txlyre

txlyre синхронизированные коммиты с v3.5.0 на txlyre/3x-ui из зеркала

6 часов назад

txlyre синхронизированные новые ссылки v3.5.0 к txlyre/3x-ui из зеркала

6 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 4e928a1ce0 v3.5.0
  • e211a5cc47 feat(frontend): hide redundant migration download on sqlite panels Back Up's .db now restores directly into a PostgreSQL panel, so the SQLite-side Download Migration row only duplicated it; the row stays on PostgreSQL panels where it is the only PG-to-SQLite path. Restore accepts .dump and .db everywhere, the backup modal texts describe the accepted formats in all locales, and the orphaned migrationDownloadDesc key is removed.
  • 77dffe9a85 feat(server): sniff sqlite panel restore uploads and keep the fallback on failure The SQLite panel's Restore now detects the upload by content like the PostgreSQL panel does: migration dumps are rebuilt with RestoreSQLite, pg_dump archives get a clear error instead of 'Invalid db file format', and every upload passes the panel-schema pre-flight before Xray stops. The .backup fallback survives a failed Xray start and is named in the error, the DB pool is reopened on every error path after CloseDB, and a failed InitDB closes the imported file before restoring the fallback so the rename cannot hit a Windows sharing violation.
  • 54fc0fd47c fix(database): make cross-db migration lossless, transactional, and pre-checked migrationModels was missing ClientGroup and ClientGlobalTraffic, so both migration directions silently dropped client groups and global client traffic; the model list is now extracted to allModels and a parity test keeps the two lists from drifting again. MigrateData runs its truncate and copy inside one transaction so a failed import rolls back instead of leaving the destination truncated (sequences resync after commit since setval is non-transactional). New PrepareSQLiteForMigration rejects uploads that are not a panel database and AutoMigrates old backups so their missing tables cannot break the row copy.
  • 30b611614b feat: import SQLite migration dumps through the PostgreSQL panel restore The SQLite panel's Download Migration produces a portable SQL text dump advertised as seeding a PostgreSQL panel, but the PostgreSQL Restore only accepted pg_dump custom archives, so the migration file was rejected with 'Invalid file' even though the upload picker asked for .dump. importDB now sniffs the upload header: PGDMP archives keep the pg_restore path, while raw SQLite databases (.db) and SQL text migration dumps are rebuilt, integrity-checked, and copied into PostgreSQL with the same MigrateData engine as 'x-ui migrate-db --dsn'. The restore picker accepts .dump/.db on PostgreSQL and the backup modal texts describe the accepted formats in every locale.
  • Просмотр сравнение для этих 5 коммитов »

6 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 44f2f426d8 feat(frontend): split wireguard inbound export into config and links tabs The per-inbound export modal only showed the joined .conf blocks for wireguard, with no way to grab the wireguard:// share links the QR modal already generates. TextModal gains an optional tabs prop (copy and download follow the active tab), and the wireguard export now offers a Config tab with the .conf blocks alongside a Links tab with the per-client wireguard:// URLs. Tab labels reuse the existing pages.clients.config / pages.clients.tabLinks locale keys. Other protocols keep the single untabbed view.
  • c4a1139d3f feat(frontend): treat wireguard inbounds as multi-user in client actions WireGuard has been first-class multi-client on the backend for a while (key generation, tunnel address allocation, attach/detach/delete all flow through the shared client apply path), but isInboundMultiUser still excluded it, so wireguard rows only offered Export Inbound / Reset Traffic / Clone / Delete. Adding it to the multi-user set surfaces Export All URLs (per-client .conf blocks), the subscription export, and the attach/detach/group/delete-all client actions, and makes wireguard inbounds valid targets in the attach-clients picker. The now-dead isWireguard guard on the inbound-info branch is dropped. The clients-page bulk attach/detach modals carried the same stale protocol set, also missing mtproto, so both now match the single-client form's inbound picker.
  • 476bec451d fix(frontend): show zero client count for mtproto and wireguard inbounds
  • f905c2dcec chore(frontend): bump version and deps Update the frontend package version from 0.4.1 to 0.4.3 and refresh key dependencies. This includes i18next/react-i18next, Storybook packages (10.5.0), and ESLint (10.7.0), with corresponding lockfile updates to keep dependency resolution in sync.
  • 30f6bc1833 feat: Add outbound egress metadata (IP + country) (#5886) * Add outbound egress metadata Show egress IP and country information for outbound HTTP tests. The probe reuses the temporary SOCKS route from the existing HTTP test and fetches Cloudflare trace metadata after the reachability check succeeds. The outbound list now adds separate Egress and Country columns, hides egress IPs until the user reveals them, and marks Cloudflare WARP results with an orange cloud pill. Mobile cards keep the same data compact by placing the country and IPv4/IPv6 values on separate lines. Validation: npm run typecheck; npm run lint; npm run build; go test ./internal/web/service/outbound * Use context-aware DNS lookup for egress trace * Address outbound egress review feedback Restore the Real Delay selector and TCP default so the egress metadata change does not remove an existing test mode. Keep HTTP probe tests hermetic by stubbing egress trace lookups, run IPv4 and IPv6 trace fetches concurrently with a shorter diagnostic timeout, scope mobile IP reveal state per row, support keyboard activation for reveal toggles, and treat WARP+ trace values as WARP-like.
  • Просмотр сравнение для этих 6 коммитов »

