#![allow(dead_code)] #[macro_use] extern crate rust_i18n; use std::net::IpAddr; use std::sync::Arc; use clap::Parser; use easytier::tunnel::websocket::WSTunnelListener; use easytier::{ common::{ config::{ConsoleLoggerConfig, FileLoggerConfig, LoggingConfigLoader}, constants::EASYTIER_VERSION, error::Error, log, network::{local_ipv4, local_ipv6}, }, tunnel::{tcp::TcpTunnelListener, udp::UdpTunnelListener, TunnelListener}, utils::setup_panic_handler, }; use mimalloc::MiMalloc; mod client_manager; mod db; mod migrator; mod restful; mod webhook; #[cfg(feature = "embed")] mod web; #[global_allocator] static GLOBAL_MIMALLOC: MiMalloc = MiMalloc; rust_i18n::i18n!("locales", fallback = "en"); #[derive(Parser, Debug)] #[command(name = "easytier-web", author, version = EASYTIER_VERSION , about, long_about = None)] struct Cli { #[arg(short, long, default_value = "et.db", help = t!("cli.db").to_string())] db: String, #[arg( long, help = t!("cli.console_log_level").to_string(), )] console_log_level: Option, #[arg( long, help = t!("cli.file_log_level").to_string(), )] file_log_level: Option, #[arg( long, help = t!("cli.file_log_dir").to_string(), )] file_log_dir: Option, #[arg( long, short='c', default_value = "22020", help = t!("cli.config_server_port").to_string(), )] config_server_port: u16, #[arg( long, short='p', default_value = "udp", help = t!("cli.config_server_protocol").to_string(), )] config_server_protocol: String, #[arg( long, short='a', default_value = "11211", help = t!("cli.api_server_port").to_string(), )] api_server_port: u16, #[arg( long, default_value = "0.0.0.0", help = t!("cli.api_server_addr").to_string(), )] api_server_addr: IpAddr, #[arg( long, help = t!("cli.geoip_db").to_string(), )] geoip_db: Option, #[cfg(feature = "embed")] #[arg( long, short='l', help = t!("cli.web_server_port").to_string(), )] web_server_port: Option, #[cfg(feature = "embed")] #[arg( long, default_value = "0.0.0.0", help = t!("cli.web_server_addr").to_string(), )] web_server_addr: IpAddr, #[cfg(feature = "embed")] #[arg( long, help = t!("cli.no_web").to_string(), default_value = "false" )] no_web: bool, #[cfg(feature = "embed")] #[arg( long, help = t!("cli.api_host").to_string() )] api_host: Option, #[command(flatten)] feature_flags: FeatureFlags, #[command(flatten)] oidc: restful::oidc::OidcOptions, #[command(flatten)] webhook: WebhookOptions, } #[derive(Debug, Clone, Default, clap::Args)] pub struct WebhookOptions { /// Base URL of the webhook endpoint for token validation and event delivery. /// When set, incoming tokens are validated via this webhook before local fallback. #[arg(long)] pub webhook_url: Option, /// Shared secret used to authenticate outbound webhook calls. #[arg(long)] pub webhook_secret: Option, /// Token for X-Internal-Auth header. When set, API requests with this header /// bypass session authentication. #[arg(long)] pub internal_auth_token: Option, /// Stable identifier for this easytier-web instance when routing webhook callbacks. #[arg(long)] pub web_instance_id: Option, /// Reachable base URL for this easytier-web instance's internal REST API. #[arg(long)] pub web_instance_api_base_url: Option, } #[derive(Debug, Clone, Default, clap::Args)] pub struct FeatureFlags { /// Whether user registration via the web UI is disabled. #[arg(long, default_value = "false", help = t!("cli.disable_registration").to_string())] pub disable_registration: bool, /// Whether to auto-create users when they connect via heartbeat with an unknown token. #[arg(long, default_value = "false", help = t!("cli.allow_auto_create_user").to_string())] pub allow_auto_create_user: bool, } impl LoggingConfigLoader for &Cli { fn get_console_logger_config(&self) -> ConsoleLoggerConfig { ConsoleLoggerConfig { level: self.console_log_level.clone(), } } fn get_file_logger_config(&self) -> FileLoggerConfig { FileLoggerConfig { dir: self.file_log_dir.clone(), level: self.file_log_level.clone(), file: None, size_mb: None, count: None, } } } pub fn get_listener_by_url(l: &url::Url) -> Result, Error> { Ok(match l.scheme() { "tcp" => Box::new(TcpTunnelListener::new(l.clone())), "udp" => Box::new(UdpTunnelListener::new(l.clone())), "ws" => Box::new(WSTunnelListener::new(l.clone())), _ => { return Err(Error::InvalidUrl(l.to_string())); } }) } async fn get_dual_stack_listener( protocol: &str, port: u16, ) -> Result< ( Option>, Option>, ), Error, > { let is_protocol_support_dual_stack = protocol.trim().to_lowercase() == "tcp" || protocol.trim().to_lowercase() == "udp"; let v6_listener = if is_protocol_support_dual_stack && local_ipv6().await.is_ok() { get_listener_by_url(&format!