txlyre

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 2c49dbf54e fix(node): start a fresh quota window when a node auto-renews a client When a node-hosted client auto-renews, the node extends the deadline and zeroes its own counters, but the master treated the counter drop like any reset dip (#5456): the delta clamped to zero, the renewed expiry was adopted, and the old period's up/down stayed on the master row. A "100 GB every 30 days" package never got a fresh quota on the master for node inbounds. Detect the renewal in setRemoteTrafficLocked - reset days configured, an absolute deadline that moved forward, and the node counter falling below the stored baseline - and on that path adopt the node's post-renewal counters and enable state absolutely instead of adding the clamped delta, plus clear the email's stale cross-panel global-traffic rows, mirroring what the local autoRenewClients path already does. A plain counter dip without a deadline move keeps the existing clamp behavior, and a deadline extension with rising counters keeps accumulating. Closes #5843
  • cc3303dd8c fix(sub): carry a host's Final Mask into raw share links A Host's Final Mask was merged into the JSON and Clash subscription outputs via applyHostStreamOverrides, but the raw link builders compute the fm param once from the inbound's own streamSettings.finalmask before the per-host fan-out, and the endpoint override path never read the host's mask. A Final Mask configured only on a host was silently dropped from vless/trojan/ss/vmess share links while an inbound-level mask worked everywhere. Merge the host mask into the fm param per endpoint with the same additive semantics as the JSON path (host tcp/udp masks appended to the inbound's, quicParams only when the inbound has none), for both the URL-param and the VMess object link forms. Closes #5831
  • 52d4af71bc fix(ldap): attach auto-created clients to every configured inbound tag The sync job built an independent client per configured tag and called CreateOne once per tag. Each call generated a fresh random subId, and the email-uniqueness check in ClientService.Create only re-admits a taken email when the incoming subId matches the stored one - so the first tag succeeded and every other tag failed with "email already in use", leaving new LDAP users on a single inbound. Build the client once per email and hand ClientService.Create the full list of resolved inbound ids, the same path the panel's own client create endpoint uses: one identity (email, subId) attached to all configured tags, with per-protocol credentials filled per inbound. Unknown tags are now skipped with a warning instead of building clients against a nil inbound. Closes #5846
  • 7cb2adf429 fix(client): clean node_client_traffics rows when deleting a client Delete and DeleteByEmail removed client_traffics, global-traffic, and inbound_client_ips rows but never the per-node baseline rows in node_client_traffics, so every deleted client left orphaned baselines behind for each registered node. The shared DelClientStat and delClientStatsByEmails helpers already clean that table; mirror the same cleanup in both row-cleanup paths so the record-only and record-less delete flows stop leaking baselines. Closes #5841
  • 6e75938c61 [Feature]: Add a tooltip/hint to the "Password" field in the client form clarifying which protocols use it (#5809) * feat(clients): clarify which protocols use the Password and Hysteria Auth fields Add tooltips to the Password and Hysteria Auth Form.Items in the client form, explaining that Password is only consumed by Trojan and Shadowsocks (ignored for VLESS, VMess, Hysteria, WireGuard) and that Hysteria Auth is the credential Hysteria actually uses. Adds passwordDesc/hysteriaAuthDesc keys to all 13 locale files, following the existing limitIpDesc/totalGBDesc tooltip convention. Closes #5803 * test(clients): assert Password/Hysteria Auth tooltip hints render
  • Просмотр сравнение для этих 8 коммитов »

