1854050df3
新增功能: - 新增 TLS 指纹 Profile CRUD 管理(Ent schema + 迁移 + Admin API + 前端管理界面) - 支持账号绑定数据库中的自定义 TLS Profile,或随机选择(profile_id=-1) - HTTPUpstream.DoWithTLS 接口从 bool 改为 *tlsfingerprint.Profile,支持按账号指定 Profile - AccountUsageService 注入 TLSFingerprintProfileService,统一 usage 场景与网关的 Profile 解析逻辑 代码优化: - 删除已被 TLSFingerprintProfileService 完全取代的 registry.go 死代码(418 行) - 提取 3 个 dialer 的重复 TLS 握手逻辑为 performTLSHandshake() 共用函数 - 修复 GetTLSFingerprintProfileID 缺少 json.Number 处理的 bug - gateway_service.Forward 中 ResolveTLSProfile 从重试循环内重复调用改为预解析局部变量 - 删除冗余的 buildClientHelloSpec() 单行 wrapper 和 int64(e.ID) 无效转换 - tls_fingerprint_profile_cache.go 日志从 log.Printf 改为 slog 结构化日志 - dialer_capture_test.go 添加 //go:build integration 标签,防止 CI 失败 - 去重 TestProfileExpectation 类型至共享 test_types_test.go - 修复 9 个测试文件缺少 tlsfingerprint import 的编译错误 - 修复 error_policy_integration_test.go 中 handleError 回调签名被错误替换的问题
235 lines
6.8 KiB
Go
235 lines
6.8 KiB
Go
package admin
|
|
|
|
import (
|
|
"strconv"
|
|
|
|
"github.com/Wei-Shaw/sub2api/internal/model"
|
|
"github.com/Wei-Shaw/sub2api/internal/pkg/response"
|
|
"github.com/Wei-Shaw/sub2api/internal/service"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// TLSFingerprintProfileHandler 处理 TLS 指纹模板的 HTTP 请求
|
|
type TLSFingerprintProfileHandler struct {
|
|
service *service.TLSFingerprintProfileService
|
|
}
|
|
|
|
// NewTLSFingerprintProfileHandler 创建 TLS 指纹模板处理器
|
|
func NewTLSFingerprintProfileHandler(service *service.TLSFingerprintProfileService) *TLSFingerprintProfileHandler {
|
|
return &TLSFingerprintProfileHandler{service: service}
|
|
}
|
|
|
|
// CreateTLSFingerprintProfileRequest 创建模板请求
|
|
type CreateTLSFingerprintProfileRequest struct {
|
|
Name string `json:"name" binding:"required"`
|
|
Description *string `json:"description"`
|
|
EnableGREASE *bool `json:"enable_grease"`
|
|
CipherSuites []uint16 `json:"cipher_suites"`
|
|
Curves []uint16 `json:"curves"`
|
|
PointFormats []uint16 `json:"point_formats"`
|
|
SignatureAlgorithms []uint16 `json:"signature_algorithms"`
|
|
ALPNProtocols []string `json:"alpn_protocols"`
|
|
SupportedVersions []uint16 `json:"supported_versions"`
|
|
KeyShareGroups []uint16 `json:"key_share_groups"`
|
|
PSKModes []uint16 `json:"psk_modes"`
|
|
Extensions []uint16 `json:"extensions"`
|
|
}
|
|
|
|
// UpdateTLSFingerprintProfileRequest 更新模板请求(部分更新)
|
|
type UpdateTLSFingerprintProfileRequest struct {
|
|
Name *string `json:"name"`
|
|
Description *string `json:"description"`
|
|
EnableGREASE *bool `json:"enable_grease"`
|
|
CipherSuites []uint16 `json:"cipher_suites"`
|
|
Curves []uint16 `json:"curves"`
|
|
PointFormats []uint16 `json:"point_formats"`
|
|
SignatureAlgorithms []uint16 `json:"signature_algorithms"`
|
|
ALPNProtocols []string `json:"alpn_protocols"`
|
|
SupportedVersions []uint16 `json:"supported_versions"`
|
|
KeyShareGroups []uint16 `json:"key_share_groups"`
|
|
PSKModes []uint16 `json:"psk_modes"`
|
|
Extensions []uint16 `json:"extensions"`
|
|
}
|
|
|
|
// List 获取所有模板
|
|
// GET /api/v1/admin/tls-fingerprint-profiles
|
|
func (h *TLSFingerprintProfileHandler) List(c *gin.Context) {
|
|
profiles, err := h.service.List(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
response.Success(c, profiles)
|
|
}
|
|
|
|
// GetByID 根据 ID 获取模板
|
|
// GET /api/v1/admin/tls-fingerprint-profiles/:id
|
|
func (h *TLSFingerprintProfileHandler) GetByID(c *gin.Context) {
|
|
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
|
if err != nil {
|
|
response.BadRequest(c, "Invalid profile ID")
|
|
return
|
|
}
|
|
|
|
profile, err := h.service.GetByID(c.Request.Context(), id)
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
if profile == nil {
|
|
response.NotFound(c, "Profile not found")
|
|
return
|
|
}
|
|
|
|
response.Success(c, profile)
|
|
}
|
|
|
|
// Create 创建模板
|
|
// POST /api/v1/admin/tls-fingerprint-profiles
