txlyre

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

60c54827aa feat: ldap skip tls verify (#5637) * feat(ldap): add InsecureSkipVerify field and tlsConfig helper Extract the inline TLS config at both LDAPS dial sites (FetchVlessFlags, AuthenticateUser) into a tlsConfig(cfg) helper, and add a new Config.InsecureSkipVerify bool that flows through to tls.Config.InsecureSkipVerify. This unblocks enterprise environments (e.g. Microsoft AD CS with internal CAs) where the server certificate chain cannot be imported into the system trust store. Behavior is identical when InsecureSkipVerify is false (the default) - pure refactor + plumbing. The helper is unit-testable without a live server, which is why it is extracted. Closes https://github.com/MHSanaei/3x-ui/issues/5538 * feat(settings): add LdapInsecureSkipVerify setting Plumb the new LDAP skip-TLS-verify toggle through the settings stack: - AllSetting struct field (json/form tag: ldapInsecureSkipVerify) - defaultValueMap default ("false") - GetLdapInsecureSkipVerify() getter - ldap_sync_job wiring into ldaputil.Config (FetchVlessFlags path) - panel/user.go wiring into ldaputil.Config (AuthenticateUser path; the original issue's file list missed this) Persistence is handled by UpdateAllSetting's reflect loop, matching the existing pattern used by ldapUseTLS (no explicit setter). Closes https://github.com/MHSanaei/3x-ui/issues/5538 * feat(ui): add Skip TLS verification switch in LDAP settings Wire the new ldapInsecureSkipVerify setting into the hand-written frontend model and Zod schema, and render it as a new Switch in GeneralTab right under "Use TLS (LDAPS)". The switch is disabled when TLS is off (the setting is meaningless without LDAPS) and shows an insecure-warning description to make the security implication visible to operators. Also adds a Vitest round-trip test pinning schema acceptance and model default-to-false behavior. Closes https://github.com/MHSanaei/3x-ui/issues/5538 * chore(i18n): add Skip TLS verification strings to all locales Add pages.settings.ldap.skipTlsVerify and skipTlsVerifyDesc to all 13 backend-served translation files, matching the existing repo convention of keeping LDAP keys present in every locale (en-US, fa-IR, ru-RU, zh-CN, zh-TW, pt-BR, ar-EG, uk-UA, id-ID, tr-TR, vi-VN, ja-JP, es-ES). No translation-parity test exists in CI, but every other LDAP key is replicated across all files, so this keeps the invariant intact. Closes https://github.com/MHSanaei/3x-ui/issues/5538 * chore(codegen): regenerate frontend artifacts Regenerate frontend/src/generated/{zod,types,schemas,examples}.ts and frontend/public/openapi.json via `npm run gen` to reflect the new ldapInsecureSkipVerify field. The codegen CI job runs `git diff --exit-code` on these files; failing to commit them would break the build. Closes https://github.com/MHSanaei/3x-ui/issues/5538
aef35ee0de fix(sync): mark node dirty inside the mutation transaction (atomic ConfigDirty) (#5611) * fix(sync): mark node dirty inside the mutation transaction ConfigDirty is currently set by MarkNodeDirty AFTER the mutation, on a separate DB handle outside the mutation's transaction. A crash or error between the committed change and the mark leaves a committed config change that never reconciles to the node (silent drift). Add MarkNodeDirtyTx(tx, id) and call it inside each mutation's transaction so the dirty mark commits atomically with the change. * fix(test): initialize DB in TestResolveInboundAddress and group gorm import Two CI failures on this branch: - race (-shuffle=on): TestResolveInboundAddress reaches resolveInboundAddress -> configuredPublicHost -> GetSubDomain, which reads the global DB. The test never initialized one, relying on another sub-package test to do so first; under shuffle it ran first and nil-dereferenced gorm. Call initSubDB(t) so it is self-sufficient (empty DB yields an empty subDomain, so the subscriber-host fallback still holds). - golangci goimports: gorm.io/gorm was grouped with the github.com/mhsanaei/3x-ui local imports in node_dirty_test.go. Move it into the third-party group.
2b10808fbd fix(settings): require re-2FA confirmation for sensitive setting changes (#5610) * fix(settings): require server-side 2fa for sensitive changes * fix(lint): group third-party imports separately from local (goimports) golangci-lint goimports flagged setting.go and setting_security_test.go because xlzd/gotp and gorm.io/gorm were mixed into the github.com/mhsanaei/3x-ui local-prefix group. Move them into the third-party group so the local imports stand alone.
25a86b9ee2 feat(balancers): tabbed Observatory/Burst Observatory form (#5627) * feat(balancers): tabbed Observatory/Burst form replacing raw JSON Replace the raw JSON editor for the Observatory / Burst Observatory sections with a proper Ant Design form, and split the Balancers page into two sub-tabs: "Balancer Settings" (the existing table) and "Observatory". Observers stay fully auto-managed by balancer strategy through the existing syncObservatories logic: users edit only the tunable probe fields, the subjectSelector is shown read-only since it is derived from the balancers, and deleting the last balancer that needs an observer now warns in the confirm dialog that the observer will be removed too. Overlapping selectors keep an observer alive while any balancer still references it. Also add the previously missing pingConfig.httpMethod field (HEAD/GET) and translations for the new strings across all 13 locales. * refactor(balancers): tighten httpMethod typing and align connectivity default Address automated review feedback on the Observatory form: - Use the ObservatoryHttpMethodSchema enum for pingConfig.httpMethod instead of a free-form z.string(), and drive the HTTP method Select from its options. Removes the previously dead enum export and the duplicate local list, and types the field as 'HEAD' | 'GET'. - Align the schema's connectivity default with DEFAULT_BURST_OBSERVATORY (the hicloud URL) so it matches what burst observers are actually created with. No behavior change.
51ffba5961 fix(balancers): defer validation errors until touched or save (#5626) The Add Balancer modal parsed its empty initial state through BalancerFormSchema on mount and bound Form.Item validateStatus/help directly to the result, so "Tag is required" and "Pick at least one outbound" rendered the moment the modal opened, before any user input. Gate the inline errors behind per-field touched tracking plus a submit-attempted flag, and drop the disabled Create button so a save attempt surfaces the errors (matching RuleFormModal). The existing key-based remount in BalancersTab resets the flags on each open. Add a regression test asserting no errors on open and errors only after a save attempt.
Zobacz porównanie tych 9 commitów »

