V2RayGen.py

#!/usr/bin/env python3

# XRay Config Generator
# ------------------------------------------
#   Author    : SonyaCore
# 	Github    : https://github.com/SonyaCore
#   Licence   : https://www.gnu.org/licenses/gpl-3.0.en.html

import os
import sys
import subprocess
import time
import uuid
import argparse
import base64
import json
import random
import string
import csv
import re
import platform
import ipaddress
from urllib.parse import unquote
from urllib.request import urlopen, Request
from urllib.error import HTTPError, URLError
from http.client import RemoteDisconnected
from binascii import Error

# -------------------------------- Constants --------------------------------- #

# Name
NAME = "XRayGen"

# Version
VERSION = "1.1.8"

# UUID Generation
UUID = uuid.uuid4()

# Config Name
CONFIGNAME = "config.json"
OBFS = "docker-compose.yml"

SELFSIGEND_CERT = "host.cert"
SELFSIGEND_KEY = "host.key"

# PORT
PORT = 80

# TLS
TLSTYPE = "none"

# Docker Compose FILE
DOCKERCOMPOSE = "docker-compose.yml"

# Client Side PORT
SOCKSPORT = 10808
HTTPPORT = 10809

## AGENT
AGENT_URL = "https://raw.githubusercontent.com/SonyaCore/V2RayGen/main/XRayAgent.py"
AGENT_PATH = "/tmp/agent.py"

# -------------------------------- Colors --------------------------------- #

# Color Format
green = "\u001b[32m"
yellow = "\u001b[33m"
blue = "\u001b[34m"
error = "\u001b[31m"
reset = "\u001b[0m"

# -------------------------------- Argument Parser --------------------------------- #

usage = "python3 {} {} <protocol> {} {} <optional args> {}".format(
    NAME, error, reset, blue, reset
)
formatter = lambda prog: argparse.HelpFormatter(prog, max_help_position=64)
parser = argparse.ArgumentParser(prog=NAME, formatter_class=formatter, usage=usage)


def str2bool(v):
    if isinstance(v, bool):
        return v
    if v.lower() in ("yes", "true", "t", "y", "1"):
        return True
    elif v.lower() in ("no", "false", "f", "n", "0"):
        return False
    else:
        raise argparse.ArgumentTypeError("Boolean value expected.")


parser.add_argument("--config", "-c", action="store_true", help="Creating only the Configuration file")
parser.add_argument("--agent", "-a", action="store_true", help="Launch XRayAgent")
parser.add_argument("--protocols", "-l", action="store_true", help="Show list of protocols")


quick = parser.add_argument_group("{}Protocols{}".format(green, reset))

quick.add_argument("--vmess", "-vm", action="store_true", help="Create VMess")
quick.add_argument("--vless", "-vl", action="store_true", help="Create VLess")
quick.add_argument("--trojan", "-tr", action="store_true", help="Create Trojan")
quick.add_argument("--shadowsocks", "-ss", action="store_true", help="Create ShadowSocks")

logdnsparser = parser.add_argument_group(
    "{}XRay - Log & DNS Settings{}".format(green, reset)
)

logdnsparser.add_argument(
    "--loglevel",
    "-log",
    action="store",
    type=str,
    metavar="",
    help="Loglevel for Xray config. default: [warning]",
)
logdnsparser.add_argument(
    "--dns", action="store", type=str, metavar="", help="Optional DNS. default: [nodns]"
)

routingparser = parser.add_argument_group("{}XRay - Routing{}".format(green, reset))
routingparser.add_argument(
    "--block",
    "--block-routing",
    action="store_true",
    help="Blocking Bittorrent and Ads in configuration. [default: False]",
)
routingparser.add_argument(
    "--blockir",
    "--block-ir",
    action="store_true",
    help="Blocking Bittorrent, Ads and Irnian IPs in configuration. [default: False]",
)

inboundsparser = parser.add_argument_group("{}XRay - Inbounds{}".format(green, reset))
inboundsparser.add_argument(
    "--tls", "-t", action="store_true", help="Using TLS in specified protocol"
)
inboundsparser.add_argument(
    "--xtls", "-xt", action="store_true", help="Using XTLS in specified protocol"
)


inboundsparser.add_argument(
    "--port",
    "-p",
    action="store",
    type=int,
    metavar="",
    help="Optional PORT for Xray Config. defualt: [80,443]",
)
inboundsparser.add_argument(
    "--uuid",
    "-u",
    action="store",
    type=str,
    metavar="",
    help="Optional UUID / ID for configuration. default: [random]",
    default=UUID,
)
inboundsparser.add_argument(
    "--alterid",
    "-id",
    action="store",
    type=int,
    metavar="",
    help="Optional alterId for configuration. default: [0]",
    default=0,
)
inboundsparser.add_argument(
    "--insecure",
    "--insecure-encryption",
    action="store",
    type=str2bool,
    nargs="?",
    metavar="",
    const=True,
    help="Disable Insecure Encryption. default: [True]",
    default=True,
)
streamsettingsparser = parser.add_argument_group(
    "{}XRay - Stream Settings{}".format(green, reset)
)
# streamsettingsparser.add_argument(
#     "--http",
#     "--http-stream",
#     action="store_true",
#     help="Using HTTP network stream. default: [WebSocket]",
# )

streamsettingsparser.add_argument(
    "--tcp",
    "--tcp-stream",
    action="store_true",
    help="Using TCP network stream. default: [WebSocket]",
)

streamsettingsparser.add_argument(
    "--wspath",
    "--websocket-path",
    action="store",
    type=str,
    metavar="",
    help="Optional WebSocket path. default: [/graphql]",
    default="/graphql",
)

streamsettingsparser.add_argument(
    "--header",
    "--http-header",
    action="store",
    type=argparse.FileType("r"),
    metavar="",
    help="Optional JSON HTTPRequest Header.",
)

linkparser = parser.add_argument_group(
    "{}XRay - Link Configuration{}".format(green, reset)
)

linkparser.add_argument(
    "--linkname",
    "-ln",
    action="store",
    type=str,
    metavar="",
    help="Name for Xray generated link. default: [xray]",
)
linkparser.add_argument(
    "--qrcode",
    "-qr",
    action="store_true",
    help="Generate QRCode for generated link.",
)

client = parser.add_argument_group("{}XRay Client Configuration{}".format(green, reset))

client.add_argument(
    "--security",
    "--client-security",
    action="store",
    type=str,
    metavar="",
    help="Security for Client-side JSON config. default: [auto]",
)

client.add_argument(
    "--csocks",
    "--clientsocks",
    action="store",
    type=int,
    metavar="",
    help="SOCKS port for Client-Side JSON config. default: [{}]".format(SOCKSPORT),
)
client.add_argument(
    "--chttp",
    "--clienthttp",
    action="store",
    type=int,
    metavar="",
    help="HTTP port for Client-Side JSON config. default: [{}]".format(HTTPPORT),
)

shadowsocks = parser.add_argument_group("{}ShadowSocks{}".format(green, reset))

shadowsocks.add_argument(
    "--sspass",
    "--shadowsocks-password",
    action="store",
    type=str,
    metavar="",
    help="Set Password for ShadowSocks. default: [random]",
)

shadowsocks.add_argument(
    "--ssmethod",
    "--shadowsocks-method",
    action="store",
    type=str,
    metavar="",
    help="Set Method for ShadowSocks. default: [2022-blake3-chacha20-poly1305]",
)

trojan = parser.add_argument_group("{}Trojan{}".format(green, reset))
trojan.add_argument(
    "--tpass",
    "--trojan-password",
    action="store",
    type=str,
    metavar="",
    help="Set Password for Trojan. default: [random]",
)

docker = parser.add_argument_group("{}Docker{}".format(green, reset))

docker.add_argument(
    "--v2ray",
    "-v2",
    action="store_true",
    required=False,
    help="Use V2Ray insted of XRay",
)

docker.add_argument(
    "--dockerfile",
    action="store_true",
    required=False,
    help="Generate xray-core docker-compose file",
)

docker.add_argument(
    "--ssdocker",
    "--shadowsocks-dockerfile",
    action="store_true",
    required=False,
    help="Generate ShadowSocks docker-compose file for shadowsocks-libev",
)

docker.add_argument(
    "--dockerup",
    action="store_true",
    required=False,
    help="Start docker-compose in system",
)

parseurl = parser.add_argument_group("{}Link Parse{}".format(green, reset))

parseurl.add_argument(
    "--parse",
    "--parseurl",
    action="store",
    type=str,
    metavar="",
    help="Parse encoded link. supported formats: [vmess://,ss://]",
)

parseurl.add_argument(
    "--parseconfig",
    "--readconfig",
    action="store",
    type=argparse.FileType("r"),
    metavar="",
    help="Parse Configuration file",
)

firewall = parser.add_argument_group("{}Firewall{}".format(green, reset))

firewall.add_argument(
    "--firewall",
    "-fw",
    action="store_true",
    help="Adding firewall rules after generating configuration",
)

inboundsparser = parser.add_argument_group("{}Google BBR{}".format(green, reset))
routingparser.add_argument(
    "--bbr",
    action="store_true",
    help="Installing Google BBR on the server. [default: False]",
)

