Главная Обзор Помощь
Вход
txlyre
Репозитории Активность

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • b40f869f2a fix(node): keep client/inbound edits working when a node is offline (#4923, #4931) Node-backed client and inbound edits no longer hard-fail when the backing node is offline or disabled. Edits commit to the panel DB immediately and reconcile to the node when it reconnects (eventual consistency); the panel is the single source of truth for desired config. - Add Node.ConfigDirty/ConfigDirtyAt; mark a node dirty when an edit commits without reaching it (cleared via CAS on ConfigDirtyAt after a full reconcile). - nodePushPlan() reads node state fresh from the DB, skips the push for offline/disabled nodes (no 10s hang), and treats push failures as non-fatal across every mutation path (client add/update/del + bulk + attach/detach; inbound add/update/del/toggle/resetTraffic). - ReconcileNode() pushes the panel's desired config to a node on reconnect (refreshing the remote tag cache first) and prunes node-side orphans; runs before the traffic pull in the node sync job. - While a node is dirty the traffic pull applies only up/down deltas and node-initiated disables, never overwriting desired config from a stale node snapshot. - Surface a non-blocking 'saved; will sync on reconnect' warning to the UI. Validated with a two-panel Docker E2E: client delete/update, attach/detach, and inbound add/delete all reconcile correctly offline -> reconnect.
  • e08456269b fix(traffic): count local traffic for clients whose shared row is node-owned (#4921) client_traffics is keyed by email (one shared row per client across every inbound it is attached to). addClientTraffic filtered with `inbound_id NOT IN (node inbounds)`, so when a client was attached to both a node inbound and the mother inbound and the node inbound was attached first, the shared row carried the node inbound's id (AddClientStat uses OnConflict DoNothing and never refreshes it) and the local xray's traffic for that client was dropped entirely. The client showed online but its usage stayed at zero unless the mother inbound happened to be attached first. Match purely by email instead. The reported emails come only from the local xray, which only knows local-attached clients, so the query is still correctly scoped, and this also repairs already-broken rows that a per-row AddClientStat fix alone could not.
  • f8e902a7b6 fix(sub): include ECH config in TLS share links and JSON subscription echConfigList was stored under tlsSettings.settings but the share-link and JSON-subscription generators only read fingerprint and pinnedPeerCertSha256 from that bag, silently dropping ECH from VLESS, Trojan and VMess links. Read echConfigList alongside them and flatten it into tlsSettings.echConfigList for the JSON subscription. Closes #4933
  • Просмотр сравнение для этих 3 коммитов »

