Add admin panel, manager, node_manager, bandwidth limiter, connection limiter, bonding, failover, vless encryption, mkcp transport

2026-05-25 13:47:41 +03:00 · 2026-02-26 22:44:31 +03:00
parent 287fe834db
commit c0aa3480c5
115 changed files with 12582 additions and 301 deletions
--- a/service/node_manager/server/node.go
+++ b/service/node_manager/server/node.go
@@ -0,0 +1,203 @@
+package server
+
+import (
+	"context"
+	"sync"
+
+	"github.com/sagernet/sing-box/log"
+	CS "github.com/sagernet/sing-box/service/manager/constant"
+	pb "github.com/sagernet/sing-box/service/node_manager/manager"
+	E "github.com/sagernet/sing/common/exceptions"
+	"google.golang.org/grpc"
+)
+
+type RemoteNode struct {
+	ctx     context.Context
+	logger  log.ContextLogger
+	stream  grpc.ServerStreamingServer[pb.NodeData]
+	errChan chan error
+
+	mtx sync.Mutex
+}
+
+func NewRemoteNode(ctx context.Context, logger log.ContextLogger, stream grpc.ServerStreamingServer[pb.NodeData]) (*RemoteNode, chan error) {
+	errChan := make(chan error)
+	return &RemoteNode{
+		ctx:     ctx,
+		logger:  logger,
+		stream:  stream,
+		errChan: errChan,
+	}, errChan
+}
+
+func (s *RemoteNode) UpdateUser(user CS.User) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateUser,
+		Data: &pb.NodeData_User{User: s.convertUser(user)},
+	})
+}
+
+func (s *RemoteNode) UpdateUsers(users []CS.User) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	pbUsers := make([]*pb.User, len(users))
+	for i, user := range users {
+		pbUsers[i] = s.convertUser(user)
+	}
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateUsers,
+		Data: &pb.NodeData_Users{Users: &pb.UserList{Values: pbUsers}},
+	})
+}
+
+func (s *RemoteNode) DeleteUser(user CS.User) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_deleteUser,
+		Data: &pb.NodeData_User{User: s.convertUser(user)},
+	})
+}
+
+func (s *RemoteNode) UpdateConnectionLimiter(limiter CS.ConnectionLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateConnectionLimiter,
+		Data: &pb.NodeData_ConnectionLimiter{ConnectionLimiter: s.convertConnectionLimiter(limiter)},
+	})
+}
+
+func (s *RemoteNode) UpdateConnectionLimiters(limiters []CS.ConnectionLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	pbLimiters := make([]*pb.ConnectionLimiter, len(limiters))
+	for i, limiters := range limiters {
+		pbLimiters[i] = s.convertConnectionLimiter(limiters)
+	}
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateConnectionLimiters,
+		Data: &pb.NodeData_ConnectionLimiters{ConnectionLimiters: &pb.ConnectionLimiterList{Values: pbLimiters}},
+	})
+}
+
+func (s *RemoteNode) DeleteConnectionLimiter(limiter CS.ConnectionLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_deleteConnectionLimiter,
+		Data: &pb.NodeData_ConnectionLimiter{ConnectionLimiter: s.convertConnectionLimiter(limiter)},
+	})
+}
+
+func (s *RemoteNode) UpdateBandwidthLimiter(limiter CS.BandwidthLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateBandwidthLimiter,
+		Data: &pb.NodeData_BandwidthLimiter{BandwidthLimiter: s.convertBandwidthLimiter(limiter)},
+	})
+}
+
+func (s *RemoteNode) UpdateBandwidthLimiters(limiters []CS.BandwidthLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	pbLimiters := make([]*pb.BandwidthLimiter, len(limiters))
+	for i, limiters := range limiters {
