#!/usr/bin/env bash
source "$(dirname "${BASH_SOURCE[0]}")/lib-core.sh"
check_root
load_env
ensure_dirs
CMD="${1:-help}"
CLIENT_ARG="${2:-}"
EXTRA_ARG="${3:-}"
resolve_client() {
local name="$1"
local id=$(echo "$name" | tr ' ' '-' | tr '[:upper:]' '[:lower:]')
if [[ -d "$CLIENTS_DIR/$id" ]]; then
echo "$id"
return 0
fi
return 1
}
action_add() {
local name="$CLIENT_ARG"
local manual_ip="$EXTRA_ARG"
if [[ -z "$name" ]]; then die "Использование: $0 add <client_name> [ip]"; fi
local id=$(echo "$name" | tr ' ' '-' | tr '[:upper:]' '[:lower:]')
local dir="$CLIENTS_DIR/$id"
if [[ -d "$dir" ]]; then die "Клиент $id уже существует."; fi
if [[ -z "$SERVER_WG_PUBLIC_KEY" ]]; then
die "Публичный ключ сервера не найден в server.env. Запустите установку."
fi
local server_pub="$SERVER_WG_PUBLIC_KEY"
local server_ip_v4="${SERVER_PUBLIC_IP_V4:-}"
local server_ip_v6="${SERVER_PUBLIC_IP_V6:-}"
local client_ip_v4="$manual_ip"
local ipv4_prefix_main=$(echo "${SERVER_WG_IPV4_NETWORK:-10.25.0.0/16}" | cut -d'/' -f1 | cut -d'.' -f1-2)
local ipv6_prefix_main=$(echo "${SERVER_WG_IPV6_NETWORK:-fd00:10:25::/48}" | cut -d'/' -f1 | sed 's/::.*//')
if [[ -z "$client_ip_v4" ]]; then
log_info "Поиск свободного IP..."
declare -A used_ips
for d in "$CLIENTS_DIR"/*; do
if [[ -d "$d" ]] && [[ -f "$d/metadata.json" ]]; then
local ip=$(jq -r '.tunnel_ip_v4 // empty' "$d/metadata.json" 2>/dev/null)
[[ -n "$ip" ]] && used_ips["$ip"]=1
fi
done
used_ips["${ipv4_prefix_main}.0.1"]=1
local found=false
for oct3 in {0..255}; do
local start_oct4=2
for oct4 in $(seq $start_oct4 254); do
local candidate="${ipv4_prefix_main}.${oct3}.${oct4}"
if [[ -z "${used_ips[$candidate]:-}" ]]; then
client_ip_v4="$candidate"
found=true
break 2
fi
done
done
[[ "$found" == "false" ]] && die "Нет свободных IP в подсети."
fi
local oct3=$(echo "$client_ip_v4" | cut -d. -f3)
local oct4=$(echo "$client_ip_v4" | cut -d. -f4)
local hex_part=$(printf "%x:%x" "$oct3" "$oct4")
local client_ip_v6=""
[[ -n "$server_ip_v6" ]] && client_ip_v6="${ipv6_prefix_main}::${hex_part}"
log_info "Назначен IP: $client_ip_v4 $([[ -n $client_ip_v6 ]] && echo "/ $client_ip_v6")"
mkdir -p "$dir"
umask 077
wg genkey > "$dir/client_private.key"
wg pubkey < "$dir/client_private.key" > "$dir/client_public.key"
local priv_key=$(cat "$dir/client_private.key")
local pub_key=$(cat "$dir/client_public.key")
local allowed_ips="0.0.0.0/0"
local addr_str="$client_ip_v4/32"
if [[ -n "$client_ip_v6" ]]; then
allowed_ips="0.0.0.0/0, ::/0"
addr_str="$client_ip_v4/32, $client_ip_v6/128"
