nezha/cmd/dashboard/rpc/rpc.go

package rpc

import (
	"context"
	"fmt"
	"log"
	"net/http"
	"net/netip"
	"time"

	"github.com/goccy/go-json"
	"google.golang.org/grpc"
	"google.golang.org/grpc/metadata"
	"google.golang.org/grpc/peer"

	"github.com/hashicorp/go-uuid"
	"github.com/nezhahq/nezha/model"
	"github.com/nezhahq/nezha/pkg/utils"
	"github.com/nezhahq/nezha/proto"
	rpcService "github.com/nezhahq/nezha/service/rpc"
	"github.com/nezhahq/nezha/service/singleton"
)

func ServeRPC() *grpc.Server {
	server := grpc.NewServer(grpc.ChainUnaryInterceptor(getRealIp, waf))
	rpcService.NezhaHandlerSingleton = rpcService.NewNezhaHandler()
	proto.RegisterNezhaServiceServer(server, rpcService.NezhaHandlerSingleton)
	return server
}

func waf(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
	realip, _ := ctx.Value(model.CtxKeyRealIP{}).(string)
	if err := model.CheckIP(singleton.DB, realip); err != nil {
		return nil, err
	}
	return handler(ctx, req)
}

func getRealIp(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
	var ip, connectingIp string
	p, ok := peer.FromContext(ctx)
	if ok {
		addrPort, err := netip.ParseAddrPort(p.Addr.String())
		if err == nil {
			connectingIp = addrPort.Addr().String()
		}
	}
	ctx = context.WithValue(ctx, model.CtxKeyConnectingIP{}, connectingIp)

	if singleton.Conf.RealIPHeader == "" {
		return handler(ctx, req)
	}

	if singleton.Conf.RealIPHeader == model.ConfigUsePeerIP {
		if connectingIp == "" {
			return nil, fmt.Errorf("connecting ip not found")
		}
	} else {
		vals := metadata.ValueFromIncomingContext(ctx, singleton.Conf.RealIPHeader)
		if len(vals) == 0 {
			return nil, fmt.Errorf("real ip header not found")
		}
		var err error
		ip, err = utils.GetIPFromHeader(vals[0])
		if err != nil {
			return nil, err
		}
	}

	if singleton.Conf.Debug {
		log.Printf("NEZHA>> gRPC Agent Real IP: %s, connecting IP: %s\n", ip, connectingIp)
	}

	ctx = context.WithValue(ctx, model.CtxKeyRealIP{}, ip)
	return handler(ctx, req)
}

func DispatchTask(serviceSentinelDispatchBus <-chan *model.Service) {
	for task := range serviceSentinelDispatchBus {
		if task == nil {
			continue
		}

		switch task.Cover {
		case model.ServiceCoverIgnoreAll:
			for id, enabled := range task.SkipServers {
				if !enabled {
					continue
				}

				server, _ := singleton.ServerShared.Get(id)
				if server == nil || server.TaskStream == nil {
					continue
				}

				if canSendTaskToServer(task, server) {
					server.TaskStream.Send(task.PB())
				}
			}
		case model.ServiceCoverAll:
			for id, server := range singleton.ServerShared.Range {
				if server == nil || server.TaskStream == nil || task.SkipServers[id] {
					continue
				}

				if canSendTaskToServer(task, server) {
					server.TaskStream.Send(task.PB())
				}
			}
		}
	}
}

func DispatchKeepalive() {
	singleton.CronShared.AddFunc("@every 20s", func() {
		list := singleton.ServerShared.GetSortedList()
		for _, s := range list {
			if s == nil || s.TaskStream == nil {
				continue
			}
			s.TaskStream.Send(&proto.Task{Type: model.TaskTypeKeepalive})
		}
	})
}

func ServeNAT(w http.ResponseWriter, r *http.Request, natConfig *model.NAT) {
	server, _ := singleton.ServerShared.Get(natConfig.ServerID)
	if server == nil || server.TaskStream == nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write([]byte("server not found or not connected"))
		return
	}