15 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 814cda3fb4 feat(xray): update xray-core to v26.7.11 and adapt panel Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins (DockerInit.sh, release.yml x2) in lockstep. Adapt the panel to the upstream changes: - Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from the core. A migration rewrites stored none/plain SS methods to a supported cipher and none/zero VMess security to "auto" (on both the clients column and inbound settings JSON); the SS build-time heal does the same so a row injected after boot cannot brick startup. The removed values are dropped from every frontend option list, schema and adapter, and coerced to "auto" at the Go link/sub/Clash emit sites and both link importers. Fix the CipherType_NONE sentinel that no longer compiles. - Unencrypted vless/trojan outbounds to a public address are now refused by the core. Validate outbounds through the vendored config loader when saving the xray template and when storing/merging outbound subscriptions, so one such outbound cannot keep the core from starting. - New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub link allowlist, the frontend enum and the FinalMask form (hostname, usernames, required password), and document it. - streamSettings gained a "method" alias for "network"; canonicalize it to "network" at inbound save time and in the form adapters/schema so a method-keyed config keeps its transport. - New root "env" config key is passed through xray.Config, compared in Equals, and forces a restart in the hot diff. - REALITY now defaults minClientVer to 26.3.27; update the form placeholder.
  • affcf6c422 fix(link): strip query and trailing slash when parsing ss:// port (#5895) * fix(link): strip query and trailing slash when parsing ss:// port Subscription-provided Shadowsocks links use the SIP002 form ss://userinfo@host:port[/][?plugin=...]#tag. parseShadowsocks only stripped the #fragment, so a "?plugin=" / "?type=" query and the optional trailing slash leaked into the host:port split, strconv.Atoi failed, and the port was silently set to 0 (the error was discarded). Direct link import was unaffected because it runs through the frontend parser, which already handles this. Strip the query and the trailing slash before splitting host:port, mirroring the frontend outbound-link-parser and the SIP002 grammar. This complements #5432, which fixed the SS2022 generation side. Add table-driven parseShadowsocks tests covering modern, legacy, base64url userinfo, the SIP002 slash+plugin form, and SIP022 percent-encoded userinfo with a dual-key password. * fix(link): surface ss:// port parse errors instead of defaulting to 0 The modern and legacy Shadowsocks branches discarded the strconv.Atoi error when reading the port, silently yielding port 0 for any malformed host:port. Return a parse error instead, matching defaultPort's existing pattern in this file, so a bad link is skipped by ParseSubscriptionBody rather than injected as an unusable port-0 outbound.
  • cbd2940a63 fix(node): adopt a node inbound's host overrides into the master Per-inbound Host overrides (Security/SNI/Fingerprint/ALPN and friends) are looked up by the local inbound id when subscriptions render, but nothing in the node sync ever fetched the node's hosts table: an inbound adopted from a managed node got zero Host rows on the master, so its subscription configs fell back to a bare TLS block without the fingerprint/SNI the node was configured with. When a traffic snapshot carries a tag with no central row yet - the only moment adoption can happen - the sync job now also pulls the node's existing hosts/list endpoint (best-effort, so old nodes just skip it) and the adoption branch materializes that inbound's groups against the new central id inside the same transaction, reusing the group-to-rows projection the hosts API already uses. Master stays authoritative afterwards: this is a one-time import, not a continuous sync, matching how the inbound's own settings are adopted. Closes #5890
  • e6bef229ae fix(web): opt panel pages out of Cloudflare Rocket Loader Behind Cloudflare with Rocket Loader enabled, the panel's entry bundles were rewritten and executed through Rocket Loader's own loader instead of as native ES modules (a reporter's network capture shows the main bundle initiated by rocket-loader.min.js). That breaks module semantics and script ordering, leaving a blank page after login even though every asset returns 200 - most visibly with a custom URI path, where the injected base path must be set before the bundle boots. Stamp data-cfasync="false" - Cloudflare's documented per-script opt-out - on the built entry script tags via a build-time transformIndexHtml hook (Vite regenerates entry tags, so a source-HTML attribute would be stripped), and on the runtime-injected base-path/version inline script in serveDistPage. Closes #5868
  • 975b1f1acc fix(iplimit): ban a dead connection once instead of every scan When a client's connection drops without a clean TCP close, xray-core keeps its online-map entry until the session context ends (idle policy), minutes after the kernel socket is gone. The 10s IP-limit scan kept seeing that stale IP as the oldest live one and re-emitted the same [LIMIT_IP] Disconnecting OLD IP line plus a RemoveUser/AddUser cycle every scan - operators measured 100+ repeats over ~1000s for a single network switch, forcing absurd fail2ban maxretry values to avoid banning legitimate mobile users. The core refreshes an entry's lastSeen only when a new connection from that IP is dispatched, never on traffic, so a frozen lastSeen across scans is a dead connection, not a reconnect. Track the lastSeen of each banned (email, ip) pair and skip the log line and disconnect until it advances; a real reconnect moves lastSeen and is enforced exactly as before, and an age cutoff that could misclassify long-lived active tunnels is deliberately avoided. Closes #5893
  • Просмотр сравнение для этих 12 коммитов »

