mirror of https://github.com/telemt/telemt.git
Compare commits
17 Commits
9e24b1b584
...
7bcaca914f
| Author | SHA1 | Date |
|---|---|---|
Saman
|
7bcaca914f | |
|
Alexey
|
a95678988a | |
|
Alexey
|
b17482ede3 | |
|
Alexey
|
e7a1d26e6e | |
|
Alexey
|
b91c6cb339 | |
|
Alexey
|
c4e7f54cbe | |
|
Alexey
|
f85205d48d | |
|
Alexey
|
d767ec02ee | |
|
Alexey
|
88a4c652b6 | |
|
Alexey
|
ea2d964502 | |
|
Alexey
|
3055637571 | |
|
Alexey
|
19b84b9d73 | |
|
Alexey
|
6ead8b1922 | |
|
Alexey
|
63aa1038c0 | |
|
Alexey
|
24594e648e | |
|
Alexey
|
e8b38ea860 | |
|
SamNet-dev
|
b9eb1406bb |
|
|
@ -4,136 +4,213 @@ on:
|
|||
push:
|
||||
tags:
|
||||
- '[0-9]+.[0-9]+.[0-9]+'
|
||||
- '[0-9]+.[0-9]+.[0-9]+-*'
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: release-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
RUST_BACKTRACE: "1"
|
||||
BINARY_NAME: telemt
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build ${{ matrix.target }}
|
||||
prepare:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
outputs:
|
||||
version: ${{ steps.meta.outputs.version }}
|
||||
prerelease: ${{ steps.meta.outputs.prerelease }}
|
||||
release_enabled: ${{ steps.meta.outputs.release_enabled }}
|
||||
steps:
|
||||
- id: meta
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
|
||||
VERSION="${GITHUB_REF#refs/tags/}"
|
||||
RELEASE_ENABLED=true
|
||||
else
|
||||
VERSION="manual-${GITHUB_SHA::7}"
|
||||
RELEASE_ENABLED=false
|
||||
fi
|
||||
|
||||
if [[ "$VERSION" == *"-alpha"* || "$VERSION" == *"-beta"* || "$VERSION" == *"-rc"* ]]; then
|
||||
PRERELEASE=true
|
||||
else
|
||||
PRERELEASE=false
|
||||
fi
|
||||
|
||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
||||
echo "prerelease=$PRERELEASE" >> "$GITHUB_OUTPUT"
|
||||
echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT"
|
||||
|
||||
checks:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: debian:trixie
|
||||
steps:
|
||||
- run: |
|
||||
apt-get update
|
||||
apt-get install -y build-essential clang llvm pkg-config curl git
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
components: rustfmt, clippy
|
||||
|
||||
- uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
/github/home/.cargo/registry
|
||||
/github/home/.cargo/git
|
||||
target
|
||||
key: checks-${{ hashFiles('**/Cargo.lock') }}
|
||||
|
||||
- run: cargo fetch --locked
|
||||
- run: cargo fmt --all -- --check
|
||||
- run: cargo clippy
|
||||
- run: cargo test
|
||||
|
||||
build-binaries:
|
||||
needs: [prepare, checks]
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: debian:trixie
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- target: x86_64-unknown-linux-gnu
|
||||
artifact_name: telemt
|
||||
- rust_target: x86_64-unknown-linux-gnu
|
||||
zig_target: x86_64-unknown-linux-gnu.2.28
|
||||
asset_name: telemt-x86_64-linux-gnu
|
||||
- target: aarch64-unknown-linux-gnu
|
||||
artifact_name: telemt
|
||||
- rust_target: aarch64-unknown-linux-gnu
|
||||
zig_target: aarch64-unknown-linux-gnu.2.28
|
||||
asset_name: telemt-aarch64-linux-gnu
|
||||
- target: x86_64-unknown-linux-musl
|
||||
artifact_name: telemt
|
||||
- rust_target: x86_64-unknown-linux-musl
|
||||
zig_target: x86_64-unknown-linux-musl
|
||||
asset_name: telemt-x86_64-linux-musl
|
||||
- target: aarch64-unknown-linux-musl
|
||||
artifact_name: telemt
|
||||
- rust_target: aarch64-unknown-linux-musl
|
||||
zig_target: aarch64-unknown-linux-musl
|
||||
asset_name: telemt-aarch64-linux-musl
|
||||
|
||||
steps:
|
||||
- run: |
|
||||
apt-get update
|
||||
apt-get install -y clang llvm pkg-config curl git python3 python3-pip file tar xz-utils
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: dtolnay/rust-toolchain@v1
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: stable
|
||||
targets: ${{ matrix.target }}
|
||||
|
||||
- name: Install cross-compilation tools
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y gcc-aarch64-linux-gnu
|
||||
targets: ${{ matrix.rust_target }}
|
||||
|
||||
- uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/registry
|
||||
~/.cargo/git
|
||||
/github/home/.cargo/registry
|
||||
/github/home/.cargo/git
|
||||
target
|
||||
key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-${{ matrix.target }}-cargo-
|
||||
key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }}
|
||||
|
||||
- name: Install cross
|
||||
run: cargo install cross --git https://github.com/cross-rs/cross
|
||||
- run: |
|
||||
python3 -m pip install --user --break-system-packages cargo-zigbuild
|
||||
echo "/github/home/.local/bin" >> "$GITHUB_PATH"
|
||||
|
||||
- name: Build Release
|
||||
env:
|
||||