# xray.add_argument(
#     "--domain",
#     "--domain-websocket",
#     action="store",
#     type=str,
#     metavar="",
#     help="Use Domain insted of IP for WebSocket. default: [ServerIP]",
# )

opt = parser.add_argument_group("{}info{}".format(green, reset))
opt.add_argument("-v", "--version", action="version", version="%(prog)s " + VERSION)

# Arg Parse
args = parser.parse_args()

# ------------------------------ Miscellaneous ------------------------------- #

# Banner
def banner(t=0.0005):
    data = """{}
 __   __ _____              _____            
 \ \ / /|  __ \            / ____|           
  \ V / | |__) |__ _ _   _| |  __  ___ _ __  
   > <  |  _  // _` | | | | | |_ |/ _ \ '_ \ 
  / . \ | | \ \ (_| | |_| | |__| |  __/ | | |
 /_/ \_\|_|  \_\__,_|\__, |\_____|\___|_| |_|
                     __/ |                  
                    |___/                   
{}""".format(
        green, reset
    )
    for char in data:
        sys.stdout.write(char)
        time.sleep(t)
    sys.stdout.write("\n")
    sys.stdout.write("Version: " + VERSION)
    sys.stdout.write("\n")


def python_version():
    if sys.version_info < (3, 5):
        raise Exception(
            "Your Python version is too old. Please upgrade to version 3.5 or later."
        )
    else:
        pass


def user_permission() -> None:
    if os.getuid() == 0:
        PRIVILEGE = green + "GRANTED" + reset
        t = True
    else:
        PRIVILEGE = error + "DENIED" + reset
        t = False
        pass
    print("ROOT PRIVILEGE : {}".format(PRIVILEGE))
    if t == False:
        print(
            yellow
            + "WARNING : Some sections might not work without root permission"
            + reset
        )


def docker_compose_version() -> str:
    if sys.version_info < (3, 6):
        return "v2.16.0"
    else:
        tag = "latest"
        version = "name"
        compose = Request(
            "https://api.github.com/repos/docker/compose/releases/{}".format(tag),
            headers={
                "User-Agent": "Mozilla/5.0",
            },
        )
        with urlopen(compose) as response:
            return json.loads(response.read().decode())[version]


# Return IP
def ip():
    """
    return actual IP of the server.
    if there are multiple interfaces with private IP the public IP will be used for the config
    """
    try:
        url = "http://ip-api.com/json/?fields=query"
        httprequest = Request(url, headers={"Accept": "application/json"})

        with urlopen(httprequest) as response:
            data = json.loads(response.read().decode())
            return data["query"]
    except HTTPError:
        print(
            error
            + "failed to send request to {} please check your connection".format(
                url.split("/json")[0]
            )
            + reset
        )
        sys.exit(1)


def get_random_charaters(length=24):
    """
    Get random password pf length with letters, digits, and symbols
    """

    characters = string.ascii_letters + string.digits
    password = "".join(random.choice(characters) for i in range(length))

    return password


def country():
    """
    return Country Code of the server.
    country code are used for detecting server location
    if server are not in the filtered list nginx template will be generated
    """
    try:
        countrycode = get_country()
        if countrycode not in ("IR", "CN", "VN"):
            print(
                yellow
                + "\n! You Are Using External Server [{}]\n".format(countrycode)
                + "Nginx Template:"
                + reset
            )
            print(nginx())
            print(yellow + "! Append to /etc/nginx/nginx.conf" + reset)
    except HTTPError:
        print(
            error
            + "failed to send request to {} please check your connection".format(
                countrycode.split("/json")[0]
            )
            + reset
        )
        sys.exit(1)


def get_country() -> str:
    """
    return Country Code of the server.
    """
    countrycode_url = "http://ip-api.com/json/?fields=countryCode"
    httprequest = Request(countrycode_url, headers={"Accept": "application/json"})

    with urlopen(httprequest) as response:
        data = json.loads(response.read().decode())

    return data["countryCode"]


def dnsselect():
    """
    DNS Selection.
    dnsselect are used for set a dns to the generated config
    https://www.v2ray.com/en/configuration/dns.html#dnsobject
    """
    global dnslist, NODNS, dnsserver
    dnslist = ["both", "google", "cloudflare", "opendns", "quad9", "adguard", "nodns"]

    dnsserver = {}
    dnsserver[
        0
    ] = """"dns": {
      "servers": [
        "8.8.8.8",
        "1.1.1.1",
        "4.2.2.4"
    ]
  },"""
    dnsserver[
        1
    ] = """"dns": {
      "servers": [
        "8.8.8.8",
        "4.2.2.4"
    ]
  },"""
    dnsserver[
        2
    ] = """"dns": {
      "servers": [
        "1.1.1.1"
    ]
  },"""

    dnsserver[
        3
    ] = """"dns": {
      "servers": [
        "208.67.222.222",
        "208.67.220.220"
    ]
  },"""

    dnsserver[
        4
    ] = """"dns": {
      "servers": [
        "9.9.9.9",
        "149.112.112.112"
    ]
  },"""

    dnsserver[
        5
    ] = """"dns": {
      "servers": [
        "94.140.14.14",
        "94.140.15.15"
    ]
  },"""

    NODNS = ""


def get_distro() -> str:
    """
    return distro name based on os-release info
    """
    RELEASE_INFO = {}
    with open("/etc/os-release") as f:
        reader = csv.reader(f, delimiter="=")
        for row in reader:
            if row:
                RELEASE_INFO[row[0]] = row[1]

    return "{}".format(RELEASE_INFO["NAME"])


def create_key():
    """
    create self signed key with openssl
    """
    random_domain = get_random_charaters(8)
    countrycode = get_country()
    print(green)
    subprocess.run(
        "openssl req -new -newkey rsa:4096 -days 735 -nodes -x509 \
    -subj '/C={}/ST=Denial/L=String/O=Dis/CN=www.{}.{}' -keyout {} -out {}".format(
            countrycode, random_domain, countrycode, SELFSIGEND_KEY, SELFSIGEND_CERT
        ),
        shell=True,
        check=True,
    )
    print(reset)


def clearcmd() -> None:
    version = platform.system()
    if version in ("Linux", "Darwin"):
        subprocess.run("clear")
    elif version == "Windows":
        subprocess.run("cls")


# def websocket_domaincheck(url = args.domain,t = 10) :
#     """
#     when using the domain for WebSocket the status code should be 400
#     else exception will occur.
#     """
#     try:
#         response = urlopen(f'{args.domain}{args.wspath}',timeout= t)

#     except HTTPError as error:
#         response_code = error.code
#         print( blue + 'Domain status : '+ reset + str(response_code))
#         if response_code == 400:
#             return True
#         else:
#             raise URLError(error.reason)


def validate_email(email):
    regex = r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b"
    if re.fullmatch(regex, email):
        pass
    else:
        sys.exit(
            error
            + "ERROR : Invalid Email"
            + reset
            + " Please enter a valid email address"
        )


def install_bbr() -> None:
    subprocess.run(
        "curl https://raw.githubusercontent.com/SonyaCore/across/master/bbr.sh | bash -",
        shell=True,
        check=True,
    )


def openssl_rand(type, byte) -> str:
    return (
        subprocess.check_output("openssl rand -{} {}".format(type, byte), shell=True)
        .decode("utf-8")
        .strip("\n")
    )


def launch_agent():
    clearcmd()
    subprocess_command = "curl -s {url} --output {path} && python3 {path}".format(
        url=AGENT_URL, path=AGENT_PATH
    )
    subprocess.run(subprocess_command, check=True, shell=True)
    os.remove(AGENT_PATH)


# -------------------------------- Global Variables --------------------------------- #

if args.v2ray:
    PROTOCOL = "v2ray"
else:
    PROTOCOL = "xray"

