v1.0.0

2025-04-29 16:58:34 +00:00 · 2020-11-25 19:01:53 +08:00 · 2020-11-25 19:01:53 +08:00 · c7f7c08ead
commit c7f7c08ead
parent 47d23e9972
711 changed files with 82154 additions and 2 deletions
--- a/proxy/vmess/inbound/config.go
+++ b/proxy/vmess/inbound/config.go
@ -0,0 +1,11 @@
+// +build !confonly
+
+package inbound
+
+// GetDefaultValue returns default settings of DefaultConfig.
+func (c *Config) GetDefaultValue() *DefaultConfig {
+	if c.GetDefault() == nil {
+		return &DefaultConfig{}
+	}
+	return c.Default
+}
--- a/proxy/vmess/inbound/config.pb.go
+++ b/proxy/vmess/inbound/config.pb.go
@ -0,0 +1,333 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.25.0
+// 	protoc        v3.14.0
+// source: proxy/vmess/inbound/config.proto
+
+package inbound
+
+import (
+	proto "github.com/golang/protobuf/proto"
+	protocol "github.com/xtls/xray-core/v1/common/protocol"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// This is a compile-time assertion that a sufficiently up-to-date version
+// of the legacy proto package is being used.
+const _ = proto.ProtoPackageIsVersion4
+
+type DetourConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	To string `protobuf:"bytes,1,opt,name=to,proto3" json:"to,omitempty"`
+}
+
+func (x *DetourConfig) Reset() {
+	*x = DetourConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proxy_vmess_inbound_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DetourConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DetourConfig) ProtoMessage() {}
+
+func (x *DetourConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_proxy_vmess_inbound_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DetourConfig.ProtoReflect.Descriptor instead.
+func (*DetourConfig) Descriptor() ([]byte, []int) {
+	return file_proxy_vmess_inbound_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DetourConfig) GetTo() string {
+	if x != nil {
+		return x.To
+	}
+	return ""
+}
+
+type DefaultConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AlterId uint32 `protobuf:"varint,1,opt,name=alter_id,json=alterId,proto3" json:"alter_id,omitempty"`
+	Level   uint32 `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"`
+}
+
+func (x *DefaultConfig) Reset() {
+	*x = DefaultConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proxy_vmess_inbound_config_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DefaultConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DefaultConfig) ProtoMessage() {}
+
+func (x *DefaultConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_proxy_vmess_inbound_config_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DefaultConfig.ProtoReflect.Descriptor instead.
+func (*DefaultConfig) Descriptor() ([]byte, []int) {
+	return file_proxy_vmess_inbound_config_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *DefaultConfig) GetAlterId() uint32 {
+	if x != nil {
+		return x.AlterId
+	}
+	return 0
+}
+
+func (x *DefaultConfig) GetLevel() uint32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+type Config struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	User                 []*protocol.User `protobuf:"bytes,1,rep,name=user,proto3" json:"user,omitempty"`
+	Default              *DefaultConfig   `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"`
+	Detour               *DetourConfig    `protobuf:"bytes,3,opt,name=detour,proto3" json:"detour,omitempty"`
+	SecureEncryptionOnly bool             `protobuf:"varint,4,opt,name=secure_encryption_only,json=secureEncryptionOnly,proto3" json:"secure_encryption_only,omitempty"`
+}
+
+func (x *Config) Reset() {
+	*x = Config{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proxy_vmess_inbound_config_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Config) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Config) ProtoMessage() {}
+
+func (x *Config) ProtoReflect() protoreflect.Message {
+	mi := &file_proxy_vmess_inbound_config_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Config.ProtoReflect.Descriptor instead.