4 godzin temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

9c8cd08f90 feat(wireguard): multi-client support WireGuard inbounds now manage per-client peers using xray-core's native WireGuard users (AddUser/RemoveUser). Each client lives in settings.clients (canonical, like every other protocol) and is projected to peers[] only when emitting the xray config, at level 0 so the dispatcher's per-user traffic/online counters work with no extra plumbing. Backend: internal/util/wireguard gains KeyToHex (base64 to hex for the gRPC path), PublicKeyFromPrivate and GenerateWireguardPSK; xray/api.go builds a wireguard account in AddUser with hex keys (RemoveUser already worked); client CRUD generates a keypair and allocates a unique tunnel address per client and never rotates keys on edit; an idempotent migration converts legacy settings.peers into managed clients; WireGuard is included in the raw subscription. Frontend: WireGuard in the add-client modal with keys on the credential tab, client schema, per-client QR/link/.conf, inbound form reduced to server settings; i18n added across 13 locales. Fix: guard the settings[clients] assertion in add/update so a legacy WireGuard inbound stored without a clients key no longer panics.
33aada0c7c feat(xhttp): default xmux maxConnections to 6 xray-core v26.6.27 changed the XHTTP client xmux default to maxConnections=6 (anti-RKN). The panel previously sent maxConnections=0, which overrode that default; default XHttpXmuxSchema to 6 so new outbounds adopt it and the wire-exclusivity rule drops maxConcurrency accordingly.
e44075a6e0 chore(deps): bump xray-core to v26.6.27 Update the xray-core Go module (infra/conf builders + gRPC command clients) and the bundled binary pin in DockerInit.sh and the release workflow from v26.6.22 to v26.6.27. No gRPC command-API breaking changes. The release's other inbound work rides along with the bump: TUN autoSystemRoutingTable/autoOutboundsInterface are already modeled in the frontend tun schema, while Hysteria vlessRoute (UUID-derived) and the TUN traffic counters are internal to xray-core and need no panel changes.
Zobacz porównanie tych 3 commitów »

20 godzin temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

56b0be0b6a fix(lint): use errors.Is for io.EOF comparison in sys_linux The errorlint linter rejects direct error comparison with != because it fails on wrapped errors. Compare via errors.Is(err, io.EOF) instead.
9b8a0c9b17 feat(groups): reset group traffic without touching client counters The group page shows traffic counting per group, but the only reset available zeroed every member client's up/down counters (and their quotas) via bulkResetTraffic. Group traffic is a derived sum of client traffic, so zeroing the group display previously required mutating the clients themselves. Add a display-only baseline: ClientGroup gains reset_up/reset_down columns (additive, handled by AutoMigrate). ResetGroupTraffic snapshots the group's current up/down sum into the baseline, and ListGroups now reports max(0, sum - baseline). Client counters are left untouched and no Xray restart is triggered. A new POST /panel/api/clients/groups/ resetTraffic endpoint drives it, creating the client_groups row when the group exists only as a derived label. The groups page action now calls the new endpoint; confirm/success strings updated across all 13 locales to reflect group-only semantics.
d1c0d77023 chore(ci): bump golangci-lint action to v9 Update the GitHub Actions CI workflow to use golangci/golangci-lint-action@v9 instead of v8. This keeps the lint job aligned with the latest major version and ongoing action maintenance.
63fca9ef88 docs: correct false RTL claim and stale Vite version in CONTRIBUTING.md RTL is not wired through AntD ConfigProvider direction (no such code exists; only the Jalali date picker is RTL-aware), so the guide now states that accurately instead of claiming a mechanism that is absent. Replace the hardcoded Vite version (said 8.0.16; package.json pins 8.1.0) with a pointer to read the live version, removing the drift source.
2e851978e6 chore: add Makefile as canonical task runner make verify reproduces the CI PR gate locally (gen-check, lint, typecheck, test, build) with the same flags as ci.yml: go test -shuffle=on -count=1 over the node_modules-filtered package list, the internal/web/dist go:embed stub, and the generated-file staleness diff. Run make help for all targets.
Zobacz porównanie tych 15 commitów »

1 dzień temu

txlyre wypycha do master w txlyre/qic

af61c8a442 upd

1 dzień temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

7a2179535a fix(settings): normalize API token timestamps (#5599) * fix(settings): normalize API token timestamps * refactor(api-token): share timestamp threshold --------- Co-authored-by: Tomilla <5007859+[email protected]>

1 dzień temu

txlyre wypycha do master w txlyre/qic

7e832c2e00 upd

1 dzień temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

6964d84742 feat(reality): add live REALITY target scanner with IP/CIDR discovery Replace the static reality-targets list with a server-side TLS 1.3 probe that checks TLS 1.3 + HTTP/2 + X25519 + a trusted certificate. - Single-domain validate auto-fills target and serverNames from the cert SAN - Discovery scans an IP/CIDR without SNI to find new targets from their certificates, deduped and ranked by feasibility then latency, private-IP guarded via netsafe - New endpoints scanRealityTarget and scanRealityTargets with RealityScanResult, plus openapigen and api-docs entries - Add scanner strings to all 13 locales - Replace deprecated AntD Alert message prop with title across the panel
451263f1db feat(sidebar): add documentation link button Add a Docs button next to the donate button in the sidebar and mobile drawer linking to https://docs.sanaei.dev/, with menu.docs translations across all 13 languages.
Zobacz porównanie tych 2 commitów »

1 dzień temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

8e4c368200 feat(update): allow opting into the dev channel from a stable build The panel version button opened the GitHub releases page on a stable, up-to-date build, and the dev-channel toggle only rendered on dev builds, so there was no in-panel path from stable to dev. Drop the IsDevBuild() guard in devChannelActive (the toggle alone drives the channel now), always open the update modal instead of releases, and always render the Dev channel switch.
522b1b64b0 fix(logger): prevent nil-deref panic in migrate/setting CLI paths The package-level logger is nil until InitLogger runs, which only happens in runWebServer. The migrate and setting subcommands log without initializing it; PR #5520 added a logger.Info on a success path in MigrationRestoreVisionFlow, so 'x-ui migrate' segfaults on installs with a VLESS inbound needing Vision-flow restoration. Initialize logger to a usable default at package load so no code path can nil-deref it, and set up the dual backend in migrateDb so migration steps are logged like runWebServer. Fixes #5581
Zobacz porównanie tych 2 commitów »

2 dni temu

txlyre wypycha do master w txlyre/qic

ff12f6aee6 upd

2 dni temu

txlyre wypycha do master w txlyre/libqirt

cc2f12bc54 upd

2 dni temu

txlyre zsynchronizowano commit z v3.4.1 na txlyre/3x-ui z kopii lustrzanej

2 dni temu

txlyre zsynchronizowano nowy odnośnik v3.4.1 to txlyre/3x-ui z mirrora

2 dni temu

txlyre zsynchronizowano commit z main na txlyre/3x-ui z kopii lustrzanej

b1fb39c486 v3.4.1
9381fa284b feat(logs): add auto-update toggle to Access Logs and Logs viewers A checkbox in both the Xray Access Logs and panel Logs modals polls the existing refresh every 5s while enabled, respecting the current row count, level/filter, and Direct/Blocked/Proxy selections. The poller tears down on close or untoggle. Adds a localized pages.index.autoUpdate key to all 13 locales.
30796dc2ce chore(deploy): drop the AWS golden-image build stack Remove the release-driven Packer AMI/qcow2 pipeline and everything that existed only to feed it: the image.yml workflow, deploy/packer, deploy/lightsail, deploy/firstboot, the AWS Marketplace checklist, and the first-boot smoke test/job. Keep the cloud-agnostic unattended-install path (cloud-init + install.sh non-interactive) and the Hetzner notes, which never depended on the workflow. Hetzner's snapshot path is dropped too since it relied on firstboot to avoid admin/admin on clones; cloud-init regenerates per-instance credentials on its own. Update deploy/README, the cloud-init and Hetzner docs, the root README plus its six translations, and .gitattributes to match.
dc6d13b58f chore: bump deps and modernize test loops - release.yml: download-artifact v7 -> v8 - frontend: i18next 26.3.1 -> 26.3.2, qs 6.15.2 -> 6.15.3 - go.mod: consolidate indirect requires (go mod tidy) - tests: adopt Go 1.22 range-over-int loops
e27f2490b2 feat(logs): label the Xray access-log viewer 'Access Logs' across all languages Distinguishes the access-log modal from the panel 'Logs' viewer it shares a title with. Adds the accessLogs key to all 13 translation files.
Zobacz porównanie tych 14 commitów »

2 dni temu

txlyre zsynchronizowano i usunięto odnośnik dependabot/npm_and_yarn/frontend/qs-6.15.3 at txlyre/3x-ui z mirrora

2 dni temu

txlyre zsynchronizowano i usunięto odnośnik dependabot/npm_and_yarn/frontend/i18next-26.3.2 at txlyre/3x-ui z mirrora

2 dni temu

txlyre zsynchronizowano i usunięto odnośnik dependabot/go_modules/gorm.io/gorm-1.31.2 at txlyre/3x-ui z mirrora

2 dni temu

txlyre zsynchronizowano i usunięto odnośnik dependabot/github_actions/actions/download-artifact-8 at txlyre/3x-ui z mirrora

2 dni temu

txlyre zsynchronizowano commit z dependabot/npm_and_yarn/frontend/qs-6.15.3 na txlyre/3x-ui z kopii lustrzanej