	streamId, err := uuid.GenerateUUID()
	if err != nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write(fmt.Appendf(nil, "stream id error: %v", err))
		return
	}

	rpcService.NezhaHandlerSingleton.CreateStream(streamId)
	defer rpcService.NezhaHandlerSingleton.CloseStream(streamId)

	taskData, err := json.Marshal(model.TaskNAT{
		StreamID: streamId,
		Host:     natConfig.Host,
	})
	if err != nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write(fmt.Appendf(nil, "task data error: %v", err))
		return
	}

	if err := server.TaskStream.Send(&proto.Task{
		Type: model.TaskTypeNAT,
		Data: string(taskData),
	}); err != nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write(fmt.Appendf(nil, "send task error: %v", err))
		return
	}

	wWrapped, err := utils.NewRequestWrapper(r, w)
	if err != nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write(fmt.Appendf(nil, "request wrapper error: %v", err))
		return
	}

	if err := rpcService.NezhaHandlerSingleton.UserConnected(streamId, wWrapped); err != nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		w.Write(fmt.Appendf(nil, "user connected error: %v", err))
		return
	}

	rpcService.NezhaHandlerSingleton.StartStream(streamId, time.Second*10)
}

func canSendTaskToServer(task *model.Service, server *model.Server) bool {
	var role uint8
	singleton.UserLock.RLock()
	if u, ok := singleton.UserInfoMap[server.UserID]; !ok {
		role = model.RoleMember
	} else {
		role = u.Role
	}
	singleton.UserLock.RUnlock()

	return task.UserID == server.UserID || role == model.RoleAdmin
}
Web 服务 2019-12-08 03:59:58 -05:00			`package rpc`

			`import (`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`"context"`
refactor nat 2024-10-23 08:37:29 -04:00			`"fmt"`
fix: dashboard waf page 2024-11-30 08:33:18 -05:00			`"log"`
refactor nat 2024-10-23 08:37:29 -04:00			`"net/http"`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`"net/netip"`
refactor nat 2024-10-23 08:37:29 -04:00			`"time"`

feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`"github.com/goccy/go-json"`
Web 服务 2019-12-08 03:59:58 -05:00			`"google.golang.org/grpc"`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`"google.golang.org/grpc/metadata"`
			`"google.golang.org/grpc/peer"`
Web 服务 2019-12-08 03:59:58 -05:00
refactor nat 2024-10-23 08:37:29 -04:00			`"github.com/hashicorp/go-uuid"`
rename repo 2024-11-28 06:38:54 -05:00			`"github.com/nezhahq/nezha/model"`
			`"github.com/nezhahq/nezha/pkg/utils"`
			`"github.com/nezhahq/nezha/proto"`
			`rpcService "github.com/nezhahq/nezha/service/rpc"`
			`"github.com/nezhahq/nezha/service/singleton"`
Web 服务 2019-12-08 03:59:58 -05:00			`)`

add path check for multiplexer (#451) 2024-10-23 00:55:10 -04:00			`func ServeRPC() *grpc.Server {`
Revert "feat: grpc keepalive" This reverts commit b484fe53f0d3c49715daf59254024aecc23aefd7. 2024-12-04 09:46:02 -05:00			`server := grpc.NewServer(grpc.ChainUnaryInterceptor(getRealIp, waf))`
feat: 去除 webTerminal 的 websocket 依赖 2024-07-14 00:47:36 -04:00			`rpcService.NezhaHandlerSingleton = rpcService.NewNezhaHandler()`
refactor nat 2024-10-23 08:37:29 -04:00			`proto.RegisterNezhaServiceServer(server, rpcService.NezhaHandlerSingleton)`
fix agent connect 2024-10-22 11:44:50 -04:00			`return server`
Web 服务 2019-12-08 03:59:58 -05:00			`}`
💥 v2.0 必须更新面板，新增服务监控 2021-01-15 11:45:49 -05:00
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`func waf(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {`
update profile api (#16) * update profile api * rename * fix realip assertion * add waf api 2024-11-23 03:22:22 -05:00			`realip, _ := ctx.Value(model.CtxKeyRealIP{}).(string)`
			`if err := model.CheckIP(singleton.DB, realip); err != nil {`
improve: use stream reduce auth check time 2024-11-22 23:43:02 -05:00			`return nil, err`
			`}`
			`return handler(ctx, req)`
			`}`

feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`func getRealIp(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {`
refactor: fallback agent ip to connecting ip 2024-12-19 10:21:31 -05:00			`var ip, connectingIp string`
			`p, ok := peer.FromContext(ctx)`
			`if ok {`
			`addrPort, err := netip.ParseAddrPort(p.Addr.String())`
			`if err == nil {`
			`connectingIp = addrPort.Addr().String()`
			`}`
			`}`
			`ctx = context.WithValue(ctx, model.CtxKeyConnectingIP{}, connectingIp)`

feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`if singleton.Conf.RealIPHeader == "" {`
			`return handler(ctx, req)`
			`}`

			`if singleton.Conf.RealIPHeader == model.ConfigUsePeerIP {`
refactor: fallback agent ip to connecting ip 2024-12-19 10:21:31 -05:00			`if connectingIp == "" {`
			`return nil, fmt.Errorf("connecting ip not found")`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`}`
improve: use stream reduce auth check time 2024-11-22 23:43:02 -05:00			`} else {`
			`vals := metadata.ValueFromIncomingContext(ctx, singleton.Conf.RealIPHeader)`
			`if len(vals) == 0 {`
			`return nil, fmt.Errorf("real ip header not found")`
			`}`
			`var err error`
			`ip, err = utils.GetIPFromHeader(vals[0])`
			`if err != nil {`
			`return nil, err`
			`}`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`}`

fix: dashboard waf page 2024-11-30 08:33:18 -05:00			`if singleton.Conf.Debug {`
refactor: fallback agent ip to connecting ip 2024-12-19 10:21:31 -05:00			`log.Printf("NEZHA>> gRPC Agent Real IP: %s, connecting IP: %s\n", ip, connectingIp)`
fix: dashboard waf page 2024-11-30 08:33:18 -05:00			`}`

fix: waf condition 2024-11-22 21:21:01 -05:00			`ctx = context.WithValue(ctx, model.CtxKeyRealIP{}, ip)`
feat: grpc / web get real ip 2024-11-21 11:19:36 -05:00			`return handler(ctx, req)`
			`}`

refactor: simplify server & service manipulation (#993) * refactor: simplify server & service manipulation * update * fix * update for nat, ddns & notification * chore * update cron * update dependencies * use of function iterators * update default dns servers 2025-02-21 10:08:12 -05:00			`func DispatchTask(serviceSentinelDispatchBus <-chan *model.Service) {`
✨ dashboard: 服务监控请求时间间隔 2021-09-02 11:45:21 -04:00			`for task := range serviceSentinelDispatchBus {`
refactor: simplify server & service manipulation (#993) * refactor: simplify server & service manipulation * update * fix * update for nat, ddns & notification * chore * update cron * update dependencies * use of function iterators * update default dns servers 2025-02-21 10:08:12 -05:00			`if task == nil {`
			`continue`
			`}`

fix: ConfigCache not copied affer server updates (#1008) * fix: ConfigCache not copied affer server updates * fix: server list not updated when dispatching tasks * improve * reuse logic 2025-02-26 07:48:54 -05:00			`switch task.Cover {`
			`case model.ServiceCoverIgnoreAll:`
			`for id, enabled := range task.SkipServers {`
			`if !enabled {`
			`continue`
feat: user roles (#852) * [WIP] feat: user roles * update * update * admin handler * update * feat: user-specific connection secret * simplify some logics * cleanup * update waf * update user api error handling * update waf api * fix codeql * update waf table * fix several problems * add pagination for waf api * update permission checks * switch to runtime check * 1 * cover? * some changes 2024-12-21 11:05:41 -05:00			`}`
fix: ConfigCache not copied affer server updates (#1008) * fix: ConfigCache not copied affer server updates * fix: server list not updated when dispatching tasks * improve * reuse logic 2025-02-26 07:48:54 -05:00
			`server, _ := singleton.ServerShared.Get(id)`
			`if server == nil \|\| server.TaskStream == nil {`
			`continue`
			`}`

			`if canSendTaskToServer(task, server) {`
			`server.TaskStream.Send(task.PB())`
feat: user roles (#852) * [WIP] feat: user roles * update * update * admin handler * update * feat: user-specific connection secret * simplify some logics * cleanup * update waf * update user api error handling * update waf api * fix codeql * update waf table * fix several problems * add pagination for waf api * update permission checks * switch to runtime check * 1 * cover? * some changes 2024-12-21 11:05:41 -05:00			`}`
feat: add network monitor hitory (#316) · 三网ping * feat: add network monitor hitory * fix: revert proto change and add indexStore * fix: update monitor delete unuse monitor history * fix: delete unuse monitor type --------- Co-authored-by: LvGJ <lvgj1998@gmail.com> 2024-02-12 01:16:04 -05:00			`}`
fix: ConfigCache not copied affer server updates (#1008) * fix: ConfigCache not copied affer server updates * fix: server list not updated when dispatching tasks * improve * reuse logic 2025-02-26 07:48:54 -05:00			`case model.ServiceCoverAll:`
			`for id, server := range singleton.ServerShared.Range {`
			`if server == nil \|\| server.TaskStream == nil \|\| task.SkipServers[id] {`
			`continue`
feat: user roles (#852) * [WIP] feat: user roles * update * update * admin handler * update * feat: user-specific connection secret * simplify some logics * cleanup * update waf * update user api error handling * update waf api * fix codeql * update waf table * fix several problems * add pagination for waf api * update permission checks * switch to runtime check * 1 * cover? * some changes 2024-12-21 11:05:41 -05:00			`}`
fix: ConfigCache not copied affer server updates (#1008) * fix: ConfigCache not copied affer server updates * fix: server list not updated when dispatching tasks * improve * reuse logic 2025-02-26 07:48:54 -05:00
			`if canSendTaskToServer(task, server) {`
			`server.TaskStream.Send(task.PB())`
feat: user roles (#852) * [WIP] feat: user roles * update * update * admin handler * update * feat: user-specific connection secret * simplify some logics * cleanup * update waf * update user api error handling * update waf api * fix codeql * update waf table * fix several problems * add pagination for waf api * update permission checks * switch to runtime check * 1 * cover? * some changes 2024-12-21 11:05:41 -05:00			`}`
feat: add network monitor hitory (#316) · 三网ping * feat: add network monitor hitory * fix: revert proto change and add indexStore * fix: update monitor delete unuse monitor history * fix: delete unuse monitor type --------- Co-authored-by: LvGJ <lvgj1998@gmail.com> 2024-02-12 01:16:04 -05:00			`}`
💥 v2.0 必须更新面板，新增服务监控 2021-01-15 11:45:49 -05:00			`}`
			`}`
			`}`
:sparkles: 反向代理 gRPC 端口（支持 Cloudflare CDN） 2021-11-10 23:49:54 -05:00
Revert "feat: grpc keepalive" This reverts commit b484fe53f0d3c49715daf59254024aecc23aefd7. 2024-12-04 09:46:02 -05:00			`func DispatchKeepalive() {`
refactor: simplify server & service manipulation (#993) * refactor: simplify server & service manipulation * update * fix * update for nat, ddns & notification * chore * update cron * update dependencies * use of function iterators * update default dns servers 2025-02-21 10:08:12 -05:00			`singleton.CronShared.AddFunc("@every 20s", func() {`
			`list := singleton.ServerShared.GetSortedList()`
			`for _, s := range list {`
			`if s == nil \|\| s.TaskStream == nil {`
Revert "feat: grpc keepalive" This reverts commit b484fe53f0d3c49715daf59254024aecc23aefd7. 2024-12-04 09:46:02 -05:00			`continue`
			`}`
refactor: simplify server & service manipulation (#993) * refactor: simplify server & service manipulation * update * fix * update for nat, ddns & notification * chore * update cron * update dependencies * use of function iterators * update default dns servers 2025-02-21 10:08:12 -05:00			`s.TaskStream.Send(&proto.Task{Type: model.TaskTypeKeepalive})`
Revert "feat: grpc keepalive" This reverts commit b484fe53f0d3c49715daf59254024aecc23aefd7. 2024-12-04 09:46:02 -05:00			`}`
			`})`
			`}`

