//Package generate the InbounderConfig used by add inbound package controller import ( "encoding/json" "fmt" "github.com/XrayR-project/XrayR/api" "github.com/XrayR-project/XrayR/common/legocmd" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/uuid" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/infra/conf" ) //InboundBuilder build Inbound config for different protocol func InboundBuilder(config *Config, nodeInfo *api.NodeInfo, tag string) (*core.InboundHandlerConfig, error) { inboundDetourConfig := &conf.InboundDetourConfig{} // Build Listen IP address if nodeInfo.NodeType == "Shadowsocks-Plugin" { // Shdowsocks listen in 127.0.0.1 for safety inboundDetourConfig.ListenOn = &conf.Address{net.ParseAddress("127.0.0.1")} } else if config.ListenIP != "" { ipAddress := net.ParseAddress(config.ListenIP) inboundDetourConfig.ListenOn = &conf.Address{ipAddress} } // Build Port portList := &conf.PortList{ Range: []conf.PortRange{{From: uint32(nodeInfo.Port), To: uint32(nodeInfo.Port)}}, } inboundDetourConfig.PortList = portList // Build Tag inboundDetourConfig.Tag = tag // SniffingConfig sniffingConfig := &conf.SniffingConfig{ Enabled: true, DestOverride: &conf.StringList{"http", "tls"}, } if config.DisableSniffing { sniffingConfig.Enabled = false } inboundDetourConfig.SniffingConfig = sniffingConfig var ( protocol string streamSetting *conf.StreamConfig setting json.RawMessage ) var proxySetting interface{} // Build Protocol and Protocol setting if nodeInfo.NodeType == "V2ray" { if nodeInfo.EnableVless { protocol = "vless" // Enable fallback if config.EnableFallback { fallbackConfigs, err := buildVlessFallbacks(config.FallBackConfigs) if err == nil { proxySetting = &conf.VLessInboundConfig{ Decryption: "none", Fallbacks: fallbackConfigs, } } else { return nil, err } } else { proxySetting = &conf.VLessInboundConfig{ Decryption: "none", } } } else { protocol = "vmess" proxySetting = &conf.VMessInboundConfig{} } } else if nodeInfo.NodeType == "Trojan" { protocol = "trojan" // Enable fallback if config.EnableFallback { fallbackConfigs, err := buildTrojanFallbacks(config.FallBackConfigs) if err == nil { proxySetting = &conf.TrojanServerConfig{ Fallbacks: fallbackConfigs, } } else { return nil, err } } else { proxySetting = &conf.TrojanServerConfig{} } } else if nodeInfo.NodeType == "Shadowsocks" || nodeInfo.NodeType == "Shadowsocks-Plugin" { protocol = "shadowsocks" proxySetting = &conf.ShadowsocksServerConfig{} randomPasswd := uuid.New() defaultSSuser := &conf.ShadowsocksUserConfig{ Cipher: "aes-128-gcm", Password: randomPasswd.String(), } proxySetting, _ := proxySetting.(*conf.ShadowsocksServerConfig) proxySetting.Users = append(proxySetting.Users, defaultSSuser) proxySetting.NetworkList = &conf.NetworkList{"tcp", "udp"} proxySetting.IVCheck = true if config.DisableIVCheck { proxySetting.IVCheck = false } } else if nodeInfo.NodeType == "dokodemo-door" { protocol = "dokodemo-door" proxySetting = struct { Host string `json:"address"` NetworkList []string `json:"network"` }{ Host: "v1.mux.cool", NetworkList: []string{"tcp", "udp"}, } } else { return nil, fmt.Errorf("Unsupported node type: %s, Only support: V2ray, Trojan, Shadowsocks, and Shadowsocks-Plugin", nodeInfo.NodeType) } setting, err := json.Marshal(proxySetting) if err != nil { return nil, fmt.Errorf("Marshal proxy %s config fialed: %s", nodeInfo.NodeType, err) } // Build streamSettings streamSetting = new(conf.StreamConfig) transportProtocol := conf.TransportProtocol(nodeInfo.TransportProtocol) networkType, err := transportProtocol.Build() if err != nil { return nil, fmt.Errorf("convert TransportProtocol failed: %s", err) } if networkType == "tcp" { tcpSetting := &conf.TCPConfig{ AcceptProxyProtocol: config.EnableProxyProtocol, HeaderConfig: nodeInfo.Header, } streamSetting.TCPSettings = tcpSetting } else if networkType == "websocket" { headers := make(map[string]string) headers["Host"] = nodeInfo.Host wsSettings := &conf.WebSocketConfig{ AcceptProxyProtocol: config.EnableProxyProtocol, Path: nodeInfo.Path, Headers: headers, } streamSetting.WSSettings = wsSettings } else if networkType == "http" { hosts := conf.StringList{nodeInfo.Host} httpSettings := &conf.HTTPConfig{ Host: &hosts, Path: nodeInfo.Path, } streamSetting.HTTPSettings = httpSettings } else if networkType == "grpc" { grpcSettings := &conf.GRPCConfig{ ServiceName: nodeInfo.ServiceName, } streamSetting.GRPCConfig = grpcSettings } streamSetting.Network = &transportProtocol // Build TLS and XTLS settings if nodeInfo.EnableTLS && config.CertConfig.CertMode != "none" { streamSetting.Security = nodeInfo.TLSType certFile, keyFile, err := getCertFile(config.CertConfig) if err != nil { return nil, err } if nodeInfo.TLSType == "tls" { tlsSettings := &conf.TLSConfig{ RejectUnknownSNI: config.CertConfig.RejectUnknownSni, } tlsSettings.Certs = append(tlsSettings.Certs, &conf.TLSCertConfig{CertFile: certFile, KeyFile: keyFile, OcspStapling: 3600}) streamSetting.TLSSettings = tlsSettings } else if nodeInfo.TLSType == "xtls" { xtlsSettings := &conf.XTLSConfig{ RejectUnknownSNI: config.CertConfig.RejectUnknownSni, } xtlsSettings.Certs = append(xtlsSettings.Certs, &conf.XTLSCertConfig{CertFile: certFile, KeyFile: keyFile, OcspStapling: 3600}) streamSetting.XTLSSettings = xtlsSettings } } // Support ProxyProtocol for any transport protocol if networkType != "tcp" && networkType != "ws" && config.EnableProxyProtocol { sockoptConfig := &conf.SocketConfig{ AcceptProxyProtocol: config.EnableProxyProtocol, } streamSetting.SocketSettings = sockoptConfig } inboundDetourConfig.Protocol = protocol inboundDetourConfig.StreamSetting = streamSetting inboundDetourConfig.Settings = &setting return inboundDetourConfig.Build() } func getCertFile(certConfig *CertConfig) (certFile string, keyFile string, err error) { if certConfig.CertMode == "file" { if certConfig.CertFile == "" || certConfig.KeyFile == "" { return "", "", fmt.Errorf("Cert file path or key file path not exist") } return certConfig.CertFile, certConfig.KeyFile, nil } else if certConfig.CertMode == "dns" { lego, err := legocmd.New() if err != nil { return "", "", err } certPath, keyPath, err := lego.DNSCert(certConfig.CertDomain, certConfig.Email, certConfig.Provider, certConfig.DNSEnv) if err != nil { return "", "", err } return certPath, keyPath, err } else if certConfig.CertMode == "http" { lego, err := legocmd.New() if err != nil { return "", "", err } certPath, keyPath, err := lego.HTTPCert(certConfig.CertDomain, certConfig.Email) if err != nil { return "", "", err } return certPath, keyPath, err } return "", "", fmt.Errorf("Unsupported certmode: %s", certConfig.CertMode) } func buildVlessFallbacks(fallbackConfigs []*FallBackConfig) ([]*conf.VLessInboundFallback, error) { if fallbackConfigs == nil { return nil, fmt.Errorf("You must provide FallBackConfigs") } vlessFallBacks := make([]*conf.VLessInboundFallback, len(fallbackConfigs)) for i, c := range fallbackConfigs { if c.Dest == "" { return nil, fmt.Errorf("Dest is required for fallback fialed") } var dest json.RawMessage dest, err := json.Marshal(c.Dest) if err != nil { return nil, fmt.Errorf("Marshal dest %s config fialed: %s", dest, err) } vlessFallBacks[i] = &conf.VLessInboundFallback{ Name: c.SNI, Alpn: c.Alpn, Path: c.Path, Dest: dest, Xver: c.ProxyProtocolVer, } } return vlessFallBacks, nil } func buildTrojanFallbacks(fallbackConfigs []*FallBackConfig) ([]*conf.TrojanInboundFallback, error) { if fallbackConfigs == nil { return nil, fmt.Errorf("You must provide FallBackConfigs") } trojanFallBacks := make([]*conf.TrojanInboundFallback, len(fallbackConfigs)) for i, c := range fallbackConfigs { if c.Dest == "" { return nil, fmt.Errorf("Dest is required for fallback fialed") } var dest json.RawMessage dest, err := json.Marshal(c.Dest) if err != nil { return nil, fmt.Errorf("Marshal dest %s config fialed: %s", dest, err) } trojanFallBacks[i] = &conf.TrojanInboundFallback{ Name: c.SNI, Alpn: c.Alpn, Path: c.Path, Dest: dest, Xver: c.ProxyProtocolVer, } } return trojanFallBacks, nil }