Hexor/OutFleet
1
0
Fork 0
mirror of https://github.com/house-of-vanity/OutFleet.git synced 2025-12-17 01:37:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

init rust. WIP: tls for inbounds

Browse Source
This commit is contained in:
Ultradesu
2025-09-18 02:56:59 +03:00
parent 777af49ebf
commit 8aff8f2fb5
206 changed files with 14301 additions and 21560 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/config/args.rs Normal file
View File

@@ -0,0 +1,60 @@
use clap::Parser;
use std::path::PathBuf;
#[derive(Parser, Debug)]
#[command(name = "xray-admin")]
#[command(about = "A web admin panel for managing xray-core VPN proxy servers")]
#[command(version)]
pub struct Args {
/// Configuration file path
#[arg(short, long, value_name = "FILE")]
pub config: Option<PathBuf>,
/// Database connection URL
#[arg(long, env = "DATABASE_URL")]
pub database_url: Option<String>,
/// Web server host address
#[arg(long, default_value = "127.0.0.1")]
pub host: Option<String>,
/// Web server port
#[arg(short, long)]
pub port: Option<u16>,
/// Log level (trace, debug, info, warn, error)
#[arg(long, default_value = "info")]
pub log_level: Option<String>,
/// Validate configuration and exit
#[arg(long)]
pub validate_config: bool,
/// Print default configuration and exit
#[arg(long)]
pub print_default_config: bool,
}
pub fn parse_args() -> Args {
Args::parse()
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_args_parsing() {
let args = Args::try_parse_from(&[
"xray-admin",
"--config", "test.toml",
"--port", "9090",
"--log-level", "debug"
]).unwrap();
assert_eq!(args.config, Some(PathBuf::from("test.toml")));
assert_eq!(args.port, Some(9090));
assert_eq!(args.log_level, Some("debug".to_string()));
}
}

104
src/config/env.rs Normal file
View File

@@ -0,0 +1,104 @@
use std::env;
/// Environment variable utilities
pub struct EnvVars;
impl EnvVars {
/// Get environment variable with fallback
#[allow(dead_code)]
pub fn get_or_default(key: &str, default: &str) -> String {
env::var(key).unwrap_or_else(|_| default.to_string())
}
/// Get required environment variable
#[allow(dead_code)]
pub fn get_required(key: &str) -> Result<String, env::VarError> {
env::var(key)
}
/// Check if running in development mode
#[allow(dead_code)]
pub fn is_development() -> bool {
matches!(
env::var("RUST_ENV").as_deref(),
Ok("development") | Ok("dev")
) || matches!(
env::var("ENVIRONMENT").as_deref(),
Ok("development") | Ok("dev")
)
}
/// Check if running in production mode
#[allow(dead_code)]
pub fn is_production() -> bool {
matches!(
env::var("RUST_ENV").as_deref(),
Ok("production") | Ok("prod")
) || matches!(
env::var("ENVIRONMENT").as_deref(),
Ok("production") | Ok("prod")
)
}
/// Get database URL from environment
#[allow(dead_code)]
pub fn database_url() -> Option<String> {
env::var("DATABASE_URL").ok()
.or_else(|| env::var("XRAY_ADMIN__DATABASE__URL").ok())
}
/// Get telegram bot token from environment
#[allow(dead_code)]
pub fn telegram_token() -> Option<String> {
env::var("TELEGRAM_BOT_TOKEN").ok()
.or_else(|| env::var("XRAY_ADMIN__TELEGRAM__BOT_TOKEN").ok())
}
/// Get JWT secret from environment
#[allow(dead_code)]
pub fn jwt_secret() -> Option<String> {
env::var("JWT_SECRET").ok()
.or_else(|| env::var("XRAY_ADMIN__WEB__JWT_SECRET").ok())
}
/// Print environment info for debugging
pub fn print_env_info() {
tracing::debug!("Environment information:");
tracing::debug!(" RUST_ENV: {:?}", env::var("RUST_ENV"));
tracing::debug!(" ENVIRONMENT: {:?}", env::var("ENVIRONMENT"));
tracing::debug!(" DATABASE_URL: {}",
if env::var("DATABASE_URL").is_ok() { "set" } else { "not set" }
);
tracing::debug!(" TELEGRAM_BOT_TOKEN: {}",
if env::var("TELEGRAM_BOT_TOKEN").is_ok() { "set" } else { "not set" }
);
tracing::debug!(" JWT_SECRET: {}",
if env::var("JWT_SECRET").is_ok() { "set" } else { "not set" }
);
}
}
#[cfg(test)]
mod tests {
use super::*;
use std::env;
#[test]
fn test_get_or_default() {
let result = EnvVars::get_or_default("NON_EXISTENT_VAR", "default_value");
assert_eq!(result, "default_value");
}
#[test]
fn test_environment_detection() {
env::set_var("RUST_ENV", "development");
assert!(EnvVars::is_development());
assert!(!EnvVars::is_production());
env::set_var("RUST_ENV", "production");
assert!(!EnvVars::is_development());
assert!(EnvVars::is_production());
env::remove_var("RUST_ENV");
}
}

165
src/config/file.rs Normal file
View File

@@ -0,0 +1,165 @@
use anyhow::{Context, Result};
use std::fs;
use std::path::Path;
use super::AppConfig;
/// Configuration file utilities
#[allow(dead_code)]
pub struct ConfigFile;
#[allow(dead_code)]
impl ConfigFile {
/// Load configuration from TOML file
pub fn load_toml<P: AsRef<Path>>(path: P) -> Result<AppConfig> {
let content = fs::read_to_string(&path)
.with_context(|| format!("Failed to read config file: {}", path.as_ref().display()))?;
let config: AppConfig = toml::from_str(&content)
.with_context(|| format!("Failed to parse TOML config file: {}", path.as_ref().display()))?;
Ok(config)
}
/// Load configuration from YAML file
pub fn load_yaml<P: AsRef<Path>>(path: P) -> Result<AppConfig> {
let content = fs::read_to_string(&path)
.with_context(|| format!("Failed to read config file: {}", path.as_ref().display()))?;
let config: AppConfig = serde_yaml::from_str(&content)
.with_context(|| format!("Failed to parse YAML config file: {}", path.as_ref().display()))?;
Ok(config)
}
/// Load configuration from JSON file
pub fn load_json<P: AsRef<Path>>(path: P) -> Result<AppConfig> {
let content = fs::read_to_string(&path)
.with_context(|| format!("Failed to read config file: {}", path.as_ref().display()))?;
let config: AppConfig = serde_json::from_str(&content)
.with_context(|| format!("Failed to parse JSON config file: {}", path.as_ref().display()))?;
Ok(config)
}
/// Auto-detect format and load configuration file
pub fn load_auto<P: AsRef<Path>>(path: P) -> Result<AppConfig> {
let path = path.as_ref();
match path.extension().and_then(|ext| ext.to_str()) {
Some("toml") => Self::load_toml(path),
Some("yaml") | Some("yml") => Self::load_yaml(path),
Some("json") => Self::load_json(path),
_ => {
// Try TOML first, then YAML, then JSON
Self::load_toml(path)
.or_else(|_| Self::load_yaml(path))
.or_else(|_| Self::load_json(path))
.with_context(|| {
format!(
"Failed to load config file '{}' - tried TOML, YAML, and JSON formats",
path.display()
)
})
}
}
}
/// Save configuration to TOML file
pub fn save_toml<P: AsRef<Path>>(config: &AppConfig, path: P) -> Result<()> {
let content = toml::to_string_pretty(config)
.context("Failed to serialize config to TOML")?;
fs::write(&path, content)
.with_context(|| format!("Failed to write config file: {}", path.as_ref().display()))?;
Ok(())
}
/// Save configuration to YAML file
pub fn save_yaml<P: AsRef<Path>>(config: &AppConfig, path: P) -> Result<()> {
let content = serde_yaml::to_string(config)
.context("Failed to serialize config to YAML")?;
fs::write(&path, content)
.with_context(|| format!("Failed to write config file: {}", path.as_ref().display()))?;
Ok(())
}
/// Save configuration to JSON file
pub fn save_json<P: AsRef<Path>>(config: &AppConfig, path: P) -> Result<()> {
let content = serde_json::to_string_pretty(config)
.context("Failed to serialize config to JSON")?;
fs::write(&path, content)
.with_context(|| format!("Failed to write config file: {}", path.as_ref().display()))?;
Ok(())
}
/// Check if config file exists and is readable
pub fn exists_and_readable<P: AsRef<Path>>(path: P) -> bool {
let path = path.as_ref();
path.exists() && path.is_file() && fs::metadata(path).map(|m| !m.permissions().readonly()).unwrap_or(false)
}
/// Find default config file in common locations
pub fn find_default() -> Option<std::path::PathBuf> {
let candidates = [
"config.toml",
"config.yaml",
"config.yml",
"config.json",
"xray-admin.toml",
"xray-admin.yaml",
"xray-admin.yml",
"/etc/xray-admin/config.toml",
"/etc/xray-admin/config.yaml",
"~/.config/xray-admin/config.toml",
];
for candidate in &candidates {
let path = std::path::Path::new(candidate);
if Self::exists_and_readable(path) {
return Some(path.to_path_buf());
}
}
None
}
}
#[cfg(test)]
mod tests {
use super::*;
use tempfile::NamedTempFile;
#[test]
fn test_save_and_load_toml() -> Result<()> {
let config = AppConfig::default();
let temp_file = NamedTempFile::new()?;
ConfigFile::save_toml(&config, temp_file.path())?;
let loaded_config = ConfigFile::load_toml(temp_file.path())?;
assert_eq!(config.web.port, loaded_config.web.port);
assert_eq!(config.database.max_connections, loaded_config.database.max_connections);
Ok(())
}
#[test]
fn test_auto_detect_format() -> Result<()> {
let config = AppConfig::default();
// Test with .toml extension
let temp_file = NamedTempFile::with_suffix(".toml")?;
ConfigFile::save_toml(&config, temp_file.path())?;
let loaded_config = ConfigFile::load_auto(temp_file.path())?;
assert_eq!(config.web.port, loaded_config.web.port);
Ok(())
}
}

244
src/config/mod.rs Normal file
View File

@@ -0,0 +1,244 @@
use anyhow::Result;
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use validator::Validate;
pub mod args;
pub mod env;
pub mod file;
#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
pub struct AppConfig {
pub database: DatabaseConfig,
pub web: WebConfig,
pub telegram: TelegramConfig,
pub xray: XrayConfig,
pub logging: LoggingConfig,
}
#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
pub struct DatabaseConfig {
#[validate(url)]
pub url: String,
#[validate(range(min = 1, max = 100))]
pub max_connections: u32,
#[validate(range(min = 1))]
pub connection_timeout: u64,
pub auto_migrate: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
pub struct WebConfig {
#[validate(ip)]
pub host: String,
#[validate(range(min = 1024, max = 65535))]
pub port: u16,
pub cors_origins: Vec<String>,
pub jwt_secret: String,
#[validate(range(min = 3600))]
pub jwt_expiry: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
pub struct TelegramConfig {
pub bot_token: String,
pub webhook_url: Option<String>,
pub admin_chat_ids: Vec<i64>,
pub allowed_users: Vec<i64>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
pub struct XrayConfig {
pub default_api_port: u16,
pub config_template_path: PathBuf,
pub certificates_path: PathBuf,
#[validate(range(min = 1))]
pub health_check_interval: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LoggingConfig {
pub level: String,
pub file_path: Option<PathBuf>,
pub json_format: bool,
pub max_file_size: Option<u64>,
pub max_files: Option<u32>,
}
impl Default for DatabaseConfig {
fn default() -> Self {
Self {
url: "postgresql://xray:password@localhost/xray_admin".to_string(),
max_connections: 10,
connection_timeout: 30,
auto_migrate: true,
}
}
}
impl Default for WebConfig {
fn default() -> Self {
Self {
host: "127.0.0.1".to_string(),
port: 8080,
cors_origins: vec!["http://localhost:3000".to_string()],
jwt_secret: "your-secret-key-change-in-production".to_string(),
jwt_expiry: 86400, // 24 hours
}
}
}
impl Default for TelegramConfig {
fn default() -> Self {
Self {
bot_token: "".to_string(),
webhook_url: None,
admin_chat_ids: vec![],
allowed_users: vec![],
}
}
}
impl Default for XrayConfig {
fn default() -> Self {
Self {
default_api_port: 62789,
config_template_path: PathBuf::from("./templates"),
certificates_path: PathBuf::from("./certs"),
health_check_interval: 30,
}
}
}
impl Default for LoggingConfig {
fn default() -> Self {
Self {
level: "info".to_string(),
file_path: None,
json_format: false,
max_file_size: Some(10 * 1024 * 1024), // 10MB
max_files: Some(5),
}
}
}
impl Default for AppConfig {
fn default() -> Self {
Self {
database: DatabaseConfig::default(),
web: WebConfig::default(),
telegram: TelegramConfig::default(),
xray: XrayConfig::default(),
logging: LoggingConfig::default(),
}
}
}
impl AppConfig {
/// Load configuration from multiple sources with priority:
/// 1. Command line arguments (highest)
/// 2. Environment variables
/// 3. Configuration file
/// 4. Default values (lowest)
pub fn load() -> Result<Self> {
let args = args::parse_args();
let mut builder = config::Config::builder()
// Start with defaults
.add_source(config::Config::try_from(&AppConfig::default())?);
// Add configuration file if specified or exists
if let Some(config_file) = &args.config {
builder = builder.add_source(config::File::from(config_file.as_path()));
} else if std::path::Path::new("config.toml").exists() {
builder = builder.add_source(config::File::with_name("config"));
}
// Add environment variables with prefix
builder = builder.add_source(
config::Environment::with_prefix("XRAY_ADMIN")
.separator("__")
.try_parsing(true)
);
// Override with command line arguments
if let Some(host) = &args.host {
builder = builder.set_override("web.host", host.as_str())?;
}
if let Some(port) = args.port {
builder = builder.set_override("web.port", port)?;
}
if let Some(db_url) = &args.database_url {
builder = builder.set_override("database.url", db_url.as_str())?;
}
if let Some(log_level) = &args.log_level {
builder = builder.set_override("logging.level", log_level.as_str())?;
}
let config: AppConfig = builder.build()?.try_deserialize()?;
// Validate configuration
config.validate()?;
Ok(config)
}
pub fn display_summary(&self) {
tracing::info!("Configuration loaded:");
tracing::info!(" Database URL: {}", mask_sensitive(&self.database.url));
tracing::info!(" Web server: {}:{}", self.web.host, self.web.port);
tracing::info!(" Log level: {}", self.logging.level);
tracing::info!(" Telegram bot: {}", if self.telegram.bot_token.is_empty() { "disabled" } else { "enabled" });
tracing::info!(" Xray config path: {}", self.xray.config_template_path.display());
}
}
/// Mask sensitive information in URLs for logging
fn mask_sensitive(url: &str) -> String {
// Simple string-based approach to mask passwords
if let Some(scheme_end) = url.find("://") {
let after_scheme = &url[scheme_end + 3..];
if let Some(at_pos) = after_scheme.find('@') {
let auth_part = &after_scheme[..at_pos];
if let Some(colon_pos) = auth_part.find(':') {
// Found user:password@host pattern
let user = &auth_part[..colon_pos];
let host_part = &after_scheme[at_pos..];
return format!("{}://{}:***{}", &url[..scheme_end], user, host_part);
}
}
}
// Fallback to URL parsing if simple approach fails
if let Ok(parsed) = url::Url::parse(url) {
if parsed.password().is_some() {
let mut masked = parsed.clone();
masked.set_password(Some("***")).unwrap();
masked.to_string()
} else {
url.to_string()
}
} else {
url.to_string()
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_default_config_validation() {
let config = AppConfig::default();
// Default configuration should be valid
assert!(config.validate().is_ok());
}
#[test]
fn test_mask_sensitive() {
let url = "postgresql://user:password@localhost/db";
let masked = mask_sensitive(url);
assert!(masked.contains("***"));
assert!(!masked.contains("password"));
}
}

243
src/database/entities/certificate.rs Normal file
View File

@@ -0,0 +1,243 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "certificates")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
pub name: String,
#[sea_orm(column_name = "cert_type")]
pub cert_type: String,
pub domain: String,
#[serde(skip_serializing)]
pub cert_data: Vec<u8>,
#[serde(skip_serializing)]
pub key_data: Vec<u8>,
#[serde(skip_serializing)]
pub chain_data: Option<Vec<u8>>,
pub expires_at: DateTimeUtc,
pub auto_renew: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::server::Entity")]
Servers,
#[sea_orm(has_many = "super::server_inbound::Entity")]
ServerInbounds,
}
impl Related<super::server::Entity> for Entity {
fn to() -> RelationDef {
Relation::Servers.def()
}
}
impl Related<super::server_inbound::Entity> for Entity {
fn to() -> RelationDef {
Relation::ServerInbounds.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum CertificateType {
SelfSigned,
Imported,
}
impl From<CertificateType> for String {
fn from(cert_type: CertificateType) -> Self {
match cert_type {
CertificateType::SelfSigned => "self_signed".to_string(),
CertificateType::Imported => "imported".to_string(),
}
}
}
impl From<String> for CertificateType {
fn from(s: String) -> Self {
match s.as_str() {
"self_signed" => CertificateType::SelfSigned,
"imported" => CertificateType::Imported,
_ => CertificateType::SelfSigned,
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateCertificateDto {
pub name: String,
pub cert_type: String,
pub domain: String,
pub auto_renew: bool,
#[serde(default)]
pub certificate_pem: String,
#[serde(default)]
pub private_key: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateCertificateDto {
pub name: Option<String>,
pub auto_renew: Option<bool>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CertificateResponse {
pub id: Uuid,
pub name: String,
pub cert_type: String,
pub domain: String,
pub expires_at: DateTimeUtc,
pub auto_renew: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
pub has_cert_data: bool,
pub has_key_data: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CertificateDetailsResponse {
pub id: Uuid,
pub name: String,
pub cert_type: String,
pub domain: String,
pub expires_at: DateTimeUtc,
pub auto_renew: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
pub certificate_pem: String,
pub has_private_key: bool,
}
impl From<Model> for CertificateResponse {
fn from(cert: Model) -> Self {
Self {
id: cert.id,
name: cert.name,
cert_type: cert.cert_type,
domain: cert.domain,
expires_at: cert.expires_at,
auto_renew: cert.auto_renew,
created_at: cert.created_at,
updated_at: cert.updated_at,
has_cert_data: !cert.cert_data.is_empty(),
has_key_data: !cert.key_data.is_empty(),
}
}
}
impl From<Model> for CertificateDetailsResponse {
fn from(cert: Model) -> Self {
let certificate_pem = cert.certificate_pem();
let has_private_key = !cert.key_data.is_empty();
Self {
id: cert.id,
name: cert.name,
cert_type: cert.cert_type,
domain: cert.domain,
expires_at: cert.expires_at,
auto_renew: cert.auto_renew,
created_at: cert.created_at,
updated_at: cert.updated_at,
certificate_pem,
has_private_key,
}
}
}
impl Model {
#[allow(dead_code)]
pub fn is_expired(&self) -> bool {
self.expires_at < chrono::Utc::now()
}
#[allow(dead_code)]
pub fn expires_soon(&self, days: i64) -> bool {
let threshold = chrono::Utc::now() + chrono::Duration::days(days);
self.expires_at < threshold
}
/// Get certificate data as PEM string
pub fn certificate_pem(&self) -> String {
String::from_utf8_lossy(&self.cert_data).to_string()
}
/// Get private key data as PEM string
pub fn private_key_pem(&self) -> String {
String::from_utf8_lossy(&self.key_data).to_string()
}
pub fn apply_update(self, dto: UpdateCertificateDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(name) = dto.name {
active_model.name = Set(name);
}
if let Some(auto_renew) = dto.auto_renew {
active_model.auto_renew = Set(auto_renew);
}
active_model
}
}
impl From<CreateCertificateDto> for ActiveModel {
fn from(dto: CreateCertificateDto) -> Self {
Self {
name: Set(dto.name),
cert_type: Set(dto.cert_type),
domain: Set(dto.domain),
cert_data: Set(dto.certificate_pem.into_bytes()),
key_data: Set(dto.private_key.into_bytes()),
chain_data: Set(None),
expires_at: Set(chrono::Utc::now() + chrono::Duration::days(90)), // Default 90 days
auto_renew: Set(dto.auto_renew),
..Self::new()
}
}
}

