Почетна Преглед Помоћ
Пријавите се
txlyre
Спремишта Активности

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • fe62c39a53 fix: inbound edit validation failure and legacy copy to clipboard (#5132) * fix: auto-enable clients when resetting traffic When a client's traffic is exhausted, the panel automatically disables the client and pushes enable: false to the nodes. However, when an admin clicked 'Reset Traffic' or used bulk reset, the counters were zeroed but the client was left disabled. This forced administrators to manually re-enable the client across the central panel and remote nodes. This patch updates ResetTrafficByEmail and BulkResetTraffic to automatically set Enable: true for any previously disabled client and push the updated settings to nodes, ensuring the client is instantly restored upon traffic reset. * fix: inbound edit validation failure and legacy copy to clipboard
  • 2969f6e91d fix(client): preserve UUID/password/auth on partial client update (#5111)
  • 0bed552292 fix(outbound): include tested outbound in HTTP probe config (#5120) HTTP-pinging a subscription outbound always reported "Probe timed out". The frontend sends only the template outbounds as allOutbounds, but subscription outbounds are injected at runtime and aren't in that list, so burstObservatory had no outbound matching the tag to probe. Append the tested outbound when its tag is missing instead of only when allOutbounds is empty, so the probe always has a target while preserving the template outbounds that back dialerProxy chains.
  • 6c1594693d feat(mtproto): add domain-fronting and essential mtg options Expose mtg's [domain-fronting] section (ip/port/proxy-protocol) plus proxy-protocol-listener, prefer-ip, and debug on MTProto inbounds. Each key is written to the generated mtg-<id>.toml only when set, so mtg's own defaults apply otherwise. The instance fingerprint now covers these fields, so editing an option restarts the sidecar. Since MTProto is mtg-served (not Xray), sniffing does not apply: hide the Sniffing tab and the Advanced sniffing sub-editor, drop it from the Advanced "All" JSON view, and emit empty sniffing in the wire payload, all gated by a new canEnableSniffing predicate.
  • Поређење ових 4 комита »

пре 3 часа

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • f8e89cc848 fix(mtproto): reap orphaned mtg, fix SysLog viewer, mtg log visibility, export remark (#5105) (#5107) * fix(logs): render journalctl output in the SysLog viewer The log viewer's parseLogLine only understood the app-log format (2006/01/02 15:04:05 LEVEL - body). With SysLog ticked the backend returns journalctl lines (Mon DD HH:MM:SS host ident[pid]: LEVEL - body), so the parser mistook the journal time for the level and dropped the body, leaving only timestamps. Detect and strip the journald prefix, keep the journal timestamp as the stamp, then parse the real level and body from the remainder. * feat(mtproto): surface mtg output and add status reporting mtg's stdout/stderr was captured by a writer that kept only the last line and showed it nowhere, so the reason a proxy could not reach Telegram was invisible. Stream mtg output line-by-line into the x-ui log, tagged per inbound, so it appears in the panel log viewer and journald. Also fix mangled log lines: logger.Info uses fmt.Sprint, which drops the space between adjacent string operands, producing output like 'inbound3on0.0.0.0:8443'. Switch the affected mtproto calls to the formatted (*f) variants. Add show_mtproto_status to x-ui.sh so 'x-ui status' reports each mtproto inbound's mtg process state and bind address. * fix(logs): parse all journalctl message shapes in SysLog viewer Real journalctl output mixes four message shapes after the 'Mon DD HH:MM:SS host ident[pid]:' prefix: go-logging 'LEVEL - msg' (x-ui/xray), Go std-log with an embedded date (net/http, runtime), telego's '[timestamp] LEVEL msg', and systemd lines. The viewer only understood the first, so std-log and telego lines — which never contain ' - ' — collapsed to a bare timestamp (e.g. the 8s telego 409 spam). Extract the parser into a pure, testable module and teach it the other shapes: strip the redundant Go std-log date, lift the level out of telego brackets, and always keep the message body. Add a unit test covering each shape with real captured lines. * fix(mtproto): reap orphaned mtg sidecars so a stale one can't break new clients On Linux x-ui does not kill its mtg children when it dies (no kill-on-exit, unlike the Windows job object). After a crash, OOM, kill -9, or update, a stale mtg keeps holding the inbound port with an OLD secret, so new clients fail the FakeTLS handshake and get silently domain-fronted to the fakeTLS domain instead of proxied to Telegram (a few MB of traffic, never connects). Sweep orphans at startup: on the first reconcile, before x-ui starts any of its own mtg, scan /proc and SIGKILL any process whose executable is our mtg-<goos>-<goarch> binary. x-ui is the sole owner of mtg, so anything alive then is an orphan. Runs once per process (swept guard), survives the binary-deleted-during-update case via /proc/<pid>/cmdline, and is a no-op on Windows (job object) and other platforms. Also clear stray mtg in update.sh/install.sh after stopping x-ui, anchored to the 'mtg-linux-<arch> run ' invocation so the pattern can't match unrelated command lines (e.g. x-ui.sh's own 'grep mtg-linux'). * fix(logs): drop dead body initializer flagged by eslint no-useless-assignment * fix(mtproto): drop remark fragment from tg://proxy export link The mtproto export link appended the inbound remark as a URL fragment (tg://proxy?server=...&port=...&secret=...#remark). Telegram Desktop rejects a proxy deep link with a trailing fragment as 'This proxy link is invalid', breaking one-click import, and a remark is meaningless for proxy links across clients. Stop adding it in both the panel link (genMtprotoLink) and the subscription service. Fixes #5105. * fix(x-ui.sh): remove unused check_mtproto_status helper show_mtproto_status does its own process check, so check_mtproto_status was dead code. Drop it (per Copilot review on #5107).