5 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 659f0f404c fix(ci): stop executing tag-checkout code in the release smoke test CodeQL alert 99 (actions/cache-poisoning/poisonable-step): the workflow_run job runs in the default branch's cache scope, so checking out workflow_run.head_sha and executing a script from it is a cache-poisoning surface. The if-guard (event == 'push') already kept fork PRs out, but the checkout pin was never the load-bearing part of the release verification — the version argument is, since install.sh downloads that exact release binary. Run the smoke script from the default branch instead, which also matches what real users execute.
  • 6214ff4edc fix(mtproto): stop dropping connections on client/inbound edits; add live updates + ad-tag (#5838) * fix(mtproto): split the mtg fingerprint into structural and secrets parts A reordered clients array in the stored settings used to read as a config change because the fingerprint concatenated secrets in array order, and one opaque fingerprint could not tell a restart-worthy change (bind address, fronting, throttle) from a secret-set change a reload-capable mtg can absorb in place. Sort the secret pairs so order stops mattering, and split the value so the upcoming hot-reload path can decide between keeping, reloading, and restarting the process. * fix(mtproto): stop restarting mtg on every inbound edit Saving an mtproto inbound tore down and respawned its mtg sidecar even when nothing material changed, dropping every live Telegram connection: the update path pushed DelInbound+AddInbound, and Remove deletes the manager's map entry, so Ensure's fingerprint no-op gate could never fire. Route mtproto updates through a single Ensure call so an edit that leaves the generated TOML alone keeps the process, and only real config changes restart it. Capturing the pre-edit protocol also fixes a latent leak: changing an inbound's protocol away from mtproto never stopped the sidecar, because the snapshot handed to the runtime already carried the new protocol and the removal took the xray branch, leaving an orphaned mtg holding the port. An mtproto push failure no longer requests an xray restart - xray cannot fix the sidecar, and the 10s reconcile job self-heals it. The regression test fakes mtg by re-executing the test binary, counting spawns through a pid file: an unchanged save and a remark-only edit must keep the process, a re-keyed secret must restart it. * fix(mtproto): exclude depleted clients from the reconcile job to match the sync push The 10s reconcile job derived mtg secret sets from raw inbound settings while the interactive push filtered clients through buildRuntimeInboundForAPI, which drops client_traffics-disabled (depleted or expired) clients. The two paths therefore disagreed on the fingerprint - each disagreement one needless mtg restart dropping live connections - and worse, the job kept serving depleted clients' secrets indefinitely, so running out of traffic never actually cut an mtproto client's access. DesiredMtprotoInstances now builds the job's desired state with the same depletion overlay the push uses (one bulk client_traffics query), drops inbounds whose every secret is filtered away so their sidecar stops, and AddInbound pushes the filtered payload too so an imported inbound carrying disabled stats does not seed a fingerprint the next reconcile disagrees with. * feat(mtproto): hot-reload mtg secrets in place instead of restarting A client add, removal, re-key, or enable-toggle changes only the [secrets] section of the generated config, yet the panel could apply it only by killing and respawning the mtg sidecar, dropping every Telegram connection on that inbound. Split the ensure decision three ways: an identical config is a no-op, a secrets-only change rewrites the TOML on the same api port and asks mtg to hot-swap it via POST /reload, and a structural change (or a failed reload) falls back to the full stop-and-start. The reload endpoint is served by the mhsanaei/mtg-multi fork; against an older binary the POST 404s and the manager restarts exactly as before, so panel and binary upgrades stay order-independent. * feat(mtproto): apply single-client edits to the sidecar immediately Client CRUD on an mtproto inbound was a runtime no-op, so an add, delete, re-key, or enable-toggle only reached mtg on the next 10s reconcile. With the sidecar now able to hot-reload, push the change straight after the edit commits: applyLocalMtproto rebuilds the inbound's filtered client set and re-applies it, so a new client works within a moment (and, on a reload-capable binary, without disturbing the others) and deleting the last client stops the process. The three interactive single-client paths (add, update, delete) call it; bulk operations still ride the reconcile job, which converges to the same state. * chore(mtproto): pin mtg-multi to the mhsanaei fork v1.13.3 The reload endpoint the panel now uses lives in the mhsanaei/mtg-multi fork, so point the source-build pin (DockerInit.sh + both release.yml matrices) at it and bump to v1.13.3. The install still produces the same mtg-multi binary name, so the mtg-<os>-<arch> rename and everything downstream are unchanged. Docs and the package comment note the hot-reload path and its restart fallback. * feat(mtproto): apply live secret updates via the management API and add ad-tag Two capabilities the mhsanaei/mtg-multi v1.13.3 fork exposes are now surfaced by the sidecar manager. Live updates go through PUT /secrets on the fork's management API instead of POST /reload: the panel already holds the whole desired set per inbound, so it sends secrets and the advertising tag as one JSON call that mtg applies atomically, keeping every unchanged connection and closing only removed or re-keyed ones. The config file is still written first so a restart or crash recovery reproduces the state, and any non-200 (an older binary, a refused connection) still falls back to a full restart. Per-inbound ad-tag adds an optional 32-hex Telegram advertising tag plus public-ipv4/public-ipv6 overrides. The ad-tag rides the reloadable secrets fingerprint, so changing it hot-applies without dropping connections; the public IPs are proxy-construction parameters and sit in the structural fingerprint, so a change there restarts the process. Empty public IPs are omitted so mtg auto-detects the reachable address. * feat(inbounds): expose the mtproto ad-tag and public IP in the inbound form Adds an Ad-tag field (validated as 32 hex characters) plus optional Public IPv4 and Public IPv6 overrides to the MTProto inbound form, backed by the same-named settings the sidecar writes into the mtg config. The public IPs are optional — left blank, mtg auto-detects the reachable address the ad-tag middle proxy needs. English strings are added to every locale; the non-English ones carry the English text until translated and fall back to it meanwhile. * ci(mtproto): install mtg-multi from prebuilt release binaries The fork now publishes release archives for every platform we package, so download and unpack the matching mtg-multi-<ver>-<os>-<arch> binary instead of compiling it from source with go install. Faster builds and no toolchain step, and the archive's platform labels line up with our matrix; the produced mtg-<os>-<arch> filenames are unchanged. * i18n(mtproto): localize the ad-tag and public IP strings The six mtgAdTag*/mtgPublicIp* keys shipped with English text in every locale as a placeholder. Translate them into the twelve non-English locales (Arabic, Spanish, Persian, Indonesian, Japanese, Portuguese-BR, Russian, Turkish, Ukrainian, Vietnamese, and Simplified/Traditional Chinese); en-US is unchanged. * retired goreportcard.com
  • Просмотр сравнение для этих 2 коммитов »