refactor nat 2024-10-23 08:37:29 -04:00			`func ServeNAT(w http.ResponseWriter, r http.Request, natConfig model.NAT) {`
refactor: simplify server & service manipulation (#993) * refactor: simplify server & service manipulation * update * fix * update for nat, ddns & notification * chore * update cron * update dependencies * use of function iterators * update default dns servers 2025-02-21 10:08:12 -05:00			`server, _ := singleton.ServerShared.Get(natConfig.ServerID)`
refactor nat 2024-10-23 08:37:29 -04:00			`if server == nil \|\| server.TaskStream == nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
			`w.Write([]byte("server not found or not connected"))`
			`return`
			`}`

			`streamId, err := uuid.GenerateUUID()`
			`if err != nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`w.Write(fmt.Appendf(nil, "stream id error: %v", err))`
refactor nat 2024-10-23 08:37:29 -04:00			`return`
			`}`

			`rpcService.NezhaHandlerSingleton.CreateStream(streamId)`
			`defer rpcService.NezhaHandlerSingleton.CloseStream(streamId)`

feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`taskData, err := json.Marshal(model.TaskNAT{`
refactor nat 2024-10-23 08:37:29 -04:00			`StreamID: streamId,`
			`Host: natConfig.Host,`
			`})`
			`if err != nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`w.Write(fmt.Appendf(nil, "task data error: %v", err))`
refactor nat 2024-10-23 08:37:29 -04:00			`return`
			`}`

			`if err := server.TaskStream.Send(&proto.Task{`
			`Type: model.TaskTypeNAT,`
			`Data: string(taskData),`
			`}); err != nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`w.Write(fmt.Appendf(nil, "send task error: %v", err))`
refactor nat 2024-10-23 08:37:29 -04:00			`return`
			`}`

			`wWrapped, err := utils.NewRequestWrapper(r, w)`
			`if err != nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`w.Write(fmt.Appendf(nil, "request wrapper error: %v", err))`
refactor nat 2024-10-23 08:37:29 -04:00			`return`
			`}`

			`if err := rpcService.NezhaHandlerSingleton.UserConnected(streamId, wWrapped); err != nil {`
			`w.WriteHeader(http.StatusServiceUnavailable)`
feat: update to go1.24 & support listening https (#1002) * feat: support listening https * refactor * modernize * support snake case in config * more precise control of config fields * update goreleaser config * remove kubeyaml * fix: expose agent_secret * chore 2025-02-28 09:02:54 -05:00			`w.Write(fmt.Appendf(nil, "user connected error: %v", err))`
refactor nat 2024-10-23 08:37:29 -04:00			`return`
			`}`

			`rpcService.NezhaHandlerSingleton.StartStream(streamId, time.Second*10)`
			`}`
fix: ConfigCache not copied affer server updates (#1008) * fix: ConfigCache not copied affer server updates * fix: server list not updated when dispatching tasks * improve * reuse logic 2025-02-26 07:48:54 -05:00
			`func canSendTaskToServer(task model.Service, server model.Server) bool {`
			`var role uint8`
			`singleton.UserLock.RLock()`
			`if u, ok := singleton.UserInfoMap[server.UserID]; !ok {`
			`role = model.RoleMember`
			`} else {`
			`role = u.Role`
			`}`
			`singleton.UserLock.RUnlock()`

			`return task.UserID == server.UserID \|\| role == model.RoleAdmin`
			`}`