Главная Обзор Помощь
Вход
txlyre
Репозитории Активность

txlyre синхронизированные коммиты с v3.2.8 на txlyre/3x-ui из зеркала

2 часов назад

txlyre синхронизированные новые ссылки v3.2.8 к txlyre/3x-ui из зеркала

2 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 0706b0b3a8 feat(x-ui.sh): add migrateDB command for SQLite .db <-> .dump (#4910) * feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release. * fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • db118cbcc9 v3.2.8
  • e7ffae5329 fix(outbound): import ech and pcs from TLS share links The vless/trojan link parser's TLS branch read only sni/fp/alpn, so the ech (echConfigList) and pcs (pinnedPeerCertSha256) query params were dropped on import even though buildStream allocates both fields. Read them in applySecurityParams to match the inbound link generator and the hysteria2 parser.
  • f470bc7cf8 docs(contributing): refresh frontend guide and add Postgres launch profile The frontend section still described the old multi-page app. Rewrite it for the current React Router SPA (single index.html bundle), TanStack Query server state, the Zod source-of-truth model plus generated types, and link logic under src/lib/xray. Update the "adding a page" flow to the route-based approach and drop the stale MIGRATED_ROUTES / "no React Router" notes. Correct the Vite pin (was 8.0.13 "never bump", now exact 8.0.16) and add "npm run test" to the PR checklist. Document the new "Run 3x-ui (Postgres)" launch profile and fix the gitignore claim: .vscode/launch.json is checked in, not gitignored.
  • a8d5d0dfab fix(external-proxy): relabel "Host" as "Address", add per-entry ECH (#4935) The external proxy "Host" field was bound to dest (the connection address that becomes the link host) but labeled "Host", misleading users into thinking it set a transport host header. Relabel it to "Address" to match what it actually controls. Add per-entry ECH (echConfigList) to the external proxy schema, form (shown under Force TLS = TLS), the TS link generator, and the Go sub services: ech is emitted on share links and vmess objects, and written into the stream so the JSON subscription picks it up via the existing tlsData reader.
  • Просмотр сравнение для этих 5 коммитов »

2 часов назад

txlyre синхронизированные и удаленные ссылки feat/x-ui-sh-migratedb на txlyre/3x-ui из зеркала

2 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • b40f869f2a fix(node): keep client/inbound edits working when a node is offline (#4923, #4931) Node-backed client and inbound edits no longer hard-fail when the backing node is offline or disabled. Edits commit to the panel DB immediately and reconcile to the node when it reconnects (eventual consistency); the panel is the single source of truth for desired config. - Add Node.ConfigDirty/ConfigDirtyAt; mark a node dirty when an edit commits without reaching it (cleared via CAS on ConfigDirtyAt after a full reconcile). - nodePushPlan() reads node state fresh from the DB, skips the push for offline/disabled nodes (no 10s hang), and treats push failures as non-fatal across every mutation path (client add/update/del + bulk + attach/detach; inbound add/update/del/toggle/resetTraffic). - ReconcileNode() pushes the panel's desired config to a node on reconnect (refreshing the remote tag cache first) and prunes node-side orphans; runs before the traffic pull in the node sync job. - While a node is dirty the traffic pull applies only up/down deltas and node-initiated disables, never overwriting desired config from a stale node snapshot. - Surface a non-blocking 'saved; will sync on reconnect' warning to the UI. Validated with a two-panel Docker E2E: client delete/update, attach/detach, and inbound add/delete all reconcile correctly offline -> reconnect.
  • e08456269b fix(traffic): count local traffic for clients whose shared row is node-owned (#4921) client_traffics is keyed by email (one shared row per client across every inbound it is attached to). addClientTraffic filtered with `inbound_id NOT IN (node inbounds)`, so when a client was attached to both a node inbound and the mother inbound and the node inbound was attached first, the shared row carried the node inbound's id (AddClientStat uses OnConflict DoNothing and never refreshes it) and the local xray's traffic for that client was dropped entirely. The client showed online but its usage stayed at zero unless the mother inbound happened to be attached first. Match purely by email instead. The reported emails come only from the local xray, which only knows local-attached clients, so the query is still correctly scoped, and this also repairs already-broken rows that a per-row AddClientStat fix alone could not.
  • f8e902a7b6 fix(sub): include ECH config in TLS share links and JSON subscription echConfigList was stored under tlsSettings.settings but the share-link and JSON-subscription generators only read fingerprint and pinnedPeerCertSha256 from that bag, silently dropping ECH from VLESS, Trojan and VMess links. Read echConfigList alongside them and flatten it into tlsSettings.echConfigList for the JSON subscription. Closes #4933
  • Просмотр сравнение для этих 3 коммитов »