1 день назад

txlyre синхронизированные и удаленные ссылки fix/issue-5865-hysteria2-host-allow-insecure на txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные и удаленные ссылки claude/issue-5864-20260709-1451 на txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • ed9686bf29 fix(clients): include Telegram ID in client list search (#5888) * fix(clients): include Telegram ID in client list search clientMatchesSearch only checked Email/SubID/Comment/UUID/Password/Auth, so searching the client list for a Telegram user ID never matched even though the field is stored on every client. This is a real regression, not a field that was simply never included: before the paged search endpoint (#4500), the frontend searched with ObjectUtil.deepSearch() over the full client object, which recursed into every field including tgId. Replacing that with a fixed backend field list silently dropped it (along with a few other fields, but tgId is the one that's actually needed here since it's the panel's own way of looking a client up when it only knows their Telegram ID). TgID is int64 (0 = unset), so it can't sit in the existing []string candidates array — matched separately via strconv, and skipped when 0 to avoid a needle of "0" spuriously matching every client without a Telegram ID. Fixes #5880 * fix(clients): drop explanatory comment, mention Telegram ID in search hint Addresses review feedback on #5888: - Removed the // comment block above the TgID check in clientMatchesSearch per repo convention (code should read on its own). - Updated searchPlaceholder in all 13 locale files to mention Telegram ID, since the search box now actually matches on it. * test(clients): remove TgID search test per maintainer request

2 дней назад

txlyre синхронизированные коммиты с claude/issue-5864-20260709-1451 на txlyre/3x-ui из зеркала

  • 133ab83a25 fix(xhttp): stop XMUX Max Concurrency from reverting on save XHttpXmuxSchema defaulted maxConnections to 6 (added for xray-core's anti-RKN behavior), so toggling XMUX on - or simply loading any previously-saved inbound/outbound - silently populated maxConnections even when the user only ever touched maxConcurrency. The save-time mutual-exclusivity rule then saw both fields non-zero and discarded maxConcurrency, and the deleted value came back as the '16-32' schema default on the next load, making the field look like it never saved. Revert the schema default to 0 and instead seed the anti-RKN maxConnections=6 default only where XMUX is freshly enabled (XMUX_FRESH_DEFAULTS), with maxConcurrency left blank so the two never start out conflicting. Also make maxConcurrency/maxConnections clear each other live in both the inbound and outbound XMUX forms, so whichever field the user actually edits is the one that gets saved. Addresses #5864 Co-authored-by: Sanaei <33454419+[email protected]>
  • c62e8c6bbe ci(claude-bot): structure PR review and issue triage prompts Rework the handle-pr-review, handle-pr-fix, and handle-issue prompts to produce professional, structured output. The review job now rates findings by severity and confidence across explicit review areas and reports a Summary, Findings, and a text-only verdict in one plain comment; the fix job reuses the same lens to prioritize what it applies versus leaves for the author; issue triage gains a structured bug-confirmation format and explicit outcomes for mislabeled and not-a-bug reports, closing conservatively. Severity uses text labels to respect the no-emoji house style, and the adapted ignore-list keeps i18n and generated files flaggable.
  • d33b6865a9 ci(claude-bot): auto-open the PR after an owner @claude fix on an issue claude-code-action only pushes a branch and posts a Create PR link by design; it never opens the PR itself. Add a post-step to the mention job that opens a PR from the action's branch_name output when the trigger was an issue (guarded against no-op branches and against an existing PR). Simplify the mention prompt so the agent just makes edits with Edit/Write and lets the workflow commit and open the PR, instead of running git/gh pr create itself (which fought the action's built-in flow and left only a link).
  • 3d513b5084 chore(deps): bump golang.org/x/text from 0.38.0 to 0.40.0 (#5872) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.38.0 to 0.40.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.38.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • f79931eacf chore(deps-dev): bump vite from 8.1.3 to 8.1.4 in /frontend (#5877) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.1.3 to 8.1.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 10 коммитов »

3 дней назад

txlyre синхронизированные новые ссылки claude/issue-5864-20260709-1451 к txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • c62e8c6bbe ci(claude-bot): structure PR review and issue triage prompts Rework the handle-pr-review, handle-pr-fix, and handle-issue prompts to produce professional, structured output. The review job now rates findings by severity and confidence across explicit review areas and reports a Summary, Findings, and a text-only verdict in one plain comment; the fix job reuses the same lens to prioritize what it applies versus leaves for the author; issue triage gains a structured bug-confirmation format and explicit outcomes for mislabeled and not-a-bug reports, closing conservatively. Severity uses text labels to respect the no-emoji house style, and the adapted ignore-list keeps i18n and generated files flaggable.
  • d33b6865a9 ci(claude-bot): auto-open the PR after an owner @claude fix on an issue claude-code-action only pushes a branch and posts a Create PR link by design; it never opens the PR itself. Add a post-step to the mention job that opens a PR from the action's branch_name output when the trigger was an issue (guarded against no-op branches and against an existing PR). Simplify the mention prompt so the agent just makes edits with Edit/Write and lets the workflow commit and open the PR, instead of running git/gh pr create itself (which fought the action's built-in flow and left only a link).
  • 3d513b5084 chore(deps): bump golang.org/x/text from 0.38.0 to 0.40.0 (#5872) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.38.0 to 0.40.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.38.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • f79931eacf chore(deps-dev): bump vite from 8.1.3 to 8.1.4 in /frontend (#5877) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.1.3 to 8.1.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 4 коммитов »

3 дней назад

txlyre синхронизированные и удаленные ссылки claude/issue-5864-20260709-0020 на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • de5b130095 ci(claude-bot): gate write capability to trusted actors Make every automatic, untrusted trigger read-only and require an explicit trusted actor for any code change. - handle-issue (issue opened): read-only triage; confirm bugs and tag the maintainer, never edit code or open a PR. Authenticates as GITHUB_TOKEN so replies post as github-actions[bot], not a personal account. - handle-pr-fix (PR opened): applies fixes only for owner/member/collaborator authors; dropped allowed_non_write_users so the default write gate also applies. - handle-pr-review (PR opened, external authors): read-only review comment only. - mention (@claude comment): runs only for the repository owner; may open a PR from an issue or commit to a PR on explicit request. No job authenticates as the static PAT anymore; the PAT is used only to route git pushes for the trusted PR-fix and owner-mention paths.
  • f3e99058f9 fix(sub): apply host Allow Insecure to Hysteria2 subscription links (#5866) Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865. Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
  • 142dab9ee8 feat(balancer): add balancer-to-balancer fallback support (#5586) * feat(balancer): add balancer-to-balancer fallback support Xray does not natively support using a balancer as fallbackTag for another balancer. This feature automates the loopback workaround: when a user selects a balancer as fallback, the panel generates a loopback outbound + routing rule in the template. How it works: - User picks fallback balancer from dropdown - Panel creates loopback outbound _bl_{target} + routing rule - Balancer fallbackTag set to _bl_{target} - Traffic: Balancer A → loopback _bl_B → routing rule → Balancer B Key features: - Dedup: multiple balancers sharing same fallback reuse one loopback - DFS cycle detection at edit time and on save - Self-reference guard (cannot select own balancer) - Delete protection (blocks if used as fallback by others) - Cleans up routing rules referencing deleted balancers - Override resolves balancer tags through loopback mechanism - All live status tags resolved for display - Internal _bl_ objects filtered from Outbounds/Routing UI - Backward-compatible with old _bl_ naming format - Translations for all 13 locales * fix(review): override regression, save payload sync, i18n completeness - OverrideBalancer: only resolve to loopback when resolution succeeds, pass original target through for plain outbound tags - onSaveAll: serialize cleaned template before save to ensure the healed/cleaned config is what gets persisted - Add reservedPrefix translation key to all 12 non-English locales - Restore trailing newlines in all 13 translation JSON files * fix(test): update balancer form modal tests after cycle-detection guard The okButtonProps disabled guard (added in 56d5825c) prevents the modal from firing onOk when the form is invalid. The old tests clicked the button expecting validation errors to appear, but antd Modal never calls onOk on a disabled button — causing false failures. Rewrite to test the actual guard behavior: - Button starts disabled (empty form) - Stays disabled with tag only (selector still empty) - Stays disabled for duplicate tag - Disabled button does not trigger onConfirm --------- Co-authored-by: MHSanaei <[email protected]>
  • ea24ef0a69 feat(xray): default outbound in basic routing (#5815) * feat(xray): default outbound picker in basic routing Let panel users choose which outbound handles unmatched traffic by moving it to the first position in the template outbounds list. * fix(xray): keep direct/blocked outbounds when changing default * style(routing): revert incidental whitespace churn Drop double blank lines and the reformatted function signature so the default-outbound diff stays focused on behavior.
  • 2c28fa5f48 fix(inbound): scope port-conflict check to the stored node on update (#5833) * fix(inbound): scope port-conflict check to the stored node on update UpdateInbound called checkPortConflict before restoring the inbound's NodeID from the database, so the check used the NodeID from the request body. That value is unreliable for edits: clients omit it (nodeId is `json:",omitempty"`) and the code already treats the stored NodeID as authoritative — an inbound can't be moved between nodes via edit. With a nil request NodeID a node inbound was mis-checked as a local/main-panel inbound and falsely collided with an unrelated inbound that happened to reuse the same port on the central panel (or another node). Symptom: editing a node inbound's listen address was rejected with "port <p> (tcp) already used by inbound ... " and silently discarded. Load the old inbound and restore inbound.NodeID *before* checkPortConflict, so the check runs against the node the inbound actually lives on. checkPortConflict already scopes candidates by node (sameNode); it was simply being fed the wrong NodeID. Add a regression test that seeds a main-panel and a node inbound on the same port and asserts the node inbound stays editable (fails before this change with the exact "already used" rejection). * style(inbound): trim inline comments from port-conflict scoping Repo convention forbids // line comments in committed Go; keep the scoping fix self-documenting.
  • Просмотр сравнение для этих 9 коммитов »

4 дней назад

txlyre синхронизированные коммиты с fix/issue-5865-hysteria2-host-allow-insecure на txlyre/3x-ui из зеркала