5 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • d6d2085d60 fix: restart remote xray after disabling a client to kill active sessions (#4918) * fix(node-traffic): restart remote xray after disabling clients to kill active sessions When a client's traffic limit is reached on a remote node, the panel pushes enable=false to that node via UpdateInbound. The node calls RemoveUser on its local xray, which blocks new connections but leaves any already-established TCP session alive. The user could continue browsing/downloading until they disconnected voluntarily. Fix: after successfully pushing a client disable to a remote node, call RestartXray on that node. This mirrors what already happens for the local node when the "Restart Xray on client disable" setting is enabled (default: on), and ensures active sessions are terminated immediately on all nodes where the client was disabled. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * refactor(node): restart remote xray after tx commit, not inside it Move the remote RestartXray calls out of the addTraffic write transaction. disableInvalidClients now returns the affected remote node IDs instead of restarting their xray while the SQLite write lock is held; AddTraffic performs the restart after the transaction commits via restartRemoteNodesOnDisable. Avoids holding the serialized write lock across slow per-node restart RPCs. --------- Co-authored-by: Claude Sonnet 4.6 <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 12d84c2a46 fix(node-traffic): prevent stale node snapshot from re-enabling disabled client (#4917) When a remote node syncs traffic back to the panel, the UPDATE in setRemoteTrafficLocked wrote cs.Enable directly into client_traffics.enable. If a snapshot carrying enable=true arrived after the central panel had already set enable=false (due to the client reaching their traffic limit), it silently re-enabled the client — letting them consume 2-3x their allotted quota before the next disable cycle caught up. Fix: replace the unconditional SET enable = ? with a CASE expression that only allows a disable (0->0), never a re-enable (0->1). The central panel remains the sole authority for turning a client back on. Co-authored-by: Claude Sonnet 4.6 <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 97f88fb1a9 feat(sub): modern xray JSON format with unified finalmask editor (#4912) * feat(sub): add finalmask support to JSON subscriptions * feat(sub): modern xray JSON format with unified finalmask editor Drop the legacy JSON subscription format entirely and always emit the modern xray shape: - Flatten proxy outbounds (no vnext/servers) for vless/vmess/trojan/ shadowsocks; hysteria was already flat. - Express fragment/noise via streamSettings.finalmask instead of the legacy direct_out freedom dialer + dialerProxy sockopt. The global finalmask (tcp/udp masks + quicParams) is stored as a single setting (subJsonFinalMask) and merged into every generated stream, replacing the separate subJsonFragment/subJsonNoises/subJsonQuicParams settings. Reuse the existing FinalMaskForm (used by inbound/outbound) for the settings UI via a small bridge component; add a showAll prop so all TCP/UDP/QUIC sections render for the global case. This supersedes the hand-rolled Fragment/Noises/quicParams tabs with the full mask editor (all mask types). Note: this is a breaking change — JSON subscriptions now require a recent xray client on the consumer side. * fix --------- Co-authored-by: biohazardous-man <[email protected]> Co-authored-by: MHSanaei <[email protected]>
  • f947fbd6c6 feat(Clash): Add routing rules and enable routing option for Clash subscriptions (#4904) * feat(clash): add routing rules and enable routing option for Clash/Mihomo subscriptions Allows adding custom YAML blocks and placeholders to Clash exports. Why: Shifting routing to the client prevents server IP exposure for DIRECT traffic and reduces unnecessary server bandwidth/CPU usage. * fix --------- Co-authored-by: Misfit-s <>
  • ba63fa8569 chore(deps): bump i18next from 26.3.0 to 26.3.1 in /frontend (#4901) Bumps [i18next](https://github.com/i18next/i18next) from 26.3.0 to 26.3.1. - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v26.3.0...v26.3.1) --- updated-dependencies: - dependency-name: i18next dependency-version: 26.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 15 коммитов »

14 часов назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/i18next-26.3.1 на txlyre/3x-ui из зеркала

14 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • a07c7b7f4e feat(migrate-db): SQLite <-> .dump conversion and Download Migration in Overview Binary: extend the migrate-db subcommand with --dump and --restore so a SQLite database can be exported to a portable SQL text dump and rebuilt from one, alongside the existing --dsn PostgreSQL copy. Implemented in Go via the bundled sqlite driver (new database/dump_sqlite.go); no external sqlite3 client is required. Add ExportPostgresToSQLite (reverse of MigrateData) to build a SQLite .db from live PostgreSQL data, reusing the shared copyAllModels helper. Overview: add a "Download Migration" item to Backup & Restore plus a getMigration endpoint/service that returns a .dump on SQLite or a .db on PostgreSQL, so the data can seed a panel on the other backend. Document the endpoint in api-docs and translate the three new strings across all locales. Tests: cover the destination-side copy (AutoMigrate + copyTable into SQLite) and the dump/restore round-trip including quoted values. Ignore *.dump. The x-ui.sh helper that drives this from the CLI is in PR #4910.

22 часов назад

txlyre синхронизированные коммиты с feat/x-ui-sh-migratedb на txlyre/3x-ui из зеркала

  • 5dd506d255 fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • e3deac536f Merge branch 'main' into feat/x-ui-sh-migratedb
  • a07c7b7f4e feat(migrate-db): SQLite <-> .dump conversion and Download Migration in Overview Binary: extend the migrate-db subcommand with --dump and --restore so a SQLite database can be exported to a portable SQL text dump and rebuilt from one, alongside the existing --dsn PostgreSQL copy. Implemented in Go via the bundled sqlite driver (new database/dump_sqlite.go); no external sqlite3 client is required. Add ExportPostgresToSQLite (reverse of MigrateData) to build a SQLite .db from live PostgreSQL data, reusing the shared copyAllModels helper. Overview: add a "Download Migration" item to Backup & Restore plus a getMigration endpoint/service that returns a .dump on SQLite or a .db on PostgreSQL, so the data can seed a panel on the other backend. Document the endpoint in api-docs and translate the three new strings across all locales. Tests: cover the destination-side copy (AutoMigrate + copyTable into SQLite) and the dump/restore round-trip including quoted values. Ignore *.dump. The x-ui.sh helper that drives this from the CLI is in PR #4910.
  • 6ca2a3f0f7 feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release.
  • 5c1d64b841 v3.2.7
  • Просмотр сравнение для этих 10 коммитов »

