feat: add dockerized 3proxy control plane backend

2026-04-02 00:06:26 +03:00
parent ff2bc8711b
commit 25f6beedd8
20 changed files with 3076 additions and 174 deletions
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -0,0 +1,274 @@
+import path from 'node:path';
+import { dashboardSnapshot } from '../../src/data/mockDashboard';
+import type {
+  ControlPlaneState,
+  CreateUserInput,
+  DashboardSnapshot,
+  ProxyServiceRecord,
+  ProxyUserRecord,
+} from '../../src/shared/contracts';
+import type { ServiceState } from '../../src/lib/3proxy';
+
+const MB = 1024 * 1024;
+
+export interface RuntimeSnapshot {
+  status: Exclude<ServiceState, 'warn' | 'paused'>;
+  pid: number | null;
+  startedAt: string | null;
+  lastError: string | null;
+}
+
+export interface RuntimePaths {
+  rootDir: string;
+  configPath: string;
+  counterPath: string;
+  reportDir: string;
+  logPath: string;
+  pidPath: string;
+}
+
+export function createDefaultState(): ControlPlaneState {
+  return structuredClone(dashboardSnapshot);
+}
+
+export function buildRuntimePaths(rootDir: string): RuntimePaths {
+  return {
+    rootDir,
+    configPath: path.join(rootDir, 'generated', '3proxy.cfg'),
+    counterPath: path.join(rootDir, 'state', 'counters.3cf'),
+    reportDir: path.join(rootDir, 'state', 'reports'),
+    logPath: path.join(rootDir, 'logs', '3proxy.log'),
+    pidPath: path.join(rootDir, '3proxy.pid'),
+  };
+}
+
+export function validateCreateUserInput(
+  input: Partial<CreateUserInput>,
+  services: ProxyServiceRecord[],
+): CreateUserInput {
+  const username = input.username?.trim() ?? '';
+  const password = input.password?.trim() ?? '';
+  const serviceId = input.serviceId?.trim() ?? '';
+  const quotaMb = input.quotaMb ?? null;
+
+  assertSafeToken(username, 'Username');
+  assertSafeToken(password, 'Password');
+
+  if (!serviceId) {
+    throw new Error('Service is required.');
+  }
+
+  const service = services.find((entry) => entry.id === serviceId);
+  if (!service || !service.enabled || !service.assignable) {
+    throw new Error('Service must reference an enabled assignable entry.');
+  }
+
+  if (quotaMb !== null && (!Number.isFinite(quotaMb) || quotaMb <= 0 || !Number.isInteger(quotaMb))) {
+    throw new Error('Quota must be a positive integer number of megabytes.');
+  }
+
+  return {
+    username,
+    password,
+    serviceId,
+    quotaMb,
+  };
+}
+
+export function createUserRecord(state: ControlPlaneState, input: CreateUserInput): ProxyUserRecord {
+  if (state.userRecords.some((user) => user.username === input.username)) {
+    throw new Error('Username already exists.');
+  }
+
+  return {
+    id: `u-${Math.random().toString(36).slice(2, 10)}`,
+    username: input.username,
+    password: input.password,
+    serviceId: input.serviceId,
+    status: 'idle',
+    paused: false,
+    usedBytes: 0,
+    quotaBytes: input.quotaMb === null ? null : input.quotaMb * MB,
+  };
+}
+
+export function render3proxyConfig(state: ControlPlaneState, paths: RuntimePaths): string {
+  const lines = [
+    `pidfile ${normalizePath(paths.pidPath)}`,
+    `monitor ${normalizePath(paths.configPath)}`,
+    `log ${normalizePath(paths.logPath)} D`,
+    'auth strong',
+  ];
+
+  const activeUsers = state.userRecords.filter((user) => !user.paused);
+  if (activeUsers.length > 0) {
+    lines.push(`users ${activeUsers.map(renderUserCredential).join(' ')}`);
+  }
+
+  const quotaUsers = activeUsers.filter((user) => user.quotaBytes !== null);
+  if (quotaUsers.length > 0) {
+    lines.push(
+      `counter ${normalizePath(paths.counterPath)} D ${normalizePath(
+        path.join(paths.reportDir, '%Y-%m-%d.txt'),
+      )}`,
+    );
+
+    quotaUsers.forEach((user, index) => {
+      lines.push(
+        `countall ${index + 1} D ${Math.ceil((user.quotaBytes ?? 0) / MB)} ${user.username} * * * * * *`,
+      );
+    });
+  }
+
+  state.system.services
+    .filter((service) => service.enabled)
+    .forEach((service) => {
+      lines.push('', 'flush');
+
+      if (service.assignable) {
