Sākums Izpētīt Palīdzība
Pierakstīties
txlyre
/
3x-ui
spogulis no https://github.com/MHSanaei/3x-ui
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: c6f15cd53f
Atzari Tagi
3x-ui
/
web
/
controller
/
xui.go

xui.go 2.3 KB
Vēsture Neapstrādāts

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. package controller
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 

  6. 	"github.com/mhsanaei/3x-ui/v3/web/entity"
    7. 

  7. 	"github.com/mhsanaei/3x-ui/v3/web/middleware"
    8. 

  8. 	"github.com/mhsanaei/3x-ui/v3/web/session"
    9. 

  9. 

  10. 	"github.com/gin-gonic/gin"
    11. 

  11. )
    12. 

  12. 

  13. // XUIController is the main controller for the X-UI panel, serving the SPA shell.
    14. 

  14. type XUIController struct {
    15. 

  15. 	BaseController
    16. 

  16. }
    17. 

  17. 

  18. // NewXUIController creates a new XUIController and initializes its routes.
    19. 

  19. func NewXUIController(g *gin.RouterGroup) *XUIController {
    20. 

  20. 	a := &XUIController{}
    21. 

  21. 	a.initRouter(g)
    22. 

  22. 	return a
    23. 

  23. }
    24. 

  24. 

  25. // initRouter sets up the main panel routes and initializes sub-controllers.
    26. 

  26. //
    27. 

  27. // The HTML routes all hand the same single-page-app shell (index.html) to the
    28. 

  28. // browser; React Router takes over and renders the correct page from the URL.
    29. 

  29. // The /panel/api, /panel/setting, /panel/xray sub-routers register POST/JSON
    30. 

  30. // endpoints on different paths and stay untouched by the shell handler.
    31. 

  31. func (a *XUIController) initRouter(g *gin.RouterGroup) {
    32. 

  32. 	g = g.Group("/panel")
    33. 

  33. 	g.Use(a.checkLogin)
    34. 

  34. 	g.Use(middleware.CSRFMiddleware())
    35. 

  35. 

  36. 	g.GET("/", a.panelSPA)
    37. 

  37. 	g.GET("/inbounds", a.panelSPA)
    38. 

  38. 	g.GET("/clients", a.panelSPA)
    39. 

  39. 	g.GET("/groups", a.panelSPA)
    40. 

  40. 	g.GET("/nodes", a.panelSPA)
    41. 

  41. 	g.GET("/settings", a.panelSPA)
    42. 

  42. 	g.GET("/xray", a.panelSPA)
    43. 

  43. 	g.GET("/api-docs", a.panelSPA)
    44. 

  44. 

  45. 	// SPA pages built by Vite don't have a server-rendered <meta name="csrf-token">,
    46. 

  46. 	// so they fetch the session token via this endpoint at startup and replay it
    47. 

  47. 	// on subsequent unsafe requests through axios.
    48. 

  48. 	g.GET("/csrf-token", a.csrfToken)
    49. 

  49. }
    50. 

  50. 

  51. // panelSPA serves the React SPA shell. Every GET under /panel/ that isn't an
    52. 

  52. // API endpoint returns the same index.html — React Router reads the URL and
    53. 

  53. // mounts the matching page on the client.
    54. 

  54. func (a *XUIController) panelSPA(c *gin.Context) {
    55. 

  55. 	serveDistPage(c, "index.html")
    56. 

  56. }
    57. 

  57. 

  58. // csrfToken returns the session CSRF token to authenticated SPA clients.
    59. 

  59. // The endpoint is GET (a safe method) so it bypasses CSRFMiddleware itself,
    60. 

  60. // but checkLogin still gates the response — anonymous callers get 401/redirect.
    61. 

  61. func (a *XUIController) csrfToken(c *gin.Context) {
    62. 

  62. 	token, err := session.EnsureCSRFToken(c)
    63. 

  63. 	if err != nil {
    64. 

  64. 		c.JSON(http.StatusInternalServerError, entity.Msg{Success: false, Msg: err.Error()})
    65. 

  65. 		return
    66. 

  66. 	}
    67. 

  67. 	c.JSON(http.StatusOK, entity.Msg{Success: true, Obj: token})
    68. 

  68. }
    69.