dan9i10/amnezia-client
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amnezia-client.git synced 2026-05-08 14:33:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed secret & enum

Browse Source
This commit is contained in:
dranik
2026-05-04 23:17:57 +03:00
parent a0145475f2
commit 4b8ddf7236
3 changed files with 119 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/core/installers/telemtInstaller.cpp
View File

@@ -18,7 +18,7 @@ using namespace amnezia;
namespace {
constexpr QLatin1String kTelemtClientJsonPath("/data/amnezia-telemt-client.json");
constexpr QLatin1String kTelemtClientJsonUploadPath("data/amnezia-telemt-client.json");
constexpr QLatin1String kTelemtSecretPath("/data/.amnezia-secret");
constexpr QLatin1String kTelemtSecretPath("/data/secret");
}
TelemtInstaller::TelemtInstaller(QObject *parent) : InstallerBase(parent) {}

6
client/server_scripts/telemt/configure_container.sh
View File

@@ -7,6 +7,8 @@ mkdir -p /data/tlsfront
# Secret: substituted $TELEMT_SECRET -> saved file -> openssl (same rules as MTProxy configure)
if [ -n "$TELEMT_SECRET" ]; then
SECRET="$TELEMT_SECRET"
elif [ -f /data/secret ]; then
SECRET=$(cat /data/secret)
elif [ -f /data/.amnezia-secret ]; then
SECRET=$(cat /data/.amnezia-secret)
else
@@ -61,8 +63,8 @@ rm -f /data/config.toml
echo "$TELEMT_USER_NAME = \"$SECRET\""
} > /data/config.toml
echo "$SECRET" > /data/.amnezia-secret
chmod 600 /data/.amnezia-secret 2>/dev/null || true
echo "$SECRET" > /data/secret
chmod 600 /data/secret 2>/dev/null || true
# Do not start telemt here: a long-lived process + curl loop inside `docker exec` can confuse SSH/Docker
# timing and is unnecessary — start.sh runs telemt after configure. Links can be empty until the service