RUSTFLAGS: ${{ contains(matrix.target, 'musl') && '-C target-feature=+crt-static' || '' }}
|
||||
run: cross build --release --target ${{ matrix.target }}
|
||||
- run: cargo fetch --locked
|
||||
|
||||
- name: Package binary
|
||||
run: |
|
||||
cd target/${{ matrix.target }}/release
|
||||
tar -czvf ${{ matrix.asset_name }}.tar.gz ${{ matrix.artifact_name }}
|
||||
sha256sum ${{ matrix.asset_name }}.tar.gz > ${{ matrix.asset_name }}.sha256
|
||||
- run: |
|
||||
cargo zigbuild --release --locked --target "${{ matrix.zig_target }}"
|
||||
|
||||
- run: |
|
||||
BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
|
||||
llvm-strip "$BIN" || true
|
||||
|
||||
- run: |
|
||||
BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
|
||||
OUT="$RUNNER_TEMP/${{ matrix.asset_name }}"
|
||||
mkdir -p "$OUT"
|
||||
install -m755 "$BIN" "$OUT/${BINARY_NAME}"
|
||||
|
||||
tar -C "$RUNNER_TEMP" -czf "${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
|
||||
sha256sum "${{ matrix.asset_name }}.tar.gz" > "${{ matrix.asset_name }}.sha256"
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.asset_name }}
|
||||
path: |
|
||||
target/${{ matrix.target }}/release/${{ matrix.asset_name }}.tar.gz
|
||||
target/${{ matrix.target }}/release/${{ matrix.asset_name }}.sha256
|
||||
${{ matrix.asset_name }}.tar.gz
|
||||
${{ matrix.asset_name }}.sha256
|
||||
|
||||
build-docker-image:
|
||||
needs: build
|
||||
docker-image:
|
||||
name: Docker ${{ matrix.platform }}
|
||||
needs: [prepare, build-binaries]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- platform: linux/amd64
|
||||
artifact: telemt-x86_64-linux-gnu
|
||||
- platform: linux/arm64
|
||||
artifact: telemt-aarch64-linux-gnu
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: docker/setup-qemu-action@v3
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.artifact }}
|
||||
path: dist
|
||||
|
||||
- run: |
|
||||
mkdir docker-build
|
||||
tar -xzf dist/*.tar.gz -C docker-build --strip-components=1
|
||||
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Login to GHCR
|
||||
- name: Login
|
||||
if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Extract version
|
||||
id: vars
|
||||
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
- uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
|
||||
ghcr.io/${{ github.repository }}:latest
|
||||
context: ./docker-build
|
||||
platforms: ${{ matrix.platform }}
|
||||
push: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
tags: ghcr.io/${{ github.repository }}:${{ needs.prepare.outputs.version }}
|
||||
cache-from: type=gha,scope=telemt-${{ matrix.platform }}
|
||||
cache-to: type=gha,mode=max,scope=telemt-${{ matrix.platform }}
|
||||
provenance: false
|
||||
sbom: false
|
||||
|
||||
release:
|
||||
name: Create Release
|
||||
needs: build
|
||||
if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
needs: [prepare, build-binaries]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
path: artifacts
|
||||
path: release-artifacts
|
||||
pattern: telemt-*
|
||||
|
||||
- name: Create Release
|
||||
uses: softprops/action-gh-release@v2
|
||||
- run: |
|
||||
mkdir upload
|
||||
find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
|
||||
|
||||
- uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
files: artifacts/**/*
|
||||
files: upload/*
|
||||
generate_release_notes: true
|
||||
draft: false
|
||||
prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}
|
||||
prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }}
|
||||
|
|
|
|||
|
|
@ -1060,6 +1060,8 @@ Link generation uses active config and enabled modes:
|
|||
| `PATCH /v1/users/{username}` | Partial update of provided fields only. Missing fields remain unchanged. Current implementation persists full config document on success. |
|
||||
| `POST /v1/users/{username}/rotate-secret` | Currently returns `404` in runtime route matcher; request schema is reserved for intended behavior. |
|
||||
| `DELETE /v1/users/{username}` | Deletes only specified user, removes this user from related optional `access.user_*` maps, blocks last-user deletion, and atomically updates only related `access.*` TOML tables. |
|
||||
| `POST /v1/users/{username}/reset-octets` | Resets the per-user octet counters (`octets_from_client` and `octets_to_client`) to zero. Returns `{ "username": "...", "octets_reset": true }`. Useful for implementing periodic (monthly/daily) quota resets without restarting the proxy. |
|
||||
| `POST /v1/users/reset-octets` | Resets octet counters for **all** tracked users. Returns `{ "users_reset": N }`. |
|
||||
|
||||
All mutating endpoints:
|
||||
- Respect `read_only` mode.