# Certificate location
crtkey = "/etc/{}/{}".format(PROTOCOL, SELFSIGEND_CERT)
hostkey = "/etc/{}/{}".format(PROTOCOL, SELFSIGEND_KEY)

# Outband protocols
outbound_list = ["freedom", "blackhole", "both"]

# link schematic
vmess_scheme = "vmess://"
shadowsocks_scheme = "ss://"

# TROJAN PASSWORD
trojanpassword = None

# Docker Compose Version
DOCKERCOMPOSEVERSION = docker_compose_version()

# Supported XRay Configuration Protocols
supported_typo = [
    "vmessws",
    "vmesswstls",
    "vmesstcp",
    "vmesstcptls",
    "vlesswstls",
    "vlesstcptls",
    "vlesstcpxtls",
    "shadowsockstcp",
    "shadowsockstcptls",
    "trojanwstls",
    "trojantcptls",
    "trojantcpxtls",
]


def protocol_map():
    """
    Map user-entered arguments to supported protocols.
    If unsupported protocols are entered, raise an exception with a list of available protocols,
    prioritizing arguments with more parameters.
    """
    # vmesstcptls
    if all((args.vmess, args.tcp, args.tls)):
        protocol_type = supported_typo[3]
    # trojantcptls
    elif all((args.trojan, args.tcp, args.tls)):
        protocol_type = supported_typo[10]
    # trojantcpxtls
    elif all((args.trojan, args.tcp, args.xtls)):
        protocol_type = supported_typo[11]
    # vlesstcpxtls
    elif all((args.vless, args.tcp, args.xtls)):
        protocol_type = supported_typo[6]
    # vmesstcp
    elif all((args.vmess, args.tcp)):
        protocol_type = supported_typo[2]
    # trojantcptls
    elif all((args.trojan, args.tcp)):
        protocol_type = supported_typo[10]
    # trojantcpxtls
    elif all((args.trojan, args.xtls)):
        protocol_type = supported_typo[11]
    # vlesstcpxtls
    elif all((args.vless, args.xtls)):
        protocol_type = supported_typo[6]
    # vlesstcptls
    elif all((args.vless, args.tcp)):
        protocol_type = supported_typo[5]
    # shadowsockstcptls
    elif all((args.shadowsocks, args.tls)):
        protocol_type = supported_typo[8]
    # vmesswstls
    elif all((args.vmess, args.tls)):
        protocol_type = supported_typo[1]
    # shadowsockstcp
    elif args.shadowsocks:
        protocol_type = supported_typo[7]
    # vmessws
    elif args.vmess:
        protocol_type = supported_typo[0]
    # vlesswstls
    elif args.vless:
        protocol_type = supported_typo[4]
    # trojanwstls
    elif args.trojan:
        protocol_type = supported_typo[9]
    else:
        raise Exception("Unsupported Protocol.\n{}".format(protocols_list()))
    return protocol_type


def protocols_list() -> None:
    print("LIST OF SUPPORTED PROTOCOLS")
    print("Protocols like VLess or Trojan require TLS by default.")
    params = {
        "VMESS WS": "--vmess",
        "VMESS WS TLS": "--vmess --tls",
        "VMESS TCP": "--vmess --tcp",
        "VMESS TCP TLS": "--vmess --tcp --tls",
        "VLESS WS TLS": "--vless",
        "VLESS TCP TLS": "--vless --tcp",
        "VLESS TCP XTLS": "--vless --tcp --xtls",
        "TROJAN WS TLS": "--trojan",
        "TROJAN TCP TLS": "--trojan --tcp",
        "TROJAN TCP XTLS": "--trojan --tcp",
        "ShadowSocks TCP": "--shadowsocks",
        "ShadowSocks TCP TLS": "--shadowsocks --tls",
    }
    for protocols, parameters in params.items():
        print(green + protocols + reset, ":", yellow + parameters + reset)


# -------------------------------- VMess JSON --------------------------------- #


def xray_make():
    """
    Make JSON config which reads --outband for making v2ray vmess config with specific protocol
    https://www.v2ray.com/en/configuration/protocols/v2ray.html
    """
    global proto_name
    # Config Protocol Method
    if proto_type == "vmessws":
        proto_name = "VMESS + WS"

    elif proto_type == "vmesswstls":
        proto_name = "VMESS + WS + TLS"

    elif proto_type == "vmesstcp":
        proto_name = "VMESS + TCP"

    elif proto_type == "vmesstcptls":
        proto_name = "VMESS + TCP + TLS"

    elif proto_type == "vlesswstls":
        proto_name = "VLESS + WS + TLS"

    elif proto_type == "vlesstcptls":
        proto_name = "VLESS + TCP + TLS"

    elif proto_type == "vlesstcpxtls":
        proto_name = "VLESS + TCP + XTLS"

    elif proto_type == "trojanwstls":
        proto_name = "TROJAN + WS + TLS"

    elif proto_type == "trojantcptls":
        proto_name = "TROJAN + TCP + TLS"

    elif proto_type == "trojantcpxtls":
        proto_name = "TROJAN + TCP + XTLS"

    elif proto_type == "shadowsockstcp":
        proto_name = "SHADOWSOCKS + TCP"

    elif proto_type == "shadowsockstcptls":
        proto_name = "SHADOWSOCKS + TCP + TLS"

    if proto_type.startswith("vmess"):
        make_xray("vmess")
    elif proto_type.startswith("vless"):
        make_xray("vless")
    elif proto_type.startswith("trojan"):
        make_xray("trojan")
    elif proto_type.startswith("shadowsocks"):
        make_xray("shadowsocks")

    print(
        "{}! {}{}{}{} Config Generated.{}".format(
            blue, green, proto_name, reset, blue, reset
        )
    )
    if args.vless or args.trojan:
        print(
            "{}! By default TLS is being used for this Protocol{}".format(yellow, reset)
        )


def xray_config(outband, protocol) -> str:
    """
    Xray JSON config file template
    """
    global NETSTREAM

    if args.xtls:
        print(
            "{}! XTLS only supports (TCP,mKCP). Using TCP mode{}".format(yellow, reset)
        )

    if args.tls:
        tls_config = tlssettings()
    elif args.vless:
        tls_config = tlssettings()
    elif args.trojan:
        tls_config = tlssettings()
    else:
        tls_config = notls()

    if args.tcp or args.shadowsocks or args.xtls:
        networkstream = tcp()
        NETSTREAM = "TCP"
    else:
        networkstream = websocket_config(args.wspath)
        NETSTREAM = "WebSocket"

    if args.block or args.blockir:
        routing_config = routing() + ","
        sniffing_config = sniffing() + ","
    else:
        routing_config = ""
        sniffing_config = ""

    if args.tcp or args.shadowsocks or args.xtls:
        # TCP stream settings
        streamsettings = """
        "streamSettings": {
					   
        %s,
        %s,
        "tcpSettings": %s
        }        
        """ % (
            networkstream,
            tls_config,
            args.header,
        )

    else:
        # Normal stream settings
        streamsettings = """
        "streamSettings":{ 
        %s,            
        %s,
        "headersettings": %s 
        }        
        """ % (
            networkstream,
            tls_config,
            args.header,
        )

    data = """{
    %s
    %s,
    %s
  "inbounds": [
    {
        %s
        "port": %s,
        %s,
        %s
    }
  ],
  "outbounds": [
    %s
  ]
}""" % (
        DNS,
        log(),
        routing_config,
        sniffing_config,
        PORT,
        protocol,
        streamsettings,
        outband,
    )

    return json.loads(data)


# -------------------------------- Xray Config --------------------------------- #


def make_xray(protocol):
    """
    make xray config based on selected protocol
    """

    outband_config = outband()
    protocol_config = ""
    if protocol == "vless":
        protocol_config = vless_server_side()
    elif protocol == "vmess":
        protocol_config = vmess_server_side()
    elif protocol == "trojan":
        protocol_config = trojan_server_side()
    elif protocol == "shadowsocks":
        protocol_config = shadowsocks_server_side()

    # Config Protocol Method
    with open(CONFIGNAME, "w") as txt:
        txt.write(
            json.dumps(
                xray_config(outband_config, protocol_config),
                indent=2,
            )
        )
        txt.close


def outband():
    return freedom() + ",\n" + blackhole()


