Acasă Explorează Ajutor
Autentificare
txlyre
Repozitorii Activitate publică

txlyre a sincronizat consemnările de la v3.2.7 la txlyre/3x-ui din oglindire

2 ore în urmă

txlyre a sincronizat referință nouă v3.2.7 la txlyre/3x-ui din oglindire

2 ore în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 5c1d64b841 v3.2.7
  • 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.
  • 7a72aeda7a i18n: translate connection-limit strings for all languages Adds connectionLimits/connIdle/bufferSize/seconds keys to the remaining 11 locales (ar, es, id, ja, pt, ru, tr, uk, vi, zh-CN, zh-TW); en-US and fa-IR shipped with the feature.
  • 72944daab7 chore(deps): bump xray-core to v1.260327.1 and add pion/wireguard deps
  • c78285402e fix(sidebar): set fixed sider width to 220
  • Vizualizați comparația pentru aceste 12 consemnări »

2 ore în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 573c43e445 feat(sidebar): collapse to icon rail, expand on hover Sidebar is icon-only by default and expands as an overlay on hover, so the dashboard content underneath no longer reflows. Drops the persisted collapse state and the click trigger that conflicted with hover.
  • db5ce06256 fix(panel-proxy): route custom geo and http(s) Telegram through panelProxy Custom geosite/geoip downloads built their own ssrfSafeTransport and never used the configured Panel Network Proxy, so geo updates failed on servers where GitHub is filtered. Route all custom-geo HTTP (startup probes + downloads) through panelProxy when set, falling back to the direct SSRF-guarded transport otherwise; the target URL stays SSRF-validated. The Telegram bot only honored a socks5:// panel proxy and silently rejected http(s)://, despite the setting advertising both. Branch the fasthttp dialer (FasthttpHTTPDialer for http(s), FasthttpSocksDialer for socks5) and accept all three schemes in the fallback and NewBot validation. Add tests proving the panel proxy is used by custom geo and that the bot dialer speaks HTTP CONNECT vs SOCKS5 per scheme.
  • 71cf22fa8d fix(migrate-db): preserve false-valued columns in SQLite to Postgres copy GORM struct INSERT substitutes a column default tag for Go zero-values, so disabled rows (enable=false) silently re-enabled on the destination. Copy each batch through explicit per-column maps so every value is written verbatim. Adds a regression test.
  • e7c11c913a feat(inbounds): per-proxy Pinned Peer Cert SHA-256 + labeled External Proxy form Redesign the Add Inbound -> Stream External Proxy section into labeled per-entry cards (Force TLS / Host / Port / Remark and, under TLS, SNI / Fingerprint / ALPN) and add a Pinned Peer Cert SHA-256 field with a generate-random-hash button to each entry. The pin flows end to end into share links: pcs for vmess/vless/trojan/ss (stripped when a proxy forces security off) and the hex-normalized pinSHA256 for Hysteria. JSON and Clash subscriptions emit the native pinnedPeerCertSha256 / pin-sha256 via the cloned stream. Adds the forceTls label across all 13 locales plus frontend and Go tests.
  • df7ccd3a64 fix(clients): use client_inbounds link to resolve inbound, not stale id client_traffics.inbound_id is a legacy single-inbound pointer that goes stale when an inbound is deleted and recreated: the email-keyed traffic row survives but references a missing inbound. Code that resolved the owning inbound from it broke several client operations. - adjustTraffics: 'Start After First Use' (negative expiry) never converted to an absolute deadline on first traffic, so the countdown never started. Now resolves inbounds via the client_inbounds link and computes the new expiry once per email so multi-inbound clients stay consistent. - GetClientInboundByEmail / GetClientInboundByTrafficID: fall back to client_inbounds when the pointer is dead, fixing reset traffic ('record not found'), client info, and Telegram set-tgId. - autoRenewClients: resolve renew targets via client_inbounds so scheduled renews are not silently skipped. - clients page: allow resetting a client with no inbound attachment (the backend already zeroes counters by email). Add regression test for the delayed-start conversion under a stale inbound_id.
  • Vizualizați comparația pentru aceste 10 consemnări »

