初步实现HTTP3

2025-12-29 09:16:36 +08:00 · 2023-06-01 17:46:10 +08:00
parent 9d2ecf6822
commit b7768ea0c0
11 changed files with 183 additions and 28 deletions
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -996,7 +996,7 @@ func (this *NodeClusterDAO) FindClusterBasicInfo(tx *dbs.Tx, clusterId int64, ca
 	cluster, err := this.Query(tx).
 		Pk(clusterId).
 		State(NodeClusterStateEnabled).
-		Result("id", "name", "timeZone", "nodeMaxThreads", "cachePolicyId", "httpFirewallPolicyId", "autoOpenPorts", "webp", "uam", "cc", "httpPages", "isOn", "ddosProtection", "clock", "globalServerConfig", "autoInstallNftables").
+		Result("id", "name", "timeZone", "nodeMaxThreads", "cachePolicyId", "httpFirewallPolicyId", "autoOpenPorts", "webp", "uam", "cc", "httpPages", "http3", "isOn", "ddosProtection", "clock", "globalServerConfig", "autoInstallNftables").
 		Find()
 	if err != nil || cluster == nil {
 		return nil, err
@@ -1184,6 +1184,65 @@ func (this *NodeClusterDAO) FindClusterHTTPCCPolicy(tx *dbs.Tx, clusterId int64,
 	return policy, nil
 }

+// UpdateClusterHTTP3Policy 修改HTTP3策略设置
+func (this *NodeClusterDAO) UpdateClusterHTTP3Policy(tx *dbs.Tx, clusterId int64, http3Policy *nodeconfigs.HTTP3Policy) error {
+	if http3Policy == nil {
+		err := this.Query(tx).
+			Pk(clusterId).
+			Set("http3", dbs.SQL("null")).
+			UpdateQuickly()
+		if err != nil {
+			return err
+		}
+
+		return this.NotifyHTTP3Update(tx, clusterId)
+	}
+
+	http3PolicyJSON, err := json.Marshal(http3Policy)
+	if err != nil {
+		return err
+	}
+	err = this.Query(tx).
+		Pk(clusterId).
+		Set("http3", http3PolicyJSON).
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyHTTP3Update(tx, clusterId)
+}
+
+// FindClusterHTTP3Policy 查询HTTP3策略设置
+func (this *NodeClusterDAO) FindClusterHTTP3Policy(tx *dbs.Tx, clusterId int64, cacheMap *utils.CacheMap) (*nodeconfigs.HTTP3Policy, error) {
+	var cacheKey = this.Table + ":FindClusterHTTP3Policy:" + types.String(clusterId)
+	if cacheMap != nil {
+		cache, ok := cacheMap.Get(cacheKey)
+		if ok {
+			return cache.(*nodeconfigs.HTTP3Policy), nil
+		}
+	}
+
+	http3PolicyJSON, err := this.Query(tx).
+		Pk(clusterId).
+		Result("http3").
+		FindJSONCol()
+	if err != nil {
+		return nil, err
+	}
+
+	if IsNull(http3PolicyJSON) {
+		return nodeconfigs.NewHTTP3Policy(), nil
+	}
+
+	var policy = nodeconfigs.NewHTTP3Policy()
+	err = json.Unmarshal(http3PolicyJSON, policy)
+	if err != nil {
+		return nil, err
+	}
+	return policy, nil
+}
+
 // UpdateClusterHTTPPagesPolicy 修改自定义页面设置
 func (this *NodeClusterDAO) UpdateClusterHTTPPagesPolicy(tx *dbs.Tx, clusterId int64, httpPagesPolicy *nodeconfigs.HTTPPagesPolicy) error {
 	if httpPagesPolicy == nil {
@@ -1362,6 +1421,11 @@ func (this *NodeClusterDAO) NotifyHTTPCCUpdate(tx *dbs.Tx, clusterId int64) erro
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeHTTPCCPolicyChanged)
 }

