123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486 |
- package route
- import (
- "bytes"
- "context"
- "crypto/subtle"
- "crypto/tls"
- "encoding/json"
- "net"
- "net/http"
- "os"
- "path/filepath"
- "runtime/debug"
- "strings"
- "syscall"
- "time"
- "github.com/metacubex/mihomo/adapter/inbound"
- CN "github.com/metacubex/mihomo/common/net"
- "github.com/metacubex/mihomo/common/utils"
- C "github.com/metacubex/mihomo/constant"
- "github.com/metacubex/mihomo/log"
- "github.com/metacubex/mihomo/tunnel/statistic"
- "github.com/go-chi/chi/v5"
- "github.com/go-chi/chi/v5/middleware"
- "github.com/go-chi/cors"
- "github.com/go-chi/render"
- "github.com/gobwas/ws"
- "github.com/gobwas/ws/wsutil"
- )
- var (
- serverSecret = ""
- serverAddr = ""
- uiPath = ""
- server *http.Server
- )
- type Traffic struct {
- Up int64 `json:"up"`
- Down int64 `json:"down"`
- }
- type Memory struct {
- Inuse uint64 `json:"inuse"`
- OSLimit uint64 `json:"oslimit"` // maybe we need it in the future
- }
- func SetUIPath(path string) {
- uiPath = C.Path.Resolve(path)
- }
- func router(isDebug bool, withAuth bool, dohServer string) *chi.Mux {
- r := chi.NewRouter()
- corsM := cors.New(cors.Options{
- AllowedOrigins: []string{"*"},
- AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
- AllowedHeaders: []string{"Content-Type", "Authorization"},
- MaxAge: 300,
- })
- r.Use(setPrivateNetworkAccess)
- r.Use(corsM.Handler)
- if isDebug {
- r.Mount("/debug", func() http.Handler {
- r := chi.NewRouter()
- r.Put("/gc", func(w http.ResponseWriter, r *http.Request) {
- debug.FreeOSMemory()
- })
- handler := middleware.Profiler
- r.Mount("/", handler())
- return r
- }())
- }
- r.Group(func(r chi.Router) {
- if withAuth {
- r.Use(authentication)
- }
- r.Get("/", hello)
- r.Get("/logs", getLogs)
- r.Get("/traffic", traffic)
- r.Get("/memory", memory)
- r.Get("/version", version)
- r.Mount("/configs", configRouter())
- r.Mount("/proxies", proxyRouter())
- r.Mount("/group", GroupRouter())
- r.Mount("/rules", ruleRouter())
- r.Mount("/connections", connectionRouter())
- r.Mount("/providers/proxies", proxyProviderRouter())
- r.Mount("/providers/rules", ruleProviderRouter())
- r.Mount("/cache", cacheRouter())
- r.Mount("/dns", dnsRouter())
- r.Mount("/restart", restartRouter())
- r.Mount("/upgrade", upgradeRouter())
- addExternalRouters(r)
- })
- if uiPath != "" {
- r.Group(func(r chi.Router) {
- fs := http.StripPrefix("/ui", http.FileServer(http.Dir(uiPath)))
- r.Get("/ui", http.RedirectHandler("/ui/", http.StatusTemporaryRedirect).ServeHTTP)
- r.Get("/ui/*", func(w http.ResponseWriter, r *http.Request) {
- fs.ServeHTTP(w, r)
- })
- })
- }
- if len(dohServer) > 0 && dohServer[0] == '/' {
- r.Mount(dohServer, dohRouter())
- }
- return r
- }
- func ReStartServer(addr string) {
- if addr == "" {
- StopServer()
- return
- }
- if server != nil && server.Addr == addr {
- return
- }
- StopServer()
- server = &http.Server{
- Addr: addr,
- Handler: router(false, false, ""),
- }
- go func() {
- if err := server.ListenAndServe(); err != nil {
- log.Errorln("External controller listen error: %s", err)
- }
- }()
- }
- func StopServer() {
- if server == nil {
- return
- }
- ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
- defer cancel()
- if err := server.Shutdown(ctx); err != nil {
- log.Errorln("Shutdown external controller:", err)
- }
- server = nil
- }
- func Start(addr string, tlsAddr string, secret string,
- certificate, privateKey string, dohServer string, isDebug bool) {
- if serverAddr != "" {
- return
- }
- serverAddr = addr
- serverSecret = secret
- if len(tlsAddr) > 0 {
- go func() {
- c, err := CN.ParseCert(certificate, privateKey, C.Path)
- if err != nil {
- log.Errorln("External controller tls listen error: %s", err)
- return