13 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 84b6423020 fix(mtproto): stop persisting a vestigial inbound-level secret MTProto is multi-client: mtg's [secrets] config and every share link read only the per-client secrets. The old HealMtprotoSecret regenerated an inbound-level secret on every save, and seedMtprotoSecretsToClients only dropped it for legacy single-secret inbounds, so multi-client inbounds kept a dead secret. That value once leaked into stale links imported into Telegram, which mtg then rejected as "incorrect client random". Replace HealMtprotoSecret with StripMtprotoInboundSecret (removes the key), strip on save in normalizeMtprotoSecret, and add a one-time stripMtprotoInboundSecrets migration that runs after the seeder so a legacy secret is first preserved onto a client before the inbound-level copy is dropped.
  • 27fd19895a fix(mtproto): drop the remark fragment from tg proxy deep links genMtprotoLink appended the panel remark as a URL fragment (tg://proxy?...&secret=...#remark). Because secret/server is the last query value, lenient Telegram parsers fold the "#remark" into it and the imported proxy breaks with "incorrect client random". Telegram proxy deep links have no name field, so emit a clean link on both the backend (internal/sub) and frontend (inbound-link.ts). The remark still shows as a separate tag in the inbound info modal, which reads it from genAllLinks, not the URL. Guards: Go TestGenMtprotoLinkFields asserts no fragment; the frontend mtproto link test asserts no '#'.
  • a1ca43d869 chore(gen): refresh generated schemas after Client.Secret comment drop Commit d8b9f535 dropped the trailing comment on model.Client.Secret but did not regenerate the openapigen output, leaving a stale "MTProto FakeTLS secret" description in schemas.ts and openapi.json. Rerun make gen to bring the generated files back in sync with the source.
  • 977fe4b4ea fix(ci): install mtg-multi without GOBIN for cross-compiled release builds go install refuses to run with GOBIN set when GOOS/GOARCH differ from the host, which failed the linux release build for every non-amd64 platform (386, arm64, armv7, armv6). Let it install into GOPATH/bin instead, where cross-compiled binaries land in a GOOS_GOARCH subdirectory, and locate the binary there. DockerInit.sh keeps GOBIN because buildx runs it under emulation for the target platform, making the install native.
  • d8b9f535ff style(model): drop trailing comment on Client.Secret to satisfy gofumpt The long example tag on Secret pulled the struct's trailing-comment block into a new alignment section, so gofumpt demanded every following comment be re-aligned to that tag's column. Removing the comment restores the previously accepted layout and follows the repo rule against line comments.
  • Просмотр сравнение для этих 6 коммитов »

