admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(middleware): split V2 server middleware to drop node_type

Browse Source
This commit is contained in:
xboard
2026-04-23 19:24:34 +08:00
parent 5462b7036a
commit ec1efb4482
5 changed files with 234 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Kernel.php
+1
View File
@@ -77,6 +77,7 @@ class Kernel extends HttpKernel
'staff' => \App\Http\Middleware\Staff::class,
'log' => \App\Http\Middleware\RequestLog::class,
'server' => \App\Http\Middleware\Server::class,
'server.v2' => \App\Http\Middleware\ServerV2::class,
'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
];
app/Http/Middleware/Server.php
+4 -65
View File
@@ -4,29 +4,16 @@ namespace App\Http\Middleware;
use App\Exceptions\ApiException;
use App\Models\Server as ServerModel;
use App\Models\ServerMachine;
use App\Services\ServerService;
use Closure;
use Illuminate\Http\Request;
/**
* @deprecated use {@see ServerV2}
*/
class Server
{
public function handle(Request $request, Closure $next, ?string $nodeType = null)
{
// 优先尝试 machine token 认证,兜底走旧的 server token 认证
if ($request->filled('machine_id')) {
$this->authenticateByMachine($request, $nodeType);
} else {
$this->authenticateByServerToken($request, $nodeType);
}
return $next($request);
}
/**
* 旧模式:全局 server_token + node_id
*/
private function authenticateByServerToken(Request $request, ?string $nodeType): void
{
$request->validate([
'token' => [
@@ -64,55 +51,7 @@ class Server
}
$request->attributes->set('node_info', $serverInfo);
}
/**
* 新模式:machine_id + machine token + node_id
*
* machine 认证后,node_id 必须属于该 machine 下的已启用节点。
* 下游控制器拿到的 node_info 与旧模式完全一致。
*/
private function authenticateByMachine(Request $request, ?string $nodeType): void
{
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
$request->validate([
'machine_id' => 'required|integer',
'token' => 'required|string',
'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer',
]);
$machine = ServerMachine::where('id', $request->input('machine_id'))
->where('token', $request->input('token'))
->first();
if (!$machine) {
throw new ApiException('Machine not found or invalid token', 401);
}
if (!$machine->is_active) {
throw new ApiException('Machine is disabled', 403);
}
$nodeId = (int) $request->input('node_id');
$serverInfo = null;
if ($nodeId > 0) {
$serverInfo = ServerModel::where('id', $nodeId)
->where('machine_id', $machine->id)
->where('enabled', true)
->first();
if (!$serverInfo) {
throw new ApiException('Node not found on this machine');
}
$request->attributes->set('node_info', $serverInfo);
}
// 更新机器心跳
$machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly();
$request->attributes->set('machine_info', $machine);
return $next($request);
}
}
app/Http/Middleware/ServerV2.php
+97
View File
@@ -0,0 +1,97 @@
<?php
namespace App\Http\Middleware;
use App\Exceptions\ApiException;
use App\Models\Server as ServerModel;
use App\Models\ServerMachine;
use App\Services\ServerService;
use Closure;
use Illuminate\Http\Request;
/**
* V2 server middleware: machine-token or server-token auth, no node_type.
