Главная Обзор Помощь
Вход
txlyre
Репозитории Активность

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 0e0e41197f fix(settings): normalize tgCpu on load so a bad value can't block saving (#5091) The settings page validates the whole AllSetting object before saving, so a tgCpu value that isn't an integer in 0-100 (left over from an older or corrupt setting) failed validation with "tgCpu: Invalid input" and blocked saving every other setting too. Clamp/round tgCpu to a valid integer in the model constructor, defaulting to 80 when it isn't a finite number.
  • 5c29851be1 fix(nodes): "Invalid input" when saving a node with inbound sync mode "all" NodeFormSchema required inboundTags, but the inboundTags Form.Item is only mounted when inboundSyncMode is "selected" - antd onFinish omits unmounted fields, so saving with the default "all" mode failed schema validation with Zod generic "Invalid input" (regression from #5178; same class as the earlier pinnedCertSha256 fix). Also tolerate null inboundTags (Go nil slice) for nodes saved before #5178, both in the form schema and NodeRecordSchema, and normalize edit-mode values.
  • 60da6bed15 fix(xhttp): stop injecting scMaxEachPostBytes/scMinPostsIntervalMs defaults (#5141) The panel seeded xhttp configs with scMaxEachPostBytes=1000000 and scMinPostsIntervalMs=30 — xray-core''s own defaults — and emitted them into every generated config and share link. The literal scMinPostsIntervalMs=30 is a stable DPI fingerprint that Russia''s TSPU keys on to block connections on mobile networks. New configs no longer seed these values (empty schema/template defaults, so xray-core applies its internal defaults). For configs already stored with the old defaults, the link/subscription builders now drop values equal to xray-core''s defaults instead of advertising them — covering panel share links, the raw subscription, and the JSON subscription without requiring every inbound to be re-saved. Non-default values the user set deliberately are still emitted.
  • 7e87b7dc60 i18n: point API token hint at the Authentication page in all locales The remote panel's API token moved from Settings to the Authentication page; update the node form hint accordingly.
  • dbee150b33 fix(script): SSL management fixes (#4994, #5010, #5070) - Issue acme.sh HTTP-01 over IPv4 unless the host has no global IPv4 address: the hardcoded --listen-v6 started a v6-only standalone listener, so validation of a domain whose A record points at this host always failed (#4994). - Add a custom cert/key path option to the "Set Cert paths" menu so certificates living outside /root/cert (e.g. certbot under /etc/letsencrypt) can be wired to the panel from the CLI (#5010). - Derive the displayed Access URL from the certificate's actual SAN list instead of the cert folder name, list the other covered names, and show the panel's custom-path certificate in "Show Existing Domains" (#5070). Also silence find when /root/cert doesn't exist.
  • Просмотр сравнение для этих 24 коммитов »

