refactor(vless): drop selectedAuth, expose two explicit auth buttons

selectedAuth was UI-only metadata (Xray never reads it) and entirely
redundant with the encryption string itself — the dropdown only
controlled which block from `xray vlessenc` to apply. Replace it with
two explicit buttons ("X25519" and "ML-KEM-768") so the user picks
the auth mode in one click instead of dropdown + Get-New-Keys.

- VLESSSettings drops the field from constructor, fromJson, and toJson;
  legacy `selectedAuth` values still in DB will be silently shed on the
  next save.
- getNewVlessEnc(authLabel) now takes the label as a parameter; clear
  resets only decryption/encryption.
- Fallbacks visibility now keys on encryption === "none" (the same
  thing the dropdown was effectively gating on).
- Info modal drops the redundant Authentication tag and colours the
  encryption tag red when it's "none", green otherwise.

Co-Authored-By: Claude Opus 4.7 <[email protected]>

web/assets/js/model/inbound.js

@@ -2543,7 +2543,6 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
         decryption = "none",
         encryption = "none",
         fallbacks = [],
-        selectedAuth = undefined,
         testseed = [],
     ) {
         super(protocol);
@@ -2551,7 +2550,6 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
         this.decryption = decryption;
         this.encryption = encryption;
         this.fallbacks = fallbacks;
-        this.selectedAuth = selectedAuth;
         this.testseed = testseed;
     }
 
@@ -2587,7 +2585,6 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
             json.decryption,
             json.encryption,
             Inbound.VLESSSettings.Fallback.fromJson(json.fallbacks || []),
-            json.selectedAuth,
             testseed,
         );
         return obj;
@@ -2610,9 +2607,6 @@ Inbound.VLESSSettings = class extends Inbound.Settings {
         if (this.fallbacks && this.fallbacks.length > 0) {
             json.fallbacks = Inbound.VLESSSettings.toJsonArray(this.fallbacks);
         }
-        if (this.selectedAuth) {
-            json.selectedAuth = this.selectedAuth;
-        }
 
         // testseed is only meaningful for the exact xtls-rprx-vision flow, and only when
         // the user supplied a complete 4-positive-int array. Otherwise omit and let the

web/html/form/protocol/vless.html

@@ -21,16 +21,6 @@
 </a-collapse>
 <template v-if=" !inbound.stream.isTLS || !inbound.stream.isReality">
   <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
-    <a-form-item label="Authentication">
-      <a-select v-model="inbound.settings.selectedAuth" @change="getNewVlessEnc"
-        :dropdown-class-name="themeSwitcher.currentTheme">
-        <a-select-option :value="undefined">None</a-select-option>
-        <a-select-option value="X25519, not Post-Quantum">X25519 (not
-          Post-Quantum)</a-select-option>
-        <a-select-option value="ML-KEM-768, Post-Quantum">ML-KEM-768
-          (Post-Quantum)</a-select-option>
-      </a-select>
-    </a-form-item>
     <a-form-item label="decryption">
       <a-input v-model.trim="inbound.settings.decryption"></a-input>
     </a-form-item>
@@ -38,16 +28,20 @@
       <a-input v-model="inbound.settings.encryption"></a-input>
     </a-form-item>
     <a-form-item label=" ">
-      <a-space>
-        <a-button type="primary" icon="import" @click="getNewVlessEnc">Get New
-          keys</a-button>
+      <a-space :size="8" wrap>
+        <a-button type="primary" icon="import" @click="getNewVlessEnc('X25519, not Post-Quantum')">
+          X25519
+        </a-button>
+        <a-button type="primary" icon="import" @click="getNewVlessEnc('ML-KEM-768, Post-Quantum')">
+          ML-KEM-768
+        </a-button>
         <a-button danger @click="clearVlessEnc">Clear</a-button>
       </a-space>
     </a-form-item>
   </a-form>
   <a-divider :style="{ margin: '5px 0' }"></a-divider>
 </template>
-<template v-if="inbound.isTcp && !inbound.settings.selectedAuth">
+<template v-if="inbound.isTcp && (!inbound.settings.encryption || inbound.settings.encryption === 'none')">
   <a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
     <a-form-item label="Fallbacks">
       <a-button icon="plus" type="primary" size="small" @click="inbound.settings.addFallback()"></a-button>

web/html/modals/inbound_info_modal.html

@@ -90,14 +90,9 @@
       <a-tag :color="inbound.stream.security == 'none' ? 'red' : 'green'">[[
         inbound.stream.security ]]</a-tag>
       <br />
-      <td>Authentication</td>
-      <a-tag v-if="inbound.settings.selectedAuth" color="green">[[
-        inbound.settings.selectedAuth ? inbound.settings.selectedAuth : ''
-        ]]</a-tag>
-      <a-tag v-else color="red">{{ i18n "none" }}</a-tag>
-      <br />
       {{ i18n "encryption" }}
-      <a-tag class="info-large-tag" :color="inbound.settings.encryption ? 'green' : 'red'">[[
+      <a-tag class="info-large-tag"
+        :color="inbound.settings.encryption && inbound.settings.encryption !== 'none' ? 'green' : 'red'">[[
         inbound.settings.encryption ? inbound.settings.encryption : ''
         ]]</a-tag>
       <a-tooltip title='{{ i18n "copy" }}'>

web/html/modals/inbound_modal.html

@@ -302,12 +302,11 @@
                 this.inbound.stream.tls.echServerKeys = "";
                 this.inbound.stream.tls.settings.echConfigList = "";
             },
-            async getNewVlessEnc() {
-                const selected = inModal.inbound.settings.selectedAuth;
-                if (!selected) {
-                    this.clearVlessEnc();
-                    return;
-                }
+            // Pulls the requested auth block from `xray vlessenc` (which always returns
+            // both X25519 and ML-KEM-768 variants) and applies it to the inbound's
+            // decryption/encryption strings. The auth mode is implied by the resulting
+            async getNewVlessEnc(authLabel) {
+                if (!authLabel) return;
 
                 inModal.loading(true);
                 const msg = await HttpUtil.get("/panel/api/server/getNewVlessEnc");
@@ -318,10 +317,10 @@
                 }
 
                 const auths = msg.obj.auths || [];
-                const block = auths.find((a) => a.label === selected);
+                const block = auths.find((a) => a.label === authLabel);
 
                 if (!block) {
-                    console.error("No auth block for", selected);
+                    console.error("No auth block for", authLabel);
                     return;
                 }
 
@@ -331,7 +330,6 @@
             clearVlessEnc() {
                 this.inbound.settings.decryption = "none";
                 this.inbound.settings.encryption = "none";
-                this.inbound.settings.selectedAuth = undefined;
             },
             // Vision Seed methods - must be in Vue methods for proper template binding.
             // Mirror the inModal helpers but use Vue.set so the form re-renders.