10 ore în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • e63cde8fcb feat(settings): move the remark model control to the subscription tab Relocate Remark Model & Separation Character from the General/Panel tab to the Subscription tab's Information section, beside Show Info and Email in Remark, since it only governs how share-link remarks are composed. The sample preview uses concrete example values and renders the separator literally. Also drop the port from the subscription page link rows so each row shows just the inbound remark; the port still appears in the client QR modal and the client info modal.
  • d0998c1d6d feat(links): richer share-link labels across QR, client info and sub views Show colored protocol/transport/security tags followed by the inbound remark and port for each share link in the client QR modal, client info modal and subscription page. The client email and the traffic/expiry decorations are stripped from the remark so only the inbound remark and port remain. Consolidate the duplicated per-page parseLinkMeta/trimEmail/PROTOCOL_COLORS into a shared lib/xray/link-label.tsx (parseLinkParts, LinkTags, linkMetaText) so the colours and the email/stats stripping stay identical across all three surfaces.
  • ccfd04219b fix(panel): register /groups SPA route so hard refresh returns index.html The frontend has a groups page route and sidebar entry, but the backend never registered a GET handler for /panel/groups. A hard browser refresh on that page fell through to the 404 handler. Add the missing panelSPA registration alongside the other page routes. Fixes #4837
  • b08fc0c963 fix(clients): keep reverse tag clearable and preserve flow on attach Two multi-inbound client bugs from issue #4834: - Clearing a client's reverse tag never persisted: SyncInbound keeps a non-empty sticky guard on reverse (shared with node-sync/rename), so the cleared value never reached the canonical clients.reverse column the edit form reads. Update now writes that column authoritatively from the submitted client, matching how it already writes email/updated_at directly. - Attaching a new inbound reset xtls-rprx-vision: Attach seeded its wire client from the canonical clients.flow column, which a non-flow inbound can zero during the preceding update. It now derives the flow from EffectiveFlow (the per-inbound flow_override), so flow-capable targets keep the flow and others stay empty. Adds service tests for both paths and a guard test confirming node-snapshot sync still preserves a stored reverse tag.
  • Vizualizați comparația pentru aceste 4 consemnări »

