From a440f640808d1e6f9fc4cbab2e2238619a6a374c Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Tue, 4 Feb 2025 15:09:27 +0800
Subject: [PATCH] chore: alignment capability for vmess inbound

---
 docs/config.yaml              |   8 +++
 listener/config/vless.go      |  16 ++----
 listener/config/vmess.go      |  20 ++++---
 listener/inbound/reality.go   |  23 ++++++++
 listener/inbound/vless.go     |  20 -------
 listener/inbound/vmess.go     |  26 +++++----
 listener/reality/reality.go   | 104 ++++++++++++++++++++++++++++++++++
 listener/sing_vless/server.go |  91 +++++------------------------
 listener/sing_vmess/server.go |  16 +++++-
 9 files changed, 192 insertions(+), 132 deletions(-)
 create mode 100644 listener/inbound/reality.go
 create mode 100644 listener/reality/reality.go

diff --git a/docs/config.yaml b/docs/config.yaml
index 26e0f767..2c2f3f43 100644
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -1146,6 +1146,14 @@ listeners:
     # 下面两项如果填写则开启 tls（需要同时填写）
     # certificate: ./server.crt
     # private-key: ./server.key
+    # 如果填写reality-config则开启reality（注意不可与certificate和private-key同时填写）
+    # reality-config:
+    #   dest: test.com:443
+    #   private-key: jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0 # 可由 mihomo generate reality-keypair 命令生成
+    #   short-id:
+    #     - 0123456789abcdef
+    #   server-names:
+    #     - test.com
 
   - name: tuic-in-1
     type: tuic
diff --git a/listener/config/vless.go b/listener/config/vless.go
index 97456acc..2f88c1c4 100644
--- a/listener/config/vless.go
+++ b/listener/config/vless.go
@@ -1,9 +1,10 @@
 package config
 
 import (
-	"github.com/metacubex/mihomo/listener/sing"
-
 	"encoding/json"
+
+	"github.com/metacubex/mihomo/listener/reality"
+	"github.com/metacubex/mihomo/listener/sing"
 )
 
 type VlessUser struct {
@@ -19,7 +20,7 @@ type VlessServer struct {
 	WsPath        string
 	Certificate   string
 	PrivateKey    string
-	RealityConfig RealityConfig
+	RealityConfig reality.Config
 	MuxOption     sing.MuxOption `yaml:"mux-option" json:"mux-option,omitempty"`
 }
 
@@ -27,12 +28,3 @@ func (t VlessServer) String() string {
 	b, _ := json.Marshal(t)
 	return string(b)
 }
-
-type RealityConfig struct {
-	Dest              string
-	PrivateKey        string
-	ShortID           []string
-	ServerNames       []string
-	MaxTimeDifference int
-	Proxy             string
-}
diff --git a/listener/config/vmess.go b/listener/config/vmess.go
index 810d6bc1..0d9e9c4a 100644
--- a/listener/config/vmess.go
+++ b/listener/config/vmess.go
@@ -1,9 +1,10 @@
 package config
 
 import (
-	"github.com/metacubex/mihomo/listener/sing"
-
 	"encoding/json"
+
+	"github.com/metacubex/mihomo/listener/reality"
+	"github.com/metacubex/mihomo/listener/sing"
 )
 
 type VmessUser struct {
@@ -13,13 +14,14 @@ type VmessUser struct {
 }
 
 type VmessServer struct {
-	Enable      bool
-	Listen      string
-	Users       []VmessUser
-	WsPath      string
-	Certificate string
-	PrivateKey  string
-	MuxOption   sing.MuxOption `yaml:"mux-option" json:"mux-option,omitempty"`
+	Enable        bool
+	Listen        string
+	Users         []VmessUser
+	WsPath        string
+	Certificate   string
+	PrivateKey    string
+	RealityConfig reality.Config
+	MuxOption     sing.MuxOption `yaml:"mux-option" json:"mux-option,omitempty"`
 }
 
 func (t VmessServer) String() string {
diff --git a/listener/inbound/reality.go b/listener/inbound/reality.go
new file mode 100644
index 00000000..7653cd38
--- /dev/null
+++ b/listener/inbound/reality.go
@@ -0,0 +1,23 @@
+package inbound
+
+import "github.com/metacubex/mihomo/listener/reality"
+
+type RealityConfig struct {
+	Dest              string   `inbound:"dest"`
+	PrivateKey        string   `inbound:"private-key"`
+	ShortID           []string `inbound:"short-id"`
+	ServerNames       []string `inbound:"server-names"`
+	MaxTimeDifference int      `inbound:"max-time-difference,omitempty"`
+	Proxy             string   `inbound:"proxy,omitempty"`
+}
+
+func (c RealityConfig) Build() reality.Config {
+	return reality.Config{
+		Dest:              c.Dest,
+		PrivateKey:        c.PrivateKey,
+		ShortID:           c.ShortID,
+		ServerNames:       c.ServerNames,
+		MaxTimeDifference: c.MaxTimeDifference,
+		Proxy:             c.Proxy,
+	}
+}
diff --git a/listener/inbound/vless.go b/listener/inbound/vless.go
index 5a6da133..eb3b3c5a 100644
--- a/listener/inbound/vless.go
+++ b/listener/inbound/vless.go
@@ -23,26 +23,6 @@ type VlessUser struct {
 	Flow     string `inbound:"flow,omitempty"`
 }
 
