ei
/
mtg
ミラー元 https://github.com/9seconds/mtg
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 リリース 48 Wiki アクティビティ
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
1095 コミット
4 ブランチ
ツリー: db2e6031a3
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'db2e6031a3' から
${ noResults }
mtg/internal/cli/run_proxy.go

run_proxy.go 7.8KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301 
  1. package cli

  2. 

  3. import (

  4. 	"context"

  5. 	"fmt"

  6. 	"net"

  7. 	"os"

  8. 	"time"

  9. 

  10. 	"github.com/9seconds/mtg/v2/antireplay"

  11. 	"github.com/9seconds/mtg/v2/events"

  12. 	"github.com/9seconds/mtg/v2/internal/config"

  13. 	"github.com/9seconds/mtg/v2/internal/proxyprotocol"

  14. 	"github.com/9seconds/mtg/v2/internal/utils"

  15. 	"github.com/9seconds/mtg/v2/ipblocklist"

  16. 	"github.com/9seconds/mtg/v2/ipblocklist/files"

  17. 	"github.com/9seconds/mtg/v2/logger"

  18. 	"github.com/9seconds/mtg/v2/mtglib"

  19. 	"github.com/9seconds/mtg/v2/network/v2"

  20. 	"github.com/9seconds/mtg/v2/stats"

  21. 	"github.com/pires/go-proxyproto"

  22. 	"github.com/rs/zerolog"

  23. 	"github.com/yl2chen/cidranger"

  24. )

  25. 

  26. func makeLogger(conf *config.Config) mtglib.Logger {

  27. 	zerolog.TimeFieldFormat = zerolog.TimeFormatUnixMs

  28. 	zerolog.TimestampFieldName = "timestamp"

  29. 	zerolog.LevelFieldName = "level"

  30. 

  31. 	if conf.Debug.Get(false) {

  32. 		zerolog.SetGlobalLevel(zerolog.DebugLevel)

  33. 	} else {

  34. 		zerolog.SetGlobalLevel(zerolog.WarnLevel)

  35. 	}

  36. 

  37. 	baseLogger := zerolog.New(os.Stdout).With().Timestamp().Logger()

  38. 

  39. 	return logger.NewZeroLogger(baseLogger)

  40. }

  41. 

  42. func makeNetwork(conf *config.Config, version string) (mtglib.Network, error) {

  43. 	resolver, err := network.GetDNS(conf.GetDNS())

  44. 	if err != nil {

  45. 		return nil, fmt.Errorf("cannot create DNS resolver: %w", err)

  46. 	}

  47. 

  48. 	base := network.New(

  49. 		resolver,

  50. 		"",

  51. 		conf.Network.Timeout.TCP.Get(0),

  52. 		conf.Network.Timeout.HTTP.Get(0),

  53. 		conf.Network.Timeout.Idle.Get(0),

  54. 	)

  55. 

  56. 	proxyDialers := make([]mtglib.Network, len(conf.Network.Proxies))

  57. 	for idx, v := range conf.Network.Proxies {

  58. 		value, err := network.NewProxyNetwork(base, v.Get(nil))

  59. 		if err != nil {

  60. 			return nil, fmt.Errorf("cannot use %v for proxy url: %w", v.Get(nil), err)

  61. 		}

  62. 		proxyDialers[idx] = value

  63. 	}

  64. 

  65. 	switch len(proxyDialers) {

  66. 	case 0:

  67. 		return base, nil

  68. 	case 1:

  69. 		return proxyDialers[0], nil

  70. 	}

  71. 

  72. 	value, err := network.Join(proxyDialers...)

  73. 	if err != nil {

  74. 		panic(err)

  75. 	}

  76. 

  77. 	return value, nil

  78. }

  79. 

  80. func makeAntiReplayCache(conf *config.Config) mtglib.AntiReplayCache {

  81. 	if !conf.Defense.AntiReplay.Enabled.Get(false) {

  82. 		return antireplay.NewNoop()

  83. 	}

  84. 

  85. 	return antireplay.NewStableBloomFilter(

  86. 		conf.Defense.AntiReplay.MaxSize.Get(antireplay.DefaultStableBloomFilterMaxSize),

  87. 		conf.Defense.AntiReplay.ErrorRate.Get(antireplay.DefaultStableBloomFilterErrorRate),

  88. 	)

  89. }

  90. 

  91. func makeIPBlocklist(conf config.ListConfig,

  92. 	logger mtglib.Logger,

  93. 	ntw mtglib.Network,

  94. 	updateCallback ipblocklist.FireholUpdateCallback,

  95. ) (mtglib.IPBlocklist, error) {

  96. 	if !conf.Enabled.Get(false) {

  97. 		return ipblocklist.NewNoop(), nil

  98. 	}

  99. 

