Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
txlyre
/
3x-ui
-ын хуулбар https://github.com/MHSanaei/3x-ui
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 718b7e16e1
Салаанууд Тагууд
3x-ui
/
internal
/
web
/
controller
/
spa.go

spa.go 2.4 KB
Түүх Анхны өгөгдөл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. package controller
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 

  6. 	"github.com/mhsanaei/3x-ui/v3/internal/web/entity"
    7. 

  7. 	"github.com/mhsanaei/3x-ui/v3/internal/web/middleware"
    8. 

  8. 	"github.com/mhsanaei/3x-ui/v3/internal/web/session"
    9. 

  9. 

  10. 	"github.com/gin-gonic/gin"
    11. 

  11. )
    12. 

  12. 

  13. // XUIController is the main controller for the X-UI panel, serving the SPA shell.
    14. 

  14. type XUIController struct {
    15. 

  15. 	BaseController
    16. 

  16. }
    17. 

  17. 

  18. // NewXUIController creates a new XUIController and initializes its routes.
    19. 

  19. func NewXUIController(g *gin.RouterGroup) *XUIController {
    20. 

  20. 	a := &XUIController{}
    21. 

  21. 	a.initRouter(g)
    22. 

  22. 	return a
    23. 

  23. }
    24. 

  24. 

  25. // initRouter sets up the main panel routes and initializes sub-controllers.
    26. 

  26. //
    27. 

  27. // The HTML routes all hand the same single-page-app shell (index.html) to the
    28. 

  28. // browser; React Router takes over and renders the correct page from the URL.
    29. 

  29. // The /panel/api, /panel/setting, /panel/xray sub-routers register POST/JSON
    30. 

  30. // endpoints on different paths and stay untouched by the shell handler.
    31. 

  31. func (a *XUIController) initRouter(g *gin.RouterGroup) {
    32. 

  32. 	g = g.Group("/panel")
    33. 

  33. 	g.Use(a.checkLogin)
    34. 

  34. 	g.Use(middleware.CSRFMiddleware())
    35. 

  35. 

  36. 	g.GET("/", a.panelSPA)
    37. 

  37. 	g.GET("/inbounds", a.panelSPA)
    38. 

  38. 	g.GET("/clients", a.panelSPA)
    39. 

  39. 	g.GET("/groups", a.panelSPA)
    40. 

  40. 	g.GET("/nodes", a.panelSPA)
    41. 

  41. 	g.GET("/settings", a.panelSPA)
    42. 

  42. 	g.GET("/xray", a.panelSPA)
    43. 

  43. 	g.GET("/outbound", a.panelSPA)
    44. 

  44. 	g.GET("/routing", a.panelSPA)
    45. 

  45. 	g.GET("/api-docs", a.panelSPA)
    46. 

  46. 

  47. 	// SPA pages built by Vite don't have a server-rendered <meta name="csrf-token">,
    48. 

  48. 	// so they fetch the session token via this endpoint at startup and replay it
    49. 

  49. 	// on subsequent unsafe requests through axios.
    50. 

  50. 	g.GET("/csrf-token", a.csrfToken)
    51. 

  51. }
    52. 

  52. 

  53. // panelSPA serves the React SPA shell. Every GET under /panel/ that isn't an
    54. 

  54. // API endpoint returns the same index.html — React Router reads the URL and
    55. 

  55. // mounts the matching page on the client.
    56. 

  56. func (a *XUIController) panelSPA(c *gin.Context) {
    57. 

  57. 	serveDistPage(c, "index.html")
    58. 

  58. }
    59. 

  59. 

  60. // csrfToken returns the session CSRF token to authenticated SPA clients.
    61. 

  61. // The endpoint is GET (a safe method) so it bypasses CSRFMiddleware itself,
    62. 

  62. // but checkLogin still gates the response — anonymous callers get 401/redirect.
    63. 

  63. func (a *XUIController) csrfToken(c *gin.Context) {
    64. 

  64. 	token, err := session.EnsureCSRFToken(c)
    65. 

  65. 	if err != nil {
    66. 

  66. 		c.JSON(http.StatusInternalServerError, entity.Msg{Success: false, Msg: err.Error()})
    67. 

  67. 		return
    68. 

  68. 	}
    69. 

  69. 	c.JSON(http.StatusOK, entity.Msg{Success: true, Obj: token})
    70. 

  70. }
    71.