- }
- l, err := inbound.Listen("tcp", tlsAddr)
- if err != nil {
- log.Errorln("External controller tls listen error: %s", err)
- return
- }
- serverAddr = l.Addr().String()
- log.Infoln("RESTful API tls listening at: %s", serverAddr)
- tlsServe := &http.Server{
- Handler: router(isDebug, true, dohServer),
- TLSConfig: &tls.Config{
- Certificates: []tls.Certificate{c},
- },
- }
- if err = tlsServe.ServeTLS(l, "", ""); err != nil {
- log.Errorln("External controller tls serve error: %s", err)
- }
- }()
- }
- l, err := inbound.Listen("tcp", addr)
- if err != nil {
- log.Errorln("External controller listen error: %s", err)
- return
- }
- serverAddr = l.Addr().String()
- log.Infoln("RESTful API listening at: %s", serverAddr)
- if err = http.Serve(l, router(isDebug, true, dohServer)); err != nil {
- log.Errorln("External controller serve error: %s", err)
- }
- }
- func StartUnix(addr string, dohServer string, isDebug bool) {
- addr = C.Path.Resolve(addr)
- dir := filepath.Dir(addr)
- if _, err := os.Stat(dir); os.IsNotExist(err) {
- if err := os.MkdirAll(dir, 0o755); err != nil {
- log.Errorln("External controller unix listen error: %s", err)
- return
- }
- }
- // https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
- //
- // Note: As mentioned above in the ‘security’ section, when a socket binds a socket to a valid pathname address,
- // a socket file is created within the filesystem. On Linux, the application is expected to unlink
- // (see the notes section in the man page for AF_UNIX) before any other socket can be bound to the same address.
- // The same applies to Windows unix sockets, except that, DeleteFile (or any other file delete API)
- // should be used to delete the socket file prior to calling bind with the same path.
- _ = syscall.Unlink(addr)
- l, err := inbound.Listen("unix", addr)
- if err != nil {
- log.Errorln("External controller unix listen error: %s", err)
- return
- }
- serverAddr = l.Addr().String()
- log.Infoln("RESTful API unix listening at: %s", serverAddr)
- if err = http.Serve(l, router(isDebug, false, dohServer)); err != nil {
- log.Errorln("External controller unix serve error: %s", err)
- }
- }
- func setPrivateNetworkAccess(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
- w.Header().Add("Access-Control-Allow-Private-Network", "true")
- }
- next.ServeHTTP(w, r)
- })
- }
- func safeEuqal(a, b string) bool {
- aBuf := utils.ImmutableBytesFromString(a)
- bBuf := utils.ImmutableBytesFromString(b)
- return subtle.ConstantTimeCompare(aBuf, bBuf) == 1
- }
- func authentication(next http.Handler) http.Handler {
- fn := func(w http.ResponseWriter, r *http.Request) {
- if serverSecret == "" {
- next.ServeHTTP(w, r)
- return
- }
- // Browser websocket not support custom header
- if r.Header.Get("Upgrade") == "websocket" && r.URL.Query().Get("token") != "" {
- token := r.URL.Query().Get("token")
- if !safeEuqal(token, serverSecret) {
- render.Status(r, http.StatusUnauthorized)
- render.JSON(w, r, ErrUnauthorized)
- return
- }
- next.ServeHTTP(w, r)
- return
- }
- header := r.Header.Get("Authorization")
- bearer, token, found := strings.Cut(header, " ")
- hasInvalidHeader := bearer != "Bearer"
- hasInvalidSecret := !found || !safeEuqal(token, serverSecret)
- if hasInvalidHeader || hasInvalidSecret {
- render.Status(r, http.StatusUnauthorized)
- render.JSON(w, r, ErrUnauthorized)
- return
- }
- next.ServeHTTP(w, r)
- }
- return http.HandlerFunc(fn)
- }
- func hello(w http.ResponseWriter, r *http.Request) {
- render.JSON(w, r, render.M{"hello": "mihomo"})
- }
- func traffic(w http.ResponseWriter, r *http.Request) {
- var wsConn net.Conn
- if r.Header.Get("Upgrade") == "websocket" {
- var err error
- wsConn, _, _, err = ws.UpgradeHTTP(r, w)
- if err != nil {
- return
- }