278
src/database/entities/inbound_template.rs Normal file
View File

@@ -0,0 +1,278 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
use serde_json::Value;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "inbound_templates")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub protocol: String,
pub default_port: i32,
pub base_settings: Value,
pub stream_settings: Value,
pub requires_tls: bool,
pub requires_domain: bool,
pub variables: Value,
pub is_active: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::server_inbound::Entity")]
ServerInbounds,
}
impl Related<super::server_inbound::Entity> for Entity {
fn to() -> RelationDef {
Relation::ServerInbounds.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Protocol {
Vless,
Vmess,
Trojan,
Shadowsocks,
}
impl From<Protocol> for String {
fn from(protocol: Protocol) -> Self {
match protocol {
Protocol::Vless => "vless".to_string(),
Protocol::Vmess => "vmess".to_string(),
Protocol::Trojan => "trojan".to_string(),
Protocol::Shadowsocks => "shadowsocks".to_string(),
}
}
}
impl From<String> for Protocol {
fn from(s: String) -> Self {
match s.as_str() {
"vless" => Protocol::Vless,
"vmess" => Protocol::Vmess,
"trojan" => Protocol::Trojan,
"shadowsocks" => Protocol::Shadowsocks,
_ => Protocol::Vless,
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TemplateVariable {
pub key: String,
pub var_type: VariableType,
pub required: bool,
pub default_value: Option<String>,
pub description: Option<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum VariableType {
String,
Number,
Path,
Domain,
Port,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateInboundTemplateDto {
pub name: String,
pub protocol: String,
pub default_port: i32,
pub requires_tls: bool,
pub config_template: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateInboundTemplateDto {
pub name: Option<String>,
pub description: Option<String>,
pub default_port: Option<i32>,
pub base_settings: Option<Value>,
pub stream_settings: Option<Value>,
pub requires_tls: Option<bool>,
pub requires_domain: Option<bool>,
pub variables: Option<Vec<TemplateVariable>>,
pub is_active: Option<bool>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct InboundTemplateResponse {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub protocol: String,
pub default_port: i32,
pub base_settings: Value,
pub stream_settings: Value,
pub requires_tls: bool,
pub requires_domain: bool,
pub variables: Vec<TemplateVariable>,
pub is_active: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
impl From<Model> for InboundTemplateResponse {
fn from(template: Model) -> Self {
let variables = template.get_variables();
Self {
id: template.id,
name: template.name,
description: template.description,
protocol: template.protocol,
default_port: template.default_port,
base_settings: template.base_settings,
stream_settings: template.stream_settings,
requires_tls: template.requires_tls,
requires_domain: template.requires_domain,
variables,
is_active: template.is_active,
created_at: template.created_at,
updated_at: template.updated_at,
}
}
}
impl From<CreateInboundTemplateDto> for ActiveModel {
fn from(dto: CreateInboundTemplateDto) -> Self {
// Parse config_template as JSON or use default
let config_json: Value = serde_json::from_str(&dto.config_template)
.unwrap_or_else(|_| serde_json::json!({}));
Self {
name: Set(dto.name),
description: Set(None),
protocol: Set(dto.protocol),
default_port: Set(dto.default_port),
base_settings: Set(config_json.clone()),
stream_settings: Set(serde_json::json!({})),
requires_tls: Set(dto.requires_tls),
requires_domain: Set(false),
variables: Set(Value::Array(vec![])),
is_active: Set(true),
..Self::new()
}
}
}
impl Model {
pub fn get_variables(&self) -> Vec<TemplateVariable> {
serde_json::from_value(self.variables.clone()).unwrap_or_default()
}
#[allow(dead_code)]
pub fn apply_variables(&self, values: &serde_json::Map<String, Value>) -> Result<(Value, Value), String> {
let base_settings = self.base_settings.clone();
let stream_settings = self.stream_settings.clone();
// Replace variables in JSON using simple string replacement
let base_str = base_settings.to_string();
let stream_str = stream_settings.to_string();
let mut result_base = base_str;
let mut result_stream = stream_str;
for (key, value) in values {
let placeholder = format!("${{{}}}", key);
let replacement = match value {
Value::String(s) => s.clone(),
Value::Number(n) => n.to_string(),
_ => value.to_string(),
};
result_base = result_base.replace(&placeholder, &replacement);
result_stream = result_stream.replace(&placeholder, &replacement);
}
let final_base: Value = serde_json::from_str(&result_base)
.map_err(|e| format!("Invalid base settings after variable substitution: {}", e))?;
let final_stream: Value = serde_json::from_str(&result_stream)
.map_err(|e| format!("Invalid stream settings after variable substitution: {}", e))?;
Ok((final_base, final_stream))
}
pub fn apply_update(self, dto: UpdateInboundTemplateDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(name) = dto.name {
active_model.name = Set(name);
}
if let Some(description) = dto.description {
active_model.description = Set(Some(description));
}
if let Some(default_port) = dto.default_port {
active_model.default_port = Set(default_port);
}
if let Some(base_settings) = dto.base_settings {
active_model.base_settings = Set(base_settings);
}
if let Some(stream_settings) = dto.stream_settings {
active_model.stream_settings = Set(stream_settings);
}
if let Some(requires_tls) = dto.requires_tls {
active_model.requires_tls = Set(requires_tls);
}
if let Some(requires_domain) = dto.requires_domain {
active_model.requires_domain = Set(requires_domain);
}
if let Some(variables) = dto.variables {
active_model.variables = Set(serde_json::to_value(variables).unwrap_or(Value::Array(vec![])));
}
if let Some(is_active) = dto.is_active {
active_model.is_active = Set(is_active);
}
active_model
}
}

168
src/database/entities/inbound_users.rs Normal file
View File

@@ -0,0 +1,168 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
use uuid::Uuid;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "inbound_users")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
pub server_inbound_id: Uuid,
pub username: String,
pub email: String,
pub xray_user_id: String,
pub level: i32,
pub is_active: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::server_inbound::Entity",
from = "Column::ServerInboundId",
to = "super::server_inbound::Column::Id"
)]
ServerInbound,
}
impl Related<super::server_inbound::Entity> for Entity {
fn to() -> RelationDef {
Relation::ServerInbound.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
/// Inbound user creation data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateInboundUserDto {
pub server_inbound_id: Uuid,
pub username: String,
pub level: Option<i32>,
}
impl CreateInboundUserDto {
/// Generate email in format: username@OutFleet
pub fn generate_email(&self) -> String {
format!("{}@OutFleet", self.username)
}
/// Generate UUID for xray user
pub fn generate_xray_user_id(&self) -> String {
Uuid::new_v4().to_string()
}
}
/// Inbound user update data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateInboundUserDto {
pub username: Option<String>,
pub level: Option<i32>,
pub is_active: Option<bool>,
}
impl From<CreateInboundUserDto> for ActiveModel {
fn from(dto: CreateInboundUserDto) -> Self {
let email = dto.generate_email();
let xray_user_id = dto.generate_xray_user_id();
Self {
server_inbound_id: Set(dto.server_inbound_id),
username: Set(dto.username),
email: Set(email),
xray_user_id: Set(xray_user_id),
level: Set(dto.level.unwrap_or(0)),
is_active: Set(true),
..Self::new()
}
}
}
impl Model {
/// Update this model with data from UpdateInboundUserDto
pub fn apply_update(self, dto: UpdateInboundUserDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(username) = dto.username {
let new_email = format!("{}@OutFleet", username);
active_model.username = Set(username);
active_model.email = Set(new_email);
}
if let Some(level) = dto.level {
active_model.level = Set(level);
}
if let Some(is_active) = dto.is_active {
active_model.is_active = Set(is_active);
}
active_model
}
}
/// Response model for inbound user
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct InboundUserResponse {
pub id: Uuid,
pub server_inbound_id: Uuid,
pub username: String,
pub email: String,
pub xray_user_id: String,
pub level: i32,
pub is_active: bool,
pub created_at: String,
pub updated_at: String,
}
impl From<Model> for InboundUserResponse {
fn from(model: Model) -> Self {
Self {
id: model.id,
server_inbound_id: model.server_inbound_id,
username: model.username,
email: model.email,
xray_user_id: model.xray_user_id,
level: model.level,
is_active: model.is_active,
created_at: model.created_at.to_rfc3339(),
updated_at: model.updated_at.to_rfc3339(),
}
}
}

16
src/database/entities/mod.rs Normal file
View File

@@ -0,0 +1,16 @@
pub mod user;
pub mod certificate;
pub mod inbound_template;
pub mod server;
pub mod server_inbound;
pub mod user_access;
pub mod inbound_users;
pub mod prelude {
pub use super::certificate::Entity as Certificate;
pub use super::inbound_template::Entity as InboundTemplate;
pub use super::server::Entity as Server;
pub use super::server_inbound::Entity as ServerInbound;
pub use super::user_access::Entity as UserAccess;
pub use super::inbound_users::Entity as InboundUsers;
}

212
src/database/entities/server.rs Normal file
View File

@@ -0,0 +1,212 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "servers")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
pub name: String,
pub hostname: String,
pub grpc_port: i32,
#[serde(skip_serializing)]
pub api_credentials: Option<String>,
pub status: String,
pub default_certificate_id: Option<Uuid>,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::certificate::Entity",
from = "Column::DefaultCertificateId",
to = "super::certificate::Column::Id"
)]
DefaultCertificate,
#[sea_orm(has_many = "super::server_inbound::Entity")]
ServerInbounds,
}
impl Related<super::certificate::Entity> for Entity {
fn to() -> RelationDef {
Relation::DefaultCertificate.def()
}
}
impl Related<super::server_inbound::Entity> for Entity {
fn to() -> RelationDef {
Relation::ServerInbounds.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
status: Set(ServerStatus::Unknown.into()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum ServerStatus {
Unknown,
Online,
Offline,
Error,
Connecting,
}
impl From<ServerStatus> for String {
fn from(status: ServerStatus) -> Self {
match status {
ServerStatus::Unknown => "unknown".to_string(),
ServerStatus::Online => "online".to_string(),
ServerStatus::Offline => "offline".to_string(),
ServerStatus::Error => "error".to_string(),
ServerStatus::Connecting => "connecting".to_string(),
}
}
}
impl From<String> for ServerStatus {
fn from(s: String) -> Self {
match s.as_str() {
"online" => ServerStatus::Online,
"offline" => ServerStatus::Offline,
"error" => ServerStatus::Error,
"connecting" => ServerStatus::Connecting,
_ => ServerStatus::Unknown,
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateServerDto {
pub name: String,
pub hostname: String,
pub grpc_port: Option<i32>,
pub api_credentials: Option<String>,
pub default_certificate_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateServerDto {
pub name: Option<String>,
pub hostname: Option<String>,
pub grpc_port: Option<i32>,
pub api_credentials: Option<String>,
pub status: Option<String>,
pub default_certificate_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerResponse {
pub id: Uuid,
pub name: String,
pub hostname: String,
pub grpc_port: i32,
pub status: String,
pub default_certificate_id: Option<Uuid>,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
pub has_credentials: bool,
}
impl From<CreateServerDto> for ActiveModel {
fn from(dto: CreateServerDto) -> Self {
Self {
name: Set(dto.name),
hostname: Set(dto.hostname),
grpc_port: Set(dto.grpc_port.unwrap_or(2053)),
api_credentials: Set(dto.api_credentials),
status: Set("unknown".to_string()),
default_certificate_id: Set(dto.default_certificate_id),
..Self::new()
}
}
}
impl From<Model> for ServerResponse {
fn from(server: Model) -> Self {
Self {
id: server.id,
name: server.name,
hostname: server.hostname,
grpc_port: server.grpc_port,
status: server.status,
default_certificate_id: server.default_certificate_id,
created_at: server.created_at,
updated_at: server.updated_at,
has_credentials: server.api_credentials.is_some(),
}
}
}
impl Model {
pub fn apply_update(self, dto: UpdateServerDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(name) = dto.name {
active_model.name = Set(name);
}
if let Some(hostname) = dto.hostname {
active_model.hostname = Set(hostname);
}
if let Some(grpc_port) = dto.grpc_port {
active_model.grpc_port = Set(grpc_port);
}
if let Some(api_credentials) = dto.api_credentials {
active_model.api_credentials = Set(Some(api_credentials));
}
if let Some(status) = dto.status {
active_model.status = Set(status);
}
if let Some(default_certificate_id) = dto.default_certificate_id {
active_model.default_certificate_id = Set(Some(default_certificate_id));
}
active_model
}
pub fn get_grpc_endpoint(&self) -> String {
format!("{}:{}", self.hostname, self.grpc_port)
}
#[allow(dead_code)]
pub fn get_status(&self) -> ServerStatus {
self.status.clone().into()
}
}

204
src/database/entities/server_inbound.rs Normal file
View File

@@ -0,0 +1,204 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
use serde_json::Value;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "server_inbounds")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
pub server_id: Uuid,
pub template_id: Uuid,
pub tag: String,
pub port_override: Option<i32>,
pub certificate_id: Option<Uuid>,
pub variable_values: Value,
pub is_active: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::server::Entity",
from = "Column::ServerId",
to = "super::server::Column::Id"
)]
Server,
#[sea_orm(
belongs_to = "super::inbound_template::Entity",
from = "Column::TemplateId",
to = "super::inbound_template::Column::Id"
)]
Template,
#[sea_orm(
belongs_to = "super::certificate::Entity",
from = "Column::CertificateId",
to = "super::certificate::Column::Id"
)]
Certificate,
}
impl Related<super::server::Entity> for Entity {
fn to() -> RelationDef {
Relation::Server.def()
}
}
impl Related<super::inbound_template::Entity> for Entity {
fn to() -> RelationDef {
Relation::Template.def()
}
}
impl Related<super::certificate::Entity> for Entity {
fn to() -> RelationDef {
Relation::Certificate.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateServerInboundDto {
pub template_id: Uuid,
pub port: i32,
pub certificate_id: Option<Uuid>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateServerInboundDto {
pub tag: Option<String>,
pub port_override: Option<i32>,
pub certificate_id: Option<Uuid>,
pub variable_values: Option<serde_json::Map<String, Value>>,
pub is_active: Option<bool>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerInboundResponse {
pub id: Uuid,
pub server_id: Uuid,
pub template_id: Uuid,
pub tag: String,
pub port: i32,
pub certificate_id: Option<Uuid>,
pub variable_values: Value,
pub is_active: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
// Populated by joins (simplified for now)
pub template_name: Option<String>,
pub certificate_name: Option<String>,
}
impl From<Model> for ServerInboundResponse {
fn from(inbound: Model) -> Self {
Self {
id: inbound.id,
server_id: inbound.server_id,
template_id: inbound.template_id,
tag: inbound.tag,
port: inbound.port_override.unwrap_or(443), // Default port if not set
certificate_id: inbound.certificate_id,
variable_values: inbound.variable_values,
is_active: inbound.is_active,
created_at: inbound.created_at,
updated_at: inbound.updated_at,
template_name: None, // Will be filled by repository if needed
certificate_name: None, // Will be filled by repository if needed
}
}
}
impl Model {
pub fn apply_update(self, dto: UpdateServerInboundDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(tag) = dto.tag {
active_model.tag = Set(tag);
}
if let Some(port_override) = dto.port_override {
active_model.port_override = Set(Some(port_override));
}
if let Some(certificate_id) = dto.certificate_id {
active_model.certificate_id = Set(Some(certificate_id));
}
if let Some(variable_values) = dto.variable_values {
active_model.variable_values = Set(Value::Object(variable_values));
}
if let Some(is_active) = dto.is_active {
active_model.is_active = Set(is_active);
}
active_model
}
#[allow(dead_code)]
pub fn get_variable_values(&self) -> serde_json::Map<String, Value> {
if let Value::Object(map) = &self.variable_values {
map.clone()
} else {
serde_json::Map::new()
}
}
#[allow(dead_code)]
pub fn get_effective_port(&self, template_default_port: i32) -> i32 {
self.port_override.unwrap_or(template_default_port)
}
}
impl From<CreateServerInboundDto> for ActiveModel {
fn from(dto: CreateServerInboundDto) -> Self {
Self {
template_id: Set(dto.template_id),
tag: Set(format!("inbound-{}", Uuid::new_v4())), // Generate unique tag
port_override: Set(Some(dto.port)),
certificate_id: Set(dto.certificate_id),
variable_values: Set(Value::Object(serde_json::Map::new())),
is_active: Set(dto.is_active),
..Self::new()
}
}
}

185
src/database/entities/user.rs Normal file
View File

@@ -0,0 +1,185 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "users")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
/// User display name
pub name: String,
/// Optional comment/description about the user
#[sea_orm(column_type = "Text")]
pub comment: Option<String>,
/// Optional Telegram user ID for bot integration
pub telegram_id: Option<i64>,
/// When the user was registered/created
pub created_at: DateTimeUtc,
/// Last time user record was updated
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {}
impl ActiveModelBehavior for ActiveModel {
/// Called before insert and update
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
/// Called before update
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
/// User creation data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateUserDto {
pub name: String,
pub comment: Option<String>,
pub telegram_id: Option<i64>,
}
/// User update data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateUserDto {
pub name: Option<String>,
pub comment: Option<String>,
pub telegram_id: Option<i64>,
}
impl From<CreateUserDto> for ActiveModel {
fn from(dto: CreateUserDto) -> Self {
Self {
name: Set(dto.name),
comment: Set(dto.comment),
telegram_id: Set(dto.telegram_id),
..Self::new()
}
}
}
impl Model {
/// Update this model with data from UpdateUserDto
pub fn apply_update(self, dto: UpdateUserDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(name) = dto.name {
active_model.name = Set(name);
}
if let Some(comment) = dto.comment {
active_model.comment = Set(Some(comment));
} else if dto.comment.is_some() {
// Explicitly set to None if Some(None) was passed
active_model.comment = Set(None);
}
if dto.telegram_id.is_some() {
active_model.telegram_id = Set(dto.telegram_id);
}
active_model
}
/// Check if user has Telegram integration
#[allow(dead_code)]
pub fn has_telegram(&self) -> bool {
self.telegram_id.is_some()
}
/// Get display name with optional comment
#[allow(dead_code)]
pub fn display_name(&self) -> String {
match &self.comment {
Some(comment) if !comment.is_empty() => format!("{} ({})", self.name, comment),
_ => self.name.clone(),
}
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_create_user_dto_conversion() {
let dto = CreateUserDto {
name: "Test User".to_string(),
comment: Some("Test comment".to_string()),
telegram_id: Some(123456789),
};
let active_model: ActiveModel = dto.into();
assert_eq!(active_model.name.unwrap(), "Test User");
assert_eq!(active_model.comment.unwrap(), Some("Test comment".to_string()));
assert_eq!(active_model.telegram_id.unwrap(), Some(123456789));
}
#[test]
fn test_user_display_name() {
let user = Model {
id: Uuid::new_v4(),
name: "John Doe".to_string(),
comment: Some("Admin user".to_string()),
telegram_id: None,
created_at: chrono::Utc::now(),
updated_at: chrono::Utc::now(),
};
assert_eq!(user.display_name(), "John Doe (Admin user)");
let user_no_comment = Model {
comment: None,
..user
};
assert_eq!(user_no_comment.display_name(), "John Doe");
}
#[test]
fn test_has_telegram() {
let user_with_telegram = Model {
id: Uuid::new_v4(),
name: "User".to_string(),
comment: None,
telegram_id: Some(123456789),
created_at: chrono::Utc::now(),
updated_at: chrono::Utc::now(),
};
let user_without_telegram = Model {
telegram_id: None,
..user_with_telegram.clone()
};
assert!(user_with_telegram.has_telegram());
assert!(!user_without_telegram.has_telegram());
}
}

188
src/database/entities/user_access.rs Normal file
View File

@@ -0,0 +1,188 @@
use sea_orm::entity::prelude::*;
use sea_orm::{Set, ActiveModelTrait};
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "user_access")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: Uuid,
/// User ID this access is for
pub user_id: Uuid,
/// Server ID this access applies to
pub server_id: Uuid,
/// Server inbound ID this access applies to
pub server_inbound_id: Uuid,
/// User's unique identifier in xray (UUID for VLESS/VMess, password for Trojan)
pub xray_user_id: String,
/// User's email in xray
pub xray_email: String,
/// User level in xray (0-255)
pub level: i32,
/// Whether this access is currently active
pub is_active: bool,
/// When this access was created
pub created_at: DateTimeUtc,
/// Last time this access was updated
pub updated_at: DateTimeUtc,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::user::Entity",
from = "Column::UserId",
to = "super::user::Column::Id"
)]
User,
#[sea_orm(
belongs_to = "super::server::Entity",
from = "Column::ServerId",
to = "super::server::Column::Id"
)]
Server,
#[sea_orm(
belongs_to = "super::server_inbound::Entity",
from = "Column::ServerInboundId",
to = "super::server_inbound::Column::Id"
)]
ServerInbound,
}
impl Related<super::user::Entity> for Entity {
fn to() -> RelationDef {
Relation::User.def()
}
}
impl Related<super::server::Entity> for Entity {
fn to() -> RelationDef {
Relation::Server.def()
}
}
impl Related<super::server_inbound::Entity> for Entity {
fn to() -> RelationDef {
Relation::ServerInbound.def()
}
}
impl ActiveModelBehavior for ActiveModel {
fn new() -> Self {
Self {
id: Set(Uuid::new_v4()),
created_at: Set(chrono::Utc::now()),
updated_at: Set(chrono::Utc::now()),
..ActiveModelTrait::default()
}
}
fn before_save<'life0, 'async_trait, C>(
mut self,
_db: &'life0 C,
insert: bool,
) -> core::pin::Pin<Box<dyn core::future::Future<Output = Result<Self, DbErr>> + Send + 'async_trait>>
where
'life0: 'async_trait,
C: 'async_trait + ConnectionTrait,
Self: 'async_trait,
{
Box::pin(async move {
if !insert {
self.updated_at = Set(chrono::Utc::now());
}
Ok(self)
})
}
}
/// User access creation data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateUserAccessDto {
pub user_id: Uuid,
pub server_id: Uuid,
pub server_inbound_id: Uuid,
pub xray_user_id: String,
pub xray_email: String,
pub level: Option<i32>,
}
/// User access update data transfer object
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UpdateUserAccessDto {
pub is_active: Option<bool>,
pub level: Option<i32>,
}
impl From<CreateUserAccessDto> for ActiveModel {
fn from(dto: CreateUserAccessDto) -> Self {
Self {
user_id: Set(dto.user_id),
server_id: Set(dto.server_id),
server_inbound_id: Set(dto.server_inbound_id),
xray_user_id: Set(dto.xray_user_id),
xray_email: Set(dto.xray_email),
level: Set(dto.level.unwrap_or(0)),
is_active: Set(true),
..Self::new()
}
}
}
impl Model {
/// Update this model with data from UpdateUserAccessDto
pub fn apply_update(self, dto: UpdateUserAccessDto) -> ActiveModel {
let mut active_model: ActiveModel = self.into();
if let Some(is_active) = dto.is_active {
active_model.is_active = Set(is_active);
}
if let Some(level) = dto.level {
active_model.level = Set(level);
}
active_model
}
}
/// Response model for user access
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UserAccessResponse {
pub id: Uuid,
pub user_id: Uuid,
pub server_id: Uuid,
pub server_inbound_id: Uuid,
pub xray_user_id: String,
pub xray_email: String,
pub level: i32,
pub is_active: bool,
pub created_at: String,
pub updated_at: String,
}
impl From<Model> for UserAccessResponse {
fn from(model: Model) -> Self {
Self {
id: model.id,
user_id: model.user_id,
server_id: model.server_id,
server_inbound_id: model.server_inbound_id,
xray_user_id: model.xray_user_id,
xray_email: model.xray_email,
level: model.level,
is_active: model.is_active,
created_at: model.created_at.to_rfc3339(),
updated_at: model.updated_at.to_rfc3339(),
}
}
}

