txlyre

txlyre синхронизированные коммиты с audit/self-correcting-review на txlyre/3x-ui из зеркала

  • fbad71d620 fix: close panics and races the audit's own fixes left nearby Second-pass review of the 54-commit self-correcting audit. Each item below was confirmed by reading the surrounding source (and, where practical, the pre-fix code) before being changed; regression tests are included for every behavioral fix. Concurrency: - eventbus: Bus.Subscribe called wg.Add with no synchronization against a concurrent Bus.Stop's wg.Wait, a real "WaitGroup misuse" panic risk (e.g. a Telegram-bot settings save racing panel shutdown/restart). Stop now flips a mu-guarded `stopped` flag before waiting, and Subscribe checks it under the same lock, so Add and Wait can no longer race. Security: - login_limiter: evictForRoom's fallback eviction picked an arbitrary map key, including ones still under an active cooldown - an attacker flooding /login with fresh usernames could evict their own (or anyone's) blocked record and reset the lockout. The fallback now skips actively-blocked records, only falling back to an unconditional evict if the map is somehow entirely full of active blocks (preserves the hard memory cap). Subscription-endpoint panics (reachable by any client hitting /sub): - internal/sub/service.go: applyPathAndHostParams/Obj (ws/httpupgrade/xhttp with no path settings object) and the TLS alpn readers in three places used unchecked type assertions - exactly the bug class abab7cd0 patched elsewhere in the same switch statements, just not these call sites. - internal/sub/json_service.go, clash_service.go: the externalProxy loops in the JSON and Clash generators used unchecked assertions on a legacy/admin-supplied field (missing "port", non-object entry, etc.). - internal/sub/json_service.go: realityData's shortId/serverName selection could assert a non-string array element. Other correctness: - client_traffic.go: ResetAllTraffics (touched by 3eb214d0) still skipped clearing NodeClientTraffic node-sync baselines, unlike its sibling reset paths in the same file - a node's next sync would re-add pre-reset delta on top of the freshly-zeroed counter. - inbound_traffic.go: the traffic-tick tx's Commit/Rollback errors were silently discarded; now logged so a backend-level commit failure (e.g. an aborted Postgres tx from a best-effort helper) doesn't masquerade as a successful tick. - outbound_subscription.go: the new subscriptionFetchClient doc comment was wedged between fetchAndStore's existing comment and fetchAndStore itself, leaving fetchAndStore undocumented and the comment describing the wrong function. Convention cleanup: - Removed narrative // comments added by the audit that violate this repo's no-inline-comment rule (mostly narrating the specific bug/fix rather than a lasting contract, and mostly on new Test functions, which this repo's existing tests never comment) - calibrated against this exact codebase's own pre-existing comment style so legitimate godoc-style doc comments were left alone.
  • a862680645 style(sub): simplify a negated conjunction to satisfy staticcheck QF1001 golangci-lint (staticcheck QF1001) flagged the `!(a && b)` guard in expandSegment. Rewrite it via De Morgan's law to the equivalent `!a || !b` form so the linter passes; behavior is unchanged.
  • 325550e57f fix(frontend): meet WCAG AA contrast on the config-block link text The Storybook accessibility test flagged the share-link <code> block: with no explicit color it inherited a muted grey that renders as #888888 on the #f8f8f8 tertiary-fill background in CI's Chromium — a 3.33:1 contrast, below the 4.5:1 AA threshold. Set the text to the theme's primary text token so the colour is explicit and high-contrast in both light and dark themes instead of depending on an inherited value that varies by browser.
  • eb769e3f1f fix(frontend): map outbound mobile-card actions through the real index too The desktop outbounds table was keyed by the outbound's real index, but the mobile card list was left keying the probe trigger and every test-state lookup by the positional row index. With a hidden balancer-loopback outbound present, tapping Check on a mobile card probed the wrong outbound and the Test-All results landed on the wrong card. Key onTest and the testResult/isTesting reads by record.key, matching the desktop columns.
  • 0061892d87 fix(eventbus): deliver events on a bounded per-subscriber worker The previous fix dispatched each event to every subscriber with a bare `go safeCall`. That unblocked the dispatch loop, but removed the bus's backpressure: under a login-attempt flood (which both notifier subscribers process without rate-limiting) with email/Telegram enabled, every attempt spawned handler goroutines that each block on network I/O for up to ~30s, with no bound — a goroutine and outbound-connection storm. It also let a subscriber's handler run concurrently with itself, racing the Telegram notifier's lazily-cached hostname. Give each subscriber its own bounded queue drained by a single worker goroutine. Dispatch does a non-blocking send per subscriber (dropping only that subscriber's event when its queue is full), so a slow subscriber still can't stall the others, concurrency is bounded to one in-flight handler per subscriber, per-subscriber event order is preserved, and Stop again waits for in-flight handlers to finish.
  • Просмотр сравнение для этих 10 коммитов »

4 часов назад

txlyre синхронизированные новые ссылки audit/self-correcting-review к txlyre/3x-ui из зеркала