21 часов назад

txlyre синхронизированные коммиты с v1.8.11 на txlyre/dtlspipe из зеркала

1 день назад

txlyre синхронизированные новые ссылки v1.8.11 к txlyre/dtlspipe из зеркала

1 день назад

txlyre синхронизированные коммиты с master на txlyre/dtlspipe из зеркала

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 5e9606aa4d fix(script): stop logging an error when Enter accepts the default ACME port Pressing Enter at the 'Please choose which port to use (default is 80)' prompt left WebPort empty, and bash arithmetic treats an empty string as 0, so the out-of-range branch fired and printed 'Your input is invalid' even though the default was correctly applied. Handle empty input as accepting the default silently, and validate real input with a digits-only regex so non-numeric entries like '8x' get the invalid-input message instead of a bash arithmetic error. Applied to the identical prompt in x-ui.sh, install.sh, and update.sh. Fixes #5829
  • f36f481e02 feat(db): add pgclient command to install or upgrade PostgreSQL client tools Restoring a panel backup made by a newer pg_dump fails when the host's pg_restore is older, and the existing pg_ensure_client only installs the distribution package when the tools are missing - it can never upgrade, and distribution repositories often cap below the required major. Add pg_upgrade_client to x-ui.sh, exposed as 'x-ui pgclient [major]' and as a PostgreSQL menu entry: it checks the installed pg_restore major, tries the distribution package for the exact requested major first, and falls back to the official PostgreSQL repository (apt on Debian/Ubuntu, yum/dnf on Enterprise Linux, with a /usr/pgsql PATH symlink fallback); Arch, Alpine and openSUSE install their current package. The panel's dump-version mismatch error now names the ready-to-copy command with the exact major parsed from the dump header.
  • de70ecb026 fix(db): probe dump readability before PostgreSQL import pg_restore cannot read archives newer than itself, so importing a dump made by pg_dump from PostgreSQL 17+ into a panel with an older postgresql-client failed with a raw 'unsupported version (1.16) in file header' - and only after Xray had already been stopped for the restore. Probe the uploaded file with pg_restore --list first, which reads only the archive TOC without touching the database, so an unreadable dump is rejected before Xray is interrupted. When the failure is a dump-format version mismatch, translate it into a message naming the PostgreSQL version that produced the dump and the client version to install.
  • ed66209e38 feat(outbound): add real-delay connection test mode The HTTP probe reports the warm per-request round-trip, which reads lower than the delay figure client apps show for the same server. Add a third "real" test mode that reuses the temp-instance HTTP probe but reports the cold request's full elapsed time - tunnel establishment included - and skips the warm request. UDP-transport outbounds forced out of the TCP lane still report "http"; in real mode they report "real". The mode joins the TCP/HTTP toggle on the outbounds tab, with the label translated in all 13 locales.
  • Просмотр сравнение для этих 4 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 5a7b3b7370 fix(client): stop duplicate client entries accumulating in inbound settings Adding a user to multi-node inbounds could leave 3-6 identical entries in one inbound's settings.clients array: addInboundClient appended incoming clients unconditionally, and the duplicate-email precheck exempts a matching subId (so one identity can span several inbounds), so a retried or raced add of the same client re-appended it to an inbound that already carried it - on the master and, since nodes run the same code, on every node, whose snapshot adoption then copied the duplicates back verbatim. The normalized clients/client_inbounds tables stayed clean (unique constraints), which is why the phantom rows only showed in settings-driven views like the Detach clients modal, where duplicate React keys also broke the selection counter. Three layers: addInboundClient now skips incoming clients whose email is already on the target inbound (idempotent re-adds instead of duplication), node snapshot adoption collapses duplicate emails before writing the central row, and an idempotent startup repair rewrites any inbound whose settings still carry duplicates from older builds. Closes #5770
  • 9d1a21b484 fix(ui): keep an explicit zero happy-eyeballs delay across the round trip Follow-up found in review: the wire normalizer still stripped tryDelayMs when it equaled 0, but with the schema default now 250 a reload rehydrates the missing field as 250 - a user who explicitly set 0 ("disabled", per the field's own placeholder) would see 250 and any subsequent save would silently enable a delay they turned off. Keep tryDelayMs on the wire unconditionally; it is the one happy-eyeballs field whose presence changes xray's behavior. Refs #5780
  • 0753f5ee83 fix(link): reject non-finite and clamp out-of-range quicParams from fm= Follow-up hardening of the fm= sanitizer found in review. ParseFloat accepts "inf"/"NaN", and a non-finite float64 makes json.Marshal fail later - the subscription refresh discards that error and blanks the stored outbound set, so one poisoned link could wipe a subscription's outbounds. Values that coerce fine but sit outside xray-core's accepted ranges (keepAlivePeriod 0 or 2-60, maxIdleTimeout 0 or 4-120, maxIncomingStreams 0 or >= 8) still killed the config load, and huge magnitudes serialize in exponent notation that xray's integer fields reject. Coerced values are now stored as integers, clamped into the accepted ranges, and dropped when negative, non-finite, or absurdly large; the TS import parser mirrors the same rules. Refs #5783
