Add option to enable gost metrics and prepare roles for users.

Author: ChrSchu90

Dockerfile

@@ -34,8 +34,9 @@ HEALTHCHECK --interval=15s --timeout=5s --retries=3 --start-period=10s CMD \
   sh -c "curl -fs https://am.i.mullvad.net/json | grep -q '\"mullvad_exit_ip\":true'"
 
 # TCP 1080 = local proxy
+# TCP 9100 = Prometheus Metrics
 # TCP 2000-3000 = Mullvad City proxies
-EXPOSE 1080 2000-3000
+EXPOSE 1080 9100 2000-3000
 
 VOLUME ["/data"]
 CMD [ "/run.sh" ]

GostGen/source/GatewayConfig.cs

@@ -47,6 +47,11 @@ internal record GatewayConfig
     /// </summary>
     public GostLogLevel GostLogLevel { get; set; } = GostLogLevel.warn;
 
+    /// <summary>
+    /// Gets or sets a value indicating whether metrics for gost are enabled.
+    /// </summary>
+    public bool GostMetricsEnabled { get; set; }
+
     /// <summary>
     /// Gets or sets the users.
     /// </summary>
@@ -148,6 +153,21 @@ public record User
     /// Gets or sets the password.
     /// </summary>
     public string Password { get; set; } = null!;
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the user has access to mullvad proxies.
+    /// </summary>
+    public bool HasMullvadProxyAccess { get; set; } = true;
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the user has access to the internal proxy.
+    /// </summary>
+    public bool HasInternalProxyAccess { get; set; }
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the user has access to the metrics server.
+    /// </summary>
+    public bool HasMetricsAccess { get; set; }
 }
 
 /// <summary>

GostGen/source/GostConfig.cs

@@ -21,6 +21,9 @@ internal record GostConfig
     [YamlMember(Alias = "log")]
     public LogConfig? Log { get; set; }
 
+    [YamlMember(Alias = "metrics")]
+    public MetricsConfig? Metrics { get; set; }
+
     [YamlMember(Alias = "authers")]
     public List<AutherConfig>? Authers { get; set; }
 
@@ -81,9 +84,6 @@ internal record GostConfig
     //[YamlMember(Alias = "api")]
     //public ApiConfig? API { get; set; }
 
-    //[YamlMember(Alias = "metrics")]
-    //public MetricsConfig? Metrics { get; set; }
-
     /// <summary>
     /// Loads the config from the given text.
     /// </summary>

GostGen/source/Program.cs

@@ -25,12 +25,16 @@ public class Program
 {
     private const string ExportCsvFile = "data/proxies.csv";
     private const string ExportJsonFile = "data/proxies.json";
+    private const string AutherMetricsGroup = "auther-metrics";
+    private const string AutherInternalGroup = "auther-internal";
     private const string AutherMullvadGroup = "auther-mullvad";
     private const string BypassMullvadGroup = "bypass-mullvad";
     private const string ServiceLocalName = "service-local";
     private const string SocksType = "socks5";
     private const string NetworkProtocol = "tcp";
+    private const string MetricsPath = "/metrics";
 
+    private const int MetricsPort = 9100;
     private const int ProxyPortLocal = 1080;
     private const int ProxyPortCitiesStart = 2000;
     private const int ProxyPortCitiesEnd = 3000;
@@ -69,6 +73,7 @@ public static async Task Main(string[] args)
             var cfgChanged = await UpdateGostLoggingAsync(gostConfig);
             cfgChanged |= await UpdateUsersAsync(gostConfig);
             cfgChanged |= await UpdateBypassesAsync(gostConfig);
+            cfgChanged |= await UpdateMetricsServerAsync(gostConfig);
             cfgChanged |= await UpdateLocalProxyAsync(gostConfig);
             cfgChanged |= await UpdateGostServersAsync(gostConfig);
 
@@ -229,14 +234,37 @@ private static Task<bool> UpdateUsersAsync(GostConfig gostConfig)
             changed = true;
         }
 
+        var internalGroup = gostConfig.Authers.FirstOrDefault(a => string.Equals(a.Name, AutherInternalGroup));
+        if (internalGroup == null)
+        {
+            Log.Debug($"Adding auther group `{AutherInternalGroup}`");
+            internalGroup = new AutherConfig { Name = AutherInternalGroup };
+            gostConfig.Authers.Add(internalGroup);
+            changed = true;
+        }
+
+        var metricsGroup = gostConfig.Authers.FirstOrDefault(a => string.Equals(a.Name, AutherMetricsGroup));
+        if (metricsGroup == null)
+        {
+            Log.Debug($"Adding auther group `{AutherMetricsGroup}`");
+            metricsGroup = new AutherConfig { Name = AutherMetricsGroup };
+            gostConfig.Authers.Add(metricsGroup);
+            changed = true;
+        }
+
         mullvadGroup.Auths ??= [];
+        internalGroup.Auths ??= [];
+        metricsGroup.Auths ??= [];
         foreach (var configUser in _gatewayConfig.Users)
         {
+            // ToDo add users inside configured auth groups depending on user role
             var gostUser = mullvadGroup.Auths.FirstOrDefault(u => string.Equals(u.Username, configUser.Key));
             if (gostUser == null)
             {
                 Log.Debug($"Add new user `{configUser.Key}` to `{AutherMullvadGroup}`");
                 mullvadGroup.Auths.Add(new AuthConfig { Username = configUser.Key, Password = configUser.Value.Password });
+                internalGroup.Auths.Add(new AuthConfig { Username = configUser.Key, Password = configUser.Value.Password });
+                metricsGroup.Auths.Add(new AuthConfig { Username = configUser.Key, Password = configUser.Value.Password });
                 changed = true;
                 continue;
             }
@@ -252,7 +280,7 @@ private static Task<bool> UpdateUsersAsync(GostConfig gostConfig)
         foreach (var gostAuth in mullvadGroup.Auths.ToArray())
         {
             if (!string.IsNullOrWhiteSpace(gostAuth.Username) &&
-               _gatewayConfig.Users.ContainsKey(gostAuth.Username))
+                _gatewayConfig.Users.ContainsKey(gostAuth.Username))
                 continue;
 
