Add SSM API service

Author: nekohasekai

adapter/ssm.go

@@ -0,0 +1,18 @@
+package adapter
+
+import (
+	"net"
+
+	N "github.com/sagernet/sing/common/network"
+)
+
+type ManagedSSMServer interface {
+	Inbound
+	SetTracker(tracker SSMTracker)
+	UpdateUsers(users []string, uPSKs []string) error
+}
+
+type SSMTracker interface {
+	TrackConnection(conn net.Conn, metadata InboundContext) net.Conn
+	TrackPacketConnection(conn N.PacketConn, metadata InboundContext) N.PacketConn
+}

constant/proxy.go

@@ -27,6 +27,7 @@ const (
 	TypeTailscale    = "tailscale"
 	TypeDERP         = "derp"
 	TypeResolved     = "resolved"
+	TypeSSMAPI       = "ssm-api"
 )
 
 const (

docs/configuration/service/ssm-api.md

@@ -0,0 +1,52 @@
+---
+icon: material/new-box
+---
+
+!!! question "Since sing-box 1.12.0"
+
+# SSM API
+
+SSM API service is a RESTful API server for managing Shadowsocks servers.
+
+See https://github.com/Shadowsocks-NET/shadowsocks-specs/blob/main/2023-1-shadowsocks-server-management-api-v1.md
+
+### Structure
+
+```json
+{
+  "type": "ssm-api",
+  
+  ... // Listen Fields
+  
+  "servers": {},
+  "tls": {}
+}
+```
+
+### Listen Fields
+
+See [Listen Fields](/configuration/shared/listen/) for details.
+
+### Fields
+
+#### servers
+
+==Required==
+
+A mapping Object from HTTP endpoints to [Shadowsocks Inbound](/configuration/inbound/shadowsocks) tags.
+
+Selected Shadowsocks inbounds must be configured with [managed](/configuration/inbound/shadowsocks#managed) enabled.
+
+Example: 
+
+```json
+{
+  "servers": {
+    "/": "ss-in"
+  }
+}
+```
+
+#### tls
+
+TLS configuration, see [TLS](/configuration/shared/tls/#inbound).

include/registry.go

@@ -35,6 +35,7 @@ import (
 	"github.com/sagernet/sing-box/protocol/vless"
 	"github.com/sagernet/sing-box/protocol/vmess"
 	"github.com/sagernet/sing-box/service/resolved"
+	"github.com/sagernet/sing-box/service/ssmapi"
 	E "github.com/sagernet/sing/common/exceptions"
 )
 
@@ -125,6 +126,7 @@ func ServiceRegistry() *service.Registry {
 	registry := service.NewRegistry()
 
 	resolved.RegisterService(registry)
+	ssmapi.RegisterService(registry)
 
 	registerDERPService(registry)
 

mkdocs.yml

@@ -174,6 +174,7 @@ nav:
           - configuration/service/index.md
           - DERP: configuration/service/derp.md
           - Resolved: configuration/service/resolved.md
+          - SSM API: configuration/service/ssm-api.md
 markdown_extensions:
   - pymdownx.inlinehilite
   - pymdownx.snippets

option/shadowsocks.go

@@ -8,6 +8,7 @@ type ShadowsocksInboundOptions struct {
 	Users        []ShadowsocksUser        `json:"users,omitempty"`
 	Destinations []ShadowsocksDestination `json:"destinations,omitempty"`
 	Multiplex    *InboundMultiplexOptions `json:"multiplex,omitempty"`
+	Managed      bool                     `json:"managed,omitempty"`
 }
 
 type ShadowsocksUser struct {

option/ssmapi.go

@@ -0,0 +1,11 @@
+package option
+
+import (
+	"github.com/sagernet/sing/common/json/badjson"
+)
+
+type SSMAPIServiceOptions struct {
+	ListenOptions
+	Servers *badjson.TypedMap[string, string] `json:"servers"`
+	InboundTLSOptionsContainer
+}