18 ore în urmă

txlyre a sincronizat consemnările de la v1.8.9 la txlyre/dtlspipe din oglindire

22 ore în urmă

txlyre a sincronizat referință nouă v1.8.9 la txlyre/dtlspipe din oglindire

22 ore în urmă

txlyre a sincronizat consemnările de la master la txlyre/dtlspipe din oglindire

22 ore în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • f6d4358f9e ci(issue-bot): ground the assistant in repo source with an investigation step Give the issue and @claude-mention assistants the repository map, verified runtime facts, and an explicit INVESTIGATE step so every answer is grounded in the checked-out source instead of guesses. Raise max-turns (issues 45->90, mentions 40->70) and expand the mention system prompt to match.
  • 6ee462ac8e fix(links): use configured domain for panel copy/QR links on loopback The panel's copy/QR share links are built client-side and fell back to window.location.hostname, so reaching the panel over an SSH tunnel (127.0.0.1/localhost) leaked localhost into the links - unlike the backend subscription path, which falls back to the configured Sub/Web Domain (issue #4829). Expose webDomain/subDomain via /defaultSettings and add preferPublicHost: when the browser host is loopback, prefer the configured Sub Domain (then Web Domain) for share/QR links. An explicit node override or per-inbound listen still wins; a routable browser host is kept as-is. Closes #4829
  • fcc6787a64 fix(settings): fall back to defaults for empty/NULL setting values A setting row whose value column is empty or NULL (seen on some migrated databases) was parsed directly, so getInt/getBool and the GetAllSetting reflection path crashed with 'strconv.Atoi: parsing "": invalid syntax'. This made the Inbounds page (/defaultSettings -> GetPageSize) and the Settings page fail to load. Treat an empty stored value the same as a missing row and fall back to the built-in default at the int/bool parse sites. String getters are unchanged, so legitimately-empty string settings stay empty. Closes #4830
  • a40d85ce53 fix(sub): advertise routable inbound Listen in subscription links resolveInboundAddress stopped using the inbound's bind Listen in 3.2.5/3.2.6, so a per-inbound Address/IP no longer appeared in generated subscription/share links - they always used the host the subscriber reached the panel on. The frontend QR path still honored Listen, so the panel and the subscription disagreed (issue #4798). Restore advertising Listen when it is a routable host (real IP or hostname), reusing isRoutableHost and excluding unix-domain sockets. Loopback/wildcard binds still fall back to the subscriber host, keeping the earlier loopback-leak fix intact. Precedence is now node address > routable Listen > subscriber host; External Proxy still overrides everything. Closes #4798
  • f901cd42a5 fix(docker): make x-ui CLI menu work inside containers check_status() only recognized a systemd service or Alpine's /etc/init.d/x-ui, neither of which exists in a container where the panel runs as the foreground main process (PID 1 via "exec /app/x-ui"). Every CLI command therefore failed with "Please install the panel first", and restart/restart-xray relied on rc-service/systemctl that aren't present. Detect the container (/.dockerenv or XUI_IN_DOCKER) and, when inside one: - resolve the panel binary under /app instead of /usr/local/x-ui - derive status from the running process instead of a service file - restart via SIGHUP and restart-xray via SIGUSR1 to the panel process - show Docker-appropriate guidance for start/stop/enable/disable The Dockerfile sets XUI_IN_DOCKER/XUI_MAIN_FOLDER so detection is explicit even though /.dockerenv alone suffices. Closes #4817
  • Vizualizați comparația pentru aceste 13 consemnări »

1 zi în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 66d4d04776 fix(iplimit): populate client IP log without an IP limit The per-client IP log was only filled as a side effect of IP-limit enforcement: Run() scraped the access log only when some client had limitIp>0, so installs without a limit always showed an empty IP log (#4800). Decouple collection from enforcement: scrape the access log whenever it is available and thread an enforce flag through processLogFile/updateInboundClientIps so banning still only happens for limited clients. The XUI_ENABLE_FAIL2BAN kill-switch is preserved. Closes #4800
  • 91f325eca6 feat(clients): show filtered count in clients list Surface a "Showing X of Y" counter in the clients filter bar that appears whenever a search term or any filter is active, using the server-provided filtered and total counts. Added the showingCount string across all 13 locales. Closes #4808
  • 61105c2b1a feat(clients,routing): label inbounds by remark with tag fallback Inbound pickers and chips across the Users area, the inbounds attach-clients modals, and the routing rule inbound-tags selector showed the auto-generated tag (in-443-tcp). Show the inbound remark when set, falling back to the tag. Only display labels change; option values keep using the inbound id (or tag for routing rules, which match inbounds by tag), so filtering, attaching, and saved rules are unaffected. Routing reads remarks via a shared useInboundOptions hook that reuses the existing options query cache.
  • 10c185a592 fix(sub): escape Clash subscription profile filename header (#4799)
  • 02043a432d fix(node): fix "invalid input" on save and gate save on connectivity The pinnedCertSha256 form field unmounts for non-pin TLS modes, so antd dropped it from the onFinish values and Zod rejected the missing string (the user-facing "invalid input"). Make it optional with a default so saving works in every TLS mode. Saving now runs the connection test first and only persists when the probe is online; the add/update endpoints enforce the same probe so an unreachable node cannot be stored via the API either. Selecting the http scheme forces TLS verify mode to skip and disables the control, normalized on open for existing http nodes. http-vs-https probe failures report a clear "set the node scheme to http" message across the test button, save, and the backend gate. Closes #4794
  • Vizualizați comparația pentru aceste 5 consemnări »