10 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • d6d2085d60 fix: restart remote xray after disabling a client to kill active sessions (#4918) * fix(node-traffic): restart remote xray after disabling clients to kill active sessions When a client's traffic limit is reached on a remote node, the panel pushes enable=false to that node via UpdateInbound. The node calls RemoveUser on its local xray, which blocks new connections but leaves any already-established TCP session alive. The user could continue browsing/downloading until they disconnected voluntarily. Fix: after successfully pushing a client disable to a remote node, call RestartXray on that node. This mirrors what already happens for the local node when the "Restart Xray on client disable" setting is enabled (default: on), and ensures active sessions are terminated immediately on all nodes where the client was disabled. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * refactor(node): restart remote xray after tx commit, not inside it Move the remote RestartXray calls out of the addTraffic write transaction. disableInvalidClients now returns the affected remote node IDs instead of restarting their xray while the SQLite write lock is held; AddTraffic performs the restart after the transaction commits via restartRemoteNodesOnDisable. Avoids holding the serialized write lock across slow per-node restart RPCs. --------- Co-authored-by: Claude Sonnet 4.6 <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 12d84c2a46 fix(node-traffic): prevent stale node snapshot from re-enabling disabled client (#4917) When a remote node syncs traffic back to the panel, the UPDATE in setRemoteTrafficLocked wrote cs.Enable directly into client_traffics.enable. If a snapshot carrying enable=true arrived after the central panel had already set enable=false (due to the client reaching their traffic limit), it silently re-enabled the client — letting them consume 2-3x their allotted quota before the next disable cycle caught up. Fix: replace the unconditional SET enable = ? with a CASE expression that only allows a disable (0->0), never a re-enable (0->1). The central panel remains the sole authority for turning a client back on. Co-authored-by: Claude Sonnet 4.6 <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 97f88fb1a9 feat(sub): modern xray JSON format with unified finalmask editor (#4912) * feat(sub): add finalmask support to JSON subscriptions * feat(sub): modern xray JSON format with unified finalmask editor Drop the legacy JSON subscription format entirely and always emit the modern xray shape: - Flatten proxy outbounds (no vnext/servers) for vless/vmess/trojan/ shadowsocks; hysteria was already flat. - Express fragment/noise via streamSettings.finalmask instead of the legacy direct_out freedom dialer + dialerProxy sockopt. The global finalmask (tcp/udp masks + quicParams) is stored as a single setting (subJsonFinalMask) and merged into every generated stream, replacing the separate subJsonFragment/subJsonNoises/subJsonQuicParams settings. Reuse the existing FinalMaskForm (used by inbound/outbound) for the settings UI via a small bridge component; add a showAll prop so all TCP/UDP/QUIC sections render for the global case. This supersedes the hand-rolled Fragment/Noises/quicParams tabs with the full mask editor (all mask types). Note: this is a breaking change — JSON subscriptions now require a recent xray client on the consumer side. * fix --------- Co-authored-by: biohazardous-man <[email protected]> Co-authored-by: MHSanaei <[email protected]>
  • f947fbd6c6 feat(Clash): Add routing rules and enable routing option for Clash subscriptions (#4904) * feat(clash): add routing rules and enable routing option for Clash/Mihomo subscriptions Allows adding custom YAML blocks and placeholders to Clash exports. Why: Shifting routing to the client prevents server IP exposure for DIRECT traffic and reduces unnecessary server bandwidth/CPU usage. * fix --------- Co-authored-by: Misfit-s <>
  • ba63fa8569 chore(deps): bump i18next from 26.3.0 to 26.3.1 in /frontend (#4901) Bumps [i18next](https://github.com/i18next/i18next) from 26.3.0 to 26.3.1. - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v26.3.0...v26.3.1) --- updated-dependencies: - dependency-name: i18next dependency-version: 26.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 15 коммитов »

18 часов назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/i18next-26.3.1 на txlyre/3x-ui из зеркала

18 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • a07c7b7f4e feat(migrate-db): SQLite <-> .dump conversion and Download Migration in Overview Binary: extend the migrate-db subcommand with --dump and --restore so a SQLite database can be exported to a portable SQL text dump and rebuilt from one, alongside the existing --dsn PostgreSQL copy. Implemented in Go via the bundled sqlite driver (new database/dump_sqlite.go); no external sqlite3 client is required. Add ExportPostgresToSQLite (reverse of MigrateData) to build a SQLite .db from live PostgreSQL data, reusing the shared copyAllModels helper. Overview: add a "Download Migration" item to Backup & Restore plus a getMigration endpoint/service that returns a .dump on SQLite or a .db on PostgreSQL, so the data can seed a panel on the other backend. Document the endpoint in api-docs and translate the three new strings across all locales. Tests: cover the destination-side copy (AutoMigrate + copyTable into SQLite) and the dump/restore round-trip including quoted values. Ignore *.dump. The x-ui.sh helper that drives this from the CLI is in PR #4910.