22 часов назад

txlyre синхронизированные новые ссылки feat/x-ui-sh-migratedb к txlyre/3x-ui из зеркала

22 часов назад

txlyre синхронизированные коммиты с dependabot/npm_and_yarn/frontend/i18next-26.3.1 на txlyre/3x-ui из зеркала

  • 008fb8b9c9 chore(deps): bump i18next from 26.3.0 to 26.3.1 in /frontend Bumps [i18next](https://github.com/i18next/i18next) from 26.3.0 to 26.3.1. - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v26.3.0...v26.3.1) --- updated-dependencies: - dependency-name: i18next dependency-version: 26.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
  • 5c1d64b841 v3.2.7
  • 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.
  • 7a72aeda7a i18n: translate connection-limit strings for all languages Adds connectionLimits/connIdle/bufferSize/seconds keys to the remaining 11 locales (ar, es, id, ja, pt, ru, tr, uk, vi, zh-CN, zh-TW); en-US and fa-IR shipped with the feature.
  • 72944daab7 chore(deps): bump xray-core to v1.260327.1 and add pion/wireguard deps
  • Просмотр сравнение для этих 10 коммитов »

22 часов назад

txlyre синхронизированные новые ссылки dependabot/npm_and_yarn/frontend/i18next-26.3.1 к txlyre/3x-ui из зеркала