4 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 58905d81a4 feat(node-sync): push global client usage to nodes for display and local enforcement A client attached to several panels has one aggregated row on each master, but a node only ever saw its local share: the node UI under-reported usage, and the node kept serving a client whose cross-panel total had already exceeded its quota — the master's disable push doesn't kill established connections unless the node restarts xray itself. Masters now push their aggregated per-client counters to each node from NodeTrafficSyncJob (throttled, scoped to the clients that node hosts). The node stores them in the new client_global_traffics side table keyed by (masterGuid, email), overwritten on every push so a master-side reset propagates, and: - overlays max(local, pushed) onto UI read paths (slim inbound list, inbound detail, clients list, WS stats, per-email lookups). The full /panel/api/inbounds/list stays un-overlaid on purpose: it doubles as the traffic snapshot masters poll, and overlaying it would corrupt every master's delta accounting; - trips disableInvalidClients when any master's pushed total exceeds the client's quota, so the existing RestartXrayOnClientDisable flow disconnects the client locally; - clears the side rows on traffic reset, auto-renew, and client delete, keeping a renewed quota window clean. Supersedes #5204, which folded pushed globals into client_traffics and compensated with read-back baselines — that double-counted first-sight emails and could not work with several masters sharing one node.
  • 8258a26fbf fix(node-sync): keep shared client traffic row when email still lives on other inbounds client_traffics is the per-email accumulator shared across every inbound and node the client is attached to. setRemoteTrafficLocked deleted it unguarded in two sweeps — when a node inbound vanished from the snapshot (node reinstall, tag change, another master's reconcile on a shared node) and when an email left one inbound's stats — even though the email was still attached elsewhere. The next sync then re-seeded the row with that node's counter alone, so the panel showed the last changed panel's number instead of the summed total. Guard both sweeps with emailUsedByOtherInbounds, matching what the manual-edit path (updateClientTraffics) already does. Truly removed clients are still cleaned up by the zero-attachment sweep.
  • dc52e725b6 fix(ui): blink the online dot in mobile client cards like desktop The mobile card rendered a static antd Badge for every bucket. When the client is enabled, online, and not depleted, render the same animated online-dot span the desktop Online column and the nodes list use.
  • aeb2217ae5 fix(ui): classify ended clients as depleted, not disabled, on inbounds page The auto-disable job flips client.enable off in the settings JSON when a client expires or exhausts its traffic, so the inbounds-page rollup filed every ended client under the gray Disabled badge (and double-counted it in Depleted when stats were present). Classify with depleted-first priority, matching computeClientsSummary and the client info modal. Also backfill cross-inbound client_traffics rows in GetInboundsSlim: the row is keyed on email and only preloads on the inbound the client was created on, so on every other attached inbound the depleted/expiring checks could never fire.
  • 9730561f20 ci(bot): update issue-bot repo map and tighten reply style - Refresh repository map: add internal/mtproto, web/entity, web/global, web/session, web/locale, frontend/, tools/openapigen, docs/, windows_files - Correct stack facts: Xray-core runs as a managed child process; full env var list incl. XUI_INIT_WEB_BASE_PATH, XUI_LOG_FOLDER, XUI_BIN_FOLDER, XUI_SKIP_HSTS; protocol list matches the model.go enum incl. MTProto - Add COMMENT STYLE section for professional, precise, answer-first replies - Raise --max-turns for both jobs
  • Просмотр сравнение для этих 11 коммитов »

12 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • eee652c4a5 chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#5199) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.55.0 to 0.56.0. - [Commits](https://github.com/golang/net/compare/v0.55.0...v0.56.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • 1ad483ede6 fix: expose streamSettings for Tunnel inbounds to support TProxy (#5171) * fix: expose streamSettings for Tunnel inbounds to support TProxy * fix(ui): hide security tab for tunnel inbounds when stream is enabled tunnel (dokodemo-door) does not support TLS or Reality, so showing the security tab only results in a fully-disabled radio group. Exclude tunnel alongside wireguard from the security tab. * fix(tunnel): restrict stream tab to sockopt-only and fix transportless schema Tunnel (dokodemo-door) only needs sockopt.tproxy for TProxy mode — no user-selectable transport. Add hasSelectableTransport flag to hide the network picker, per-network sub-forms, ExternalProxy, and FinalMask for both tunnel and wireguard, matching the pattern already used for Hysteria. Fix a pre-existing Zod schema bug where NetworkSettingsSchema was a bare discriminatedUnion requiring `network` to be present. Wireguard and tunnel submit streamSettings without a `network` key, causing "Invalid discriminator value. Expected 'tcp' | ..." on every save. Fix by adding a transportless union branch (z.never().optional()) alongside the transport DU; also add ?? 'tcp' fallback in inbound-link.ts where stream.network is now string | undefined. Three regression tests added. --------- Co-authored-by: rqzbeh <[email protected]> Co-authored-by: MHSanaei <[email protected]>
  • Просмотр сравнение для этих 2 коммитов »

20 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 57e9661758 fix: properly configure fail2ban backend and dependencies on Ubuntu 22.04+ (#5159) (#5184) Co-authored-by: rqzbeh <[email protected]>
  • 65fa40b819 fix: accurately retrieve and generate API tokens via CLI with hashed storage (#5145) (#5183) Co-authored-by: rqzbeh <[email protected]>
  • f88f53cd7b fix(update): restart panel after regenerating webBasePath to fix login desync When update.sh regenerates a short webBasePath, it writes the new path to the database after the panel is already running with the old path loaded in memory. Without a restart the server keeps serving the old path while the UI shows the new one, making the new path unreachable.
  • ca4f32e3da feat: replace panel proxy URL with outbound-based egress bridge Instead of requiring a manual SOCKS5/HTTP URL, the panel now lets the admin pick an Xray outbound from a dropdown (same UX as Geodata Auto-Update). At runtime, injectPanelEgress appends a loopback SOCKS inbound (tag: panel-egress) and prepends a routing rule so the panel's own HTTP traffic — version checks, Telegram, normal geo-file updates — is routed through the chosen outbound. Xray-native Geodata Auto-Update is unaffected (it uses its own geodata.outbound inside Xray). Blackhole outbounds are excluded from both picker dropdowns since routing any download through one just drops it. Translations updated for all 13 locales.
  • 6b16d8c37a feat: apply inbound/outbound/routing changes live via Xray gRPC API Add a hot-apply layer that computes a diff between the old and new generated config and applies only the changed parts through the Xray gRPC HandlerService and RoutingService, avoiding a full process restart whenever possible. A restart is still performed when sections that have no reload API (log, dns, policy, observatory, ...) actually change. Key additions: - internal/xray/hot_diff.go: ComputeHotDiff with canonical-JSON comparison (sorted keys, null=absent, full number precision) so UI reformatting never triggers a spurious restart - internal/xray/api.go: AddOutbound/DelOutbound, ApplyRoutingConfig, GetBalancerInfo, SetBalancerTarget, TestRoute gRPC wrappers - internal/web/service/xray.go: tryHotApply, ensureAPIServices, GetBalancersStatus, OverrideBalancer, TestRoute service methods - internal/web/controller/xray_setting.go: balancerStatus, balancerOverride, routeTest API endpoints - frontend: BalancersTab live-status/override columns, RouteTester component, Restart button removed (Save now hot-applies) - balancer-helpers.ts: syncObservatories never creates observatory sections for random/roundRobin balancers (no reload API → restart) - i18n: balancerLive/Override/routeTester keys added to all 13 locales
  • Просмотр сравнение для этих 5 коммитов »

1 день назад

txlyre синхронизированные и удаленные ссылки copilot/fix-github-actions-build-windows на txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 3092326d9e refactor: replace custom geo manager with Xray-core native geodata auto-update Remove the panel-side custom geo download feature (service, controller, /panel/api/custom-geo/* endpoints, CustomGeoResource model, UI tab) in favor of Xray-core's native geodata section (https://xtls.github.io/config/geodata.html). - pass the top-level "geodata" key through xray.Config so it survives the template round-trip into the generated config - add a Geodata Auto-Update section to the Xray Updates modal that edits geodata (cron schedule, download outbound, asset list) in the config template and restarts Xray on save - previously downloaded geo files in the bin folder keep working in ext: routing rules; the orphaned custom_geo_resources table is left in place so existing source URLs stay recoverable
  • 4002be4ade feat: support latest Wireguard features from Xray-core (PRs #5643, #5833, #5850) (#5131) * feat: support latest Wireguard features from Xray-core Implements support for Xray-core PRs #5833, #5643, and #5850 for Wireguard Inbounds: - Adds 'domainStrategy' and 'workers' to Wireguard inbound configuration. - Enables the Stream Settings tab for Wireguard inbounds to configure 'sockopt' and 'finalmask', hiding the irrelevant 'network' transmission dropdown. - Adds the 'randRange' field to the 'noise' UDP Finalmask obfuscation settings. * fix --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • f9b275dd23 fix(ui): keep client IP log modal above edit modal (#5137) * fix: keep client IP log modal above edit modal * refactor: name client modal z-index values
  • dbb269cf6a fix(ui): correct inline style syntax between clients count and active clients count on inbounds page (#5114) * fix(ui): correct inline style syntax in client counts column on inbounds page * fix(ui): correct inline style syntax between clients count and active clients count on inbounds page
  • d047075f76 docs: add Turkish language link to other README files (#5138)
  • Просмотр сравнение для этих 6 коммитов »

1 день назад

txlyre синхронизированные коммиты с copilot/fix-github-actions-build-windows на txlyre/3x-ui из зеркала

  • 4a782b5705 fix(ci): use pre-installed MSYS2 to avoid installer download failure on Windows build Add `release: false` to the msys2/setup-msys2@v2 step so the action uses the MSYS2 pre-installed on GitHub's windows-latest runner at C:\msys64 instead of downloading a fresh installer from GitHub Releases. The old behaviour (release: true, the default) fails when MSYS2 is not in the Actions tool cache — e.g. on fork PRs or fresh runners — because the installer download step crashes silently almost immediately. Setting release: false bypasses the download entirely and relies on the pre-installed copy that every windows-latest image ships with.
  • 0eb95008a5 Initial plan
  • 4002be4ade feat: support latest Wireguard features from Xray-core (PRs #5643, #5833, #5850) (#5131) * feat: support latest Wireguard features from Xray-core Implements support for Xray-core PRs #5833, #5643, and #5850 for Wireguard Inbounds: - Adds 'domainStrategy' and 'workers' to Wireguard inbound configuration. - Enables the Stream Settings tab for Wireguard inbounds to configure 'sockopt' and 'finalmask', hiding the irrelevant 'network' transmission dropdown. - Adds the 'randRange' field to the 'noise' UDP Finalmask obfuscation settings. * fix --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • f9b275dd23 fix(ui): keep client IP log modal above edit modal (#5137) * fix: keep client IP log modal above edit modal * refactor: name client modal z-index values
  • dbb269cf6a fix(ui): correct inline style syntax between clients count and active clients count on inbounds page (#5114) * fix(ui): correct inline style syntax in client counts column on inbounds page * fix(ui): correct inline style syntax between clients count and active clients count on inbounds page
  • Просмотр сравнение для этих 10 коммитов »

1 день назад

txlyre синхронизированные новые ссылки copilot/fix-github-actions-build-windows к txlyre/3x-ui из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 26c549a95a fix(client): match clients by email for delete/update, not credentials Delete/update located the client in an inbound's settings JSON by the record's credential (uuid/password/auth). When that credential drifted from the inbound JSON -- e.g. a rotated UUID left behind, or duplicated by a past partial-update bug -- the lookup failed with "Client Not Found In Inbound For ID: <uuid>" and aborted the whole operation, making the client impossible to remove from the panel. Key every delete/update/detach path on email, the client's stable identity. This survives credential drift and heals duplicate-email entries by removing all of them. - Delete/DeleteByEmail/Detach/DetachByEmailMany -> DelInboundClientByEmail - delInboundClients / bulkDelInboundClients: match settings by email - UpdateInboundClient: locate the entry to replace by email (param clientId -> oldEmail); update all callers to pass the email - bulkAdjustInboundClients: match by email - writeBackClientSubID: pass email; drop unused sourceProtocol param - make per-inbound deletion idempotent via ErrClientNotInInbound - remove now-orphaned DelInboundClient, clientKeyForProtocol and getClientPrimaryKey; scale test deletes by email

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • fe62c39a53 fix: inbound edit validation failure and legacy copy to clipboard (#5132) * fix: auto-enable clients when resetting traffic When a client's traffic is exhausted, the panel automatically disables the client and pushes enable: false to the nodes. However, when an admin clicked 'Reset Traffic' or used bulk reset, the counters were zeroed but the client was left disabled. This forced administrators to manually re-enable the client across the central panel and remote nodes. This patch updates ResetTrafficByEmail and BulkResetTraffic to automatically set Enable: true for any previously disabled client and push the updated settings to nodes, ensuring the client is instantly restored upon traffic reset. * fix: inbound edit validation failure and legacy copy to clipboard
  • 2969f6e91d fix(client): preserve UUID/password/auth on partial client update (#5111)
  • 0bed552292 fix(outbound): include tested outbound in HTTP probe config (#5120) HTTP-pinging a subscription outbound always reported "Probe timed out". The frontend sends only the template outbounds as allOutbounds, but subscription outbounds are injected at runtime and aren't in that list, so burstObservatory had no outbound matching the tag to probe. Append the tested outbound when its tag is missing instead of only when allOutbounds is empty, so the probe always has a target while preserving the template outbounds that back dialerProxy chains.
  • 6c1594693d feat(mtproto): add domain-fronting and essential mtg options Expose mtg's [domain-fronting] section (ip/port/proxy-protocol) plus proxy-protocol-listener, prefer-ip, and debug on MTProto inbounds. Each key is written to the generated mtg-<id>.toml only when set, so mtg's own defaults apply otherwise. The instance fingerprint now covers these fields, so editing an option restarts the sidecar. Since MTProto is mtg-served (not Xray), sniffing does not apply: hide the Sniffing tab and the Advanced sniffing sub-editor, drop it from the Advanced "All" JSON view, and emit empty sniffing in the wire payload, all gated by a new canEnableSniffing predicate.
  • Просмотр сравнение для этих 4 коммитов »