+		pbLimiters[i] = s.convertBandwidthLimiter(limiters)
+	}
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_updateBandwidthLimiters,
+		Data: &pb.NodeData_BandwidthLimiters{BandwidthLimiters: &pb.BandwidthLimiterList{Values: pbLimiters}},
+	})
+}
+
+func (s *RemoteNode) DeleteBandwidthLimiter(limiter CS.BandwidthLimiter) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.send(&pb.NodeData{
+		Op:   pb.OpType_deleteBandwidthLimiter,
+		Data: &pb.NodeData_BandwidthLimiter{BandwidthLimiter: s.convertBandwidthLimiter(limiter)},
+	})
+}
+
+func (s *RemoteNode) IsLocal() bool {
+	return false
+}
+
+func (s *RemoteNode) IsOnline() bool {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	select {
+	case <-s.stream.Context().Done():
+		return false
+	default:
+		return true
+	}
+}
+
+func (s *RemoteNode) Close() error {
+	s.close(E.New("server connection is closed"))
+	return nil
+}
+
+func (s *RemoteNode) send(data *pb.NodeData) {
+	select {
+	case <-s.ctx.Done():
+		s.close(E.New("server connection is closed"))
+		return
+	case <-s.stream.Context().Done():
+		s.close(E.New("client connection is closed"))
+		return
+	default:
+	}
+	err := s.stream.Send(data)
+	if err != nil {
+		s.close(err)
+	}
+}
+
+func (s *RemoteNode) close(err error) {
+	s.errChan <- err
+	close(s.errChan)
+}
+
+func (s *RemoteNode) convertUser(user CS.User) *pb.User {
+	return &pb.User{
+		Id:       int32(user.ID),
+		Username: user.Username,
+		Type:     user.Type,
+		Inbound:  user.Inbound,
+		Uuid:     user.UUID,
+		Password: user.Password,
+		Flow:     user.Flow,
+		AlterId:  int32(user.AlterID),
+	}
+}
+
+func (s *RemoteNode) convertConnectionLimiter(limiter CS.ConnectionLimiter) *pb.ConnectionLimiter {
+	return &pb.ConnectionLimiter{
+		Id:             int32(limiter.ID),
+		Username:       limiter.Username,
+		Outbound:       limiter.Outbound,
+		Strategy:       limiter.Strategy,
+		ConnectionType: limiter.ConnectionType,
+		LockType:       limiter.LockType,
+		Count:          limiter.Count,
+	}
+}
+
+func (s *RemoteNode) convertBandwidthLimiter(limiter CS.BandwidthLimiter) *pb.BandwidthLimiter {
+	return &pb.BandwidthLimiter{
+		Id:             int32(limiter.ID),
+		Username:       limiter.Username,
+		Outbound:       limiter.Outbound,
+		Strategy:       limiter.Strategy,
+		Mode:           limiter.Mode,
+		ConnectionType: limiter.ConnectionType,
+		Speed:          limiter.Speed,
+		RawSpeed:       limiter.RawSpeed,
+	}
+}
--- a/service/node_manager/server/service.go
+++ b/service/node_manager/server/service.go
@@ -0,0 +1,139 @@
+package server
+
+import (
+	"context"
+	"errors"
+	"sync"
+
+	"github.com/sagernet/sing-box/adapter"
+	boxService "github.com/sagernet/sing-box/adapter/service"
+	"github.com/sagernet/sing-box/common/listener"
+	"github.com/sagernet/sing-box/common/tls"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	CM "github.com/sagernet/sing-box/service/manager/constant"
+	pb "github.com/sagernet/sing-box/service/node_manager/manager"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	N "github.com/sagernet/sing/common/network"
+	aTLS "github.com/sagernet/sing/common/tls"
+	"github.com/sagernet/sing/service"
+	"golang.org/x/net/http2"
+	"google.golang.org/grpc"
+)
+
+func RegisterService(registry *boxService.Registry) {