# -------------------------------- JSON Configuration --------------------------------- #


def vmess_server_side():
    """
    vmess server side inbound configuration
    https://xtls.github.io/config/inbounds/vmess.html
    """
    vmess = """
        "protocol": "vmess",
        "allocate": {
          "strategy": "always"
        },
        "settings": {
          "clients": [
            {
              "id": "%s",
              "level": 1,
              "alterId": %s,
              "email": "client@example.com"
            }
          ],
          "disableInsecureEncryption": %s
        }""" % (
        UUID,
        args.alterid,
        args.insecure,
    )
    return vmess


def trojan_server_side():
    """
    vless server side inbound configuration
    https://xtls.github.io/config/inbounds/vless.html
    """
    trojan = """
      "protocol": "trojan",
      "allocate": {
        "strategy": "always"
      },    
      "settings": {
        "clients": [
          {
            "password": "%s",
            "email": "client@example.com"
          }
        ]
        }""" % (
        trojanpassword
    )
    return trojan


def vless_server_side():
    """
    vless server side inbound configuration
    https://xtls.github.io/config/inbounds/vless.html
    """
    vless = """
      "protocol": "vless",
      "settings": {
      "clients": [
        {
          "id": "%s",
          "level": 0,
          "email": "client@example.com"
        }
      ],
      "decryption": "none"
  }""" % (
        UUID
    )
    return vless


def shadowsocks_server_side():
    """
    shadowsocks server side inbound configuration
    https://xtls.github.io/config/outbounds/shadowsocks.html
    """
    shadowsocks = """
        "protocol": "shadowsocks",
        "settings": {
          "method": "%s",
          "password": "%s"
        }""" % (
        args.ssmethod,
        args.sspass,
    )
    return shadowsocks


def block_torrent_manually():
    iptables_cmds = [
        "iptables -A FORWARD -s 10.8.1.0/24 -p tcp --dport 443 -j DROP",
        "iptables -A FORWARD -i tun+ -j ACCEPT",
        'iptables -A INPUT -m string --string "BitTorrent" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "BitTorrent protocol" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "peer_id=" --algo bm -j DROP',
        'iptables -A INPUT -m string --string ".torrent" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "announce.php?passkey=" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "torrent" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "announce" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "info_hash" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "tracker" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "get_peers" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "announce_peer" --algo bm -j DROP',
        'iptables -A INPUT -m string --string "find_node" --algo bm -j DROP',
    ]
    for cmd in iptables_cmds:
        subprocess.run(cmd, shell=True, check=True)


def routing() -> str:
    if args.block:
        return block_adds_bittorent()

    if args.blockir:
        return block_adds_bittorent_ir()


def block_adds_bittorent() -> str:
    """
    routing configuration for block bittorrent and private ip addresses.
    https://guide.v2fly.org/en_US/routing/bittorrent.html#server-side-configuration
    """
    data = """
    "routing": {
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
        "protocol": ["bittorrent"],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "domain": ["geosite:category-ads-all"],
        "outboundTag": "block"
      }
    ]
  }"""
    return data


def block_adds_bittorent_ir() -> str:
    """
    routing configuration for block bittorrent and private ip addresses.
    https://guide.v2fly.org/en_US/routing/bittorrent.html#server-side-configuration
    """

    # ips_file_url = (
    #     "https://raw.githubusercontent.com/SonyaCore/V2RayGen/main/IranIPs.txt"
    # )
    # irips = urlopen(ips_file_url).read().decode("utf-8")

    url = Request("https://cdn-lite.ip2location.com/datasets/IR.json")

    with urlopen(url) as respone:
        data = respone.read()

    dat = json.loads(data)

    path = "/tmp/dump"
    cidrs = []
    for item in dat["data"]:
        start = ipaddress.IPv4Address(item[:2][0])
        end = ipaddress.IPv4Address(item[:2][1])
        cidrs.append(next(ipaddress.summarize_address_range(start, end)))

    for v, datasets in enumerate(cidrs):
        with open(path, "a") as file:
            file.write(str('"') + str(datasets) + str('"'))
            if v != len(cidrs) - 1:
                file.write(str(","))
            file.write("\n")

    irips = open(path, "r").read()
    os.remove(path)

    data = """
    "routing": {
    "domainStrategy": "IPIfNonMatch",
    "domainMatcher": "hybrid",
    "rules": [
      {
        "type": "field",
        "protocol": ["bittorrent"],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "ip": [
            "geoip:private",
			%s
        ],
        "outboundTag": "block"
      },
      {        
        "type": "field",
        "domain": [
            "geosite:category-ads-all",
			"regexp:.ir$",
            "regexp:digikala.com$"
        ],
        "outboundTag": "block"
      }
    ]
  }""" % (
        irips
    )
    return data


def sniffing() -> str:
    """
    sniffing must be turned on for routing option.
    """
    data = """
        "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    """
    return data


def tlssettings() -> str:
    """
    tls security settings for protocols with tls
    """
    if args.xtls:
        server_security = "xtls"
        tls_server_type = "xtlsSettings"
    else:
        server_security = "tls"
        tls_server_type = "tlsSettings"

    tls = """
    "security": "%s",    
    "%s": {
          "alpn": ["http/1.1"],
          "certificates": [
            {
              "certificateFile": "%s",
              "keyFile": "%s"
            }
          ]
        }""" % (
        server_security,
        tls_server_type,
        crtkey,
        hostkey,
    )
    return tls


def notls() -> str:
    """
    no tls for protocols without tls
    """
    notls = """
    "security": "none"
    """
    return notls


def websocket_config(path) -> str:
    """
    WebSocket stream setting template for JSON.
    by default, WebSocket is used for transporting data.
    Websocket connections can be proxied by HTTP servers such as Nginx.
    https://www.v2ray.com/en/configuration/transport/websocket.html
    """
    if not path:
        path = "/graphql"

    websocket = """
          "network": "ws",
          "wsSettings": {
            "connectionReuse": true,
            "path": "%s"
          } 
    """ % (
        path
    )
    return websocket


# def http() -> str:
#     """
#     Http Network setting template for JSON.
#     """
#     http = """
#         "network": "http"
#         """
#     return http


def tcp() -> str:
    """
    Http Network setting template for JSON.
    """
    tcp = """
        "network": "tcp"
         """
    return tcp


def freedom() -> str:
    """
    Freedom protocol template JSON config.
    adding freedom outbound to json config
    It passes all TCP or UDP connection to their destinations.
    This outbound is used when you want to send traffic to its real destination.
    it can be used as a single outbound connection witch default --vmess arg uses.
    https://www.v2ray.com/en/configuration/protocols/freedom.html
    """

    freedom = """ {
      "protocol": "freedom",
      "settings": {}
    }"""

    return freedom


def blackhole() -> str:
    """
    Blackhole protocol template JSON config.
    with this fucntion blackhole outbound will be added in json
    it can be combined with freedom or as a single outbound connection
    https://www.v2ray.com/en/configuration/protocols/blackhole.html
    """

    blackhole = """ {
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      },
      "tag": "block"
    }"""
    return blackhole


def headersettings(direction) -> str:
    """
    default tcp setting header for json configuration.
    for using custom configuration use ( --header file.json ) option to configure your own header
    """

    request = """ 
    "request": {
        "version": "1.1",
        "method": "GET",
        "headers": {
          "Host": [
            "www.google.com", 
            "www.bing.com",
            "www.msn.com",
            "www.yahoo.com",
            "www.hotmail.com",
            "outlook.live.com",
            "www.microsoft.com",
            "mail.google.com",
            "www.proton.me"
          ],
          "User-Agent": [
            "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
            "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46",
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"            
          ],
          "Accept-Encoding": [
                "gzip, deflate",
                "compress, deflate",
                "gzip, compress",
                "identity, deflate",
                "compress, identity",
                "gzip, identity"
            ],
          "Connection": ["keep-alive"],
          "Pragma": "no-cache"
        }
      }
        """

    response = """ 
    "request": {
        "version": "1.1",
        "status": "200",
        "reason": "OK",
        "headers": {
            "Content-Type": [
                "application/pdf",
                "application/xhtml+xml",
                "application/x-shockwave-flash",
                "application/json",
                "application/ld+json",
                "application/xml",
                "application/zip",
                "application/x-www-form-urlencoded",
                "image/gif",
                "image/jpeg",
                "image/png",
                "image/tiff",
                "image/vnd.microsoft.icon",
                "image/x-icon",
                "image/vnd.djvu",
                "image/svg+xml",
                "multipart/mixed",
                "multipart/alternative",
                "multipart/related",
                "multipart/form-data",
                "text/css",
                "text/csv",
                "text/html",
                "text/plain",
                "text/xml"
            ],
            "Transfer-Encoding": ["chunked"],
            "Connection": ["keep-alive"],
            "Pragma": "no-cache"
        }
      }
        """

    header = """
    {
        "header": {
              "type": "http",
              %s
            }
    }
    """ % (
        response if direction == "in" else request
    )

    return header


def log():
    log = """
    "log": {
    "loglevel": "%s"
  }""" % (
        LOG
    )
    return log


def loglevel():
    """
    loglevel are for changing Server-side loglevel
    https://guide.v2fly.org/en_US/basics/log.html#server-side-configuration
    """
    global LOG