+// NotifyHTTP3Update 通知HTTP3更新
+func (this *NodeClusterDAO) NotifyHTTP3Update(tx *dbs.Tx, clusterId int64) error {
+	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeHTTP3PolicyChanged)
+}
+
 // NotifyHTTPPagesPolicyUpdate 通知HTTP Pages更新
 func (this *NodeClusterDAO) NotifyHTTPPagesPolicyUpdate(tx *dbs.Tx, clusterId int64) error {
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, NodeTaskTypeHTTPPagesPolicyChanged)
--- a/internal/db/models/node_cluster_model.go
+++ b/internal/db/models/node_cluster_model.go
@@ -43,6 +43,7 @@ type NodeCluster struct {
 	IsAD                 bool     `field:"isAD"`                 // 是否为高防集群
 	HttpPages            dbs.JSON `field:"httpPages"`            // 自定义页面设置
 	Cc                   dbs.JSON `field:"cc"`                   // CC设置
+	Http3                dbs.JSON `field:"http3"`                // HTTP3设置
 }

 type NodeClusterOperator struct {
@@ -85,6 +86,7 @@ type NodeClusterOperator struct {
 	IsAD                 any // 是否为高防集群
 	HttpPages            any // 自定义页面设置
 	Cc                   any // CC设置
+	Http3                any // HTTP3设置
 }

 func NewNodeClusterOperator() *NodeClusterOperator {
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -1086,6 +1086,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 	config.WebPImagePolicies = map[int64]*nodeconfigs.WebPImagePolicy{}
 	config.UAMPolicies = map[int64]*nodeconfigs.UAMPolicy{}
 	config.HTTPCCPolicies = map[int64]*nodeconfigs.HTTPCCPolicy{}
+	config.HTTP3Policies = map[int64]*nodeconfigs.HTTP3Policy{}
 	config.HTTPPagesPolicies = map[int64]*nodeconfigs.HTTPPagesPolicy{}
 	var allowIPMaps = map[string]bool{}
 	for _, clusterId := range clusterIds {
@@ -1189,7 +1190,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 			}

 			// 集成默认设置
-			for i := 0; i < len(serverconfigs.DefaultHTTPCCThresholds); i ++ {
+			for i := 0; i < len(serverconfigs.DefaultHTTPCCThresholds); i++ {
 				if i < len(ccPolicy.Thresholds) {
 					ccPolicy.Thresholds[i].MergeIfEmpty(serverconfigs.DefaultHTTPCCThresholds[i])
 				}
@@ -1198,6 +1199,16 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, dataMap *shared
 			config.HTTPCCPolicies[clusterId] = ccPolicy
 		}

+		// HTTP3 Policy
+		if IsNotNull(nodeCluster.Http3) {
+			var http3Policy = nodeconfigs.NewHTTP3Policy()
+			err = json.Unmarshal(nodeCluster.Http3, http3Policy)
+			if err != nil {
+				return nil, err
+			}
+			config.HTTP3Policies[clusterId] = http3Policy
+		}
+
 		// HTTP Pages Policy
 		if IsNotNull(nodeCluster.HttpPages) {
 			var httpPagesPolicy = nodeconfigs.NewHTTPPagesPolicy()
--- a/internal/db/models/node_task_dao.go
+++ b/internal/db/models/node_task_dao.go
@@ -27,6 +27,7 @@ const (
 	NodeTaskTypeUAMPolicyChanged          NodeTaskType = "uamPolicyChanged"          // UAM策略变化
 	NodeTaskTypeHTTPPagesPolicyChanged    NodeTaskType = "httpPagesPolicyChanged"    // 自定义页面变化
 	NodeTaskTypeHTTPCCPolicyChanged       NodeTaskType = "httpCCPolicyChanged"       // CC策略变化
+	NodeTaskTypeHTTP3PolicyChanged        NodeTaskType = "http3PolicyChanged"        // HTTP3策略变化
 	NodeTaskTypeUpdatingServers           NodeTaskType = "updatingServers"           // 更新一组服务

 	// NS相关
--- a/internal/db/models/ssl_policy_dao.go
+++ b/internal/db/models/ssl_policy_dao.go
@@ -100,7 +100,8 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, ignore
 	config.Id = int64(policy.Id)
 	config.IsOn = policy.IsOn
 	config.ClientAuthType = int(policy.ClientAuthType)
-	config.HTTP2Enabled = policy.Http2Enabled == 1
+	config.HTTP2Enabled = policy.Http2Enabled
+	config.HTTP3Enabled = policy.Http3Enabled
 	config.MinVersion = policy.MinVersion

 	// certs
@@ -200,7 +201,7 @@ func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(tx *dbs.Tx, certId i
 }

 // CreatePolicy 创建Policy
-func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
+func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64, http2Enabled bool, http3Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
 	var op = NewSSLPolicyOperator()
 	op.State = SSLPolicyStateEnabled
 	op.IsOn = true
@@ -208,6 +209,7 @@ func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64,
 	op.UserId = userId

 	op.Http2Enabled = http2Enabled
+	op.Http3Enabled = http3Enabled
 	op.MinVersion = minVersion

 	if len(certsJSON) > 0 {
@@ -240,7 +242,7 @@ func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64,
 }

 // UpdatePolicy 修改Policy
-func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
+func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled bool, http3Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -248,6 +250,7 @@ func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled
 	var op = NewSSLPolicyOperator()
 	op.Id = policyId
 	op.Http2Enabled = http2Enabled
+	op.Http3Enabled = http3Enabled
 	op.MinVersion = minVersion

 	if len(certsJSON) > 0 {
--- a/internal/db/models/ssl_policy_model.go
+++ b/internal/db/models/ssl_policy_model.go
@@ -7,7 +7,7 @@ type SSLPolicy struct {
 	Id               uint32   `field:"id"`               // ID
 	AdminId          uint32   `field:"adminId"`          // 管理员ID
 	UserId           uint32   `field:"userId"`           // 用户ID
-	IsOn             bool    `field:"isOn"`             // 是否启用
+	IsOn             bool     `field:"isOn"`             // 是否启用
 	Certs            dbs.JSON `field:"certs"`            // 证书列表
 	ClientCACerts    dbs.JSON `field:"clientCACerts"`    // 客户端证书
 	ClientAuthType   uint32   `field:"clientAuthType"`   // 客户端认证类型
@@ -15,28 +15,30 @@ type SSLPolicy struct {
 	CipherSuitesIsOn uint8    `field:"cipherSuitesIsOn"` // 是否自定义加密算法套件
 	CipherSuites     dbs.JSON `field:"cipherSuites"`     // 加密算法套件
 	Hsts             dbs.JSON `field:"hsts"`             // HSTS设置
-	Http2Enabled     uint8    `field:"http2Enabled"`     // 是否启用HTTP/2
+	Http2Enabled     bool     `field:"http2Enabled"`     // 是否启用HTTP/2
+	Http3Enabled     bool     `field:"http3Enabled"`     // 是否启用HTTP/3
 	OcspIsOn         uint8    `field:"ocspIsOn"`         // 是否启用OCSP
 	State            uint8    `field:"state"`            // 状态
 	CreatedAt        uint64   `field:"createdAt"`        // 创建时间
 }

 type SSLPolicyOperator struct {
-	Id               interface{} // ID
-	AdminId          interface{} // 管理员ID
-	UserId           interface{} // 用户ID
-	IsOn             interface{} // 是否启用
-	Certs            interface{} // 证书列表
-	ClientCACerts    interface{} // 客户端证书
-	ClientAuthType   interface{} // 客户端认证类型
-	MinVersion       interface{} // 支持的SSL最小版本
-	CipherSuitesIsOn interface{} // 是否自定义加密算法套件
-	CipherSuites     interface{} // 加密算法套件
-	Hsts             interface{} // HSTS设置
-	Http2Enabled     interface{} // 是否启用HTTP/2
-	OcspIsOn         interface{} // 是否启用OCSP
-	State            interface{} // 状态
-	CreatedAt        interface{} // 创建时间
+	Id               any // ID
+	AdminId          any // 管理员ID
+	UserId           any // 用户ID
+	IsOn             any // 是否启用
+	Certs            any // 证书列表
+	ClientCACerts    any // 客户端证书
+	ClientAuthType   any // 客户端认证类型
+	MinVersion       any // 支持的SSL最小版本
+	CipherSuitesIsOn any // 是否自定义加密算法套件
+	CipherSuites     any // 加密算法套件
+	Hsts             any // HSTS设置
+	Http2Enabled     any // 是否启用HTTP/2
+	Http3Enabled     any // 是否启用HTTP/3
+	OcspIsOn         any // 是否启用OCSP
+	State            any // 状态
+	CreatedAt        any // 创建时间
 }

 func NewSSLPolicyOperator() *SSLPolicyOperator {