首页 发现 帮助
登录
Apq
/
ProxyPanel
镜像自地址 https://github.com/ProxyPanel/ProxyPanel.git
1
0
派生 0
文件 工单管理 0 Wiki
分支: master
分支列表 标签列表
ProxyPanel
/
app
/
Http
/
Controllers
/
Api
/
WebApi
/
Hysteria2Controller.php

Hysteria2Controller.php 3.2 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers\Api\WebApi;
    4. 

  4. 

  5. use App\Http\Controllers\Controller;
    6. 

  6. use App\Models\Node;
    7. 

  7. use App\Models\User;
    8. 

  8. use Illuminate\Http\JsonResponse;
    9. 

  9. use Illuminate\Http\Request;
    10. 

  10. use Log;
    11. 

  11. use Validator;
    12. 

  12. 

  13. /**
    14. 

  14.  * Hysteria2 API控制器
    15. 

  15.  * 提供Hysteria2 HTTP验证端点.
    16. 

  16.  */
    17. 

  17. class Hysteria2Controller extends Controller
    18. 

  18. {
    19. 

  19.     private function returnFormat(array $data = [], bool $ok = false): JsonResponse
    20. 

  20.     {
    21. 

  21.         return response()->json(['ok' => $ok, ...$data]);
    22. 

  22.     }
    23. 

  23. 

  24.     /**
    25. 

  25.      * Hysteria2 HTTP验证端点
    26. 

  26.      * 用于验证用户身份,接收Hysteria2服务端的验证请求
    27. 

  27.      */
    28. 

  28.     public function authenticate(Node $node, Request $request): JsonResponse
    29. 

  29.     {
    30. 

  30.         // 使用Validator验证输入,更详细地验证各个字段格式
    31. 

  31.         $validator = Validator::make($request->all(), [
    32. 

  32.             'auth' => ['required', 'string', 'regex:/^\d+:[^:]+$/'],
    33. 

  33.             'addr' => ['nullable', 'string', 'regex:/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\[[0-9a-fA-F:]+\]):\d+$/'],
    34. 

  34.             'tx' => 'sometimes|numeric|min:0',
    35. 

  35.         ]);
    36. 

  36. 

  37.         if ($validator->fails()) {
    38. 

  38.             return $this->returnFormat(['error' => 'Invalid request format']);
    39. 

  39.         }
    40. 

  40. 

  41.         $credentials = $validator->validated();
    42. 

  42. 

  43.         // 从auth字段提取端口和密码 (格式: port:passwd)
    44. 

  44.         $auth = $credentials['auth'];
    45. 

  45.         $authParts = explode(':', $auth, 2);
    46. 

  46. 

  47.         if (count($authParts) < 2) {
    48. 

  48.             return $this->returnFormat(['error' => 'Invalid auth format']);
    49. 

  49.         }
    50. 

  50. 

  51.         [$port, $password] = $authParts;
    52. 

  52. 

  53.         // 根据端口查找用户
    54. 

  54.         $user = User::where('port', $port)->first();
    55. 

  55. 

  56.         if (! $user) {
    57. 

  57.             return $this->returnFormat(['error' => 'User not found']);
    58. 

  58.         }
    59. 

  59. 

  60.         // 验证用户状态
    61. 

  61.         if (! $user->enable) {
    62. 

  62.             return $this->returnFormat(['error' => 'User was disabled']);
    63. 

  63.         }
    64. 

  64. 

  65.         // 验证密码
    66. 

  66.         if ($user->passwd !== $password) {
    67. 

  67.             return $this->returnFormat(['error' => 'Password incorrect']);
    68. 

  68.         }
    69. 

  69. 

  70.         if (! $user->nodes()->where('node.id', $node->id)->exists()) {
    71. 

  71.             return $this->returnFormat(['error' => 'Does not have permission to access this node']);
    72. 

  72.         }
    73. 

  73. 

  74.         // 从addr字段提取客户端IP和端口
    75. 

  75.         $addr = $credentials['addr'] ?? null;
    76. 

  76. 

  77.         // 区分IPv4和IPv6格式来解析IP和端口
    78. 

  78.         if ($addr) {
    79. 

  79.             // parse_url 无法直接解析没有 scheme 的地址,所以拼上 //
    80. 

  80.             $parsed = parse_url('//'.$addr);
    81. 

  81. 

  82.             $clientIp = str_replace(['[', ']'], '', $parsed['host'] ?? '');
    83. 

  83.             $port = $parsed['port'] ?? null;
    84. 

  84. 

  85.             if (! filter_var($clientIp, FILTER_VALIDATE_IP)) {
    86. 

  86.                 return $this->returnFormat(['error' => 'Invalid IP address']);
    87. 

  87.             }
    88. 

  88. 

  89.             // 记录在线IP日志
    90. 

  90.             $node->onlineIps()->create([
    91. 

  91.                 'user_id' => $user->id,
    92. 

  92.                 'ip' => $clientIp,
    93. 

  93.                 'port' => $port,
    94. 

  94.                 'created_at' => time(),
    95. 

  95.             ]);
    96. 

  96.         } else {
    97. 

  97.             Log::error('Hysteria2: addr is null', $credentials);
    98. 

  98.         }
    99. 

  99. 

  100.         return $this->returnFormat(['id' => (string) $user->id], true);
    101. 

  101.     }
    102. 

  102. }
    103.