221
client/ui/controllers/selfhosted/installUiController.cpp
View File

@@ -330,30 +330,32 @@ void InstallUiController::setContainerEnabled(int serverIndex, int containerInde
const ServerCredentials credentials = m_serversController->getServerCredentials(serverIndex);
const QString containerName = ContainerUtils::containerToString(container);
emit serverIsBusy(true);
SshSession sshSession(this);
const QString script = enabled
? QString("sudo docker start %1").arg(containerName)
: QString("sudo docker stop %1").arg(containerName);
const ErrorCode errorCode = sshSession.runScript(credentials, script);
emit serverIsBusy(false);
if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) {
emit serverIsBusy(true);
SshSession sshSession(this);
const QString script = enabled
? QString("sudo docker start %1").arg(containerName)
: QString("sudo docker stop %1").arg(containerName);
const ErrorCode errorCode = sshSession.runScript(credentials, script);
emit serverIsBusy(false);
if (errorCode == ErrorCode::NoError) {
ContainerConfig currentConfig = m_serversController->getContainerConfig(serverIndex, container);
if (auto *mtConfig = currentConfig.getMtProxyProtocolConfig()) {
mtConfig->isEnabled = enabled;
m_serversController->updateContainerConfig(serverIndex, container, currentConfig);
m_protocolModel->updateModel(currentConfig);
} else if (auto *telemtConfig = currentConfig.getTelemtProtocolConfig()) {
telemtConfig->isEnabled = enabled;
m_serversController->updateContainerConfig(serverIndex, container, currentConfig);
m_protocolModel->updateModel(currentConfig);
if (errorCode == ErrorCode::NoError) {
ContainerConfig currentConfig = m_serversController->getContainerConfig(serverIndex, container);
if (auto *mtConfig = currentConfig.getMtProxyProtocolConfig()) {
mtConfig->isEnabled = enabled;
m_serversController->updateContainerConfig(serverIndex, container, currentConfig);
m_protocolModel->updateModel(currentConfig);
} else if (auto *telemtConfig = currentConfig.getTelemtProtocolConfig()) {
telemtConfig->isEnabled = enabled;
m_serversController->updateContainerConfig(serverIndex, container, currentConfig);
m_protocolModel->updateModel(currentConfig);
}
emit setContainerEnabledFinished(enabled);
return;
}
emit setContainerEnabledFinished(enabled);
return;
}
emit installationErrorOccurred(errorCode);
emit installationErrorOccurred(errorCode);
}
}
void InstallUiController::refreshContainerStatus(int serverIndex, int containerIndex) {
@@ -361,31 +363,33 @@ void InstallUiController::refreshContainerStatus(int serverIndex, int containerI
const ServerCredentials credentials = m_serversController->getServerCredentials(serverIndex);
const QString containerName = ContainerUtils::containerToString(container);
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) {
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
SshSession sshSession(this);
const QString script = QString(
"sudo docker inspect --format '{{.State.Status}}' %1 2>/dev/null || echo 'not_found'")
.arg(containerName);
const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerStatusRefreshed(3);
return;
}
SshSession sshSession(this);
const QString script = QString(
"sudo docker inspect --format '{{.State.Status}}' %1 2>/dev/null || echo 'not_found'")
.arg(containerName);
const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerStatusRefreshed(3);
return;
}
const QString status = stdOut.trimmed();
if (status == "running") {
emit containerStatusRefreshed(1);
} else if (status == "not_found" || status.isEmpty()) {
emit containerStatusRefreshed(0);
} else if (status == "exited" || status == "created" || status == "paused") {
emit containerStatusRefreshed(2);
} else {
emit containerStatusRefreshed(3);
const QString status = stdOut.trimmed();
if (status == "running") {
emit containerStatusRefreshed(1);
} else if (status == "not_found" || status.isEmpty()) {
emit containerStatusRefreshed(0);
} else if (status == "exited" || status == "created" || status == "paused") {
emit containerStatusRefreshed(2);
} else {
emit containerStatusRefreshed(3);
}
}
}
@@ -394,55 +398,57 @@ void InstallUiController::refreshContainerDiagnostics(int serverIndex, int conta
const DockerContainer container = static_cast<DockerContainer>(containerIndex);
const QString containerName = ContainerUtils::containerToString(container);
const QString script =
QString(
"PORT_OK=$(sudo docker exec %1 sh -c 'ss -tlnp 2>/dev/null | grep -q :%2 && echo yes || echo no' 2>/dev/null || echo no); "
"TG_OK=$(curl -s --max-time 5 -o /dev/null -w '%%{http_code}' https://core.telegram.org/getProxySecret 2>/dev/null | grep -q '200' && echo yes || echo no); "
"CLIENTS=$(sudo docker exec amnezia-mtproxy sh -c 'curl -s --max-time 3 http://localhost:2398/stats 2>/dev/null | grep -o \"total_special_connections:[0-9]*\" | cut -d: -f2' 2>/dev/null); "