-type RealityConfig struct {
-	Dest              string   `inbound:"dest"`
-	PrivateKey        string   `inbound:"private-key"`
-	ShortID           []string `inbound:"short-id"`
-	ServerNames       []string `inbound:"server-names"`
-	MaxTimeDifference int      `inbound:"max-time-difference,omitempty"`
-	Proxy             string   `inbound:"proxy,omitempty"`
-}
-
-func (c RealityConfig) Build() LC.RealityConfig {
-	return LC.RealityConfig{
-		Dest:              c.Dest,
-		PrivateKey:        c.PrivateKey,
-		ShortID:           c.ShortID,
-		ServerNames:       c.ServerNames,
-		MaxTimeDifference: c.MaxTimeDifference,
-		Proxy:             c.Proxy,
-	}
-}
-
 func (o VlessOption) Equal(config C.InboundConfig) bool {
 	return optionToString(o) == optionToString(config)
 }
diff --git a/listener/inbound/vmess.go b/listener/inbound/vmess.go
index 226a54d5..cf2379e1 100644
--- a/listener/inbound/vmess.go
+++ b/listener/inbound/vmess.go
@@ -9,11 +9,12 @@ import (
 
 type VmessOption struct {
 	BaseOption
-	Users       []VmessUser `inbound:"users"`
-	WsPath      string      `inbound:"ws-path,omitempty"`
-	Certificate string      `inbound:"certificate,omitempty"`
-	PrivateKey  string      `inbound:"private-key,omitempty"`
-	MuxOption   MuxOption   `inbound:"mux-option,omitempty"`
+	Users         []VmessUser   `inbound:"users"`
+	WsPath        string        `inbound:"ws-path,omitempty"`
+	Certificate   string        `inbound:"certificate,omitempty"`
+	PrivateKey    string        `inbound:"private-key,omitempty"`
+	RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
+	MuxOption     MuxOption     `inbound:"mux-option,omitempty"`
 }
 