  100. 	remoteURLs := []string{}

  101. 	localFiles := []string{}

  102. 

  103. 	for _, v := range conf.URLs {

  104. 		if v.IsRemote() {

  105. 			remoteURLs = append(remoteURLs, v.String())

  106. 		} else {

  107. 			localFiles = append(localFiles, v.String())

  108. 		}

  109. 	}

  110. 

  111. 	blocklist, err := ipblocklist.NewFirehol(logger.Named("ipblockist"),

  112. 		ntw,

  113. 		conf.DownloadConcurrency.Get(1),

  114. 		remoteURLs,

  115. 		localFiles,

  116. 		updateCallback)

  117. 	if err != nil {

  118. 		return nil, fmt.Errorf("incorrect parameters for firehol: %w", err)

  119. 	}

  120. 

  121. 	go blocklist.Run(conf.UpdateEach.Get(ipblocklist.DefaultFireholUpdateEach))

  122. 

  123. 	return blocklist, nil

  124. }

  125. 

  126. func makeIPAllowlist(conf config.ListConfig,

  127. 	logger mtglib.Logger,

  128. 	ntw mtglib.Network,

  129. 	updateCallback ipblocklist.FireholUpdateCallback,

  130. ) (mtglib.IPBlocklist, error) {

  131. 	var (

  132. 		allowlist mtglib.IPBlocklist

  133. 		err       error

  134. 	)

  135. 

  136. 	if !conf.Enabled.Get(false) {

  137. 		allowlist, err = ipblocklist.NewFireholFromFiles(

  138. 			logger.Named("ipblocklist"),

  139. 			1,

  140. 			[]files.File{

  141. 				files.NewMem([]*net.IPNet{

  142. 					cidranger.AllIPv4,

  143. 					cidranger.AllIPv6,

  144. 				}),

  145. 			},

  146. 			updateCallback,

  147. 		)

  148. 

  149. 		go allowlist.Run(conf.UpdateEach.Get(ipblocklist.DefaultFireholUpdateEach))

  150. 	} else {

  151. 		allowlist, err = makeIPBlocklist(

  152. 			conf,

  153. 			logger,

  154. 			ntw,

  155. 			updateCallback,

  156. 		)

  157. 	}

  158. 

  159. 	if err != nil {

  160. 		return nil, fmt.Errorf("cannot build allowlist: %w", err)

  161. 	}

  162. 

  163. 	return allowlist, nil

  164. }

  165. 

  166. func makeEventStream(conf *config.Config, logger mtglib.Logger) (mtglib.EventStream, error) {

  167. 	factories := make([]events.ObserverFactory, 0, 2)

  168. 

  169. 	if conf.Stats.StatsD.Enabled.Get(false) {

  170. 		statsdFactory, err := stats.NewStatsd(

  171. 			conf.Stats.StatsD.Address.Get(""),

  172. 			logger.Named("statsd"),

  173. 			conf.Stats.StatsD.MetricPrefix.Get(stats.DefaultStatsdMetricPrefix),

  174. 			conf.Stats.StatsD.TagFormat.Get(stats.DefaultStatsdTagFormat))

  175. 		if err != nil {

  176. 			return nil, fmt.Errorf("cannot build statsd observer: %w", err)

  177. 		}

  178. 

  179. 		factories = append(factories, statsdFactory.Make)

  180. 	}

  181. 

  182. 	if conf.Stats.Prometheus.Enabled.Get(false) {

  183. 		prometheus := stats.NewPrometheus(

  184. 			conf.Stats.Prometheus.MetricPrefix.Get(stats.DefaultMetricPrefix),

  185. 			conf.Stats.Prometheus.HTTPPath.Get("/"),

  186. 		)

  187. 

  188. 		listener, err := net.Listen("tcp", conf.Stats.Prometheus.BindTo.Get(""))

  189. 		if err != nil {

  190. 			return nil, fmt.Errorf("cannot start a listener for prometheus: %w", err)

  191. 		}

  192. 

  193. 		go prometheus.Serve(listener) //nolint: errcheck

  194. 

  195. 		factories = append(factories, prometheus.Make)

  196. 	}

  197. 

  198. 	if len(factories) > 0 {

  199. 		return events.NewEventStream(factories), nil

  200. 	}

  201. 

  202. 	return events.NewNoopStream(), nil

  203. }

  204. 

  205. func runProxy(conf *config.Config, version string) error { //nolint: funlen

  206. 	logger := makeLogger(conf)

  207. 

  208. 	logger.BindJSON("configuration", conf.String()).Debug("configuration")

  209. 

  210. 	eventStream, err := makeEventStream(conf, logger)

  211. 	if err != nil {

  212. 		return fmt.Errorf("cannot build event stream: %w", err)

  213. 	}

  214. 

  215. 	ntw, err := makeNetwork(conf, version)

  216. 	if err != nil {

  217. 		return fmt.Errorf("cannot build network: %w", err)

  218. 	}

  219. 

  220. 	blocklist, err := makeIPBlocklist(

  221. 		conf.Defense.Blocklist,

  222. 		logger.Named("blocklist"),

  223. 		ntw,

  224. 		func(ctx context.Context, size int) {

  225. 			eventStream.Send(ctx, mtglib.NewEventIPListSize(size, true))

  226. 		})

  227. 	if err != nil {

  228. 		return fmt.Errorf("cannot build ip blocklist: %w", err)

  229. 	}

  230. 

  231. 	allowlist, err := makeIPAllowlist(

  232. 		conf.Defense.Allowlist,

  233. 		logger.Named("allowlist"),

  234. 		ntw,

  235. 		func(ctx context.Context, size int) {

  236. 			eventStream.Send(ctx, mtglib.NewEventIPListSize(size, false))

  237. 		},

  238. 	)

  239. 	if err != nil {

  240. 		return fmt.Errorf("cannot build ip allowlist: %w", err)

  241. 	}

  242. 

  243. 	doppelGangerURLs := make([]string, len(conf.Defense.Doppelganger.URLs))

  244. 	for i, v := range conf.Defense.Doppelganger.URLs {

  245. 		doppelGangerURLs[i] = v.String()

  246. 	}

  247. 

  248. 	opts := mtglib.ProxyOpts{

  249. 		Logger:          logger,

  250. 		Network:         ntw,

  251. 		AntiReplayCache: makeAntiReplayCache(conf),

  252. 		IPBlocklist:     blocklist,

  253. 		IPAllowlist:     allowlist,

  254. 		EventStream:     eventStream,

  255. 

  256. 		Secret:                      conf.Secret,

  257. 		Concurrency:                 conf.GetConcurrency(mtglib.DefaultConcurrency),

  258. 		DomainFrontingPort:          conf.GetDomainFrontingPort(mtglib.DefaultDomainFrontingPort),

  259. 		DomainFrontingIP:            conf.GetDomainFrontingIP(nil),

  260. 		DomainFrontingProxyProtocol: conf.GetDomainFrontingProxyProtocol(false),

  261. 		PreferIP:                    conf.PreferIP.Get(mtglib.DefaultPreferIP),

  262. 		AutoUpdate:                  conf.AutoUpdate.Get(false),

  263. 

  264. 		AllowFallbackOnUnknownDC: conf.AllowFallbackOnUnknownDC.Get(false),

  265. 		TolerateTimeSkewness:     conf.TolerateTimeSkewness.Value,

  266. 		IdleTimeout:              conf.Network.Timeout.Idle.Get(time.Minute),

  267. 

  268. 		DoppelGangerURLs:    doppelGangerURLs,

  269. 		DoppelGangerPerRaid: conf.Defense.Doppelganger.Repeats.Get(mtglib.DoppelGangerPerRaid),

  270. 		DoppelGangerEach:    conf.Defense.Doppelganger.UpdateEach.Get(mtglib.DoppelGangerEach),

  271. 		DoppelGangerDRS:     conf.Defense.Doppelganger.DRS.Get(false),

  272. 	}

  273. 

  274. 	proxy, err := mtglib.NewProxy(opts)

  275. 	if err != nil {

  276. 		return fmt.Errorf("cannot create a proxy: %w", err)

  277. 	}

  278. 

  279. 	listener, err := utils.NewListener(conf.BindTo.Get(""), 0)

  280. 	if err != nil {

  281. 		return fmt.Errorf("cannot start proxy: %w", err)

  282. 	}

  283. 

  284. 	if conf.ProxyProtocolListener.Get(false) {

  285. 		listener = &proxyprotocol.ListenerAdapter{

  286. 			Listener: proxyproto.Listener{

  287. 				Listener: listener,

  288. 			},

  289. 		}

  290. 	}

  291. 

  292. 	ctx := utils.RootContext()

  293. 

  294. 	go proxy.Serve(listener) //nolint: errcheck

  295. 

  296. 	<-ctx.Done()

  297. 	listener.Close() //nolint: errcheck

  298. 	proxy.Shutdown()

  299. 

  300. 	return nil

  301. }