1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-16 09:26:21 -05:00
v2fly/proxy/vmess/validator.go

267 lines
5.9 KiB
Go
Raw Normal View History

//go:build !confonly
2019-02-02 16:19:40 -05:00
// +build !confonly
2018-10-18 03:28:09 -04:00
package vmess
import (
"crypto/hmac"
"crypto/sha256"
"hash/crc64"
2018-10-18 03:28:09 -04:00
"strings"
"sync"
2020-06-06 07:22:27 -04:00
"sync/atomic"
2018-10-18 03:28:09 -04:00
"time"
2021-02-16 15:31:50 -05:00
"github.com/v2fly/v2ray-core/v4/common"
"github.com/v2fly/v2ray-core/v4/common/dice"
"github.com/v2fly/v2ray-core/v4/common/protocol"
"github.com/v2fly/v2ray-core/v4/common/serial"
"github.com/v2fly/v2ray-core/v4/common/task"
"github.com/v2fly/v2ray-core/v4/proxy/vmess/aead"
2018-10-18 03:28:09 -04:00
)
const (
updateInterval = 10 * time.Second
cacheDurationSec = 120
)
type user struct {
user protocol.MemoryUser
lastSec protocol.Timestamp
}
2018-10-19 10:23:29 -04:00
// TimedUserValidator is a user Validator based on time.
2018-10-18 03:28:09 -04:00
type TimedUserValidator struct {
sync.RWMutex
2020-06-06 05:11:30 -04:00
users []*user
userHash map[[16]byte]indexTimePair
hasher protocol.IDHash
baseTime protocol.Timestamp
task *task.Periodic
behaviorSeed uint64
behaviorFused bool
2020-06-06 05:11:30 -04:00
aeadDecoderHolder *aead.AuthIDDecoderHolder
2021-04-05 13:55:44 -04:00
legacyWarnShown bool
2018-10-18 03:28:09 -04:00
}
type indexTimePair struct {
user *user
timeInc uint32
2020-06-06 05:11:30 -04:00
2020-06-06 07:22:27 -04:00
taintedFuse *uint32
2018-10-18 03:28:09 -04:00
}
2018-10-19 10:23:29 -04:00
// NewTimedUserValidator creates a new TimedUserValidator.
2018-10-18 03:28:09 -04:00
func NewTimedUserValidator(hasher protocol.IDHash) *TimedUserValidator {
tuv := &TimedUserValidator{
2020-06-06 05:11:30 -04:00
users: make([]*user, 0, 16),
userHash: make(map[[16]byte]indexTimePair, 1024),
hasher: hasher,
baseTime: protocol.Timestamp(time.Now().Unix() - cacheDurationSec*2),
aeadDecoderHolder: aead.NewAuthIDDecoderHolder(),
2018-10-18 03:28:09 -04:00
}
tuv.task = &task.Periodic{
Interval: updateInterval,
Execute: func() error {
tuv.updateUserHash()
return nil
},
}
common.Must(tuv.task.Start())
return tuv
}
func (v *TimedUserValidator) generateNewHashes(nowSec protocol.Timestamp, user *user) {
var hashValue [16]byte
genEndSec := nowSec + cacheDurationSec
2018-10-18 03:28:09 -04:00
genHashForID := func(id *protocol.ID) {
idHash := v.hasher(id.Bytes())
genBeginSec := user.lastSec
if genBeginSec < nowSec-cacheDurationSec {
genBeginSec = nowSec - cacheDurationSec
2018-10-18 03:28:09 -04:00
}
for ts := genBeginSec; ts <= genEndSec; ts++ {
2018-11-03 08:03:02 -04:00
common.Must2(serial.WriteUint64(idHash, uint64(ts)))
2018-10-18 03:28:09 -04:00
idHash.Sum(hashValue[:0])
idHash.Reset()
v.userHash[hashValue] = indexTimePair{
2020-06-06 05:11:30 -04:00
user: user,
timeInc: uint32(ts - v.baseTime),
2020-06-06 07:22:27 -04:00
taintedFuse: new(uint32),
2018-10-18 03:28:09 -04:00
}
}
}
account := user.user.Account.(*MemoryAccount)
genHashForID(account.ID)
for _, id := range account.AlterIDs {
genHashForID(id)
}
user.lastSec = genEndSec
2018-10-18 03:28:09 -04:00
}
func (v *TimedUserValidator) removeExpiredHashes(expire uint32) {
for key, pair := range v.userHash {
if pair.timeInc < expire {
delete(v.userHash, key)
}
}
}
func (v *TimedUserValidator) updateUserHash() {
now := time.Now()
nowSec := protocol.Timestamp(now.Unix())
2020-11-19 12:02:52 -05:00
2018-10-18 03:28:09 -04:00
v.Lock()
defer v.Unlock()
for _, user := range v.users {
v.generateNewHashes(nowSec, user)
}
expire := protocol.Timestamp(now.Unix() - cacheDurationSec)
if expire > v.baseTime {
v.removeExpiredHashes(uint32(expire - v.baseTime))
}
}
func (v *TimedUserValidator) Add(u *protocol.MemoryUser) error {
v.Lock()
defer v.Unlock()
nowSec := time.Now().Unix()
uu := &user{
user: *u,
lastSec: protocol.Timestamp(nowSec - cacheDurationSec),
}
v.users = append(v.users, uu)
v.generateNewHashes(protocol.Timestamp(nowSec), uu)
2018-10-18 03:28:09 -04:00
2020-06-06 05:11:30 -04:00
account := uu.user.Account.(*MemoryAccount)
if !v.behaviorFused {
hashkdf := hmac.New(sha256.New, []byte("VMESSBSKDF"))
hashkdf.Write(account.ID.Bytes())
v.behaviorSeed = crc64.Update(v.behaviorSeed, crc64.MakeTable(crc64.ECMA), hashkdf.Sum(nil))
}
2020-06-06 05:11:30 -04:00
var cmdkeyfl [16]byte
copy(cmdkeyfl[:], account.ID.CmdKey())
v.aeadDecoderHolder.AddUser(cmdkeyfl, u)
2018-10-18 03:28:09 -04:00
return nil
}
2020-06-06 05:11:30 -04:00
func (v *TimedUserValidator) Get(userHash []byte) (*protocol.MemoryUser, protocol.Timestamp, bool, error) {
2018-10-18 03:28:09 -04:00
v.RLock()
2020-11-19 12:02:52 -05:00
defer v.RUnlock()
2018-10-18 03:28:09 -04:00
v.behaviorFused = true
2018-10-18 03:28:09 -04:00
var fixedSizeHash [16]byte
copy(fixedSizeHash[:], userHash)
pair, found := v.userHash[fixedSizeHash]
if found {
2020-04-14 21:19:52 -04:00
user := pair.user.user
2020-06-06 07:22:27 -04:00
if atomic.LoadUint32(pair.taintedFuse) == 0 {
2020-06-06 05:11:30 -04:00
return &user, protocol.Timestamp(pair.timeInc) + v.baseTime, true, nil
}
return nil, 0, false, ErrTainted
}
return nil, 0, false, ErrNotFound
}
2020-06-06 06:57:49 -04:00
func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool, error) {
2020-06-06 05:11:30 -04:00
v.RLock()
2020-11-19 12:02:52 -05:00
defer v.RUnlock()
2020-06-06 05:11:30 -04:00
var userHashFL [16]byte
copy(userHashFL[:], userHash)
userd, err := v.aeadDecoderHolder.Match(userHashFL)
if err != nil {
2020-06-06 06:57:49 -04:00
return nil, false, err
2018-10-18 03:28:09 -04:00
}
2020-06-06 06:57:49 -04:00
return userd.(*protocol.MemoryUser), true, err
2018-10-18 03:28:09 -04:00
}
func (v *TimedUserValidator) Remove(email string) bool {
v.Lock()
defer v.Unlock()
email = strings.ToLower(email)
idx := -1
for i, u := range v.users {
if strings.EqualFold(u.user.Email, email) {
2018-10-18 03:28:09 -04:00
idx = i
2020-06-06 05:11:30 -04:00
var cmdkeyfl [16]byte
copy(cmdkeyfl[:], u.user.Account.(*MemoryAccount).ID.CmdKey())
v.aeadDecoderHolder.RemoveUser(cmdkeyfl)
2018-10-18 03:28:09 -04:00
break
}
}
if idx == -1 {
return false
}
ulen := len(v.users)
2018-11-23 11:04:32 -05:00
v.users[idx] = v.users[ulen-1]
v.users[ulen-1] = nil
v.users = v.users[:ulen-1]
2018-10-18 03:28:09 -04:00
return true
}
// Close implements common.Closable.
func (v *TimedUserValidator) Close() error {
return v.task.Close()
}
func (v *TimedUserValidator) GetBehaviorSeed() uint64 {
v.Lock()
defer v.Unlock()
2020-11-19 12:02:52 -05:00
v.behaviorFused = true
if v.behaviorSeed == 0 {
v.behaviorSeed = dice.RollUint64()
}
return v.behaviorSeed
}
2020-06-06 05:11:30 -04:00
func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error {
2020-06-06 07:22:27 -04:00
v.RLock()
defer v.RUnlock()
2020-11-19 12:02:52 -05:00
2020-06-06 05:11:30 -04:00
var userHashFL [16]byte
copy(userHashFL[:], userHash)
pair, found := v.userHash[userHashFL]
if found {
2020-06-06 07:22:27 -04:00
if atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 1) {
return nil
}
return ErrTainted
2020-06-06 05:11:30 -04:00
}
return ErrNotFound
}
2021-04-05 13:55:44 -04:00
/* ShouldShowLegacyWarn will return whether a Legacy Warning should be shown
Not guaranteed to only return true once for every inbound, but it is okay.
*/
func (v *TimedUserValidator) ShouldShowLegacyWarn() bool {
if v.legacyWarnShown {
return false
}
v.legacyWarnShown = true
return true
}
2020-06-06 05:11:30 -04:00
var ErrNotFound = newError("Not Found")
var ErrTainted = newError("ErrTainted")