("{}://[::0]:{}", protocol, port).parse().unwrap()).ok() } else { None }; let v4_listener = if local_ipv4().await.is_ok() { get_listener_by_url(&format!("{}://0.0.0.0:{}", protocol, port).parse().unwrap()).ok() } else { None }; Ok((v6_listener, v4_listener)) } #[tokio::main(flavor = "multi_thread", worker_threads = 4)] async fn main() { let locale = sys_locale::get_locale().unwrap_or_else(|| String::from("en-US")); rust_i18n::set_locale(&locale); setup_panic_handler(); let cli = Cli::parse(); log::init(&cli, false).unwrap(); // Validate OIDC configuration: check split-deploy specific requirements // Basic OIDC parameter validation is handled in OidcConfig::from_params if cli.oidc.any_param_provided() { let is_split_deploy = { #[cfg(feature = "embed")] { let embed_split_by_port = cli.web_server_port.is_some() && cli.web_server_port != Some(cli.api_server_port); cli.no_web || embed_split_by_port } #[cfg(not(feature = "embed"))] { true } }; if is_split_deploy && cli.oidc.oidc_frontend_base_url.is_none() { eprintln!("Error: --oidc-frontend-base-url is required in split-deploy mode"); eprintln!( "When frontend and API are deployed separately, you must specify the frontend URL" ); eprintln!("Example: --oidc-frontend-base-url http://your-frontend-domain.com"); std::process::exit(1); } } // let db = db::Db::new(":memory:").await.unwrap(); let db = db::Db::new(cli.db).await.unwrap(); let feature_flags = Arc::new(cli.feature_flags); let webhook_config = Arc::new(webhook::WebhookConfig::new( cli.webhook.webhook_url, cli.webhook.webhook_secret, cli.webhook.internal_auth_token, cli.webhook.web_instance_id, cli.webhook.web_instance_api_base_url, )); let mut mgr = client_manager::ClientManager::new( db.clone(), cli.geoip_db, feature_flags.clone(), webhook_config.clone(), ); let (v6_listener, v4_listener) = get_dual_stack_listener(&cli.config_server_protocol, cli.config_server_port) .await .unwrap(); if v4_listener.is_none() && v6_listener.is_none() { panic!("Listen to both IPv4 and IPv6 failed"); } if let Some(listener) = v6_listener { mgr.add_listener(listener).await.unwrap(); } if let Some(listener) = v4_listener { mgr.add_listener(listener).await.unwrap(); } let mgr = Arc::new(mgr); #[cfg(feature = "embed")] let (web_router_restful, web_router_static) = if cli.no_web { (None, None) } else { let web_router = web::build_router(cli.api_host.clone()); if cli.web_server_port.is_none() || (cli.web_server_port == Some(cli.api_server_port) && cli.web_server_addr == cli.api_server_addr) { (Some(web_router), None) } else { (None, Some(web_router)) } }; #[cfg(not(feature = "embed"))] let web_router_restful = None; let oidc_config = if cli.oidc.oidc_issuer_url.is_some() { match restful::oidc::OidcConfig::from_params(cli.oidc).await { Ok(config) => config, Err(e) => { eprintln!("Failed to initialize OIDC: {:?}", e); eprintln!("Please check your OIDC configuration (issuer URL, client ID, etc.)"); std::process::exit(1); } } } else { restful::oidc::OidcConfig::disabled() }; let _restful_server_tasks = restful::RestfulServer::new( std::net::SocketAddr::new(cli.api_server_addr, cli.api_server_port), mgr.clone(), db, web_router_restful, feature_flags, oidc_config, webhook_config, ) .await .unwrap() .start() .await .unwrap(); #[cfg(feature = "embed")] let _web_server_task = if let Some(web_router) = web_router_static { Some( web::WebServer::new( std::net::SocketAddr::new(cli.web_server_addr, cli.web_server_port.unwrap_or(0)), web_router, ) .await .unwrap() .start() .await .unwrap(), ) } else { None }; tokio::signal::ctrl_c().await.unwrap(); }