fi
cat > "$dir/${id}.conf" <<EOF
[Interface]
PrivateKey = $priv_key
Address = $addr_str
DNS = 1.1.1.1, 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $server_pub
Endpoint = 127.0.0.1:${CLIENT_WG_PORT:-13255}
AllowedIPs = $allowed_ips
PersistentKeepalive = 25
EOF
chmod 600 "$dir/${id}.conf"
cat > "$dir/wg-obfuscator.conf" <<EOF
[instance]
source-if = 127.0.0.1
source-lport = ${CLIENT_WG_PORT:-13255}
target = $SERVER_PUBLIC_IP_V4:${OBFUSCATOR_PORT:-51821}
key = ${OBFUSCATOR_KEY:-KEY}
masking = ${OBFUSCATOR_MASKING:-AUTO}
verbose = INFO
idle-timeout = ${OBFUSCATOR_IDLE:-300}
max-dummy = ${OBFUSCATOR_DUMMY:-4}
EOF
chmod 600 "$dir/wg-obfuscator.conf"
cat > "$dir/metadata.json" <<EOF
{
"client_id": "$id",
"client_name": "$name",
"tunnel_ip_v4": "$client_ip_v4",
"tunnel_ip_v6": "$client_ip_v6",
"public_key": "$pub_key",
"created_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"obfuscator_key": "${OBFUSCATOR_KEY:-}",
"obfuscator_dummy": "${OBFUSCATOR_DUMMY:-4}",
"obfuscator_idle": "${OBFUSCATOR_IDLE:-300}",
"server_ip_v4": "$SERVER_PUBLIC_IP_V4",
"server_port": "${OBFUSCATOR_PORT:-}"
}
EOF
chmod 600 "$dir/metadata.json"
local peer_ips="$client_ip_v4/32"
[[ -n "$client_ip_v6" ]] && peer_ips="$peer_ips, $client_ip_v6/128"
cat >> "$WG_CONFIG" <<EOF
[Peer]
PublicKey = $pub_key
AllowedIPs = $peer_ips
EOF
wg syncconf wg0 <(wg-quick strip wg0 2>/dev/null) 2>/dev/null
log_success "Клиент $name создан."
CLIENT_ARG="$id"
action_package
action_link
}
action_remove() {
local id=$(resolve_client "$CLIENT_ARG")
if [[ -z "$id" ]]; then die "Клиент не найден."; fi
local dir="$CLIENTS_DIR/$id"
log_info "Удаление клиента $id..."
if [[ -f "$dir/client_public.key" ]]; then
local pub=$(cat "$dir/client_public.key")
if grep -qF "$pub" "$WG_CONFIG"; then
awk -v key="$pub" '
BEGIN {RS=""; ORS="\n\n"}
index($0, key) == 0 {print $0}
' "$WG_CONFIG" > "$WG_CONFIG.tmp" && mv "$WG_CONFIG.tmp" "$WG_CONFIG"
sed -i '/^$/N;/^\n$/D' "$WG_CONFIG"
wg syncconf wg0 <(wg-quick strip wg0 2>/dev/null) 2>/dev/null
log_success "Peer удален из конфигурации."
fi
fi
rm -rf "$dir"
rm -f "$PACKAGES_DIR/phobos-$id.tar.gz"
if [[ -f "$TOKENS_FILE" ]] && command -v jq >/dev/null; then
local tokens=$(jq -r ".[] | select(.client == \"$id\") | .token" "$TOKENS_FILE")
for t in $tokens; do
rm -f "$WWW_DIR/init/$t.sh"
rm -rf "$WWW_DIR/packages/$t"
done
jq "map(select(.client != \"$id\"))" "$TOKENS_FILE" > "$TOKENS_FILE.tmp" && mv "$TOKENS_FILE.tmp" "$TOKENS_FILE"
fi
log_success "Клиент $id полностью удален."
}
action_package() {
local id=$(resolve_client "$CLIENT_ARG")
if [[ -z "$id" ]]; then die "Клиент не найден."; fi
log_info "Сборка пакета для $id..."
local dir="$CLIENTS_DIR/$id"
local tmp=$(mktemp -d)
local pkg_root="$tmp/phobos-$id"
mkdir -p "$pkg_root/bin"
cp "$dir/${id}.conf" "$pkg_root/${id}.conf"
cp "$dir/wg-obfuscator.conf" "$pkg_root/wg-obfuscator.conf"
for arch in mipsel mips aarch64 armv7 x86_64; do
[[ -f "$PHOBOS_DIR/bin/wg-obfuscator-$arch" ]] && cp "$PHOBOS_DIR/bin/wg-obfuscator-$arch" "$pkg_root/bin/"
done
local tpl_dir="$REPO_DIR/client/templates"
if [[ -d "$tpl_dir" ]]; then
cp "$tpl_dir/install-router.sh.template" "$pkg_root/install-router.sh"
sed -i "s|{{CLIENT_NAME}}|${id}|g" "$pkg_root/install-router.sh"
chmod +x "$pkg_root/install-router.sh"
[[ -f "$tpl_dir/lib-client.sh" ]] && cp "$tpl_dir/lib-client.sh" "$pkg_root/lib-client.sh"
[[ -f "$tpl_dir/install-obfuscator.sh" ]] && cp "$tpl_dir/install-obfuscator.sh" "$pkg_root/install-obfuscator.sh"
[[ -f "$tpl_dir/install-wireguard.sh" ]] && cp "$tpl_dir/install-wireguard.sh" "$pkg_root/install-wireguard.sh"
for f in router-configure-wireguard router-configure-wireguard-openwrt phobos-uninstall 3xui; do
[[ -f "$tpl_dir/$f.sh" ]] && cp "$tpl_dir/$f.sh" "$pkg_root/$f.sh" && chmod +x "$pkg_root/$f.sh"
done
else
log_warn "Шаблоны не найдены в $tpl_dir"
fi
echo "Phobos Client Package for $id" > "$pkg_root/README.txt"
echo "Date: $(date)" >> "$pkg_root/README.txt"
find "$pkg_root" -type f ! -path "*/bin/*" -exec sed -i 's/\r$//' {} \;
tar -C "$tmp" -czf "$PACKAGES_DIR/phobos-$id.tar.gz" "phobos-$id"
rm -rf "$tmp"
log_success "Пакет создан: $PACKAGES_DIR/phobos-$id.tar.gz"
}
action_check() {
local id=$(resolve_client "$CLIENT_ARG")
if [[ -z "$id" ]]; then die "Клиент не найден."; fi
local dir="$CLIENTS_DIR/$id"
local changes=()
if [[ ! -f "$dir/metadata.json" ]]; then
echo "metadata_missing"
return 1
fi
local client_server_ip=$(jq -r '.server_ip_v4 // ""' "$dir/metadata.json")
local client_obf_key=$(jq -r '.obfuscator_key // ""' "$dir/metadata.json")
local client_obf_port=$(jq -r '.server_port // ""' "$dir/metadata.json")
local client_obf_dummy=$(jq -r '.obfuscator_dummy // "4"' "$dir/metadata.json")
local client_obf_idle=$(jq -r '.obfuscator_idle // "300"' "$dir/metadata.json")
local client_wg_pubkey=""
if [[ -f "$dir/${id}.conf" ]]; then
client_wg_pubkey=$(grep "^PublicKey" "$dir/${id}.conf" | cut -d'=' -f2- | tr -d ' ')
fi
[[ "$client_server_ip" != "$SERVER_PUBLIC_IP_V4" ]] && changes+=("IP сервера: $client_server_ip -> $SERVER_PUBLIC_IP_V4")
[[ "$client_obf_key" != "$OBFUSCATOR_KEY" ]] && changes+=("Ключ обфускатора: изменен")
[[ "$client_obf_port" != "$OBFUSCATOR_PORT" ]] && changes+=("Порт обфускатора: $client_obf_port -> $OBFUSCATOR_PORT")
[[ "$client_obf_dummy" != "$OBFUSCATOR_DUMMY" ]] && changes+=("Max dummy: изменен")