1 день назад

txlyre синхронизированные коммиты с feat/x-ui-sh-migratedb на txlyre/3x-ui из зеркала

  • 5dd506d255 fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • e3deac536f Merge branch 'main' into feat/x-ui-sh-migratedb
  • a07c7b7f4e feat(migrate-db): SQLite <-> .dump conversion and Download Migration in Overview Binary: extend the migrate-db subcommand with --dump and --restore so a SQLite database can be exported to a portable SQL text dump and rebuilt from one, alongside the existing --dsn PostgreSQL copy. Implemented in Go via the bundled sqlite driver (new database/dump_sqlite.go); no external sqlite3 client is required. Add ExportPostgresToSQLite (reverse of MigrateData) to build a SQLite .db from live PostgreSQL data, reusing the shared copyAllModels helper. Overview: add a "Download Migration" item to Backup & Restore plus a getMigration endpoint/service that returns a .dump on SQLite or a .db on PostgreSQL, so the data can seed a panel on the other backend. Document the endpoint in api-docs and translate the three new strings across all locales. Tests: cover the destination-side copy (AutoMigrate + copyTable into SQLite) and the dump/restore round-trip including quoted values. Ignore *.dump. The x-ui.sh helper that drives this from the CLI is in PR #4910.
  • 6ca2a3f0f7 feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release.
  • 5c1d64b841 v3.2.7
  • Просмотр сравнение для этих 10 коммитов »

1 день назад

txlyre синхронизированные новые ссылки feat/x-ui-sh-migratedb к txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с dependabot/npm_and_yarn/frontend/i18next-26.3.1 на txlyre/3x-ui из зеркала

  • 008fb8b9c9 chore(deps): bump i18next from 26.3.0 to 26.3.1 in /frontend Bumps [i18next](https://github.com/i18next/i18next) from 26.3.0 to 26.3.1. - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v26.3.0...v26.3.1) --- updated-dependencies: - dependency-name: i18next dependency-version: 26.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
  • 5c1d64b841 v3.2.7
  • 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.
  • 7a72aeda7a i18n: translate connection-limit strings for all languages Adds connectionLimits/connIdle/bufferSize/seconds keys to the remaining 11 locales (ar, es, id, ja, pt, ru, tr, uk, vi, zh-CN, zh-TW); en-US and fa-IR shipped with the feature.
  • 72944daab7 chore(deps): bump xray-core to v1.260327.1 and add pion/wireguard deps
  • Просмотр сравнение для этих 10 коммитов »