"CONF_TIME=$(sudo docker exec amnezia-mtproxy sh -c 'stat -c \"%%y\" /data/proxy-multi.conf 2>/dev/null | cut -d. -f1' 2>/dev/null || echo unknown); "
"echo \"PORT_OK=${PORT_OK}\"; "
"echo \"TG_OK=${TG_OK}\"; "
"echo \"CLIENTS=${CLIENTS:-0}\"; "
"echo \"CONF_TIME=${CONF_TIME}\"; "
"echo \"STATS=http://localhost:2398/stats\";")
.arg(containerName)
.arg(port);
if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) {
const QString script =
QString(
"PORT_OK=$(sudo docker exec %1 sh -c 'ss -tlnp 2>/dev/null | grep -q :%2 && echo yes || echo no' 2>/dev/null || echo no); "
"TG_OK=$(curl -s --max-time 5 -o /dev/null -w '%%{http_code}' https://core.telegram.org/getProxySecret 2>/dev/null | grep -q '200' && echo yes || echo no); "
"CLIENTS=$(sudo docker exec amnezia-mtproxy sh -c 'curl -s --max-time 3 http://localhost:2398/stats 2>/dev/null | grep -o \"total_special_connections:[0-9]*\" | cut -d: -f2' 2>/dev/null); "
"CONF_TIME=$(sudo docker exec amnezia-mtproxy sh -c 'stat -c \"%%y\" /data/proxy-multi.conf 2>/dev/null | cut -d. -f1' 2>/dev/null || echo unknown); "
"echo \"PORT_OK=${PORT_OK}\"; "
"echo \"TG_OK=${TG_OK}\"; "
"echo \"CLIENTS=${CLIENTS:-0}\"; "
"echo \"CONF_TIME=${CONF_TIME}\"; "
"echo \"STATS=http://localhost:2398/stats\";")
.arg(containerName)
.arg(port);
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
SshSession sshSession(this);
const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerDiagnosticsRefreshed(false, false, -1, QString(), QString());
return;
}
bool portReachable = false;
bool upstreamReachable = false;
int clientsConnected = -1;
QString lastConfigRefresh;
QString statsEndpoint;
for (const QString &line: stdOut.split('\n', Qt::SkipEmptyParts)) {
if (line.startsWith("PORT_OK=")) {
portReachable = line.mid(8).trimmed() == "yes";
} else if (line.startsWith("TG_OK=")) {
upstreamReachable = line.mid(6).trimmed() == "yes";
} else if (line.startsWith("CLIENTS=")) {
clientsConnected = line.mid(8).trimmed().toInt();
} else if (line.startsWith("CONF_TIME=")) {
lastConfigRefresh = line.mid(10).trimmed();
} else if (line.startsWith("STATS=")) {
statsEndpoint = line.mid(6).trimmed();
SshSession sshSession(this);
const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerDiagnosticsRefreshed(false, false, -1, QString(), QString());
return;
}
}
emit containerDiagnosticsRefreshed(portReachable, upstreamReachable, clientsConnected, lastConfigRefresh,
statsEndpoint);
bool portReachable = false;
bool upstreamReachable = false;
int clientsConnected = -1;
QString lastConfigRefresh;
QString statsEndpoint;
for (const QString &line: stdOut.split('\n', Qt::SkipEmptyParts)) {
if (line.startsWith("PORT_OK=")) {
portReachable = line.mid(8).trimmed() == "yes";
} else if (line.startsWith("TG_OK=")) {
upstreamReachable = line.mid(6).trimmed() == "yes";
} else if (line.startsWith("CLIENTS=")) {
clientsConnected = line.mid(8).trimmed().toInt();
} else if (line.startsWith("CONF_TIME=")) {
lastConfigRefresh = line.mid(10).trimmed();
} else if (line.startsWith("STATS=")) {
statsEndpoint = line.mid(6).trimmed();
}
}
emit containerDiagnosticsRefreshed(portReachable, upstreamReachable, clientsConnected, lastConfigRefresh,
statsEndpoint);
}
}
void InstallUiController::fetchContainerSecret(int serverIndex, int containerIndex) {
@@ -450,26 +456,27 @@ void InstallUiController::fetchContainerSecret(int serverIndex, int containerInd
const DockerContainer container = static_cast<DockerContainer>(containerIndex);
const QString containerName = ContainerUtils::containerToString(container);
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) {
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data;
return ErrorCode::NoError;
};
SshSession sshSession(this);
const QString path = container == DockerContainer::Telemt ? QStringLiteral("/data/.amnezia-secret")
: QStringLiteral("/data/secret");
const QString cmd =
QStringLiteral("sudo docker exec %1 cat %2").arg(containerName, path);
const ErrorCode errorCode = sshSession.runScript(credentials, cmd, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerSecretFetched(QString());
return;
SshSession sshSession(this);
const QString path = QStringLiteral("/data/secret");
const QString cmd =
QStringLiteral("sudo docker exec %1 cat %2").arg(containerName, path);
const ErrorCode errorCode = sshSession.runScript(credentials, cmd, cbReadStdOut);
if (errorCode != ErrorCode::NoError) {
emit containerSecretFetched(QString());
return;
}
const QString secret = stdOut.trimmed();
static const QRegularExpression hex32(QStringLiteral("^[0-9a-fA-F]{32}$"));
emit containerSecretFetched(hex32.match(secret).hasMatch() ? secret : QString());
}
const QString secret = stdOut.trimmed();
static const QRegularExpression hex32(QStringLiteral("^[0-9a-fA-F]{32}$"));
emit containerSecretFetched(hex32.match(secret).hasMatch() ? secret : QString());
}
void InstallUiController::rebootServer(int serverIndex)