22 часов назад

txlyre синхронизированные коммиты с v3.2.7 на txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные новые ссылки v3.2.7 к txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 5c1d64b841 v3.2.7
  • 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.
  • 7a72aeda7a i18n: translate connection-limit strings for all languages Adds connectionLimits/connIdle/bufferSize/seconds keys to the remaining 11 locales (ar, es, id, ja, pt, ru, tr, uk, vi, zh-CN, zh-TW); en-US and fa-IR shipped with the feature.
  • 72944daab7 chore(deps): bump xray-core to v1.260327.1 and add pion/wireguard deps
  • c78285402e fix(sidebar): set fixed sider width to 220
  • Просмотр сравнение для этих 12 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 573c43e445 feat(sidebar): collapse to icon rail, expand on hover Sidebar is icon-only by default and expands as an overlay on hover, so the dashboard content underneath no longer reflows. Drops the persisted collapse state and the click trigger that conflicted with hover.
  • db5ce06256 fix(panel-proxy): route custom geo and http(s) Telegram through panelProxy Custom geosite/geoip downloads built their own ssrfSafeTransport and never used the configured Panel Network Proxy, so geo updates failed on servers where GitHub is filtered. Route all custom-geo HTTP (startup probes + downloads) through panelProxy when set, falling back to the direct SSRF-guarded transport otherwise; the target URL stays SSRF-validated. The Telegram bot only honored a socks5:// panel proxy and silently rejected http(s)://, despite the setting advertising both. Branch the fasthttp dialer (FasthttpHTTPDialer for http(s), FasthttpSocksDialer for socks5) and accept all three schemes in the fallback and NewBot validation. Add tests proving the panel proxy is used by custom geo and that the bot dialer speaks HTTP CONNECT vs SOCKS5 per scheme.
  • 71cf22fa8d fix(migrate-db): preserve false-valued columns in SQLite to Postgres copy GORM struct INSERT substitutes a column default tag for Go zero-values, so disabled rows (enable=false) silently re-enabled on the destination. Copy each batch through explicit per-column maps so every value is written verbatim. Adds a regression test.
  • e7c11c913a feat(inbounds): per-proxy Pinned Peer Cert SHA-256 + labeled External Proxy form Redesign the Add Inbound -> Stream External Proxy section into labeled per-entry cards (Force TLS / Host / Port / Remark and, under TLS, SNI / Fingerprint / ALPN) and add a Pinned Peer Cert SHA-256 field with a generate-random-hash button to each entry. The pin flows end to end into share links: pcs for vmess/vless/trojan/ss (stripped when a proxy forces security off) and the hex-normalized pinSHA256 for Hysteria. JSON and Clash subscriptions emit the native pinnedPeerCertSha256 / pin-sha256 via the cloned stream. Adds the forceTls label across all 13 locales plus frontend and Go tests.
  • df7ccd3a64 fix(clients): use client_inbounds link to resolve inbound, not stale id client_traffics.inbound_id is a legacy single-inbound pointer that goes stale when an inbound is deleted and recreated: the email-keyed traffic row survives but references a missing inbound. Code that resolved the owning inbound from it broke several client operations. - adjustTraffics: 'Start After First Use' (negative expiry) never converted to an absolute deadline on first traffic, so the countdown never started. Now resolves inbounds via the client_inbounds link and computes the new expiry once per email so multi-inbound clients stay consistent. - GetClientInboundByEmail / GetClientInboundByTrafficID: fall back to client_inbounds when the pointer is dead, fixing reset traffic ('record not found'), client info, and Telegram set-tgId. - autoRenewClients: resolve renew targets via client_inbounds so scheduled renews are not silently skipped. - clients page: allow resetting a client with no inbound attachment (the backend already zeroes counters by email). Add regression test for the delayed-start conversion under a stale inbound_id.
  • Просмотр сравнение для этих 10 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • e63cde8fcb feat(settings): move the remark model control to the subscription tab Relocate Remark Model & Separation Character from the General/Panel tab to the Subscription tab's Information section, beside Show Info and Email in Remark, since it only governs how share-link remarks are composed. The sample preview uses concrete example values and renders the separator literally. Also drop the port from the subscription page link rows so each row shows just the inbound remark; the port still appears in the client QR modal and the client info modal.
  • d0998c1d6d feat(links): richer share-link labels across QR, client info and sub views Show colored protocol/transport/security tags followed by the inbound remark and port for each share link in the client QR modal, client info modal and subscription page. The client email and the traffic/expiry decorations are stripped from the remark so only the inbound remark and port remain. Consolidate the duplicated per-page parseLinkMeta/trimEmail/PROTOCOL_COLORS into a shared lib/xray/link-label.tsx (parseLinkParts, LinkTags, linkMetaText) so the colours and the email/stats stripping stay identical across all three surfaces.
  • ccfd04219b fix(panel): register /groups SPA route so hard refresh returns index.html The frontend has a groups page route and sidebar entry, but the backend never registered a GET handler for /panel/groups. A hard browser refresh on that page fell through to the 404 handler. Add the missing panelSPA registration alongside the other page routes. Fixes #4837
  • b08fc0c963 fix(clients): keep reverse tag clearable and preserve flow on attach Two multi-inbound client bugs from issue #4834: - Clearing a client's reverse tag never persisted: SyncInbound keeps a non-empty sticky guard on reverse (shared with node-sync/rename), so the cleared value never reached the canonical clients.reverse column the edit form reads. Update now writes that column authoritatively from the submitted client, matching how it already writes email/updated_at directly. - Attaching a new inbound reset xtls-rprx-vision: Attach seeded its wire client from the canonical clients.flow column, which a non-flow inbound can zero during the preceding update. It now derives the flow from EffectiveFlow (the per-inbound flow_override), so flow-capable targets keep the flow and others stay empty. Adds service tests for both paths and a guard test confirming node-snapshot sync still preserves a stored reverse tag.
  • Просмотр сравнение для этих 4 коммитов »