  • 726fc3e7e2 test(sub): cover Hysteria2 Allow Insecure propagation to sub links applyExternalProxyHysteriaParams and buildHysteriaProxy previously had no direct test asserting insecure=1 / skip-cert-verify: true for a host/ external-proxy entry with allowInsecure set — the existing tests only locked in the untouched pin/SNI behavior. Add positive and negative cases for both the raw-link and Clash paths so the #5865 fix has a regression test of its own.
  • a97d1c92e3 fix(sub): apply host Allow Insecure to Hysteria2 subscription links Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865.
  • 2c28fa5f48 fix(inbound): scope port-conflict check to the stored node on update (#5833) * fix(inbound): scope port-conflict check to the stored node on update UpdateInbound called checkPortConflict before restoring the inbound's NodeID from the database, so the check used the NodeID from the request body. That value is unreliable for edits: clients omit it (nodeId is `json:",omitempty"`) and the code already treats the stored NodeID as authoritative — an inbound can't be moved between nodes via edit. With a nil request NodeID a node inbound was mis-checked as a local/main-panel inbound and falsely collided with an unrelated inbound that happened to reuse the same port on the central panel (or another node). Symptom: editing a node inbound's listen address was rejected with "port <p> (tcp) already used by inbound ... " and silently discarded. Load the old inbound and restore inbound.NodeID *before* checkPortConflict, so the check runs against the node the inbound actually lives on. checkPortConflict already scopes candidates by node (sameNode); it was simply being fed the wrong NodeID. Add a regression test that seeds a main-panel and a node inbound on the same port and asserts the node inbound stays editable (fails before this change with the exact "already used" rejection). * style(inbound): trim inline comments from port-conflict scoping Repo convention forbids // line comments in committed Go; keep the scoping fix self-documenting.
  • f9cd7ac906 Add column sorting to inbounds table (#5661)
  • d2efe9b022 fix(sub): include native WireGuard clients in Clash and JSON subscriptions (#5676) The Clash (buildProxy) and JSON (getConfig) subscription generators had no WireGuard branch, so a native WireGuard inbound's clients were silently dropped: buildProxy hit its default nil case, and getConfig emitted a config with no proxy outbound. Only the raw subscription (genWireguardLink) and external-link Clash path handled WireGuard. Add a WireGuard case to both generators, mirroring genWireguardLink: the peer public key is derived from the inbound secretKey, while the private key, tunnel address (mihomo ip/ipv6, Xray settings.address), pre-shared key and keep-alive come from the client. The peer routes the full tunnel (0.0.0.0/0, ::/0), which both mihomo and Xray also default to. Field names verified against the mihomo WireGuardOption source (private-key, public-key, pre-shared-key, persistent-keepalive, ip, ipv6, mtu, dns) and the Xray wireguard outbound schema (secretKey, address, peers[].publicKey/endpoint/ preSharedKey/keepAlive/allowedIPs, mtu).
  • Просмотр сравнение для этих 10 коммитов »

4 дней назад

txlyre синхронизированные новые ссылки fix/issue-5865-hysteria2-host-allow-insecure к txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные коммиты с claude/issue-5864-20260709-0020 на txlyre/3x-ui из зеркала

  • 7c2e84e36f fix: prevent xhttp xmux maxConcurrency from being dropped on save Both maxConcurrency ('16-32') and maxConnections (6) default to a non-zero value the instant XMUX is toggled on, so they already collide before either field is touched. The save-time mutual- exclusivity check always favored maxConnections and silently dropped maxConcurrency, even when the admin only ever edited that one field - so an explicit "1-2" always reverted back to "16-32" after saving and reopening the inbound/outbound. Live-clear the untouched sibling field in the form the moment either becomes a real value, so the two schema defaults never collide unless the admin actually chose to set both explicitly. Also stop a live-cleared empty maxConcurrency from leaking onto the wire as a literal empty string. Fixes #5864 Co-authored-by: Sanaei <33454419+[email protected]>
  • de5b130095 ci(claude-bot): gate write capability to trusted actors Make every automatic, untrusted trigger read-only and require an explicit trusted actor for any code change. - handle-issue (issue opened): read-only triage; confirm bugs and tag the maintainer, never edit code or open a PR. Authenticates as GITHUB_TOKEN so replies post as github-actions[bot], not a personal account. - handle-pr-fix (PR opened): applies fixes only for owner/member/collaborator authors; dropped allowed_non_write_users so the default write gate also applies. - handle-pr-review (PR opened, external authors): read-only review comment only. - mention (@claude comment): runs only for the repository owner; may open a PR from an issue or commit to a PR on explicit request. No job authenticates as the static PAT anymore; the PAT is used only to route git pushes for the trusted PR-fix and owner-mention paths.
  • f3e99058f9 fix(sub): apply host Allow Insecure to Hysteria2 subscription links (#5866) Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865. Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
  • 142dab9ee8 feat(balancer): add balancer-to-balancer fallback support (#5586) * feat(balancer): add balancer-to-balancer fallback support Xray does not natively support using a balancer as fallbackTag for another balancer. This feature automates the loopback workaround: when a user selects a balancer as fallback, the panel generates a loopback outbound + routing rule in the template. How it works: - User picks fallback balancer from dropdown - Panel creates loopback outbound _bl_{target} + routing rule - Balancer fallbackTag set to _bl_{target} - Traffic: Balancer A → loopback _bl_B → routing rule → Balancer B Key features: - Dedup: multiple balancers sharing same fallback reuse one loopback - DFS cycle detection at edit time and on save - Self-reference guard (cannot select own balancer) - Delete protection (blocks if used as fallback by others) - Cleans up routing rules referencing deleted balancers - Override resolves balancer tags through loopback mechanism - All live status tags resolved for display - Internal _bl_ objects filtered from Outbounds/Routing UI - Backward-compatible with old _bl_ naming format - Translations for all 13 locales * fix(review): override regression, save payload sync, i18n completeness - OverrideBalancer: only resolve to loopback when resolution succeeds, pass original target through for plain outbound tags - onSaveAll: serialize cleaned template before save to ensure the healed/cleaned config is what gets persisted - Add reservedPrefix translation key to all 12 non-English locales - Restore trailing newlines in all 13 translation JSON files * fix(test): update balancer form modal tests after cycle-detection guard The okButtonProps disabled guard (added in 56d5825c) prevents the modal from firing onOk when the form is invalid. The old tests clicked the button expecting validation errors to appear, but antd Modal never calls onOk on a disabled button — causing false failures. Rewrite to test the actual guard behavior: - Button starts disabled (empty form) - Stays disabled with tag only (selector still empty) - Stays disabled for duplicate tag - Disabled button does not trigger onConfirm --------- Co-authored-by: MHSanaei <[email protected]>
  • ea24ef0a69 feat(xray): default outbound in basic routing (#5815) * feat(xray): default outbound picker in basic routing Let panel users choose which outbound handles unmatched traffic by moving it to the first position in the template outbounds list. * fix(xray): keep direct/blocked outbounds when changing default * style(routing): revert incidental whitespace churn Drop double blank lines and the reformatted function signature so the default-outbound diff stays focused on behavior.
  • Просмотр сравнение для этих 10 коммитов »