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • f8e89cc848 fix(mtproto): reap orphaned mtg, fix SysLog viewer, mtg log visibility, export remark (#5105) (#5107) * fix(logs): render journalctl output in the SysLog viewer The log viewer's parseLogLine only understood the app-log format (2006/01/02 15:04:05 LEVEL - body). With SysLog ticked the backend returns journalctl lines (Mon DD HH:MM:SS host ident[pid]: LEVEL - body), so the parser mistook the journal time for the level and dropped the body, leaving only timestamps. Detect and strip the journald prefix, keep the journal timestamp as the stamp, then parse the real level and body from the remainder. * feat(mtproto): surface mtg output and add status reporting mtg's stdout/stderr was captured by a writer that kept only the last line and showed it nowhere, so the reason a proxy could not reach Telegram was invisible. Stream mtg output line-by-line into the x-ui log, tagged per inbound, so it appears in the panel log viewer and journald. Also fix mangled log lines: logger.Info uses fmt.Sprint, which drops the space between adjacent string operands, producing output like 'inbound3on0.0.0.0:8443'. Switch the affected mtproto calls to the formatted (*f) variants. Add show_mtproto_status to x-ui.sh so 'x-ui status' reports each mtproto inbound's mtg process state and bind address. * fix(logs): parse all journalctl message shapes in SysLog viewer Real journalctl output mixes four message shapes after the 'Mon DD HH:MM:SS host ident[pid]:' prefix: go-logging 'LEVEL - msg' (x-ui/xray), Go std-log with an embedded date (net/http, runtime), telego's '[timestamp] LEVEL msg', and systemd lines. The viewer only understood the first, so std-log and telego lines — which never contain ' - ' — collapsed to a bare timestamp (e.g. the 8s telego 409 spam). Extract the parser into a pure, testable module and teach it the other shapes: strip the redundant Go std-log date, lift the level out of telego brackets, and always keep the message body. Add a unit test covering each shape with real captured lines. * fix(mtproto): reap orphaned mtg sidecars so a stale one can't break new clients On Linux x-ui does not kill its mtg children when it dies (no kill-on-exit, unlike the Windows job object). After a crash, OOM, kill -9, or update, a stale mtg keeps holding the inbound port with an OLD secret, so new clients fail the FakeTLS handshake and get silently domain-fronted to the fakeTLS domain instead of proxied to Telegram (a few MB of traffic, never connects). Sweep orphans at startup: on the first reconcile, before x-ui starts any of its own mtg, scan /proc and SIGKILL any process whose executable is our mtg-<goos>-<goarch> binary. x-ui is the sole owner of mtg, so anything alive then is an orphan. Runs once per process (swept guard), survives the binary-deleted-during-update case via /proc/<pid>/cmdline, and is a no-op on Windows (job object) and other platforms. Also clear stray mtg in update.sh/install.sh after stopping x-ui, anchored to the 'mtg-linux-<arch> run ' invocation so the pattern can't match unrelated command lines (e.g. x-ui.sh's own 'grep mtg-linux'). * fix(logs): drop dead body initializer flagged by eslint no-useless-assignment * fix(mtproto): drop remark fragment from tg://proxy export link The mtproto export link appended the inbound remark as a URL fragment (tg://proxy?server=...&port=...&secret=...#remark). Telegram Desktop rejects a proxy deep link with a trailing fragment as 'This proxy link is invalid', breaking one-click import, and a remark is meaningless for proxy links across clients. Stop adding it in both the panel link (genMtprotoLink) and the subscription service. Fixes #5105. * fix(x-ui.sh): remove unused check_mtproto_status helper show_mtproto_status does its own process check, so check_mtproto_status was dead code. Drop it (per Copilot review on #5107).

