fix(ip-restriction): protect usrIpRstrct from concurrent access

This commit is contained in:
amir-devman 2023-07-19 23:16:29 +00:00
parent 6a0ff0efce
commit e1843be1c8
3 changed files with 16 additions and 0 deletions

View file

@ -5,6 +5,7 @@ import (
"io"
"strconv"
"strings"
"sync"
"time"
"github.com/xtls/xray-core/common"
@ -35,6 +36,8 @@ func init() {
// Server is an inbound connection handler that handles messages in trojan protocol.
type Server struct {
sync.Mutex
policyManager policy.Manager
validator *Validator
fallbacks map[string]map[string]map[string]*Fallback // or nil
@ -225,12 +228,15 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con
addr := conn.RemoteAddr().(*net.TCPAddr)
uniqueIps := make(map[string]bool)
s.Lock()
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
for _, conn := range *usrIpRstrct {
if conn.User == user.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
uniqueIps[conn.IpAddress.String()] = true
}
}
s.Unlock()
if (len(uniqueIps) >= int(user.IpLimit)) {
return newError("User ", user, " has exceeded their allowed IPs.").AtWarning()

View file

@ -10,6 +10,7 @@ import (
"reflect"
"strconv"
"strings"
"sync"
"syscall"
"time"
"unsafe"
@ -53,6 +54,8 @@ func init() {
// Handler is an inbound connection handler that handles messages in VLess protocol.
type Handler struct {
sync.Mutex
inboundHandlerManager feature_inbound.Manager
policyManager policy.Manager
validator *vless.Validator
@ -451,12 +454,15 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
addr := connection.RemoteAddr().(*net.TCPAddr)
uniqueIps := make(map[string]bool)
h.Lock()
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
for _, conn := range *usrIpRstrct {
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
uniqueIps[conn.IpAddress.String()] = true
}
}
h.Unlock()
if (len(uniqueIps) >= int(request.User.IpLimit)) {
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()

View file

@ -97,6 +97,8 @@ func (v *userByEmail) Remove(email string) bool {
// Handler is an inbound connection handler that handles messages in VMess protocol.
type Handler struct {
sync.Mutex
policyManager policy.Manager
inboundHandlerManager feature_inbound.Manager
clients *vmess.TimedUserValidator
@ -268,12 +270,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
addr := connection.RemoteAddr().(*net.TCPAddr)
uniqueIps := make(map[string]bool)
h.Lock()
// Iterate through the connections and find unique used IP addresses withing last 30 seconds.
for _, conn := range *usrIpRstrct {
if conn.User == request.User.Email && !conn.IpAddress.Equal(addr.IP) && ((time.Now().Unix() - conn.Time) < 30) {
uniqueIps[conn.IpAddress.String()] = true
}
}
h.Unlock()
if (len(uniqueIps) >= int(request.User.IpLimit)) {
return newError("User ", request.User.Email, " has exceeded their allowed IPs.").AtWarning()