             Log.Debug($"Removing user `{gostAuth.Username}` from `{AutherMullvadGroup}`");
@@ -301,6 +329,34 @@ private static Task<bool> UpdateBypassesAsync(GostConfig gostConfig)
         return Task.FromResult(changed);
     }
 
+    private static Task<bool> UpdateMetricsServerAsync(GostConfig gostConfig)
+    {
+        var changed = false;
+        if (_gatewayConfig.GostMetricsEnabled)
+        {
+            var metricsAddress = $":{MetricsPort}";
+            gostConfig.Metrics ??= new();
+            if (gostConfig.Metrics.Addr != metricsAddress ||
+                !string.Equals(gostConfig.Metrics.Path, MetricsPath) ||
+                !string.Equals(gostConfig.Metrics.Auther, AutherMetricsGroup))
+            {
+                Log.Debug($"Enable metrics server at `user:pass@ip:{MetricsPort}?path=/metrics`");
+                gostConfig.Metrics.Addr = metricsAddress;
+                gostConfig.Metrics.Path = MetricsPath;
+                gostConfig.Metrics.Auther = AutherMetricsGroup;
+                changed = true;
+            }
+        }
+        else if (gostConfig.Metrics != null)
+        {
+            Log.Debug($"Disable metrics server at `user:pass@ip:{MetricsPort}?path=/metrics`");
+            gostConfig.Metrics = null;
+            changed = true;
+        }
+
+        return Task.FromResult(changed);
+    }
+
     private static Task<bool> UpdateLocalProxyAsync(GostConfig gostConfig)
     {
         var changed = false;
@@ -317,13 +373,13 @@ private static Task<bool> UpdateLocalProxyAsync(GostConfig gostConfig)
             !string.Equals(service.Interface, InputInterfaceName) ||
             !string.Equals(service.Listener?.Type, NetworkProtocol) ||
             !string.Equals(service.Handler?.Type, SocksType) ||
-            !string.Equals(service.Handler?.Auther, AutherMullvadGroup))
+            !string.Equals(service.Handler?.Auther, AutherInternalGroup))
         {
             Log.Debug($"Updating local proxy configuration `{ServiceLocalName}`");
             service.Addr = address;
             service.Interface = InputInterfaceName;
             service.Listener = new() { Type = NetworkProtocol };
-            service.Handler = new() { Type = SocksType, Auther = AutherMullvadGroup };
+            service.Handler = new() { Type = SocksType, Auther = AutherInternalGroup };
             changed = true;
         }
 
@@ -359,9 +415,9 @@ private static async Task<bool> UpdateGostServersAsync(GostConfig gostConfig)
             }
         }
 
-        if (cfgChanged || !File.Exists(ExportCsvFile) || new FileInfo(ExportCsvFile).Length < 1) 
+        if (cfgChanged || !File.Exists(ExportCsvFile) || new FileInfo(ExportCsvFile).Length < 1)
             ExportProxyCsv(proxies);
-        if (cfgChanged || !File.Exists(ExportJsonFile) || new FileInfo(ExportJsonFile).Length < 1) 
+        if (cfgChanged || !File.Exists(ExportJsonFile) || new FileInfo(ExportJsonFile).Length < 1)
             ExportProxyJson(proxies);
 
         return cfgChanged;

GostGen/source/Proxy.cs

@@ -5,8 +5,6 @@
 /// </summary>
 internal record Proxy
 {
-    public Proxy() { }
-
     internal Proxy(bool isPool, MullvadRelay server, ServiceConfig service)
     {
         IsPool = isPool;

debug.sh

@@ -12,4 +12,4 @@ dotnet publish ${NET_PROJECT} -r linux-musl-x64 ${NET_BUILD_ARGS} -o ./GostGen/p
   dotnet publish ${NET_PROJECT} -r linux-musl-arm64 ${NET_BUILD_ARGS} -o ./GostGen/publish/linux/arm64/v8 && \
   docker buildx build --progress=plain --rm --platform linux/amd64,linux/arm/v7,linux/arm64/v8 -f ${DOCKER_FILE} -t ${IMAGE_NAME} . && \
   docker volume create mullvadproxygateway_data  && \
-  docker run --rm -it -v mullvadproxygateway_data:/data -p 1080:1080 -p 2000-3000:2000-3000 --cap-add NET_ADMIN --sysctl net.ipv4.conf.all.src_valid_mark=1 ${IMAGE_NAME}
+  docker run --rm -it -v mullvadproxygateway_data:/data -p 1080:1080 -p 9100:9100 -p 2000-3000:2000-3000 --cap-add NET_ADMIN --sysctl net.ipv4.conf.all.src_valid_mark=1 ${IMAGE_NAME}