feat: machine mode, ECH subscriptions, batch ops & security hardening

2026-04-24 03:57:27 +08:00 · 2026-04-17 02:27:47 +08:00
parent edbd8de356
commit e297b5fe9f
25 changed files with 1564 additions and 343 deletions
@@ -0,0 +1,205 @@
+<?php
+
+namespace App\Http\Controllers\V2\Admin\Server;
+
+use App\Exceptions\ApiException;
+use App\Http\Controllers\Controller;
+use App\Models\Server;
+use App\Models\ServerMachine;
+use App\Models\ServerMachineLoadHistory;
+use App\Services\NodeSyncService;
+use Illuminate\Http\Request;
+
+class MachineController extends Controller
+{
+    /**
+     * 获取机器列表（附带关联节点数）
+     */
+    public function fetch(Request $request)
+    {
+        $machines = ServerMachine::withCount('servers')
+            ->orderBy('id')
+            ->get()
+            ->map(function (ServerMachine $machine) {
+                return [
+                    'id' => $machine->id,
+                    'name' => $machine->name,
+                    'notes' => $machine->notes,
+                    'is_active' => $machine->is_active,
+                    'last_seen_at' => $machine->last_seen_at,
+                    'load_status' => $machine->load_status,
+                    'servers_count' => $machine->servers_count,
+                    'created_at' => $machine->created_at,
+                    'updated_at' => $machine->updated_at,
+                ];
+            });
+
+        return $this->success($machines);
+    }
+
+    /**
+     * 创建 / 更新机器
+     */
+    public function save(Request $request)
+    {
+        $params = $request->validate([
+            'id' => 'nullable|integer|exists:v2_server_machine,id',
+            'name' => 'required|string|max:255',
+            'notes' => 'nullable|string',
+            'is_active' => 'nullable|boolean',
+        ]);
+
+        if (!empty($params['id'])) {
+            $machine = ServerMachine::find($params['id']);
+            $update = ['name' => $params['name']];
+            if (array_key_exists('notes', $params)) {
+                $update['notes'] = $params['notes'];
+            }
+            if (array_key_exists('is_active', $params)) {
+                $update['is_active'] = $params['is_active'];
+            }
+            $machine->update($update);
+            return $this->success(true);
+        }
+
+        $machine = ServerMachine::create([
+            'name' => $params['name'],
+            'notes' => $params['notes'] ?? null,
+            'is_active' => $params['is_active'] ?? true,
+            'token' => ServerMachine::generateToken(),
+        ]);
+
+        return $this->success([
+            'id' => $machine->id,
+            'token' => $machine->token,
+        ]);
+    }
+
+    /**
+     * 重置机器 Token
+     */
+    public function resetToken(Request $request)
+    {
+        $params = $request->validate([
+            'id' => 'required|integer|exists:v2_server_machine,id',
+        ]);
+
+        $machine = ServerMachine::find($params['id']);
+        $token = ServerMachine::generateToken();
+        $machine->update(['token' => $token]);
+
+        return $this->success(['token' => $token]);
+    }
+
+    /**
+     * 获取机器 Token（仅展示一次，用于首次配置）
+     */
+    public function getToken(Request $request)
+    {
+        $params = $request->validate([
+            'id' => 'required|integer|exists:v2_server_machine,id',
+        ]);
+
+        $machine = ServerMachine::find($params['id']);
+
+        return $this->success(['token' => $machine->token]);
+    }
+
+    /**
+     * 获取机器模式一键安装命令
+     */
+    public function installCommand(Request $request)
+    {
+        $params = $request->validate([
+            'id' => 'required|integer|exists:v2_server_machine,id',
+        ]);
+
+        $machine = ServerMachine::find($params['id']);
+
+        return $this->success([
+            'command' => $this->buildInstallCommand($request, $machine),
+        ]);
+    }
+
+    /**
+     * 删除机器（自动解除关联节点）
+     */
+    public function drop(Request $request)
+    {
+        $params = $request->validate([
+            'id' => 'required|integer|exists:v2_server_machine,id',
+        ]);
+
+        $machine = ServerMachine::find($params['id']);
+        $machineId = $machine->id;
+
+        // Detach nodes first (sets machine_id = null), then delete and notify
+        Server::where('machine_id', $machineId)->update(['machine_id' => null]);
+        $machine->delete();
+
+        // Notify with empty node list so WS process cleans up registry
+        NodeSyncService::notifyMachineNodesChanged($machineId);
+
+        return $this->success(true);
+    }
+
+    /**
+     * 获取机器下的节点列表
+     */
+    public function nodes(Request $request)
+    {
+        $params = $request->validate([
+            'machine_id' => 'required|integer|exists:v2_server_machine,id',
+        ]);
+
+        $nodes = Server::where('machine_id', $params['machine_id'])
+            ->orderBy('sort')
+            ->get(['id', 'name', 'type', 'host', 'port', 'show', 'enabled', 'sort']);
+
+        return $this->success($nodes);
+    }
+
+    /**
+     * 获取机器负载历史
+     */
+    public function history(Request $request)
+    {
+        $params = $request->validate([
+            'machine_id' => 'required|integer|exists:v2_server_machine,id',
+            'limit' => 'nullable|integer|min:10|max:1440',
+        ]);
+
+        $limit = (int) ($params['limit'] ?? 60);
+
+        $history = ServerMachineLoadHistory::query()
+            ->where('machine_id', $params['machine_id'])
+            ->orderByDesc('recorded_at')
+            ->limit($limit)
+            ->get([
+                'cpu',
+                'mem_total',
+                'mem_used',
+                'disk_total',
+                'disk_used',
+                'recorded_at',
+            ])
+            ->reverse()
+            ->values();
+
+        return $this->success($history);
+    }
+
+    private function buildInstallCommand(Request $request, ServerMachine $machine): string
+    {
+        $panelUrl = rtrim((string) (config('app.url') ?: $request->getSchemeAndHttpHost()), '/');
+        $installerUrl = 'https://raw.githubusercontent.com/cedar2025/xboard-node/main/install.sh';
+
+        return sprintf(
+            'bash <(curl -fsSL %s) --panel %s --token %s --machine-id %d --yes',
+            escapeshellarg($installerUrl),
+            escapeshellarg($panelUrl),
+            escapeshellarg($machine->token),
+            $machine->id
+        );
+    }
+}
@@ -73,25 +73,36 @@ class ManageController extends Controller
            Log::error($e);
            return $this->fail([500, '创建失败']);
        }
-
-
    }