4 дней назад

txlyre синхронизированные новые ссылки claude/issue-5864-20260709-0020 к txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 7780ab0e23 ci(claude-bot): auto-fix trusted PRs and easy issue bugs Split the review-only handle-pr job into handle-pr-fix (owner/member/collaborator PRs: apply refactors and bug fixes directly, commit to the PR branch, no suggestion blocks) and handle-pr-review (external/fork PRs: one review-only comment, no suggestions, no code checkout). Upgrade handle-issue to open a fix PR for easy bugs (pushed via CLAUDE_BOT_PAT so pull_request CI runs on it), confirm the root cause and tag the maintainer for big bugs, and never open a PR for feature or enhancement requests.
  • 42690e1b8c feat(hosts): bulk-add multiple hosts to multiple inbounds (#5677) * feat(hosts): bulk-add multiple hosts to multiple inbounds Allow users to select multiple inbound IDs and enter multiple host addresses (with optional per-host port override) in a single form submission. - Add BulkAddHostReq entity and POST /panel/api/hosts/bulk/add endpoint - Add AddHostsBulk service with GORM transaction safety - Add parseHostAndPort helper (IPv4, bracketed/bracketless IPv6, port) - Update HostFormModal to multi-select inbounds and tag-input hosts - Wire bulkCreate mutation in HostsPage with existing-host suggestions - Register endpoint in api-docs/endpoints.ts and regenerate OpenAPI/Zod * feat(hosts): group override records by group_id and support group editing * fix: import Popover in HostList * fix: use messageApi in HostFormModal * fix(hosts): resolve 4 bugs found in host-group code review - fix(schema): allow empty hosts array in BulkAddHostSchema so users can save a host without an address (inherits inbound endpoint). The old .min(1) was never enforced at runtime since the schema is only used for type inference, but the type was incorrect. - fix(service): validate new inbound IDs in UpdateHostGroup before deleting old rows, matching the same check already present in AddHostGroup. Prevents orphaned host rows when an invalid inbound ID is supplied on edit. - fix(service): replace full-table scan in GetHostsByInbound with two targeted queries (DISTINCT group_id WHERE inbound_id=?, then WHERE group_id IN ?) to avoid loading every host in the DB. - fix(mutations): remove unused createMut / create export from useHostMutations. The /hosts/add endpoint is identical to /hosts/bulk/add; only bulkCreate is used by the UI. * fix(hosts): address code review feedback (optimize bulk inserts, add validation tests, and remove comments) * fix(fmt): apply gofumpt formatting to model.go and db.go The previous merge commit incorrectly applied gofmt (tab-aligned) to these files. The repository's golangci config requires gofumpt+goimports which produces space-aligned struct fields. This commit restores the correct gofumpt formatting that matches upstream/main. * chore(frontend): regenerate API schemas and update lockfile * fix * refactor(hosts): dedupe host-group service and tidy frontend AddHostGroup and UpdateHostGroup shared an identical ~35-field model.Host construction and hand-rolled transaction boilerplate (tx.Begin plus a committed flag plus a deferred recover/rollback). Extract buildHostRows, validateInboundsExist and formatHostAddr, and run every mutation through db.Transaction. groupHosts collapses its duplicated address/port formatting and create/append fork into one path using slices.Contains. Behavior-preserving: host.go drops ~90 lines with the existing service/controller tests green. Frontend: drop the Partial union and two as-casts in HostsPage.onSave (the modal always passes a full BulkAddHostValues), and remove the movable index map in HostList in favor of the table render index arg. --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Sanaei <[email protected]>
  • f431e9cc03 fix(inbounds): apply runtime changes after the DB commit (#5768) * fix(inbounds): apply runtime changes after commit * ci: fix staticcheck findings
  • f4199353da chore(frontend): bump dependencies Routine version bumps: i18next, msw, typescript-eslint, vitest and @vitest/coverage-v8 to their latest patch/minor releases, with the lockfile regenerated to match.
  • 5c5a509605 chore: add golangci-lint tasks and force LF on Go files Add VS Code tasks to run golangci-lint (with and without --fix) and mark *.go as text eol=lf so Go sources check out with LF, avoiding spurious CRLF lint failures on Windows. Also drop the now-redundant explicit DockerInit.sh/DockerEntrypoint.sh entries already covered by *.sh.
  • Просмотр сравнение для этих 11 коммитов »