  • 837cf5f24e fix(db): clamp traffic counters below int64 max and repair overflowed rows A counter pushed past int64 (multi-node setups hit this via historic delta-compounding bugs) makes SQLite silently promote the INTEGER cell to REAL. From then on the column no longer scans into the Go int64 field and every reader of client_traffics fails at once: the inbounds page, xray restarts, and node traffic sync all return "converting driver.Value type float64 to int64". Two-part fix: every unbounded "up = up + ?" add (local traffic, node delta merge, inbound counters, plus the Go-side outbound accumulation) now saturates at TrafficMax, a cap safely below math.MaxInt64 so one more delta cannot overflow; and a startup repair casts REAL-promoted cells back to INTEGER and clamps all traffic counters into [0, TrafficMax] across client_traffics, inbounds, outbound_traffics and node_client_traffics, restoring access to already-corrupted panels without manual sqlite surgery. Closes #5762
  • b1fa76f9b6 fix(node): fully delete clients on nodes instead of only detaching them Deleting a client on the master propagated to nodes via the detach endpoint, which removes the client from that one inbound's settings but deliberately keeps the client record. The node ended up with an orphaned record that kept showing in its Clients view; the master and node could never converge on a delete. Full-delete and detach intent now travel separately: the Runtime interface gains DeleteClient, which on Remote hits the node's panel/api/clients/del endpoint (record, attachments, traffic; repeat calls for a client on several inbounds of the same node are swallowed as idempotent "not found"). Delete/DeleteByEmail/BulkDelete use it for node inbounds, while Detach/BulkDetach keep the inbound-scoped detach RPC so removing a client from one inbound never wipes it node-wide (the #5543 guarantee is preserved and covered by tests). Bulk deletes above the fold threshold still converge membership via reconcile; their leftover node records can be cleaned with the node's delete-orphans action. Closes #5797
  • Просмотр сравнение для этих 13 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • a0989e0f4d fix(node): stop client edits from tearing down node inbounds and harden reconcile fingerprints A client save on the master always stamped a fresh updated_at, marked the node dirty, and let the 5s sync push a full inbounds/update to the node, where applying it removes and re-adds the Xray handler - killing live traffic on every edit, including no-op saves (open the editor, click Save). Nodes stayed online with Xray running while forwarding nothing until a manual Xray restart. - No-op client saves preserve the client's updated_at and return before any DB write, runtime RPC, or node dirty mark when the effective settings did not change. - Successful per-client add/update/delete pushes advance the node's reconcile-skip fingerprint only when the recorded fingerprint proves the node held the exact pre-edit payload and every push in the edit succeeded (Remote.AdvancePushedInbound). Anything unproven keeps the stale fingerprint so the dirty reconcile still sends the full inbound. Unconditional stamping would certify folded bulk changes (threshold, flow change, offline edit) or partially failed batches as delivered: a folded 41->6 bulk delete followed by one live edit left the node permanently serving all 41 clients in end-to-end testing, with the snapshot adoption then resurrecting the deleted clients on the master. - DeleteUser treats only an envelope-level not-found as already deleted; an HTTP 404 from an old node build without the detach endpoint surfaces as an error instead of certifying an undelivered delete. cacheDel drops the fingerprint alongside the id cache so DelInbound and tag renames leave no stale skip entry. - Adopting the node's own settings serialization into the master row now also stamps the fingerprint (RecordAdoptedInbound). Without it the serialization round-trip invalidated the fingerprint one sync tick after every push, so each edit degraded back to a full teardown push. - UpdateInboundClient applies the Shadowsocks method normalization before the no-op comparison (real method changes bump updated_at, SS no-op edits are detected) and syncs the generated subId into the pushed client so the node cannot mint a different one. Verified with a two-panel docker deployment: no-op saves produce zero node requests, real edits send one lightweight clients/update RPC with zero full inbound updates and zero handler teardowns, and folded bulk deletes still converge. Based on PR #5778 by @rqzbeh. Closes #5764 Closes #5771
  • 07d66aa6dc refactor: use the built-in max/min to simplify the code (#5751) Signed-off-by: alaningtrump <[email protected]>
  • b177e30714 feat(ui): client-realtime-speed (#5687) * refactor(inbounds): extract TRAFFIC_POLL_INTERVAL_S to shared util * feat(clients): derive per-client live speed from traffic WebSocket deltas * feat(clients): render speed column and mobile card line * i18n(clients): add pages.clients.speed key to all 13 locales
  • e11e587c60 fix(script): correct hardcoded menu option numbers in x-ui.sh (#5787) * fix(script): correct hardcoded menu option numbers in x-ui.sh The error messages referenced option 19 for SSL Certificate Management and option 16 for Logs Management, but the actual positions in show_menu are 20 and 17 respectively. * Update x-ui.sh
  • Просмотр сравнение для этих 4 коммитов »