+func (*Config) Descriptor() ([]byte, []int) {
+	return file_proxy_vmess_inbound_config_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Config) GetUser() []*protocol.User {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+func (x *Config) GetDefault() *DefaultConfig {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *Config) GetDetour() *DetourConfig {
+	if x != nil {
+		return x.Detour
+	}
+	return nil
+}
+
+func (x *Config) GetSecureEncryptionOnly() bool {
+	if x != nil {
+		return x.SecureEncryptionOnly
+	}
+	return false
+}
+
+var File_proxy_vmess_inbound_config_proto protoreflect.FileDescriptor
+
+var file_proxy_vmess_inbound_config_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x18, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76,
+	0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x1a, 0x1a, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73,
+	0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1e, 0x0a, 0x0c, 0x44, 0x65, 0x74, 0x6f,
+	0x75, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x22, 0x40, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x6c, 0x74,
+	0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x61, 0x6c, 0x74,
+	0x65, 0x72, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xf1, 0x01, 0x0a, 0x06, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52,
+	0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x2e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x6f,
+	0x75, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x2e, 0x44, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x06, 0x64, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x65, 0x63, 0x75,
+	0x72, 0x65, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x6e,
+	0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65,
+	0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x6e, 0x6c, 0x79, 0x42, 0x6d,
+	0x0a, 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x01,
+	0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
+	0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0xaa, 0x02, 0x18, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e,
+	0x56, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_proxy_vmess_inbound_config_proto_rawDescOnce sync.Once
+	file_proxy_vmess_inbound_config_proto_rawDescData = file_proxy_vmess_inbound_config_proto_rawDesc
+)
+
+func file_proxy_vmess_inbound_config_proto_rawDescGZIP() []byte {
+	file_proxy_vmess_inbound_config_proto_rawDescOnce.Do(func() {
+		file_proxy_vmess_inbound_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_proxy_vmess_inbound_config_proto_rawDescData)
+	})
+	return file_proxy_vmess_inbound_config_proto_rawDescData
+}
+
+var file_proxy_vmess_inbound_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_proxy_vmess_inbound_config_proto_goTypes = []interface{}{
+	(*DetourConfig)(nil),  // 0: xray.proxy.vmess.inbound.DetourConfig
+	(*DefaultConfig)(nil), // 1: xray.proxy.vmess.inbound.DefaultConfig
+	(*Config)(nil),        // 2: xray.proxy.vmess.inbound.Config
+	(*protocol.User)(nil), // 3: xray.common.protocol.User
+}
+var file_proxy_vmess_inbound_config_proto_depIdxs = []int32{
+	3, // 0: xray.proxy.vmess.inbound.Config.user:type_name -> xray.common.protocol.User
+	1, // 1: xray.proxy.vmess.inbound.Config.default:type_name -> xray.proxy.vmess.inbound.DefaultConfig
+	0, // 2: xray.proxy.vmess.inbound.Config.detour:type_name -> xray.proxy.vmess.inbound.DetourConfig
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_proxy_vmess_inbound_config_proto_init() }
+func file_proxy_vmess_inbound_config_proto_init() {
+	if File_proxy_vmess_inbound_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_proxy_vmess_inbound_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DetourConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proxy_vmess_inbound_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DefaultConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proxy_vmess_inbound_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Config); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_proxy_vmess_inbound_config_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_proxy_vmess_inbound_config_proto_goTypes,
+		DependencyIndexes: file_proxy_vmess_inbound_config_proto_depIdxs,
