diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d2df19e..6cc4dd7 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -14,21 +14,21 @@ defaults: shell: bash jobs: -# test: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Cargo cache -# uses: actions/cache@v2 -# with: -# path: | -# ~/.cargo/registry -# ./target -# key: test-cargo-registry -# - name: List -# run: find ./ -# - name: Run tests -# run: cargo test --verbose + # test: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - name: Cargo cache + # uses: actions/cache@v2 + # with: + # path: | + # ~/.cargo/registry + # ./target + # key: test-cargo-registry + # - name: List + # run: find ./ + # - name: Run tests + # run: cargo test --verbose build: strategy: @@ -38,46 +38,46 @@ jobs: include: - TARGET: i686-unknown-linux-musl # test in an alpine container on a mac OS: ubuntu-latest - FEATURES: normal + FEATURES: normal,web - TARGET: x86_64-unknown-linux-gnu # tested in a debian container on a mac OS: ubuntu-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: x86_64-unknown-linux-musl # test in an alpine container on a mac OS: ubuntu-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: aarch64-unknown-linux-gnu # tested on aws t4g.nano OS: ubuntu-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: aarch64-unknown-linux-musl # tested on aws t4g.nano in alpine container OS: ubuntu-latest - FEATURES: normal + FEATURES: normal,web - TARGET: armv7-unknown-linux-gnueabihf # raspberry pi 2-3-4, not tested OS: ubuntu-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: armv7-unknown-linux-musleabihf # raspberry pi 2-3-4, not tested OS: ubuntu-latest - FEATURES: normal + FEATURES: normal,web - TARGET: arm-unknown-linux-gnueabihf # raspberry pi 0-1, not tested OS: ubuntu-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: arm-unknown-linux-musleabihf # raspberry pi 0-1, not tested OS: ubuntu-latest - FEATURES: normal + FEATURES: normal,web - TARGET: x86_64-apple-darwin # tested on a mac, is not properly signed so there are security warnings OS: macos-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: aarch64-apple-darwin # tested on a mac, is not properly signed so there are security warnings OS: macos-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: i686-pc-windows-msvc # tested on a windows machine OS: windows-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: x86_64-pc-windows-msvc # tested on a windows machine OS: windows-latest - FEATURES: ring-cipher + FEATURES: ring-cipher,web - TARGET: mipsel-unknown-linux-musl # openwrt OS: ubuntu-latest - FEATURES: normal + FEATURES: normal,web - TARGET: mips-unknown-linux-musl # openwrt OS: ubuntu-latest FEATURES: normal diff --git a/Cargo.toml b/Cargo.toml index d97b272..c4b74bf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,17 +33,17 @@ async-trait = "0.1.71" tokio-util = { version = "0.7.8", features = ["full"] } socket2 = { version = "0.5.5", features = ["all"] } -actix-web = "4.5.1" -actix-files = "0.6.5" +actix-web = { version = "4.5.1", optional = true } +actix-files = { version = "0.6.5", optional = true } serde = { version = "1.0.193", features = ["derive"] } crossbeam-utils = "0.8.15" futures-util = "0.3.30" uuid = { version = "1.3.0", features = ["v4"] } [features] -default = ["aes-gcm"] +default = ["normal"] normal = ["aes-gcm"] ring-cipher = ["ring"] - +web = ["actix-web", "actix-files"] [build-dependencies] protobuf-codegen = "3.2.0" protoc-bin-vendored = "3.0.0" \ No newline at end of file diff --git a/README.md b/README.md index 1f6ad5b..4c9b450 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,41 @@ # vnts -[vnt](https://github.com/lbl8603/vnt)的服务端 + +[vnt](https://github.com/lbl8603/vnt)的服务端 查看参数 + ``` Options: - --port 指定端口 + --port 指定端口,默认29872 --white-token token白名单,例如 --white-token 1234 --white-token 123 --gateway 网关,例如 --gateway 10.10.0.1 --netmask 子网掩码,例如 --netmask 255.255.255.0 - -h, --help Print help + --finger 开启指纹校验,开启后只会转发指纹正确的客户端数据包,增强安全性,这会损失一部分性能 + --log-path log路径,默认为当前程序路径,为/dev/null时表示不输出log + --web-port web后台端口,默认29870,如果设置为0则表示不启动web后台 + --username web后台用户名,默认为admin + --password web后台用户密码,默认为admin + -h, --help Print help information + -V, --version Print version information ``` ## 说明 + 1. 