2 дней назад

txlyre синхронизированные коммиты с v1.8.9 на txlyre/dtlspipe из зеркала

2 дней назад

txlyre синхронизированные новые ссылки v1.8.9 к txlyre/dtlspipe из зеркала

2 дней назад

txlyre синхронизированные коммиты с master на txlyre/dtlspipe из зеркала

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • f6d4358f9e ci(issue-bot): ground the assistant in repo source with an investigation step Give the issue and @claude-mention assistants the repository map, verified runtime facts, and an explicit INVESTIGATE step so every answer is grounded in the checked-out source instead of guesses. Raise max-turns (issues 45->90, mentions 40->70) and expand the mention system prompt to match.
  • 6ee462ac8e fix(links): use configured domain for panel copy/QR links on loopback The panel's copy/QR share links are built client-side and fell back to window.location.hostname, so reaching the panel over an SSH tunnel (127.0.0.1/localhost) leaked localhost into the links - unlike the backend subscription path, which falls back to the configured Sub/Web Domain (issue #4829). Expose webDomain/subDomain via /defaultSettings and add preferPublicHost: when the browser host is loopback, prefer the configured Sub Domain (then Web Domain) for share/QR links. An explicit node override or per-inbound listen still wins; a routable browser host is kept as-is. Closes #4829
  • fcc6787a64 fix(settings): fall back to defaults for empty/NULL setting values A setting row whose value column is empty or NULL (seen on some migrated databases) was parsed directly, so getInt/getBool and the GetAllSetting reflection path crashed with 'strconv.Atoi: parsing "": invalid syntax'. This made the Inbounds page (/defaultSettings -> GetPageSize) and the Settings page fail to load. Treat an empty stored value the same as a missing row and fall back to the built-in default at the int/bool parse sites. String getters are unchanged, so legitimately-empty string settings stay empty. Closes #4830
  • a40d85ce53 fix(sub): advertise routable inbound Listen in subscription links resolveInboundAddress stopped using the inbound's bind Listen in 3.2.5/3.2.6, so a per-inbound Address/IP no longer appeared in generated subscription/share links - they always used the host the subscriber reached the panel on. The frontend QR path still honored Listen, so the panel and the subscription disagreed (issue #4798). Restore advertising Listen when it is a routable host (real IP or hostname), reusing isRoutableHost and excluding unix-domain sockets. Loopback/wildcard binds still fall back to the subscriber host, keeping the earlier loopback-leak fix intact. Precedence is now node address > routable Listen > subscriber host; External Proxy still overrides everything. Closes #4798
  • f901cd42a5 fix(docker): make x-ui CLI menu work inside containers check_status() only recognized a systemd service or Alpine's /etc/init.d/x-ui, neither of which exists in a container where the panel runs as the foreground main process (PID 1 via "exec /app/x-ui"). Every CLI command therefore failed with "Please install the panel first", and restart/restart-xray relied on rc-service/systemctl that aren't present. Detect the container (/.dockerenv or XUI_IN_DOCKER) and, when inside one: - resolve the panel binary under /app instead of /usr/local/x-ui - derive status from the running process instead of a service file - restart via SIGHUP and restart-xray via SIGUSR1 to the panel process - show Docker-appropriate guidance for start/stop/enable/disable The Dockerfile sets XUI_IN_DOCKER/XUI_MAIN_FOLDER so detection is explicit even though /.dockerenv alone suffices. Closes #4817
  • Просмотр сравнение для этих 13 коммитов »

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 66d4d04776 fix(iplimit): populate client IP log without an IP limit The per-client IP log was only filled as a side effect of IP-limit enforcement: Run() scraped the access log only when some client had limitIp>0, so installs without a limit always showed an empty IP log (#4800). Decouple collection from enforcement: scrape the access log whenever it is available and thread an enforce flag through processLogFile/updateInboundClientIps so banning still only happens for limited clients. The XUI_ENABLE_FAIL2BAN kill-switch is preserved. Closes #4800
  • 91f325eca6 feat(clients): show filtered count in clients list Surface a "Showing X of Y" counter in the clients filter bar that appears whenever a search term or any filter is active, using the server-provided filtered and total counts. Added the showingCount string across all 13 locales. Closes #4808
  • 61105c2b1a feat(clients,routing): label inbounds by remark with tag fallback Inbound pickers and chips across the Users area, the inbounds attach-clients modals, and the routing rule inbound-tags selector showed the auto-generated tag (in-443-tcp). Show the inbound remark when set, falling back to the tag. Only display labels change; option values keep using the inbound id (or tag for routing rules, which match inbounds by tag), so filtering, attaching, and saved rules are unaffected. Routing reads remarks via a shared useInboundOptions hook that reuses the existing options query cache.
  • 10c185a592 fix(sub): escape Clash subscription profile filename header (#4799)
  • 02043a432d fix(node): fix "invalid input" on save and gate save on connectivity The pinnedCertSha256 form field unmounts for non-pin TLS modes, so antd dropped it from the onFinish values and Zod rejected the missing string (the user-facing "invalid input"). Make it optional with a default so saving works in every TLS mode. Saving now runs the connection test first and only persists when the probe is online; the add/update endpoints enforce the same probe so an unreachable node cannot be stored via the API either. Selecting the http scheme forces TLS verify mode to skip and disables the control, normalized on open for existing http nodes. http-vs-https probe failures report a clear "set the node scheme to http" message across the test button, save, and the backend gate. Closes #4794
  • Просмотр сравнение для этих 5 коммитов »

2 дней назад

txlyre синхронизированные коммиты с v3.2.6 на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные новые ссылки v3.2.6 к txlyre/3x-ui из зеркала

3 дней назад