修复http 么加密时被扫描问题改成数据路径增加扫描难度建议配置https XTLS/Xray-core#3884 (comment)

qist · Oct 6, 2024 · f9ce6aa · f9ce6aa
1 parent 9a30bbf
commit f9ce6aa
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 10 deletions.
diff --git a/config/version b/config/version
@@ -1 +1 @@
-24.9.19
+24.10.6
diff --git a/install.sh b/install.sh
@@ -141,6 +141,18 @@ install_base() {
         apt update && apt install wget curl tar lsof gzip -y
     fi
 }
+generate_random_string() {
+    local n=$1
+    # 定义数字、大写字母和小写字母的集合
+    local characters='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+
+    # 生成随机字符并限制在指定字符集中
+    # 从 /dev/urandom 生成随机字节，使用 tr 进行过滤
+    local random_string=$(cat /dev/urandom | tr -dc "$characters" | fold -w "$n" | head -n 1)
+
+    echo "$random_string"
+}
+
 install_xray-ui() {
     systemctl stop xray-ui
     cd /usr/local/
@@ -202,7 +214,7 @@ EOF
     echo "0 1 1 * *  root xray-ui restart >/dev/null 2>&1" >>/etc/crontab
     sleep 1
     echo -e ""
-    blue "以下设置内容建议自定义，以防止账号密码及端口泄露"
+    blue "以下设置内容建议自定义，以防止账号密码路径及端口泄露"
     echo -e ""
     readp "设置xray-ui登录用户名（回车跳过为随机6位字符）：" username
     if [[ -z ${username} ]]; then
@@ -235,16 +247,24 @@ EOF
     /usr/local/xray-ui/xray-ui setting -port $port >/dev/null 2>&1
     green "xray-ui登录端口：${port}"
     sleep 1
+    echo -e ""
+    readp "设置xray-ui web 路径 （回车跳过为随机10位字符）：" path
+    if [[ -z ${path} ]]; then
+        path=$(generate_random_string 10)
+    fi
+    /usr/local/xray-ui/xray-ui setting -path $path >/dev/null 2>&1
+    green "xray-ui web 路径：${path}"
+    sleep 1
     xray-ui restart
     xuilogin() {
         v4=$(curl -s4m8 http://ip.sb -k)
         v6=$(curl -s6m8 http://ip.sb -k)
         if [[ -z $v4 ]]; then
-            int="${green}请在浏览器地址栏复制${plain}  ${bblue}[$v6]:$ports${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
+            int="${green}请在浏览器地址栏复制${plain}  ${bblue}[$v6]:$ports/$path${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
         elif [[ -n $v4 && -n $v6 ]]; then
-            int="${green}请在浏览器地址栏复制${plain}  ${bblue}$v4:$ports${plain}  ${yellow}或者${plain}  ${bblue}[$v6]:$ports${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
+            int="${green}请在浏览器地址栏复制${plain}  ${bblue}$v4:$ports/$path${plain}  ${yellow}或者${plain}  ${bblue}[$v6]:$ports${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
         else
-            int="${green}请在浏览器地址栏复制${plain}  ${bblue}$v4:$ports${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
+            int="${green}请在浏览器地址栏复制${plain}  ${bblue}$v4:$ports/$path${plain}  ${green}进入xray-ui登录界面\n当前xray-ui登录用户名：${plain}${bblue}${username}${plain}${green} \n当前xray-ui登录密码：${plain}${bblue}${password}${plain}"
         fi
     }
     ports=$(/usr/local/xray-ui/xray-ui 2>&1 | grep tcp | awk '{print $5}' | sed "s/://g")

diff --git a/main.go b/main.go
@@ -98,6 +98,10 @@ func showSetting(show bool) {
 		if err != nil {
 			fmt.Println("get current port fialed,error info:", err)
 		}
+		path, err := settingService.GetBasePath()
+		if err != nil {
+			fmt.Println("get current path fialed,error info:", err)
+		}
 		userService := service.UserService{}
 		userModel, err := userService.GetFirstUser()
 		if err != nil {
@@ -112,9 +116,10 @@ func showSetting(show bool) {
 		fmt.Println("登录用户名:", username)
 		fmt.Println("登录密码:", userpasswd)
 		fmt.Println("登录端口:", port)
+		fmt.Println("路径:", path)
 	}
 }
-
+ 
 func updateTgbotEnableSts(status bool) {
 	settingService := service.SettingService{}
 	currentTgSts, err := settingService.GetTgbotenabled()
@@ -175,7 +180,7 @@ func updateTgbotSetting(tgBotToken string, tgBotChatid int, tgBotRuntime string)
 	}
 }
 