修改服务端密钥后,客户端要重启才能正常链接(修改密钥后无法自动重连) -2. 服务端密钥用于加密客户端和服务端之间传输的数据(使用rsa+aes256gcm加密),可以防止token被中间人窃取,如果客户端显示的密钥指纹和服务端的不一致,则表示可能有中间人攻击 +2. 服务端密钥用于加密客户端和服务端之间传输的数据(使用rsa+aes256gcm加密) + ,可以防止token被中间人窃取,如果客户端显示的密钥指纹和服务端的不一致,则表示可能有中间人攻击 3. 服务端密钥在'./key/'目录下,可以替换成自定义的密钥对 4. 客户端的密码用于加密客户端之间传输的数据 -5. 默认情况服务日志输出在 './log/'下,可通过编写'./log/log4rs.yaml'文件自定义日志配置,参考[log4rs](https://github.com/estk/log4rs) +5. 默认情况服务日志输出在 './log/'下,可通过编写' + ./log/log4rs.yaml'文件自定义日志配置,参考[log4rs](https://github.com/estk/log4rs) + +## 编译 + +前提条件:安装rust编译环境([install rust](https://www.rust-lang.org/zh-CN/tools/install)) + +``` +到项目根目录下执行 cargo build + +web是可选模块,如需编译则使用 cargo build --features web + +``` diff --git a/src/core/server/mod.rs b/src/core/server/mod.rs index 672291e..d78e06b 100644 --- a/src/core/server/mod.rs +++ b/src/core/server/mod.rs @@ -10,12 +10,13 @@ use crate::ConfigInfo; mod tcp; mod udp; -pub mod web; +#[cfg(feature = "web")] +mod web; pub async fn start( udp: std::net::UdpSocket, tcp: std::net::TcpListener, - http: Option, + #[cfg(feature = "web")] http: Option, config: ConfigInfo, rsa_cipher: Option, ) -> io::Result<()> { @@ -29,6 +30,7 @@ pub async fn start( ); tcp::start(TcpListener::from_std(tcp)?, handler.clone()).await; udp::start(udp, handler.clone()).await; + #[cfg(feature = "web")] if let Some(http) = http { if let Err(e) = web::start(http, cache, config, rsa_cipher).await { log::error!("{:?}", e); diff --git a/src/main.rs b/src/main.rs index 31f5769..77f4a57 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,10 +5,11 @@ use std::io::Write; use std::net::Ipv4Addr; use std::path::PathBuf; -use crate::cipher::RsaCipher; // use crate::service::{start_tcp, start_udp}; use clap::Parser; +use crate::cipher::RsaCipher; + mod cipher; mod core; mod error; @@ -42,12 +43,15 @@ pub struct StartArgs { /// log路径,默认为当前程序路径,为/dev/null时表示不输出log #[arg(long)] log_path: Option, + #[cfg(feature = "web")] ///web后台端口,默认29870,如果设置为0则表示不启动web后台 #[arg(long)] web_port: Option, + #[cfg(feature = "web")] /// web后台用户名,默认为admin #[arg(long)] username: Option, + #[cfg(feature = "web")] /// web后台用户密码,默认为admin #[arg(long)] password: Option, @@ -61,7 +65,9 @@ pub struct ConfigInfo { pub broadcast: Ipv4Addr, pub netmask: Ipv4Addr, pub check_finger: bool, + #[cfg(feature = "web")] pub username: String, + #[cfg(feature = "web")] pub password: String, } @@ -120,16 +126,21 @@ async fn main() { let args = StartArgs::parse(); log_init(args.log_path); let port = args.port.unwrap_or(29872); - let web_port = args.web_port.unwrap_or(29870); - println!("端口: {}", port); - if web_port != 0 { - println!("web端口: {}", web_port); - if web_port == port { - panic!("web-port == port"); + #[cfg(feature = "web")] + let web_port = { + let web_port = args.web_port.unwrap_or(29870); + println!("端口: {}", port); + if web_port != 0 { + println!("web端口: {}", web_port); + if web_port == port { + panic!("web-port == port"); + } + } else { + println!("不启用web后台") } - } else { - println!("不启用web后台") - } + web_port + }; + let white_token = if let Some(white_token) = args.white_token { Some(HashSet::from_iter(white_token.into_iter())) } else { @@ -208,7 +219,9 @@ async fn main() { broadcast, netmask, check_finger, + #[cfg(feature = "web")] username: args.username.unwrap_or_else(|| "admin".into()), + #[cfg(feature = "web")] password: args.password.unwrap_or_else(|| "admin".into()), }; let rsa = match RsaCipher::new() { @@ -228,6 +241,7 @@ async fn main() { let tcp = create_tcp(port).unwrap(); log::info!("监听tcp端口: {:?}", port); println!("监听tcp端口: {:?}", port); + #[cfg(feature = "web")] let http = if web_port != 0 { let http = create_tcp(web_port).unwrap(); log::info!("监听http端口: {:?}", web_port); @@ -237,7 +251,16 @@ async fn main() { None }; let config = config.clone(); - if let Err(e) = core::start(udp, tcp, http, config, rsa).await { + if let Err(e) = core::start( + udp, + tcp, + #[cfg(feature = "web")] + http, + config, + rsa, + ) + .await + { log::error!("{:?}", e) } }