135
src/database/migrations/m20241201_000001_create_users_table.rs Normal file
View File

@@ -0,0 +1,135 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
// Create users table
manager
.create_table(
Table::create()
.table(Users::Table)
.if_not_exists()
.col(
ColumnDef::new(Users::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(Users::Name)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(Users::Comment)
.text()
.null(),
)
.col(
ColumnDef::new(Users::TelegramId)
.big_integer()
.null(),
)
.col(
ColumnDef::new(Users::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(Users::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.to_owned(),
)
.await?;
// Create index on name for faster searches
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_users_name")
.table(Users::Table)
.col(Users::Name)
.to_owned(),
)
.await?;
// Create unique index on telegram_id (if not null)
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_users_telegram_id")
.table(Users::Table)
.col(Users::TelegramId)
.unique()
.to_owned(),
)
.await?;
// Create index on created_at for sorting
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_users_created_at")
.table(Users::Table)
.col(Users::CreatedAt)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
// Drop indexes first
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_users_created_at")
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_users_telegram_id")
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_users_name")
.to_owned(),
)
.await?;
// Drop table
manager
.drop_table(Table::drop().table(Users::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum Users {
Table,
Id,
Name,
Comment,
TelegramId,
CreatedAt,
UpdatedAt,
}

120
src/database/migrations/m20241201_000002_create_certificates_table.rs Normal file
View File

@@ -0,0 +1,120 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(Certificates::Table)
.if_not_exists()
.col(
ColumnDef::new(Certificates::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(Certificates::Name)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(Certificates::CertType)
.string_len(50)
.not_null(),
)
.col(
ColumnDef::new(Certificates::Domain)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(Certificates::CertData)
.blob()
.not_null(),
)
.col(
ColumnDef::new(Certificates::KeyData)
.blob()
.not_null(),
)
.col(
ColumnDef::new(Certificates::ChainData)
.blob()
.null(),
)
.col(
ColumnDef::new(Certificates::ExpiresAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(Certificates::AutoRenew)
.boolean()
.default(false)
.not_null(),
)
.col(
ColumnDef::new(Certificates::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(Certificates::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.to_owned(),
)
.await?;
// Index on domain for faster lookups
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_certificates_domain")
.table(Certificates::Table)
.col(Certificates::Domain)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_certificates_domain")
.to_owned(),
)
.await?;
manager
.drop_table(Table::drop().table(Certificates::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum Certificates {
Table,
Id,
Name,
CertType,
Domain,
CertData,
KeyData,
ChainData,
ExpiresAt,
AutoRenew,
CreatedAt,
UpdatedAt,
}

155
src/database/migrations/m20241201_000003_create_inbound_templates_table.rs Normal file
View File

@@ -0,0 +1,155 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(InboundTemplates::Table)
.if_not_exists()
.col(
ColumnDef::new(InboundTemplates::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(InboundTemplates::Name)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::Description)
.text()
.null(),
)
.col(
ColumnDef::new(InboundTemplates::Protocol)
.string_len(50)
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::DefaultPort)
.integer()
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::BaseSettings)
.json()
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::StreamSettings)
.json()
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::RequiresTls)
.boolean()
.default(false)
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::RequiresDomain)
.boolean()
.default(false)
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::Variables)
.json()
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::IsActive)
.boolean()
.default(true)
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(InboundTemplates::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.to_owned(),
)
.await?;
// Index on name for searches
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_inbound_templates_name")
.table(InboundTemplates::Table)
.col(InboundTemplates::Name)
.to_owned(),
)
.await?;
// Index on protocol
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_inbound_templates_protocol")
.table(InboundTemplates::Table)
.col(InboundTemplates::Protocol)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_inbound_templates_protocol")
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_inbound_templates_name")
.to_owned(),
)
.await?;
manager
.drop_table(Table::drop().table(InboundTemplates::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum InboundTemplates {
Table,
Id,
Name,
Description,
Protocol,
DefaultPort,
BaseSettings,
StreamSettings,
RequiresTls,
RequiresDomain,
Variables,
IsActive,
CreatedAt,
UpdatedAt,
}

136
src/database/migrations/m20241201_000004_create_servers_table.rs Normal file
View File

@@ -0,0 +1,136 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(Servers::Table)
.if_not_exists()
.col(
ColumnDef::new(Servers::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(Servers::Name)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(Servers::Hostname)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(Servers::GrpcPort)
.integer()
.default(2053)
.not_null(),
)
.col(
ColumnDef::new(Servers::ApiCredentials)
.text()
.null(),
)
.col(
ColumnDef::new(Servers::Status)
.string_len(50)
.default("unknown")
.not_null(),
)
.col(
ColumnDef::new(Servers::DefaultCertificateId)
.uuid()
.null(),
)
.col(
ColumnDef::new(Servers::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(Servers::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.to_owned(),
)
.await?;
// Foreign key to certificates
manager
.create_foreign_key(
ForeignKey::create()
.name("fk_servers_default_certificate")
.from(Servers::Table, Servers::DefaultCertificateId)
.to(Certificates::Table, Certificates::Id)
.on_delete(ForeignKeyAction::SetNull)
.to_owned(),
)
.await?;
// Index on hostname
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_servers_hostname")
.table(Servers::Table)
.col(Servers::Hostname)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_foreign_key(
ForeignKey::drop()
.name("fk_servers_default_certificate")
.table(Servers::Table)
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_servers_hostname")
.to_owned(),
)
.await?;
manager
.drop_table(Table::drop().table(Servers::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum Servers {
Table,
Id,
Name,
Hostname,
GrpcPort,
ApiCredentials,
Status,
DefaultCertificateId,
CreatedAt,
UpdatedAt,
}
#[derive(DeriveIden)]
enum Certificates {
Table,
Id,
}

195
src/database/migrations/m20241201_000005_create_server_inbounds_table.rs Normal file
View File

@@ -0,0 +1,195 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(ServerInbounds::Table)
.if_not_exists()
.col(
ColumnDef::new(ServerInbounds::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(ServerInbounds::ServerId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::TemplateId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::Tag)
.string_len(255)
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::PortOverride)
.integer()
.null(),
)
.col(
ColumnDef::new(ServerInbounds::CertificateId)
.uuid()
.null(),
)
.col(
ColumnDef::new(ServerInbounds::VariableValues)
.json()
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::IsActive)
.boolean()
.default(true)
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(ServerInbounds::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.to_owned(),
)
.await?;
// Foreign keys
manager
.create_foreign_key(
ForeignKey::create()
.name("fk_server_inbounds_server")
.from(ServerInbounds::Table, ServerInbounds::ServerId)
.to(Servers::Table, Servers::Id)
.on_delete(ForeignKeyAction::Cascade)
.to_owned(),
)
.await?;
manager
.create_foreign_key(
ForeignKey::create()
.name("fk_server_inbounds_template")
.from(ServerInbounds::Table, ServerInbounds::TemplateId)
.to(InboundTemplates::Table, InboundTemplates::Id)
.on_delete(ForeignKeyAction::Restrict)
.to_owned(),
)
.await?;
manager
.create_foreign_key(
ForeignKey::create()
.name("fk_server_inbounds_certificate")
.from(ServerInbounds::Table, ServerInbounds::CertificateId)
.to(Certificates::Table, Certificates::Id)
.on_delete(ForeignKeyAction::SetNull)
.to_owned(),
)
.await?;
// Unique constraint on server_id + tag
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_server_inbounds_server_tag")
.table(ServerInbounds::Table)
.col(ServerInbounds::ServerId)
.col(ServerInbounds::Tag)
.unique()
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_foreign_key(
ForeignKey::drop()
.name("fk_server_inbounds_certificate")
.table(ServerInbounds::Table)
.to_owned(),
)
.await?;
manager
.drop_foreign_key(
ForeignKey::drop()
.name("fk_server_inbounds_template")
.table(ServerInbounds::Table)
.to_owned(),
)
.await?;
manager
.drop_foreign_key(
ForeignKey::drop()
.name("fk_server_inbounds_server")
.table(ServerInbounds::Table)
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_server_inbounds_server_tag")
.to_owned(),
)
.await?;
manager
.drop_table(Table::drop().table(ServerInbounds::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum ServerInbounds {
Table,
Id,
ServerId,
TemplateId,
Tag,
PortOverride,
CertificateId,
VariableValues,
IsActive,
CreatedAt,
UpdatedAt,
}
#[derive(DeriveIden)]
enum Servers {
Table,
Id,
}
#[derive(DeriveIden)]
enum InboundTemplates {
Table,
Id,
}
#[derive(DeriveIden)]
enum Certificates {
Table,
Id,
}

196
src/database/migrations/m20241201_000006_create_user_access_table.rs Normal file
View File

@@ -0,0 +1,196 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(UserAccess::Table)
.if_not_exists()
.col(
ColumnDef::new(UserAccess::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(UserAccess::UserId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::ServerId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::ServerInboundId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::XrayUserId)
.string()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::XrayEmail)
.string()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::Level)
.integer()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::IsActive)
.boolean()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(UserAccess::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.foreign_key(
ForeignKey::create()
.name("fk_user_access_user_id")
.from(UserAccess::Table, UserAccess::UserId)
.to(Users::Table, Users::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.foreign_key(
ForeignKey::create()
.name("fk_user_access_server_id")
.from(UserAccess::Table, UserAccess::ServerId)
.to(Servers::Table, Servers::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.foreign_key(
ForeignKey::create()
.name("fk_user_access_server_inbound_id")
.from(UserAccess::Table, UserAccess::ServerInboundId)
.to(ServerInbounds::Table, ServerInbounds::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.to_owned(),
)
.await?;
// Create indexes separately
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_user_access_server_inbound")
.table(UserAccess::Table)
.col(UserAccess::ServerId)
.col(UserAccess::ServerInboundId)
.to_owned(),
)
.await?;
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_user_access_user_server")
.table(UserAccess::Table)
.col(UserAccess::UserId)
.col(UserAccess::ServerId)
.to_owned(),
)
.await?;
manager
.create_index(
Index::create()
.if_not_exists()
.name("idx_user_access_xray_email")
.table(UserAccess::Table)
.col(UserAccess::XrayEmail)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
// Drop indexes first
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_user_access_xray_email")
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_user_access_user_server")
.to_owned(),
)
.await?;
manager
.drop_index(
Index::drop()
.if_exists()
.name("idx_user_access_server_inbound")
.to_owned(),
)
.await?;
// Drop table
manager
.drop_table(Table::drop().table(UserAccess::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum UserAccess {
Table,
Id,
UserId,
ServerId,
ServerInboundId,
XrayUserId,
XrayEmail,
Level,
IsActive,
CreatedAt,
UpdatedAt,
}
#[derive(DeriveIden)]
enum Users {
Table,
Id,
}
#[derive(DeriveIden)]
enum Servers {
Table,
Id,
}
#[derive(DeriveIden)]
enum ServerInbounds {
Table,
Id,
}

125
src/database/migrations/m20241201_000007_create_inbound_users_table.rs Normal file
View File

@@ -0,0 +1,125 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(InboundUsers::Table)
.if_not_exists()
.col(
ColumnDef::new(InboundUsers::Id)
.uuid()
.not_null()
.primary_key(),
)
.col(
ColumnDef::new(InboundUsers::ServerInboundId)
.uuid()
.not_null(),
)
.col(
ColumnDef::new(InboundUsers::Username)
.string()
.not_null(),
)
.col(
ColumnDef::new(InboundUsers::Email)
.string()
.not_null(),
)
.col(
ColumnDef::new(InboundUsers::XrayUserId)
.string()
.not_null(),
)
.col(
ColumnDef::new(InboundUsers::Level)
.integer()
.not_null()
.default(0),
)
.col(
ColumnDef::new(InboundUsers::IsActive)
.boolean()
.not_null()
.default(true),
)
.col(
ColumnDef::new(InboundUsers::CreatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.col(
ColumnDef::new(InboundUsers::UpdatedAt)
.timestamp_with_time_zone()
.not_null(),
)
.foreign_key(
ForeignKey::create()
.name("fk_inbound_users_server_inbound")
.from(InboundUsers::Table, InboundUsers::ServerInboundId)
.to(ServerInbounds::Table, ServerInbounds::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.to_owned(),
)
.await?;
// Create unique constraint: one user per inbound
manager
.create_index(
Index::create()
.name("idx_inbound_users_unique_user_per_inbound")
.table(InboundUsers::Table)
.col(InboundUsers::ServerInboundId)
.col(InboundUsers::Username)
.unique()
.to_owned(),
)
.await?;
// Create index on email for faster lookups
manager
.create_index(
Index::create()
.name("idx_inbound_users_email")
.table(InboundUsers::Table)
.col(InboundUsers::Email)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_table(Table::drop().table(InboundUsers::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum InboundUsers {
Table,
Id,
ServerInboundId,
Username,
Email,
XrayUserId,
Level,
IsActive,
CreatedAt,
UpdatedAt,
}
#[derive(DeriveIden)]
enum ServerInbounds {
Table,
Id,
}

26
src/database/migrations/mod.rs Normal file
View File

@@ -0,0 +1,26 @@
use sea_orm_migration::prelude::*;
mod m20241201_000001_create_users_table;
mod m20241201_000002_create_certificates_table;
mod m20241201_000003_create_inbound_templates_table;
mod m20241201_000004_create_servers_table;
mod m20241201_000005_create_server_inbounds_table;
mod m20241201_000006_create_user_access_table;
mod m20241201_000007_create_inbound_users_table;
pub struct Migrator;
#[async_trait::async_trait]
impl MigratorTrait for Migrator {
fn migrations() -> Vec<Box<dyn MigrationTrait>> {
vec![
Box::new(m20241201_000001_create_users_table::Migration),
Box::new(m20241201_000002_create_certificates_table::Migration),
Box::new(m20241201_000003_create_inbound_templates_table::Migration),
Box::new(m20241201_000004_create_servers_table::Migration),
Box::new(m20241201_000005_create_server_inbounds_table::Migration),
Box::new(m20241201_000006_create_user_access_table::Migration),
Box::new(m20241201_000007_create_inbound_users_table::Migration),
]
}
}

161
src/database/mod.rs Normal file
View File

@@ -0,0 +1,161 @@
use anyhow::Result;
use sea_orm::{Database, DatabaseConnection, ConnectOptions, Statement, DatabaseBackend, ConnectionTrait};
use sea_orm_migration::MigratorTrait;
use std::time::Duration;
use tracing::{info, warn};
use crate::config::DatabaseConfig;
pub mod entities;
pub mod migrations;
pub mod repository;
use migrations::Migrator;
/// Database connection and management
#[derive(Clone)]
pub struct DatabaseManager {
connection: DatabaseConnection,
}
impl DatabaseManager {
/// Create a new database connection
pub async fn new(config: &DatabaseConfig) -> Result<Self> {
info!("Connecting to database...");
// URL-encode the connection string to handle special characters in passwords
let encoded_url = Self::encode_database_url(&config.url)?;
let mut opt = ConnectOptions::new(&encoded_url);
opt.max_connections(config.max_connections)
.min_connections(1)
.connect_timeout(Duration::from_secs(config.connection_timeout))
.acquire_timeout(Duration::from_secs(config.connection_timeout))
.idle_timeout(Duration::from_secs(600))
.max_lifetime(Duration::from_secs(3600))
.sqlx_logging(tracing::level_enabled!(tracing::Level::DEBUG))
.sqlx_logging_level(log::LevelFilter::Debug);
let connection = Database::connect(opt).await?;
info!("Database connection established successfully");
let manager = Self { connection };
// Run migrations if auto_migrate is enabled
if config.auto_migrate {
manager.migrate().await?;
}
Ok(manager)
}
/// Get database connection
pub fn connection(&self) -> &DatabaseConnection {
&self.connection
}
/// Run database migrations
pub async fn migrate(&self) -> Result<()> {
info!("Running database migrations...");
match Migrator::up(&self.connection, None).await {
Ok(_) => {
info!("Database migrations completed successfully");
Ok(())
}
Err(e) => {
warn!("Migration error: {}", e);
Err(e.into())
}
}
}
/// Check database connection health
pub async fn health_check(&self) -> Result<bool> {
let stmt = Statement::from_string(DatabaseBackend::Postgres, "SELECT 1".to_owned());
match self.connection.execute(stmt).await {
Ok(_) => Ok(true),
Err(e) => {
warn!("Database health check failed: {}", e);
Ok(false)
}
}
}
/// Get database schema information
pub async fn get_schema_version(&self) -> Result<Option<String>> {
// This would typically query a migrations table
// For now, we'll just return a placeholder
Ok(Some("1.0.0".to_string()))
}
/// Encode database URL to handle special characters in passwords
fn encode_database_url(url: &str) -> Result<String> {
// Parse URL manually to handle special characters in password
if let Some(at_pos) = url.rfind('@') {
if let Some(_colon_pos) = url[..at_pos].rfind(':') {
if let Some(scheme_end) = url.find("://") {
let scheme = &url[..scheme_end + 3];
let user_pass = &url[scheme_end + 3..at_pos];
let host_db = &url[at_pos..];
if let Some(user_colon) = user_pass.find(':') {
let user = &user_pass[..user_colon];
let password = &user_pass[user_colon + 1..];
// URL-encode the password part only
let encoded_password = urlencoding::encode(password);
let encoded_url = format!("{}{}:{}{}", scheme, user, encoded_password, host_db);
return Ok(encoded_url);
}
}
}
}
// If parsing fails, return original URL
Ok(url.to_string())
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::config::DatabaseConfig;
#[test]
fn test_encode_database_url() {
let url_with_special_chars = "postgresql://user:pass#word@localhost:5432/db";
let encoded = DatabaseManager::encode_database_url(url_with_special_chars).unwrap();
assert_eq!(encoded, "postgresql://user:pass%23word@localhost:5432/db");
let normal_url = "postgresql://user:password@localhost:5432/db";
let encoded_normal = DatabaseManager::encode_database_url(normal_url).unwrap();
assert_eq!(encoded_normal, "postgresql://user:password@localhost:5432/db");
}
#[tokio::test]
async fn test_database_connection() {
// This test requires a running PostgreSQL database
// Skip in CI or when database is not available
if std::env::var("DATABASE_URL").is_err() {
return;
}
let config = DatabaseConfig {
url: std::env::var("DATABASE_URL").unwrap(),
max_connections: 5,
connection_timeout: 30,
auto_migrate: false,
};
let db = DatabaseManager::new(&config).await;
assert!(db.is_ok());
if let Ok(db) = db {
let health = db.health_check().await;
assert!(health.is_ok());
}
}
}