4 часов назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 129f50d92a feat(sub): auto-detect subscription format by User-Agent (Updated) (#5826) * feat(settings): add subscription format controls * feat(sub): auto-detect subscription formats * fix(xray): validate balancer regexes before save * Revert "fix(xray): validate balancer regexes before save" This reverts commit 8a208ce71b7b3daed5d05607091203382d675e07. * doc(endpoints): align indent spaces * doc(settings): improve error message formatting in validateSubUserAgentRegex - Use NewErrorf with proper formatting instead of NewError with string concatenation - Add comment explaining the rationale for returning original pattern value - This preserves the intentional design where empty input is stored as empty in the DB and inherited as the runtime default at read time --------- Co-authored-by: Tomilla <5007859+[email protected]> Co-authored-by: Sanaei <[email protected]>
  • f2b17397f4 fix(frontend): stabilize speed tags on inbound and client pages (#5930) * fix(frontend): add shared stable speed-tag style Give live up/down rate tags a fixed width, centered layout, nowrap, and tabular numerals so digit/unit changes cannot reflow the Speed column. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <[email protected]> * fix(frontend): stabilize InboundSpeedTag and ClientSpeedTag layout Apply the shared speed-tag class/style to both live rate tags and lock the behavior with a focused component test for small and large rates. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <[email protected]> * fix(frontend): align speed columns with stable tag width Widen inbound/client Speed columns to match the fixed tag and apply the same stable style to idle dash cells so active/idle swaps do not jitter. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <[email protected]> * fix(frontend): scope stable speed tags to table cells and fit content --------- Co-authored-by: x06579 <x06579@ai-dashboard> Co-authored-by: Sisyphus <[email protected]>
  • 658e6ab3d3 feat(frontend): show client comments on mobile cards (#5942) * feat(frontend): show client comments on mobile cards * fix(frontend): bound mobile comment height --------- Co-authored-by: sanmaxdev <[email protected]>
  • 1cfd7b49b0 fix(email): build an RFC 5322 message with a proper From address and name (#5941) The notification/test email carried only From/To/Subject/MIME headers, and the From header was the raw SMTP username. Two problems: - When the SMTP login is not a bare email address (common with relays and submission services), the From header has no valid address and strict receivers reject the message — e.g. Gmail returns "550-5.7.1 ... Messages missing a valid address in From: header". - There was no Date (mandatory per RFC 5322 section 3.6) and no Message-ID, which also raises spam score. Add smtpFrom (sender address) and smtpFromName (display name) settings and assemble the message with net/mail: a name-addr From ("Name" <addr>), a Date, a Message-ID, and an RFC 2047 encoded Subject, in a deterministic header order. From falls back to the username when smtpFrom is empty, so existing setups keep working. Wire the settings through the model, the SMTP send and test paths, the Email settings UI, and all 13 locale files; regenerate the Zod/OpenAPI artifacts. Validate smtpFrom in AllSetting.CheckValid (reject anything net/mail cannot parse), which surfaces a bad address at configuration time and prevents CRLF header injection; strip CR/LF in buildMessage as defense in depth. Add buildMessage and CheckValid tests.
  • ae0da4c51f fix: stop forcing port 53 on DoH/DoQ DNS server entries (#5950) Object-form DNS server entries always received port: 53, because DnsServerObjectInnerSchema defaulted the port unconditionally and the DnsServerModal wire adapter always wrote it. Per Xray-core, encrypted schemes must not carry a port field; a non-standard port is embedded in the URL instead. Default the port to 53 only for non-encrypted addresses and omit it for the encrypted DNS schemes Xray dispatches without a port - https, https+local, h2c, h2c+local and quic+local - both in the Zod schema and in the modal's valuesToWire adapter. Schemes are matched case-insensitively to mirror Xray-core's EqualFold comparison. A shared isEncryptedDnsAddress helper backs both paths. Fixes #5920 Co-authored-by: Matt Van Horn <455140+[email protected]>
  • Просмотр сравнение для этих 7 коммитов »

