Skip to content

feat(wireguard): manage WireGuard peers via Xray's inbound UserManager#64

Open
bitwiresys wants to merge 1 commit into
PasarGuard:devfrom
bitwiresys:pr-wg-xray
Open

feat(wireguard): manage WireGuard peers via Xray's inbound UserManager#64
bitwiresys wants to merge 1 commit into
PasarGuard:devfrom
bitwiresys:pr-wg-xray

Conversation

@bitwiresys

Copy link
Copy Markdown

What

Adds a WireGuard path on the Xray backend that provisions and removes peers on Xray's WireGuard inbound through its UserManager gRPC API (AlterInboundAddUser/RemoveUser), so WG users can be added/removed at runtime without restarting the core — exactly like every other Xray inbound the node already manages. It does not touch the existing native backend/wireguard/ backend; it is purely additive.

Why

Xray gained a first-class WireGuard inbound with a UserManager in XTLS/Xray-core#6360 (merged, shipping in v26.6.27). With that, WireGuard can be served through the same Xray process as all other protocols:

  • one transport pipeline (routing, sniffing, stats, and Xray transport obfuscation/finalmask) for WG users, not a separate kernel interface;
  • runtime add/remove of peers (no core restart);
  • WG users counted by the standard user>>>…>>>traffic stats like the rest.

How

  • backend/xray/api/wireguard_account.go — maps a user's WG proxy settings to an Xray wireguard.PeerConfig account for AddUser.
  • backend/xray/api/wireguard_key.go — base64⇄hex key helpers (Xray IPC expects hex).
  • backend/xray/wireguard_sync.go — push/diff WG peers via the UserManager without restarting Xray.
  • backend/xray/{config,user,xray}.go, api/account.go — wire the WG account into the existing inbound/user/sync flow.
  • common/service.proto (+ regenerated service.pb.go) — add Wireguard.pre_shared_key so an optional PSK reaches the node.
  • go.mod — bump xtls/xray-core to the revision that ships the WG inbound UserManager (v26.6.27).

Compatibility / notes

  • Additive only; native WireGuard backend unchanged.
  • go directive stays 1.26.3 (already current on dev); the xray-core bump pulls the WG UserManager API.
  • xray-core is pinned via a commit pseudo-version because upstream tags recent releases as v26.x (not Go-module-resolvable on the bare module path); happy to repin to a clean tag once one is published.

Testing

  • go build ./..., go vet ./... clean.
  • make test passes the same set as dev (the *WithRealXray / controller API-key tests need the CI's xray binary + API_KEY, and fail identically on a bare checkout of dev).
  • Verified end-to-end against a live panel + node: WG user connects, traffic/online tracked, 15-min soak 30/30 with no disconnects or errors.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f33e1b4d-d912-4929-8824-66bca7bfb5ab

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Adds a WireGuard backend path that provisions/removes peers on Xray's
WireGuard inbound through the UserManager gRPC API (AddUser/RemoveUser),
so WG users can be managed at runtime without restarting the core —
mirroring how the other Xray inbounds are handled.

- backend/xray/api/wireguard_account.go: WireGuard account -> PeerConfig
- backend/xray/api/wireguard_key.go: base64<->hex key helpers
- backend/xray/wireguard_sync.go: push/sync WG peers via UserManager
- backend/xray/{config,user,xray}.go, api/account.go: wire WG into the
  inbound/user flow
- common/service.proto (+ regenerated service.pb.go): add Wireguard
  pre_shared_key field so PSK can be delivered to the node
- bump xtls/xray-core to a revision that ships the WG inbound UserManager
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant