v2.5.0: maintenance and bot user management

2026-05-19 16:46:03 +00:00 · 2026-04-24 18:50:43 +03:00
parent b10ea54ce9
commit 7afeb59261
21 changed files with 618 additions and 70 deletions
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
-# GoTelegram v2.4 — common utilities
+# GoTelegram v2.5.0 — common utilities
 # Colors, logging, spinner, system helpers, v1 compat, i18n-aware

 # ── Version ───────────────────────────────────────────────────────────────────
-GOTELEGRAM_VERSION="2.4.6"
+GOTELEGRAM_VERSION="2.5.0"
 GOTELEGRAM_NAME="GoTelegram"

 # ── Пути ──────────────────────────────────────────────────────────────────────
@@ -333,6 +333,7 @@ apt_pkg_for_cmd() {
        ss)        echo "iproute2" ;;
        netstat)   echo "net-tools" ;;
        flock)     echo "util-linux" ;;
+        iptables)  echo "iptables" ;;
        *)         echo "$1" ;;            # команда == имя пакета
    esac
 }
@@ -344,6 +345,7 @@ dnf_pkg_for_cmd() {
        ss)                echo "iproute" ;;
        netstat)           echo "net-tools" ;;
        flock)             echo "util-linux" ;;
+        iptables)          echo "iptables" ;;
        *)                 echo "$1" ;;
    esac
 }
@@ -355,7 +357,7 @@ ensure_deps() {
    # change-lite-domain из бота).
    local critical=(curl jq openssl git xxd tar dig flock)
    # Желательные — есть fallback, устанавливать всё равно, но не падать если не смогли
-    local optional=(qrencode bc)
+    local optional=(qrencode bc iptables)

    local missing_critical=() missing_optional=() cmd
    for cmd in "${critical[@]}"; do
@@ -463,6 +465,46 @@ check_port() {
    return 1  # свободен
 }

+detect_3xui() {
+    if systemctl list-unit-files 2>/dev/null | grep -Eq '^(x-ui|3x-ui)\.service'; then
+        return 0
+    fi
+    [ -d /etc/x-ui ] || [ -d /usr/local/x-ui ] || [ -f /etc/x-ui/x-ui.db ]
+}
+
+detect_3xui_443_listener() {
+    ss -ltnp 2>/dev/null | grep -E '(:|])443[[:space:]]' | grep -Eiq '(xray|x-ui|3x-ui)'
+}
+
+warn_3xui_443_conflict() {
+    detect_3xui_443_listener || return 1
+    log_warning "Обнаружен 3x-ui/Xray, который уже слушает TCP/443."
+    log_warning "GoTelegram не будет молча останавливать или переписывать 3x-ui."
+    log_dim "Для настоящего shared-443 нужен один фронтовой TLS/SNI-диспетчер и разные SNI-домены для Xray и GoTelegram."
+    mkdir -p "$GOTELEGRAM_DIR" 2>/dev/null
+    cat > "$GOTELEGRAM_DIR/shared-443-3xui.md" <<'EOF' 2>/dev/null || true
+# GoTelegram + 3x-ui on one TCP/443
+
+GoTelegram detected that 3x-ui/Xray already owns TCP/443. Two independent
+processes cannot bind the same IP:port at the same time. A safe shared setup
+needs one front TLS/SNI dispatcher on 443 and internal backends, for example:
+
+- dispatcher: 0.0.0.0:443
+- GoTelegram telemt: 127.0.0.1:7443
+- 3x-ui/Xray inbound: 127.0.0.1:9443
+- GoTelegram nginx mask site: 127.0.0.1:8443
+
+The dispatcher must route Xray SNI domains to Xray and route the GoTelegram
+SNI domain to telemt. If Xray and GoTelegram use the same SNI domain, automatic
+sharing is not reliable: the first TLS ClientHello is intentionally identical.
+
+GoTelegram intentionally does not rewrite the 3x-ui SQLite database or generated
+Xray config without explicit operator confirmation, because 3x-ui can overwrite
+manual JSON edits on the next panel change.
+EOF
+    return 0
+}
+
 check_disk_space() {
    local min_mb="${1:-500}"
    local avail_mb