75
src/database/repository/certificate.rs Normal file
View File

@@ -0,0 +1,75 @@
use sea_orm::*;
use crate::database::entities::{certificate, prelude::*};
use anyhow::Result;
use uuid::Uuid;
#[derive(Clone)]
pub struct CertificateRepository {
db: DatabaseConnection,
}
impl CertificateRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
pub async fn create(&self, cert_data: certificate::CreateCertificateDto) -> Result<certificate::Model> {
let cert = certificate::ActiveModel::from(cert_data);
let result = Certificate::insert(cert).exec(&self.db).await?;
Certificate::find_by_id(result.last_insert_id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Failed to retrieve created certificate"))
}
pub async fn find_all(&self) -> Result<Vec<certificate::Model>> {
Ok(Certificate::find().all(&self.db).await?)
}
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<certificate::Model>> {
Ok(Certificate::find_by_id(id).one(&self.db).await?)
}
#[allow(dead_code)]
pub async fn find_by_domain(&self, domain: &str) -> Result<Vec<certificate::Model>> {
Ok(Certificate::find()
.filter(certificate::Column::Domain.eq(domain))
.all(&self.db)
.await?)
}
#[allow(dead_code)]
pub async fn find_by_type(&self, cert_type: &str) -> Result<Vec<certificate::Model>> {
Ok(Certificate::find()
.filter(certificate::Column::CertType.eq(cert_type))
.all(&self.db)
.await?)
}
pub async fn update(&self, id: Uuid, cert_data: certificate::UpdateCertificateDto) -> Result<certificate::Model> {
let cert = Certificate::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Certificate not found"))?;
let updated_cert = cert.apply_update(cert_data);
Ok(updated_cert.update(&self.db).await?)
}
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = Certificate::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
pub async fn find_expiring_soon(&self, days: i64) -> Result<Vec<certificate::Model>> {
let threshold = chrono::Utc::now() + chrono::Duration::days(days);
Ok(Certificate::find()
.filter(certificate::Column::ExpiresAt.lt(threshold))
.all(&self.db)
.await?)
}
}

65
src/database/repository/inbound_template.rs Normal file
View File

@@ -0,0 +1,65 @@
use sea_orm::*;
use crate::database::entities::{inbound_template, prelude::*};
use anyhow::Result;
use uuid::Uuid;
#[derive(Clone)]
pub struct InboundTemplateRepository {
db: DatabaseConnection,
}
#[allow(dead_code)]
impl InboundTemplateRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
pub async fn create(&self, template_data: inbound_template::CreateInboundTemplateDto) -> Result<inbound_template::Model> {
let template = inbound_template::ActiveModel::from(template_data);
let result = InboundTemplate::insert(template).exec(&self.db).await?;
InboundTemplate::find_by_id(result.last_insert_id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Failed to retrieve created template"))
}
pub async fn find_all(&self) -> Result<Vec<inbound_template::Model>> {
Ok(InboundTemplate::find().all(&self.db).await?)
}
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<inbound_template::Model>> {
Ok(InboundTemplate::find_by_id(id).one(&self.db).await?)
}
pub async fn find_by_name(&self, name: &str) -> Result<Option<inbound_template::Model>> {
Ok(InboundTemplate::find()
.filter(inbound_template::Column::Name.eq(name))
.one(&self.db)
.await?)
}
pub async fn find_by_protocol(&self, protocol: &str) -> Result<Vec<inbound_template::Model>> {
Ok(InboundTemplate::find()
.filter(inbound_template::Column::Protocol.eq(protocol))
.all(&self.db)
.await?)
}
pub async fn update(&self, id: Uuid, template_data: inbound_template::UpdateInboundTemplateDto) -> Result<inbound_template::Model> {
let template = InboundTemplate::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Template not found"))?;
let updated_template = template.apply_update(template_data);
Ok(updated_template.update(&self.db).await?)
}
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = InboundTemplate::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
}

132
src/database/repository/inbound_users.rs Normal file
View File

@@ -0,0 +1,132 @@
use anyhow::Result;
use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait, ColumnTrait, QueryFilter, Set};
use uuid::Uuid;
use crate::database::entities::inbound_users::{
Entity, Model, ActiveModel, CreateInboundUserDto, UpdateInboundUserDto, Column
};
pub struct InboundUsersRepository {
db: DatabaseConnection,
}
impl InboundUsersRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
pub async fn find_all(&self) -> Result<Vec<Model>> {
let users = Entity::find().all(&self.db).await?;
Ok(users)
}
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<Model>> {
let user = Entity::find_by_id(id).one(&self.db).await?;
Ok(user)
}
/// Find all users for a specific inbound
pub async fn find_by_inbound_id(&self, inbound_id: Uuid) -> Result<Vec<Model>> {
let users = Entity::find()
.filter(Column::ServerInboundId.eq(inbound_id))
.all(&self.db)
.await?;
Ok(users)
}
/// Find active users for a specific inbound
pub async fn find_active_by_inbound_id(&self, inbound_id: Uuid) -> Result<Vec<Model>> {
let users = Entity::find()
.filter(Column::ServerInboundId.eq(inbound_id))
.filter(Column::IsActive.eq(true))
.all(&self.db)
.await?;
Ok(users)
}
/// Find user by username and inbound (for uniqueness check)
pub async fn find_by_username_and_inbound(&self, username: &str, inbound_id: Uuid) -> Result<Option<Model>> {
let user = Entity::find()
.filter(Column::Username.eq(username))
.filter(Column::ServerInboundId.eq(inbound_id))
.one(&self.db)
.await?;
Ok(user)
}
/// Find user by email
pub async fn find_by_email(&self, email: &str) -> Result<Option<Model>> {
let user = Entity::find()
.filter(Column::Email.eq(email))
.one(&self.db)
.await?;
Ok(user)
}
pub async fn create(&self, dto: CreateInboundUserDto) -> Result<Model> {
let active_model: ActiveModel = dto.into();
let user = active_model.insert(&self.db).await?;
Ok(user)
}
pub async fn update(&self, id: Uuid, dto: UpdateInboundUserDto) -> Result<Option<Model>> {
let user = match self.find_by_id(id).await? {
Some(user) => user,
None => return Ok(None),
};
let updated_model = user.apply_update(dto);
let updated_user = updated_model.update(&self.db).await?;
Ok(Some(updated_user))
}
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = Entity::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
/// Enable user (set is_active = true)
pub async fn enable(&self, id: Uuid) -> Result<Option<Model>> {
let user = match self.find_by_id(id).await? {
Some(user) => user,
None => return Ok(None),
};
let mut active_model: ActiveModel = user.into();
active_model.is_active = Set(true);
active_model.updated_at = Set(chrono::Utc::now());
let updated_user = active_model.update(&self.db).await?;
Ok(Some(updated_user))
}
/// Disable user (set is_active = false)
pub async fn disable(&self, id: Uuid) -> Result<Option<Model>> {
let user = match self.find_by_id(id).await? {
Some(user) => user,
None => return Ok(None),
};
let mut active_model: ActiveModel = user.into();
active_model.is_active = Set(false);
active_model.updated_at = Set(chrono::Utc::now());
let updated_user = active_model.update(&self.db).await?;
Ok(Some(updated_user))
}
/// Remove all users for a specific inbound (when inbound is deleted)
pub async fn remove_all_for_inbound(&self, inbound_id: Uuid) -> Result<u64> {
let result = Entity::delete_many()
.filter(Column::ServerInboundId.eq(inbound_id))
.exec(&self.db)
.await?;
Ok(result.rows_affected)
}
/// Check if username already exists on this inbound
pub async fn username_exists_on_inbound(&self, username: &str, inbound_id: Uuid) -> Result<bool> {
let exists = self.find_by_username_and_inbound(username, inbound_id).await?;
Ok(exists.is_some())
}
}

15
src/database/repository/mod.rs Normal file
View File

@@ -0,0 +1,15 @@
pub mod user;
pub mod certificate;
pub mod inbound_template;
pub mod server;
pub mod server_inbound;
pub mod user_access;
pub mod inbound_users;
pub use user::UserRepository;
pub use certificate::CertificateRepository;
pub use inbound_template::InboundTemplateRepository;
pub use server::ServerRepository;
pub use server_inbound::ServerInboundRepository;
pub use user_access::UserAccessRepository;
pub use inbound_users::InboundUsersRepository;

79
src/database/repository/server.rs Normal file
View File

@@ -0,0 +1,79 @@
use sea_orm::*;
use crate::database::entities::{server, prelude::*};
use anyhow::Result;
use uuid::Uuid;
#[derive(Clone)]
pub struct ServerRepository {
db: DatabaseConnection,
}
#[allow(dead_code)]
impl ServerRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
pub async fn create(&self, server_data: server::CreateServerDto) -> Result<server::Model> {
let server = server::ActiveModel::from(server_data);
let result = Server::insert(server).exec(&self.db).await?;
Server::find_by_id(result.last_insert_id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Failed to retrieve created server"))
}
pub async fn find_all(&self) -> Result<Vec<server::Model>> {
Ok(Server::find().all(&self.db).await?)
}
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<server::Model>> {
Ok(Server::find_by_id(id).one(&self.db).await?)
}
pub async fn find_by_name(&self, name: &str) -> Result<Option<server::Model>> {
Ok(Server::find()
.filter(server::Column::Name.eq(name))
.one(&self.db)
.await?)
}
pub async fn find_by_hostname(&self, hostname: &str) -> Result<Option<server::Model>> {
Ok(Server::find()
.filter(server::Column::Hostname.eq(hostname))
.one(&self.db)
.await?)
}
pub async fn find_by_status(&self, status: &str) -> Result<Vec<server::Model>> {
Ok(Server::find()
.filter(server::Column::Status.eq(status))
.all(&self.db)
.await?)
}
pub async fn update(&self, id: Uuid, server_data: server::UpdateServerDto) -> Result<server::Model> {
let server = Server::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Server not found"))?;
let updated_server = server.apply_update(server_data);
Ok(updated_server.update(&self.db).await?)
}
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = Server::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
pub async fn get_grpc_endpoint(&self, id: Uuid) -> Result<String> {
let server = self.find_by_id(id).await?
.ok_or_else(|| anyhow::anyhow!("Server not found"))?;
Ok(format!("{}:{}", server.hostname, server.grpc_port))
}
}

159
src/database/repository/server_inbound.rs Normal file
View File

@@ -0,0 +1,159 @@
use sea_orm::*;
use crate::database::entities::{server_inbound, prelude::*};
use anyhow::Result;
use uuid::Uuid;
#[derive(Clone)]
pub struct ServerInboundRepository {
db: DatabaseConnection,
}
#[allow(dead_code)]
impl ServerInboundRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
pub async fn create(&self, server_id: Uuid, inbound_data: server_inbound::CreateServerInboundDto) -> Result<server_inbound::Model> {
let mut inbound: server_inbound::ActiveModel = inbound_data.into();
inbound.id = Set(Uuid::new_v4());
inbound.server_id = Set(server_id);
inbound.created_at = Set(chrono::Utc::now());
inbound.updated_at = Set(chrono::Utc::now());
let result = ServerInbound::insert(inbound).exec(&self.db).await?;
ServerInbound::find_by_id(result.last_insert_id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Failed to retrieve created server inbound"))
}
pub async fn create_with_protocol(&self, server_id: Uuid, inbound_data: server_inbound::CreateServerInboundDto, protocol: &str) -> Result<server_inbound::Model> {
let mut inbound: server_inbound::ActiveModel = inbound_data.into();
inbound.id = Set(Uuid::new_v4());
inbound.server_id = Set(server_id);
inbound.created_at = Set(chrono::Utc::now());
inbound.updated_at = Set(chrono::Utc::now());
// Override tag with protocol prefix
let id = inbound.id.as_ref();
inbound.tag = Set(format!("{}-inbound-{}", protocol, id));
let result = ServerInbound::insert(inbound).exec(&self.db).await?;
ServerInbound::find_by_id(result.last_insert_id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Failed to retrieve created server inbound"))
}
pub async fn find_all(&self) -> Result<Vec<server_inbound::Model>> {
Ok(ServerInbound::find().all(&self.db).await?)
}
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<server_inbound::Model>> {
Ok(ServerInbound::find_by_id(id).one(&self.db).await?)
}
pub async fn find_by_server_id(&self, server_id: Uuid) -> Result<Vec<server_inbound::Model>> {
Ok(ServerInbound::find()
.filter(server_inbound::Column::ServerId.eq(server_id))
.all(&self.db)
.await?)
}
pub async fn find_by_server_id_with_template(&self, server_id: Uuid) -> Result<Vec<server_inbound::ServerInboundResponse>> {
use crate::database::entities::{inbound_template, certificate};
let inbounds = ServerInbound::find()
.filter(server_inbound::Column::ServerId.eq(server_id))
.all(&self.db)
.await?;
let mut responses = Vec::new();
for inbound in inbounds {
let mut response = server_inbound::ServerInboundResponse::from(inbound.clone());
// Load template information
if let Ok(Some(template)) = InboundTemplate::find_by_id(inbound.template_id).one(&self.db).await {
response.template_name = Some(template.name);
}
// Load certificate information
if let Some(cert_id) = inbound.certificate_id {
if let Ok(Some(certificate)) = Certificate::find_by_id(cert_id).one(&self.db).await {
response.certificate_name = Some(certificate.domain);
}
}
responses.push(response);
}
Ok(responses)
}
pub async fn find_by_template_id(&self, template_id: Uuid) -> Result<Vec<server_inbound::Model>> {
Ok(ServerInbound::find()
.filter(server_inbound::Column::TemplateId.eq(template_id))
.all(&self.db)
.await?)
}
pub async fn find_by_tag(&self, tag: &str) -> Result<Option<server_inbound::Model>> {
Ok(ServerInbound::find()
.filter(server_inbound::Column::Tag.eq(tag))
.one(&self.db)
.await?)
}
pub async fn find_active_by_server(&self, server_id: Uuid) -> Result<Vec<server_inbound::Model>> {
Ok(ServerInbound::find()
.filter(server_inbound::Column::ServerId.eq(server_id))
.filter(server_inbound::Column::IsActive.eq(true))
.all(&self.db)
.await?)
}
pub async fn update(&self, id: Uuid, inbound_data: server_inbound::UpdateServerInboundDto) -> Result<server_inbound::Model> {
let inbound = ServerInbound::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Server inbound not found"))?;
let updated_inbound = inbound.apply_update(inbound_data);
Ok(updated_inbound.update(&self.db).await?)
}
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = ServerInbound::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
pub async fn activate(&self, id: Uuid) -> Result<server_inbound::Model> {
let inbound = ServerInbound::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Server inbound not found"))?;
let mut inbound: server_inbound::ActiveModel = inbound.into();
inbound.is_active = Set(true);
inbound.updated_at = Set(chrono::Utc::now());
Ok(inbound.update(&self.db).await?)
}
pub async fn deactivate(&self, id: Uuid) -> Result<server_inbound::Model> {
let inbound = ServerInbound::find_by_id(id)
.one(&self.db)
.await?
.ok_or_else(|| anyhow::anyhow!("Server inbound not found"))?;
let mut inbound: server_inbound::ActiveModel = inbound.into();
inbound.is_active = Set(false);
inbound.updated_at = Set(chrono::Utc::now());
Ok(inbound.update(&self.db).await?)
}
}

157
src/database/repository/user.rs Normal file
View File

@@ -0,0 +1,157 @@
use anyhow::Result;
use sea_orm::{DatabaseConnection, EntityTrait, QueryFilter, ColumnTrait, QueryOrder, PaginatorTrait};
use uuid::Uuid;
use crate::database::entities::user::{Entity as User, Column, Model, ActiveModel, CreateUserDto, UpdateUserDto};
pub struct UserRepository {
db: DatabaseConnection,
}
impl UserRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
/// Get all users with pagination
pub async fn get_all(&self, page: u64, per_page: u64) -> Result<Vec<Model>> {
let users = User::find()
.order_by_desc(Column::CreatedAt)
.paginate(&self.db, per_page)
.fetch_page(page.saturating_sub(1))
.await?;
Ok(users)
}
/// Get user by ID
pub async fn get_by_id(&self, id: Uuid) -> Result<Option<Model>> {
let user = User::find_by_id(id).one(&self.db).await?;
Ok(user)
}
/// Get user by telegram ID
pub async fn get_by_telegram_id(&self, telegram_id: i64) -> Result<Option<Model>> {
let user = User::find()
.filter(Column::TelegramId.eq(telegram_id))
.one(&self.db)
.await?;
Ok(user)
}
/// Search users by name
pub async fn search_by_name(&self, query: &str, page: u64, per_page: u64) -> Result<Vec<Model>> {
let users = User::find()
.filter(Column::Name.contains(query))
.order_by_desc(Column::CreatedAt)
.paginate(&self.db, per_page)
.fetch_page(page.saturating_sub(1))
.await?;
Ok(users)
}
/// Create a new user
pub async fn create(&self, dto: CreateUserDto) -> Result<Model> {
let active_model: ActiveModel = dto.into();
let user = User::insert(active_model).exec_with_returning(&self.db).await?;
Ok(user)
}
/// Update user by ID
pub async fn update(&self, id: Uuid, dto: UpdateUserDto) -> Result<Option<Model>> {
if let Some(user) = self.get_by_id(id).await? {
let active_model = user.apply_update(dto);
User::update(active_model).exec(&self.db).await?;
// Fetch the updated user
self.get_by_id(id).await
} else {
Ok(None)
}
}
/// Delete user by ID
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = User::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
/// Get total count of users
pub async fn count(&self) -> Result<u64> {
let count = User::find().count(&self.db).await?;
Ok(count)
}
/// Check if telegram ID is already used
pub async fn telegram_id_exists(&self, telegram_id: i64) -> Result<bool> {
let count = User::find()
.filter(Column::TelegramId.eq(telegram_id))
.count(&self.db)
.await?;
Ok(count > 0)
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::database::DatabaseManager;
use crate::config::DatabaseConfig;
async fn setup_test_db() -> Result<UserRepository> {
let config = DatabaseConfig {
url: std::env::var("DATABASE_URL").unwrap_or_else(|_|
"sqlite::memory:".to_string()
),
max_connections: 5,
connection_timeout: 30,
auto_migrate: true,
};
let db_manager = DatabaseManager::new(&config).await?;
Ok(UserRepository::new(db_manager.connection().clone()))
}
#[tokio::test]
async fn test_user_crud() {
let repo = match setup_test_db().await {
Ok(repo) => repo,
Err(_) => return, // Skip test if no database available
};
// Create user
let create_dto = CreateUserDto {
name: "Test User".to_string(),
comment: Some("Test comment".to_string()),
telegram_id: Some(123456789),
};
let created_user = repo.create(create_dto).await.unwrap();
assert_eq!(created_user.name, "Test User");
assert_eq!(created_user.telegram_id, Some(123456789));
// Get by ID
let fetched_user = repo.get_by_id(created_user.id).await.unwrap();
assert!(fetched_user.is_some());
assert_eq!(fetched_user.unwrap().name, "Test User");
// Update user
let update_dto = UpdateUserDto {
name: Some("Updated User".to_string()),
comment: None,
telegram_id: None,
};
let updated_user = repo.update(created_user.id, update_dto).await.unwrap();
assert!(updated_user.is_some());
assert_eq!(updated_user.unwrap().name, "Updated User");
// Delete user
let deleted = repo.delete(created_user.id).await.unwrap();
assert!(deleted);
// Verify deletion
let deleted_user = repo.get_by_id(created_user.id).await.unwrap();
assert!(deleted_user.is_none());
}
}

118
src/database/repository/user_access.rs Normal file
View File

@@ -0,0 +1,118 @@
use sea_orm::*;
use uuid::Uuid;
use anyhow::Result;
use crate::database::entities::user_access::{self, Entity as UserAccess, Model, ActiveModel, CreateUserAccessDto, UpdateUserAccessDto};
pub struct UserAccessRepository {
db: DatabaseConnection,
}
impl UserAccessRepository {
pub fn new(db: DatabaseConnection) -> Self {
Self { db }
}
/// Find all user access records
pub async fn find_all(&self) -> Result<Vec<Model>> {
let records = UserAccess::find().all(&self.db).await?;
Ok(records)
}
/// Find user access by ID
pub async fn find_by_id(&self, id: Uuid) -> Result<Option<Model>> {
let record = UserAccess::find_by_id(id).one(&self.db).await?;
Ok(record)
}
/// Find user access by user ID
pub async fn find_by_user_id(&self, user_id: Uuid) -> Result<Vec<Model>> {
let records = UserAccess::find()
.filter(user_access::Column::UserId.eq(user_id))
.all(&self.db)
.await?;
Ok(records)
}
/// Find user access by server and inbound
pub async fn find_by_server_inbound(&self, server_id: Uuid, server_inbound_id: Uuid) -> Result<Vec<Model>> {
let records = UserAccess::find()
.filter(user_access::Column::ServerId.eq(server_id))
.filter(user_access::Column::ServerInboundId.eq(server_inbound_id))
.all(&self.db)
.await?;
Ok(records)
}
/// Find active user access for specific user, server and inbound
pub async fn find_active_access(&self, user_id: Uuid, server_id: Uuid, server_inbound_id: Uuid) -> Result<Option<Model>> {
let record = UserAccess::find()
.filter(user_access::Column::UserId.eq(user_id))
.filter(user_access::Column::ServerId.eq(server_id))
.filter(user_access::Column::ServerInboundId.eq(server_inbound_id))
.filter(user_access::Column::IsActive.eq(true))
.one(&self.db)
.await?;
Ok(record)
}
/// Create new user access
pub async fn create(&self, dto: CreateUserAccessDto) -> Result<Model> {
let active_model: ActiveModel = dto.into();
let model = active_model.insert(&self.db).await?;
Ok(model)
}
/// Update user access
pub async fn update(&self, id: Uuid, dto: UpdateUserAccessDto) -> Result<Option<Model>> {
let existing = match self.find_by_id(id).await? {
Some(model) => model,
None => return Ok(None),
};
let active_model = existing.apply_update(dto);
let updated = active_model.update(&self.db).await?;
Ok(Some(updated))
}
/// Delete user access
pub async fn delete(&self, id: Uuid) -> Result<bool> {
let result = UserAccess::delete_by_id(id).exec(&self.db).await?;
Ok(result.rows_affected > 0)
}
/// Enable user access (set is_active = true)
pub async fn enable(&self, id: Uuid) -> Result<Option<Model>> {
self.update(id, UpdateUserAccessDto {
is_active: Some(true),
level: None,
}).await
}
/// Disable user access (set is_active = false)
pub async fn disable(&self, id: Uuid) -> Result<Option<Model>> {
self.update(id, UpdateUserAccessDto {
is_active: Some(false),
level: None,
}).await
}
/// Get all active access for a user
pub async fn find_active_for_user(&self, user_id: Uuid) -> Result<Vec<Model>> {
let records = UserAccess::find()
.filter(user_access::Column::UserId.eq(user_id))
.filter(user_access::Column::IsActive.eq(true))
.all(&self.db)
.await?;
Ok(records)
}
/// Remove all access for a specific server inbound
pub async fn remove_all_for_inbound(&self, server_inbound_id: Uuid) -> Result<u64> {
let result = UserAccess::delete_many()
.filter(user_access::Column::ServerInboundId.eq(server_inbound_id))
.exec(&self.db)
.await?;
Ok(result.rows_affected)
}
}