-func updateSetting(port int, username string, password string, listen  string) {
+func updateSetting(port int, username string, password string, listen  string, path string) {
 	err := database.InitDB(config.GetDBPath())
 	if err != nil {
 		fmt.Println(err)
@@ -209,6 +214,14 @@ func updateSetting(port int, username string, password string, listen  string) {
 			fmt.Printf("set listen %v success", listen)
 		}		 
 	}
+	if path != "" {
+		err := settingService.SetBasePath(path)
+		if err != nil {
+			fmt.Println("set path failed:", err)
+		} else {
+			fmt.Printf("set path %v success", path)
+		}		 
+	}
 }
 
 func UpdateAllip() {
@@ -271,6 +284,7 @@ func main() {
 
 	var port int
 	var listen string
+	var path string
 	var username string
 	var password string
 	var tgbottoken string
@@ -283,6 +297,7 @@ func main() {
 	settingCmd.BoolVar(&show, "show", false, "show current settings")
 	settingCmd.IntVar(&port, "port", 0, "set panel port")
 	settingCmd.StringVar(&listen, "listen", "", "set panel listen")
+	settingCmd.StringVar(&path, "path", "", "set panel path")
 	settingCmd.StringVar(&username, "username", "", "set login username")
 	settingCmd.StringVar(&password, "password", "", "set login password")
 	settingCmd.StringVar(&tgbottoken, "tgbottoken", "", "set telegrame bot token")
@@ -334,7 +349,7 @@ func main() {
 		if reset {
 			resetSetting()
 		} else {
-			updateSetting(port, username, password, listen)
+			updateSetting(port, username, password, listen, path)
 		}
 		if show {
 			showSetting(show)

diff --git a/web/service/setting.go b/web/service/setting.go
@@ -287,6 +287,10 @@ func (s *SettingService) GetBasePath() (string, error) {
 	return basePath, nil
 }
 
+func (s *SettingService) SetBasePath(path string) error {
+	return s.setString("webBasePath", "/" + path + "/")
+}
+
 func (s *SettingService) GetTimeLocation() (*time.Location, error) {
 	l, err := s.getString("timeLocation")
 	if err != nil {
@@ -320,4 +324,4 @@ func (s *SettingService) UpdateAllSetting(allSetting *entity.AllSetting) error {
 		}
 	}
 	return common.Combine(errs...)
-}
+}
diff --git a/xray-ui.sh b/xray-ui.sh
@@ -248,6 +248,20 @@ reset_user() {
     confirm_restart
 }
 
+reset_path() {
+    confirm "确定要将访问路径随机10位字符吗" "n"
+    if [[ $? != 0 ]]; then
+        if [[ $# == 0 ]]; then
+            show_menu
+        fi
+        return 0
+    fi
+    path_random=$(generate_random_string 10)
+    /usr/local/xray-ui/xray-ui setting -path ${path_random} >/dev/null 2>&1
+    green "xray-ui路径：${path_random}"
+    confirm_restart
+}
+
 reset_config() {
     confirm "确定要重置所有面板设置吗，账号数据不会丢失，用户名和密码不会改变" "n"
     if [[ $? != 0 ]]; then
@@ -531,6 +545,18 @@ show_xray_status() {
     fi
 }
 
+generate_random_string() {
+    local n=$1
+    # 定义数字、大写字母和小写字母的集合
+    local characters='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+
+    # 生成随机字符并限制在指定字符集中
+    # 从 /dev/urandom 生成随机字节，使用 tr 进行过滤
+    local random_string=$(cat /dev/urandom | tr -dc "$characters" | fold -w "$n" | head -n 1)
+
+    echo "$random_string"
+}
+
 install_acme() {
     cd ~
     LOGI "正在安装 acme..."
@@ -804,6 +830,7 @@ show_menu() {
   ${green}18.${plain} 添加geoip到任务计划
   ${green}19.${plain} SSL 证书管理
   ${green}20.${plain} Cloudflare SSL 证书
+  ${green}21.${plain} 重置web 路径
  "
     show_status
     echo "------------------------------------------"
@@ -888,8 +915,11 @@ show_menu() {
     20)
         ssl_cert_issue_CF
         ;;
+    21)
+        check_install && reset_path
+        ;;
     *)
-        echo -e "${red}请输入正确的数字 [0-18]${plain}"
+        echo -e "${red}请输入正确的数字 [0-21]${plain}"
         ;;
     esac
 }