From 4b8ddf7236aaeb83b2db4ffa9ad9354dc1a18120 Mon Sep 17 00:00:00 2001 From: dranik Date: Mon, 4 May 2026 23:17:57 +0300 Subject: [PATCH] fixed secret & enum --- client/core/installers/telemtInstaller.cpp | 2 +- .../telemt/configure_container.sh | 6 +- .../selfhosted/installUiController.cpp | 221 +++++++++--------- 3 files changed, 119 insertions(+), 110 deletions(-) diff --git a/client/core/installers/telemtInstaller.cpp b/client/core/installers/telemtInstaller.cpp index ba5173a6a..ff0d595c7 100644 --- a/client/core/installers/telemtInstaller.cpp +++ b/client/core/installers/telemtInstaller.cpp @@ -18,7 +18,7 @@ using namespace amnezia; namespace { constexpr QLatin1String kTelemtClientJsonPath("/data/amnezia-telemt-client.json"); constexpr QLatin1String kTelemtClientJsonUploadPath("data/amnezia-telemt-client.json"); - constexpr QLatin1String kTelemtSecretPath("/data/.amnezia-secret"); + constexpr QLatin1String kTelemtSecretPath("/data/secret"); } TelemtInstaller::TelemtInstaller(QObject *parent) : InstallerBase(parent) {} diff --git a/client/server_scripts/telemt/configure_container.sh b/client/server_scripts/telemt/configure_container.sh index b3090eeb6..061df506d 100644 --- a/client/server_scripts/telemt/configure_container.sh +++ b/client/server_scripts/telemt/configure_container.sh @@ -7,6 +7,8 @@ mkdir -p /data/tlsfront # Secret: substituted $TELEMT_SECRET -> saved file -> openssl (same rules as MTProxy configure) if [ -n "$TELEMT_SECRET" ]; then SECRET="$TELEMT_SECRET" +elif [ -f /data/secret ]; then + SECRET=$(cat /data/secret) elif [ -f /data/.amnezia-secret ]; then SECRET=$(cat /data/.amnezia-secret) else @@ -61,8 +63,8 @@ rm -f /data/config.toml echo "$TELEMT_USER_NAME = \"$SECRET\"" } > /data/config.toml -echo "$SECRET" > /data/.amnezia-secret -chmod 600 /data/.amnezia-secret 2>/dev/null || true +echo "$SECRET" > /data/secret +chmod 600 /data/secret 2>/dev/null || true # Do not start telemt here: a long-lived process + curl loop inside `docker exec` can confuse SSH/Docker # timing and is unnecessary — start.sh runs telemt after configure. Links can be empty until the service diff --git a/client/ui/controllers/selfhosted/installUiController.cpp b/client/ui/controllers/selfhosted/installUiController.cpp index 75ad40167..6180b8f52 100755 --- a/client/ui/controllers/selfhosted/installUiController.cpp +++ b/client/ui/controllers/selfhosted/installUiController.cpp @@ -330,30 +330,32 @@ void InstallUiController::setContainerEnabled(int serverIndex, int containerInde const ServerCredentials credentials = m_serversController->getServerCredentials(serverIndex); const QString containerName = ContainerUtils::containerToString(container); - emit serverIsBusy(true); - SshSession sshSession(this); - const QString script = enabled - ? QString("sudo docker start %1").arg(containerName) - : QString("sudo docker stop %1").arg(containerName); - const ErrorCode errorCode = sshSession.runScript(credentials, script); - emit serverIsBusy(false); + if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) { + emit serverIsBusy(true); + SshSession sshSession(this); + const QString script = enabled + ? QString("sudo docker start %1").arg(containerName) + : QString("sudo docker stop %1").arg(containerName); + const ErrorCode errorCode = sshSession.runScript(credentials, script); + emit serverIsBusy(false); - if (errorCode == ErrorCode::NoError) { - ContainerConfig currentConfig = m_serversController->getContainerConfig(serverIndex, container); - if (auto *mtConfig = currentConfig.getMtProxyProtocolConfig()) { - mtConfig->isEnabled = enabled; - m_serversController->updateContainerConfig(serverIndex, container, currentConfig); - m_protocolModel->updateModel(currentConfig); - } else if (auto *telemtConfig = currentConfig.getTelemtProtocolConfig()) { - telemtConfig->isEnabled = enabled; - m_serversController->updateContainerConfig(serverIndex, container, currentConfig); - m_protocolModel->updateModel(currentConfig); + if (errorCode == ErrorCode::NoError) { + ContainerConfig currentConfig = m_serversController->getContainerConfig(serverIndex, container); + if (auto *mtConfig = currentConfig.getMtProxyProtocolConfig()) { + mtConfig->isEnabled = enabled; + m_serversController->updateContainerConfig(serverIndex, container, currentConfig); + m_protocolModel->updateModel(currentConfig); + } else if (auto *telemtConfig = currentConfig.getTelemtProtocolConfig()) { + telemtConfig->isEnabled = enabled; + m_serversController->updateContainerConfig(serverIndex, container, currentConfig); + m_protocolModel->updateModel(currentConfig); + } + emit setContainerEnabledFinished(enabled); + return; } - emit setContainerEnabledFinished(enabled); - return; - } - emit installationErrorOccurred(errorCode); + emit installationErrorOccurred(errorCode); + } } void InstallUiController::refreshContainerStatus(int serverIndex, int containerIndex) { @@ -361,31 +363,33 @@ void InstallUiController::refreshContainerStatus(int serverIndex, int containerI const ServerCredentials credentials = m_serversController->getServerCredentials(serverIndex); const QString containerName = ContainerUtils::containerToString(container); - QString stdOut; - auto cbReadStdOut = [&](const QString &data, libssh::Client &) { - stdOut += data; - return ErrorCode::NoError; - }; + if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) { + QString stdOut; + auto cbReadStdOut = [&](const QString &data, libssh::Client &) { + stdOut += data; + return ErrorCode::NoError; + }; - SshSession sshSession(this); - const QString script = QString( - "sudo docker inspect --format '{{.State.Status}}' %1 2>/dev/null || echo 'not_found'") - .arg(containerName); - const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut); - if (errorCode != ErrorCode::NoError) { - emit containerStatusRefreshed(3); - return; - } + SshSession sshSession(this); + const QString script = QString( + "sudo docker inspect --format '{{.State.Status}}' %1 2>/dev/null || echo 'not_found'") + .arg(containerName); + const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut); + if (errorCode != ErrorCode::NoError) { + emit containerStatusRefreshed(3); + return; + } - const QString status = stdOut.trimmed(); - if (status == "running") { - emit containerStatusRefreshed(1); - } else if (status == "not_found" || status.isEmpty()) { - emit containerStatusRefreshed(0); - } else if (status == "exited" || status == "created" || status == "paused") { - emit containerStatusRefreshed(2); - } else { - emit containerStatusRefreshed(3); + const QString status = stdOut.trimmed(); + if (status == "running") { + emit containerStatusRefreshed(1); + } else if (status == "not_found" || status.isEmpty()) { + emit containerStatusRefreshed(0); + } else if (status == "exited" || status == "created" || status == "paused") { + emit containerStatusRefreshed(2); + } else { + emit containerStatusRefreshed(3); + } } } @@ -394,55 +398,57 @@ void InstallUiController::refreshContainerDiagnostics(int serverIndex, int conta const DockerContainer container = static_cast(containerIndex); const QString containerName = ContainerUtils::containerToString(container); - const QString script = - QString( - "PORT_OK=$(sudo docker exec %1 sh -c 'ss -tlnp 2>/dev/null | grep -q :%2 && echo yes || echo no' 2>/dev/null || echo no); " - "TG_OK=$(curl -s --max-time 5 -o /dev/null -w '%%{http_code}' https://core.telegram.org/getProxySecret 2>/dev/null | grep -q '200' && echo yes || echo no); " - "CLIENTS=$(sudo docker exec amnezia-mtproxy sh -c 'curl -s --max-time 3 http://localhost:2398/stats 2>/dev/null | grep -o \"total_special_connections:[0-9]*\" | cut -d: -f2' 2>/dev/null); " - "CONF_TIME=$(sudo docker exec amnezia-mtproxy sh -c 'stat -c \"%%y\" /data/proxy-multi.conf 2>/dev/null | cut -d. -f1' 2>/dev/null || echo unknown); " - "echo \"PORT_OK=${PORT_OK}\"; " - "echo \"TG_OK=${TG_OK}\"; " - "echo \"CLIENTS=${CLIENTS:-0}\"; " - "echo \"CONF_TIME=${CONF_TIME}\"; " - "echo \"STATS=http://localhost:2398/stats\";") - .arg(containerName) - .arg(port); + if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) { + const QString script = + QString( + "PORT_OK=$(sudo docker exec %1 sh -c 'ss -tlnp 2>/dev/null | grep -q :%2 && echo yes || echo no' 2>/dev/null || echo no); " + "TG_OK=$(curl -s --max-time 5 -o /dev/null -w '%%{http_code}' https://core.telegram.org/getProxySecret 2>/dev/null | grep -q '200' && echo yes || echo no); " + "CLIENTS=$(sudo docker exec amnezia-mtproxy sh -c 'curl -s --max-time 3 http://localhost:2398/stats 2>/dev/null | grep -o \"total_special_connections:[0-9]*\" | cut -d: -f2' 2>/dev/null); " + "CONF_TIME=$(sudo docker exec amnezia-mtproxy sh -c 'stat -c \"%%y\" /data/proxy-multi.conf 2>/dev/null | cut -d. -f1' 2>/dev/null || echo unknown); " + "echo \"PORT_OK=${PORT_OK}\"; " + "echo \"TG_OK=${TG_OK}\"; " + "echo \"CLIENTS=${CLIENTS:-0}\"; " + "echo \"CONF_TIME=${CONF_TIME}\"; " + "echo \"STATS=http://localhost:2398/stats\";") + .arg(containerName) + .arg(port); - QString stdOut; - auto cbReadStdOut = [&](const QString &data, libssh::Client &) { - stdOut += data; - return ErrorCode::NoError; - }; + QString stdOut; + auto cbReadStdOut = [&](const QString &data, libssh::Client &) { + stdOut += data; + return ErrorCode::NoError; + }; - SshSession sshSession(this); - const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut); - if (errorCode != ErrorCode::NoError) { - emit containerDiagnosticsRefreshed(false, false, -1, QString(), QString()); - return; - } - - bool portReachable = false; - bool upstreamReachable = false; - int clientsConnected = -1; - QString lastConfigRefresh; - QString statsEndpoint; - - for (const QString &line: stdOut.split('\n', Qt::SkipEmptyParts)) { - if (line.startsWith("PORT_OK=")) { - portReachable = line.mid(8).trimmed() == "yes"; - } else if (line.startsWith("TG_OK=")) { - upstreamReachable = line.mid(6).trimmed() == "yes"; - } else if (line.startsWith("CLIENTS=")) { - clientsConnected = line.mid(8).trimmed().toInt(); - } else if (line.startsWith("CONF_TIME=")) { - lastConfigRefresh = line.mid(10).trimmed(); - } else if (line.startsWith("STATS=")) { - statsEndpoint = line.mid(6).trimmed(); + SshSession sshSession(this); + const ErrorCode errorCode = sshSession.runScript(credentials, script, cbReadStdOut); + if (errorCode != ErrorCode::NoError) { + emit containerDiagnosticsRefreshed(false, false, -1, QString(), QString()); + return; } - } - emit containerDiagnosticsRefreshed(portReachable, upstreamReachable, clientsConnected, lastConfigRefresh, - statsEndpoint); + bool portReachable = false; + bool upstreamReachable = false; + int clientsConnected = -1; + QString lastConfigRefresh; + QString statsEndpoint; + + for (const QString &line: stdOut.split('\n', Qt::SkipEmptyParts)) { + if (line.startsWith("PORT_OK=")) { + portReachable = line.mid(8).trimmed() == "yes"; + } else if (line.startsWith("TG_OK=")) { + upstreamReachable = line.mid(6).trimmed() == "yes"; + } else if (line.startsWith("CLIENTS=")) { + clientsConnected = line.mid(8).trimmed().toInt(); + } else if (line.startsWith("CONF_TIME=")) { + lastConfigRefresh = line.mid(10).trimmed(); + } else if (line.startsWith("STATS=")) { + statsEndpoint = line.mid(6).trimmed(); + } + } + + emit containerDiagnosticsRefreshed(portReachable, upstreamReachable, clientsConnected, lastConfigRefresh, + statsEndpoint); + } } void InstallUiController::fetchContainerSecret(int serverIndex, int containerIndex) { @@ -450,26 +456,27 @@ void InstallUiController::fetchContainerSecret(int serverIndex, int containerInd const DockerContainer container = static_cast(containerIndex); const QString containerName = ContainerUtils::containerToString(container); - QString stdOut; - auto cbReadStdOut = [&](const QString &data, libssh::Client &) { - stdOut += data; - return ErrorCode::NoError; - }; + if (container == amnezia::ContainerEnumNS::MtProxy || container == amnezia::ContainerEnumNS::Telemt) { + QString stdOut; + auto cbReadStdOut = [&](const QString &data, libssh::Client &) { + stdOut += data; + return ErrorCode::NoError; + }; - SshSession sshSession(this); - const QString path = container == DockerContainer::Telemt ? QStringLiteral("/data/.amnezia-secret") - : QStringLiteral("/data/secret"); - const QString cmd = - QStringLiteral("sudo docker exec %1 cat %2").arg(containerName, path); - const ErrorCode errorCode = sshSession.runScript(credentials, cmd, cbReadStdOut); - if (errorCode != ErrorCode::NoError) { - emit containerSecretFetched(QString()); - return; + SshSession sshSession(this); + const QString path = QStringLiteral("/data/secret"); + const QString cmd = + QStringLiteral("sudo docker exec %1 cat %2").arg(containerName, path); + const ErrorCode errorCode = sshSession.runScript(credentials, cmd, cbReadStdOut); + if (errorCode != ErrorCode::NoError) { + emit containerSecretFetched(QString()); + return; + } + + const QString secret = stdOut.trimmed(); + static const QRegularExpression hex32(QStringLiteral("^[0-9a-fA-F]{32}$")); + emit containerSecretFetched(hex32.match(secret).hasMatch() ? secret : QString()); } - - const QString secret = stdOut.trimmed(); - static const QRegularExpression hex32(QStringLiteral("^[0-9a-fA-F]{32}$")); - emit containerSecretFetched(hex32.match(secret).hasMatch() ? secret : QString()); } void InstallUiController::rebootServer(int serverIndex)