mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-09-28 19:19:22 +03:00
fix(ip-restriction): protect usrIpRstrct from concurrent access
This commit is contained in:
parent
6a0ff0efce
commit
e1843be1c8
|
@ -5,6 +5,7 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/xtls/xray-core/common"
|
"github.com/xtls/xray-core/common"
|
||||||
|
@ -35,6 +36,8 @@ func init() {
|
||||||
|
|
||||||
// Server is an inbound connection handler that handles messages in trojan protocol.
|
// Server is an inbound connection handler that handles messages in trojan protocol.
|
||||||
type Server struct {
|
type Server struct {
|
||||||
|
sync.Mutex
|
||||||
|
|
||||||
policyManager policy.Manager
|
policyManager policy.Manager
|
||||||
validator *Validator
|
validator *Validator
|
||||||
fallbacks map[string]map[string]map[string]*Fallback // or nil
|
fallbacks map[string]map[string]map[string]*Fallback // or nil
|
||||||
|
@ -225,12 +228,15 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con
|
||||||
addr := conn.RemoteAddr().(*net.TCPAddr)
|
addr := conn.RemoteAddr().(*net.TCPAddr)
|
||||||
|
|
||||||
uniqueIps := make(map[string]bool)
|
uniqueIps := make(map[string]bool)
|
||||||
|
|
||||||
|
s.Lock()
|
||||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||||
for _, conn := range *usrIpRstrct {
|
for _, conn := range *usrIpRstrct {
|
||||||
if conn.User == user.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
if conn.User == user.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||||
uniqueIps[conn.IpAddress.String()] = true
|
uniqueIps[conn.IpAddress.String()] = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
s.Unlock()
|
||||||
|
|
||||||
if (len(uniqueIps) >= int(user.IpLimit)) {
|
if (len(uniqueIps) >= int(user.IpLimit)) {
|
||||||
return newError("User ", user, " has exceeded their allowed IPs.").AtWarning()
|
return newError("User ", user, " has exceeded their allowed IPs.").AtWarning()
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
@ -53,6 +54,8 @@ func init() {
|
||||||
|
|
||||||
// Handler is an inbound connection handler that handles messages in VLess protocol.
|
// Handler is an inbound connection handler that handles messages in VLess protocol.
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
|
sync.Mutex
|
||||||
|
|
||||||
inboundHandlerManager feature_inbound.Manager
|
inboundHandlerManager feature_inbound.Manager
|
||||||
policyManager policy.Manager
|
policyManager policy.Manager
|
||||||
validator *vless.Validator
|
validator *vless.Validator
|
||||||
|
@ -451,12 +454,15 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
||||||
addr := connection.RemoteAddr().(*net.TCPAddr)
|
addr := connection.RemoteAddr().(*net.TCPAddr)
|
||||||
|
|
||||||
uniqueIps := make(map[string]bool)
|
uniqueIps := make(map[string]bool)
|
||||||
|
|
||||||
|
h.Lock()
|
||||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||||
for _, conn := range *usrIpRstrct {
|
for _, conn := range *usrIpRstrct {
|
||||||
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||||
uniqueIps[conn.IpAddress.String()] = true
|
uniqueIps[conn.IpAddress.String()] = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
h.Unlock()
|
||||||
|
|
||||||
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
||||||
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
||||||
|
|
|
@ -97,6 +97,8 @@ func (v *userByEmail) Remove(email string) bool {
|
||||||
|
|
||||||
// Handler is an inbound connection handler that handles messages in VMess protocol.
|
// Handler is an inbound connection handler that handles messages in VMess protocol.
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
|
sync.Mutex
|
||||||
|
|
||||||
policyManager policy.Manager
|
policyManager policy.Manager
|
||||||
inboundHandlerManager feature_inbound.Manager
|
inboundHandlerManager feature_inbound.Manager
|
||||||
clients *vmess.TimedUserValidator
|
clients *vmess.TimedUserValidator
|
||||||
|
@ -268,12 +270,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
||||||
addr := connection.RemoteAddr().(*net.TCPAddr)
|
addr := connection.RemoteAddr().(*net.TCPAddr)
|
||||||
|
|
||||||
uniqueIps := make(map[string]bool)
|
uniqueIps := make(map[string]bool)
|
||||||
|
h.Lock()
|
||||||
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
|
||||||
for _, conn := range *usrIpRstrct {
|
for _, conn := range *usrIpRstrct {
|
||||||
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
|
||||||
uniqueIps[conn.IpAddress.String()] = true
|
uniqueIps[conn.IpAddress.String()] = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
h.Unlock()
|
||||||
|
|
||||||
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
if (len(uniqueIps) >= int(request.User.IpLimit)) {
|
||||||
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()
|
||||||
|
|
Loading…
Reference in New Issue