    # list of loglevels
    loglevel = ["debug", "info", "warning", "error", "none"]
    loglevel_messages = [
        'Information for developers. All "Info" included.',
        'Running stats of XRay，no effect for the functions. All "Warning" included.',
        "usually some external problem that does not affect V2Ray but possibly the user experience.",
        "XRay encountered a problem that needs to be resolved immediately.",
        "Nothing will be printed.",
    ]
    cmd = args.loglevel.lower()

    # checking loglevel argument
    if cmd == "debug":
        LOG = loglevel[0]
    if cmd == "info":
        LOG = loglevel[1]
    if cmd == "warning":
        LOG = loglevel[2]
    if cmd == "error":
        LOG = loglevel[3]
    if cmd == "none":
        LOG = loglevel[4]

    # printing list of log levels if user input is not in loglevels
    if cmd not in loglevel:
        print("list of loglevels :")
        for levels in range(len(loglevel)):
            print(green + loglevel[levels] + " : " + loglevel_messages[levels] + reset)
        sys.exit()


def client_security():
    """
    client_security are for changing Client-side Security method
    https://www.v2ray.com/en/configuration/protocols/v2ray.html#userobject
    """
    global SECURITY

    # list of loglevels
    security_methods = ["aes-128-gcm", "chacha20-poly1305", "auto", "none", "zero"]

    cmd = args.security.lower()

    # checking loglevel argument
    if cmd == "aes-128-gcm":
        SECURITY = security_methods[0]
    if cmd == "chacha20-poly1305":
        SECURITY = security_methods[1]
    if cmd == "auto":
        SECURITY = security_methods[2]
    if cmd == "none":
        SECURITY = security_methods[3]
    if cmd == "zero":
        SECURITY = security_methods[4]

    # printing list of security methods if user input is not in security_methods var.
    if cmd not in security_methods:
        print("list of security methods :")
        for methods in range(len(security_methods)):
            print(green + security_methods[methods] + reset)
        sys.exit()


# -------------------------------- Client Side Configuration --------------------------------- #


def client_side_configuration(protocol):
    """
    client side configuration for generating client side json configuration.
    it can be used as configuration file for xray-core.
    """
    vmess_client = """
        "protocol": "vmess",
        "settings": {
            "vnext": [
            {
                "address": "%s",
                "port": %s,
                "users": [
                {
                    "alterId": %s,
                    "id": "%s",
                    "security": "%s"
                }
                ]
            }
            ]
        }""" % (
        ServerIP,
        PORT,
        args.alterid,
        UUID,
        SECURITY,
    )

    vless_clinet = """
        "protocol": "vless",
        "settings": {
        "vnext": [
        {
            "address": "%s",
            "port": %s,
            "users": [
            {
                "encryption": "none",
                "id": "%s"
            }
            ]
        }
        ]
    }""" % (
        ServerIP,
        PORT,
        UUID,
    )

    trojan_client = """
        "protocol": "trojan",
        "settings": {
        "servers": [
            {
                "address": "%s",
                "port": %s,
                "password": "%s"
                }
            ]
        }
    """ % (
        ServerIP,
        PORT,
        trojanpassword,
    )

    shadowsocks_clinet = """
        "protocol": "shadowsocks",
        "settings": {
        "servers": [
          {
            "address": "%s",
            "port": %s,
            "method": "%s",
            "password": "%s"
          }
        ]
    }""" % (
        ServerIP,
        PORT,
        args.ssmethod,
        args.sspass,
    )

    # client protocol settings based on protocol argument
    if protocol == "VMESS":
        setting = vmess_client
    elif protocol == "VLESS":
        setting = vless_clinet
    elif protocol == "TROJAN":
        setting = trojan_client
    elif protocol == "SHADOWSOCKS":
        setting = shadowsocks_clinet

    inbounds = """
        "inbounds": [
        {
            "tag": "socks-in",
            "port": %s,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "auth": "noauth",
                "udp": true
            }       
        },
        {
            "tag": "http-in",
            "port": %s,
            "listen": "127.0.0.1",       
            "protocol": "http",
            "settings": {
                "auth": "noauth",
                "udp": true
            }
        }
    ]""" % (
        SOCKSPORT,
        HTTPPORT,
    )

    if args.xtls:
        tls_client_type = "xtlsSettings"
        security = "xtls"
    else:
        tls_client_type = "tlsSettings"
        security = "tls"

    tls_client = """
        "security": "%s",
        "%s": {
          "allowInsecure": true,
          "alpn": [
            "http/1.1"
          ],
          "fingerprint": ""
        }
        """ % (
        security,
        tls_client_type,
    )

    if args.tcp or args.shadowsocks or args.xtls:
        network = "tcp"
    else:
        network = "websocket"

    wsSettings = """
        "wsSettings": { "path": "%s" }
        """ % (
        args.wspath
    )

    streamsettings_client = """
        "streamSettings": {
        "network": "%s",
        %s
        %s
        %s
      },
      "tag": "proxy"
    """ % (
        network,
        tls_client if proto_type.__contains__("tls") else notls(),
        ',"tcpSettings":' + headersettings("out")
        if proto_type.__contains__("tcp")
        else "",
        "," + wsSettings if not args.tcp and not args.shadowsocks else "",
    )

    outbands_client = """
    { "protocol": "freedom", "tag": "direct" },
    { "protocol": "freedom", "tag": "bypass" },
    { "protocol": "blackhole", "tag": "block" }
    """

    #    policy = """
    #    "policy": {
    #    "levels": { "1": { "connIdle": 30 } },
    #    "system": { "statsOutboundDownlink": true, "statsOutboundUplink": true }
    #  }"""

    outbands = """
    "outbounds": [
    {
      %s,
      %s,
      "mux": {
        "enabled": false,
        "concurrency": -1
      }
    },
    %s    
  ]
    """ % (
        setting,
        streamsettings_client,
        outbands_client,
    )

    #   {
    #     "protocol": "dns",
    #     "proxySettings": { "tag": "proxy", "transportLayer": true },
    #     "settings": {
    #       "address": "8.8.8.8",
    #       "network": "tcp",
    #       "port": 53,
    #       "userLevel": 1
    #     },
    #     "tag": "dns-out"
    #   }

    client_configuration = """
    {
        "log": { "loglevel": "%s" },
        %s,        
        %s
    }
    """ % (
        LOG,
        inbounds,
        outbands,
    )

    jsondata = json.loads(client_configuration)
    client_configuration_name = "client-{}-{}.json".format(
        proto_name.replace(" + ", "-"), args.linkname
    )
    with open(client_configuration_name, "w") as wb:
        wb.write(json.dumps(jsondata, indent=2))
        wb.close

    print("")
    filename = green + client_configuration_name + reset
    print(
        blue
        + "! Client-side {} Config Generated.".format(proto_name.replace(" + ", "-")),
        reset,
    )
    print(
        "{}! Use {}{} for using proxy with xray-core directly.{}".format(
            blue, filename, blue, reset
        )
    )
    print(
        blue
        + "! Or use below one-line compact json Client-Side and import it directly in your client:",
        reset,
    )
    print(
        green + json.dumps(jsondata, separators=(",", ":")),
        reset,
    )
    print("")
    print("")


# -------------------------------- Config Creation --------------------------------- #


def xray_create(protocol):
    dnsselect()

    # Making xray / v2ray configuration file
    xray_make()
    sys.exit(1) if args.config else ""

    if args.tls or args.vless or args.trojan:
        create_key()
        time.sleep(0.5)

    if args.tls or args.vless or args.trojan:
        print(
            yellow
            + "! Using self-signed key\
        \n! Make sure to add Allow Insecure to your client."
            + reset
        )

    if args.tcp:
        print(
            yellow
            + "! For using TCP in your gui client set header to 'http' and 'path' to '/' "
        )