186
src/main.rs Normal file
View File

@@ -0,0 +1,186 @@
use anyhow::Result;
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
mod config;
mod database;
mod services;
mod web;
use config::{AppConfig, args::parse_args};
use database::DatabaseManager;
use services::{TaskScheduler, XrayService};
#[tokio::main]
async fn main() -> Result<()> {
// Parse command line arguments first
let args = parse_args();
// Initialize logging early with basic configuration
init_logging(&args.log_level.as_deref().unwrap_or("info"))?;
tracing::info!("Starting Xray Admin Panel v{}", env!("CARGO_PKG_VERSION"));
// Handle special flags
if args.print_default_config {
print_default_config()?;
return Ok(());
}
// Load configuration
let config = match AppConfig::load() {
Ok(config) => {
tracing::info!("Configuration loaded successfully");
config
}
Err(e) => {
tracing::error!("Failed to load configuration: {}", e);
if args.validate_config {
std::process::exit(1);
}
tracing::warn!("Using default configuration");
AppConfig::default()
}
};
// Validate configuration if requested
if args.validate_config {
tracing::info!("Configuration validation passed");
return Ok(());
}
// Display configuration summary
config.display_summary();
// Print environment info in debug mode
if tracing::level_enabled!(tracing::Level::DEBUG) {
config::env::EnvVars::print_env_info();
}
// Initialize database connection
tracing::info!("Initializing database connection...");
let db = match DatabaseManager::new(&config.database).await {
Ok(db) => {
tracing::info!("Database initialized successfully");
db
}
Err(e) => {
tracing::error!("Failed to initialize database: {}", e);
return Err(e);
}
};
// Perform database health check
match db.health_check().await {
Ok(true) => tracing::info!("Database health check passed"),
Ok(false) => tracing::warn!("Database health check failed"),
Err(e) => tracing::error!("Database health check error: {}", e),
}
// Get schema version
if let Ok(Some(version)) = db.get_schema_version().await {
tracing::info!("Database schema version: {}", version);
}
// Initialize event bus first
let event_receiver = crate::services::events::init_event_bus();
tracing::info!("Event bus initialized");
// Initialize xray service
let xray_service = XrayService::new();
// Initialize and start task scheduler with dependencies
let mut task_scheduler = TaskScheduler::new().await?;
task_scheduler.start(db.clone(), xray_service).await?;
tracing::info!("Task scheduler started with xray sync");
// Start event-driven sync handler with the receiver
TaskScheduler::start_event_handler(db.clone(), event_receiver).await;
tracing::info!("Event-driven sync handler started");
// Start web server with task scheduler
tracing::info!("Starting web server on {}:{}", config.web.host, config.web.port);
tokio::select! {
result = web::start_server(db, config.web.clone()) => {
match result {
Ok(_) => tracing::info!("Web server stopped gracefully"),
Err(e) => tracing::error!("Web server error: {}", e),
}
}
_ = tokio::signal::ctrl_c() => {
tracing::info!("Shutdown signal received, stopping services...");
if let Err(e) = task_scheduler.shutdown().await {
tracing::error!("Error shutting down task scheduler: {}", e);
}
}
}
Ok(())
}
fn init_logging(level: &str) -> Result<()> {
let filter = tracing_subscriber::EnvFilter::try_from_default_env()
.unwrap_or_else(|_| tracing_subscriber::EnvFilter::new(level));
tracing_subscriber::registry()
.with(filter)
.with(
tracing_subscriber::fmt::layer()
.with_target(true) // Show module names
.with_thread_ids(false)
.with_thread_names(false)
.with_file(false)
.with_line_number(false)
.compact()
)
.try_init()?;
Ok(())
}
fn print_default_config() -> Result<()> {
let default_config = AppConfig::default();
let toml_content = toml::to_string_pretty(&default_config)?;
println!("# Default configuration for Xray Admin Panel");
println!("# Save this to config.toml and modify as needed\n");
println!("{}", toml_content);
Ok(())
}
#[allow(dead_code)]
fn mask_url(url: &str) -> String {
if let Ok(parsed) = url::Url::parse(url) {
if parsed.password().is_some() {
let mut masked = parsed.clone();
masked.set_password(Some("***")).unwrap();
masked.to_string()
} else {
url.to_string()
}
} else {
url.to_string()
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_mask_url() {
let url = "postgresql://user:password@localhost/db";
let masked = mask_url(url);
assert!(masked.contains("***"));
assert!(!masked.contains("password"));
}
#[test]
fn test_mask_url_no_password() {
let url = "postgresql://user@localhost/db";
let masked = mask_url(url);
assert_eq!(masked, url);
}
}

41
src/services/certificates.rs Normal file
View File

@@ -0,0 +1,41 @@
/// Certificate management service
#[derive(Clone)]
pub struct CertificateService {
// Mock implementation for now
}
#[allow(dead_code)]
impl CertificateService {
pub fn new() -> Self {
Self {}
}
/// Generate self-signed certificate
pub async fn generate_self_signed(&self, domain: &str) -> anyhow::Result<(String, String)> {
tracing::info!("Generating self-signed certificate for domain: {}", domain);
// Mock implementation - would use rcgen to generate actual certificate
let cert_pem = format!("-----BEGIN CERTIFICATE-----\nMOCK CERT FOR {}\n-----END CERTIFICATE-----", domain);
let key_pem = format!("-----BEGIN PRIVATE KEY-----\nMOCK KEY FOR {}\n-----END PRIVATE KEY-----", domain);
Ok((cert_pem, key_pem))
}
/// Renew certificate
pub async fn renew_certificate(&self, domain: &str) -> anyhow::Result<(String, String)> {
tracing::info!("Renewing certificate for domain: {}", domain);
// Mock implementation
let cert_pem = format!("-----BEGIN CERTIFICATE-----\nRENEWED CERT FOR {}\n-----END CERTIFICATE-----", domain);
let key_pem = format!("-----BEGIN PRIVATE KEY-----\nRENEWED KEY FOR {}\n-----END PRIVATE KEY-----", domain);
Ok((cert_pem, key_pem))
}
}
impl Default for CertificateService {
fn default() -> Self {
Self::new()
}
}

30
src/services/events.rs Normal file
View File

@@ -0,0 +1,30 @@
use std::sync::OnceLock;
use tokio::sync::broadcast;
use uuid::Uuid;
#[derive(Clone, Debug)]
pub enum SyncEvent {
InboundChanged(Uuid), // server_id
UserAccessChanged(Uuid), // server_id
}
static EVENT_SENDER: OnceLock<broadcast::Sender<SyncEvent>> = OnceLock::new();
/// Initialize the event bus and return a receiver
pub fn init_event_bus() -> broadcast::Receiver<SyncEvent> {
let (tx, rx) = broadcast::channel(100);
EVENT_SENDER.set(tx).expect("Event bus already initialized");
rx
}
/// Send a sync event (non-blocking)
pub fn send_sync_event(event: SyncEvent) {
if let Some(sender) = EVENT_SENDER.get() {
match sender.send(event.clone()) {
Ok(_) => tracing::info!("Event sent: {:?}", event),
Err(_) => tracing::warn!("No event receivers"),
}
} else {
tracing::error!("Event bus not initialized");
}
}

7
src/services/mod.rs Normal file
View File

@@ -0,0 +1,7 @@
pub mod xray;
pub mod certificates;
pub mod events;
pub mod tasks;
pub use xray::XrayService;
pub use tasks::TaskScheduler;

484
src/services/tasks.rs Normal file
View File

@@ -0,0 +1,484 @@
use anyhow::Result;
use tokio_cron_scheduler::{JobScheduler, Job};
use tracing::{info, error, warn};
use crate::database::DatabaseManager;
use crate::database::repository::{ServerRepository, ServerInboundRepository, InboundTemplateRepository, InboundUsersRepository, CertificateRepository};
use crate::database::entities::inbound_users;
use crate::services::XrayService;
use crate::services::events::SyncEvent;
use sea_orm::{EntityTrait, ColumnTrait, QueryFilter, RelationTrait, JoinType};
use uuid::Uuid;
use serde_json::Value;
use std::collections::HashMap;
use std::sync::{Arc, RwLock};
use chrono::{DateTime, Utc};
use serde::{Serialize, Deserialize};
pub struct TaskScheduler {
scheduler: JobScheduler,
task_status: Arc<RwLock<HashMap<String, TaskStatus>>>,
}
/// Status of a background task
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TaskStatus {
pub name: String,
pub description: String,
pub schedule: String,
pub status: TaskState,
pub last_run: Option<DateTime<Utc>>,
pub next_run: Option<DateTime<Utc>>,
pub total_runs: u64,
pub success_count: u64,
pub error_count: u64,
pub last_error: Option<String>,
pub last_duration_ms: Option<u64>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum TaskState {
Idle,
Running,
Success,
Error,
}
impl TaskScheduler {
pub async fn new() -> Result<Self> {
let scheduler = JobScheduler::new().await?;
let task_status = Arc::new(RwLock::new(HashMap::new()));
Ok(Self { scheduler, task_status })
}
/// Get current status of all tasks
pub fn get_task_status(&self) -> HashMap<String, TaskStatus> {
self.task_status.read().unwrap().clone()
}
/// Start event-driven sync handler
pub async fn start_event_handler(db: DatabaseManager, mut event_receiver: tokio::sync::broadcast::Receiver<SyncEvent>) {
let xray_service = XrayService::new();
tokio::spawn(async move {
info!("Starting event-driven sync handler");
while let Ok(event) = event_receiver.recv().await {
match event {
SyncEvent::InboundChanged(server_id) | SyncEvent::UserAccessChanged(server_id) => {
info!("Received sync event for server {}", server_id);
if let Err(e) = sync_single_server_by_id(&xray_service, &db, server_id).await {
error!("Failed to sync server {} from event: {}", server_id, e);
} else {
info!("Successfully synced server {} from event", server_id);
}
}
}
}
});
}
pub async fn start(&mut self, db: DatabaseManager, xray_service: XrayService) -> Result<()> {
info!("Starting task scheduler with database synchronization");
// Initialize task status
{
let mut status = self.task_status.write().unwrap();
status.insert("xray_sync".to_string(), TaskStatus {
name: "Xray Synchronization".to_string(),
description: "Synchronizes database state with xray servers".to_string(),
schedule: "0 * * * * * (every minute)".to_string(),
status: TaskState::Idle,
last_run: None,
next_run: Some(Utc::now() + chrono::Duration::minutes(1)),
total_runs: 0,
success_count: 0,
error_count: 0,
last_error: None,
last_duration_ms: None,
});
}
// Run initial sync on startup
info!("Running initial xray synchronization on startup");
let start_time = Utc::now();
self.update_task_status("xray_sync", TaskState::Running, None);
match sync_xray_state(db.clone(), xray_service.clone()).await {
Ok(_) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
self.update_task_status("xray_sync", TaskState::Success, Some(duration));
info!("Initial xray sync completed successfully");
},
Err(e) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
self.update_task_status_with_error("xray_sync", e.to_string(), Some(duration));
error!("Initial xray sync failed: {}", e);
}
}
// Add synchronization task that runs every minute
let db_clone = db.clone();
let xray_service_clone = xray_service.clone();
let task_status_clone = self.task_status.clone();
let sync_job = Job::new_async("0 */5 * * * *", move |_uuid, _l| {
let db = db_clone.clone();
let xray_service = xray_service_clone.clone();
let task_status = task_status_clone.clone();
Box::pin(async move {
info!("Running scheduled xray synchronization");
let start_time = Utc::now();
// Update status to running
{
let mut status = task_status.write().unwrap();
if let Some(task) = status.get_mut("xray_sync") {
task.status = TaskState::Running;
task.last_run = Some(start_time);
task.total_runs += 1;
task.next_run = Some(start_time + chrono::Duration::minutes(1));
}
}
match sync_xray_state(db, xray_service).await {
Ok(_) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
let mut status = task_status.write().unwrap();
if let Some(task) = status.get_mut("xray_sync") {
task.status = TaskState::Success;
task.success_count += 1;
task.last_duration_ms = Some(duration);
task.last_error = None;
}
info!("Scheduled xray sync completed successfully in {}ms", duration);
},
Err(e) => {
let duration = (Utc::now() - start_time).num_milliseconds() as u64;
let mut status = task_status.write().unwrap();
if let Some(task) = status.get_mut("xray_sync") {
task.status = TaskState::Error;
task.error_count += 1;
task.last_duration_ms = Some(duration);
task.last_error = Some(e.to_string());
}
error!("Scheduled xray sync failed: {}", e);
}
}
})
})?;
self.scheduler.add(sync_job).await?;
info!("Task scheduler started with sync job running every minute");
self.scheduler.start().await?;
Ok(())
}
fn update_task_status(&self, task_id: &str, state: TaskState, duration_ms: Option<u64>) {
let mut status = self.task_status.write().unwrap();
if let Some(task) = status.get_mut(task_id) {
task.status = state;
task.last_run = Some(Utc::now());
task.total_runs += 1;
task.success_count += 1;
task.last_duration_ms = duration_ms;
task.last_error = None;
}
}
fn update_task_status_with_error(&self, task_id: &str, error: String, duration_ms: Option<u64>) {
let mut status = self.task_status.write().unwrap();
if let Some(task) = status.get_mut(task_id) {
task.status = TaskState::Error;
task.last_run = Some(Utc::now());
task.total_runs += 1;
task.error_count += 1;
task.last_duration_ms = duration_ms;
task.last_error = Some(error);
}
}
pub async fn shutdown(&mut self) -> Result<()> {
info!("Shutting down task scheduler");
self.scheduler.shutdown().await?;
Ok(())
}
}
/// Synchronize xray server state with database state
async fn sync_xray_state(db: DatabaseManager, xray_service: XrayService) -> Result<()> {
info!("Starting xray state synchronization");
let server_repo = ServerRepository::new(db.connection().clone());
let inbound_repo = ServerInboundRepository::new(db.connection().clone());
let template_repo = InboundTemplateRepository::new(db.connection().clone());
// Get all servers from database
let servers = match server_repo.find_all().await {
Ok(servers) => servers,
Err(e) => {
error!("Failed to fetch servers: {}", e);
return Err(e.into());
}
};
info!("Found {} servers to synchronize", servers.len());
for server in servers {
info!("Synchronizing server: {} ({}:{})", server.name, server.hostname, server.grpc_port);
let endpoint = format!("{}:{}", server.hostname, server.grpc_port);
// Test connection first
match xray_service.test_connection(server.id, &endpoint).await {
Ok(true) => {
info!("Connection to server {} successful", server.name);
},
Ok(false) => {
warn!("Cannot connect to server {} at {}, skipping", server.name, endpoint);
continue;
},
Err(e) => {
error!("Error testing connection to server {}: {}", server.name, e);
continue;
}
}
// Get desired inbounds from database
let desired_inbounds = match get_desired_inbounds_from_db(&db, &server, &inbound_repo, &template_repo).await {
Ok(inbounds) => inbounds,
Err(e) => {
error!("Failed to get desired inbounds for server {}: {}", server.name, e);
continue;
}
};
info!("Server {}: desired={} inbounds", server.name, desired_inbounds.len());
// Synchronize inbounds
if let Err(e) = sync_server_inbounds(
&xray_service,
server.id,
&endpoint,
&desired_inbounds
).await {
error!("Failed to sync inbounds for server {}: {}", server.name, e);
} else {
info!("Successfully synchronized server {}", server.name);
}
}
info!("Xray state synchronization completed");
Ok(())
}
/// Get desired inbounds configuration from database
async fn get_desired_inbounds_from_db(
db: &DatabaseManager,
server: &crate::database::entities::server::Model,
inbound_repo: &ServerInboundRepository,
template_repo: &InboundTemplateRepository,
) -> Result<HashMap<String, DesiredInbound>> {
info!("Getting desired inbounds for server {} from database", server.name);
// Get all inbounds for this server
let inbounds = inbound_repo.find_by_server_id(server.id).await?;
let mut desired_inbounds = HashMap::new();
for inbound in inbounds {
// Get template for this inbound
let template = match template_repo.find_by_id(inbound.template_id).await? {
Some(template) => template,
None => {
warn!("Template {} not found for inbound {}, skipping", inbound.template_id, inbound.tag);
continue;
}
};
// Get users for this inbound
let users = get_users_for_inbound(db, inbound.id).await?;
info!("Inbound {}: {} users found", inbound.tag, users.len());
// Get port from template or override
let port = inbound.port_override.unwrap_or(template.default_port);
// Get certificate if specified
let (cert_pem, key_pem) = if let Some(_cert_id) = inbound.certificate_id {
match load_certificate_from_db(db, inbound.certificate_id).await {
Ok((cert, key)) => (cert, key),
Err(e) => {
warn!("Failed to load certificate for inbound {}: {}", inbound.tag, e);
(None, None)
}
}
} else {
(None, None)
};
let desired_inbound = DesiredInbound {
tag: inbound.tag.clone(),
port,
protocol: template.protocol.clone(),
settings: template.base_settings.clone(),
stream_settings: template.stream_settings.clone(),
users,
cert_pem,
key_pem,
};
desired_inbounds.insert(inbound.tag.clone(), desired_inbound);
}
info!("Found {} desired inbounds for server {}", desired_inbounds.len(), server.name);
Ok(desired_inbounds)
}
/// Get users for specific inbound from database
async fn get_users_for_inbound(db: &DatabaseManager, inbound_id: Uuid) -> Result<Vec<XrayUser>> {
let inbound_users_repo = InboundUsersRepository::new(db.connection().clone());
let inbound_users = inbound_users_repo.find_active_by_inbound_id(inbound_id).await?;
let users: Vec<XrayUser> = inbound_users.into_iter().map(|user| {
XrayUser {
id: user.xray_user_id,
email: user.email,
level: user.level,
}
}).collect();
Ok(users)
}
/// Load certificate from database
async fn load_certificate_from_db(db: &DatabaseManager, cert_id: Option<Uuid>) -> Result<(Option<String>, Option<String>)> {
let cert_id = match cert_id {
Some(id) => id,
None => return Ok((None, None)),
};
let cert_repo = CertificateRepository::new(db.connection().clone());
match cert_repo.find_by_id(cert_id).await? {
Some(cert) => {
info!("Loaded certificate: {}", cert.domain);
Ok((Some(cert.certificate_pem()), Some(cert.private_key_pem())))
},
None => {
warn!("Certificate {} not found", cert_id);
Ok((None, None))
}
}
}
/// Synchronize inbounds for a single server
async fn sync_server_inbounds(
xray_service: &XrayService,
server_id: Uuid,
endpoint: &str,
desired_inbounds: &HashMap<String, DesiredInbound>,
) -> Result<()> {
// Create or update inbounds
// Since xray has no API to list inbounds, we always recreate them
for (tag, desired) in desired_inbounds {
info!("Creating/updating inbound: {} with {} users", tag, desired.users.len());
// Always try to remove inbound first (ignore errors if it doesn't exist)
if let Err(e) = xray_service.remove_inbound(server_id, endpoint, tag).await {
// Log but don't fail - inbound might not exist
info!("Inbound {} removal result: {} (this is normal if inbound didn't exist)", tag, e);
}
// Create inbound with users
let users_json: Vec<Value> = desired.users.iter().map(|user| {
serde_json::json!({
"id": user.id,
"email": user.email,
"level": user.level
})
}).collect();
match xray_service.create_inbound_with_users(
server_id,
endpoint,
&desired.tag,
desired.port,
&desired.protocol,
desired.settings.clone(),
desired.stream_settings.clone(),
&users_json,
desired.cert_pem.as_deref(),
desired.key_pem.as_deref(),
).await {
Ok(_) => {
info!("Successfully created inbound {} with {} users", tag, desired.users.len());
},
Err(e) => {
error!("Failed to create inbound {}: {}", tag, e);
}
}
}
Ok(())
}
/// Sync a single server by ID (for event-driven sync)
async fn sync_single_server_by_id(
xray_service: &XrayService,
db: &DatabaseManager,
server_id: Uuid,
) -> Result<()> {
let server_repo = ServerRepository::new(db.connection().clone());
let inbound_repo = ServerInboundRepository::new(db.connection().clone());
let template_repo = InboundTemplateRepository::new(db.connection().clone());
// Get server
let server = match server_repo.find_by_id(server_id).await? {
Some(server) => server,
None => {
warn!("Server {} not found for sync", server_id);
return Ok(());
}
};
// For now, sync all servers (can add active/inactive flag later)
// Get desired inbounds from database
let desired_inbounds = get_desired_inbounds_from_db(db, &server, &inbound_repo, &template_repo).await?;
// Build endpoint
let endpoint = format!("{}:{}", server.hostname, server.grpc_port);
// Sync server
sync_server_inbounds(xray_service, server_id, &endpoint, &desired_inbounds).await?;
Ok(())
}
/// Represents desired inbound configuration from database
#[derive(Debug, Clone)]
struct DesiredInbound {
tag: String,
port: i32,
protocol: String,
settings: Value,
stream_settings: Value,
users: Vec<XrayUser>,
cert_pem: Option<String>,
key_pem: Option<String>,
}
/// Represents xray user configuration
#[derive(Debug, Clone)]
struct XrayUser {
id: String,
email: String,
level: i32,
}