+		MessageInfos:      file_proxy_vmess_inbound_config_proto_msgTypes,
+	}.Build()
+	File_proxy_vmess_inbound_config_proto = out.File
+	file_proxy_vmess_inbound_config_proto_rawDesc = nil
+	file_proxy_vmess_inbound_config_proto_goTypes = nil
+	file_proxy_vmess_inbound_config_proto_depIdxs = nil
+}
--- a/proxy/vmess/inbound/config.proto
+++ b/proxy/vmess/inbound/config.proto
@ -0,0 +1,25 @@
+syntax = "proto3";
+
+package xray.proxy.vmess.inbound;
+option csharp_namespace = "Xray.Proxy.Vmess.Inbound";
+option go_package = "github.com/xtls/xray-core/v1/proxy/vmess/inbound";
+option java_package = "com.xray.proxy.vmess.inbound";
+option java_multiple_files = true;
+
+import "common/protocol/user.proto";
+
+message DetourConfig {
+  string to = 1;
+}
+
+message DefaultConfig {
+  uint32 alter_id = 1;
+  uint32 level = 2;
+}
+
+message Config {
+  repeated xray.common.protocol.User user = 1;
+  DefaultConfig default = 2;
+  DetourConfig detour = 3;
+  bool secure_encryption_only = 4;
+}
--- a/proxy/vmess/inbound/errors.generated.go
+++ b/proxy/vmess/inbound/errors.generated.go
@ -0,0 +1,9 @@
+package inbound
+
+import "github.com/xtls/xray-core/v1/common/errors"
+
+type errPathObjHolder struct{}
+
+func newError(values ...interface{}) *errors.Error {
+	return errors.New(values...).WithPathObj(errPathObjHolder{})
+}
--- a/proxy/vmess/inbound/inbound.go
+++ b/proxy/vmess/inbound/inbound.go
@ -0,0 +1,357 @@
+// +build !confonly
+
+package inbound
+
+//go:generate go run github.com/xtls/xray-core/v1/common/errors/errorgen
+
+import (
+	"context"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/xtls/xray-core/v1/common"
+	"github.com/xtls/xray-core/v1/common/buf"
+	"github.com/xtls/xray-core/v1/common/errors"
+	"github.com/xtls/xray-core/v1/common/log"
+	"github.com/xtls/xray-core/v1/common/net"
+	"github.com/xtls/xray-core/v1/common/protocol"
+	"github.com/xtls/xray-core/v1/common/session"
+	"github.com/xtls/xray-core/v1/common/signal"
+	"github.com/xtls/xray-core/v1/common/task"
+	"github.com/xtls/xray-core/v1/common/uuid"
+	"github.com/xtls/xray-core/v1/core"
+	feature_inbound "github.com/xtls/xray-core/v1/features/inbound"
+	"github.com/xtls/xray-core/v1/features/policy"
+	"github.com/xtls/xray-core/v1/features/routing"
+	"github.com/xtls/xray-core/v1/proxy/vmess"
+	"github.com/xtls/xray-core/v1/proxy/vmess/encoding"
+	"github.com/xtls/xray-core/v1/transport/internet"
+)
+
+type userByEmail struct {
+	sync.Mutex
+	cache           map[string]*protocol.MemoryUser
+	defaultLevel    uint32
+	defaultAlterIDs uint16
+}
+
+func newUserByEmail(config *DefaultConfig) *userByEmail {
+	return &userByEmail{
+		cache:           make(map[string]*protocol.MemoryUser),
+		defaultLevel:    config.Level,
+		defaultAlterIDs: uint16(config.AlterId),
+	}
+}
+
+func (v *userByEmail) addNoLock(u *protocol.MemoryUser) bool {
+	email := strings.ToLower(u.Email)
+	_, found := v.cache[email]
+	if found {
+		return false
+	}
+	v.cache[email] = u
+	return true
+}
+
+func (v *userByEmail) Add(u *protocol.MemoryUser) bool {
+	v.Lock()
+	defer v.Unlock()
+
+	return v.addNoLock(u)
+}
+
+func (v *userByEmail) Get(email string) (*protocol.MemoryUser, bool) {
+	email = strings.ToLower(email)
+
+	v.Lock()
+	defer v.Unlock()
+
+	user, found := v.cache[email]
+	if !found {
+		id := uuid.New()
+		rawAccount := &vmess.Account{
+			Id:      id.String(),
+			AlterId: uint32(v.defaultAlterIDs),
+		}
+		account, err := rawAccount.AsAccount()
+		common.Must(err)
+		user = &protocol.MemoryUser{
+			Level:   v.defaultLevel,
+			Email:   email,
+			Account: account,
+		}
+		v.cache[email] = user
+	}
+	return user, found
+}
+
+func (v *userByEmail) Remove(email string) bool {
+	email = strings.ToLower(email)
+
+	v.Lock()
+	defer v.Unlock()
+
+	if _, found := v.cache[email]; !found {
+		return false
+	}
+	delete(v.cache, email)
+	return true
+}
+
+// Handler is an inbound connection handler that handles messages in VMess protocol.
+type Handler struct {
+	policyManager         policy.Manager
+	inboundHandlerManager feature_inbound.Manager
+	clients               *vmess.TimedUserValidator
+	usersByEmail          *userByEmail
+	detours               *DetourConfig
+	sessionHistory        *encoding.SessionHistory
+	secure                bool
+}
+
+// New creates a new VMess inbound handler.