2 дней назад

txlyre синхронизированные коммиты с v3.3.0 на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные новые ссылки v3.3.0 к txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 9711a9ce22 v3.3.0
  • 9acde8da9d Bump frontend version and deps Update frontend package.json and refresh dependencies for a new release (frontend version -> 0.3.0). Regenerated lockfile and upgraded multiple JS packages (notably @swagger-api/apidom family, @rc-component packages, codemirror, etc.) and added libc metadata where applicable. Also update Go module dependencies (go.mod and go.sum) as part of routine dependency maintenance.
  • d9ccf157c3 feat: add manual and automatic WARP IP rotation (#5099) * feat: add manual and automatic WARP IP rotation * fix: update generated api and frontend schemas * fix(warp): validate rotation interval, fix auto-update timing, sync editor - Validate the auto-update interval as an integer and store it via setInt; a non-integer value previously broke GetAllSetting for the whole panel. - Seed warpLastUpdate when the interval is saved and when changing IP manually, so auto-update counts from "now" instead of epoch 0 and a manual rotation doesn't trigger an immediate scheduled one. - Guard WarpIpJob: when lastUpdate is unset, establish a baseline and skip instead of rotating on the next tick. - Log WARP license re-apply failures instead of swallowing them. - After a manual "Change IP", sync the in-memory Xray editor with the keys the backend persisted so a later template save can't revert them; only toast success when the interval save actually succeeds. - Add the WARP rotation UI strings to all 13 locales. - Drop trailing whitespace introduced in entity.go and xray_setting.go. --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • be8bd4e22c fix: propagate inbound traffic reset to nodes (#5103) Co-authored-by: Rqzbeh <[email protected]>
  • 5a7de02598 fix(ui): remove pointer cursor from non-interactive elements in cards (#5102)
  • Просмотр сравнение для этих 18 коммитов »

