Clash.Meta/hub/route/server.go

package route

import (
	"bytes"
	"encoding/json"
	"net/http"
	"strings"
	"time"

	C "github.com/Dreamacro/clash/constant"
	"github.com/Dreamacro/clash/log"
	T "github.com/Dreamacro/clash/tunnel"

	"github.com/go-chi/chi"
	"github.com/go-chi/cors"
	"github.com/go-chi/render"
	"github.com/gorilla/websocket"
)

var (
	serverSecret = ""
	serverAddr   = ""

	uiPath = ""

	upgrader = websocket.Upgrader{
		CheckOrigin: func(r *http.Request) bool {
			return true
		},
	}
)

type Traffic struct {
	Up   int64 `json:"up"`
	Down int64 `json:"down"`
}

func SetUIPath(path string) {
	uiPath = C.Path.Resolve(path)
}

func Start(addr string, secret string) {
	if serverAddr != "" {
		return
	}

	serverAddr = addr
	serverSecret = secret

	r := chi.NewRouter()

	cors := cors.New(cors.Options{
		AllowedOrigins: []string{"*"},
		AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
		AllowedHeaders: []string{"Content-Type", "Authorization"},
		MaxAge:         300,
	})

	r.Use(cors.Handler)
	r.Group(func(r chi.Router) {
		r.Use(authentication)

		r.Get("/", hello)
		r.Get("/logs", getLogs)
		r.Get("/traffic", traffic)
		r.Get("/version", version)
		r.Mount("/configs", configRouter())
		r.Mount("/proxies", proxyRouter())
		r.Mount("/rules", ruleRouter())
		r.Mount("/connections", connectionRouter())
		r.Mount("/providers/proxies", proxyProviderRouter())
	})

	if uiPath != "" {
		r.Group(func(r chi.Router) {
			fs := http.StripPrefix("/ui", http.FileServer(http.Dir(uiPath)))
			r.Get("/ui", http.RedirectHandler("/ui/", http.StatusTemporaryRedirect).ServeHTTP)
			r.Get("/ui/*", func(w http.ResponseWriter, r *http.Request) {
				fs.ServeHTTP(w, r)
			})
		})
	}

	log.Infoln("RESTful API listening at: %s", addr)
	err := http.ListenAndServe(addr, r)
	if err != nil {
		log.Errorln("External controller error: %s", err.Error())
	}
}

func authentication(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		if serverSecret == "" {
			next.ServeHTTP(w, r)
			return
		}

		// Browser websocket not support custom header
		if websocket.IsWebSocketUpgrade(r) && r.URL.Query().Get("token") != "" {
			token := r.URL.Query().Get("token")
			if token != serverSecret {
				render.Status(r, http.StatusUnauthorized)
				render.JSON(w, r, ErrUnauthorized)
				return
			}
			next.ServeHTTP(w, r)
			return
		}

		header := r.Header.Get("Authorization")
		text := strings.SplitN(header, " ", 2)

		hasInvalidHeader := text[0] != "Bearer"
		hasInvalidSecret := len(text) != 2 || text[1] != serverSecret
		if hasInvalidHeader || hasInvalidSecret {
			render.Status(r, http.StatusUnauthorized)
			render.JSON(w, r, ErrUnauthorized)
			return
		}
		next.ServeHTTP(w, r)
	}
	return http.HandlerFunc(fn)
}

func hello(w http.ResponseWriter, r *http.Request) {
	render.JSON(w, r, render.M{"hello": "clash"})
}

func traffic(w http.ResponseWriter, r *http.Request) {
	var wsConn *websocket.Conn
	if websocket.IsWebSocketUpgrade(r) {
		var err error
		wsConn, err = upgrader.Upgrade(w, r, nil)
		if err != nil {
			return
		}
	}

	if wsConn == nil {
		w.Header().Set("Content-Type", "application/json")
		render.Status(r, http.StatusOK)
	}

	tick := time.NewTicker(time.Second)
	t := T.DefaultManager
	buf := &bytes.Buffer{}
	var err error
	for range tick.C {
		buf.Reset()
		up, down := t.Now()
		if err := json.NewEncoder(buf).Encode(Traffic{
			Up:   up,
			Down: down,
		}); err != nil {
			break
		}

		if wsConn == nil {
			_, err = w.Write(buf.Bytes())
			w.(http.Flusher).Flush()
		} else {
			err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())
		}

