mirror of
https://github.com/lkddi/Xboard.git
synced 2026-04-24 03:57:27 +08:00
feat: machine mode, ECH subscriptions, batch ops & security hardening
This commit is contained in:
xboard
@@ -0,0 +1,205 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\V2\Admin\Server;
|
||||
|
||||
use App\Exceptions\ApiException;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\Server;
|
||||
use App\Models\ServerMachine;
|
||||
use App\Models\ServerMachineLoadHistory;
|
||||
use App\Services\NodeSyncService;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class MachineController extends Controller
|
||||
{
|
||||
/**
|
||||
* 获取机器列表(附带关联节点数)
|
||||
*/
|
||||
public function fetch(Request $request)
|
||||
{
|
||||
$machines = ServerMachine::withCount('servers')
|
||||
->orderBy('id')
|
||||
->get()
|
||||
->map(function (ServerMachine $machine) {
|
||||
return [
|
||||
'id' => $machine->id,
|
||||
'name' => $machine->name,
|
||||
'notes' => $machine->notes,
|
||||
'is_active' => $machine->is_active,
|
||||
'last_seen_at' => $machine->last_seen_at,
|
||||
'load_status' => $machine->load_status,
|
||||
'servers_count' => $machine->servers_count,
|
||||
'created_at' => $machine->created_at,
|
||||
'updated_at' => $machine->updated_at,
|
||||
];
|
||||
});
|
||||
|
||||
return $this->success($machines);
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 / 更新机器
|
||||
*/
|
||||
public function save(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'id' => 'nullable|integer|exists:v2_server_machine,id',
|
||||
'name' => 'required|string|max:255',
|
||||
'notes' => 'nullable|string',
|
||||
'is_active' => 'nullable|boolean',
|
||||
]);
|
||||
|
||||
if (!empty($params['id'])) {
|
||||
$machine = ServerMachine::find($params['id']);
|
||||
$update = ['name' => $params['name']];
|
||||
if (array_key_exists('notes', $params)) {
|
||||
$update['notes'] = $params['notes'];
|
||||
}
|
||||
if (array_key_exists('is_active', $params)) {
|
||||
$update['is_active'] = $params['is_active'];
|
||||
}
|
||||
$machine->update($update);
|
||||
return $this->success(true);
|
||||
}
|
||||
|
||||
$machine = ServerMachine::create([
|
||||
'name' => $params['name'],
|
||||
'notes' => $params['notes'] ?? null,
|
||||
'is_active' => $params['is_active'] ?? true,
|
||||
'token' => ServerMachine::generateToken(),
|
||||
]);
|
||||
|
||||
return $this->success([
|
||||
'id' => $machine->id,
|
||||
'token' => $machine->token,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 重置机器 Token
|
||||
*/
|
||||
public function resetToken(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'id' => 'required|integer|exists:v2_server_machine,id',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::find($params['id']);
|
||||
$token = ServerMachine::generateToken();
|
||||
$machine->update(['token' => $token]);
|
||||
|
||||
return $this->success(['token' => $token]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取机器 Token(仅展示一次,用于首次配置)
|
||||
*/
|
||||
public function getToken(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'id' => 'required|integer|exists:v2_server_machine,id',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::find($params['id']);
|
||||
|
||||
return $this->success(['token' => $machine->token]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取机器模式一键安装命令
|
||||
*/
|
||||
public function installCommand(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'id' => 'required|integer|exists:v2_server_machine,id',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::find($params['id']);
|
||||
|
||||
return $this->success([
|
||||
'command' => $this->buildInstallCommand($request, $machine),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除机器(自动解除关联节点)
|
||||
*/
|
||||
public function drop(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'id' => 'required|integer|exists:v2_server_machine,id',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::find($params['id']);
|
||||
$machineId = $machine->id;
|
||||
|
||||
// Detach nodes first (sets machine_id = null), then delete and notify
|
||||
Server::where('machine_id', $machineId)->update(['machine_id' => null]);
|
||||
$machine->delete();
|
||||
|
||||
// Notify with empty node list so WS process cleans up registry
|
||||
NodeSyncService::notifyMachineNodesChanged($machineId);
|
||||
|
||||
return $this->success(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取机器下的节点列表
|
||||
*/
|
||||
