feat: support external-controller-unix

hub/hub.go

@@ -47,6 +47,10 @@ func Parse(options ...Option) error {
 			cfg.General.Secret, cfg.TLS.Certificate, cfg.TLS.PrivateKey, cfg.General.LogLevel == log.DEBUG)
 	}
 
+	if cfg.General.ExternalControllerUnix != "" {
+		go route.StartUnix(cfg.General.ExternalControllerUnix, cfg.General.LogLevel == log.DEBUG)
+	}
+
 	executor.ApplyConfig(cfg, true)
 	return nil
 }

hub/route/server.go

@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"runtime/debug"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/metacubex/mihomo/adapter/inbound"
@@ -47,15 +48,7 @@ func SetUIPath(path string) {
 	uiPath = C.Path.Resolve(path)
 }
 
-func Start(addr string, tlsAddr string, secret string,
-	certificat, privateKey string, isDebug bool) {
-	if serverAddr != "" {
-		return
-	}
-
-	serverAddr = addr
-	serverSecret = secret
-
+func router(isDebug bool, withAuth bool) *chi.Mux {
 	r := chi.NewRouter()
 	corsM := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
@@ -77,7 +70,9 @@ func Start(addr string, tlsAddr string, secret string,
 		}())
 	}
 	r.Group(func(r chi.Router) {
-		r.Use(authentication)
+		if withAuth {
+			r.Use(authentication)
+		}
 		r.Get("/", hello)
 		r.Get("/logs", getLogs)
 		r.Get("/traffic", traffic)
@@ -107,10 +102,21 @@ func Start(addr string, tlsAddr string, secret string,
 			})
 		})
 	}
+	return r
+}
+
+func Start(addr string, tlsAddr string, secret string,
+	certificate, privateKey string, isDebug bool) {
+	if serverAddr != "" {
+		return
+	}
+
+	serverAddr = addr
+	serverSecret = secret
 
 	if len(tlsAddr) > 0 {
 		go func() {
-			c, err := CN.ParseCert(certificat, privateKey, C.Path)
+			c, err := CN.ParseCert(certificate, privateKey, C.Path)
 			if err != nil {
 				log.Errorln("External controller tls listen error: %s", err)
 				return
@@ -125,7 +131,7 @@ func Start(addr string, tlsAddr string, secret string,
 			serverAddr = l.Addr().String()
 			log.Infoln("RESTful API tls listening at: %s", serverAddr)
 			tlsServe := &http.Server{
-				Handler: r,
+				Handler: router(isDebug, true),
 				TLSConfig: &tls.Config{
 					Certificates: []tls.Certificate{c},
 				},
@@ -144,12 +150,35 @@ func Start(addr string, tlsAddr string, secret string,
 	serverAddr = l.Addr().String()
 	log.Infoln("RESTful API listening at: %s", serverAddr)
 
-	if err = http.Serve(l, r); err != nil {
+	if err = http.Serve(l, router(isDebug, true)); err != nil {
 		log.Errorln("External controller serve error: %s", err)
 	}
 
 }
 
+func StartUnix(addr string, isDebug bool) {
+	// https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
+	//
+	// Note: As mentioned above in the ‘security’ section, when a socket binds a socket to a valid pathname address,
+	// a socket file is created within the filesystem. On Linux, the application is expected to unlink
+	// (see the notes section in the man page for AF_UNIX) before any other socket can be bound to the same address.
+	// The same applies to Windows unix sockets, except that, DeleteFile (or any other file delete API)
+	// should be used to delete the socket file prior to calling bind with the same path.
+	_ = syscall.Unlink(addr)
+
+	l, err := inbound.Listen("unix", addr)
+	if err != nil {
+		log.Errorln("External controller unix listen error: %s", err)
+		return
+	}
+	serverAddr = l.Addr().String()
+	log.Infoln("RESTful API unix listening at: %s", serverAddr)
+
+	if err = http.Serve(l, router(isDebug, false)); err != nil {
+		log.Errorln("External controller unix serve error: %s", err)
+	}
+}
+
 func setPrivateNetworkAccess(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {