &inbound_config, cert_pem, key_pem)
.await
}
/// Add inbound to running Xray instance
pub async fn add_inbound(&self, _server_id: Uuid, endpoint: &str, inbound: &Value) -> Result<()> {
pub async fn add_inbound(
&self,
_server_id: Uuid,
endpoint: &str,
inbound: &Value,
) -> Result<()> {
let client = self.get_or_create_client(endpoint).await?;
client.add_inbound(inbound).await
}
/// Add inbound with certificate to running Xray instance
pub async fn add_inbound_with_certificate(&self, _server_id: Uuid, endpoint: &str, inbound: &Value, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
pub async fn add_inbound_with_certificate(
&self,
_server_id: Uuid,
endpoint: &str,
inbound: &Value,
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
let client = self.get_or_create_client(endpoint).await?;
client.add_inbound_with_certificate(inbound, cert_pem, key_pem).await
client
.add_inbound_with_certificate(inbound, cert_pem, key_pem)
.await
}
/// Add inbound with users and certificate to running Xray instance
pub async fn add_inbound_with_users_and_certificate(&self, _server_id: Uuid, endpoint: &str, inbound: &Value, users: &[Value], cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
pub async fn add_inbound_with_users_and_certificate(
&self,
_server_id: Uuid,
endpoint: &str,
inbound: &Value,
users: &[Value],
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
let client = self.get_or_create_client(endpoint).await?;
client.add_inbound_with_users_and_certificate(inbound, users, cert_pem, key_pem).await
client
.add_inbound_with_users_and_certificate(inbound, users, cert_pem, key_pem)
.await
}
/// Remove inbound from running Xray instance
@@ -178,15 +208,20 @@ impl XrayService {
}
/// Add user to inbound by recreating the inbound with updated user list
pub async fn add_user(&self, _server_id: Uuid, endpoint: &str, inbound_tag: &str, user: &Value) -> Result<()> {
pub async fn add_user(
&self,
_server_id: Uuid,
endpoint: &str,
inbound_tag: &str,
user: &Value,
) -> Result<()> {
// TODO: Implement inbound recreation approach:
// 1. Get current inbound configuration from database
// 2. Get existing users from database
// 2. Get existing users from database
// 3. Remove old inbound from xray
// 4. Create new inbound with all users (existing + new)
// For now, return error to indicate this needs to be implemented
Err(anyhow::anyhow!("User addition requires inbound recreation - not yet implemented. Use web interface to recreate inbound with users."))
}
@@ -204,7 +239,6 @@ impl XrayService {
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
// Build inbound configuration with users
let mut inbound_config = serde_json::json!({
"tag": tag,
@@ -213,37 +247,53 @@ impl XrayService {
"settings": base_settings,
"streamSettings": stream_settings
});
// Add users to settings based on protocol
if !users.is_empty() {
let mut settings = inbound_config["settings"].clone();
match protocol {
"vless" | "vmess" => {
settings["clients"] = serde_json::Value::Array(users.to_vec());
},
}
"trojan" => {
settings["clients"] = serde_json::Value::Array(users.to_vec());
},
}
"shadowsocks" => {
// For shadowsocks, users are handled differently
if let Some(user) = users.first() {
settings["password"] = user["password"].clone();
}
},
}
_ => {
return Err(anyhow::anyhow!("Unsupported protocol for users: {}", protocol));
return Err(anyhow::anyhow!(
"Unsupported protocol for users: {}",
protocol
));
}
}
inbound_config["settings"] = settings;
}
// Use the new method with users support
self.add_inbound_with_users_and_certificate(_server_id, endpoint, &inbound_config, users, cert_pem, key_pem).await