+        const usernames = activeUsers
+          .filter((user) => user.serviceId === service.id)
+          .map((user) => user.username);
+
+        lines.push(usernames.length > 0 ? `allow ${usernames.join(',')}` : 'deny *');
+      } else {
+        lines.push('allow *');
+      }
+
+      lines.push(renderServiceCommand(service));
+    });
+
+  return `${lines.join('\n')}\n`;
+}
+
+export function deriveDashboardSnapshot(
+  state: ControlPlaneState,
+  runtime: RuntimeSnapshot,
+  previewConfig: string,
+): DashboardSnapshot {
+  const liveUsers = state.userRecords.filter((user) => !user.paused && user.status === 'live').length;
+  const exceededUsers = state.userRecords.filter(
+    (user) => user.quotaBytes !== null && user.usedBytes >= user.quotaBytes,
+  ).length;
+  const nearQuotaUsers = state.userRecords.filter((user) => {
+    if (user.paused || user.quotaBytes === null || user.usedBytes >= user.quotaBytes) {
+      return false;
+    }
+
+    return user.usedBytes / user.quotaBytes >= 0.8;
+  }).length;
+
+  const attention = [];
+
+  if (exceededUsers > 0) {
+    attention.push({
+      level: 'fail' as const,
+      title: 'Quota exceeded',
+      message: `${exceededUsers} user profiles crossed their configured quota.`,
+    });
+  }
+
+  if (nearQuotaUsers > 0) {
+    attention.push({
+      level: 'warn' as const,
+      title: 'Quota pressure detected',
+      message: `${nearQuotaUsers} user profiles are above 80% of their quota.`,
+    });
+  }
+
+  if (runtime.status === 'live') {
+    attention.push({
+      level: 'live' as const,
+      title: '3proxy runtime online',
+      message: 'Backend control plane is currently attached to a live 3proxy process.',
+    });
+  } else if (runtime.lastError) {
+    attention.push({
+      level: 'fail' as const,
+      title: 'Runtime issue detected',
+      message: runtime.lastError,
+    });
+  }
+
+  if (attention.length === 0) {
+    attention.push({
+      level: 'live' as const,
+      title: 'State loaded',
+      message: 'No critical runtime or quota issues are currently detected.',
+    });
+  }
+
+  return {
+    service: {
+      status: runtime.status,
+      pidLabel: runtime.pid ? `pid ${runtime.pid}` : 'pid -',
+      versionLabel: state.service.versionLabel,
+      uptimeLabel: formatUptime(runtime.startedAt),
+      lastEvent: state.service.lastEvent,
+    },
+    traffic: {
+      ...state.traffic,
+      activeUsers: state.userRecords.filter((user) => !user.paused).length,
+    },
+    users: {
+      total: state.userRecords.length,
+      live: liveUsers,
+      nearQuota: nearQuotaUsers,
+      exceeded: exceededUsers,
+    },
+    attention,
+    userRecords: state.userRecords,
+    system: {
+      ...state.system,
+      previewConfig,
+    },
+  };
+}
+
+function renderUserCredential(user: ProxyUserRecord): string {
+  return `${user.username}:CL:${user.password}`;
+}
+
+function renderServiceCommand(service: ProxyServiceRecord): string {
+  if (service.command === 'admin') {
+    return `admin -p${service.port} -s`;
+  }
+
+  if (service.command === 'socks') {
+    return `socks -p${service.port} -u2`;
+  }
+
+  return `proxy -p${service.port}`;
+}
+
+function assertSafeToken(value: string, label: string): void {
+  if (!value) {
+    throw new Error(`${label} is required.`);
+  }
+
+  if (!/^[A-Za-z0-9._~!@#$%^&*+=:/-]+$/.test(value)) {
+    throw new Error(`${label} contains unsupported characters.`);
+  }
+}
+
+function normalizePath(value: string): string {
+  return value.replace(/\\/g, '/');
+}
+
+function formatUptime(startedAt: string | null): string {
+  if (!startedAt) {
+    return 'uptime -';
+  }
+
+  const started = new Date(startedAt).getTime();
+  const diffMs = Date.now() - started;
+
+  if (!Number.isFinite(diffMs) || diffMs <= 0) {
+    return 'uptime 0m';
+  }
+
+  const hours = Math.floor(diffMs / (1000 * 60 * 60));
+  const minutes = Math.floor((diffMs % (1000 * 60 * 60)) / (1000 * 60));
+
+  return `uptime ${hours}h ${minutes}m`;
+}