91
src/services/xray/client.rs Normal file
View File

@@ -0,0 +1,91 @@
use anyhow::{Result, anyhow};
use serde_json::Value;
use xray_core::Client;
// Import submodules from the same directory
use super::stats::StatsClient;
use super::inbounds::InboundClient;
use super::users::UserClient;
/// Xray gRPC client wrapper
pub struct XrayClient {
endpoint: String,
client: Client,
}
#[allow(dead_code)]
impl XrayClient {
/// Connect to Xray gRPC server
pub async fn connect(endpoint: &str) -> Result<Self> {
tracing::info!("Connecting to Xray at {}", endpoint);
let client = Client::from_url(endpoint).await
.map_err(|e| anyhow!("Failed to connect to Xray at {}: {}", endpoint, e))?;
// Don't clone - we'll use &self.client when calling methods
Ok(Self {
endpoint: endpoint.to_string(),
client,
})
}
/// Get server statistics
pub async fn get_stats(&self) -> Result<Value> {
let stats_client = StatsClient::new(self.endpoint.clone(), &self.client);
stats_client.get_stats().await
}
/// Query specific statistics with pattern
pub async fn query_stats(&self, pattern: &str, reset: bool) -> Result<Value> {
let stats_client = StatsClient::new(self.endpoint.clone(), &self.client);
stats_client.query_stats(pattern, reset).await
}
/// Restart Xray with new configuration
pub async fn restart_with_config(&self, config: &crate::services::xray::XrayConfig) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &self.client);
inbound_client.restart_with_config(config).await
}
/// Add inbound configuration
pub async fn add_inbound(&self, inbound: &Value) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &self.client);
inbound_client.add_inbound(inbound).await
}
/// Add inbound configuration with TLS certificate
pub async fn add_inbound_with_certificate(&self, inbound: &Value, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &self.client);
inbound_client.add_inbound_with_certificate(inbound, None, cert_pem, key_pem).await
}
/// Add inbound configuration with users and TLS certificate
pub async fn add_inbound_with_users_and_certificate(&self, inbound: &Value, users: &[Value], cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &self.client);
inbound_client.add_inbound_with_certificate(inbound, Some(users), cert_pem, key_pem).await
}
/// Remove inbound by tag
pub async fn remove_inbound(&self, tag: &str) -> Result<()> {
let inbound_client = InboundClient::new(self.endpoint.clone(), &self.client);
inbound_client.remove_inbound(tag).await
}
/// Add user to inbound
pub async fn add_user(&self, inbound_tag: &str, user: &Value) -> Result<()> {
let user_client = UserClient::new(self.endpoint.clone(), &self.client);
user_client.add_user(inbound_tag, user).await
}
/// Remove user from inbound
pub async fn remove_user(&self, inbound_tag: &str, email: &str) -> Result<()> {
let user_client = UserClient::new(self.endpoint.clone(), &self.client);
user_client.remove_user(inbound_tag, email).await
}
/// Get connection endpoint
pub fn endpoint(&self) -> &str {
&self.endpoint
}
}

285
src/services/xray/config.rs Normal file
View File

@@ -0,0 +1,285 @@
use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::collections::HashMap;
/// Xray configuration structure
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct XrayConfig {
pub log: LogConfig,
pub api: ApiConfig,
pub dns: Option<DnsConfig>,
pub routing: Option<RoutingConfig>,
pub policy: Option<PolicyConfig>,
pub inbounds: Vec<InboundConfig>,
pub outbounds: Vec<OutboundConfig>,
pub transport: Option<TransportConfig>,
pub stats: Option<StatsConfig>,
pub reverse: Option<ReverseConfig>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LogConfig {
pub access: Option<String>,
pub error: Option<String>,
#[serde(rename = "loglevel")]
pub log_level: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ApiConfig {
pub tag: String,
pub listen: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DnsConfig {
pub servers: Vec<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RoutingConfig {
#[serde(rename = "domainStrategy")]
pub domain_strategy: Option<String>,
pub rules: Vec<RoutingRule>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RoutingRule {
#[serde(rename = "type")]
pub rule_type: String,
pub domain: Option<Vec<String>>,
pub ip: Option<Vec<String>>,
pub port: Option<String>,
#[serde(rename = "outboundTag")]
pub outbound_tag: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PolicyConfig {
pub levels: HashMap<String, PolicyLevel>,
pub system: Option<SystemPolicy>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PolicyLevel {
#[serde(rename = "handshakeTimeout")]
pub handshake_timeout: Option<u32>,
#[serde(rename = "connIdle")]
pub conn_idle: Option<u32>,
#[serde(rename = "uplinkOnly")]
pub uplink_only: Option<u32>,
#[serde(rename = "downlinkOnly")]
pub downlink_only: Option<u32>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SystemPolicy {
#[serde(rename = "statsInboundUplink")]
pub stats_inbound_uplink: Option<bool>,
#[serde(rename = "statsInboundDownlink")]
pub stats_inbound_downlink: Option<bool>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct InboundConfig {
pub tag: String,
pub port: u16,
pub listen: Option<String>,
pub protocol: String,
pub settings: Value,
#[serde(rename = "streamSettings")]
pub stream_settings: Option<Value>,
pub sniffing: Option<SniffingConfig>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OutboundConfig {
pub tag: String,
pub protocol: String,
pub settings: Value,
#[serde(rename = "streamSettings")]
pub stream_settings: Option<Value>,
pub mux: Option<MuxConfig>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SniffingConfig {
pub enabled: bool,
#[serde(rename = "destOverride")]
pub dest_override: Vec<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MuxConfig {
pub enabled: bool,
pub concurrency: Option<i32>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TransportConfig {
#[serde(rename = "tcpSettings")]
pub tcp_settings: Option<Value>,
#[serde(rename = "kcpSettings")]
pub kcp_settings: Option<Value>,
#[serde(rename = "wsSettings")]
pub ws_settings: Option<Value>,
#[serde(rename = "httpSettings")]
pub http_settings: Option<Value>,
#[serde(rename = "dsSettings")]
pub ds_settings: Option<Value>,
#[serde(rename = "quicSettings")]
pub quic_settings: Option<Value>,
#[serde(rename = "grpcSettings")]
pub grpc_settings: Option<Value>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct StatsConfig {}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ReverseConfig {
pub bridges: Option<Vec<BridgeConfig>>,
pub portals: Option<Vec<PortalConfig>>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BridgeConfig {
pub tag: String,
pub domain: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PortalConfig {
pub tag: String,
pub domain: String,
}
#[allow(dead_code)]
impl XrayConfig {
/// Create a new basic Xray configuration
pub fn new() -> Self {
Self {
log: LogConfig {
access: Some("/var/log/xray/access.log".to_string()),
error: Some("/var/log/xray/error.log".to_string()),
log_level: "warning".to_string(),
},
api: ApiConfig {
tag: "api".to_string(),
listen: "127.0.0.1:2053".to_string(),
},
dns: None,
routing: Some(RoutingConfig {
domain_strategy: Some("IPIfNonMatch".to_string()),
rules: vec![
RoutingRule {
rule_type: "field".to_string(),
domain: None,
ip: Some(vec!["geoip:private".to_string()]),
port: None,
outbound_tag: "direct".to_string(),
}
],
}),
policy: Some(PolicyConfig {
levels: {
let mut levels = HashMap::new();
levels.insert("0".to_string(), PolicyLevel {
handshake_timeout: Some(4),
conn_idle: Some(300),
uplink_only: Some(2),
downlink_only: Some(5),
});
levels
},
system: Some(SystemPolicy {
stats_inbound_uplink: Some(true),
stats_inbound_downlink: Some(true),
}),
}),
inbounds: vec![],
outbounds: vec![
OutboundConfig {
tag: "direct".to_string(),
protocol: "freedom".to_string(),
settings: serde_json::json!({}),
stream_settings: None,
mux: None,
},
OutboundConfig {
tag: "blocked".to_string(),
protocol: "blackhole".to_string(),
settings: serde_json::json!({
"response": {
"type": "http"
}
}),
stream_settings: None,
mux: None,
},
],
transport: None,
stats: Some(StatsConfig {}),
reverse: None,
}
}
/// Add inbound to configuration
pub fn add_inbound(&mut self, inbound: InboundConfig) {
self.inbounds.push(inbound);
}
/// Remove inbound by tag
pub fn remove_inbound(&mut self, tag: &str) -> bool {
let initial_len = self.inbounds.len();
self.inbounds.retain(|inbound| inbound.tag != tag);
self.inbounds.len() != initial_len
}
/// Find inbound by tag
pub fn find_inbound(&self, tag: &str) -> Option<&InboundConfig> {
self.inbounds.iter().find(|inbound| inbound.tag == tag)
}
/// Find inbound by tag (mutable)
pub fn find_inbound_mut(&mut self, tag: &str) -> Option<&mut InboundConfig> {
self.inbounds.iter_mut().find(|inbound| inbound.tag == tag)
}
/// Convert to JSON Value
pub fn to_json(&self) -> Value {
serde_json::to_value(self).unwrap_or(Value::Null)
}
/// Create from JSON Value
pub fn from_json(value: &Value) -> Result<Self, serde_json::Error> {
serde_json::from_value(value.clone())
}
/// Validate configuration
pub fn validate(&self) -> Result<(), String> {
// Check for duplicate inbound tags
let mut tags = std::collections::HashSet::new();
for inbound in &self.inbounds {
if !tags.insert(&inbound.tag) {
return Err(format!("Duplicate inbound tag: {}", inbound.tag));
}
}
// Check for duplicate outbound tags
tags.clear();
for outbound in &self.outbounds {
if !tags.insert(&outbound.tag) {
return Err(format!("Duplicate outbound tag: {}", outbound.tag));
}
}
Ok(())
}
}
impl Default for XrayConfig {
fn default() -> Self {
Self::new()
}
}

325
src/services/xray/inbounds.rs Normal file
View File

@@ -0,0 +1,325 @@
use anyhow::{Result, anyhow};
use serde_json::Value;
use xray_core::{
tonic::Request,
app::proxyman::command::{AddInboundRequest, RemoveInboundRequest},
core::InboundHandlerConfig,
common::serial::TypedMessage,
common::protocol::User,
app::proxyman::ReceiverConfig,
common::net::{PortList, PortRange},
transport::internet::StreamConfig,
transport::internet::tls::{Config as TlsConfig, Certificate as TlsCertificate},
proxy::vless::inbound::Config as VlessInboundConfig,
proxy::vless::Account as VlessAccount,
proxy::vmess::inbound::Config as VmessInboundConfig,
proxy::vmess::Account as VmessAccount,
proxy::trojan::ServerConfig as TrojanServerConfig,
proxy::trojan::Account as TrojanAccount,
proxy::shadowsocks::ServerConfig as ShadowsocksServerConfig,
proxy::shadowsocks::Account as ShadowsocksAccount,
Client,
prost_types,
};
use prost::Message;
pub struct InboundClient<'a> {
endpoint: String,
client: &'a Client,
}
impl<'a> InboundClient<'a> {
pub fn new(endpoint: String, client: &'a Client) -> Self {
Self { endpoint, client }
}
/// Add inbound configuration
pub async fn add_inbound(&self, inbound: &Value) -> Result<()> {
self.add_inbound_with_certificate(inbound, None, None, None).await
}
/// Add inbound configuration with TLS certificate and users
pub async fn add_inbound_with_certificate(&self, inbound: &Value, users: Option<&[Value]>, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
tracing::info!("Adding inbound to Xray server at {}", self.endpoint);
tracing::debug!("Inbound config: {}", serde_json::to_string_pretty(inbound)?);
let tag = inbound["tag"].as_str().unwrap_or("").to_string();
let port = inbound["port"].as_u64().unwrap_or(8080) as u32;
let protocol = inbound["protocol"].as_str().unwrap_or("vless");
tracing::debug!("Creating inbound: tag={}, port={}, protocol={}", tag, port, protocol);
// Create receiver configuration (port binding) - use simple port number
let port_list = PortList {
range: vec![PortRange {
from: port,
to: port,
}],
};
// Create stream settings with TLS if certificates are provided
let stream_settings = if cert_pem.is_some() && key_pem.is_some() {
let cert_pem = cert_pem.unwrap();
let key_pem = key_pem.unwrap();
tracing::info!("Creating TLS stream settings for inbound");
tracing::debug!("Certificate length: {}, Key length: {}", cert_pem.len(), key_pem.len());
// Create TLS certificate with OneTimeLoading = true
// Convert PEM strings to byte vectors (certificate should be raw bytes, not PEM string)
let tls_cert = TlsCertificate {
certificate: cert_pem.as_bytes().to_vec(), // PEM as bytes
key: key_pem.as_bytes().to_vec(), // PEM key as bytes
usage: 0, // Default usage
ocsp_stapling: 0, // Default OCSP
one_time_loading: true, // OneTimeLoading = true as in example
build_chain: false,
certificate_path: "".to_string(),
key_path: "".to_string(),
};
// Create TLS config using Default and set only necessary fields
let mut tls_config = TlsConfig::default();
tls_config.certificate = vec![tls_cert];
// Create TLS security settings using prost_types::Any instead of TypedMessage
let tls_any = prost_types::Any::from_msg(&tls_config)
.map_err(|e| anyhow!("Failed to serialize TLS config: {}", e))?;
let tls_message = TypedMessage {
r#type: tls_any.type_url,
value: tls_any.value,
};
// Create stream config with TLS security settings
Some(StreamConfig {
address: None,
port: port,
protocol_name: "tcp".to_string(),
transport_settings: vec![],
security_type: "tls".to_string(),
security_settings: vec![tls_message],
socket_settings: None,
})
} else {
tracing::info!("No certificates provided, creating inbound without TLS");
None
};
let receiver_config = ReceiverConfig {
port_list: Some(port_list),
listen: None,
allocation_strategy: None,
stream_settings: stream_settings,
receive_original_destination: false,
sniffing_settings: None,
};
let receiver_message = TypedMessage {
r#type: "xray.app.proxyman.ReceiverConfig".to_string(),
value: receiver_config.encode_to_vec(),
};
// Create proxy configuration based on protocol with users
let proxy_message = match protocol {
"vless" => {
let mut clients = vec![];
if let Some(users) = users {
for user in users {
let user_id = user["id"].as_str().unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !user_id.is_empty() && !email.is_empty() {
let account = VlessAccount {
id: user_id,
encryption: "none".to_string(),
flow: "".to_string(),
};
clients.push(User {
email,
level,
account: Some(TypedMessage {
r#type: "xray.proxy.vless.Account".to_string(),
value: account.encode_to_vec(),
}),
});
}
}
}
let vless_config = VlessInboundConfig {
clients,
decryption: "none".to_string(),
fallbacks: vec![],
};
TypedMessage {
r#type: "xray.proxy.vless.inbound.Config".to_string(),
value: vless_config.encode_to_vec(),
}
},
"vmess" => {
let mut vmess_users = vec![];
if let Some(users) = users {
for user in users {
let user_id = user["id"].as_str().unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !user_id.is_empty() && !email.is_empty() {
let account = VmessAccount {
id: user_id,
security_settings: None,
tests_enabled: "".to_string(),
};
vmess_users.push(User {
email,
level,
account: Some(TypedMessage {
r#type: "xray.proxy.vmess.Account".to_string(),
value: account.encode_to_vec(),
}),
});
}
}
}
let vmess_config = VmessInboundConfig {
user: vmess_users,
default: None,
detour: None,
};
TypedMessage {
r#type: "xray.proxy.vmess.inbound.Config".to_string(),
value: vmess_config.encode_to_vec(),
}
},
"trojan" => {
let mut trojan_users = vec![];
if let Some(users) = users {
for user in users {
let password = user["password"].as_str().or_else(|| user["id"].as_str()).unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !password.is_empty() && !email.is_empty() {
let account = TrojanAccount {
password,
};
trojan_users.push(User {
email,
level,
account: Some(TypedMessage {
r#type: "xray.proxy.trojan.Account".to_string(),
value: account.encode_to_vec(),
}),
});
}
}
}
let trojan_config = TrojanServerConfig {
users: trojan_users,
fallbacks: vec![],
};
TypedMessage {
r#type: "xray.proxy.trojan.ServerConfig".to_string(),
value: trojan_config.encode_to_vec(),
}
},
"shadowsocks" => {
let mut ss_users = vec![];
if let Some(users) = users {
for user in users {
let password = user["password"].as_str().or_else(|| user["id"].as_str()).unwrap_or("").to_string();
let email = user["email"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
if !password.is_empty() && !email.is_empty() {
let account = ShadowsocksAccount {
password,
cipher_type: 0, // Default cipher
iv_check: false, // Default IV check
};
ss_users.push(User {
email,
level,
account: Some(TypedMessage {
r#type: "xray.proxy.shadowsocks.Account".to_string(),
value: account.encode_to_vec(),
}),
});
}
}
}
let shadowsocks_config = ShadowsocksServerConfig {
users: ss_users,
network: vec![], // Support all networks by default
};
TypedMessage {
r#type: "xray.proxy.shadowsocks.ServerConfig".to_string(),
value: shadowsocks_config.encode_to_vec(),
}
},
_ => {
return Err(anyhow!("Unsupported protocol: {}", protocol));
}
};
let inbound_config = InboundHandlerConfig {
tag: tag.clone(),
receiver_settings: Some(receiver_message),
proxy_settings: Some(proxy_message),
};
let request = Request::new(AddInboundRequest {
inbound: Some(inbound_config),
});
tracing::info!("Sending AddInboundRequest for '{}'", tag);
let mut handler_client = self.client.handler();
match handler_client.add_inbound(request).await {
Ok(response) => {
let _response_inner = response.into_inner();
tracing::info!("Successfully added inbound {}", tag);
Ok(())
}
Err(e) => {
tracing::error!("Failed to add inbound {}: {}", tag, e);
Err(anyhow!("Failed to add inbound {}: {}", tag, e))
}
}
}
/// Remove inbound by tag
pub async fn remove_inbound(&self, tag: &str) -> Result<()> {
tracing::info!("Removing inbound '{}' from Xray server at {}", tag, self.endpoint);
let mut handler_client = self.client.handler();
let request = Request::new(RemoveInboundRequest {
tag: tag.to_string(),
});
match handler_client.remove_inbound(request).await {
Ok(_) => {
tracing::info!("Successfully removed inbound");
Ok(())
},
Err(e) => {
tracing::error!("Failed to remove inbound: {}", e);
Err(anyhow!("Failed to remove inbound: {}", e))
}
}
}
/// Restart Xray with new configuration
pub async fn restart_with_config(&self, config: &crate::services::xray::XrayConfig) -> Result<()> {
tracing::info!("Restarting Xray server at {} with new config", self.endpoint);
tracing::debug!("Config: {}", serde_json::to_string_pretty(&config.to_json())?);
// TODO: Implement restart with config using xray-core
// For now just return success
Ok(())
}
}