0da45bce85 chore(deps): bump qs from 6.15.2 to 6.15.3 in /frontend Bumps [qs](https://github.com/ljharb/qs) from 6.15.2 to 6.15.3. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.15.2...v6.15.3) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
e4b881e58a feat(panel): surface dev-build version in UI, bot, and CLI A dev build now shows its `dev+<commit>` identity instead of a misleading stable-looking version in the sidebar badge, dashboard card, update modal, Telegram status report, startup log, and `x-ui -v`. Adds a shared formatPanelVersion helper (single v prefix; dev labels shown verbatim) and fixes the mobile-tag double-v. Renames the version getters for clarity: config.GetVersion to GetBaseVersion (raw embedded version), config.GetReportedVersion to GetPanelVersion (advertised/displayed), and the xray process GetVersion to GetXrayVersion.
2adb59bd64 feat(install): add dev-latest install option and sync README translations install.sh now accepts `dev-latest` (or `dev`) to install the rolling per-commit dev pre-release, bypassing the numeric version-floor check. README.md documents the version-pinned and dev-latest install commands. All six language READMEs are brought back in sync with the English source: the new install instructions plus the previously-missing "Unattended install & cloud images" section, the XUI_TUNNEL_HEALTH_* env vars, and the custom subscription templates link.
bcd1358032 fix(nodes): report dev builds as dev+<commit> so updated nodes aren't flagged stale A node's status reported config.GetVersion() (3.4.0) even on a dev build, so the master compared it against its own dev latestVersion (dev+<sha>) and every node showed 'update available'. Nodes on a dev build now report dev+<short commit>, matching the master's format, so a node on the current dev commit compares as up to date.
e8878b71a4 feat(nodes): add Dev channel option to node panel updates The node update confirm dialog now offers a 'Dev channel (latest commit)' choice. The dev flag threads master -> nodes/updatePanel -> UpdatePanels -> remote.UpdatePanel -> the node's updatePanel endpoint, which calls StartUpdateChannel(dev) to install the rolling dev-latest build. With no dev flag the node keeps following its own channel setting.
Zobacz porównanie tych 10 commitów »

3 dni temu

txlyre zsynchronizowano nowy odnośnik dependabot/npm_and_yarn/frontend/qs-6.15.3 to txlyre/3x-ui z mirrora

3 dni temu

txlyre zsynchronizowano commit z dependabot/npm_and_yarn/frontend/i18next-26.3.2 na txlyre/3x-ui z kopii lustrzanej

ec7914df92 chore(deps): bump i18next from 26.3.1 to 26.3.2 in /frontend Bumps [i18next](https://github.com/i18next/i18next) from 26.3.1 to 26.3.2. - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v26.3.1...v26.3.2) --- updated-dependencies: - dependency-name: i18next dependency-version: 26.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
e4b881e58a feat(panel): surface dev-build version in UI, bot, and CLI A dev build now shows its `dev+<commit>` identity instead of a misleading stable-looking version in the sidebar badge, dashboard card, update modal, Telegram status report, startup log, and `x-ui -v`. Adds a shared formatPanelVersion helper (single v prefix; dev labels shown verbatim) and fixes the mobile-tag double-v. Renames the version getters for clarity: config.GetVersion to GetBaseVersion (raw embedded version), config.GetReportedVersion to GetPanelVersion (advertised/displayed), and the xray process GetVersion to GetXrayVersion.
2adb59bd64 feat(install): add dev-latest install option and sync README translations install.sh now accepts `dev-latest` (or `dev`) to install the rolling per-commit dev pre-release, bypassing the numeric version-floor check. README.md documents the version-pinned and dev-latest install commands. All six language READMEs are brought back in sync with the English source: the new install instructions plus the previously-missing "Unattended install & cloud images" section, the XUI_TUNNEL_HEALTH_* env vars, and the custom subscription templates link.
bcd1358032 fix(nodes): report dev builds as dev+<commit> so updated nodes aren't flagged stale A node's status reported config.GetVersion() (3.4.0) even on a dev build, so the master compared it against its own dev latestVersion (dev+<sha>) and every node showed 'update available'. Nodes on a dev build now report dev+<short commit>, matching the master's format, so a node on the current dev commit compares as up to date.
e8878b71a4 feat(nodes): add Dev channel option to node panel updates The node update confirm dialog now offers a 'Dev channel (latest commit)' choice. The dev flag threads master -> nodes/updatePanel -> UpdatePanels -> remote.UpdatePanel -> the node's updatePanel endpoint, which calls StartUpdateChannel(dev) to install the rolling dev-latest build. With no dev flag the node keeps following its own channel setting.
Zobacz porównanie tych 10 commitów »

3 dni temu