+func New(ctx context.Context, config *Config) (*Handler, error) {
+	v := core.MustFromContext(ctx)
+	handler := &Handler{
+		policyManager:         v.GetFeature(policy.ManagerType()).(policy.Manager),
+		inboundHandlerManager: v.GetFeature(feature_inbound.ManagerType()).(feature_inbound.Manager),
+		clients:               vmess.NewTimedUserValidator(protocol.DefaultIDHash),
+		detours:               config.Detour,
+		usersByEmail:          newUserByEmail(config.GetDefaultValue()),
+		sessionHistory:        encoding.NewSessionHistory(),
+		secure:                config.SecureEncryptionOnly,
+	}
+
+	for _, user := range config.User {
+		mUser, err := user.ToMemoryUser()
+		if err != nil {
+			return nil, newError("failed to get VMess user").Base(err)
+		}
+
+		if err := handler.AddUser(ctx, mUser); err != nil {
+			return nil, newError("failed to initiate user").Base(err)
+		}
+	}
+
+	return handler, nil
+}
+
+// Close implements common.Closable.
+func (h *Handler) Close() error {
+	return errors.Combine(
+		h.clients.Close(),
+		h.sessionHistory.Close(),
+		common.Close(h.usersByEmail))
+}
+
+// Network implements proxy.Inbound.Network().
+func (*Handler) Network() []net.Network {
+	return []net.Network{net.Network_TCP, net.Network_UNIX}
+}
+
+func (h *Handler) GetUser(email string) *protocol.MemoryUser {
+	user, existing := h.usersByEmail.Get(email)
+	if !existing {
+		h.clients.Add(user)
+	}
+	return user
+}
+
+func (h *Handler) AddUser(ctx context.Context, user *protocol.MemoryUser) error {
+	if len(user.Email) > 0 && !h.usersByEmail.Add(user) {
+		return newError("User ", user.Email, " already exists.")
+	}
+	return h.clients.Add(user)
+}
+
+func (h *Handler) RemoveUser(ctx context.Context, email string) error {
+	if email == "" {
+		return newError("Email must not be empty.")
+	}
+	if !h.usersByEmail.Remove(email) {
+		return newError("User ", email, " not found.")
+	}
+	h.clients.Remove(email)
+	return nil
+}
+
+func transferResponse(timer signal.ActivityUpdater, session *encoding.ServerSession, request *protocol.RequestHeader, response *protocol.ResponseHeader, input buf.Reader, output *buf.BufferedWriter) error {
+	session.EncodeResponseHeader(response, output)
+
+	bodyWriter := session.EncodeResponseBody(request, output)
+
+	{
+		// Optimize for small response packet
+		data, err := input.ReadMultiBuffer()
+		if err != nil {
+			return err
+		}
+
+		if err := bodyWriter.WriteMultiBuffer(data); err != nil {
+			return err
+		}
+	}
+
+	if err := output.SetBuffered(false); err != nil {
+		return err
+	}
+
+	if err := buf.Copy(input, bodyWriter, buf.UpdateActivity(timer)); err != nil {
+		return err
+	}
+
+	if request.Option.Has(protocol.RequestOptionChunkStream) {
+		if err := bodyWriter.WriteMultiBuffer(buf.MultiBuffer{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func isInsecureEncryption(s protocol.SecurityType) bool {
+	return s == protocol.SecurityType_NONE || s == protocol.SecurityType_LEGACY || s == protocol.SecurityType_UNKNOWN
+}
+
+// Process implements proxy.Inbound.Process().