1 день назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • b11ceac18e fix(ci): install the docs-pinned pnpm instead of floating on 11.x pnpm/action-setup resolved 'version: 11' to the newest 11.x, and its self-installer crashes upgrading to 11.12.0 (Cannot use 'in' operator to search for 'integrity'), failing both docs workflows at setup. Reading docs/package.json instead installs the exact packageManager pin ([email protected]), which also keeps the workflows and the lockfile toolchain on a single source of truth.
  • bbc4163768 chore: standardize the toolchain on Node 24 LTS The repo now pins Node 24 everywhere instead of mixing 22 and hardcoded workflow versions. The docs workflows read .nvmrc like the main CI already did, so the Storybook bundle in the Pages deploy builds on the same runtime as the PR gate. The docs gen:api script runs its TypeScript entry natively, dropping the experimental type-stripping flag that Node 24 makes default; the matching frontend cleanup (engines and gen:api) landed with the Storybook commit.
  • ee9a6067c2 refactor(frontend): migrate off deprecated Ant Design 6 props The repo's type-aware deprecation sweep (eslint.deprecated.config.js) reported fourteen findings; it now reports zero. Alert message becomes title and closable+onClose becomes closable.onClose; Select optionFilterProp moves into showSearch.optionFilterProp and suffixIcon becomes suffix; Drawer width becomes size; Progress trailColor becomes railColor. Behavior is unchanged apart from a few single-mode selects gaining type-to-filter, which the old prop already implied.
  • 60316c831f fix(frontend): resolve every axe accessibility violation in the component library Running the stories under axe surfaced real panel defects, not just story cosmetics. FormField never associated its Form.Item label with the wrapped control, so no RHF form field in the panel had a programmatic label; it now generates an id and wires htmlFor. Unnamed controls get accessible names: the prompt and text modal inputs (from the modal title), the client traffic progress bar (used/limit values), the CPU and RAM threshold inputs in the notification groups (event label threaded through the extra renderer), and the JSON editor's contenteditable surface. ConfigBlock's collapse header carried role=button around focusable action buttons; collapsible=header scopes the toggle to the label. Light theme gains contrast-safe tokens shared by the panel and Storybook: darker description, placeholder, error and success text, a darker primary button blue, and a readable gold tag, all meeting the WCAG AA 4.5:1 ratio. The infinity badge swaps a prohibited bare aria-label for role=img.
  • df3ba568d1 feat(docs): publish the component Storybook on the docs site The docs site and the component workbench were entirely disconnected. The Pages deploy now builds the frontend Storybook and bundles it into the artifact under /storybook, so the live component reference ships with the documentation, and the navbar links to it. Story changes trigger a redeploy so the published workbench cannot go stale.
  • Просмотр сравнение для этих 6 коммитов »

1 день назад

txlyre синхронизированные коммиты с v3.5.0 на txlyre/3x-ui из зеркала

2 дней назад

txlyre синхронизированные новые ссылки v3.5.0 к txlyre/3x-ui из зеркала

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 4e928a1ce0 v3.5.0
  • e211a5cc47 feat(frontend): hide redundant migration download on sqlite panels Back Up's .db now restores directly into a PostgreSQL panel, so the SQLite-side Download Migration row only duplicated it; the row stays on PostgreSQL panels where it is the only PG-to-SQLite path. Restore accepts .dump and .db everywhere, the backup modal texts describe the accepted formats in all locales, and the orphaned migrationDownloadDesc key is removed.
  • 77dffe9a85 feat(server): sniff sqlite panel restore uploads and keep the fallback on failure The SQLite panel's Restore now detects the upload by content like the PostgreSQL panel does: migration dumps are rebuilt with RestoreSQLite, pg_dump archives get a clear error instead of 'Invalid db file format', and every upload passes the panel-schema pre-flight before Xray stops. The .backup fallback survives a failed Xray start and is named in the error, the DB pool is reopened on every error path after CloseDB, and a failed InitDB closes the imported file before restoring the fallback so the rename cannot hit a Windows sharing violation.
  • 54fc0fd47c fix(database): make cross-db migration lossless, transactional, and pre-checked migrationModels was missing ClientGroup and ClientGlobalTraffic, so both migration directions silently dropped client groups and global client traffic; the model list is now extracted to allModels and a parity test keeps the two lists from drifting again. MigrateData runs its truncate and copy inside one transaction so a failed import rolls back instead of leaving the destination truncated (sequences resync after commit since setval is non-transactional). New PrepareSQLiteForMigration rejects uploads that are not a panel database and AutoMigrates old backups so their missing tables cannot break the row copy.
  • 30b611614b feat: import SQLite migration dumps through the PostgreSQL panel restore The SQLite panel's Download Migration produces a portable SQL text dump advertised as seeding a PostgreSQL panel, but the PostgreSQL Restore only accepted pg_dump custom archives, so the migration file was rejected with 'Invalid file' even though the upload picker asked for .dump. importDB now sniffs the upload header: PGDMP archives keep the pg_restore path, while raw SQLite databases (.db) and SQL text migration dumps are rebuilt, integrity-checked, and copied into PostgreSQL with the same MigrateData engine as 'x-ui migrate-db --dsn'. The restore picker accepts .dump/.db on PostgreSQL and the backup modal texts describe the accepted formats in every locale.
  • Просмотр сравнение для этих 5 коммитов »

2 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 44f2f426d8 feat(frontend): split wireguard inbound export into config and links tabs The per-inbound export modal only showed the joined .conf blocks for wireguard, with no way to grab the wireguard:// share links the QR modal already generates. TextModal gains an optional tabs prop (copy and download follow the active tab), and the wireguard export now offers a Config tab with the .conf blocks alongside a Links tab with the per-client wireguard:// URLs. Tab labels reuse the existing pages.clients.config / pages.clients.tabLinks locale keys. Other protocols keep the single untabbed view.
  • c4a1139d3f feat(frontend): treat wireguard inbounds as multi-user in client actions WireGuard has been first-class multi-client on the backend for a while (key generation, tunnel address allocation, attach/detach/delete all flow through the shared client apply path), but isInboundMultiUser still excluded it, so wireguard rows only offered Export Inbound / Reset Traffic / Clone / Delete. Adding it to the multi-user set surfaces Export All URLs (per-client .conf blocks), the subscription export, and the attach/detach/group/delete-all client actions, and makes wireguard inbounds valid targets in the attach-clients picker. The now-dead isWireguard guard on the inbound-info branch is dropped. The clients-page bulk attach/detach modals carried the same stale protocol set, also missing mtproto, so both now match the single-client form's inbound picker.
  • 476bec451d fix(frontend): show zero client count for mtproto and wireguard inbounds
  • f905c2dcec chore(frontend): bump version and deps Update the frontend package version from 0.4.1 to 0.4.3 and refresh key dependencies. This includes i18next/react-i18next, Storybook packages (10.5.0), and ESLint (10.7.0), with corresponding lockfile updates to keep dependency resolution in sync.
  • 30f6bc1833 feat: Add outbound egress metadata (IP + country) (#5886) * Add outbound egress metadata Show egress IP and country information for outbound HTTP tests. The probe reuses the temporary SOCKS route from the existing HTTP test and fetches Cloudflare trace metadata after the reachability check succeeds. The outbound list now adds separate Egress and Country columns, hides egress IPs until the user reveals them, and marks Cloudflare WARP results with an orange cloud pill. Mobile cards keep the same data compact by placing the country and IPv4/IPv6 values on separate lines. Validation: npm run typecheck; npm run lint; npm run build; go test ./internal/web/service/outbound * Use context-aware DNS lookup for egress trace * Address outbound egress review feedback Restore the Real Delay selector and TCP default so the egress metadata change does not remove an existing test mode. Keep HTTP probe tests hermetic by stubbing egress trace lookups, run IPv4 and IPv6 trace fetches concurrently with a shorter diagnostic timeout, scope mobile IP reveal state per row, support keyboard activation for reveal toggles, and treat WARP+ trace values as WARP-like.
  • Просмотр сравнение для этих 6 коммитов »

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • 814cda3fb4 feat(xray): update xray-core to v26.7.11 and adapt panel Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins (DockerInit.sh, release.yml x2) in lockstep. Adapt the panel to the upstream changes: - Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from the core. A migration rewrites stored none/plain SS methods to a supported cipher and none/zero VMess security to "auto" (on both the clients column and inbound settings JSON); the SS build-time heal does the same so a row injected after boot cannot brick startup. The removed values are dropped from every frontend option list, schema and adapter, and coerced to "auto" at the Go link/sub/Clash emit sites and both link importers. Fix the CipherType_NONE sentinel that no longer compiles. - Unencrypted vless/trojan outbounds to a public address are now refused by the core. Validate outbounds through the vendored config loader when saving the xray template and when storing/merging outbound subscriptions, so one such outbound cannot keep the core from starting. - New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub link allowlist, the frontend enum and the FinalMask form (hostname, usernames, required password), and document it. - streamSettings gained a "method" alias for "network"; canonicalize it to "network" at inbound save time and in the form adapters/schema so a method-keyed config keeps its transport. - New root "env" config key is passed through xray.Config, compared in Equals, and forces a restart in the hot diff. - REALITY now defaults minClientVer to 26.3.27; update the form placeholder.
  • affcf6c422 fix(link): strip query and trailing slash when parsing ss:// port (#5895) * fix(link): strip query and trailing slash when parsing ss:// port Subscription-provided Shadowsocks links use the SIP002 form ss://userinfo@host:port[/][?plugin=...]#tag. parseShadowsocks only stripped the #fragment, so a "?plugin=" / "?type=" query and the optional trailing slash leaked into the host:port split, strconv.Atoi failed, and the port was silently set to 0 (the error was discarded). Direct link import was unaffected because it runs through the frontend parser, which already handles this. Strip the query and the trailing slash before splitting host:port, mirroring the frontend outbound-link-parser and the SIP002 grammar. This complements #5432, which fixed the SS2022 generation side. Add table-driven parseShadowsocks tests covering modern, legacy, base64url userinfo, the SIP002 slash+plugin form, and SIP022 percent-encoded userinfo with a dual-key password. * fix(link): surface ss:// port parse errors instead of defaulting to 0 The modern and legacy Shadowsocks branches discarded the strconv.Atoi error when reading the port, silently yielding port 0 for any malformed host:port. Return a parse error instead, matching defaultPort's existing pattern in this file, so a bad link is skipped by ParseSubscriptionBody rather than injected as an unusable port-0 outbound.
  • cbd2940a63 fix(node): adopt a node inbound's host overrides into the master Per-inbound Host overrides (Security/SNI/Fingerprint/ALPN and friends) are looked up by the local inbound id when subscriptions render, but nothing in the node sync ever fetched the node's hosts table: an inbound adopted from a managed node got zero Host rows on the master, so its subscription configs fell back to a bare TLS block without the fingerprint/SNI the node was configured with. When a traffic snapshot carries a tag with no central row yet - the only moment adoption can happen - the sync job now also pulls the node's existing hosts/list endpoint (best-effort, so old nodes just skip it) and the adoption branch materializes that inbound's groups against the new central id inside the same transaction, reusing the group-to-rows projection the hosts API already uses. Master stays authoritative afterwards: this is a one-time import, not a continuous sync, matching how the inbound's own settings are adopted. Closes #5890
  • e6bef229ae fix(web): opt panel pages out of Cloudflare Rocket Loader Behind Cloudflare with Rocket Loader enabled, the panel's entry bundles were rewritten and executed through Rocket Loader's own loader instead of as native ES modules (a reporter's network capture shows the main bundle initiated by rocket-loader.min.js). That breaks module semantics and script ordering, leaving a blank page after login even though every asset returns 200 - most visibly with a custom URI path, where the injected base path must be set before the bundle boots. Stamp data-cfasync="false" - Cloudflare's documented per-script opt-out - on the built entry script tags via a build-time transformIndexHtml hook (Vite regenerates entry tags, so a source-HTML attribute would be stripped), and on the runtime-injected base-path/version inline script in serveDistPage. Closes #5868
  • 975b1f1acc fix(iplimit): ban a dead connection once instead of every scan When a client's connection drops without a clean TCP close, xray-core keeps its online-map entry until the session context ends (idle policy), minutes after the kernel socket is gone. The 10s IP-limit scan kept seeing that stale IP as the oldest live one and re-emitted the same [LIMIT_IP] Disconnecting OLD IP line plus a RemoveUser/AddUser cycle every scan - operators measured 100+ repeats over ~1000s for a single network switch, forcing absurd fail2ban maxretry values to avoid banning legitimate mobile users. The core refreshes an entry's lastSeen only when a new connection from that IP is dispatched, never on traffic, so a frozen lastSeen across scans is a dead connection, not a reconnect. Track the lastSeen of each banned (email, ip) pair and skip the log line and disconnect until it advances; a real reconnect moves lastSeen and is enforced exactly as before, and an age cutoff that could misclassify long-lived active tunnels is deliberately avoided. Closes #5893
  • Просмотр сравнение для этих 12 коммитов »