- }
- if wsConn == nil {
- w.Header().Set("Content-Type", "application/json")
- render.Status(r, http.StatusOK)
- }
- tick := time.NewTicker(time.Second)
- defer tick.Stop()
- t := statistic.DefaultManager
- buf := &bytes.Buffer{}
- var err error
- for range tick.C {
- buf.Reset()
- up, down := t.Now()
- if err := json.NewEncoder(buf).Encode(Traffic{
- Up: up,
- Down: down,
- }); err != nil {
- break
- }
- if wsConn == nil {
- _, err = w.Write(buf.Bytes())
- w.(http.Flusher).Flush()
- } else {
- err = wsutil.WriteMessage(wsConn, ws.StateServerSide, ws.OpText, buf.Bytes())
- }
- if err != nil {
- break
- }
- }
- }
- func memory(w http.ResponseWriter, r *http.Request) {
- var wsConn net.Conn
- if r.Header.Get("Upgrade") == "websocket" {
- var err error
- wsConn, _, _, err = ws.UpgradeHTTP(r, w)
- if err != nil {
- return
- }
- }
- if wsConn == nil {
- w.Header().Set("Content-Type", "application/json")
- render.Status(r, http.StatusOK)
- }
- tick := time.NewTicker(time.Second)
- defer tick.Stop()
- t := statistic.DefaultManager
- buf := &bytes.Buffer{}
- var err error
- first := true
- for range tick.C {
- buf.Reset()
- inuse := t.Memory()
- // make chat.js begin with zero
- // this is shit var,but we need output 0 for first time
- if first {
- inuse = 0
- first = false
- }
- if err := json.NewEncoder(buf).Encode(Memory{
- Inuse: inuse,
- OSLimit: 0,
- }); err != nil {
- break
- }
- if wsConn == nil {
- _, err = w.Write(buf.Bytes())
- w.(http.Flusher).Flush()
- } else {
- err = wsutil.WriteMessage(wsConn, ws.StateServerSide, ws.OpText, buf.Bytes())
- }
- if err != nil {
- break
- }
- }
- }
- type Log struct {
- Type string `json:"type"`
- Payload string `json:"payload"`
- }
- type LogStructuredField struct {
- Key string `json:"key"`
- Value string `json:"value"`
- }
- type LogStructured struct {
- Time string `json:"time"`
- Level string `json:"level"`
- Message string `json:"message"`
- Fields []LogStructuredField `json:"fields"`
- }
- func getLogs(w http.ResponseWriter, r *http.Request) {
- levelText := r.URL.Query().Get("level")
- if levelText == "" {
- levelText = "info"
- }
- formatText := r.URL.Query().Get("format")
- isStructured := false
- if formatText == "structured" {
- isStructured = true
- }
- level, ok := log.LogLevelMapping[levelText]
- if !ok {
- render.Status(r, http.StatusBadRequest)
- render.JSON(w, r, ErrBadRequest)
- return
- }
- var wsConn net.Conn
- if r.Header.Get("Upgrade") == "websocket" {
- var err error
- wsConn, _, _, err = ws.UpgradeHTTP(r, w)
- if err != nil {
- return
- }
- }
- if wsConn == nil {
- w.Header().Set("Content-Type", "application/json")
- render.Status(r, http.StatusOK)
- }
- ch := make(chan log.Event, 1024)
- sub := log.Subscribe()
- defer log.UnSubscribe(sub)
- buf := &bytes.Buffer{}
- go func() {
- for logM := range sub {
- select {
- case ch <- logM:
- default:
- }
- }
- close(ch)
- }()
- for logM := range ch {
- if logM.LogLevel < level {
- continue
- }
- buf.Reset()
- if !isStructured {
- if err := json.NewEncoder(buf).Encode(Log{
- Type: logM.Type(),
- Payload: logM.Payload,
- }); err != nil {
- break
- }
- } else {
- newLevel := logM.Type()
- if newLevel == "warning" {
- newLevel = "warn"
- }
- if err := json.NewEncoder(buf).Encode(LogStructured{
- Time: time.Now().Format(time.TimeOnly),
- Level: newLevel,
- Message: logM.Payload,
- Fields: []LogStructuredField{},
- }); err != nil {
- break
- }
- }
- var err error
- if wsConn == nil {
- _, err = w.Write(buf.Bytes())
- w.(http.Flusher).Flush()
- } else {
- err = wsutil.WriteMessage(wsConn, ws.StateServerSide, ws.OpText, buf.Bytes())
- }
- if err != nil {
- break
- }
- }
- }
- func version(w http.ResponseWriter, r *http.Request) {
- render.JSON(w, r, render.M{"meta": C.Meta, "version": C.Version})
- }
|