public function nodes(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'machine_id' => 'required|integer|exists:v2_server_machine,id',
|
||||
]);
|
||||
|
||||
$nodes = Server::where('machine_id', $params['machine_id'])
|
||||
->orderBy('sort')
|
||||
->get(['id', 'name', 'type', 'host', 'port', 'show', 'enabled', 'sort']);
|
||||
|
||||
return $this->success($nodes);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取机器负载历史
|
||||
*/
|
||||
public function history(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'machine_id' => 'required|integer|exists:v2_server_machine,id',
|
||||
'limit' => 'nullable|integer|min:10|max:1440',
|
||||
]);
|
||||
|
||||
$limit = (int) ($params['limit'] ?? 60);
|
||||
|
||||
$history = ServerMachineLoadHistory::query()
|
||||
->where('machine_id', $params['machine_id'])
|
||||
->orderByDesc('recorded_at')
|
||||
->limit($limit)
|
||||
->get([
|
||||
'cpu',
|
||||
'mem_total',
|
||||
'mem_used',
|
||||
'disk_total',
|
||||
'disk_used',
|
||||
'recorded_at',
|
||||
])
|
||||
->reverse()
|
||||
->values();
|
||||
|
||||
return $this->success($history);
|
||||
}
|
||||
|
||||
private function buildInstallCommand(Request $request, ServerMachine $machine): string
|
||||
{
|
||||
$panelUrl = rtrim((string) (config('app.url') ?: $request->getSchemeAndHttpHost()), '/');
|
||||
$installerUrl = 'https://raw.githubusercontent.com/cedar2025/xboard-node/main/install.sh';
|
||||
|
||||
return sprintf(
|
||||
'bash <(curl -fsSL %s) --panel %s --token %s --machine-id %d --yes',
|
||||
escapeshellarg($installerUrl),
|
||||
escapeshellarg($panelUrl),
|
||||
escapeshellarg($machine->token),
|
||||
$machine->id
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -73,25 +73,36 @@ class ManageController extends Controller
|
||||
Log::error($e);
|
||||
return $this->fail([500, '创建失败']);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$request->validate([
|
||||
$params = $request->validate([
|
||||
'id' => 'required|integer',
|
||||
'show' => 'integer',
|
||||
'show' => 'nullable|integer',
|
||||
'machine_id' => 'nullable|integer',
|
||||
'enabled' => 'nullable|boolean',
|
||||
]);
|
||||
|
||||
$server = Server::find($request->id);
|
||||
if (!$server) {
|
||||
return $this->fail([400202, '服务器不存在']);
|
||||
}
|
||||
$server->show = (int) $request->show;
|
||||
|
||||
if (array_key_exists('show', $params)) {
|
||||
$server->show = (int) $params['show'];
|
||||
}
|
||||
if (array_key_exists('machine_id', $params)) {
|
||||
$server->machine_id = $params['machine_id'] ?: null;
|
||||
}
|
||||
if (array_key_exists('enabled', $params)) {
|
||||
$server->enabled = (bool) $params['enabled'];
|
||||
}
|
||||
|
||||
if (!$server->save()) {
|
||||
return $this->fail([500, '保存失败']);
|
||||
}
|
||||
|
||||
return $this->success(true);
|
||||
}
|
||||
|
||||
@@ -105,9 +116,14 @@ class ManageController extends Controller
|
||||
$request->validate([
|
||||
'id' => 'required|integer',
|
||||
]);
|
||||
if (Server::where('id', $request->id)->delete() === false) {
|
||||
$server = Server::find($request->id);
|
||||
if (!$server) {
|
||||
return $this->fail([400202, '服务器不存在']);
|
||||
}
|
||||
if ($server->delete() === false) {
|
||||
return $this->fail([500, '删除失败']);
|
||||
}
|
||||
|
||||
return $this->success(true);
|
||||
}
|
||||
|
||||
@@ -200,6 +216,40 @@ class ManageController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 批量更新节点属性(show等)
|
||||
*/
|
||||
public function batchUpdate(Request $request)
|
||||
{
|
||||
$params = $request->validate([
|
||||
'ids' => 'required|array',
|
||||
'ids.*' => 'integer',
|
||||
'show' => 'nullable|integer|in:0,1',
|
||||
]);
|
||||
|
||||
$ids = $params['ids'];
|
||||
if (empty($ids)) {
|
||||
return $this->fail([400, '请选择要更新的节点']);
|
||||
}
|
||||
|
||||
$update = [];
|
||||
if (array_key_exists('show', $params) && $params['show'] !== null) {
|
||||
$update['show'] = (int) $params['show'];
|
||||
}
|
||||
|
||||
if (empty($update)) {
|
||||
return $this->fail([400, '没有可更新的字段']);
|
||||
}
|
||||
|
||||
try {
|
||||
Server::whereIn('id', $ids)->update($update);
|
||||
return $this->success(true);
|
||||
} catch (\Exception $e) {
|
||||
Log::error($e);
|
||||
return $this->fail([500, '批量更新失败']);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 复制节点
|
||||
* @param \Illuminate\Http\Request $request
|
||||
@@ -221,4 +271,57 @@ class ManageController extends Controller
|
||||
|
||||
return $this->success(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate ECH (Encrypted Client Hello) key pair.