		if err != nil {
			break
		}
	}
}

type Log struct {
	Type    string `json:"type"`
	Payload string `json:"payload"`
}

func getLogs(w http.ResponseWriter, r *http.Request) {
	levelText := r.URL.Query().Get("level")
	if levelText == "" {
		levelText = "info"
	}

	level, ok := log.LogLevelMapping[levelText]
	if !ok {
		render.Status(r, http.StatusBadRequest)
		render.JSON(w, r, ErrBadRequest)
		return
	}

	var wsConn *websocket.Conn
	if websocket.IsWebSocketUpgrade(r) {
		var err error
		wsConn, err = upgrader.Upgrade(w, r, nil)
		if err != nil {
			return
		}
	}

	if wsConn == nil {
		w.Header().Set("Content-Type", "application/json")
		render.Status(r, http.StatusOK)
	}

	sub := log.Subscribe()
	defer log.UnSubscribe(sub)
	buf := &bytes.Buffer{}
	var err error
	for elm := range sub {
		buf.Reset()
		log := elm.(*log.Event)
		if log.LogLevel < level {
			continue
		}

		if err := json.NewEncoder(buf).Encode(Log{
			Type:    log.Type(),
			Payload: log.Payload,
		}); err != nil {
			break
		}

		if wsConn == nil {
			_, err = w.Write(buf.Bytes())
			w.(http.Flusher).Flush()
		} else {
			err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())
		}

		if err != nil {
			break
		}
	}
}

func version(w http.ResponseWriter, r *http.Request) {
	render.JSON(w, r, render.M{"version": C.Version})
}
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`package route`
Add: external controller 2018-06-18 11:31:49 +08:00
			`import (`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`"bytes"`
Add: external controller 2018-06-18 11:31:49 +08:00			`"encoding/json"`
			`"net/http"`
Feature: add authorization for API 2018-10-06 13:15:02 +08:00			`"strings"`
Add: external controller 2018-06-18 11:31:49 +08:00			`"time"`

Feature: add version api 2019-09-13 17:44:30 +08:00			`C "github.com/Dreamacro/clash/constant"`
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`"github.com/Dreamacro/clash/log"`
Update: add config route 2018-07-15 22:23:20 +08:00			`T "github.com/Dreamacro/clash/tunnel"`
Add: external controller 2018-06-18 11:31:49 +08:00
			`"github.com/go-chi/chi"`
Add: cors for external controller 2018-07-19 09:31:53 +08:00			`"github.com/go-chi/cors"`
Add: external controller 2018-06-18 11:31:49 +08:00			`"github.com/go-chi/render"`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`"github.com/gorilla/websocket"`
Add: external controller 2018-06-18 11:31:49 +08:00			`)`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`var (`
			`serverSecret = ""`
			`serverAddr = ""`
Feature: add custom ui support in API 2018-12-20 01:29:13 +08:00
			`uiPath = ""`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00
Feature: websocket api support browser 2019-09-30 14:13:29 +08:00			`upgrader = websocket.Upgrader{`
			`CheckOrigin: func(r *http.Request) bool {`
			`return true`
			`},`
			`}`
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`)`
Feature: add authorization for API 2018-10-06 13:15:02 +08:00
Add: external controller 2018-06-18 11:31:49 +08:00			`type Traffic struct {`
			Up int64 `json:"up"`
			Down int64 `json:"down"`
			`}`

Feature: add custom ui support in API 2018-12-20 01:29:13 +08:00			`func SetUIPath(path string) {`
Fix: `external-ui` should relative with clash HomeDir 2020-06-18 21:33:57 +08:00			`uiPath = C.Path.Resolve(path)`
Feature: add custom ui support in API 2018-12-20 01:29:13 +08:00			`}`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`func Start(addr string, secret string) {`
			`if serverAddr != "" {`
			`return`
Improve: config convergent and add log-level 2018-07-26 00:04:59 +08:00			`}`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`serverAddr = addr`
			`serverSecret = secret`