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 21e01cc1e6 fix(postgres): make node traffic sync robust after public API inbound updates (#5038) * fix(postgres): make node traffic sync robust after public API inbound updates The background NodeTrafficSyncJob (every 5s) started failing after a successful POST /panel/api/inbounds/update/{id} (including flows that inject streamSettings.externalProxy) with: node traffic sync: merge for <node> failed: ERROR: CASE types boolean and integer cannot be matched (SQLSTATE 42804) Root cause: - The merge lives in setRemoteTrafficLocked (called from SetRemoteTraffic). - The client_traffics delta path used a dialect-sensitive expression: enable = enable AND ? last_online = GREATEST(last_online, ?) - On PostgreSQL, GREATEST / AND / COALESCE are implemented with internal CASE expressions. When "enable" columns (client_traffics, inbounds, ...) were INTEGER (common after SQLite → PG data migrations, older AutoMigrate, or mixed write paths) and the right-hand side was a boolean parameter (from snapshot ClientStats or form-bound API payload), PG rejected the expression at plan time. - The public API update path (unlike the internal remote wire path) always runs updateClientTraffics + UpdateClientStat + SyncInbound. This touches client_traffics.enable rows for any inbound that has clients. - SQLite tolerated 0/1 numeric bools; PG is strict. Fix: - Use an explicit CASE with ::boolean casts in the critical enable expression so the result type is always boolean. - Make GreatestExpr emit safe casts on Postgres. - Add a one-time normalization step in MigrationRequirements (runs on startup + xray restarts) that forces the relevant enable/enabled columns to boolean on Postgres using an idempotent DO block + USING cast. This cleans up pre-existing skew without a full re-migration. This branch is based on upstream/main (original mhsanaei/3x-ui main). The node traffic sync now survives arbitrary public-API inbound updates on PostgreSQL. * fix: make client traffic enable merge expression safe on SQLite too The previous commit introduced an explicit CASE for the "only node can disable" logic in the node traffic sync merge to fix the PG "CASE types boolean and integer cannot be matched" error after public API inbound updates. That expression used PostgreSQL-only `::boolean` casts: CASE WHEN ?::boolean THEN enable::boolean ELSE false END This is invalid syntax on SQLite (and would break the merge when the client_traffics delta UPDATE runs — which is commonly triggered right after an API /inbounds/update because that path calls updateClientTraffics + SyncInbound and touches client_traffics rows). Extracted the expression to a new dialect-aware helper `ClientTrafficEnableMergeExpr()` (following the same pattern as GreatestExpr, JSONClientsFromInbound, etc.). - On Postgres: keeps the strict boolean-typed CASE with casts. - On SQLite: uses a numeric-compatible form `CASE WHEN ? THEN enable ELSE 0 END` that produces the expected 0/1 result matching the column affinity. The logical behavior ("node may only force-disable, never re-enable") is preserved on both databases. This is a follow-up commit on the same branch so that one PR contains both the original Postgres fix and the SQLite compatibility fix. Builds directly on top of 91643f68. * fix --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 46684dd164 fix(sub): emit VLESS encryption in Clash configs (#5053) Co-authored-by: jq <[email protected]>
  • 1ca5924a44 feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar (#5076) * feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar Xray-core has no mtproto proxy, so mtproto inbounds run as standalone mtg (9seconds/mtg) sidecar processes managed by the panel — one per inbound — and are excluded from the generated Xray config entirely. - model: MTProto protocol constant, validator, and FakeTLS secret helpers (GenerateFakeTLSSecret/HealMtprotoSecret) - mtproto package: per-inbound mtg process manager with reconcile, graceful stop, and best-effort Prometheus traffic scraping - runtime: delegate mtproto inbounds to the mtg manager instead of the Xray gRPC API; skip mtproto when building the Xray config - web: boot reconcile + StopAll wiring, periodic reconcile/traffic job, port-conflict transport, secret healing on inbound add/update - sub: tg:// proxy share-link generation - frontend: protocol option, Zod schema, Protocol tab (FakeTLS domain + regenerable secret), info-modal link, and i18n - provisioning: fetch mtg v2.2.8 in install.sh, DockerInit.sh, and the Linux + Windows release workflows * fix * fix * fix: address Copilot review comments on mtproto PR - web/web.go: create NewMtprotoJob once and reuse for cron + initial run - mtproto/manager.go: StopAll cleans up per-inbound config files on shutdown - mtproto/manager.go: CollectTraffic releases mutex before HTTP scrapes to avoid blocking Ensure/Reconcile/Remove during network I/O - database/model/model.go: panic on crypto/rand failure in mtprotoRandomMiddle instead of silently producing a weak all-zero secret - install.sh: fix chmod to handle renamed bin/mtg-linux-arm on armv5/v6/v7
  • af3c808444 fix: default hysteria tls to no utls fingerprint
  • 98ba88037c fix(subClashService): improve merging of clash rules in YAML (#5054)
  • Просмотр сравнение для этих 9 коммитов »

3 дней назад

txlyre синхронизированные и удаленные ссылки mtproto на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные коммиты с mtproto на txlyre/3x-ui из зеркала