3 дней назад

txlyre синхронизированные и удаленные ссылки fix/issue-5865-hysteria2-host-allow-insecure на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные и удаленные ссылки claude/issue-5864-20260709-1451 на txlyre/3x-ui из зеркала

3 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • ed9686bf29 fix(clients): include Telegram ID in client list search (#5888) * fix(clients): include Telegram ID in client list search clientMatchesSearch only checked Email/SubID/Comment/UUID/Password/Auth, so searching the client list for a Telegram user ID never matched even though the field is stored on every client. This is a real regression, not a field that was simply never included: before the paged search endpoint (#4500), the frontend searched with ObjectUtil.deepSearch() over the full client object, which recursed into every field including tgId. Replacing that with a fixed backend field list silently dropped it (along with a few other fields, but tgId is the one that's actually needed here since it's the panel's own way of looking a client up when it only knows their Telegram ID). TgID is int64 (0 = unset), so it can't sit in the existing []string candidates array — matched separately via strconv, and skipped when 0 to avoid a needle of "0" spuriously matching every client without a Telegram ID. Fixes #5880 * fix(clients): drop explanatory comment, mention Telegram ID in search hint Addresses review feedback on #5888: - Removed the // comment block above the TgID check in clientMatchesSearch per repo convention (code should read on its own). - Updated searchPlaceholder in all 13 locale files to mention Telegram ID, since the search box now actually matches on it. * test(clients): remove TgID search test per maintainer request

5 дней назад

txlyre синхронизированные коммиты с claude/issue-5864-20260709-1451 на txlyre/3x-ui из зеркала

  • 133ab83a25 fix(xhttp): stop XMUX Max Concurrency from reverting on save XHttpXmuxSchema defaulted maxConnections to 6 (added for xray-core's anti-RKN behavior), so toggling XMUX on - or simply loading any previously-saved inbound/outbound - silently populated maxConnections even when the user only ever touched maxConcurrency. The save-time mutual-exclusivity rule then saw both fields non-zero and discarded maxConcurrency, and the deleted value came back as the '16-32' schema default on the next load, making the field look like it never saved. Revert the schema default to 0 and instead seed the anti-RKN maxConnections=6 default only where XMUX is freshly enabled (XMUX_FRESH_DEFAULTS), with maxConcurrency left blank so the two never start out conflicting. Also make maxConcurrency/maxConnections clear each other live in both the inbound and outbound XMUX forms, so whichever field the user actually edits is the one that gets saved. Addresses #5864 Co-authored-by: Sanaei <33454419+[email protected]>
  • c62e8c6bbe ci(claude-bot): structure PR review and issue triage prompts Rework the handle-pr-review, handle-pr-fix, and handle-issue prompts to produce professional, structured output. The review job now rates findings by severity and confidence across explicit review areas and reports a Summary, Findings, and a text-only verdict in one plain comment; the fix job reuses the same lens to prioritize what it applies versus leaves for the author; issue triage gains a structured bug-confirmation format and explicit outcomes for mislabeled and not-a-bug reports, closing conservatively. Severity uses text labels to respect the no-emoji house style, and the adapted ignore-list keeps i18n and generated files flaggable.
  • d33b6865a9 ci(claude-bot): auto-open the PR after an owner @claude fix on an issue claude-code-action only pushes a branch and posts a Create PR link by design; it never opens the PR itself. Add a post-step to the mention job that opens a PR from the action's branch_name output when the trigger was an issue (guarded against no-op branches and against an existing PR). Simplify the mention prompt so the agent just makes edits with Edit/Write and lets the workflow commit and open the PR, instead of running git/gh pr create itself (which fought the action's built-in flow and left only a link).
  • 3d513b5084 chore(deps): bump golang.org/x/text from 0.38.0 to 0.40.0 (#5872) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.38.0 to 0.40.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.38.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • f79931eacf chore(deps-dev): bump vite from 8.1.3 to 8.1.4 in /frontend (#5877) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.1.3 to 8.1.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 10 коммитов »