+func (h *Handler) Process(ctx context.Context, network net.Network, connection internet.Connection, dispatcher routing.Dispatcher) error {
+	sessionPolicy := h.policyManager.ForLevel(0)
+	if err := connection.SetReadDeadline(time.Now().Add(sessionPolicy.Timeouts.Handshake)); err != nil {
+		return newError("unable to set read deadline").Base(err).AtWarning()
+	}
+
+	reader := &buf.BufferedReader{Reader: buf.NewReader(connection)}
+	svrSession := encoding.NewServerSession(h.clients, h.sessionHistory)
+	request, err := svrSession.DecodeRequestHeader(reader)
+	if err != nil {
+		if errors.Cause(err) != io.EOF {
+			log.Record(&log.AccessMessage{
+				From:   connection.RemoteAddr(),
+				To:     "",
+				Status: log.AccessRejected,
+				Reason: err,
+			})
+			err = newError("invalid request from ", connection.RemoteAddr()).Base(err).AtInfo()
+		}
+		return err
+	}
+
+	if h.secure && isInsecureEncryption(request.Security) {
+		log.Record(&log.AccessMessage{
+			From:   connection.RemoteAddr(),
+			To:     "",
+			Status: log.AccessRejected,
+			Reason: "Insecure encryption",
+			Email:  request.User.Email,
+		})
+		return newError("client is using insecure encryption: ", request.Security)
+	}
+
+	if request.Command != protocol.RequestCommandMux {
+		ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
+			From:   connection.RemoteAddr(),
+			To:     request.Destination(),
+			Status: log.AccessAccepted,
+			Reason: "",
+			Email:  request.User.Email,
+		})
+	}
+
+	newError("received request for ", request.Destination()).WriteToLog(session.ExportIDToError(ctx))
+
+	if err := connection.SetReadDeadline(time.Time{}); err != nil {
+		newError("unable to set back read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx))
+	}
+
+	inbound := session.InboundFromContext(ctx)
+	if inbound == nil {
+		panic("no inbound metadata")
+	}
+	inbound.User = request.User
+
+	sessionPolicy = h.policyManager.ForLevel(request.User.Level)
+
+	ctx, cancel := context.WithCancel(ctx)
+	timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
+
+	ctx = policy.ContextWithBufferPolicy(ctx, sessionPolicy.Buffer)
+	link, err := dispatcher.Dispatch(ctx, request.Destination())
+	if err != nil {
+		return newError("failed to dispatch request to ", request.Destination()).Base(err)
+	}
+
+	requestDone := func() error {
+		defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly)
+
+		bodyReader := svrSession.DecodeRequestBody(request, reader)
+		if err := buf.Copy(bodyReader, link.Writer, buf.UpdateActivity(timer)); err != nil {
+			return newError("failed to transfer request").Base(err)
+		}
+		return nil
+	}
+
+	responseDone := func() error {
+		defer timer.SetTimeout(sessionPolicy.Timeouts.UplinkOnly)
+
+		writer := buf.NewBufferedWriter(buf.NewWriter(connection))
+		defer writer.Flush()
+
+		response := &protocol.ResponseHeader{
+			Command: h.generateCommand(ctx, request),
+		}
+		return transferResponse(timer, svrSession, request, response, link.Reader, writer)
+	}
+
+	var requestDonePost = task.OnSuccess(requestDone, task.Close(link.Writer))
+	if err := task.Run(ctx, requestDonePost, responseDone); err != nil {
+		common.Interrupt(link.Reader)
+		common.Interrupt(link.Writer)
+		return newError("connection ends").Base(err)
+	}
+
+	return nil
+}
+
+func (h *Handler) generateCommand(ctx context.Context, request *protocol.RequestHeader) protocol.ResponseCommand {
+	if h.detours != nil {
+		tag := h.detours.To
+		if h.inboundHandlerManager != nil {
+			handler, err := h.inboundHandlerManager.GetHandler(ctx, tag)
+			if err != nil {
+				newError("failed to get detour handler: ", tag).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+				return nil
+			}
+			proxyHandler, port, availableMin := handler.GetRandomInboundProxy()
+			inboundHandler, ok := proxyHandler.(*Handler)
+			if ok && inboundHandler != nil {
+				if availableMin > 255 {
+					availableMin = 255
+				}
+
+				newError("pick detour handler for port ", port, " for ", availableMin, " minutes.").AtDebug().WriteToLog(session.ExportIDToError(ctx))
+				user := inboundHandler.GetUser(request.User.Email)
+				if user == nil {
+					return nil
+				}
+				account := user.Account.(*vmess.MemoryAccount)
+				return &protocol.CommandSwitchAccount{
+					Port:     port,
+					ID:       account.ID.UUID(),
+					AlterIds: uint16(len(account.AlterIDs)),
+					Level:    user.Level,
+					ValidMin: byte(availableMin),
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func init() {
+	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
+		return New(ctx, config.(*Config))
+	}))
+}