  • df6d13d0ee feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar Xray-core has no mtproto proxy, so mtproto inbounds run as standalone mtg (9seconds/mtg) sidecar processes managed by the panel — one per inbound — and are excluded from the generated Xray config entirely. - model: MTProto protocol constant, validator, and FakeTLS secret helpers (GenerateFakeTLSSecret/HealMtprotoSecret) - mtproto package: per-inbound mtg process manager with reconcile, graceful stop, and best-effort Prometheus traffic scraping - runtime: delegate mtproto inbounds to the mtg manager instead of the Xray gRPC API; skip mtproto when building the Xray config - web: boot reconcile + StopAll wiring, periodic reconcile/traffic job, port-conflict transport, secret healing on inbound add/update - sub: tg:// proxy share-link generation - frontend: protocol option, Zod schema, Protocol tab (FakeTLS domain + regenerable secret), info-modal link, and i18n - provisioning: fetch mtg v2.2.8 in install.sh, DockerInit.sh, and the Linux + Windows release workflows
  • 0706b0b3a8 feat(x-ui.sh): add migrateDB command for SQLite .db <-> .dump (#4910) * feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release. * fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • db118cbcc9 v3.2.8
  • e7ffae5329 fix(outbound): import ech and pcs from TLS share links The vless/trojan link parser's TLS branch read only sni/fp/alpn, so the ech (echConfigList) and pcs (pinnedPeerCertSha256) query params were dropped on import even though buildStream allocates both fields. Read them in applySecurityParams to match the inbound link generator and the hysteria2 parser.
  • f470bc7cf8 docs(contributing): refresh frontend guide and add Postgres launch profile The frontend section still described the old multi-page app. Rewrite it for the current React Router SPA (single index.html bundle), TanStack Query server state, the Zod source-of-truth model plus generated types, and link logic under src/lib/xray. Update the "adding a page" flow to the route-based approach and drop the stale MIGRATED_ROUTES / "no React Router" notes. Correct the Vite pin (was 8.0.13 "never bump", now exact 8.0.16) and add "npm run test" to the PR checklist. Document the new "Run 3x-ui (Postgres)" launch profile and fix the gitignore claim: .vscode/launch.json is checked in, not gitignored.
  • Просмотр сравнение для этих 10 коммитов »

4 дней назад

txlyre синхронизированные новые ссылки mtproto к txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • c6f15cd53f refactor(api)!: move /panel/setting and /panel/xray under /panel/api Settings and Xray config endpoints now live at /panel/api/setting/* and /panel/api/xray/*, registered under the existing /panel/api group so they inherit the same Bearer-or-session auth (checkAPIAuth) as the rest of the API. An API token is a full-admin credential, so this just makes the surface consistent. The SPA page routes /panel/settings and /panel/xray are unchanged. BREAKING CHANGE: the old /panel/setting/* and /panel/xray/* paths are removed. External callers must switch to the /panel/api/ prefix. Frontend call sites, API docs, the dev proxy, and the route-documentation test are updated to match.
  • a014c01725 feat(api-docs): generate OpenAPI components/schemas from Go structs A new emit_jsonschema.go walks the same allow-listed structs as the zod/types/examples emitters and writes generated/schemas.ts (SCHEMAS). build-openapi mounts it under components.schemas and points each typed response obj at a $ref instead of an untyped {} blob, so Swagger renders real models and openapi-generator can emit clients. Also add a vitest guard that safeParses every EXAMPLES entry against its generated zod schema, reviving the previously unused generated/zod.ts and catching drift between the example and schema emitters.
  • e56f6c63f6 fix(api-docs): target the panel base path in OpenAPI servers ServeOpenAPISpec shipped servers:[{url:"/"}], so Swagger UI "Try it out" and external generators hit the origin root and ignored a non-root webBasePath. Inject the runtime base path into the single servers entry at serve time, touching only that field via json.RawMessage so the rest of the spec is preserved verbatim.
  • 83799d71b0 feat(api-docs): generate response examples from Go structs; fix SS2022 PSK regen (#4996) Stop hand-writing OpenAPI response examples, which kept drifting from the real payloads (clients/traffic missing fields, inbounds/list exposing userId which is json:"-", the fictional inbound-443 tag instead of the real in-<port>-<transport> form). tools/openapigen now emits frontend/src/generated/examples.ts: a per-struct example instance built from type defaults, validate oneof/min bounds, and example: struct tags, with nested-ref expansion and a cycle guard. build-openapi.mjs composes the {success,obj} envelope from it for any endpoint annotated with responseSchema (+ responseSchemaArray for lists); the hand-written response is dropped for those. Service DTOs InboundOption/ApiTokenView/ProbeResultUI are added to the walker. #4996: client password regeneration now produces a valid Shadowsocks 2022 PSK (correct base64 length per cipher) when an SS2022 inbound is attached, in both the single and bulk client forms; backend surfaces ssMethod on /inbounds/options so the UI can pick the right length. Also: Swagger UI persists the Authorization token across reloads (persistAuthorization).
  • Просмотр сравнение для этих 4 коммитов »

4 дней назад

txlyre синхронизированные коммиты с v1.8.10 на txlyre/dtlspipe из зеркала

5 дней назад