|
||||
* Returns PEM-encoded ECH key (server-side) and ECH config (client-side).
|
||||
*/
|
||||
public function generateEchKey(Request $request)
|
||||
{
|
||||
$publicName = $request->input('public_name', 'ech.example.com');
|
||||
if (strlen($publicName) < 1 || strlen($publicName) > 253) {
|
||||
throw new ApiException('public_name must be a valid domain (1-253 bytes)');
|
||||
}
|
||||
|
||||
// Generate X25519 key pair
|
||||
$privateKey = random_bytes(32);
|
||||
$publicKey = sodium_crypto_scalarmult_base($privateKey);
|
||||
|
||||
$configId = random_int(0, 255);
|
||||
|
||||
// Build ECHConfigContents (draft-ietf-tls-esni-18)
|
||||
$contents = '';
|
||||
$contents .= pack('C', $configId); // config_id
|
||||
$contents .= pack('n', 0x0020); // kem_id: DHKEM(X25519)
|
||||
$contents .= pack('n', 32) . $publicKey; // public_key (length-prefixed)
|
||||
// cipher_suites: 2 suites × 4 bytes = 8 bytes
|
||||
$contents .= pack('n', 8); // cipher_suites byte length
|
||||
$contents .= pack('nn', 0x0001, 0x0001); // HKDF-SHA256 + AES-128-GCM
|
||||
$contents .= pack('nn', 0x0001, 0x0003); // HKDF-SHA256 + ChaCha20Poly1305
|
||||
$contents .= pack('C', 0); // max_name_length
|
||||
$contents .= pack('C', strlen($publicName)) . $publicName;
|
||||
$contents .= pack('n', 0); // extensions: empty
|
||||
|
||||
// ECHConfig = version(2) + length(2) + contents
|
||||
$echConfig = pack('n', 0xfe0d) . pack('n', strlen($contents)) . $contents;
|
||||
|
||||
// ECHConfigList = total_length(2) + configs
|
||||
$echConfigList = pack('n', strlen($echConfig)) . $echConfig;
|
||||
|
||||
// ECH Keys = private_key_len(2) + key(32) + config_len(2) + config
|
||||
$echKeysPayload = pack('n', 32) . $privateKey . pack('n', strlen($echConfig)) . $echConfig;
|
||||
|
||||
$keyPem = "-----BEGIN ECH KEYS-----\n"
|
||||
. chunk_split(base64_encode($echKeysPayload), 64, "\n")
|
||||
. "-----END ECH KEYS-----";
|
||||
|
||||
$configPem = "-----BEGIN ECH CONFIGS-----\n"
|
||||
. chunk_split(base64_encode($echConfigList), 64, "\n")
|
||||
. "-----END ECH CONFIGS-----";
|
||||
|
||||
return $this->success([
|
||||
'key' => $keyPem,
|
||||
'config' => $configPem,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,118 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\V2\Server;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\ServerMachine;
|
||||
use App\Models\ServerMachineLoadHistory;
|
||||
use App\Services\ServerService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
/**
|
||||
* machine controller
|
||||
*/
|
||||
class MachineController extends Controller
|
||||
{
|
||||
/**
|
||||
* get nodes list for machine
|
||||
*/
|
||||
public function nodes(Request $request): JsonResponse
|
||||
{
|
||||
$machine = $this->authenticateMachine($request);
|
||||
|
||||
$nodes = ServerService::getMachineNodes($machine)
|
||||
->map(fn($node) => [
|
||||
'id' => $node->id,
|
||||
'type' => $node->type,
|
||||
'name' => $node->name,
|
||||
])->values();
|
||||
|
||||
return response()->json([
|
||||
'nodes' => $nodes,
|
||||
'base_config' => [
|
||||
'push_interval' => (int) admin_setting('server_push_interval', 60),
|
||||
'pull_interval' => (int) admin_setting('server_pull_interval', 60),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* report machine status
|
||||