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 328d920e98 feat(mtproto): enforce per-client quota & expiry via mtg-multi limits Map each mtproto client's totalGB and expiryTime onto mtg-multi's new [secret-limits] (quota/expires): emit them into the generated config and hot-apply through PUT /secrets so live connections survive. Quota is written as an exact "<n>B" byte count that round-trips through both the config and API parsers without the precision loss of a base-2 unit. The sidecar's quota counter is not pruned when a secret is dropped, so a panel-side traffic reset re-pushes the client's secret and then calls POST /secrets/{name}/reset-quota (wired into every reset path) so a renewed client is not immediately re-blocked. Resolve the mtg-multi binary from the fork's latest release tag in DockerInit.sh and release.yml instead of a hardcoded version pin, so the panel no longer needs a manual bump per fork release.
  • 61e12e4c29 Frontend dev tooling (Husky, lint-staged, MSW, Storybook) + full React Hook Form migration (#5859) * chore(frontend): add husky + lint-staged pre-commit gate Wire a local pre-commit gate that runs eslint --fix on staged frontend TypeScript via lint-staged. Because the only package.json lives in frontend/ while the git root is one level up, the prepare script installs husky hooks at frontend/.husky from the repo root (cd .. && husky frontend/.husky), and the pre-commit hook cd's into frontend/ before invoking lint-staged so node_modules resolves. * test(frontend): add MSW request mocking Add Mock Service Worker so tests can exercise the real http-init.ts request pipeline (CSRF acquisition, 403 refetch-and-retry, body parsing) instead of only stubbing HttpUtil. A node setupServer is started for the vitest unit project with onUnhandledRequest bypass so the existing HttpUtil spies and 55 component tests are untouched; the browser worker is copied to public/ for Storybook and dev use. * chore(frontend): add Storybook + component stories Set up Storybook 10 on the React-Vite builder (compatible with the pinned Vite 8.1.3 and React 19). The preview decorator mirrors the vitest component harness: an Ant Design ConfigProvider with a light/dark toolbar toggle and an en-US i18next instance. main.ts neutralizes the app vite config bits that do not belong in a component workshop (the three-entry rollup input, renderBuiltUrl, and the shared dist outDir) so build-storybook can never clobber internal/web/dist. Seeds stories across the presentational library (viz, ui, clients, feedback). build-storybook is a local tool and is not wired into the CI gate. * feat(frontend): add React Hook Form primitives Introduce the shared RHF layer that AntD inputs bind through, ahead of migrating the forms off Ant Design's Form store: - FormField wraps a Controller in an Ant Design Form.Item shell, reconciling the value/onChange shapes of Input, Switch, InputNumber, Select and friends via normalizeAntdOnChange, with input/output transforms and Zod-issue-key error messages resolved through t(). - useZodForm wires zodResolver (Zod 4) with the AntD-matching modes (validate on submit, then live) and shouldUnregister false so hidden and unmounted-tab fields keep their values. - rhfZodValidate covers the rare per-field rule sites. Covered by a FormField test exercising normalization, transforms, and resolver error surfacing. * refactor(frontend): migrate Pattern-B leaf forms to React Hook Form Move the controlled-useState leaf forms onto RHF via the FormField primitive, keeping Ant Design components and each form's exact submit behaviour (same safeParse, same toast on the first Zod issue, same payload building): - clients: ClientBulkAdjustModal, BulkAddToGroupModal, ClientBulkAddModal - xray: RuleFormModal, BalancerFormModal, WarpModal, NordModal Multi-control widgets that don't fit a single input (inbound dual select, subId regen, expiry branches, the balancer tag warning) stay as explicit Controller/setValue. Derived visibility now reads live values through useWatch. FormField gains a required prop so migrated fields keep their required-asterisk affordance. Settings tabs are intentionally excluded: they are control-panel components that live-patch a parent AllSetting via SettingListItem, not Ant Design Form submit-forms. * refactor(frontend): migrate LoginPage to React Hook Form Replace the Ant Design Form store + antdRule per-field validation with useForm + FormField. The AntD Form stays as the layout/submit wrapper, now driving methods.handleSubmit(onSubmit) via onFinish. Username and password validate through rhfZodValidate(LoginFormSchema.shape.*); the two-factor field keeps its conditional required rule (only registered when 2FA is enabled). Submit posts the same values to /login. * refactor(frontend): migrate ClientFormModal to React Hook Form Move the client add/edit form off controlled useState onto RHF while preserving exact submit behaviour (same ClientFormSchema / ClientCreateFormSchema safeParse, same toast, same payload + attach/ detach diff + external-links build). expiryDate is stored as an epoch number (never a Dayjs) to survive RHF's value cloning, converted at the DateTimePicker boundary. externalLinks uses useFieldArray with stable ids. inboundIds and the derived show*/ss2022 visibility read live via useWatch. Space.Compact button-group widgets stay manual Controllers so the joined borders keep working. * refactor(frontend): migrate Node and DNS modals to React Hook Form Both are self-contained Pattern-A forms (no shared fragments). Replace Form.useForm with useForm + FormProvider, Form.useWatch with useWatch, setFieldValue with setValue, and partial validateFields([...]) with methods.trigger([...]). Per-field antdRule becomes rhfZodValidate rules; the Node scheme->tlsVerify cascade moves to FormField onAfterChange; the DNS domains/expectIPs/unexpectIPs string arrays are driven by useWatch + setValue. Submit runs through handleSubmit on the modal OK button, preserving each form's exact validation, payload build, and save/onConfirm behaviour. * refactor(frontend): migrate HostFormModal to React Hook Form The host external-proxy editor's outer form moves to useForm + FormProvider. Security/tab visibility reads via useWatch; the three json-form editors (HostMuxForm/HostSockoptForm/HostFinalMaskForm) are bound as value/onChange black boxes through a Controller (their own internal forms are unchanged). remark/inboundId keep their validation via rhfZodValidate; submit runs through handleSubmit and builds the same payload (isDisabled = !enable) and save call. * refactor(frontend): migrate OutboundFormModal + fragments to React Hook Form Move the outbound form cluster off Ant Design's Form store onto RHF. The parent uses useForm + FormProvider with a watch() subscription for the protocol reseed cascade and setValue-based network/security/xmux cascades; the JSON<->Basic bridge and the formValuesToWirePayload submit are preserved exactly. Every outbound transport/protocol/security fragment now binds through FormField/useWatch via context. The shared config editors stay untouched and are bound through small value/onChange adapters (src/lib/xray/forms/fields: FinalMaskField, SniffingField, SockoptCustomField) via Controller; HeaderMapEditor binds directly. The host json-form wrappers that reuse the outbound MuxForm/ SockoptForm (HostMuxForm, HostSockoptForm, OutboundSubtreeJsonForm) move to a local RHF provider to match. Outbound render/link tests pass unchanged. * refactor(frontend): migrate InboundFormModal + fragments to React Hook Form Move the inbound add/edit form (the largest form in the panel) and its transport/protocol/security fragments off Ant Design's Form store onto RHF, mirroring the outbound migration. The parent uses useForm + FormProvider with a watch() subscription for the protocol reseed cascade (type==='change' guard so programmatic resets don't reseed) and setValue-based network/security cascades; useSecurityActions drives the TLS/Reality keypair + scan through setValue. Hidden pass-through Form.Items are dropped (their values ride in the reset object and survive via shouldUnregister:false), so getValues() still returns the settings.clients subtree untouched. accounts / certificates / tun lists use useFieldArray; the shared FinalMask/Sniffing/Sockopt editors bind through the value/onChange adapters. Submit keeps the manual InboundFormSchema.safeParse + formatInboundValidation toast + formValuesToWirePayload exactly. The golden link/full fixtures pass byte-for-byte, confirming identical wire output. inbound-form-blocks test harness rewritten from a Form.useForm harness to an RHF provider. * refactor(frontend): retire antdRule; document the RHF form pattern All forms now build on React Hook Form, so the AntD-Form Zod adapter antdRule (src/utils/zodForm.ts) has no remaining callers — remove it. Update frontend/CLAUDE.md: forms use useZodForm + FormField from components/form/rhf with zodResolver/rhfZodValidate validation; AntD <Form> is layout-only; the shared FinalMask/Sniffing/Sockopt editors stay AntD islands wrapped as value/onChange adapters bound via a Controller. * chore(frontend): cover esbuild in the allowScripts allowlist esbuild (pulled in transitively by Vite/Vitest/Storybook) ships a postinstall that npm's allow-scripts flags as uncovered on every install. Its platform binary is delivered through the @esbuild/<platform> optionalDependencies, so the postinstall isn't needed here; deny it like the other entries to silence the warning. * fix(frontend): restore label layout in Sniffing/FinalMask field adapters The value/onChange adapters that wrap the shared SniffingFields and FinalMaskForm editors put them in their own isolated AntD Form, but that Form was missing the label layout the fields used to inherit from the inbound/outbound parent form. Their labels rendered full-width instead of the compact right-aligned column, so the Sniffing tab and the TCP Masks / QUIC Params sections looked broken. Give both adapter forms the same colon=false, labelCol/wrapperCol span 8/14, labelWrap layout. * ci: add least-privilege permissions to Docs CI workflow The docs-ci workflow had no explicit permissions block, so it inherited the repository default for GITHUB_TOKEN. The build job only checks out and builds the docs, so restrict it to contents: read, resolving the CodeQL actions/missing-workflow-permissions alert.
  • Просмотр сравнение для этих 2 коммитов »