protocol/shadowsocks/inbound.go

@@ -32,8 +32,10 @@ func RegisterInbound(registry *inbound.Registry) {
 func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowsocksInboundOptions) (adapter.Inbound, error) {
 	if len(options.Users) > 0 && len(options.Destinations) > 0 {
 		return nil, E.New("users and destinations options must not be combined")
+	} else if options.Managed && (len(options.Users) > 0 || len(options.Destinations) > 0) {
+		return nil, E.New("users and destinations options are not supported in managed servers")
 	}
-	if len(options.Users) > 0 {
+	if len(options.Users) > 0 || options.Managed {
 		return newMultiInbound(ctx, router, logger, tag, options)
 	} else if len(options.Destinations) > 0 {
 		return newRelayInbound(ctx, router, logger, tag, options)

protocol/shadowsocks/inbound_multi.go

@@ -28,7 +28,10 @@ import (
 	"github.com/sagernet/sing/common/ntp"
 )
 
-var _ adapter.TCPInjectableInbound = (*MultiInbound)(nil)
+var (
+	_ adapter.TCPInjectableInbound = (*MultiInbound)(nil)
+	_ adapter.ManagedSSMServer     = (*MultiInbound)(nil)
+)
 
 type MultiInbound struct {
 	inbound.Adapter
@@ -38,6 +41,7 @@ type MultiInbound struct {
 	listener *listener.Listener
 	service  shadowsocks.MultiService[int]
 	users    []option.ShadowsocksUser
+	tracker  adapter.SSMTracker
 }
 
 func newMultiInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowsocksInboundOptions) (*MultiInbound, error) {
@@ -79,13 +83,15 @@ func newMultiInbound(ctx context.Context, router adapter.Router, logger log.Cont
 	if err != nil {
 		return nil, err
 	}
-	err = service.UpdateUsersWithPasswords(common.MapIndexed(options.Users, func(index int, user option.ShadowsocksUser) int {
-		return index
-	}), common.Map(options.Users, func(user option.ShadowsocksUser) string {
-		return user.Password
-	}))
-	if err != nil {
-		return nil, err
+	if len(options.Users) > 0 {
+		err = service.UpdateUsersWithPasswords(common.MapIndexed(options.Users, func(index int, user option.ShadowsocksUser) int {
+			return index
+		}), common.Map(options.Users, func(user option.ShadowsocksUser) string {
+			return user.Password
+		}))
+		if err != nil {
+			return nil, err
+		}
 	}
 	inbound.service = service
 	inbound.users = options.Users
@@ -112,6 +118,25 @@ func (h *MultiInbound) Close() error {
 	return h.listener.Close()
 }
 
+func (h *MultiInbound) SetTracker(tracker adapter.SSMTracker) {
+	h.tracker = tracker
+}
+
+func (h *MultiInbound) UpdateUsers(users []string, uPSKs []string) error {
+	err := h.service.UpdateUsersWithPasswords(common.MapIndexed(users, func(index int, user string) int {
+		return index
+	}), uPSKs)
+	if err != nil {
+		return err
+	}
+	h.users = common.Map(users, func(user string) option.ShadowsocksUser {
+		return option.ShadowsocksUser{
+			Name: user,
+		}
+	})
+	return nil
+}
+
 //nolint:staticcheck
 func (h *MultiInbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
 	err := h.service.NewConnection(ctx, conn, adapter.UpstreamMetadata(metadata))
@@ -151,6 +176,9 @@ func (h *MultiInbound) newConnection(ctx context.Context, conn net.Conn, metadat
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	//nolint:staticcheck
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
+	if h.tracker != nil {
+		conn = h.tracker.TrackConnection(conn, metadata)
+	}
 	return h.router.RouteConnection(ctx, conn, metadata)
 }
 
@@ -174,6 +202,9 @@ func (h *MultiInbound) newPacketConnection(ctx context.Context, conn N.PacketCon
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	//nolint:staticcheck
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
+	if h.tracker != nil {
+		conn = h.tracker.TrackPacketConnection(conn, metadata)
+	}
 	return h.router.RoutePacketConnection(ctx, conn, metadata)
 }