213
src/services/xray/mod.rs Normal file
View File

@@ -0,0 +1,213 @@
use anyhow::Result;
use serde_json::Value;
use uuid::Uuid;
pub mod client;
pub mod config;
pub mod stats;
pub mod inbounds;
pub mod users;
pub use client::XrayClient;
pub use config::XrayConfig;
/// Service for managing Xray servers via gRPC
#[derive(Clone)]
pub struct XrayService {}
#[allow(dead_code)]
impl XrayService {
pub fn new() -> Self {
Self {}
}
/// Create a client for the specified server
async fn create_client(&self, endpoint: &str) -> Result<XrayClient> {
XrayClient::connect(endpoint).await
}
/// Test connection to Xray server
pub async fn test_connection(&self, _server_id: Uuid, endpoint: &str) -> Result<bool> {
match self.create_client(endpoint).await {
Ok(_client) => {
// Instead of getting stats (which might fail), just test connection
// If we successfully created the client, connection is working
Ok(true)
},
Err(_) => Ok(false),
}
}
/// Apply full configuration to Xray server
pub async fn apply_config(&self, _server_id: Uuid, endpoint: &str, config: &XrayConfig) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.restart_with_config(config).await
}
/// Create inbound from template
pub async fn create_inbound(
&self,
_server_id: Uuid,
endpoint: &str,
tag: &str,
port: i32,
protocol: &str,
base_settings: Value,
stream_settings: Value,
) -> Result<()> {
// Build inbound configuration from template
let inbound_config = serde_json::json!({
"tag": tag,
"port": port,
"protocol": protocol,
"settings": base_settings,
"streamSettings": stream_settings
});
tracing::info!("Creating inbound with config: {}", inbound_config);
self.add_inbound(_server_id, endpoint, &inbound_config).await
}
/// Create inbound from template with TLS certificate
pub async fn create_inbound_with_certificate(
&self,
_server_id: Uuid,
endpoint: &str,
tag: &str,
port: i32,
protocol: &str,
base_settings: Value,
stream_settings: Value,
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
// Build inbound configuration from template
let inbound_config = serde_json::json!({
"tag": tag,
"port": port,
"protocol": protocol,
"settings": base_settings,
"streamSettings": stream_settings
});
tracing::info!("Creating inbound with TLS certificate and config: {}", inbound_config);
self.add_inbound_with_certificate(_server_id, endpoint, &inbound_config, cert_pem, key_pem).await
}
/// Add inbound to running Xray instance
pub async fn add_inbound(&self, _server_id: Uuid, endpoint: &str, inbound: &Value) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.add_inbound(inbound).await
}
/// Add inbound with certificate to running Xray instance
pub async fn add_inbound_with_certificate(&self, _server_id: Uuid, endpoint: &str, inbound: &Value, cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.add_inbound_with_certificate(inbound, cert_pem, key_pem).await
}
/// Add inbound with users and certificate to running Xray instance
pub async fn add_inbound_with_users_and_certificate(&self, _server_id: Uuid, endpoint: &str, inbound: &Value, users: &[Value], cert_pem: Option<&str>, key_pem: Option<&str>) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.add_inbound_with_users_and_certificate(inbound, users, cert_pem, key_pem).await
}
/// Remove inbound from running Xray instance
pub async fn remove_inbound(&self, _server_id: Uuid, endpoint: &str, tag: &str) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.remove_inbound(tag).await
}
/// Add user to inbound by recreating the inbound with updated user list
pub async fn add_user(&self, _server_id: Uuid, endpoint: &str, inbound_tag: &str, user: &Value) -> Result<()> {
tracing::info!("XrayService::add_user called for server {} endpoint {} inbound_tag {}", _server_id, endpoint, inbound_tag);
tracing::warn!("Dynamic user addition via AlterInboundRequest doesn't work reliably - need to implement inbound recreation");
// TODO: Implement inbound recreation approach:
// 1. Get current inbound configuration from database
// 2. Get existing users from database
// 3. Remove old inbound from xray
// 4. Create new inbound with all users (existing + new)
// For now, return error to indicate this needs to be implemented
Err(anyhow::anyhow!("User addition requires inbound recreation - not yet implemented. Use web interface to recreate inbound with users."))
}
/// Create inbound with users list (for inbound recreation approach)
pub async fn create_inbound_with_users(
&self,
_server_id: Uuid,
endpoint: &str,
tag: &str,
port: i32,
protocol: &str,
base_settings: Value,
stream_settings: Value,
users: &[Value],
cert_pem: Option<&str>,
key_pem: Option<&str>,
) -> Result<()> {
tracing::info!("Creating inbound '{}' with {} users", tag, users.len());
// Build inbound configuration with users
let mut inbound_config = serde_json::json!({
"tag": tag,
"port": port,
"protocol": protocol,
"settings": base_settings,
"streamSettings": stream_settings
});
// Add users to settings based on protocol
if !users.is_empty() {
let mut settings = inbound_config["settings"].clone();
match protocol {
"vless" | "vmess" => {
settings["clients"] = serde_json::Value::Array(users.to_vec());
},
"trojan" => {
settings["clients"] = serde_json::Value::Array(users.to_vec());
},
"shadowsocks" => {
// For shadowsocks, users are handled differently
if let Some(user) = users.first() {
settings["password"] = user["password"].clone();
}
},
_ => {
return Err(anyhow::anyhow!("Unsupported protocol for users: {}", protocol));
}
}
inbound_config["settings"] = settings;
}
tracing::info!("Creating inbound with users: {}", serde_json::to_string_pretty(&inbound_config)?);
// Use the new method with users support
self.add_inbound_with_users_and_certificate(_server_id, endpoint, &inbound_config, users, cert_pem, key_pem).await
}
/// Remove user from inbound
pub async fn remove_user(&self, _server_id: Uuid, endpoint: &str, inbound_tag: &str, email: &str) -> Result<()> {
let client = self.create_client(endpoint).await?;
client.remove_user(inbound_tag, email).await
}
/// Get server statistics
pub async fn get_stats(&self, _server_id: Uuid, endpoint: &str) -> Result<Value> {
let client = self.create_client(endpoint).await?;
client.get_stats().await
}
/// Query specific statistics
pub async fn query_stats(&self, _server_id: Uuid, endpoint: &str, pattern: &str, reset: bool) -> Result<Value> {
let client = self.create_client(endpoint).await?;
client.query_stats(pattern, reset).await
}
}
impl Default for XrayService {
fn default() -> Self {
Self::new()
}
}

70
src/services/xray/stats.rs Normal file
View File

@@ -0,0 +1,70 @@
use anyhow::{Result, anyhow};
use serde_json::Value;
use xray_core::{
tonic::Request,
app::stats::command::{GetStatsRequest, QueryStatsRequest},
Client,
};
pub struct StatsClient<'a> {
endpoint: String,
client: &'a Client,
}
impl<'a> StatsClient<'a> {
pub fn new(endpoint: String, client: &'a Client) -> Self {
Self { endpoint, client }
}
/// Get server statistics
pub async fn get_stats(&self) -> Result<Value> {
tracing::info!("Getting stats from Xray server at {}", self.endpoint);
let request = Request::new(GetStatsRequest {
name: "".to_string(),
reset: false,
});
let mut stats_client = self.client.stats();
match stats_client.get_stats(request).await {
Ok(response) => {
let stats = response.into_inner();
tracing::debug!("Stats: {:?}", stats);
let stats_json = serde_json::json!({
"stats": format!("{:?}", stats.stat)
});
Ok(stats_json)
}
Err(e) => {
tracing::error!("Failed to get stats: {}", e);
Err(anyhow!("Failed to get stats: {}", e))
}
}
}
/// Query specific statistics with pattern
pub async fn query_stats(&self, pattern: &str, reset: bool) -> Result<Value> {
tracing::info!("Querying stats with pattern '{}', reset: {} from {}", pattern, reset, self.endpoint);
let request = Request::new(QueryStatsRequest {
pattern: pattern.to_string(),
reset,
});
let mut stats_client = self.client.stats();
match stats_client.query_stats(request).await {
Ok(response) => {
let stats = response.into_inner();
tracing::debug!("Query stats: {:?}", stats);
let stats_json = serde_json::json!({
"stat": format!("{:?}", stats.stat)
});
Ok(stats_json)
}
Err(e) => {
tracing::error!("Failed to query stats: {}", e);
Err(anyhow!("Failed to query stats: {}", e))
}
}
}
}

150
src/services/xray/users.rs Normal file
View File

@@ -0,0 +1,150 @@
use anyhow::{Result, anyhow};
use serde_json::Value;
use xray_core::{
tonic::Request,
app::proxyman::command::{AlterInboundRequest, AddUserOperation, RemoveUserOperation},
common::serial::TypedMessage,
common::protocol::User,
proxy::vless::Account as VlessAccount,
proxy::vmess::Account as VmessAccount,
proxy::trojan::Account as TrojanAccount,
Client,
};
use prost::Message;
pub struct UserClient<'a> {
endpoint: String,
client: &'a Client,
}
impl<'a> UserClient<'a> {
pub fn new(endpoint: String, client: &'a Client) -> Self {
Self { endpoint, client }
}
/// Add user to inbound (simple version that works)
pub async fn add_user(&self, inbound_tag: &str, user: &Value) -> Result<()> {
tracing::info!("Adding user to inbound '{}' on Xray server at {}", inbound_tag, self.endpoint);
tracing::debug!("User config: {}", serde_json::to_string_pretty(user)?);
let email = user["email"].as_str().unwrap_or("").to_string();
let user_id = user["id"].as_str().unwrap_or("").to_string();
let level = user["level"].as_u64().unwrap_or(0) as u32;
let protocol = user["protocol"].as_str().unwrap_or("vless");
tracing::info!("Parsed user data: email={}, id={}, level={}, protocol={}", email, user_id, level, protocol);
if email.is_empty() || user_id.is_empty() {
return Err(anyhow!("User email and id are required"));
}
// Create user account based on protocol
let account_message = match protocol {
"vless" => {
let account = VlessAccount {
id: user_id.clone(),
encryption: "none".to_string(),
flow: "".to_string(), // Empty flow for basic VLESS
};
TypedMessage {
r#type: "xray.proxy.vless.Account".to_string(),
value: account.encode_to_vec(),
}
},
"vmess" => {
let account = VmessAccount {
id: user_id,
security_settings: None,
tests_enabled: "".to_string(),
};
TypedMessage {
r#type: "xray.proxy.vmess.Account".to_string(),
value: account.encode_to_vec(),
}
},
"trojan" => {
let account = TrojanAccount {
password: user_id, // For trojan, use password instead of UUID
};
TypedMessage {
r#type: "xray.proxy.trojan.Account".to_string(),
value: account.encode_to_vec(),
}
},
_ => {
return Err(anyhow!("Unsupported protocol for user: {}", protocol));
}
};
// Create user protobuf message
let user_proto = User {
level: level,
email: email.clone(),
account: Some(account_message),
};
// Build the AddUserOperation
let add_user_op = AddUserOperation {
user: Some(user_proto),
};
let typed_message = TypedMessage {
r#type: "xray.app.proxyman.command.AddUserOperation".to_string(),
value: add_user_op.encode_to_vec(),
};
// Build the AlterInboundRequest
let request = Request::new(AlterInboundRequest {
tag: inbound_tag.to_string(),
operation: Some(typed_message),
});
tracing::info!("Sending AlterInboundRequest to add user '{}' to inbound '{}'", email, inbound_tag);
let mut handler_client = self.client.handler();
match handler_client.alter_inbound(request).await {
Ok(response) => {
let _response_inner = response.into_inner();
tracing::info!("Successfully added user '{}' to inbound '{}'", email, inbound_tag);
Ok(())
}
Err(e) => {
tracing::error!("gRPC error adding user '{}' to inbound '{}': status={}, message={}",
email, inbound_tag, e.code(), e.message());
Err(anyhow!("Failed to add user '{}' to inbound '{}': {}", email, inbound_tag, e))
}
}
}
/// Remove user from inbound
pub async fn remove_user(&self, inbound_tag: &str, email: &str) -> Result<()> {
tracing::info!("Removing user '{}' from inbound '{}' on Xray server at {}", email, inbound_tag, self.endpoint);
// Build the RemoveUserOperation
let remove_user_op = RemoveUserOperation {
email: email.to_string(),
};
let typed_message = TypedMessage {
r#type: "xray.app.proxyman.command.RemoveUserOperation".to_string(),
value: remove_user_op.encode_to_vec(),
};
let request = Request::new(AlterInboundRequest {
tag: inbound_tag.to_string(),
operation: Some(typed_message),
});
let mut handler_client = self.client.handler();
match handler_client.alter_inbound(request).await {
Ok(_) => {
tracing::info!("Successfully removed user '{}' from inbound '{}'", email, inbound_tag);
Ok(())
}
Err(e) => {
tracing::error!("Failed to remove user '{}' from inbound '{}': {}", email, inbound_tag, e);
Err(anyhow!("Failed to remove user '{}' from inbound '{}': {}", email, inbound_tag, e))
}
}
}
}

137
src/web/handlers/certificates.rs Normal file
View File

@@ -0,0 +1,137 @@
use axum::{
extract::{Path, State},
http::StatusCode,
response::Json,
Json as JsonExtractor,
};
use uuid::Uuid;
use crate::{
database::{
entities::certificate,
repository::CertificateRepository,
},
services::certificates::CertificateService,
web::AppState,
};
/// List all certificates
pub async fn list_certificates(
State(app_state): State<AppState>,
) -> Result<Json<Vec<certificate::CertificateResponse>>, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
match repo.find_all().await {
Ok(certificates) => {
let responses: Vec<certificate::CertificateResponse> = certificates
.into_iter()
.map(|c| c.into())
.collect();
Ok(Json(responses))
}
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get certificate by ID
pub async fn get_certificate(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<certificate::CertificateResponse>, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
match repo.find_by_id(id).await {
Ok(Some(certificate)) => Ok(Json(certificate.into())),
Ok(None) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get certificate details with PEM data by ID
pub async fn get_certificate_details(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<certificate::CertificateDetailsResponse>, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
match repo.find_by_id(id).await {
Ok(Some(certificate)) => Ok(Json(certificate.into())),
Ok(None) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Create new certificate
pub async fn create_certificate(
State(app_state): State<AppState>,
JsonExtractor(cert_data): JsonExtractor<certificate::CreateCertificateDto>,
) -> Result<Json<certificate::CertificateResponse>, StatusCode> {
tracing::info!("Creating certificate: {:?}", cert_data);
let repo = CertificateRepository::new(app_state.db.connection().clone());
let cert_service = CertificateService::new();
// Generate certificate based on type
let (cert_pem, private_key) = match cert_data.cert_type.as_str() {
"self_signed" => {
cert_service.generate_self_signed(&cert_data.domain).await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
}
_ => return Err(StatusCode::BAD_REQUEST),
};
// Create certificate with generated data
let mut create_dto = cert_data;
create_dto.certificate_pem = cert_pem;
create_dto.private_key = private_key;
match repo.create(create_dto).await {
Ok(certificate) => Ok(Json(certificate.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Update certificate
pub async fn update_certificate(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
JsonExtractor(cert_data): JsonExtractor<certificate::UpdateCertificateDto>,
) -> Result<Json<certificate::CertificateResponse>, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
match repo.update(id, cert_data).await {
Ok(certificate) => Ok(Json(certificate.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Delete certificate
pub async fn delete_certificate(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<StatusCode, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
match repo.delete(id).await {
Ok(true) => Ok(StatusCode::NO_CONTENT),
Ok(false) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get certificates expiring soon
pub async fn get_expiring_certificates(
State(app_state): State<AppState>,
) -> Result<Json<Vec<certificate::CertificateResponse>>, StatusCode> {
let repo = CertificateRepository::new(app_state.db.connection().clone());
// Get certificates expiring in next 30 days
match repo.find_expiring_soon(30).await {
Ok(certificates) => {
let responses: Vec<certificate::CertificateResponse> = certificates
.into_iter()
.map(|c| c.into())
.collect();
Ok(Json(responses))
}
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}

9
src/web/handlers/mod.rs Normal file
View File

@@ -0,0 +1,9 @@
pub mod users;
pub mod servers;
pub mod certificates;
pub mod templates;
pub use users::*;
pub use servers::*;
pub use certificates::*;
pub use templates::*;

