mirror of
https://github.com/XrayR-project/XrayR.git
synced 2025-06-08 05:19:54 +00:00
e0237f5c54
fix: use "email|uid" for global limit user identify update: tls alpn challenge for apply certificate
241 lines
6.6 KiB
Go
241 lines
6.6 KiB
Go
// Package limiter is to control the links that go into the dispatcher
|
|
package limiter
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/go-redis/redis/v8"
|
|
"golang.org/x/time/rate"
|
|
|
|
"github.com/XrayR-project/XrayR/api"
|
|
)
|
|
|
|
type UserInfo struct {
|
|
UID int
|
|
SpeedLimit uint64
|
|
DeviceLimit int
|
|
}
|
|
|
|
type InboundInfo struct {
|
|
Tag string
|
|
NodeSpeedLimit uint64
|
|
UserInfo *sync.Map // Key: Email value: UserInfo
|
|
BucketHub *sync.Map // key: Email, value: *rate.Limiter
|
|
UserOnlineIP *sync.Map // Key: Email Value: *sync.Map: Key: IP, Value: UID
|
|
}
|
|
|
|
type Limiter struct {
|
|
InboundInfo *sync.Map // Key: Tag, Value: *InboundInfo
|
|
r *redis.Client
|
|
g struct {
|
|
limit int
|
|
timeout int
|
|
expiry int
|
|
}
|
|
}
|
|
|
|
func New() *Limiter {
|
|
return &Limiter{
|
|
InboundInfo: new(sync.Map),
|
|
}
|
|
}
|
|
|
|
func (l *Limiter) AddInboundLimiter(tag string, nodeSpeedLimit uint64, userList *[]api.UserInfo, globalDeviceLimit *GlobalDeviceLimitConfig) error {
|
|
// global limit
|
|
if globalDeviceLimit.Limit > 0 {
|
|
l.r = redis.NewClient(&redis.Options{
|
|
Addr: globalDeviceLimit.RedisAddr,
|
|
Password: globalDeviceLimit.RedisPassword,
|
|
DB: globalDeviceLimit.RedisDB,
|
|
})
|
|
l.g.limit = globalDeviceLimit.Limit
|
|
l.g.timeout = globalDeviceLimit.Timeout
|
|
l.g.expiry = globalDeviceLimit.Expiry
|
|
}
|
|
|
|
inboundInfo := &InboundInfo{
|
|
Tag: tag,
|
|
NodeSpeedLimit: nodeSpeedLimit,
|
|
BucketHub: new(sync.Map),
|
|
UserOnlineIP: new(sync.Map),
|
|
}
|
|
userMap := new(sync.Map)
|
|
for _, u := range *userList {
|
|
userMap.Store(fmt.Sprintf("%s|%s|%d", tag, u.Email, u.UID), UserInfo{
|
|
UID: u.UID,
|
|
SpeedLimit: u.SpeedLimit,
|
|
DeviceLimit: u.DeviceLimit,
|
|
})
|
|
}
|
|
inboundInfo.UserInfo = userMap
|
|
l.InboundInfo.Store(tag, inboundInfo) // Replace the old inbound info
|
|
return nil
|
|
}
|
|
|
|
func (l *Limiter) UpdateInboundLimiter(tag string, updatedUserList *[]api.UserInfo) error {
|
|
|
|
if value, ok := l.InboundInfo.Load(tag); ok {
|
|
inboundInfo := value.(*InboundInfo)
|
|
// Update User info
|
|
for _, u := range *updatedUserList {
|
|
inboundInfo.UserInfo.Store(fmt.Sprintf("%s|%s|%d", tag, u.Email, u.UID), UserInfo{
|
|
UID: u.UID,
|
|
SpeedLimit: u.SpeedLimit,
|
|
DeviceLimit: u.DeviceLimit,
|
|
})
|
|
// Update old limiter bucket
|
|
limit := determineRate(inboundInfo.NodeSpeedLimit, u.SpeedLimit)
|
|
if limit > 0 {
|
|
if bucket, ok := inboundInfo.BucketHub.Load(fmt.Sprintf("%s|%s|%d", tag, u.Email, u.UID)); ok {
|
|
limiter := bucket.(*rate.Limiter)
|
|
limiter.SetLimit(rate.Limit(limit))
|
|
limiter.SetBurst(int(limit))
|
|
}
|
|
} else {
|
|
inboundInfo.BucketHub.Delete(fmt.Sprintf("%s|%s|%d", tag, u.Email, u.UID))
|
|
}
|
|
}
|
|
} else {
|
|
return fmt.Errorf("no such inbound in limiter: %s", tag)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (l *Limiter) DeleteInboundLimiter(tag string) error {
|
|
l.InboundInfo.Delete(tag)
|
|
return nil
|
|
}
|
|
|
|
func (l *Limiter) GetOnlineDevice(tag string) (*[]api.OnlineUser, error) {
|
|
onlineUser := make([]api.OnlineUser, 0)
|
|
if value, ok := l.InboundInfo.Load(tag); ok {
|
|
inboundInfo := value.(*InboundInfo)
|
|
// Clear Speed Limiter bucket for users who are not online
|
|
inboundInfo.BucketHub.Range(func(key, value interface{}) bool {
|
|
email := key.(string)
|