    # Creating docker-compose file
    xray_dockercompose()

    # Running docker-compose on Server
    run_docker()

    # Printing Information
    serverside_info_raw()

    # Generate encoded link & client-side configuration
    if protocol == "VMESS":
        vmess_link = vmess_link_generator(
            args.alterid, UUID, net, path, PORT, args.linkname, TLSTYPE, header
        )
        print(vmess_link)

        if args.qrcode:
            print(yellow + "! QRCode :" + reset)
            print(qrcode(vmess_link))

        if protocol == "VMESS":
            client_side_configuration("VMESS")

    elif protocol == "VLESS":
        vless_link = vless_link_generator(UUID, PORT, net, path, TLSTYPE, args.linkname)
        print(vless_link)

        if args.qrcode:
            print(yellow + "! QRCode :" + reset)
            print(qrcode(vless_link))
        client_side_configuration("VLESS")

    elif protocol == "TROJAN":
        trojan_link = trojan_link_generator(
            trojanpassword, PORT, TLSTYPE, net, path, args.linkname
        )
        print(trojan_link)

        if args.qrcode:
            print(yellow + "! QRCode :" + reset)
            print(qrcode(trojan_link))
        client_side_configuration("TROJAN")

    elif protocol == "SHADOWSOCKS":
        shadowsocks_link = shadowsocks_link_generator()
        print(shadowsocks_link)

        if args.qrcode:
            print(yellow + "! QRCode :" + reset)
        client_side_configuration("SHADOWSOCKS")

    # Generate NGINX Template
    country() if protocol == "VMESS" else None


# -------------------------------- Parse URL --------------------------------- #


def parseLink(link):
    if link.startswith(vmess_scheme):
        print(parse_VMess(link))
    elif link.startswith(shadowsocks_scheme):
        print(parse_ShadowSocks(link))
    else:
        links = vmess_scheme, shadowsocks_scheme
        print(
            "{}ERROR:{} --parse arg supports only {} {} {} links".format(
                error, reset, green, links, reset
            )
        )
        sys.exit(1)


def parse_ShadowSocks(sslink):
    """
    Parse Shadowsocks encoded link into a dictionary list.
    """
    SHADOWSS = {
        "v": "2",
        "ps": "",
        "add": "",
        "port": "",
        "id": "",
        "aid": "",
        "net": "shadowsocks",
        "type": "",
        "host": "",
        "path": "",
        "tls": "",
    }
    try:
        if sslink.startswith(shadowsocks_scheme):
            info = sslink[len(shadowsocks_scheme) :]

            if info.rfind("#") > 0:
                info, ps = info.split("#", 2)
                SHADOWSS["ps"] = unquote(ps)

            if info.find("@") < 0:
                blen = len(info)
                if blen % 4 > 0:
                    info += "=" * (4 - blen % 4)

                info = base64.b64decode(info).decode()

                atidx = info.rfind("@")
                method, password = info[:atidx].split(":", 2)
                addr, port = info[atidx + 1 :].split(":", 2)
            else:
                atidx = info.rfind("@")
                addr, port = info[atidx + 1 :].split(":", 2)

                info = info[:atidx]
                blen = len(info)
                if blen % 4 > 0:
                    info += "=" * (4 - blen % 4)

                info = base64.b64decode(info).decode()
                method, password = info.split(":", 2)

            SHADOWSS["add"] = addr
            SHADOWSS["port"] = port
            SHADOWSS["aid"] = method
            SHADOWSS["id"] = password
            return yellow + str(SHADOWSS) + reset
    except ValueError as err:
        sys.exit(error + "Invalid ShadowSocks Link : " + reset + str(err))


def parse_VMess(vmesslink):
    """
    Parse VMess encoded link into a dictionary list.
    """
    try:
        if vmesslink.startswith(vmess_scheme):
            link = vmesslink[len(vmess_scheme) :]
            bytelen = len(link)
            if bytelen % 4 > 0:
                link += "=" * (4 - bytelen % 4)

            vms = base64.b64decode(link).decode()

            return yellow + str(json.loads(vms)) + reset
        else:
            raise Exception("vmess link invalid")
    except json.decoder.JSONDecodeError as err:
        sys.exit(error + "Invalid VMess link : " + reset + str(err))
    except Error as err:
        sys.exit(error + "Invalid Format : " + reset + str(err))


# -------------------------------- Docker --------------------------------- #


def xray_dockercompose():
    """
    Create docker-compose file for xray-core.
    in this docker-compose xray-core is being used for running xray in the container.
    https://hub.docker.com/r/teddysun/xray
    """
    if args.v2ray:
        type = "v2ray"
    else:
        type = "xray"

    docker_crtkey = "- ./{}:/etc/{}/{}:ro".format(
        SELFSIGEND_CERT, type, SELFSIGEND_CERT
    )
    docker_hostkey = "- ./{}:/etc/{}/{}:ro".format(SELFSIGEND_KEY, type, SELFSIGEND_KEY)

    if args.v2ray:
        data = """version: '3'
services:
  v2ray:
    image: v2fly/v2fly-core
    restart: always
    network_mode: host
    environment:
      - V2RAY_VMESS_AEAD_FORCED=false
    entrypoint: ["v2ray", "run", "-c", "/etc/v2ray/config.json"]
    volumes:
        - ./%s:/etc/v2ray/config.json:ro
        %s
        %s""" % (
            CONFIGNAME,
            docker_crtkey if proto_type.__contains__("tls") or args.tls else "",
            docker_hostkey if proto_type.__contains__("tls") or args.tls else "",
        )
    else:
        data = """version: '3'
services:
  xray:
    image: teddysun/xray
    restart: always
    network_mode: host
    environment:
      - V2RAY_VMESS_AEAD_FORCED=false
    entrypoint: ["/usr/bin/xray", "-config", "/etc/xray/config.json"]
    volumes:
        - ./%s:/etc/xray/config.json:ro
        %s
        %s""" % (
            CONFIGNAME,
            docker_crtkey if proto_type.__contains__("tls") or args.tls else "",
            docker_hostkey if proto_type.__contains__("tls") or args.tls else "",
        )

    print(
        yellow
        + "! Created {}-core {} configuration".format(type, DOCKERCOMPOSE)
        + reset
    )
    with open(DOCKERCOMPOSE, "w") as txt:
        txt.write(data)
        txt.close()


def run_docker():
    """
    Start xray docker-compose.
    at first, it will check if docker exists and then check if docker-compose exists
    if docker is not in the path it will install docker with the official script.
    then it checks the docker-compose path if the condition is True docker-compose.yml will be used for running xray.
    """
    try:
        # Check if docker exist
        if os.path.exists("/usr/bin/docker") or os.path.exists("/usr/local/bin/docker"):
            pass
        else:
            # Install docker if docker are not installed
            try:
                print(yellow + "Docker Not Found.\nInstalling Docker ...")
                subprocess.run(
                    "curl https://get.docker.com | sh", shell=True, check=True
                )
            except subprocess.CalledProcessError:
                sys.exit(error + "Download Failed !" + reset)

        # Check if Docker Service are Enabled
        systemctl = subprocess.call(["systemctl", "is-active", "--quiet", "docker"])
        if systemctl == 0:
            pass
        else:
            subprocess.call(["systemctl", "enable", "--now", "--quiet", "docker"])

        time.sleep(2)

        # Check if docker-compose exist
        if os.path.exists("/usr/bin/docker-compose") or os.path.exists(
            "/usr/local/bin/docker-compose"
        ):
            subprocess.run(
                "docker-compose -f {} up -d".format(DOCKERCOMPOSE),
                shell=True,
                check=True,
            )
            reset_docker_compose()
        else:
            print(
                yellow
                + "docker-compose Not Found.\nInstalling docker-compose {} ...".format(
                    DOCKERCOMPOSEVERSION
                )
            )
            subprocess.run(
                "curl -SL https://github.com/docker/compose/releases/download/{}/docker-compose-linux-x86_64 \
        -o /usr/local/bin/docker-compose".format(
                    DOCKERCOMPOSEVERSION
                ),
                shell=True,
                check=True,
            )
            subprocess.run(
                "chmod +x /usr/local/bin/docker-compose", shell=True, check=True
            )
            subprocess.run(
                "ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose",
                shell=True,
                check=True,
            )

            subprocess.run(
                "docker-compose -f {} up -d".format(DOCKERCOMPOSE),
                shell=True,
                check=True,
            )
    except subprocess.CalledProcessError as e:
        sys.exit(error + str(e) + reset)
    except PermissionError:
        sys.exit(error + "ًroot privileges required" + reset)


def reset_docker_compose():
    subprocess.run("docker-compose restart", shell=True, check=True)