Add: external controller 2018-06-18 11:31:49 +08:00			`r := chi.NewRouter()`

Add: cors for external controller 2018-07-19 09:31:53 +08:00			`cors := cors.New(cors.Options{`
			`AllowedOrigins: []string{"*"},`
Fix: authentication with stream api 2018-12-29 14:11:54 +08:00			`AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},`
Feature: add authorization for API 2018-10-06 13:15:02 +08:00			`AllowedHeaders: []string{"Content-Type", "Authorization"},`
Add: cors for external controller 2018-07-19 09:31:53 +08:00			`MaxAge: 300,`
			`})`

Fix(API): cors middleware hoisting because it doesn't work with r.Group 2019-09-21 21:28:02 +08:00			`r.Use(cors.Handler)`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00			`r.Group(func(r chi.Router) {`
Fix(API): cors middleware hoisting because it doesn't work with r.Group 2019-09-21 21:28:02 +08:00			`r.Use(authentication)`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00
Change: make ping under authentication 2020-02-21 18:00:19 +08:00			`r.Get("/", hello)`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`r.Get("/logs", getLogs)`
			`r.Get("/traffic", traffic)`
Feature: add version api 2019-09-13 17:44:30 +08:00			`r.Get("/version", version)`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00			`r.Mount("/configs", configRouter())`
			`r.Mount("/proxies", proxyRouter())`
			`r.Mount("/rules", ruleRouter())`
Feature: add experimental connections API 2019-10-27 21:44:07 +08:00			`r.Mount("/connections", connectionRouter())`
Feature: add basic api for proxy provider 2019-12-11 17:31:15 +08:00			`r.Mount("/providers/proxies", proxyProviderRouter())`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00			`})`
Add: external controller 2018-06-18 11:31:49 +08:00
Feature: add custom ui support in API 2018-12-20 01:29:13 +08:00			`if uiPath != "" {`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00			`r.Group(func(r chi.Router) {`
			`fs := http.StripPrefix("/ui", http.FileServer(http.Dir(uiPath)))`
Fix(API): use right status code 2019-09-08 22:33:52 +08:00			`r.Get("/ui", http.RedirectHandler("/ui/", http.StatusTemporaryRedirect).ServeHTTP)`
Fix: allow access to external-ui without authentication (#75) 2018-12-21 17:48:29 +08:00			`r.Get("/ui/", func(w http.ResponseWriter, r http.Request) {`
			`fs.ServeHTTP(w, r)`
			`})`
Feature: add custom ui support in API 2018-12-20 01:29:13 +08:00			`})`
			`}`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`log.Infoln("RESTful API listening at: %s", addr)`
Add: external controller 2018-06-18 11:31:49 +08:00			`err := http.ListenAndServe(addr, r)`
			`if err != nil {`
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`log.Errorln("External controller error: %s", err.Error())`
Add: external controller 2018-06-18 11:31:49 +08:00			`}`
			`}`

Feature: add authorization for API 2018-10-06 13:15:02 +08:00			`func authentication(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`if serverSecret == "" {`
Feature: add authorization for API 2018-10-06 13:15:02 +08:00			`next.ServeHTTP(w, r)`
			`return`
			`}`

Feature: websocket api support browser 2019-09-30 14:13:29 +08:00			`// Browser websocket not support custom header`
			`if websocket.IsWebSocketUpgrade(r) && r.URL.Query().Get("token") != "" {`
			`token := r.URL.Query().Get("token")`
			`if token != serverSecret {`
			`render.Status(r, http.StatusUnauthorized)`
			`render.JSON(w, r, ErrUnauthorized)`
			`return`
			`}`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`header := r.Header.Get("Authorization")`
			`text := strings.SplitN(header, " ", 2)`

Fix: API auth bypass 2020-04-24 23:49:35 +08:00			`hasInvalidHeader := text[0] != "Bearer"`
			`hasInvalidSecret := len(text) != 2 \|\| text[1] != serverSecret`
			`if hasInvalidHeader \|\| hasInvalidSecret {`
Chore: standardize API returns 2018-12-10 11:33:37 +08:00			`render.Status(r, http.StatusUnauthorized)`
			`render.JSON(w, r, ErrUnauthorized)`
Feature: add authorization for API 2018-10-06 13:15:02 +08:00			`return`
			`}`
			`next.ServeHTTP(w, r)`
			`}`
			`return http.HandlerFunc(fn)`
			`}`

Fix: authentication with stream api 2018-12-29 14:11:54 +08:00			`func hello(w http.ResponseWriter, r *http.Request) {`
			`render.JSON(w, r, render.M{"hello": "clash"})`
			`}`

Add: external controller 2018-06-18 11:31:49 +08:00			`func traffic(w http.ResponseWriter, r *http.Request) {`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`var wsConn *websocket.Conn`
			`if websocket.IsWebSocketUpgrade(r) {`
			`var err error`
			`wsConn, err = upgrader.Upgrade(w, r, nil)`
			`if err != nil {`
			`return`
			`}`
			`}`

			`if wsConn == nil {`
			`w.Header().Set("Content-Type", "application/json")`
			`render.Status(r, http.StatusOK)`
			`}`
Add: external controller 2018-06-18 11:31:49 +08:00
			`tick := time.NewTicker(time.Second)`
Feature: add experimental connections API 2019-10-27 21:44:07 +08:00			`t := T.DefaultManager`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`buf := &bytes.Buffer{}`
			`var err error`
Add: external controller 2018-06-18 11:31:49 +08:00			`for range tick.C {`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`buf.Reset()`
Add: external controller 2018-06-18 11:31:49 +08:00			`up, down := t.Now()`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`if err := json.NewEncoder(buf).Encode(Traffic{`
Add: external controller 2018-06-18 11:31:49 +08:00			`Up: up,`
			`Down: down,`
			`}); err != nil {`
			`break`
			`}`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00
			`if wsConn == nil {`
			`_, err = w.Write(buf.Bytes())`
			`w.(http.Flusher).Flush()`
			`} else {`
			`err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())`
			`}`

			`if err != nil {`
			`break`
			`}`
Add: external controller 2018-06-18 11:31:49 +08:00			`}`
			`}`

Improve: add log level 2018-06-22 13:15:20 +08:00			`type Log struct {`
			Type string `json:"type"`
			Payload string `json:"payload"`
			`}`

Add: external controller 2018-06-18 11:31:49 +08:00			`func getLogs(w http.ResponseWriter, r *http.Request) {`
Fix: log api query 2018-08-12 19:35:13 +08:00			`levelText := r.URL.Query().Get("level")`
			`if levelText == "" {`
			`levelText = "info"`
Improve: add log level 2018-06-22 13:15:20 +08:00			`}`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`level, ok := log.LogLevelMapping[levelText]`
Improve: add log level 2018-06-22 13:15:20 +08:00			`if !ok {`
Chore: standardize API returns 2018-12-10 11:33:37 +08:00			`render.Status(r, http.StatusBadRequest)`
			`render.JSON(w, r, ErrBadRequest)`
Improve: add log level 2018-06-22 13:15:20 +08:00			`return`
			`}`

Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`var wsConn *websocket.Conn`
			`if websocket.IsWebSocketUpgrade(r) {`
			`var err error`
			`wsConn, err = upgrader.Upgrade(w, r, nil)`
			`if err != nil {`
			`return`
			`}`
			`}`

			`if wsConn == nil {`
			`w.Header().Set("Content-Type", "application/json")`
			`render.Status(r, http.StatusOK)`
			`}`

Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`sub := log.Subscribe()`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`defer log.UnSubscribe(sub)`
			`buf := &bytes.Buffer{}`
			`var err error`
Add: external controller 2018-06-18 11:31:49 +08:00			`for elm := range sub {`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`buf.Reset()`
Chore: improve code architecture 2018-11-21 13:47:46 +08:00			`log := elm.(*log.Event)`
			`if log.LogLevel < level {`
Improve: add log level 2018-06-22 13:15:20 +08:00			`continue`
			`}`

Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00			`if err := json.NewEncoder(buf).Encode(Log{`
Add: external controller 2018-06-18 11:31:49 +08:00			`Type: log.Type(),`
			`Payload: log.Payload,`
			`}); err != nil {`
			`break`
			`}`
Feature(API): logs and traffic support websocket 2019-07-12 15:44:12 +08:00
			`if wsConn == nil {`
			`_, err = w.Write(buf.Bytes())`
			`w.(http.Flusher).Flush()`
			`} else {`
			`err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())`
			`}`

			`if err != nil {`
			`break`
			`}`
Add: external controller 2018-06-18 11:31:49 +08:00			`}`
			`}`
Feature: add version api 2019-09-13 17:44:30 +08:00
			`func version(w http.ResponseWriter, r *http.Request) {`
			`render.JSON(w, r, render.M{"version": C.Version})`
			`}`