[[ "$client_obf_idle" != "$OBFUSCATOR_IDLE" ]] && changes+=("Idle таймаут: изменен")
[[ -n "$client_wg_pubkey" && "$client_wg_pubkey" != "$SERVER_WG_PUBLIC_KEY" ]] && changes+=("Публичный ключ WG: изменен")
if [[ ${#changes[@]} -gt 0 ]]; then
echo "ИЗМЕНЕНИЯ КОНФИГУРАЦИИ:"
for c in "${changes[@]}"; do
echo " - $c"
done
return 1
fi
return 0
}
action_link() {
local id=$(resolve_client "$CLIENT_ARG")
if [[ -z "$id" ]]; then die "Клиент не найден."; fi
local ttl="${EXTRA_ARG:-$TOKEN_TTL}"
if ! command -v jq >/dev/null; then die "jq не установлен. Установите: apt-get install jq"; fi
local token=$(head -c 16 /dev/urandom | md5sum | cut -d' ' -f1)
local exp=$(($(date +%s) + ttl))
if [[ ! -f "$TOKENS_FILE" ]]; then
echo "[]" > "$TOKENS_FILE"
fi
local clean_json=$(jq "map(select(.client != \"$id\"))" "$TOKENS_FILE")
echo "$clean_json" | jq ". + [{\"client\": \"$id\", \"token\": \"$token\", \"expires\": $exp}]" > "$TOKENS_FILE.tmp" && mv "$TOKENS_FILE.tmp" "$TOKENS_FILE"
local link_dir="$WWW_DIR/packages/$token"
rm -rf "$link_dir"
mkdir -p "$link_dir"
ln -s "$PACKAGES_DIR/phobos-$id.tar.gz" "$link_dir/phobos-$id.tar.gz"
mkdir -p "$WWW_DIR/init"
local script_url="http://${SERVER_PUBLIC_IP_V4}:${HTTP_PORT:-80}/packages/$token/phobos-$id.tar.gz"
cat > "$WWW_DIR/init/$token.sh" <<EOF
#!/bin/sh
url="$script_url"
dir="/tmp/phobos_install_\$\$"
mkdir -p "\$dir"
echo "Downloading..."
if command -v curl >/dev/null; then
curl -L -s -o "\$dir/package.tar.gz" "\$url"
else
wget -q -O "\$dir/package.tar.gz" "\$url"
fi
if [ ! -f "\$dir/package.tar.gz" ]; then echo "Download failed"; exit 1; fi
cd "\$dir"
tar xzf package.tar.gz
cd "phobos-$id"
chmod +x install-router.sh
./install-router.sh
EOF
local cmd="curl -s http://${SERVER_PUBLIC_IP_V4}:${HTTP_PORT:-80}/init/$token.sh | sh"
echo ""
echo "=================================================="
echo "КОМАНДА ДЛЯ УСТАНОВКИ (Действительна $(($ttl / 3600))ч)"
echo "=================================================="
echo "$cmd"
echo "=================================================="
echo ""
}
action_list() {
printf "% -20s % -20s % -20s\n" "CLIENT ID" "IPv4" "CREATED"
echo "------------------------------------------------------------"
for d in "$CLIENTS_DIR"/*; do
if [[ -d "$d" ]]; then
local id=$(basename "$d")
local ip="N/A"
local date="N/A"
if [[ -f "$d/metadata.json" ]]; then
ip=$(jq -r '.tunnel_ip_v4 // "N/A"' "$d/metadata.json")
date=$(jq -r '.created_at // "N/A"' "$d/metadata.json" | cut -d'T' -f1)
fi
printf "% -20s % -20s % -20s\n" "$id" "$ip" "$date"
fi
done
}
case "$CMD" in
add) action_add ;;
remove) action_remove ;;
package) action_package ;;
link) action_link ;;
check) action_check ;;
list) action_list ;;
rebuild)
action_remove
action_add
;;
*)
echo "Usage: $0 {add|remove|list|package|link|check|rebuild}"
exit 1
;;
esac