From ec1efb44825f830b59c05a75a78584871614b54b Mon Sep 17 00:00:00 2001 From: xboard Date: Thu, 23 Apr 2026 19:24:34 +0800 Subject: [PATCH] refactor(middleware): split V2 server middleware to drop node_type --- app/Http/Kernel.php | 1 + app/Http/Middleware/Server.php | 69 +--------- app/Http/Middleware/ServerV2.php | 97 ++++++++++++++ app/Http/Routes/V2/ServerRoute.php | 2 +- tests/Feature/Server/ServerHandshakeTest.php | 131 +++++++++++++++++++ 5 files changed, 234 insertions(+), 66 deletions(-) create mode 100644 app/Http/Middleware/ServerV2.php create mode 100644 tests/Feature/Server/ServerHandshakeTest.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 6fd86ab..df9b769 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -77,6 +77,7 @@ class Kernel extends HttpKernel 'staff' => \App\Http\Middleware\Staff::class, 'log' => \App\Http\Middleware\RequestLog::class, 'server' => \App\Http\Middleware\Server::class, + 'server.v2' => \App\Http\Middleware\ServerV2::class, 'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class, 'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class, ]; diff --git a/app/Http/Middleware/Server.php b/app/Http/Middleware/Server.php index e98e6d4..6978b9d 100644 --- a/app/Http/Middleware/Server.php +++ b/app/Http/Middleware/Server.php @@ -4,29 +4,16 @@ namespace App\Http\Middleware; use App\Exceptions\ApiException; use App\Models\Server as ServerModel; -use App\Models\ServerMachine; use App\Services\ServerService; use Closure; use Illuminate\Http\Request; +/** + * @deprecated use {@see ServerV2} + */ class Server { public function handle(Request $request, Closure $next, ?string $nodeType = null) - { - // 优先尝试 machine token 认证,兜底走旧的 server token 认证 - if ($request->filled('machine_id')) { - $this->authenticateByMachine($request, $nodeType); - } else { - $this->authenticateByServerToken($request, $nodeType); - } - - return $next($request); - } - - /** - * 旧模式:全局 server_token + node_id - */ - private function authenticateByServerToken(Request $request, ?string $nodeType): void { $request->validate([ 'token' => [ @@ -64,55 +51,7 @@ class Server } $request->attributes->set('node_info', $serverInfo); - } - /** - * 新模式:machine_id + machine token + node_id - * - * machine 认证后,node_id 必须属于该 machine 下的已启用节点。 - * 下游控制器拿到的 node_info 与旧模式完全一致。 - */ - private function authenticateByMachine(Request $request, ?string $nodeType): void - { - $isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake'); - - $request->validate([ - 'machine_id' => 'required|integer', - 'token' => 'required|string', - 'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer', - ]); - - $machine = ServerMachine::where('id', $request->input('machine_id')) - ->where('token', $request->input('token')) - ->first(); - - if (!$machine) { - throw new ApiException('Machine not found or invalid token', 401); - } - - if (!$machine->is_active) { - throw new ApiException('Machine is disabled', 403); - } - - $nodeId = (int) $request->input('node_id'); - $serverInfo = null; - - if ($nodeId > 0) { - $serverInfo = ServerModel::where('id', $nodeId) - ->where('machine_id', $machine->id) - ->where('enabled', true) - ->first(); - - if (!$serverInfo) { - throw new ApiException('Node not found on this machine'); - } - - $request->attributes->set('node_info', $serverInfo); - } - - // 更新机器心跳 - $machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly(); - - $request->attributes->set('machine_info', $machine); + return $next($request); } } diff --git a/app/Http/Middleware/ServerV2.php b/app/Http/Middleware/ServerV2.php new file mode 100644 index 0000000..742b1fa --- /dev/null +++ b/app/Http/Middleware/ServerV2.php @@ -0,0 +1,97 @@ +filled('machine_id')) { + $this->authenticateByMachine($request); + } else { + $this->authenticateByServerToken($request); + } + + return $next($request); + } + + private function authenticateByServerToken(Request $request): void + { + $isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake'); + + $request->validate([ + 'token' => [ + 'string', 'required', + function ($attribute, $value, $fail) { + if ($value !== admin_setting('server_token')) { + $fail("Invalid {$attribute}"); + } + }, + ], + 'node_id' => $isHandshake ? 'nullable' : 'required', + ]); + + $nodeId = $request->input('node_id'); + if ($nodeId === null || $nodeId === '') { + return; + } + + $serverInfo = ServerService::getServer($nodeId); + if (!