 type VmessUser struct {
@@ -50,13 +51,14 @@ func NewVmess(options *VmessOption) (*Vmess, error) {
 		Base:   base,
 		config: options,
 		vs: LC.VmessServer{
-			Enable:      true,
-			Listen:      base.RawAddress(),
-			Users:       users,
-			WsPath:      options.WsPath,
-			Certificate: options.Certificate,
-			PrivateKey:  options.PrivateKey,
-			MuxOption:   options.MuxOption.Build(),
+			Enable:        true,
+			Listen:        base.RawAddress(),
+			Users:         users,
+			WsPath:        options.WsPath,
+			Certificate:   options.Certificate,
+			PrivateKey:    options.PrivateKey,
+			RealityConfig: options.RealityConfig.Build(),
+			MuxOption:     options.MuxOption.Build(),
 		},
 	}, nil
 }
diff --git a/listener/reality/reality.go b/listener/reality/reality.go
new file mode 100644
index 00000000..16245e2b
--- /dev/null
+++ b/listener/reality/reality.go
@@ -0,0 +1,104 @@
+package reality
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/metacubex/mihomo/listener/inner"
+	"github.com/metacubex/mihomo/ntp"
+
+	"github.com/sagernet/reality"
+)
+
+type Conn = reality.Conn
+
+type Config struct {
+	Dest              string
+	PrivateKey        string
+	ShortID           []string
+	ServerNames       []string
+	MaxTimeDifference int
+	Proxy             string
+}
+
+func (c Config) Build() (*Builder, error) {
+	realityConfig := &reality.Config{}
+	realityConfig.SessionTicketsDisabled = true
+	realityConfig.Type = "tcp"
+	realityConfig.Dest = c.Dest
+	realityConfig.Time = ntp.Now
+	realityConfig.ServerNames = make(map[string]bool)
+	for _, it := range c.ServerNames {
+		realityConfig.ServerNames[it] = true
+	}
+	privateKey, err := base64.RawURLEncoding.DecodeString(c.PrivateKey)
+	if err != nil {
+		return nil, fmt.Errorf("decode private key: %w", err)
+	}
+	if len(privateKey) != 32 {
+		return nil, errors.New("invalid private key")
+	}
+	realityConfig.PrivateKey = privateKey
+
+	realityConfig.MaxTimeDiff = time.Duration(c.MaxTimeDifference) * time.Microsecond
+
+	realityConfig.ShortIds = make(map[[8]byte]bool)
+	for i, shortIDString := range c.ShortID {
+		var shortID [8]byte
+		decodedLen, err := hex.Decode(shortID[:], []byte(shortIDString))
+		if err != nil {
+			return nil, fmt.Errorf("decode short_id[%d] '%s': %w", i, shortIDString, err)
+		}
+		if decodedLen > 8 {
+			return nil, fmt.Errorf("invalid short_id[%d]: %s", i, shortIDString)
+		}
+		realityConfig.ShortIds[shortID] = true
+	}
+
+	realityConfig.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
+		return inner.HandleTcp(address, c.Proxy)
+	}
+
+	return &Builder{realityConfig}, nil
+}
+
+type Builder struct {
+	realityConfig *reality.Config
+}
+
+func (b Builder) NewListener(l net.Listener) net.Listener {
+	l = reality.NewListener(l, b.realityConfig)
+	// Due to low implementation quality, the reality server intercepted half close and caused memory leaks.
+	// We fixed it by calling Close() directly.
+	l = realityListenerWrapper{l}
+	return l
+}
+
+type realityConnWrapper struct {
+	*reality.Conn
+}
+
+func (c realityConnWrapper) Upstream() any {
+	return c.Conn
+}
+
+func (c realityConnWrapper) CloseWrite() error {
+	return c.Close()
+}
+
+type realityListenerWrapper struct {
+	net.Listener
+}
+
+func (l realityListenerWrapper) Accept() (net.Conn, error) {
+	c, err := l.Listener.Accept()
+	if err != nil {
+		return nil, err
+	}
+	return realityConnWrapper{c.(*reality.Conn)}, nil
+}
diff --git a/listener/sing_vless/server.go b/listener/sing_vless/server.go
index f537de2d..2377ff62 100644
--- a/listener/sing_vless/server.go
+++ b/listener/sing_vless/server.go
@@ -3,15 +3,11 @@ package sing_vless
 import (
 	"context"
 	"crypto/tls"
-	"encoding/base64"
-	"encoding/hex"
 	"errors"
-	"fmt"
 	"net"
 	"net/http"
 	"reflect"
 	"strings"
-	"time"
 	"unsafe"
 
 	"github.com/metacubex/mihomo/adapter/inbound"
@@ -19,15 +15,13 @@ import (
 	tlsC "github.com/metacubex/mihomo/component/tls"
 	C "github.com/metacubex/mihomo/constant"
 	LC "github.com/metacubex/mihomo/listener/config"
-	"github.com/metacubex/mihomo/listener/inner"
+	"github.com/metacubex/mihomo/listener/reality"
 	"github.com/metacubex/mihomo/listener/sing"
 	"github.com/metacubex/mihomo/log"
-	"github.com/metacubex/mihomo/ntp"
 	mihomoVMess "github.com/metacubex/mihomo/transport/vmess"
 
 	"github.com/metacubex/sing-vmess/vless"
 	utls "github.com/metacubex/utls"
-	"github.com/sagernet/reality"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/metadata"
 )
@@ -97,7 +91,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 	sl = &Listener{false, config, nil, service}
 
 	tlsConfig := &tls.Config{}
-	var realityConfig *reality.Config
+	var realityBuilder *reality.Builder
 	var httpMux *http.ServeMux
 
 	if config.Certificate != "" && config.PrivateKey != "" {
@@ -107,6 +101,15 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		}
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
+	if config.RealityConfig.PrivateKey != "" {
+		if tlsConfig.Certificates != nil {
+			return nil, errors.New("certificate is unavailable in reality")
+		}
+		realityBuilder, err = config.RealityConfig.Build()
+		if err != nil {
+			return nil, err
+		}
+	}
 	if config.WsPath != "" {
 		httpMux = http.NewServeMux()
 		httpMux.HandleFunc(config.WsPath, func(w http.ResponseWriter, r *http.Request) {
@@ -119,47 +122,6 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		})
 		tlsConfig.NextProtos = append(tlsConfig.NextProtos, "http/1.1")
 	}
-	if config.RealityConfig.PrivateKey != "" {
-		if tlsConfig.Certificates != nil {
-			return nil, errors.New("certificate is unavailable in reality")
-		}
-		realityConfig = &reality.Config{}
-		realityConfig.SessionTicketsDisabled = true
-		realityConfig.Type = "tcp"
-		realityConfig.Dest = config.RealityConfig.Dest
-		realityConfig.Time = ntp.Now
-		realityConfig.ServerNames = make(map[string]bool)
-		for _, it := range config.RealityConfig.ServerNames {
-			realityConfig.ServerNames[it] = true
-		}
-		privateKey, err := base64.RawURLEncoding.DecodeString(config.RealityConfig.PrivateKey)
-		if err != nil {
-			return nil, fmt.Errorf("decode private key: %w", err)
-		}
-		if len(privateKey) != 32 {
-			return nil, errors.New("invalid private key")
-		}
-		realityConfig.PrivateKey = privateKey
-
-		realityConfig.MaxTimeDiff = time.Duration(config.RealityConfig.MaxTimeDifference) * time.Microsecond
-
-		realityConfig.ShortIds = make(map[[8]byte]bool)
-		for i, shortIDString := range config.RealityConfig.ShortID {
-			var shortID [8]byte
-			decodedLen, err := hex.Decode(shortID[:], []byte(shortIDString))
-			if err != nil {
-				return nil, fmt.Errorf("decode short_id[%d] '%s': %w", i, shortIDString, err)
-			}
-			if decodedLen > 8 {
-				return nil, fmt.Errorf("invalid short_id[%d]: %s", i, shortIDString)
-			}
-			realityConfig.ShortIds[shortID] = true
-		}
-
-		realityConfig.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
-			return inner.HandleTcp(address, config.RealityConfig.Proxy)
-		}
-	}
 