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 8ee79cf447 refactor(frontend): replace recharts with uPlot for charts Swap the Sparkline chart component (the only chart in the panel) from recharts to uPlot, keeping its public prop API identical so the three consumers (SystemHistoryModal, XrayMetricsModal, NodeHistoryPanel) are untouched. This drops recharts and 32 transitive deps (es-toolkit, victory-vendor, d3, redux, immer), shrinking the chart vendor chunk to ~51KB (22KB gzip). The uPlot port reimplements every recharts feature on canvas: gradient area fill, spline curves, up to three series, dashed horizontal grid, formatted axes, hover tooltip and marker, reference lines, and min/max extrema dots. Because canvas cannot read CSS variables, axis and ring colors are resolved via getComputedStyle and repainted on theme changes through a MutationObserver on the body class and documentElement data-theme. Also removes the es-toolkit/compat resolver shim from vite.config.js, which existed only for recharts, and swaps the manualChunks entry to vendor-uplot. Note: repaint with redraw(false); a bare uPlot redraw() re-runs _setScale and nulls the index-based x-scale, which collapsed the series to a flat, partial line.
  • bc309ed9f8 refactor(frontend): replace axios with the native Fetch API Drop the axios (and qs) dependencies in favor of a native fetch wrapper. axios only ever handled same-origin JSON/form calls, a CSRF header, a 401 redirect, and a 403-retry, all of which the platform now provides directly. - New src/api/http-init.ts (replaces axios-init.ts) reimplements the request/response interceptors on fetch: base-path prefixing, X-Requested-With, same-origin credentials, the CSRF token on unsafe methods, a single 403 retry with token refresh, and the 401 redirect-and-latch. A small encodeForm() reproduces qs's arrayFormat:'repeat' encoding, so the request wire format is unchanged. - HttpUtil (src/utils/index.ts) keeps its public signatures and the Msg envelope, so the ~49 API call sites are untouched. HttpOptions is now hand-rolled instead of extending AxiosRequestConfig. - PanelUpdateModal drops its lone direct axios.get in favor of HttpUtil.get with { silent, timeout }. - Add tests for the fetch core (CSRF header, form/JSON/FormData bodies, base-path prefix, 403 retry, 401 redirect, tolerant body parse) and for HttpUtil's envelope unwrap / toast / error mapping; this logic was previously untested. - Remove the vendor-axios manualChunks branch and the qs type shim, and reword stale "axios" mentions in docs and route comments.
  • Просмотр сравнение для этих 2 коммитов »

5 дней назад