|
if _, exists := inboundInfo.UserOnlineIP.Load(email); !exists {
|
|
inboundInfo.BucketHub.Delete(email)
|
|
}
|
|
return true
|
|
})
|
|
inboundInfo.UserOnlineIP.Range(func(key, value interface{}) bool {
|
|
ipMap := value.(*sync.Map)
|
|
ipMap.Range(func(key, value interface{}) bool {
|
|
ip := key.(string)
|
|
uid := value.(int)
|
|
onlineUser = append(onlineUser, api.OnlineUser{UID: uid, IP: ip})
|
|
return true
|
|
})
|
|
email := key.(string)
|
|
inboundInfo.UserOnlineIP.Delete(email) // Reset online device
|
|
return true
|
|
})
|
|
} else {
|
|
return nil, fmt.Errorf("no such inbound in limiter: %s", tag)
|
|
}
|
|
return &onlineUser, nil
|
|
}
|
|
|
|
func (l *Limiter) GetUserBucket(tag string, email string, ip string) (limiter *rate.Limiter, SpeedLimit bool, Reject bool) {
|
|
if value, ok := l.InboundInfo.Load(tag); ok {
|
|
inboundInfo := value.(*InboundInfo)
|
|
nodeLimit := inboundInfo.NodeSpeedLimit
|
|
var (
|
|
userLimit uint64 = 0
|
|
deviceLimit, uid int
|
|
)
|
|
|
|
if v, ok := inboundInfo.UserInfo.Load(email); ok {
|
|
u := v.(UserInfo)
|
|
uid = u.UID
|
|
userLimit = u.SpeedLimit
|
|
deviceLimit = u.DeviceLimit
|
|
}
|
|
|
|
// Global device limit
|
|
if l.g.limit > 0 {
|
|
ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(l.g.timeout))
|
|
defer cancel()
|
|
uidString := email[strings.Index(email, "|")+1:]
|
|
// If any device is online
|
|
if exists, err := l.r.Exists(ctx, uidString).Result(); err != nil {
|
|
newError(fmt.Sprintf("Redis: %v", err)).AtError().WriteToLog()
|
|
} else if exists == 0 { // No user is online
|
|
l.r.SAdd(ctx, uidString, ip)
|
|
l.r.Expire(ctx, uidString, time.Second*time.Duration(l.g.expiry))
|
|
} else {
|
|
// If this ip is a new device
|
|
if online, err := l.r.SIsMember(ctx, uidString, ip).Result(); err != nil {
|
|
newError(fmt.Sprintf("Redis: %v", err)).AtError().WriteToLog()
|
|
} else if !online {
|
|
l.r.SAdd(ctx, uidString, ip)
|
|
if l.r.SCard(ctx, uidString).Val() > int64(l.g.limit) {
|
|
l.r.SRem(ctx, uidString, ip)
|
|
return nil, false, true
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Local device limit
|
|
ipMap := new(sync.Map)
|
|
ipMap.Store(ip, uid)
|
|
// If any device is online
|
|
if v, ok := inboundInfo.UserOnlineIP.LoadOrStore(email, ipMap); ok {
|
|
ipMap := v.(*sync.Map)
|
|
// If this ip is a new device
|
|
if _, ok := ipMap.LoadOrStore(ip, uid); !ok {
|
|
counter := 0
|
|
ipMap.Range(func(key, value interface{}) bool {
|
|
counter++
|
|
return true
|
|
})
|
|
if counter > deviceLimit && deviceLimit > 0 {
|
|
ipMap.Delete(ip)
|
|
return nil, false, true
|
|
}
|
|
}
|
|
}
|
|
limit := determineRate(nodeLimit, userLimit) // If need the Speed limit
|
|
if limit > 0 {
|
|
limiter := rate.NewLimiter(rate.Limit(limit), int(limit)) // Byte/s
|
|
if v, ok := inboundInfo.BucketHub.LoadOrStore(email, limiter); ok {
|
|
bucket := v.(*rate.Limiter)
|
|
return bucket, true, false
|
|
} else {
|
|
return limiter, true, false
|
|
}
|
|
} else {
|
|
return nil, false, false
|
|
}
|
|
} else {
|
|
newError("Get Inbound Limiter information failed").AtDebug().WriteToLog()
|
|
return nil, false, false
|
|
}
|
|
}
|
|
|
|
// determineRate returns the minimum non-zero rate
|
|
func determineRate(nodeLimit, userLimit uint64) (limit uint64) {
|
|
if nodeLimit == 0 || userLimit == 0 {
|
|
if nodeLimit > userLimit {
|
|
return nodeLimit
|
|
} else if nodeLimit < userLimit {
|
|
return userLimit
|
|
} else {
|
|
return 0
|
|
}
|
|
} else {
|
|
if nodeLimit > userLimit {
|
|
return userLimit
|
|
} else if nodeLimit < userLimit {
|
|
return nodeLimit
|
|
} else {
|
|
return nodeLimit
|
|
}
|
|
}
|
|
}
|