# ------------------------------ Firewall ------------------------------- #


def firewall_config():
    """
    add configuration port to firewall.
    by default, it checks if the ufw or firewalld exists and adds the rule to the firewall
    else iptables firewall rule will be added
    """
    try:
        if os.path.exists("/usr/sbin/ufw"):
            service = "ufw"
            subprocess.run("ufw allow {}".format(PORT), check=True, shell=True)
        elif os.path.exists("/usr/sbin/firewalld"):
            service = "firewalld"
            subprocess.run(
                "firewall-cmd --permanent --add-port={}/tcp".format(PORT),
                shell=True,
                check=True,
            )
        else:
            service = "iptables"
            subprocess.run(
                "iptables -t filter -A INPUT -p tcp --dport {} -j ACCEPT".format(PORT),
                shell=True,
                check=True,
            )
            subprocess.run(
                "iptables -t filter -A OUTPUT -p tcp --dport {} -j ACCEPT".format(PORT),
                shell=True,
                check=True,
            )
        print(green + "Added " + str(PORT) + " " + "to " + service + reset)
    except subprocess.CalledProcessError as e:
        sys.exit(error + str(e) + reset)


# ------------------------------ Configuration Info ------------------------------- #


def serverside_info_raw() -> str:
    """
    show generated configuration info
    """
    if args.trojan:
        method = "PASSWORD"
        value = trojanpassword
    else:
        method = "UUID"
        value = UUID

    print("")
    print("SERVER SIDE Information : ")
    print("IP: " + blue + str((ServerIP)) + reset)
    print("ID: " + blue + str(args.alterid) + reset)
    print("LOGLEVEL: " + blue + str(LOG) + reset)
    print("{}: ".format(method) + blue + str(value) + reset)
    print("STREAM : " + blue + str(NETSTREAM) + reset)

    if NETSTREAM == "WebSocket":
        print("WSPATH: " + blue + str(args.wspath) + reset)

    print("PORT: " + blue + str(PORT) + reset)
    print("SECURITY: " + blue + str(TLSTYPE) + reset)
    print("LINKNAME: " + blue + str(args.linkname) + reset)

    if args.csocks or args.chttp:
        print("")
        print("CLIENT SIDE Information : ")
        print("SECURITY : " + blue + str(SECURITY) + reset)
        print("HTTP PORT : " + blue + str(HTTPPORT) + reset)
        print("SOCKS PORT : " + blue + str(SOCKSPORT) + reset)


def read_serverside_configuration(config):
    """
    parse server-side configuration file
    https://www.v2ray.com/en/configuration/overview.html
    """
    global ID, AlterId, net, path, configport, securitymethod, protocol

    with open(config, "r") as configfile:
        data = json.loads(configfile.read())

    try:
        # essential info that must be in the json configuration file
        ID = data["inbounds"][0]["settings"]["clients"][0]["id"]
        protocol = data["inbounds"][0]["protocol"]
        configport = data["inbounds"][0]["port"]
        try:
            if data["inbounds"][0]["streamSettings"]["network"] == "tcp":
                securitymethod = data["inbounds"][0]["streamSettings"]["security"]
            else:
                securitymethod = data["inbounds"][0]["security"]
        except KeyError:
            securitymethod = "none"
            pass

        print(yellow + "Inbounds Info:" + reset)
        try:
            configloglevel = data["log"]["loglevel"]
            print(blue + "Loglevel : " + reset + str(configloglevel))
        except KeyError:
            pass

        print(blue + "PROTOCOL : " + reset + str(protocol))
        print(blue + "PORT : " + reset + str(configport))
        print("")
        print(yellow + "Client Info:" + reset)
        print(blue + "ID : " + reset + str(ID))

        try:
            clientlevel = data["inbounds"][0]["settings"]["clients"][0]["level"]
            print(blue + "Level : " + reset + str(clientlevel))
        except KeyError:
            pass

        try:
            AlterId = data["inbounds"][0]["settings"]["clients"][0]["alterId"]
            if AlterId != None:
                print(blue + "alterId : " + reset + str(AlterId))
            else:
                pass
        except KeyError:
            AlterId = 0
            pass

        print("")
        print(yellow + "Stream Settings:" + reset)
        try:
            net = data["inbounds"][0]["streamSettings"]["network"]
            print(blue + "Network : " + reset + str(net))
        except KeyError:
            net = ""
            pass

        try:
            if data["inbounds"][0]["streamSettings"]["network"] == "ws":
                try:
                    path = data["inbounds"][0]["streamSettings"]["wsSettings"]["path"]
                    print(blue + "WebSocket Path : " + reset + str(path))
                except KeyError:
                    path = ""
                    pass
        except KeyError:
            pass

        print(blue + "Security : " + reset + str(securitymethod))

        try:
            outbands = []
            for each in data["outbounds"]:
                outbands.append(each["protocol"])
            print(blue + "OutBounds : " + reset + str(outbands))
        except KeyError:
            outbands = None
            pass

        print(blue + "Link : " + reset + str(link_serverside_configuration()))
        print(blue + "QRCode : \n" + reset + qrcode(link_serverside_configuration()))

    except KeyError as e:
        sys.exit(error + "ERROR: " + str(e) + " not found in {}!".format(config))


def link_serverside_configuration():
    """
    generate link with server-side configuration file.
    """

    if protocol == "vmess":
        return vmess_link_generator(
            AlterId, ID, net, path, configport, linkname, securitymethod, header
        )
    elif protocol == "vless":
        return vless_link_generator(ID, configport, net, path, securitymethod, linkname)


# ------------------------------ VMess Link Gen ------------------------------- #


def vmess_link_generator(aid, id, net, path, port, ps, tls, header) -> str:
    """
    Generate vmess link.
    vmess link is being used for importing v2ray config in clients.
    vmess links are encoded with base64.
    """

    if not args.parseconfig:
        print("")
        print(yellow + "! Use below link for your xray or v2ray client" + reset)

    prelink = "vmess://"
    raw_link = bytes(
        "{"
        + """"add":"{}",\
"aid":"{}",\
"host":"",\
"id":"{}",\
"net":"{}",\
"path":"{}",\
"port":"{}",\
"ps":"{}",\
"tls":"{}",\
"type":"{}",\
"v":"2" """.format(
            ServerIP, aid, id, net, path, port, ps, tls, header
        )
        + "}",
        encoding="ascii",
    )

    link = base64.b64encode(raw_link)  # encode raw link

    vmess_link = prelink + str(link.decode("utf-8"))  # concatenate prelink with rawlink

    return vmess_link


# ------------------------------ VLess Link Gen ------------------------------- #


def vless_link_generator(id, port, net, path, security, name) -> str:
    """
    generate vless link with below format:
    vless://id@IP:PORT?path&security&encryption&type#linkname
    """
    if not args.parseconfig:
        print("")
        print(yellow + "! Use below link for your xray or v2ray client" + reset)

    prelink = "vless://"
    raw_link = "{}@{}:{}?path={}&security={}&encryption=none&type={}#{}".format(
        id, ServerIP, port, path, security, net, name
    )

    vless_link = prelink + raw_link

    return vless_link


# ------------------------------ Trojan Link Gen ------------------------------- #


def trojan_link_generator(password, port, security, type, path, name) -> str:
    """
    generate trojan link with below format:
    trojan://password@ip:port?allowInsecure=insecure&security=&type=networkstream#linkname
    """
    if not args.parseconfig:
        print("")
        print(yellow + "! Use below link for your xray or v2ray client" + reset)

    prelink = "trojan://"
    raw_link = "{}@{}:{}?allowInsecure={}&security={}&type={}&path={}#{}".format(
        password, ServerIP, port, 1, security, type, path, name
    )

    trojan_link = prelink + raw_link

    return trojan_link


# ------------------------------ ShadowSocks Link Gen ------------------------------- #


def shadowsocks_link_generator() -> str:
    """
    Generate ShadowSocks link.
    Shadowsocks link is being used for importing shadowsocks config in clients.
    ShadowSocks links are also encoded with base64.
    Visit https://github.com/shadowsocks/shadowsocks-org/wiki/SIP002-URI-Scheme for SS URI Scheme.
    """

    prelink = "ss://"
    print("")
    print(yellow + "! Use below link for your ShadowSocks client" + reset)

    raw_link = bytes(
        "{}:{}@{}:{}".format(args.ssmethod, args.sspass, ServerIP, PORT),
        encoding="ascii",
    )

    link = base64.b64encode(raw_link)  # encode raw link

    shadowsocks_link = prelink + str(
        link.decode("utf-8")
    )  # concatenate prelink with rawlink

    return shadowsocks_link


# ------------------------------ QRCode Gen ------------------------------- #


def qrcode(data, width=76, height=76) -> str:
    qrcode = Request(
        "https://qrcode.show/{}".format(data),
        headers={
            "User-Agent": "Mozilla/5.0",
            "Accept": "application/octet-stream",
            "X-QR-Version-Type": "micro",
            "X-QR-Quiet-Zone": "true",
            "X-QR-Min-Width": width,
            "X-QR-Min-Height": height,
        },
    )

    with urlopen(qrcode) as response:
        return response.read().decode()