5 дней назад

txlyre синхронизированные новые ссылки claude/issue-5864-20260709-1451 к txlyre/3x-ui из зеркала

5 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • c62e8c6bbe ci(claude-bot): structure PR review and issue triage prompts Rework the handle-pr-review, handle-pr-fix, and handle-issue prompts to produce professional, structured output. The review job now rates findings by severity and confidence across explicit review areas and reports a Summary, Findings, and a text-only verdict in one plain comment; the fix job reuses the same lens to prioritize what it applies versus leaves for the author; issue triage gains a structured bug-confirmation format and explicit outcomes for mislabeled and not-a-bug reports, closing conservatively. Severity uses text labels to respect the no-emoji house style, and the adapted ignore-list keeps i18n and generated files flaggable.
  • d33b6865a9 ci(claude-bot): auto-open the PR after an owner @claude fix on an issue claude-code-action only pushes a branch and posts a Create PR link by design; it never opens the PR itself. Add a post-step to the mention job that opens a PR from the action's branch_name output when the trigger was an issue (guarded against no-op branches and against an existing PR). Simplify the mention prompt so the agent just makes edits with Edit/Write and lets the workflow commit and open the PR, instead of running git/gh pr create itself (which fought the action's built-in flow and left only a link).
  • 3d513b5084 chore(deps): bump golang.org/x/text from 0.38.0 to 0.40.0 (#5872) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.38.0 to 0.40.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.38.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • f79931eacf chore(deps-dev): bump vite from 8.1.3 to 8.1.4 in /frontend (#5877) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.1.3 to 8.1.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Просмотр сравнение для этих 4 коммитов »

6 дней назад

txlyre синхронизированные и удаленные ссылки claude/issue-5864-20260709-0020 на txlyre/3x-ui из зеркала

6 дней назад

txlyre синхронизированные коммиты с main на txlyre/3x-ui из зеркала

  • de5b130095 ci(claude-bot): gate write capability to trusted actors Make every automatic, untrusted trigger read-only and require an explicit trusted actor for any code change. - handle-issue (issue opened): read-only triage; confirm bugs and tag the maintainer, never edit code or open a PR. Authenticates as GITHUB_TOKEN so replies post as github-actions[bot], not a personal account. - handle-pr-fix (PR opened): applies fixes only for owner/member/collaborator authors; dropped allowed_non_write_users so the default write gate also applies. - handle-pr-review (PR opened, external authors): read-only review comment only. - mention (@claude comment): runs only for the repository owner; may open a PR from an issue or commit to a PR on explicit request. No job authenticates as the static PAT anymore; the PAT is used only to route git pushes for the trusted PR-fix and owner-mention paths.
  • f3e99058f9 fix(sub): apply host Allow Insecure to Hysteria2 subscription links (#5866) Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865. Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
  • 142dab9ee8 feat(balancer): add balancer-to-balancer fallback support (#5586) * feat(balancer): add balancer-to-balancer fallback support Xray does not natively support using a balancer as fallbackTag for another balancer. This feature automates the loopback workaround: when a user selects a balancer as fallback, the panel generates a loopback outbound + routing rule in the template. How it works: - User picks fallback balancer from dropdown - Panel creates loopback outbound _bl_{target} + routing rule - Balancer fallbackTag set to _bl_{target} - Traffic: Balancer A → loopback _bl_B → routing rule → Balancer B Key features: - Dedup: multiple balancers sharing same fallback reuse one loopback - DFS cycle detection at edit time and on save - Self-reference guard (cannot select own balancer) - Delete protection (blocks if used as fallback by others) - Cleans up routing rules referencing deleted balancers - Override resolves balancer tags through loopback mechanism - All live status tags resolved for display - Internal _bl_ objects filtered from Outbounds/Routing UI - Backward-compatible with old _bl_ naming format - Translations for all 13 locales * fix(review): override regression, save payload sync, i18n completeness - OverrideBalancer: only resolve to loopback when resolution succeeds, pass original target through for plain outbound tags - onSaveAll: serialize cleaned template before save to ensure the healed/cleaned config is what gets persisted - Add reservedPrefix translation key to all 12 non-English locales - Restore trailing newlines in all 13 translation JSON files * fix(test): update balancer form modal tests after cycle-detection guard The okButtonProps disabled guard (added in 56d5825c) prevents the modal from firing onOk when the form is invalid. The old tests clicked the button expecting validation errors to appear, but antd Modal never calls onOk on a disabled button — causing false failures. Rewrite to test the actual guard behavior: - Button starts disabled (empty form) - Stays disabled with tag only (selector still empty) - Stays disabled for duplicate tag - Disabled button does not trigger onConfirm --------- Co-authored-by: MHSanaei <[email protected]>
  • ea24ef0a69 feat(xray): default outbound in basic routing (#5815) * feat(xray): default outbound picker in basic routing Let panel users choose which outbound handles unmatched traffic by moving it to the first position in the template outbounds list. * fix(xray): keep direct/blocked outbounds when changing default * style(routing): revert incidental whitespace churn Drop double blank lines and the reformatted function signature so the default-outbound diff stays focused on behavior.
  • 2c28fa5f48 fix(inbound): scope port-conflict check to the stored node on update (#5833) * fix(inbound): scope port-conflict check to the stored node on update UpdateInbound called checkPortConflict before restoring the inbound's NodeID from the database, so the check used the NodeID from the request body. That value is unreliable for edits: clients omit it (nodeId is `json:",omitempty"`) and the code already treats the stored NodeID as authoritative — an inbound can't be moved between nodes via edit. With a nil request NodeID a node inbound was mis-checked as a local/main-panel inbound and falsely collided with an unrelated inbound that happened to reuse the same port on the central panel (or another node). Symptom: editing a node inbound's listen address was rejected with "port <p> (tcp) already used by inbound ... " and silently discarded. Load the old inbound and restore inbound.NodeID *before* checkPortConflict, so the check runs against the node the inbound actually lives on. checkPortConflict already scopes candidates by node (sameNode); it was simply being fed the wrong NodeID. Add a regression test that seeds a main-panel and a node inbound on the same port and asserts the node inbound stays editable (fails before this change with the exact "already used" rejection). * style(inbound): trim inline comments from port-conflict scoping Repo convention forbids // line comments in committed Go; keep the scoping fix self-documenting.
  • Просмотр сравнение для этих 9 коммитов »