|
|
func (h *TLSFingerprintProfileHandler) Create(c *gin.Context) {
|
|
var req CreateTLSFingerprintProfileRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
profile := &model.TLSFingerprintProfile{
|
|
Name: req.Name,
|
|
Description: req.Description,
|
|
CipherSuites: req.CipherSuites,
|
|
Curves: req.Curves,
|
|
PointFormats: req.PointFormats,
|
|
SignatureAlgorithms: req.SignatureAlgorithms,
|
|
ALPNProtocols: req.ALPNProtocols,
|
|
SupportedVersions: req.SupportedVersions,
|
|
KeyShareGroups: req.KeyShareGroups,
|
|
PSKModes: req.PSKModes,
|
|
Extensions: req.Extensions,
|
|
}
|
|
|
|
if req.EnableGREASE != nil {
|
|
profile.EnableGREASE = *req.EnableGREASE
|
|
}
|
|
|
|
created, err := h.service.Create(c.Request.Context(), profile)
|
|
if err != nil {
|
|
if _, ok := err.(*model.ValidationError); ok {
|
|
response.BadRequest(c, err.Error())
|
|
return
|
|
}
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, created)
|
|
}
|
|
|
|
// Update 更新模板(支持部分更新)
|
|
// PUT /api/v1/admin/tls-fingerprint-profiles/:id
|
|
func (h *TLSFingerprintProfileHandler) Update(c *gin.Context) {
|
|
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
|
if err != nil {
|
|
response.BadRequest(c, "Invalid profile ID")
|
|
return
|
|
}
|
|
|
|
var req UpdateTLSFingerprintProfileRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
existing, err := h.service.GetByID(c.Request.Context(), id)
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
if existing == nil {
|
|
response.NotFound(c, "Profile not found")
|
|
return
|
|
}
|
|
|
|
// 部分更新
|
|
profile := &model.TLSFingerprintProfile{
|
|
ID: id,
|
|
Name: existing.Name,
|
|
Description: existing.Description,
|
|
EnableGREASE: existing.EnableGREASE,
|
|
CipherSuites: existing.CipherSuites,
|
|
Curves: existing.Curves,
|
|
PointFormats: existing.PointFormats,
|
|
SignatureAlgorithms: existing.SignatureAlgorithms,
|
|
ALPNProtocols: existing.ALPNProtocols,
|
|
SupportedVersions: existing.SupportedVersions,
|
|
KeyShareGroups: existing.KeyShareGroups,
|
|
PSKModes: existing.PSKModes,
|
|
Extensions: existing.Extensions,
|
|
}
|
|
|
|
if req.Name != nil {
|
|
profile.Name = *req.Name
|
|
}
|
|
if req.Description != nil {
|
|
profile.Description = req.Description
|
|
}
|
|
if req.EnableGREASE != nil {
|
|
profile.EnableGREASE = *req.EnableGREASE
|
|
}
|
|
if req.CipherSuites != nil {
|
|
profile.CipherSuites = req.CipherSuites
|
|
}
|
|
if req.Curves != nil {
|
|
profile.Curves = req.Curves
|
|
}
|
|
if req.PointFormats != nil {
|
|
profile.PointFormats = req.PointFormats
|
|
}
|
|
if req.SignatureAlgorithms != nil {
|
|
profile.SignatureAlgorithms = req.SignatureAlgorithms
|
|
}
|
|
if req.ALPNProtocols != nil {
|
|
profile.ALPNProtocols = req.ALPNProtocols
|
|
}
|
|
if req.SupportedVersions != nil {
|
|
profile.SupportedVersions = req.SupportedVersions
|
|
}
|
|
if req.KeyShareGroups != nil {
|
|
profile.KeyShareGroups = req.KeyShareGroups
|
|
}
|
|
if req.PSKModes != nil {
|
|
profile.PSKModes = req.PSKModes
|
|
}
|
|
if req.Extensions != nil {
|
|
profile.Extensions = req.Extensions
|
|
}
|
|
|
|
updated, err := h.service.Update(c.Request.Context(), profile)
|
|
if err != nil {
|
|
if _, ok := err.(*model.ValidationError); ok {
|
|
response.BadRequest(c, err.Error())
|
|
return
|
|
}
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, updated)
|
|
}
|
|
|
|
// Delete 删除模板
|
|
// DELETE /api/v1/admin/tls-fingerprint-profiles/:id
|
|
func (h *TLSFingerprintProfileHandler) Delete(c *gin.Context) {
|
|
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
|
if err != nil {
|
|
response.BadRequest(c, "Invalid profile ID")
|
|
return
|
|
}
|
|
|
|
if err := h.service.Delete(c.Request.Context(), id); err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{"message": "Profile deleted successfully"})
|
|
}
|