1 zi în urmă

txlyre a sincronizat consemnările de la v3.2.6 la txlyre/3x-ui din oglindire

1 zi în urmă

txlyre a sincronizat referință nouă v3.2.6 la txlyre/3x-ui din oglindire

1 zi în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 950a647bcc v3.2.6
  • c8ad42631c fix(migrate): copy composite-key tables without FindInBatches (#4787) SQLite to Postgres migration aborted with "copy *model.ClientInbound: primary key required" on installs whose client_inbounds table exceeds one read batch (500 rows). gorm's FindInBatches pages between batches using a single PrioritizedPrimaryField, which composite-key tables (client_id + inbound_id, no surrogate id) do not have, so it returns ErrPrimaryKeyRequired once a table holds more than one batch. Replace FindInBatches in copyTable with explicit LIMIT/OFFSET paging ordered by the model's primary-key columns. This works for every table including composite-key ones, keeps memory bounded, and changes no schema. Add a Postgres-gated regression test covering a >500-row composite-key table.
  • 4f597a08c4 perf(clients): batch bulk attach/detach to cut per-item DB work BulkDetach removed one client per (email x inbound) pair, each with its own settings rewrite, transaction and full SyncInbound. Add delInboundClients to remove all targeted clients from an inbound in a single pass and group removals by inbound, turning O(emails x inbounds) write cycles into O(inbounds). BulkAttach ran the global getAllEmailSubIDs scan once per target inbound via checkEmailsExistForClients. Compute that snapshot once per call and thread it through a new internal addInboundClient; the duplicate check is unaffected because attach reuses each client's existing identity (same subId). Covered by bulk_clients_test.go: VLESS round-trip (linkage, settings JSON, idempotency, record survival), skip-unattached, and Trojan key matching.
  • d56505004e style: gofmt -s (doc-comment list separator, struct field alignment)
  • f0e459e51e fix(node): suppress unavoidable InsecureSkipVerify alert for cert pinning FetchCertFingerprint must accept any certificate by design: it fetches a not-yet-pinned node's leaf cert (trust-on-first-use) so the admin can pin it. Disabling verification is inherent to that, so go/disabled-certificate-check cannot be cleared by code changes. Suppress the finding inline, matching the existing lgtm convention in custom_geo.go.
  • Vizualizați comparația pentru aceste 23 consemnări »

1 zi în urmă

txlyre referință sincronizată și ștersă branches/ruleformmodal_redesign la txlyre/3x-ui din oglindire

1 zi în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 588ea86298 fix(hysteria): use pinSHA256 for pinned cert and emit ech in share links Hysteria links now carry the pinned peer cert under the hysteria2-standard pinSHA256 key instead of pcs (frontend genHysteriaLink + outbound importer round-trip), and the Go subscription generator emits ech from echConfigList. Also drops the dead allowInsecure guard in genHysteriaLink, which read a field that does not exist on TlsClientSettings.
  • 7f8c79675f fix(sub): source Userinfo total/expiry from client config in multi-node (#4645) The Subscription-Userinfo header read total/expiry from client_traffics, but in a multi-node setup the master's node sync overwrites those with the node snapshot's zeros, so the header reported total=0; expire=0 even though the panel UI (which reads the clients table) showed the configured limits. AggregateTrafficByEmails now falls back to the clients table for total/expiry when the traffic row is zero, keeping up/down/lastOnline from client_traffics.
  • 80173b1b1d fix(db): make password-hash migration idempotent to prevent lock-out (#4612) The UserPasswordHash seeder bcrypt-hashed user.Password unconditionally, assuming plaintext. If it ran on an already-bcrypt value (DB restore, SQLite<->Postgres switch, history_of_seeders inconsistency on upgrade) it double-hashed the password, locking the admin out with both old and new passwords rejected. Skip any password that is already a bcrypt hash.
  • 6ae1b38607 fix(outbound): add None option to uTLS fingerprint in TLS form (#4760) Hysteria doesn't use uTLS, but the outbound TLS form's uTLS dropdown only listed concrete fingerprints (chrome, firefox, ...) with no explicit empty entry. Add a None option, matching the inbound TLS form, so the fingerprint can be left empty.
  • 803e010921 fix(outbound): carry ALPN, fingerprint and UDP mask when importing a Hysteria2 link (#4760) parseHysteria2Link hardcoded alpn to h3 and never read fp, ech, or the fm (finalmask) param, so importing a Hysteria2 client URL as an outbound dropped the configured ALPN, fingerprint, and salamander UDP mask. Parse alpn (falling back to h3 only when absent), fp, ech, and the pcs pinned-cert key, and restore the UDP mask via applyFinalMaskParam.
  • Vizualizați comparația pentru aceste 15 consemnări »