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 5c725df702 fix(ci): pin the tag smoke test to the release under test The v3.4.2 tag push triggered the smoke workflow immediately, but install.sh with no arguments resolves releases/latest, which still pointed at v3.4.1 while release.yml was uploading the new assets. The green smoke run therefore validated the previous release (#5756). A paths filter alone cannot exclude tag pushes because a brand-new tag ref has no diff base. Restrict the push trigger to branches so tag pushes no longer start the unpinned job, and add a workflow_run job that fires after the release workflow completes for a v* tag: it checks out the tagged commit, passes the tag through smoke-noninteractive.sh into install.sh's explicit-version path, and asserts the installed binary reports exactly that version. Closes #5756
  • d105b2741c fix(node): stop one rejected inbound from starving a node's traffic sync A legacy socks inbound (predating the socks-to-mixed protocol rename) fails the node's request validation when pushed. ReconcileNode aborted on the first failed inbound and syncOne then skipped the traffic snapshot entirely and never cleared ConfigDirty, so the whole node re-failed every tick and the master stopped deducting traffic for every client on that node, exactly as reported in #5685. Three-part fix: ReconcileNode now pushes every inbound and runs the delete sweep even past individual failures, returning the failures joined; syncOne logs a failed reconcile but continues with the traffic pull (dirty stays set, so reconcile retries and the merge stays in its conservative mode); and a migration renames legacy socks inbounds to mixed, which has an identical settings shape, removing the known trigger. Closes #5685
  • 05cb70d8a8 feat(frontend): add text search to the inbound list The v2.x panel could filter inbounds but the list page only had the node dropdown. Add a search box next to it matching on remark, port, and protocol, composed with the node filter; the dataset is already client-side, so no API change. Closes #5267
  • 323cf09d10 feat(sub): show the announcement on the subscription info page The subAnnounce setting was only emitted as a base64 Announce response header, which most client apps ignore and browsers never see. Pass it into the sub page view-model and render it as an info alert at the top of the card; custom themes get the announce key for free. Closes #5276
  • 1f04912b6f feat(tgbot): register usage, inbound, restart and clearall in the bot command menu The Telegram command menu listed only start/help/status/id although usage, inbound and restart were already handled, and resetting all traffic was reachable only through inline keyboards. Register all handled commands with localized descriptions and add an admin-gated /clearall command that reuses the existing reset-all confirmation keyboard, so nothing destructive runs without an explicit confirm. Closes #5307
  • Просмотр сравнение для этих 11 коммитов »