 	for _, addr := range strings.Split(config.Listen, ",") {
 		addr := addr
@@ -169,11 +131,8 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if err != nil {
 			return nil, err
 		}
-		if realityConfig != nil {
-			l = reality.NewListener(l, realityConfig)
-			// Due to low implementation quality, the reality server intercepted half close and caused memory leaks.
-			// We fixed it by calling Close() directly.
-			l = realityListenerWrapper{l}
+		if realityBuilder != nil {
+			l = realityBuilder.NewListener(l)
 		} else if len(tlsConfig.Certificates) > 0 {
 			l = tls.NewListener(l, tlsConfig)
 		} else {
@@ -237,27 +196,3 @@ func (l *Listener) HandleConn(conn net.Conn, tunnel C.Tunnel, additions ...inbou
 		return
 	}
 }
-
-type realityConnWrapper struct {
-	*reality.Conn
-}
-
-func (c realityConnWrapper) Upstream() any {
-	return c.Conn
-}
-
-func (c realityConnWrapper) CloseWrite() error {
-	return c.Close()
-}
-
-type realityListenerWrapper struct {
-	net.Listener
-}
-
-func (l realityListenerWrapper) Accept() (net.Conn, error) {
-	c, err := l.Listener.Accept()
-	if err != nil {
-		return nil, err
-	}
-	return realityConnWrapper{c.(*reality.Conn)}, nil
-}
diff --git a/listener/sing_vmess/server.go b/listener/sing_vmess/server.go
index 7a0afa0b..b344fcb4 100644
--- a/listener/sing_vmess/server.go
+++ b/listener/sing_vmess/server.go
@@ -3,6 +3,7 @@ package sing_vmess
 import (
 	"context"
 	"crypto/tls"
+	"errors"
 	"net"
 	"net/http"
 	"net/url"
@@ -12,6 +13,7 @@ import (
 	N "github.com/metacubex/mihomo/common/net"
 	C "github.com/metacubex/mihomo/constant"
 	LC "github.com/metacubex/mihomo/listener/config"
+	"github.com/metacubex/mihomo/listener/reality"
 	"github.com/metacubex/mihomo/listener/sing"
 	"github.com/metacubex/mihomo/ntp"
 	mihomoVMess "github.com/metacubex/mihomo/transport/vmess"
@@ -73,6 +75,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 	sl = &Listener{false, config, nil, service}
 
 	tlsConfig := &tls.Config{}
+	var realityBuilder *reality.Builder
 	var httpMux *http.ServeMux
 
 	if config.Certificate != "" && config.PrivateKey != "" {
@@ -82,6 +85,15 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		}
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
+	if config.RealityConfig.PrivateKey != "" {
+		if tlsConfig.Certificates != nil {
+			return nil, errors.New("certificate is unavailable in reality")
+		}
+		realityBuilder, err = config.RealityConfig.Build()
+		if err != nil {
+			return nil, err
+		}
+	}
 	if config.WsPath != "" {
 		httpMux = http.NewServeMux()
 		httpMux.HandleFunc(config.WsPath, func(w http.ResponseWriter, r *http.Request) {
@@ -103,7 +115,9 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if err != nil {
 			return nil, err
 		}
-		if len(tlsConfig.Certificates) > 0 {
+		if realityBuilder != nil {
+			l = realityBuilder.NewListener(l)
+		} else if len(tlsConfig.Certificates) > 0 {
 			l = tls.NewListener(l, tlsConfig)
 		}
 		sl.listeners = append(sl.listeners, l)