self.add_inbound_with_users_and_certificate(
_server_id,
endpoint,
&inbound_config,
users,
cert_pem,
key_pem,
)
.await
}
/// Remove user from inbound
pub async fn remove_user(&self, _server_id: Uuid, endpoint: &str, inbound_tag: &str, email: &str) -> Result<()> {
pub async fn remove_user(
&self,
_server_id: Uuid,
endpoint: &str,
inbound_tag: &str,
email: &str,
) -> Result<()> {
let client = self.get_or_create_client(endpoint).await?;
client.remove_user(inbound_tag, email).await
}
@@ -255,11 +305,17 @@ impl XrayService {
}
/// Query specific statistics
pub async fn query_stats(&self, _server_id: Uuid, endpoint: &str, pattern: &str, reset: bool) -> Result<Value> {
pub async fn query_stats(
&self,
_server_id: Uuid,
endpoint: &str,
pattern: &str,
reset: bool,
) -> Result<Value> {
let client = self.get_or_create_client(endpoint).await?;
client.query_stats(pattern, reset).await
}
/// Sync entire server with batch operations using single client
pub async fn sync_server_inbounds_optimized(
&self,
@@ -269,21 +325,25 @@ impl XrayService {
) -> Result<()> {
// Get single client for all operations
let client = self.get_or_create_client(endpoint).await?;
// Perform all operations with the same client
for (tag, desired) in desired_inbounds {
// Always try to remove inbound first (ignore errors if it doesn't exist)
let _ = client.remove_inbound(tag).await;
// Create inbound with users
let users_json: Vec<Value> = desired.users.iter().map(|user| {
serde_json::json!({
"id": user.id,
"email": user.email,
"level": user.level
let users_json: Vec<Value> = desired
.users
.iter()
.map(|user| {
serde_json::json!({
"id": user.id,
"email": user.email,
"level": user.level
})
})
}).collect();
.collect();
// Build inbound config
let inbound_config = serde_json::json!({
"tag": desired.tag,
@@ -292,20 +352,23 @@ impl XrayService {
"settings": desired.settings,
"streamSettings": desired.stream_settings
});
match client.add_inbound_with_users_and_certificate(
&inbound_config,
&users_json,
desired.cert_pem.as_deref(),
desired.key_pem.as_deref(),
).await {
match client
.add_inbound_with_users_and_certificate(
&inbound_config,
&users_json,
desired.cert_pem.as_deref(),
desired.key_pem.as_deref(),
)
.await
{
Err(e) => {
error!("Failed to create inbound {}: {}", tag, e);
}
_ => {}
}
}
Ok(())
}
}
@@ -314,4 +377,4 @@ impl Default for XrayService {
fn default() -> Self {
Self::new()
}
}
}

17
src/services/xray/stats.rs
View File

@@ -1,8 +1,8 @@
use anyhow::{Result, anyhow};
use anyhow::{anyhow, Result};
use serde_json::Value;
use xray_core::{
tonic::Request,
app::stats::command::{GetStatsRequest, QueryStatsRequest},
tonic::Request,
Client,
};
@@ -19,7 +19,7 @@ impl<'a> StatsClient<'a> {
/// Get server statistics
pub async fn get_stats(&self) -> Result<Value> {
tracing::info!("Getting stats from Xray server at {}", self.endpoint);
let request = Request::new(GetStatsRequest {
name: "".to_string(),
reset: false,
@@ -44,8 +44,13 @@ impl<'a> StatsClient<'a> {
/// Query specific statistics with pattern
pub async fn query_stats(&self, pattern: &str, reset: bool) -> Result<Value> {
tracing::info!("Querying stats with pattern '{}', reset: {} from {}", pattern, reset, self.endpoint);
tracing::info!(
"Querying stats with pattern '{}', reset: {} from {}",
pattern,
reset,
self.endpoint
);
let request = Request::new(QueryStatsRequest {
pattern: pattern.to_string(),
reset,
@@ -67,4 +72,4 @@ impl<'a> StatsClient<'a> {
}
}
}
}
}

76
src/services/xray/users.rs
View File

@@ -1,16 +1,16 @@
use anyhow::{Result, anyhow};
use anyhow::{anyhow, Result};
use prost::Message;
use serde_json::Value;
use xray_core::{
tonic::Request,