*/
class ServerV2
{
public function handle(Request $request, Closure $next)
{
if ($request->filled('machine_id')) {
$this->authenticateByMachine($request);
} else {
$this->authenticateByServerToken($request);
}
return $next($request);
}
private function authenticateByServerToken(Request $request): void
{
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
$request->validate([
'token' => [
'string', 'required',
function ($attribute, $value, $fail) {
if ($value !== admin_setting('server_token')) {
$fail("Invalid {$attribute}");
}
},
],
'node_id' => $isHandshake ? 'nullable' : 'required',
]);
$nodeId = $request->input('node_id');
if ($nodeId === null || $nodeId === '') {
return;
}
$serverInfo = ServerService::getServer($nodeId);
if (!$serverInfo) {
throw new ApiException('Server does not exist');
}
$request->attributes->set('node_info', $serverInfo);
}
private function authenticateByMachine(Request $request): void
{
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
$request->validate([
'machine_id' => 'required|integer',
'token' => 'required|string',
'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer',
]);
$machine = ServerMachine::where('id', $request->input('machine_id'))
->where('token', $request->input('token'))
->first();
if (!$machine) {
throw new ApiException('Machine not found or invalid token', 401);
}
if (!$machine->is_active) {
throw new ApiException('Machine is disabled', 403);
}
$nodeId = (int) $request->input('node_id');
if ($nodeId > 0) {
$serverInfo = ServerModel::where('id', $nodeId)
->where('machine_id', $machine->id)
->where('enabled', true)
->first();
if (!$serverInfo) {
throw new ApiException('Node not found on this machine');
}
$request->attributes->set('node_info', $serverInfo);
}
$machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly();
$request->attributes->set('machine_info', $machine);
}
}
app/Http/Routes/V2/ServerRoute.php
+1 -1
View File
@@ -14,7 +14,7 @@ class ServerRoute
{
$router->group([
'prefix' => 'server',
'middleware' => 'server'
'middleware' => 'server.v2'
], function ($route) {
$route->match(['GET', 'POST'], 'handshake', [ServerController::class, 'handshake']);
$route->post('report', [ServerController::class, 'report']);
tests/Feature/Server/ServerHandshakeTest.php
+131
View File
@@ -0,0 +1,131 @@
<?php
namespace Tests\Feature\Server;
use App\Models\Server;
use App\Models\ServerMachine;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Bus;
use Illuminate\Support\Facades\Cache;
use Tests\TestCase;
class ServerHandshakeTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
config()->set('app.key', 'base64:' . base64_encode(str_repeat('a', 32)));
Cache::forever('admin_settings', [
'server_token' => 'server-token',
'server_ws_enable' => 0,
]);
}
public function test_v2_handshake_accepts_token_only_without_node(): void
{
$response = $this->postJson('/api/v2/server/handshake', [
'token' => 'server-token',
]);
$response->assertOk()->assertJsonStructure(['websocket' => ['enabled']]);
}
public function test_v2_handshake_rejects_invalid_token(): void
{
$response = $this->postJson('/api/v2/server/handshake', [
'token' => 'wrong-token',
]);
$response->assertStatus(422);
}
public function test_v2_report_works_without_node_type(): void
{
Bus::fake();
$server = $this->makeServer();
$response = $this->postJson('/api/v2/server/report', [
'token' => 'server-token',
'node_id' => $server->id,
]);
$response->assertOk()->assertJson(['data' => true]);
}
public function test_v2_report_ignores_node_type_field(): void
{
Bus::fake();
$server = $this->makeServer();
// legacy node clients may still send node_type; V2 must accept it as no-op.
$response = $this->postJson('/api/v2/server/report', [
'token' => 'server-token',
'node_id' => $server->id,
'node_type' => 'this-would-be-rejected-by-v1',
]);
$response->assertOk()->assertJson(['data' => true]);
}
public function test_v2_report_rejects_unknown_node(): void
{
$response = $this->postJson('/api/v2/server/report', [
'token' => 'server-token',
'node_id' => 999999,
]);
$response->assertStatus(400);
$response->assertJson(['message' => 'Server does not exist']);
}
public function test_v2_machine_handshake_with_machine_id_and_no_node(): void
{
$machine = ServerMachine::create([
'name' => 'test-machine',
'token' => 'machine-token',
'is_active' => true,
]);
$response = $this->postJson('/api/v2/server/handshake', [
'machine_id' => $machine->id,
'token' => 'machine-token',
]);
$response->assertOk();
}
public function test_v2_machine_report_requires_node_id(): void
{
$machine = ServerMachine::create([
'name' => 'test-machine',
'token' => 'machine-token',
'is_active' => true,
]);
$response = $this->postJson('/api/v2/server/report', [
'machine_id' => $machine->id,
'token' => 'machine-token',
]);
$response->assertStatus(422);
}
private function makeServer(): Server
{
return Server::create([
'name' => 'test-node',
'type' => Server::TYPE_VMESS,
'host' => '127.0.0.1',
'port' => 443,
'server_port' => 443,
'rate' => '1',
'group_id' => [1],
'enabled' => true,
]);
}
}