+	boxService.Register[option.NodeManagerServerServiceOptions](registry, C.TypeNodeManagerServer, NewService)
+}
+
+type Service struct {
+	pb.UnimplementedManagerServer
+	boxService.Adapter
+
+	ctx        context.Context
+	logger     log.ContextLogger
+	listener   *listener.Listener
+	tlsConfig  tls.ServerConfig
+	grpcServer *grpc.Server
+	manager    CM.Manager
+	options    option.NodeManagerServerServiceOptions
+
+	mtx sync.Mutex
+}
+
+func NewService(ctx context.Context, logger log.ContextLogger, tag string, options option.NodeManagerServerServiceOptions) (adapter.Service, error) {
+	return &Service{
+		Adapter: boxService.NewAdapter(C.TypeManager, tag),
+		ctx:     ctx,
+		logger:  logger,
+		listener: listener.New(listener.Options{
+			Context: ctx,
+			Logger:  logger,
+			Network: []string{N.NetworkTCP},
+			Listen:  options.ListenOptions,
+		}),
+		options: options,
+	}, nil
+}
+
+func (s *Service) AddNode(node *pb.Node, stream grpc.ServerStreamingServer[pb.NodeData]) error {
+	remoteNode, errChan := NewRemoteNode(s.ctx, s.logger, stream)
+	err := s.manager.AddNode(node.Uuid, remoteNode)
+	if err != nil {
+		if err == CM.ErrNotFound {
+			return err
+		} else {
+			s.logger.Error(err)
+			return E.New("internal error")
+		}
+	}
+	return <-errChan
+}
+
+func (s *Service) AcquireLock(ctx context.Context, request *pb.AcquireLockRequest) (*pb.LockData, error) {
+	handleId, err := s.manager.AcquireLock(int(request.LimiterId), request.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.LockData{HandleId: handleId}, nil
+}
+
+func (s *Service) RefreshLock(ctx context.Context, data *pb.LockData) (*pb.Empty, error) {
+	return nil, s.manager.RefreshLock(int(data.LimiterId), data.Id, data.HandleId)
+}
+
+func (s *Service) ReleaseLock(ctx context.Context, data *pb.LockData) (*pb.Empty, error) {
+	return nil, s.manager.ReleaseLock(int(data.LimiterId), data.Id, data.HandleId)
+}
+
+func (s *Service) Start(stage adapter.StartStage) error {
+	if stage != adapter.StartStateStart {
+		return nil
+	}
+	boxManager := service.FromContext[adapter.ServiceManager](s.ctx)
+	service, ok := boxManager.Get(s.options.Manager)
+	if !ok {
+		return E.New("manager ", s.options.Manager, " not found")
+	}
+	s.manager, ok = service.(CM.Manager)
+	if !ok {
+		return E.New("invalid", s.options.Manager, " manager")
+	}
+	if s.options.TLS != nil {
+		tlsConfig, err := tls.NewServer(s.ctx, s.logger, common.PtrValueOrDefault(s.options.TLS))
+		if err != nil {
+			return err
+		}
+		s.tlsConfig = tlsConfig
+	}
+	if s.tlsConfig != nil {
+		err := s.tlsConfig.Start()
+		if err != nil {
+			return E.Cause(err, "create TLS config")
+		}
+	}
+	tcpListener, err := s.listener.ListenTCP()
+	if err != nil {
+		return err
+	}
+	if s.tlsConfig != nil {
+		if !common.Contains(s.tlsConfig.NextProtos(), http2.NextProtoTLS) {
+			s.tlsConfig.SetNextProtos(append([]string{"h2"}, s.tlsConfig.NextProtos()...))
+		}
+		tcpListener = aTLS.NewListener(tcpListener, s.tlsConfig)
+	}
+	s.grpcServer = grpc.NewServer()
+	pb.RegisterManagerServer(s.grpcServer, s)
+	go func() {
+		err = s.grpcServer.Serve(tcpListener)
+		if err != nil && !errors.Is(err, grpc.ErrServerStopped) {
+			s.logger.Error("serve error: ", err)
+		}
+	}()
+	return nil
+}
+
+func (s *Service) Close() error {
+	return nil
+}