    public function update(Request $request)
    {
-        $request->validate([
+        $params = $request->validate([
            'id' => 'required|integer',
-            'show' => 'integer',
+            'show' => 'nullable|integer',
+            'machine_id' => 'nullable|integer',
+            'enabled' => 'nullable|boolean',
        ]);

        $server = Server::find($request->id);
        if (!$server) {
            return $this->fail([400202, '服务器不存在']);
        }
-        $server->show = (int) $request->show;
+
+        if (array_key_exists('show', $params)) {
+            $server->show = (int) $params['show'];
+        }
+        if (array_key_exists('machine_id', $params)) {
+            $server->machine_id = $params['machine_id'] ?: null;
+        }
+        if (array_key_exists('enabled', $params)) {
+            $server->enabled = (bool) $params['enabled'];
+        }
+
        if (!$server->save()) {
            return $this->fail([500, '保存失败']);
        }
+
        return $this->success(true);
    }

@@ -105,9 +116,14 @@ class ManageController extends Controller
        $request->validate([
            'id' => 'required|integer',
        ]);
-        if (Server::where('id', $request->id)->delete() === false) {
+        $server = Server::find($request->id);
+        if (!$server) {
+            return $this->fail([400202, '服务器不存在']);
+        }
+        if ($server->delete() === false) {
            return $this->fail([500, '删除失败']);
        }
+
        return $this->success(true);
    }