$serverInfo) { + throw new ApiException('Server does not exist'); + } + + $request->attributes->set('node_info', $serverInfo); + } + + private function authenticateByMachine(Request $request): void + { + $isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake'); + + $request->validate([ + 'machine_id' => 'required|integer', + 'token' => 'required|string', + 'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer', + ]); + + $machine = ServerMachine::where('id', $request->input('machine_id')) + ->where('token', $request->input('token')) + ->first(); + + if (!$machine) { + throw new ApiException('Machine not found or invalid token', 401); + } + + if (!$machine->is_active) { + throw new ApiException('Machine is disabled', 403); + } + + $nodeId = (int) $request->input('node_id'); + if ($nodeId > 0) { + $serverInfo = ServerModel::where('id', $nodeId) + ->where('machine_id', $machine->id) + ->where('enabled', true) + ->first(); + + if (!$serverInfo) { + throw new ApiException('Node not found on this machine'); + } + + $request->attributes->set('node_info', $serverInfo); + } + + $machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly(); + + $request->attributes->set('machine_info', $machine); + } +} diff --git a/app/Http/Routes/V2/ServerRoute.php b/app/Http/Routes/V2/ServerRoute.php index 526e13f..20af254 100644 --- a/app/Http/Routes/V2/ServerRoute.php +++ b/app/Http/Routes/V2/ServerRoute.php @@ -14,7 +14,7 @@ class ServerRoute { $router->group([ 'prefix' => 'server', - 'middleware' => 'server' + 'middleware' => 'server.v2' ], function ($route) { $route->match(['GET', 'POST'], 'handshake', [ServerController::class, 'handshake']); $route->post('report', [ServerController::class, 'report']); diff --git a/tests/Feature/Server/ServerHandshakeTest.php b/tests/Feature/Server/ServerHandshakeTest.php new file mode 100644 index 0000000..e2c3b32 --- /dev/null +++ b/tests/Feature/Server/ServerHandshakeTest.php @@ -0,0 +1,131 @@ +set('app.key', 'base64:' . base64_encode(str_repeat('a', 32))); + Cache::forever('admin_settings', [ + 'server_token' => 'server-token', + 'server_ws_enable' => 0, + ]); + } + + public function test_v2_handshake_accepts_token_only_without_node(): void + { + $response = $this->postJson('/api/v2/server/handshake', [ + 'token' => 'server-token', + ]); + + $response->assertOk()->assertJsonStructure(['websocket' => ['enabled']]); + } + + public function test_v2_handshake_rejects_invalid_token(): void + { + $response = $this->postJson('/api/v2/server/handshake', [ + 'token' => 'wrong-token', + ]); + + $response->assertStatus(422); + } + + public function test_v2_report_works_without_node_type(): void + { + Bus::fake(); + + $server = $this->makeServer(); + + $response = $this->postJson('/api/v2/server/report', [ + 'token' => 'server-token', + 'node_id' => $server->id, + ]); + + $response->assertOk()->assertJson(['data' => true]); + } + + public function test_v2_report_ignores_node_type_field(): void + { + Bus::fake(); + + $server = $this->makeServer(); + + // legacy node clients may still send node_type; V2 must accept it as no-op. + $response = $this->postJson('/api/v2/server/report', [ + 'token' => 'server-token', + 'node_id' => $server->id, + 'node_type' => 'this-would-be-rejected-by-v1', + ]); + + $response->assertOk()->assertJson(['data' => true]); + } + + public function test_v2_report_rejects_unknown_node(): void + { + $response = $this->postJson('/api/v2/server/report', [ + 'token' => 'server-token', + 'node_id' => 999999, + ]); + + $response->assertStatus(400); + $response->assertJson(['message' => 'Server does not exist']); + } + + public function test_v2_machine_handshake_with_machine_id_and_no_node(): void + { + $machine = ServerMachine::create([ + 'name' => 'test-machine', + 'token' => 'machine-token', + 'is_active' => true, + ]); + + $response = $this->postJson('/api/v2/server/handshake', [ + 'machine_id' => $machine->id, + 'token' => 'machine-token', + ]); + + $response->assertOk(); + } + + public function test_v2_machine_report_requires_node_id(): void + { + $machine = ServerMachine::create([ + 'name' => 'test-machine', + 'token' => 'machine-token', + 'is_active' => true, + ]); + + $response = $this->postJson('/api/v2/server/report', [ + 'machine_id' => $machine->id, + 'token' => 'machine-token', + ]); + + $response->assertStatus(422); + } + + private function makeServer(): Server + { + return Server::create([ + 'name' => 'test-node', + 'type' => Server::TYPE_VMESS, + 'host' => '127.0.0.1', + 'port' => 443, + 'server_port' => 443, + 'rate' => '1', + 'group_id' => [1], + 'enabled' => true, + ]); + } +}