|
||||
|
|
|
|||
|
|
@ -372,6 +372,19 @@ async fn handle(
|
|||
.await;
|
||||
Ok(success_response(StatusCode::OK, users, revision))
|
||||
}
|
||||
("POST", "/v1/users/reset-octets") => {
|
||||
let count = shared.stats.reset_all_user_octets();
|
||||
shared.runtime_events.record(
|
||||
"api.users.reset_octets.ok",
|
||||
format!("users_reset={}", count),
|
||||
);
|
||||
let revision = current_revision(&shared.config_path).await?;
|
||||
Ok(success_response(
|
||||
StatusCode::OK,
|
||||
model::ResetAllOctetsResponse { users_reset: count },
|
||||
revision,
|
||||
))
|
||||
}
|
||||
("POST", "/v1/users") => {
|
||||
if api_cfg.read_only {
|
||||
return Ok(error_response(
|
||||
|
|
@ -523,6 +536,37 @@ async fn handle(
|
|||
);
|
||||
return Ok(success_response(StatusCode::OK, data, revision));
|
||||
}
|
||||
// POST /v1/users/{username}/reset-octets
|
||||
if method == Method::POST
|
||||
&& let Some(base_user) = user.strip_suffix("/reset-octets")
|
||||
&& !base_user.is_empty()
|
||||
&& !base_user.contains('/')
|
||||
{
|
||||
let found = shared.stats.reset_user_octets(base_user);
|
||||
shared.runtime_events.record(
|
||||
if found { "api.user.reset_octets.ok" } else { "api.user.reset_octets.not_found" },
|
||||
format!("username={}", base_user),
|
||||
);
|
||||
if !found {
|
||||
return Ok(error_response(
|
||||
request_id,
|
||||
ApiFailure::new(
|
||||
StatusCode::NOT_FOUND,
|
||||
"user_not_found",
|
||||
&format!("No stats entry for user '{}'", base_user),
|
||||
),
|
||||
));
|
||||
}
|
||||
let revision = current_revision(&shared.config_path).await?;
|
||||
return Ok(success_response(
|
||||
StatusCode::OK,
|
||||
model::ResetOctetsResponse {
|
||||
username: base_user.to_string(),
|
||||
octets_reset: true,
|
||||
},
|
||||
revision,
|
||||
));
|
||||
}
|
||||
if method == Method::POST {
|
||||
return Ok(error_response(
|
||||
request_id,
|
||||
|
|
|
|||
|
|
@ -459,6 +459,17 @@ pub(super) struct CreateUserRequest {
|
|||
pub(super) max_unique_ips: Option<usize>,
|
||||
}
|
||||
|
||||
#[derive(Serialize)]
|
||||
pub(super) struct ResetOctetsResponse {
|
||||
pub(super) username: String,
|
||||
pub(super) octets_reset: bool,
|
||||
}
|
||||
|
||||
#[derive(Serialize)]
|
||||
pub(super) struct ResetAllOctetsResponse {
|
||||
pub(super) users_reset: usize,
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
pub(super) struct PatchUserRequest {
|
||||
pub(super) secret: Option<String>,
|
||||
|
|
|
|||
|
|
@ -1745,6 +1745,29 @@ impl Stats {
|
|||
.unwrap_or(0)
|
||||
}
|
||||
|
||||
|
||||
/// Reset per-user octet counters to zero (both from_client and to_client).
|
||||
/// Used by the API to implement periodic quota resets without restarting the proxy.
|
||||
pub fn reset_user_octets(&self, user: &str) -> bool {
|
||||
if let Some(entry) = self.user_stats.get(user) {
|
||||
entry.octets_from_client.store(0, Ordering::Relaxed);
|
||||
entry.octets_to_client.store(0, Ordering::Relaxed);
|
||||
true
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
/// Reset octet counters for all tracked users.
|
||||
pub fn reset_all_user_octets(&self) -> usize {
|
||||
let mut count = 0;
|
||||
for entry in self.user_stats.iter() {
|
||||
entry.octets_from_client.store(0, Ordering::Relaxed);
|
||||
entry.octets_to_client.store(0, Ordering::Relaxed);
|
||||
count += 1;
|
||||
}
|
||||
count
|
||||
}
|
||||
pub fn get_handshake_timeouts(&self) -> u64 { self.handshake_timeouts.load(Ordering::Relaxed) }
|
||||
pub fn get_upstream_connect_attempt_total(&self) -> u64 {
|
||||
self.upstream_connect_attempt_total.load(Ordering::Relaxed)
|
||||
|
|
|
|||
Loading…
Reference in New Issue