*/
|
||||
public function status(Request $request): JsonResponse
|
||||
{
|
||||
$request->validate([
|
||||
'cpu' => 'required|numeric|min:0|max:100',
|
||||
'mem.total' => 'required|integer|min:0',
|
||||
'mem.used' => 'required|integer|min:0',
|
||||
'swap.total' => 'nullable|integer|min:0',
|
||||
'swap.used' => 'nullable|integer|min:0',
|
||||
'disk.total' => 'nullable|integer|min:0',
|
||||
'disk.used' => 'nullable|integer|min:0',
|
||||
]);
|
||||
|
||||
$machine = $this->authenticateMachine($request);
|
||||
$recordedAt = now()->timestamp;
|
||||
|
||||
$machine->forceFill([
|
||||
'load_status' => [
|
||||
'cpu' => (float) $request->input('cpu'),
|
||||
'mem' => [
|
||||
'total' => (int) $request->input('mem.total'),
|
||||
'used' => (int) $request->input('mem.used'),
|
||||
],
|
||||
'swap' => [
|
||||
'total' => (int) $request->input('swap.total', 0),
|
||||
'used' => (int) $request->input('swap.used', 0),
|
||||
],
|
||||
'disk' => [
|
||||
'total' => (int) $request->input('disk.total', 0),
|
||||
'used' => (int) $request->input('disk.used', 0),
|
||||
],
|
||||
'updated_at' => $recordedAt,
|
||||
],
|
||||
'last_seen_at' => $recordedAt,
|
||||
])->save();
|
||||
|
||||
ServerMachineLoadHistory::create([
|
||||
'machine_id' => $machine->id,
|
||||
'cpu' => (float) $request->input('cpu'),
|
||||
'mem_total' => (int) $request->input('mem.total'),
|
||||
'mem_used' => (int) $request->input('mem.used'),
|
||||
'disk_total' => (int) $request->input('disk.total', 0),
|
||||
'disk_used' => (int) $request->input('disk.used', 0),
|
||||
'recorded_at' => $recordedAt,
|
||||
]);
|
||||
|
||||
// Time-based cleanup: keep 24h of data, runs on ~5% of requests
|
||||
if (random_int(1, 20) === 1) {
|
||||
ServerMachineLoadHistory::query()
|
||||
->where('machine_id', $machine->id)
|
||||
->where('recorded_at', '<', now()->subDay()->timestamp)
|
||||
->delete();
|
||||
}
|
||||
|
||||
return response()->json(['data' => true]);
|
||||
}
|
||||
|
||||
private function authenticateMachine(Request $request): ServerMachine
|
||||
{
|
||||
$request->validate([
|
||||
'machine_id' => 'required|integer',
|
||||
'token' => 'required|string',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::where('id', $request->input('machine_id'))
|
||||
->where('token', $request->input('token'))
|
||||
->first();
|
||||
|
||||
if (!$machine || !$machine->is_active) {
|
||||
abort(403, 'Machine not found or disabled');
|
||||
}
|
||||
|
||||
$machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly();
|
||||
|
||||
return $machine;
|
||||
}
|
||||
}
|
||||
@@ -3,14 +3,9 @@
|
||||
namespace App\Http\Controllers\V2\Server;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Services\DeviceStateService;
|
||||
use App\Services\ServerService;
|
||||
use App\Services\UserService;
|
||||
use App\Utils\CacheKey;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Log;
|
||||
|
||||
class ServerController extends Controller
|
||||
{
|
||||
@@ -43,91 +38,34 @@ class ServerController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* node report api - merge traffic + alive + status
|
||||
* POST /api/v2/server/node/report
|
||||
* node report api - merge traffic + alive + status + metrics
|
||||
*/
|
||||
public function report(Request $request): JsonResponse
|
||||
{
|
||||