@@ -200,6 +216,40 @@ class ManageController extends Controller
        }
    }

+    /**
+     * 批量更新节点属性（show等）
+     */
+    public function batchUpdate(Request $request)
+    {
+        $params = $request->validate([
+            'ids' => 'required|array',
+            'ids.*' => 'integer',
+            'show' => 'nullable|integer|in:0,1',
+        ]);
+
+        $ids = $params['ids'];
+        if (empty($ids)) {
+            return $this->fail([400, '请选择要更新的节点']);
+        }
+
+        $update = [];
+        if (array_key_exists('show', $params) && $params['show'] !== null) {
+            $update['show'] = (int) $params['show'];
+        }
+
+        if (empty($update)) {
+            return $this->fail([400, '没有可更新的字段']);
+        }
+
+        try {
+            Server::whereIn('id', $ids)->update($update);
+            return $this->success(true);
+        } catch (\Exception $e) {
+            Log::error($e);
+            return $this->fail([500, '批量更新失败']);
+        }
+    }
+
    /**
     * 复制节点
     * @param \Illuminate\Http\Request $request
@@ -221,4 +271,57 @@ class ManageController extends Controller

        return $this->success(true);
    }
+
+    /**
+     * Generate ECH (Encrypted Client Hello) key pair.
+     * Returns PEM-encoded ECH key (server-side) and ECH config (client-side).
+     */
+    public function generateEchKey(Request $request)
+    {
+        $publicName = $request->input('public_name', 'ech.example.com');
+        if (strlen($publicName) < 1 || strlen($publicName) > 253) {
+            throw new ApiException('public_name must be a valid domain (1-253 bytes)');
+        }
+
+        // Generate X25519 key pair
+        $privateKey = random_bytes(32);
+        $publicKey = sodium_crypto_scalarmult_base($privateKey);
+
+        $configId = random_int(0, 255);
+
+        // Build ECHConfigContents (draft-ietf-tls-esni-18)
+        $contents = '';
+        $contents .= pack('C', $configId);                // config_id
+        $contents .= pack('n', 0x0020);                   // kem_id: DHKEM(X25519)
+        $contents .= pack('n', 32) . $publicKey;          // public_key (length-prefixed)
+        // cipher_suites: 2 suites × 4 bytes = 8 bytes
+        $contents .= pack('n', 8);                        // cipher_suites byte length
+        $contents .= pack('nn', 0x0001, 0x0001);          // HKDF-SHA256 + AES-128-GCM
+        $contents .= pack('nn', 0x0001, 0x0003);          // HKDF-SHA256 + ChaCha20Poly1305
+        $contents .= pack('C', 0);                        // max_name_length
+        $contents .= pack('C', strlen($publicName)) . $publicName;
+        $contents .= pack('n', 0);                        // extensions: empty
+
+        // ECHConfig = version(2) + length(2) + contents
+        $echConfig = pack('n', 0xfe0d) . pack('n', strlen($contents)) . $contents;
+
+        // ECHConfigList = total_length(2) + configs
+        $echConfigList = pack('n', strlen($echConfig)) . $echConfig;
+
+        // ECH Keys = private_key_len(2) + key(32) + config_len(2) + config
+        $echKeysPayload = pack('n', 32) . $privateKey . pack('n', strlen($echConfig)) . $echConfig;
+
+        $keyPem = "-----BEGIN ECH KEYS-----\n"
+            . chunk_split(base64_encode($echKeysPayload), 64, "\n")
+            . "-----END ECH KEYS-----";
+
+        $configPem = "-----BEGIN ECH CONFIGS-----\n"
+            . chunk_split(base64_encode($echConfigList), 64, "\n")
+            . "-----END ECH CONFIGS-----";
+
+        return $this->success([
+            'key' => $keyPem,
+            'config' => $configPem,
+        ]);
+    }
 }