6 дней назад

txlyre синхронизированные коммиты с fix/issue-5865-hysteria2-host-allow-insecure на txlyre/3x-ui из зеркала

  • 726fc3e7e2 test(sub): cover Hysteria2 Allow Insecure propagation to sub links applyExternalProxyHysteriaParams and buildHysteriaProxy previously had no direct test asserting insecure=1 / skip-cert-verify: true for a host/ external-proxy entry with allowInsecure set — the existing tests only locked in the untouched pin/SNI behavior. Add positive and negative cases for both the raw-link and Clash paths so the #5865 fix has a regression test of its own.
  • a97d1c92e3 fix(sub): apply host Allow Insecure to Hysteria2 subscription links Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865.
  • 2c28fa5f48 fix(inbound): scope port-conflict check to the stored node on update (#5833) * fix(inbound): scope port-conflict check to the stored node on update UpdateInbound called checkPortConflict before restoring the inbound's NodeID from the database, so the check used the NodeID from the request body. That value is unreliable for edits: clients omit it (nodeId is `json:",omitempty"`) and the code already treats the stored NodeID as authoritative — an inbound can't be moved between nodes via edit. With a nil request NodeID a node inbound was mis-checked as a local/main-panel inbound and falsely collided with an unrelated inbound that happened to reuse the same port on the central panel (or another node). Symptom: editing a node inbound's listen address was rejected with "port <p> (tcp) already used by inbound ... " and silently discarded. Load the old inbound and restore inbound.NodeID *before* checkPortConflict, so the check runs against the node the inbound actually lives on. checkPortConflict already scopes candidates by node (sameNode); it was simply being fed the wrong NodeID. Add a regression test that seeds a main-panel and a node inbound on the same port and asserts the node inbound stays editable (fails before this change with the exact "already used" rejection). * style(inbound): trim inline comments from port-conflict scoping Repo convention forbids // line comments in committed Go; keep the scoping fix self-documenting.
  • f9cd7ac906 Add column sorting to inbounds table (#5661)
  • d2efe9b022 fix(sub): include native WireGuard clients in Clash and JSON subscriptions (#5676) The Clash (buildProxy) and JSON (getConfig) subscription generators had no WireGuard branch, so a native WireGuard inbound's clients were silently dropped: buildProxy hit its default nil case, and getConfig emitted a config with no proxy outbound. Only the raw subscription (genWireguardLink) and external-link Clash path handled WireGuard. Add a WireGuard case to both generators, mirroring genWireguardLink: the peer public key is derived from the inbound secretKey, while the private key, tunnel address (mihomo ip/ipv6, Xray settings.address), pre-shared key and keep-alive come from the client. The peer routes the full tunnel (0.0.0.0/0, ::/0), which both mihomo and Xray also default to. Field names verified against the mihomo WireGuardOption source (private-key, public-key, pre-shared-key, persistent-keepalive, ip, ipv6, mtu, dns) and the Xray wireguard outbound schema (secretKey, address, peers[].publicKey/endpoint/ preSharedKey/keepAlive/allowedIPs, mtu).
  • Просмотр сравнение для этих 10 коммитов »

6 дней назад

txlyre синхронизированные новые ссылки fix/issue-5865-hysteria2-host-allow-insecure к txlyre/3x-ui из зеркала

6 дней назад

txlyre синхронизированные коммиты с claude/issue-5864-20260709-0020 на txlyre/3x-ui из зеркала

  • 7c2e84e36f fix: prevent xhttp xmux maxConcurrency from being dropped on save Both maxConcurrency ('16-32') and maxConnections (6) default to a non-zero value the instant XMUX is toggled on, so they already collide before either field is touched. The save-time mutual- exclusivity check always favored maxConnections and silently dropped maxConcurrency, even when the admin only ever edited that one field - so an explicit "1-2" always reverted back to "16-32" after saving and reopening the inbound/outbound. Live-clear the untouched sibling field in the form the moment either becomes a real value, so the two schema defaults never collide unless the admin actually chose to set both explicitly. Also stop a live-cleared empty maxConcurrency from leaking onto the wire as a literal empty string. Fixes #5864 Co-authored-by: Sanaei <33454419+[email protected]>
  • de5b130095 ci(claude-bot): gate write capability to trusted actors Make every automatic, untrusted trigger read-only and require an explicit trusted actor for any code change. - handle-issue (issue opened): read-only triage; confirm bugs and tag the maintainer, never edit code or open a PR. Authenticates as GITHUB_TOKEN so replies post as github-actions[bot], not a personal account. - handle-pr-fix (PR opened): applies fixes only for owner/member/collaborator authors; dropped allowed_non_write_users so the default write gate also applies. - handle-pr-review (PR opened, external authors): read-only review comment only. - mention (@claude comment): runs only for the repository owner; may open a PR from an issue or commit to a PR on explicit request. No job authenticates as the static PAT anymore; the PAT is used only to route git pushes for the trusted PR-fix and owner-mention paths.
  • f3e99058f9 fix(sub): apply host Allow Insecure to Hysteria2 subscription links (#5866) Host.AllowInsecure was only wired into the shared VLESS/VMess/Trojan/Shadowsocks endpoint path (applyEndpointAllowInsecure). Hysteria/Hysteria2 builds its links through its own applyExternalProxyHysteriaParams (raw hysteria2:// link) and buildHysteriaProxy (Clash/Mihomo proxy), neither of which read the host's allowInsecure flag, so a self-signed Hysteria2 host never got insecure=1 or skip-cert-verify: true. Fixes #5865. Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
  • 142dab9ee8 feat(balancer): add balancer-to-balancer fallback support (#5586) * feat(balancer): add balancer-to-balancer fallback support Xray does not natively support using a balancer as fallbackTag for another balancer. This feature automates the loopback workaround: when a user selects a balancer as fallback, the panel generates a loopback outbound + routing rule in the template. How it works: - User picks fallback balancer from dropdown - Panel creates loopback outbound _bl_{target} + routing rule - Balancer fallbackTag set to _bl_{target} - Traffic: Balancer A → loopback _bl_B → routing rule → Balancer B Key features: - Dedup: multiple balancers sharing same fallback reuse one loopback - DFS cycle detection at edit time and on save - Self-reference guard (cannot select own balancer) - Delete protection (blocks if used as fallback by others) - Cleans up routing rules referencing deleted balancers - Override resolves balancer tags through loopback mechanism - All live status tags resolved for display - Internal _bl_ objects filtered from Outbounds/Routing UI - Backward-compatible with old _bl_ naming format - Translations for all 13 locales * fix(review): override regression, save payload sync, i18n completeness - OverrideBalancer: only resolve to loopback when resolution succeeds, pass original target through for plain outbound tags - onSaveAll: serialize cleaned template before save to ensure the healed/cleaned config is what gets persisted - Add reservedPrefix translation key to all 12 non-English locales - Restore trailing newlines in all 13 translation JSON files * fix(test): update balancer form modal tests after cycle-detection guard The okButtonProps disabled guard (added in 56d5825c) prevents the modal from firing onOk when the form is invalid. The old tests clicked the button expecting validation errors to appear, but antd Modal never calls onOk on a disabled button — causing false failures. Rewrite to test the actual guard behavior: - Button starts disabled (empty form) - Stays disabled with tag only (selector still empty) - Stays disabled for duplicate tag - Disabled button does not trigger onConfirm --------- Co-authored-by: MHSanaei <[email protected]>
  • ea24ef0a69 feat(xray): default outbound in basic routing (#5815) * feat(xray): default outbound picker in basic routing Let panel users choose which outbound handles unmatched traffic by moving it to the first position in the template outbounds list. * fix(xray): keep direct/blocked outbounds when changing default * style(routing): revert incidental whitespace churn Drop double blank lines and the reformatted function signature so the default-outbound diff stays focused on behavior.
  • Просмотр сравнение для этих 10 коммитов »

6 дней назад