2 zile în urmă

txlyre referință sincronizată și ștersă branches/hover_effect_disable la txlyre/3x-ui din oglindire

2 zile în urmă

txlyre a sincronizat consemnările de la v3.2.5 la txlyre/3x-ui din oglindire

2 zile în urmă

txlyre a sincronizat referință nouă v3.2.5 la txlyre/3x-ui din oglindire

2 zile în urmă

txlyre a sincronizat consemnările de la main la txlyre/3x-ui din oglindire

  • 2a03844566 v3.2.5
  • 51d383b1c3 chore: bump bundled Xray-core to v26.6.1 Update the Xray-core download URLs in the release workflow and DockerInit.sh from v26.5.9 to v26.6.1.
  • 2bb9ed1cda feat(outbound): sync DNS outbound config with Xray core changes Rename the DNS rule wire key qtype to qType (reading the legacy qtype on parse for back-compat), add the new rCode response-code field for the return action (omitted when zero), and rename the reject action to return. Align the DNS rule action set across the form dropdown, schema, and adapter to the core's valid values (direct/drop/return/hijack), dropping the never-valid rejectIPv4/rejectIPv6 entries.
  • 32f96298f8 feat(finalmask): sync transport with upstream Xray core changes Consolidate the eight legacy mKCP/header UDP mask types into a single mkcp-legacy type ({header, value}), simplify xicmp to {dgram, ips}, and add the new realm UDP mask type, matching the updated Xray-core wire format. Update the FinalMask schema enum, the transport form, the mKCP seeding default, and the backend KCP share-link translation. Refresh golden fixtures/snapshots and add backend coverage for the mapping.
  • c5ff166056 fix(inbounds): refresh routing inbound-tag list after inbound changes The routing-rule tag picker reads inboundTags from the xray config query (['xray','config']), but refresh() only invalidated the inbounds/clients buckets. So after adding, editing or deleting an inbound the tag list stayed stale until a hard refresh wiped the react-query cache. Invalidate the xray config query too, alongside the existing inbounds-options fix.
  • Vizualizați comparația pentru aceste 18 consemnări »

2 zile în urmă

txlyre a sincronizat consemnările de la branches/ruleformmodal_redesign la txlyre/3x-ui din oglindire

  • ba2baa9028 chore(ui): redesign Edit Routing Rules modal
  • 2a03844566 v3.2.5
  • 51d383b1c3 chore: bump bundled Xray-core to v26.6.1 Update the Xray-core download URLs in the release workflow and DockerInit.sh from v26.5.9 to v26.6.1.
  • 2bb9ed1cda feat(outbound): sync DNS outbound config with Xray core changes Rename the DNS rule wire key qtype to qType (reading the legacy qtype on parse for back-compat), add the new rCode response-code field for the return action (omitted when zero), and rename the reject action to return. Align the DNS rule action set across the form dropdown, schema, and adapter to the core's valid values (direct/drop/return/hijack), dropping the never-valid rejectIPv4/rejectIPv6 entries.
  • 32f96298f8 feat(finalmask): sync transport with upstream Xray core changes Consolidate the eight legacy mKCP/header UDP mask types into a single mkcp-legacy type ({header, value}), simplify xicmp to {dgram, ips}, and add the new realm UDP mask type, matching the updated Xray-core wire format. Update the FinalMask schema enum, the transport form, the mKCP seeding default, and the backend KCP share-link translation. Refresh golden fixtures/snapshots and add backend coverage for the mapping.
  • Vizualizați comparația pentru aceste 10 consemnări »

2 zile în urmă