575
src/web/handlers/servers.rs Normal file
View File

@@ -0,0 +1,575 @@
use axum::{
extract::{Path, State},
http::StatusCode,
response::Json,
Json as JsonExtractor,
};
use uuid::Uuid;
use crate::{
database::{
entities::{server, server_inbound},
repository::{ServerRepository, ServerInboundRepository, InboundTemplateRepository, CertificateRepository, InboundUsersRepository},
},
web::AppState,
};
/// List all servers
pub async fn list_servers(
State(app_state): State<AppState>,
) -> Result<Json<Vec<server::ServerResponse>>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
match repo.find_all().await {
Ok(servers) => {
let responses: Vec<server::ServerResponse> = servers
.into_iter()
.map(|s| s.into())
.collect();
Ok(Json(responses))
}
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get server by ID
pub async fn get_server(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<server::ServerResponse>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
match repo.find_by_id(id).await {
Ok(Some(server)) => Ok(Json(server.into())),
Ok(None) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Create new server
pub async fn create_server(
State(app_state): State<AppState>,
Json(server_data): Json<server::CreateServerDto>,
) -> Result<Json<server::ServerResponse>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
match repo.create(server_data).await {
Ok(server) => Ok(Json(server.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Update server
pub async fn update_server(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
Json(server_data): Json<server::UpdateServerDto>,
) -> Result<Json<server::ServerResponse>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
match repo.update(id, server_data).await {
Ok(server) => Ok(Json(server.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Delete server
pub async fn delete_server(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<StatusCode, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
match repo.delete(id).await {
Ok(true) => Ok(StatusCode::NO_CONTENT),
Ok(false) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Test server connection
pub async fn test_server_connection(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<serde_json::Value>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
let server = match repo.find_by_id(id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
let endpoint = server.get_grpc_endpoint();
match app_state.xray_service.test_connection(id, &endpoint).await {
Ok(connected) => {
// Update server status based on connection test
let new_status = if connected { "online" } else { "offline" };
let update_dto = server::UpdateServerDto {
name: None,
hostname: None,
grpc_port: None,
api_credentials: None,
default_certificate_id: None,
status: Some(new_status.to_string()),
};
let _ = repo.update(id, update_dto).await; // Ignore update errors for now
Ok(Json(serde_json::json!({
"connected": connected,
"endpoint": endpoint
})))
},
Err(e) => {
// Update status to error
let update_dto = server::UpdateServerDto {
name: None,
hostname: None,
grpc_port: None,
api_credentials: None,
default_certificate_id: None,
status: Some("error".to_string()),
};
let _ = repo.update(id, update_dto).await; // Ignore update errors for now
Ok(Json(serde_json::json!({
"connected": false,
"endpoint": endpoint,
"error": e.to_string()
})))
},
}
}
/// Get server statistics
pub async fn get_server_stats(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<serde_json::Value>, StatusCode> {
let repo = ServerRepository::new(app_state.db.connection().clone());
let server = match repo.find_by_id(id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
let endpoint = server.get_grpc_endpoint();
match app_state.xray_service.get_stats(id, &endpoint).await {
Ok(stats) => Ok(Json(stats)),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// List server inbounds
pub async fn list_server_inbounds(
State(app_state): State<AppState>,
Path(server_id): Path<Uuid>,
) -> Result<Json<Vec<server_inbound::ServerInboundResponse>>, StatusCode> {
let repo = ServerInboundRepository::new(app_state.db.connection().clone());
match repo.find_by_server_id_with_template(server_id).await {
Ok(responses) => Ok(Json(responses)),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Create server inbound
pub async fn create_server_inbound(
State(app_state): State<AppState>,
Path(server_id): Path<Uuid>,
JsonExtractor(inbound_data): JsonExtractor<server_inbound::CreateServerInboundDto>,
) -> Result<Json<server_inbound::ServerInboundResponse>, StatusCode> {
tracing::info!("Creating server inbound for server {}: {:?}", server_id, inbound_data);
let server_repo = ServerRepository::new(app_state.db.connection().clone());
let inbound_repo = ServerInboundRepository::new(app_state.db.connection().clone());
let template_repo = InboundTemplateRepository::new(app_state.db.connection().clone());
let cert_repo = CertificateRepository::new(app_state.db.connection().clone());
// Get server info
let server = match server_repo.find_by_id(server_id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Get template info
let template = match template_repo.find_by_id(inbound_data.template_id).await {
Ok(Some(template)) => template,
Ok(None) => return Err(StatusCode::BAD_REQUEST),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Create inbound in database first with protocol-aware tag
let inbound = match inbound_repo.create_with_protocol(server_id, inbound_data, &template.protocol).await {
Ok(inbound) => {
// Send sync event for immediate synchronization
crate::services::events::send_sync_event(
crate::services::events::SyncEvent::InboundChanged(server_id)
);
inbound
},
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Try to create inbound on xray server only if it's active
let endpoint = server.get_grpc_endpoint();
if inbound.is_active {
// Get certificate data if certificate is specified
let (cert_pem, key_pem) = if let Some(cert_id) = inbound.certificate_id {
match cert_repo.find_by_id(cert_id).await {
Ok(Some(cert)) => {
tracing::info!("Using certificate {} for inbound {}", cert.domain, inbound.tag);
(Some(cert.certificate_pem()), Some(cert.private_key_pem()))
},
Ok(None) => {
tracing::warn!("Certificate {} not found, creating inbound without TLS", cert_id);
(None, None)
},
Err(e) => {
tracing::error!("Error fetching certificate {}: {}", cert_id, e);
(None, None)
}
}
} else {
tracing::info!("No certificate specified for inbound {}, creating without TLS", inbound.tag);
(None, None)
};
match app_state.xray_service.create_inbound_with_certificate(
server_id,
&endpoint,
&inbound.tag,
inbound.port_override.unwrap_or(template.default_port),
&template.protocol,
template.base_settings.clone(),
template.stream_settings.clone(),
cert_pem.as_deref(),
key_pem.as_deref(),
).await {
Ok(_) => {
tracing::info!("Successfully created inbound {} on xray server {}", inbound.tag, endpoint);
},
Err(e) => {
tracing::error!("Failed to create inbound on xray server {}: {}", endpoint, e);
// Note: We don't fail the request since the inbound is already in DB
// The user can manually sync or retry later
}
}
} else {
tracing::info!("Inbound {} created as inactive, skipping xray server creation", inbound.tag);
}
Ok(Json(inbound.into()))
}
/// Update server inbound
pub async fn update_server_inbound(
State(app_state): State<AppState>,
Path((server_id, inbound_id)): Path<(Uuid, Uuid)>,
JsonExtractor(inbound_data): JsonExtractor<server_inbound::UpdateServerInboundDto>,
) -> Result<Json<server_inbound::ServerInboundResponse>, StatusCode> {
tracing::info!("Updating server inbound {} for server {}: {:?}", inbound_id, server_id, inbound_data);
let server_repo = ServerRepository::new(app_state.db.connection().clone());
let inbound_repo = ServerInboundRepository::new(app_state.db.connection().clone());
let template_repo = InboundTemplateRepository::new(app_state.db.connection().clone());
let cert_repo = CertificateRepository::new(app_state.db.connection().clone());
// Get server info
let server = match server_repo.find_by_id(server_id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Get current inbound state
let current_inbound = match inbound_repo.find_by_id(inbound_id).await {
Ok(Some(inbound)) if inbound.server_id == server_id => inbound,
Ok(Some(_)) => return Err(StatusCode::BAD_REQUEST),
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Check if is_active status is changing
let old_is_active = current_inbound.is_active;
let new_is_active = inbound_data.is_active.unwrap_or(old_is_active);
let endpoint = server.get_grpc_endpoint();
// Handle xray server changes based on active status change
if old_is_active && !new_is_active {
// Becoming inactive - remove from xray server
tracing::info!("Inbound {} becoming inactive, removing from xray server {}", current_inbound.tag, endpoint);
match app_state.xray_service.remove_inbound(server_id, &endpoint, &current_inbound.tag).await {
Ok(_) => {
tracing::info!("Successfully removed inbound {} from xray server", current_inbound.tag);
},
Err(e) => {
tracing::error!("Failed to remove inbound {} from xray server: {}", current_inbound.tag, e);
// Continue with database update even if xray removal fails
}
}
} else if !old_is_active && new_is_active {
// Becoming active - add to xray server
tracing::info!("Inbound {} becoming active, adding to xray server {}", current_inbound.tag, endpoint);
// Get template info for recreation
let template = match template_repo.find_by_id(current_inbound.template_id).await {
Ok(Some(template)) => template,
Ok(None) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Use updated port if provided, otherwise keep current
let port = inbound_data.port_override.unwrap_or(current_inbound.port_override.unwrap_or(template.default_port));
// Get certificate data if certificate is specified (could be updated)
let certificate_id = inbound_data.certificate_id.or(current_inbound.certificate_id);
let (cert_pem, key_pem) = if let Some(cert_id) = certificate_id {
match cert_repo.find_by_id(cert_id).await {
Ok(Some(cert)) => {
tracing::info!("Using certificate {} for inbound {}", cert.domain, current_inbound.tag);
(Some(cert.certificate_pem()), Some(cert.private_key_pem()))
},
Ok(None) => {
tracing::warn!("Certificate {} not found, creating inbound without TLS", cert_id);
(None, None)
},
Err(e) => {
tracing::error!("Error fetching certificate {}: {}", cert_id, e);
(None, None)
}
}
} else {
tracing::info!("No certificate specified for inbound {}, creating without TLS", current_inbound.tag);
(None, None)
};
match app_state.xray_service.create_inbound_with_certificate(
server_id,
&endpoint,
&current_inbound.tag,
port,
&template.protocol,
template.base_settings.clone(),
template.stream_settings.clone(),
cert_pem.as_deref(),
key_pem.as_deref(),
).await {
Ok(_) => {
tracing::info!("Successfully added inbound {} to xray server", current_inbound.tag);
},
Err(e) => {
tracing::error!("Failed to add inbound {} to xray server: {}", current_inbound.tag, e);
// Continue with database update even if xray creation fails
}
}
}
// Update database
match inbound_repo.update(inbound_id, inbound_data).await {
Ok(updated_inbound) => {
// Send sync event for immediate synchronization
crate::services::events::send_sync_event(
crate::services::events::SyncEvent::InboundChanged(server_id)
);
Ok(Json(updated_inbound.into()))
},
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get server inbound by ID
pub async fn get_server_inbound(
State(app_state): State<AppState>,
Path((server_id, inbound_id)): Path<(Uuid, Uuid)>,
) -> Result<Json<server_inbound::ServerInboundResponse>, StatusCode> {
let repo = ServerInboundRepository::new(app_state.db.connection().clone());
// Verify the inbound belongs to the server
match repo.find_by_id(inbound_id).await {
Ok(Some(inbound)) if inbound.server_id == server_id => {
Ok(Json(inbound.into()))
}
Ok(Some(_)) => Err(StatusCode::BAD_REQUEST),
Ok(None) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Delete server inbound
pub async fn delete_server_inbound(
State(app_state): State<AppState>,
Path((server_id, inbound_id)): Path<(Uuid, Uuid)>,
) -> Result<StatusCode, StatusCode> {
let server_repo = ServerRepository::new(app_state.db.connection().clone());
let inbound_repo = ServerInboundRepository::new(app_state.db.connection().clone());
// Get server and inbound info
let server = match server_repo.find_by_id(server_id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Verify the inbound belongs to the server
let inbound = match inbound_repo.find_by_id(inbound_id).await {
Ok(Some(inbound)) if inbound.server_id == server_id => inbound,
Ok(Some(_)) => return Err(StatusCode::BAD_REQUEST),
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Try to remove inbound from xray server first
let endpoint = server.get_grpc_endpoint();
match app_state.xray_service.remove_inbound(server_id, &endpoint, &inbound.tag).await {
Ok(_) => {
tracing::info!("Successfully removed inbound {} from xray server {}", inbound.tag, endpoint);
},
Err(e) => {
tracing::error!("Failed to remove inbound from xray server {}: {}", endpoint, e);
// Continue with database deletion even if xray removal fails
}
}
// Delete from database
match inbound_repo.delete(inbound_id).await {
Ok(true) => {
// Send sync event for immediate synchronization
crate::services::events::send_sync_event(
crate::services::events::SyncEvent::InboundChanged(server_id)
);
Ok(StatusCode::NO_CONTENT)
},
Ok(false) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Add user to server inbound (database only - sync will apply changes)
pub async fn add_user_to_inbound(
State(app_state): State<AppState>,
Path((server_id, inbound_id)): Path<(Uuid, Uuid)>,
JsonExtractor(user_data): JsonExtractor<serde_json::Value>,
) -> Result<StatusCode, StatusCode> {
use crate::database::entities::inbound_users::CreateInboundUserDto;
let server_repo = ServerRepository::new(app_state.db.connection().clone());
let inbound_repo = ServerInboundRepository::new(app_state.db.connection().clone());
// Get server and inbound to validate they exist
let _server = match server_repo.find_by_id(server_id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
let inbound = match inbound_repo.find_by_id(inbound_id).await {
Ok(Some(inbound)) => inbound,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Verify inbound belongs to server
if inbound.server_id != server_id {
return Err(StatusCode::BAD_REQUEST);
}
// Extract user data
let username = user_data["username"].as_str().unwrap_or("").to_string();
let level = user_data["level"].as_u64().unwrap_or(0) as i32;
if username.is_empty() {
tracing::error!("Missing required user data: username");
return Err(StatusCode::BAD_REQUEST);
}
// Create inbound user repository
let inbound_users_repo = InboundUsersRepository::new(app_state.db.connection().clone());
// Check if username already exists on this inbound
if inbound_users_repo.username_exists_on_inbound(&username, inbound_id).await.unwrap_or(false) {
tracing::error!("Username '{}' already exists on inbound {}", username, inbound_id);
return Err(StatusCode::CONFLICT);
}
// Create inbound user DTO
let inbound_user_dto = CreateInboundUserDto {
server_inbound_id: inbound_id,
username: username.clone(),
level: Some(level),
};
// Create user in database
match inbound_users_repo.create(inbound_user_dto).await {
Ok(created_user) => {
tracing::info!("Inbound user created: username={} email={} server={} inbound={}",
username, created_user.email, server_id, inbound_id);
// Send sync event for immediate synchronization
crate::services::events::send_sync_event(
crate::services::events::SyncEvent::UserAccessChanged(server_id)
);
tracing::info!("User will be synced to xray server immediately via event");
Ok(StatusCode::CREATED)
},
Err(e) => {
tracing::error!("Failed to create inbound user: {}", e);
Err(StatusCode::INTERNAL_SERVER_ERROR)
}
}
}
/// Remove user from server inbound
pub async fn remove_user_from_inbound(
State(app_state): State<AppState>,
Path((server_id, inbound_id, email)): Path<(Uuid, Uuid, String)>,
) -> Result<StatusCode, StatusCode> {
let server_repo = ServerRepository::new(app_state.db.connection().clone());
let inbound_repo = ServerInboundRepository::new(app_state.db.connection().clone());
// Get server and inbound
let server = match server_repo.find_by_id(server_id).await {
Ok(Some(server)) => server,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
let inbound = match inbound_repo.find_by_id(inbound_id).await {
Ok(Some(inbound)) => inbound,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
// Verify inbound belongs to server
if inbound.server_id != server_id {
return Err(StatusCode::BAD_REQUEST);
}
// Get inbound tag
let template_repo = InboundTemplateRepository::new(app_state.db.connection().clone());
let template = match template_repo.find_by_id(inbound.template_id).await {
Ok(Some(template)) => template,
Ok(None) => return Err(StatusCode::NOT_FOUND),
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
};
let inbound_tag = &inbound.tag;
// Remove user from xray server
match app_state.xray_service.remove_user(server_id, &format!("{}:{}", server.hostname, server.grpc_port), &inbound_tag, &email).await {
Ok(_) => {
tracing::info!("Successfully removed user {} from server {} inbound {}", email, server_id, inbound_id);
Ok(StatusCode::NO_CONTENT)
},
Err(e) => {
tracing::error!("Failed to remove user {} from server {} inbound {}: {}", email, server_id, inbound_id, e);
Err(StatusCode::INTERNAL_SERVER_ERROR)
}
}
}

88
src/web/handlers/templates.rs Normal file
View File

@@ -0,0 +1,88 @@
use axum::{
extract::{Path, State},
http::StatusCode,
response::Json,
Json as JsonExtractor,
};
use uuid::Uuid;
use crate::{
database::{
entities::inbound_template,
repository::InboundTemplateRepository,
},
web::AppState,
};
/// List all inbound templates
pub async fn list_templates(
State(app_state): State<AppState>,
) -> Result<Json<Vec<inbound_template::InboundTemplateResponse>>, StatusCode> {
let repo = InboundTemplateRepository::new(app_state.db.connection().clone());
match repo.find_all().await {
Ok(templates) => {
let responses: Vec<inbound_template::InboundTemplateResponse> = templates
.into_iter()
.map(|t| t.into())
.collect();
Ok(Json(responses))
}
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Get template by ID
pub async fn get_template(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<inbound_template::InboundTemplateResponse>, StatusCode> {
let repo = InboundTemplateRepository::new(app_state.db.connection().clone());
match repo.find_by_id(id).await {
Ok(Some(template)) => Ok(Json(template.into())),
Ok(None) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Create new template
pub async fn create_template(
State(app_state): State<AppState>,
JsonExtractor(template_data): JsonExtractor<inbound_template::CreateInboundTemplateDto>,
) -> Result<Json<inbound_template::InboundTemplateResponse>, StatusCode> {
tracing::info!("Creating template: {:?}", template_data);
let repo = InboundTemplateRepository::new(app_state.db.connection().clone());
match repo.create(template_data).await {
Ok(template) => Ok(Json(template.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Update template
pub async fn update_template(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
JsonExtractor(template_data): JsonExtractor<inbound_template::UpdateInboundTemplateDto>,
) -> Result<Json<inbound_template::InboundTemplateResponse>, StatusCode> {
let repo = InboundTemplateRepository::new(app_state.db.connection().clone());
match repo.update(id, template_data).await {
Ok(template) => Ok(Json(template.into())),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Delete template
pub async fn delete_template(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<StatusCode, StatusCode> {
let repo = InboundTemplateRepository::new(app_state.db.connection().clone());
match repo.delete(id).await {
Ok(true) => Ok(StatusCode::NO_CONTENT),
Ok(false) => Err(StatusCode::NOT_FOUND),
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}

206
src/web/handlers/users.rs Normal file
View File

@@ -0,0 +1,206 @@
use axum::{
extract::{Path, Query, State},
http::StatusCode,
response::Json,
Json as JsonExtractor,
};
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use uuid::Uuid;
use crate::database::entities::user::{CreateUserDto, UpdateUserDto, Model as UserModel};
use crate::database::repository::UserRepository;
use crate::web::AppState;
#[derive(Debug, Deserialize)]
pub struct PaginationQuery {
#[serde(default = "default_page")]
pub page: u64,
#[serde(default = "default_per_page")]
pub per_page: u64,
}
#[derive(Debug, Deserialize)]
pub struct SearchQuery {
pub q: Option<String>,
#[serde(flatten)]
pub pagination: PaginationQuery,
}
#[derive(Debug, Serialize)]
pub struct UsersResponse {
pub users: Vec<UserResponse>,
pub total: u64,
pub page: u64,
pub per_page: u64,
}
#[derive(Debug, Serialize)]
pub struct UserResponse {
pub id: Uuid,
pub name: String,
pub comment: Option<String>,
pub telegram_id: Option<i64>,
pub created_at: chrono::DateTime<chrono::Utc>,
pub updated_at: chrono::DateTime<chrono::Utc>,
}
fn default_page() -> u64 { 1 }
fn default_per_page() -> u64 { 20 }
impl From<UserModel> for UserResponse {
fn from(user: UserModel) -> Self {
Self {
id: user.id,
name: user.name,
comment: user.comment,
telegram_id: user.telegram_id,
created_at: user.created_at,
updated_at: user.updated_at,
}
}
}
/// Get all users with pagination
pub async fn get_users(
State(app_state): State<AppState>,
Query(query): Query<PaginationQuery>,
) -> Result<Json<UsersResponse>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
let users = repo.get_all(query.page, query.per_page)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let total = repo.count()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let response = UsersResponse {
users: users.into_iter().map(UserResponse::from).collect(),
total,
page: query.page,
per_page: query.per_page,
};
Ok(Json(response))
}
/// Search users by name
pub async fn search_users(
State(app_state): State<AppState>,
Query(query): Query<SearchQuery>,
) -> Result<Json<UsersResponse>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
let users = if let Some(search_query) = query.q {
repo.search_by_name(&search_query, query.pagination.page, query.pagination.per_page)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
} else {
repo.get_all(query.pagination.page, query.pagination.per_page)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
};
let total = repo.count()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let response = UsersResponse {
users: users.into_iter().map(UserResponse::from).collect(),
total,
page: query.pagination.page,
per_page: query.pagination.per_page,
};
Ok(Json(response))
}
/// Get user by ID
pub async fn get_user(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<UserResponse>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
let user = repo.get_by_id(id)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
match user {
Some(user) => Ok(Json(UserResponse::from(user))),
None => Err(StatusCode::NOT_FOUND),
}
}
/// Create a new user
pub async fn create_user(
State(app_state): State<AppState>,
JsonExtractor(dto): JsonExtractor<CreateUserDto>,
) -> Result<Json<UserResponse>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
// Check if telegram ID is already in use
if let Some(telegram_id) = dto.telegram_id {
let exists = repo.telegram_id_exists(telegram_id)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if exists {
return Err(StatusCode::CONFLICT);
}
}
let user = repo.create(dto)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(Json(UserResponse::from(user)))
}
/// Update user by ID
pub async fn update_user(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
JsonExtractor(dto): JsonExtractor<UpdateUserDto>,
) -> Result<Json<UserResponse>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
// Check if telegram ID is already in use by another user
if let Some(telegram_id) = dto.telegram_id {
if let Some(existing_user) = repo.get_by_telegram_id(telegram_id).await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)? {
if existing_user.id != id {
return Err(StatusCode::CONFLICT);
}
}
}
let user = repo.update(id, dto)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
match user {
Some(user) => Ok(Json(UserResponse::from(user))),
None => Err(StatusCode::NOT_FOUND),
}
}
/// Delete user by ID
pub async fn delete_user(
State(app_state): State<AppState>,
Path(id): Path<Uuid>,
) -> Result<Json<Value>, StatusCode> {
let repo = UserRepository::new(app_state.db.connection().clone());
let deleted = repo.delete(id)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if deleted {
Ok(Json(json!({ "message": "User deleted successfully" })))
} else {
Err(StatusCode::NOT_FOUND)
}
}

70
src/web/mod.rs Normal file
View File

@@ -0,0 +1,70 @@
use anyhow::Result;
use axum::{
Router,
routing::get,
http::StatusCode,
response::Json,
serve,
};
use serde_json::{json, Value};
use std::net::SocketAddr;
use tokio::net::TcpListener;
use tower_http::cors::CorsLayer;
use tower_http::services::ServeDir;
use tracing::info;
use crate::config::WebConfig;
use crate::database::DatabaseManager;
use crate::services::XrayService;
pub mod handlers;
pub mod routes;
use routes::api_routes;
/// Application state shared across handlers
#[derive(Clone)]
pub struct AppState {
pub db: DatabaseManager,
#[allow(dead_code)]
pub config: WebConfig,
pub xray_service: XrayService,
}
/// Start the web server
pub async fn start_server(db: DatabaseManager, config: WebConfig) -> Result<()> {
let xray_service = XrayService::new();
let app_state = AppState {
db,
config: config.clone(),
xray_service,
};
// Serve static files
let serve_dir = ServeDir::new("static");
let app = Router::new()
.route("/health", get(health_check))
.nest("/api", api_routes())
.nest_service("/", serve_dir)
.layer(CorsLayer::permissive())
.with_state(app_state);
let addr: SocketAddr = format!("{}:{}", config.host, config.port).parse()?;
info!("Starting web server on {}", addr);
let listener = TcpListener::bind(&addr).await?;
serve(listener, app).await?;
Ok(())
}
/// Health check endpoint
async fn health_check() -> Result<Json<Value>, StatusCode> {
Ok(Json(json!({
"status": "ok",
"service": "xray-admin",
"version": env!("CARGO_PKG_VERSION")
})))
}

27
src/web/routes/mod.rs Normal file
View File

@@ -0,0 +1,27 @@
use axum::{
Router,
routing::get,
};
use crate::web::{AppState, handlers};
pub mod servers;
/// Create API routes
pub fn api_routes() -> Router<AppState> {
Router::new()
.nest("/users", user_routes())
.nest("/servers", servers::server_routes())
.nest("/certificates", servers::certificate_routes())
.nest("/templates", servers::template_routes())
}
/// User management routes
fn user_routes() -> Router<AppState> {
Router::new()
.route("/", get(handlers::get_users).post(handlers::create_user))
.route("/search", get(handlers::search_users))
.route("/:id", get(handlers::get_user)
.put(handlers::update_user)
.delete(handlers::delete_user))
}

38
src/web/routes/servers.rs Normal file
View File

@@ -0,0 +1,38 @@
use axum::{
routing::{get, post},
Router,
};
use crate::{
web::{AppState, handlers},
};
pub fn server_routes() -> Router<AppState> {
Router::new()
// Server management
.route("/", get(handlers::list_servers).post(handlers::create_server))
.route("/:id", get(handlers::get_server).put(handlers::update_server).delete(handlers::delete_server))
.route("/:id/test", post(handlers::test_server_connection))
.route("/:id/stats", get(handlers::get_server_stats))
// Server inbounds
.route("/:server_id/inbounds", get(handlers::list_server_inbounds).post(handlers::create_server_inbound))
.route("/:server_id/inbounds/:inbound_id", get(handlers::get_server_inbound).put(handlers::update_server_inbound).delete(handlers::delete_server_inbound))
// User management for inbounds
.route("/:server_id/inbounds/:inbound_id/users", post(handlers::add_user_to_inbound))
.route("/:server_id/inbounds/:inbound_id/users/:email", axum::routing::delete(handlers::remove_user_from_inbound))
}
pub fn certificate_routes() -> Router<AppState> {
Router::new()
.route("/", get(handlers::list_certificates).post(handlers::create_certificate))
.route("/:id", get(handlers::get_certificate).put(handlers::update_certificate).delete(handlers::delete_certificate))
.route("/:id/details", get(handlers::get_certificate_details))
.route("/expiring", get(handlers::get_expiring_certificates))
}
pub fn template_routes() -> Router<AppState> {
Router::new()
.route("/", get(handlers::list_templates).post(handlers::create_template))
.route("/:id", get(handlers::get_template).put(handlers::update_template).delete(handlers::delete_template))
}