app::proxyman::command::{AlterInboundRequest, AddUserOperation, RemoveUserOperation},
common::serial::TypedMessage,
app::proxyman::command::{AddUserOperation, AlterInboundRequest, RemoveUserOperation},
common::protocol::User,
common::serial::TypedMessage,
proxy::trojan::Account as TrojanAccount,
proxy::vless::Account as VlessAccount,
proxy::vmess::Account as VmessAccount,
proxy::trojan::Account as TrojanAccount,
tonic::Request,
Client,
};
use prost::Message;
pub struct UserClient<'a> {
endpoint: String,
@@ -28,11 +28,11 @@ impl<'a> UserClient<'a> {
let user_id = user["id"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
let protocol = user["protocol"].as_str().unwrap_or("vless");
if email.is_empty() || user_id.is_empty() {
return Err(anyhow!("User email and id are required"));
}
// Create user account based on protocol
let account_message = match protocol {
"vless" => {
@@ -45,7 +45,7 @@ impl<'a> UserClient<'a> {
r#type: "xray.proxy.vless.Account".to_string(),
value: account.encode_to_vec(),
}
},
}
"vmess" => {
let account = VmessAccount {
id: user_id,
@@ -56,7 +56,7 @@ impl<'a> UserClient<'a> {
r#type: "xray.proxy.vmess.Account".to_string(),
value: account.encode_to_vec(),
}
},
}
"trojan" => {
let account = TrojanAccount {
password: user_id, // For trojan, use password instead of UUID
@@ -65,36 +65,35 @@ impl<'a> UserClient<'a> {
r#type: "xray.proxy.trojan.Account".to_string(),
value: account.encode_to_vec(),
}
},
}
_ => {
return Err(anyhow!("Unsupported protocol for user: {}", protocol));
}
};
// Create user protobuf message
let user_proto = User {
level: level,
email: email.clone(),
account: Some(account_message),
};
// Build the AddUserOperation
let add_user_op = AddUserOperation {
user: Some(user_proto),
};
let typed_message = TypedMessage {
r#type: "xray.app.proxyman.command.AddUserOperation".to_string(),
value: add_user_op.encode_to_vec(),
};
// Build the AlterInboundRequest
let request = Request::new(AlterInboundRequest {
tag: inbound_tag.to_string(),
operation: Some(typed_message),
});
let mut handler_client = self.client.handler();
match handler_client.alter_inbound(request).await {
Ok(response) => {
@@ -102,40 +101,57 @@ impl<'a> UserClient<'a> {
Ok(())
}
Err(e) => {
tracing::error!("gRPC error adding user '{}' to inbound '{}': status={}, message={}",
email, inbound_tag, e.code(), e.message());
Err(anyhow!("Failed to add user '{}' to inbound '{}': {}", email, inbound_tag, e))
tracing::error!(
"gRPC error adding user '{}' to inbound '{}': status={}, message={}",
email,
inbound_tag,
e.code(),
e.message()
);
Err(anyhow!(
"Failed to add user '{}' to inbound '{}': {}",
email,
inbound_tag,
e
))
}
}
}
/// Remove user from inbound
pub async fn remove_user(&self, inbound_tag: &str, email: &str) -> Result<()> {
// Build the RemoveUserOperation
let remove_user_op = RemoveUserOperation {
email: email.to_string(),
};
let typed_message = TypedMessage {
r#type: "xray.app.proxyman.command.RemoveUserOperation".to_string(),
value: remove_user_op.encode_to_vec(),
};
let request = Request::new(AlterInboundRequest {
tag: inbound_tag.to_string(),
operation: Some(typed_message),
});
let mut handler_client = self.client.handler();
match handler_client.alter_inbound(request).await {
Ok(_) => {
Ok(())
}
Ok(_) => Ok(()),
Err(e) => {
tracing::error!("Failed to remove user '{}' from inbound '{}': {}", email, inbound_tag, e);
Err(anyhow!("Failed to remove user '{}' from inbound '{}': {}", email, inbound_tag, e))
tracing::error!(
"Failed to remove user '{}' from inbound '{}': {}",
email,
inbound_tag,
e
);
Err(anyhow!(
"Failed to remove user '{}' from inbound '{}': {}",
email,
inbound_tag,
e
))
}
}
}
}
}