# ------------------------------ Nginx Template ------------------------------- #


def nginx():
    """
    nginx template for forwarding v2ray service with nginx
    """

    #     if args.header :
    #         nginx = """http {
    #     map $http_upgrade $connection_upgrade {
    #         default upgrade;
    #         '' close;
    #     }

    #     upstream websocket {
    #         server %s:%s;
    #     }

    #     server {
    #         listen 1080;
    #         location %s {
    #         proxy_pass http://websocket;
    #         proxy_http_version 1.1;
    #         proxy_set_header Upgrade $http_upgrade;
    #         proxy_set_header Connection $connection_upgrade;
    #         proxy_set_header Host $host;
    #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #         proxy_set_header X-Real-IP $remote_addr;

    #         }
    #     }
    # }"""%(ServerIP,PORT,args.wspath)

    nginx = """stream {
    upstream external {
        server %s:%s;  }
    server {
        listen     1080;
        proxy_pass external ; }  }""" % (
        ServerIP,
        PORT,
    )

    return nginx


# ----------------------------- argparse Conditions ----------------------------- #


def shadowsocks_check():
    # Below methods are the recommended choice.
    # Other stream ciphers are implemented but do not provide integrity and authenticity.

    methodlist = [
        "2022-blake3-chacha20-poly1305",
        "2022-blake3-aes-256-gcm",
        "2022-blake3-aes-128-gcm",
        "xchacha20-ietf-poly1305",
        "aes-256-gcm",
        "aes-128-gcm",
        "chacha20-ietf-poly1305",
    ]
    xraymethod = methodlist[0:4]
    v2raymethod = methodlist[4:]

    if args.ssmethod not in methodlist:
        print("Select one method :")
        print("{}XRay Ciphers :{}".format(yellow, reset))

        for xmethods in range(len(xraymethod)):
            print(green + xraymethod[xmethods] + reset)

        print("{}V2ray Ciphers : {}".format(yellow, reset))
        for vmethods in range(len(v2raymethod)):
            print(green + v2raymethod[vmethods] + reset)
        sys.exit(2)

    elif args.ssmethod in (methodlist[0:2], methodlist[-1]):
        print(
            "{}{} are only useable in xray-core{}".format(yellow, args.ssmethod, reset)
        )


# def outbounds_check():
#     if args.outbound not in protocol_list:  # list of outband protocols
#         print(yellow + "! Use --outband to set method" + reset),
#         print("List of outband methods :")
#         for protocol in range(len(protocol_list)):
#             protocol_list[2] = "both : freedom + blackhole"
#             print(green + protocol_list[protocol] + reset)
#         sys.exit(2)


def dns_check():
    if args.dns not in dnslist:  # list of DNS
        print("List of Avalible DNS :")
        for dnsnames in range(len(dnslist)):
            dnslist[2] = "both : google + cloudflare"
            print(green + dnslist[dnsnames] + reset)
        sys.exit(2)


# ------------------------------ Error Messages ------------------------------- #


def base_error(err):
    return sys.exit(error + "ERROR : " + reset + str(err))


# ----------------------------- argparse Actions ----------------------------- #

if __name__ == "__main__":
    python_version()

    if len(sys.argv) <= 1:
        parser.print_help()
        sys.exit(1)
    else:
        banner()

    # Collect Server IP
    try:
        if not args.parse:
            ServerIP = ip()
    except RemoteDisconnected as e:
        sys.exit(error + "ERROR : " + reset + str(e))
    except URLError as e:
        sys.exit(error + "ERROR : " + reset + str(e))

    user_permission()

    if args.protocols:
        protocols_list()
        sys.exit(1)

    if args.agent:
        clearcmd()
        launch_agent()

    # install bbr
    if args.bbr:
        install_bbr()

    if args.parse:
        parseLink(args.parse)

    if args.alterid > 64:
        sys.exit(error + "ERROR : " + reset + "alterid can't be more than 64")

    # set log to 'error' by default
    if args.loglevel == None:
        LOG = "error"
    else:
        loglevel()

    # set security to 'auto' by default
    if args.security == None:
        SECURITY = "auto"
    else:
        client_security()

    # call DNS func
    if args.dns:
        dnsselect()
        dns_check()

        DNS_SERVERS = {
            "both": dnsserver[0],
            "google": dnsserver[1],
            "cloudflare": dnsserver[2],
            "opendns": dnsserver[3],
            "quad9": dnsserver[4],
            "adguard": dnsserver[5],
            "nodns": NODNS,
        }
        DNS = DNS_SERVERS.get(args.dns, dnsserver[0])

    # Set To NODNS
    else:
        DNS = ""

    if args.csocks:
        SOCKSPORT = args.csocks
    if args.chttp:
        HTTPPORT = args.chttp

    # JSON custom template load
    if args.header:
        with open(args.header.name, "r") as setting:
            stream = setting.read()
            args.header = stream
    else:
        args.header = headersettings("in")

    # Insecure option
    if args.insecure == True:
        args.insecure = "true"
    if args.insecure == False:
        args.insecure = "false"

    if args.tls and args.xtls:
        sys.exit("{}ERROR : Can't use xtls and tls togheter.{}".format(error, reset))

    # Port Settings :
    if args.port == None and args.vless == True or args.tls == True:
        PORT = 443

    if args.port == None:
        pass
    else:
        PORT = args.port

    # Custom uuid
    if args.uuid == None:
        args.uuid = UUID
    else:
        UUID = args.uuid

    if args.tpass == None:
        trojanpassword = get_random_charaters(32)
    else:
        trojanpassword = args.tpass

    # # Check WebSocket Domain Status Code
    # if args.domain :
    #     websocket_domaincheck()
    #     print(green + 'Domain ٰValid!' + reset)
    #     ServerIP = f"{args.domain}"

    # ShadowSocks Method
    if args.ssmethod == None:
        args.ssmethod = "2022-blake3-chacha20-poly1305"

    # ShadowSocks Password
    if args.sspass == None and args.ssmethod == "2022-blake3-aes-128-gcm":
        args.sspass = openssl_rand("base64", 16)

    if args.sspass == None:
        args.sspass = openssl_rand("base64", 32)

    # link security method
    if args.tls:
        TLSTYPE = "tls"

    elif args.xtls:
        TLSTYPE = "xtls"

    elif args.vless or args.trojan:
        TLSTYPE = "tls"

    if args.tcp:
        net = "tcp"
        path = "/"
        header = "http"

    elif args.trojan and args.xtls:
        net = "tcp"
        path = "/"
        header = "http"

    else:
        net = "ws"
        path = args.wspath
        header = "none"

    if args.v2ray:
        linkname = "v2ray"
    else:
        linkname = "xray"

    if args.linkname == None:
        args.linkname = linkname

    proto_type = protocol_map()

    if args.vmess and args.xtls:
        sys.exit("{}! XTLS doesn't supports VMess for now.{}".format(error, reset))

    # Quick VMess Setup
    if all((args.vmess, args.tls)):
        xray_create("VMESS")
    elif args.vmess:
        xray_create("VMESS")
    # Quick Vless Setup
    elif args.vless:
        xray_create("VLESS")
    # Quick Trojan Setup
    elif args.trojan:
        xray_create("TROJAN")
    # Quick ShadowSocks Setup
    elif args.shadowsocks:
        shadowsocks_check()
        xray_create("SHADOWSOCKS")

    # Make docker-compose for VMess
    if args.dockerfile:
        xray_dockercompose()

    # Run docker-compose
    if args.dockerup:
        run_docker()

    # add firewall rules
    if args.firewall:
        firewall_config()

    # block torrent manually
    if args.block or args.blockir:
        block_torrent_manually()

    # parse configuration file
    try:
        if args.parseconfig:
            read_serverside_configuration(args.parseconfig.name)
    except json.decoder.JSONDecodeError as e:
        sys.exit(error + "ERROR: " + reset + str(e))