пре 11 часа

txlyre синхронизује се v3.3.0 у txlyre/3x-ui из огледала

пре 19 часа

txlyre синхронизована нова референца v3.3.0 y txlyre/3x-ui из огледала

пре 19 часа

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • 9711a9ce22 v3.3.0
  • 9acde8da9d Bump frontend version and deps Update frontend package.json and refresh dependencies for a new release (frontend version -> 0.3.0). Regenerated lockfile and upgraded multiple JS packages (notably @swagger-api/apidom family, @rc-component packages, codemirror, etc.) and added libc metadata where applicable. Also update Go module dependencies (go.mod and go.sum) as part of routine dependency maintenance.
  • d9ccf157c3 feat: add manual and automatic WARP IP rotation (#5099) * feat: add manual and automatic WARP IP rotation * fix: update generated api and frontend schemas * fix(warp): validate rotation interval, fix auto-update timing, sync editor - Validate the auto-update interval as an integer and store it via setInt; a non-integer value previously broke GetAllSetting for the whole panel. - Seed warpLastUpdate when the interval is saved and when changing IP manually, so auto-update counts from "now" instead of epoch 0 and a manual rotation doesn't trigger an immediate scheduled one. - Guard WarpIpJob: when lastUpdate is unset, establish a baseline and skip instead of rotating on the next tick. - Log WARP license re-apply failures instead of swallowing them. - After a manual "Change IP", sync the in-memory Xray editor with the keys the backend persisted so a later template save can't revert them; only toast success when the interval save actually succeeds. - Add the WARP rotation UI strings to all 13 locales. - Drop trailing whitespace introduced in entity.go and xray_setting.go. --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • be8bd4e22c fix: propagate inbound traffic reset to nodes (#5103) Co-authored-by: Rqzbeh <[email protected]>
  • 5a7de02598 fix(ui): remove pointer cursor from non-interactive elements in cards (#5102)
  • Поређење ових 18 комита »