1 день назад

txlyre синхронизированные новые ссылки dependabot/npm_and_yarn/frontend/i18next-26.3.1 к txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с v3.2.7 на txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные новые ссылки v3.2.7 к txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 5c1d64b841 v3.2.7
  • 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.
  • 7a72aeda7a i18n: translate connection-limit strings for all languages Adds connectionLimits/connIdle/bufferSize/seconds keys to the remaining 11 locales (ar, es, id, ja, pt, ru, tr, uk, vi, zh-CN, zh-TW); en-US and fa-IR shipped with the feature.
  • 72944daab7 chore(deps): bump xray-core to v1.260327.1 and add pion/wireguard deps
  • c78285402e fix(sidebar): set fixed sider width to 220
  • Просмотр сравнение для этих 12 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 573c43e445 feat(sidebar): collapse to icon rail, expand on hover Sidebar is icon-only by default and expands as an overlay on hover, so the dashboard content underneath no longer reflows. Drops the persisted collapse state and the click trigger that conflicted with hover.
  • db5ce06256 fix(panel-proxy): route custom geo and http(s) Telegram through panelProxy Custom geosite/geoip downloads built their own ssrfSafeTransport and never used the configured Panel Network Proxy, so geo updates failed on servers where GitHub is filtered. Route all custom-geo HTTP (startup probes + downloads) through panelProxy when set, falling back to the direct SSRF-guarded transport otherwise; the target URL stays SSRF-validated. The Telegram bot only honored a socks5:// panel proxy and silently rejected http(s)://, despite the setting advertising both. Branch the fasthttp dialer (FasthttpHTTPDialer for http(s), FasthttpSocksDialer for socks5) and accept all three schemes in the fallback and NewBot validation. Add tests proving the panel proxy is used by custom geo and that the bot dialer speaks HTTP CONNECT vs SOCKS5 per scheme.
  • 71cf22fa8d fix(migrate-db): preserve false-valued columns in SQLite to Postgres copy GORM struct INSERT substitutes a column default tag for Go zero-values, so disabled rows (enable=false) silently re-enabled on the destination. Copy each batch through explicit per-column maps so every value is written verbatim. Adds a regression test.
  • e7c11c913a feat(inbounds): per-proxy Pinned Peer Cert SHA-256 + labeled External Proxy form Redesign the Add Inbound -> Stream External Proxy section into labeled per-entry cards (Force TLS / Host / Port / Remark and, under TLS, SNI / Fingerprint / ALPN) and add a Pinned Peer Cert SHA-256 field with a generate-random-hash button to each entry. The pin flows end to end into share links: pcs for vmess/vless/trojan/ss (stripped when a proxy forces security off) and the hex-normalized pinSHA256 for Hysteria. JSON and Clash subscriptions emit the native pinnedPeerCertSha256 / pin-sha256 via the cloned stream. Adds the forceTls label across all 13 locales plus frontend and Go tests.
  • df7ccd3a64 fix(clients): use client_inbounds link to resolve inbound, not stale id client_traffics.inbound_id is a legacy single-inbound pointer that goes stale when an inbound is deleted and recreated: the email-keyed traffic row survives but references a missing inbound. Code that resolved the owning inbound from it broke several client operations. - adjustTraffics: 'Start After First Use' (negative expiry) never converted to an absolute deadline on first traffic, so the countdown never started. Now resolves inbounds via the client_inbounds link and computes the new expiry once per email so multi-inbound clients stay consistent. - GetClientInboundByEmail / GetClientInboundByTrafficID: fall back to client_inbounds when the pointer is dead, fixing reset traffic ('record not found'), client info, and Telegram set-tgId. - autoRenewClients: resolve renew targets via client_inbounds so scheduled renews are not silently skipped. - clients page: allow resetting a client with no inbound attachment (the backend already zeroes counters by email). Add regression test for the delayed-start conversion under a stale inbound_id.
  • Просмотр сравнение для этих 10 коммитов »

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • e63cde8fcb feat(settings): move the remark model control to the subscription tab Relocate Remark Model & Separation Character from the General/Panel tab to the Subscription tab's Information section, beside Show Info and Email in Remark, since it only governs how share-link remarks are composed. The sample preview uses concrete example values and renders the separator literally. Also drop the port from the subscription page link rows so each row shows just the inbound remark; the port still appears in the client QR modal and the client info modal.
  • d0998c1d6d feat(links): richer share-link labels across QR, client info and sub views Show colored protocol/transport/security tags followed by the inbound remark and port for each share link in the client QR modal, client info modal and subscription page. The client email and the traffic/expiry decorations are stripped from the remark so only the inbound remark and port remain. Consolidate the duplicated per-page parseLinkMeta/trimEmail/PROTOCOL_COLORS into a shared lib/xray/link-label.tsx (parseLinkParts, LinkTags, linkMetaText) so the colours and the email/stats stripping stay identical across all three surfaces.
  • ccfd04219b fix(panel): register /groups SPA route so hard refresh returns index.html The frontend has a groups page route and sidebar entry, but the backend never registered a GET handler for /panel/groups. A hard browser refresh on that page fell through to the 404 handler. Add the missing panelSPA registration alongside the other page routes. Fixes #4837
  • b08fc0c963 fix(clients): keep reverse tag clearable and preserve flow on attach Two multi-inbound client bugs from issue #4834: - Clearing a client's reverse tag never persisted: SyncInbound keeps a non-empty sticky guard on reverse (shared with node-sync/rename), so the cleared value never reached the canonical clients.reverse column the edit form reads. Update now writes that column authoritatively from the submitted client, matching how it already writes email/updated_at directly. - Attaching a new inbound reset xtls-rprx-vision: Attach seeded its wire client from the canonical clients.flow column, which a non-flow inbound can zero during the preceding update. It now derives the flow from EffectiveFlow (the per-inbound flow_override), so flow-capable targets keep the flow and others stay empty. Adds service tests for both paths and a guard test confirming node-snapshot sync still preserves a stored reverse tag.
  • Просмотр сравнение для этих 4 коммитов »

2 дней назад

txlyre синхронизированные коммиты с v1.8.9 на txlyre/dtlspipe из зеркала

2 дней назад

txlyre синхронизированные новые ссылки v1.8.9 к txlyre/dtlspipe из зеркала

2 дней назад

txlyre синхронизированные коммиты с master на txlyre/dtlspipe из зеркала

2 дней назад