首頁 探索 說明
登入
txlyre
/
3x-ui
镜像来自 https://github.com/MHSanaei/3x-ui
1
0
複刻 0
Files 問題管理 0 Wiki
目錄樹: e63cde8fcb
分支列表 標籤列表
3x-ui
/
web
/
controller
/
xui.go

xui.go 2.5 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. package controller
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 

  6. 	"github.com/mhsanaei/3x-ui/v3/web/entity"
    7. 

  7. 	"github.com/mhsanaei/3x-ui/v3/web/middleware"
    8. 

  8. 	"github.com/mhsanaei/3x-ui/v3/web/session"
    9. 

  9. 

  10. 	"github.com/gin-gonic/gin"
    11. 

  11. )
    12. 

  12. 

  13. // XUIController is the main controller for the X-UI panel, managing sub-controllers.
    14. 

  14. type XUIController struct {
    15. 

  15. 	BaseController
    16. 

  16. 

  17. 	settingController     *SettingController
    18. 

  18. 	xraySettingController *XraySettingController
    19. 

  19. }
    20. 

  20. 

  21. // NewXUIController creates a new XUIController and initializes its routes.
    22. 

  22. func NewXUIController(g *gin.RouterGroup) *XUIController {
    23. 

  23. 	a := &XUIController{}
    24. 

  24. 	a.initRouter(g)
    25. 

  25. 	return a
    26. 

  26. }
    27. 

  27. 

  28. // initRouter sets up the main panel routes and initializes sub-controllers.
    29. 

  29. //
    30. 

  30. // The HTML routes all hand the same single-page-app shell (index.html) to the
    31. 

  31. // browser; React Router takes over and renders the correct page from the URL.
    32. 

  32. // The /panel/api, /panel/setting, /panel/xray sub-routers register POST/JSON
    33. 

  33. // endpoints on different paths and stay untouched by the shell handler.
    34. 

  34. func (a *XUIController) initRouter(g *gin.RouterGroup) {
    35. 

  35. 	g = g.Group("/panel")
    36. 

  36. 	g.Use(a.checkLogin)
    37. 

  37. 	g.Use(middleware.CSRFMiddleware())
    38. 

  38. 

  39. 	g.GET("/", a.panelSPA)
    40. 

  40. 	g.GET("/inbounds", a.panelSPA)
    41. 

  41. 	g.GET("/clients", a.panelSPA)
    42. 

  42. 	g.GET("/groups", a.panelSPA)
    43. 

  43. 	g.GET("/nodes", a.panelSPA)
    44. 

  44. 	g.GET("/settings", a.panelSPA)
    45. 

  45. 	g.GET("/xray", a.panelSPA)
    46. 

  46. 	g.GET("/api-docs", a.panelSPA)
    47. 

  47. 

  48. 	// SPA pages built by Vite don't have a server-rendered <meta name="csrf-token">,
    49. 

  49. 	// so they fetch the session token via this endpoint at startup and replay it
    50. 

  50. 	// on subsequent unsafe requests through axios.
    51. 

  51. 	g.GET("/csrf-token", a.csrfToken)
    52. 

  52. 

  53. 	a.settingController = NewSettingController(g)
    54. 

  54. 	a.xraySettingController = NewXraySettingController(g)
    55. 

  55. }
    56. 

  56. 

  57. // panelSPA serves the React SPA shell. Every GET under /panel/ that isn't an
    58. 

  58. // API endpoint returns the same index.html — React Router reads the URL and
    59. 

  59. // mounts the matching page on the client.
    60. 

  60. func (a *XUIController) panelSPA(c *gin.Context) {
    61. 

  61. 	serveDistPage(c, "index.html")
    62. 

  62. }
    63. 

  63. 

  64. // csrfToken returns the session CSRF token to authenticated SPA clients.
    65. 

  65. // The endpoint is GET (a safe method) so it bypasses CSRFMiddleware itself,
    66. 

  66. // but checkLogin still gates the response — anonymous callers get 401/redirect.
    67. 

  67. func (a *XUIController) csrfToken(c *gin.Context) {
    68. 

  68. 	token, err := session.EnsureCSRFToken(c)
    69. 

  69. 	if err != nil {
    70. 

  70. 		c.JSON(http.StatusInternalServerError, entity.Msg{Success: false, Msg: err.Error()})
    71. 

  71. 		return
    72. 

  72. 	}
    73. 

  73. 	c.JSON(http.StatusOK, entity.Msg{Success: true, Obj: token})
    74. 

  74. }
    75.