$node = $request->attributes->get('node_info');
|
||||
$nodeType = $node->type;
|
||||
$nodeId = $node->id;
|
||||
|
||||
Cache::put(CacheKey::get('SERVER_' . strtoupper($nodeType) . '_LAST_CHECK_AT', $nodeId), time(), 3600);
|
||||
ServerService::touchNode($node);
|
||||
|
||||
// hanle traffic data
|
||||
$traffic = $request->input('traffic');
|
||||
if (is_array($traffic) && !empty($traffic)) {
|
||||
$data = array_filter($traffic, function ($item) {
|
||||
return is_array($item)
|
||||
&& count($item) === 2
|
||||
&& is_numeric($item[0])
|
||||
&& is_numeric($item[1]);
|
||||
});
|
||||
|
||||
if (!empty($data)) {
|
||||
Cache::put(
|
||||
CacheKey::get('SERVER_' . strtoupper($nodeType) . '_ONLINE_USER', $nodeId),
|
||||
count($data),
|
||||
3600
|
||||
);
|
||||
Cache::put(
|
||||
CacheKey::get('SERVER_' . strtoupper($nodeType) . '_LAST_PUSH_AT', $nodeId),
|
||||
time(),
|
||||
3600
|
||||
);
|
||||
$userService = new UserService();
|
||||
$userService->trafficFetch($node, $nodeType, $data);
|
||||
}
|
||||
ServerService::processTraffic($node, $traffic);
|
||||
}
|
||||
|
||||
// handle alive data
|
||||
$alive = $request->input('alive');
|
||||
if (is_array($alive) && !empty($alive)) {
|
||||
$deviceStateService = app(DeviceStateService::class);
|
||||
foreach ($alive as $uid => $ips) {
|
||||
$deviceStateService->setDevices((int) $uid, $nodeId, (array) $ips);
|
||||
}
|
||||
ServerService::processAlive($node->id, $alive);
|
||||
}
|
||||
|
||||
// handle active connections
|
||||
$online = $request->input('online');
|
||||
if (is_array($online) && !empty($online)) {
|
||||
$cacheTime = max(300, (int) admin_setting('server_push_interval', 60) * 3);
|
||||
foreach ($online as $uid => $conn) {
|
||||
$cacheKey = CacheKey::get("USER_ONLINE_CONN_{$nodeType}_{$nodeId}", $uid);
|
||||
Cache::put($cacheKey, (int) $conn, $cacheTime);
|
||||
}
|
||||
ServerService::processOnline($node, $online);
|
||||
}
|
||||
|
||||
// handle node status
|
||||
$status = $request->input('status');
|
||||
if (is_array($status) && !empty($status)) {
|
||||
$statusData = [
|
||||
'cpu' => (float) ($status['cpu'] ?? 0),
|
||||
'mem' => [
|
||||
'total' => (int) ($status['mem']['total'] ?? 0),
|
||||
'used' => (int) ($status['mem']['used'] ?? 0),
|
||||
],
|
||||
'swap' => [
|
||||
'total' => (int) ($status['swap']['total'] ?? 0),
|
||||
'used' => (int) ($status['swap']['used'] ?? 0),
|
||||
],
|
||||
'disk' => [
|
||||
'total' => (int) ($status['disk']['total'] ?? 0),
|
||||
'used' => (int) ($status['disk']['used'] ?? 0),
|
||||
],
|
||||
'updated_at' => now()->timestamp,
|
||||
'kernel_status' => $status['kernel_status'] ?? null,
|
||||
];
|
||||
|
||||
$cacheTime = max(300, (int) admin_setting('server_push_interval', 60) * 3);
|
||||
cache([
|
||||
CacheKey::get('SERVER_' . strtoupper($nodeType) . '_LOAD_STATUS', $nodeId) => $statusData,
|
||||
CacheKey::get('SERVER_' . strtoupper($nodeType) . '_LAST_LOAD_AT', $nodeId) => now()->timestamp,
|
||||
], $cacheTime);
|
||||
ServerService::processStatus($node, $status);
|
||||
}
|
||||
|
||||
// handle node metrics (Metrics)
|
||||
$metrics = $request->input('metrics');
|
||||
if (is_array($metrics) && !empty($metrics)) {
|
||||
ServerService::updateMetrics($node, $metrics);
|
||||
|
||||
Reference in New Issue
Block a user