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • f90e4a6962 fix(panel): use the hosting node address for WireGuard client configs (#5679) * fix(panel): use the hosting node address for WireGuard client configs The clients page rendered a node-managed WireGuard inbound's config with the master panel's host in Endpoint instead of the hosting node's address, so the copied/QR config pointed at the wrong server. The subscription path already resolves this via resolveInboundAddress; the UI generator did not. Expose the share-host resolution inputs (node address, listen, share-address strategy/address) on InboundOption and route buildWireguardClientConfig through the same canonical resolver the inbounds-page share links use, extracted as resolveShareHost. This also brings local inbounds with a shareable listen or a listen/custom share strategy into parity with the subscription Endpoint; the common listen=0.0.0.0 case still falls back to the panel host. * fix(frontend): keep a raw fallback host and refresh node-fed inbound options Code review of the WireGuard node-endpoint change surfaced two gaps. resolveShareHost normalized its last-resort fallbackHostname, so a panel reached via a hostname the share-host grammar rejects (underscore label, trailing-dot FQDN) emitted a broken 'Endpoint = :51820'; the fallback now stays verbatim when normalization empties it. Node mutations only invalidated the nodes query, leaving the staleTime-Infinity inbound options cache serving an edited node address until the sync job broadcast (never, for disabled/offline nodes); they now invalidate the options key too. Also folds the ShareHostFields projections into direct structural passes, elides the default node shareAddrStrategy so omitempty drops it, and replaces the nullable node-address scan with COALESCE. --------- Co-authored-by: STRENCH0 <17428017+[email protected]> Co-authored-by: Sanaei <[email protected]>
  • dbdecda03f Env vars example file update (#5678) * Update .env.example * Update .env.example * Update .env.example * Update .env.example
  • 6e0067fca3 docs(settings): clarify Sub Port/Sub Domain double as subscription-link fallback (#5721) * docs(settings): clarify Sub Port/Sub Domain double as subscription-link fallback subPort/subDomain are documented purely as the subscription service's own listen address, but when "Reverse Proxy URI" is empty, GetDefaultSettings silently reuses them (with the admin API request's own Host header as the domain fallback) to build the subscription link/QR shown in the panel. Behind a reverse proxy where the sub service listens on an internal port and is exposed externally on a different port/domain, this produces a broken link even though "Reverse Proxy URI" already solves it - nothing in the UI text pointed to it. Clarify all locales. * docs(settings): fix wording nits from review (punctuation, CJK parens, es-ES field name) - en-US/id-ID/pt-BR/tr-TR/uk-UA/ar-EG: add terminating punctuation before the appended sentence so it doesn't run on directly after the closing parenthesis. - zh-CN/zh-TW/ja-JP: restore full-width CJK parentheses around the pre-existing parenthetical, matching the rest of each file. - es-ES: subURIDesc referenced "Dominio/Puerto de escucha", but the actual field labels in this locale are "Dominio de Escucha" and "Puerto de Suscripción". --------- Co-authored-by: Volov <[email protected]>
  • ed95acdd47 fix(scripts): avoid rpm package upgrades before installs (#5750)
  • 1afab47f04 feat(frontend): show client group in the client info modal The group label was already on ClientRecord but the info modal never displayed it. Add a conditional row next to the comment, rendered as a geekblue tag to match the group column in the clients table.
  • Просмотр сравнение для этих 8 коммитов »

4 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • ccd56a56a8 chore(deps): bump github.com/klauspost/compress from 1.18.6 to 1.19.0 (#5731) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.6 to 1.19.0. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](https://github.com/klauspost/compress/compare/v1.18.6...v1.19.0) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • 7a844682b3 chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.5 to 4.26.6 (#5730) Bumps [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) from 4.26.5 to 4.26.6. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](https://github.com/shirou/gopsutil/compare/v4.26.5...v4.26.6) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.26.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • 6626bf4a07 chore(deps): bump google.golang.org/grpc from 1.81.1 to 1.82.0 (#5729) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.81.1 to 1.82.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.81.1...v1.82.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.82.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • c0df365524 chore(frontend): bump minor npm deps Update frontend dependencies to newer patch/minor versions in package.json and refresh package-lock accordingly. This includes runtime libraries (i18next, react-router-dom, recharts) and tooling updates (typescript-eslint, vite) to keep the frontend stack current and aligned.
  • 5361b56e5e fix(update): avoid full dnf system upgrade (#5717)
  • Просмотр сравнение для этих 22 коммитов »

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/vite-8.1.3 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/typescript-eslint-8.62.1 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/recharts-3.9.1 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/react-router-dom-7.18.1 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/npm_and_yarn/frontend/i18next-26.3.4 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/go_modules/google.golang.org/grpc-1.82.0 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/go_modules/github.com/shirou/gopsutil/v4-4.26.6 на txlyre/3x-ui из зеркала

4 дней назад

txlyre синхронизированные и удаленные ссылки dependabot/go_modules/github.com/klauspost/compress-1.19.0 на txlyre/3x-ui из зеркала

4 дней назад