пре 19 часа

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • 21e01cc1e6 fix(postgres): make node traffic sync robust after public API inbound updates (#5038) * fix(postgres): make node traffic sync robust after public API inbound updates The background NodeTrafficSyncJob (every 5s) started failing after a successful POST /panel/api/inbounds/update/{id} (including flows that inject streamSettings.externalProxy) with: node traffic sync: merge for <node> failed: ERROR: CASE types boolean and integer cannot be matched (SQLSTATE 42804) Root cause: - The merge lives in setRemoteTrafficLocked (called from SetRemoteTraffic). - The client_traffics delta path used a dialect-sensitive expression: enable = enable AND ? last_online = GREATEST(last_online, ?) - On PostgreSQL, GREATEST / AND / COALESCE are implemented with internal CASE expressions. When "enable" columns (client_traffics, inbounds, ...) were INTEGER (common after SQLite → PG data migrations, older AutoMigrate, or mixed write paths) and the right-hand side was a boolean parameter (from snapshot ClientStats or form-bound API payload), PG rejected the expression at plan time. - The public API update path (unlike the internal remote wire path) always runs updateClientTraffics + UpdateClientStat + SyncInbound. This touches client_traffics.enable rows for any inbound that has clients. - SQLite tolerated 0/1 numeric bools; PG is strict. Fix: - Use an explicit CASE with ::boolean casts in the critical enable expression so the result type is always boolean. - Make GreatestExpr emit safe casts on Postgres. - Add a one-time normalization step in MigrationRequirements (runs on startup + xray restarts) that forces the relevant enable/enabled columns to boolean on Postgres using an idempotent DO block + USING cast. This cleans up pre-existing skew without a full re-migration. This branch is based on upstream/main (original mhsanaei/3x-ui main). The node traffic sync now survives arbitrary public-API inbound updates on PostgreSQL. * fix: make client traffic enable merge expression safe on SQLite too The previous commit introduced an explicit CASE for the "only node can disable" logic in the node traffic sync merge to fix the PG "CASE types boolean and integer cannot be matched" error after public API inbound updates. That expression used PostgreSQL-only `::boolean` casts: CASE WHEN ?::boolean THEN enable::boolean ELSE false END This is invalid syntax on SQLite (and would break the merge when the client_traffics delta UPDATE runs — which is commonly triggered right after an API /inbounds/update because that path calls updateClientTraffics + SyncInbound and touches client_traffics rows). Extracted the expression to a new dialect-aware helper `ClientTrafficEnableMergeExpr()` (following the same pattern as GreatestExpr, JSONClientsFromInbound, etc.). - On Postgres: keeps the strict boolean-typed CASE with casts. - On SQLite: uses a numeric-compatible form `CASE WHEN ? THEN enable ELSE 0 END` that produces the expected 0/1 result matching the column affinity. The logical behavior ("node may only force-disable, never re-enable") is preserved on both databases. This is a follow-up commit on the same branch so that one PR contains both the original Postgres fix and the SQLite compatibility fix. Builds directly on top of 91643f68. * fix --------- Co-authored-by: Rqzbeh <[email protected]> Co-authored-by: Sanaei <[email protected]>
  • 46684dd164 fix(sub): emit VLESS encryption in Clash configs (#5053) Co-authored-by: jq <[email protected]>
  • 1ca5924a44 feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar (#5076) * feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar Xray-core has no mtproto proxy, so mtproto inbounds run as standalone mtg (9seconds/mtg) sidecar processes managed by the panel — one per inbound — and are excluded from the generated Xray config entirely. - model: MTProto protocol constant, validator, and FakeTLS secret helpers (GenerateFakeTLSSecret/HealMtprotoSecret) - mtproto package: per-inbound mtg process manager with reconcile, graceful stop, and best-effort Prometheus traffic scraping - runtime: delegate mtproto inbounds to the mtg manager instead of the Xray gRPC API; skip mtproto when building the Xray config - web: boot reconcile + StopAll wiring, periodic reconcile/traffic job, port-conflict transport, secret healing on inbound add/update - sub: tg:// proxy share-link generation - frontend: protocol option, Zod schema, Protocol tab (FakeTLS domain + regenerable secret), info-modal link, and i18n - provisioning: fetch mtg v2.2.8 in install.sh, DockerInit.sh, and the Linux + Windows release workflows * fix * fix * fix: address Copilot review comments on mtproto PR - web/web.go: create NewMtprotoJob once and reuse for cron + initial run - mtproto/manager.go: StopAll cleans up per-inbound config files on shutdown - mtproto/manager.go: CollectTraffic releases mutex before HTTP scrapes to avoid blocking Ensure/Reconcile/Remove during network I/O - database/model/model.go: panic on crypto/rand failure in mtprotoRandomMiddle instead of silently producing a weak all-zero secret - install.sh: fix chmod to handle renamed bin/mtg-linux-arm on armv5/v6/v7
  • af3c808444 fix: default hysteria tls to no utls fingerprint
  • 98ba88037c fix(subClashService): improve merging of clash rules in YAML (#5054)
  • Поређење ових 9 комита »

пре 1 дан

txlyre синхронизоване и избрисане референце mtproto y txlyre/3x-ui из огледала

пре 1 дан

txlyre синхронизује се mtproto у txlyre/3x-ui из огледала

  • df6d13d0ee feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar Xray-core has no mtproto proxy, so mtproto inbounds run as standalone mtg (9seconds/mtg) sidecar processes managed by the panel — one per inbound — and are excluded from the generated Xray config entirely. - model: MTProto protocol constant, validator, and FakeTLS secret helpers (GenerateFakeTLSSecret/HealMtprotoSecret) - mtproto package: per-inbound mtg process manager with reconcile, graceful stop, and best-effort Prometheus traffic scraping - runtime: delegate mtproto inbounds to the mtg manager instead of the Xray gRPC API; skip mtproto when building the Xray config - web: boot reconcile + StopAll wiring, periodic reconcile/traffic job, port-conflict transport, secret healing on inbound add/update - sub: tg:// proxy share-link generation - frontend: protocol option, Zod schema, Protocol tab (FakeTLS domain + regenerable secret), info-modal link, and i18n - provisioning: fetch mtg v2.2.8 in install.sh, DockerInit.sh, and the Linux + Windows release workflows
  • 0706b0b3a8 feat(x-ui.sh): add migrateDB command for SQLite .db <-> .dump (#4910) * feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release. * fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • db118cbcc9 v3.2.8
  • e7ffae5329 fix(outbound): import ech and pcs from TLS share links The vless/trojan link parser's TLS branch read only sni/fp/alpn, so the ech (echConfigList) and pcs (pinnedPeerCertSha256) query params were dropped on import even though buildStream allocates both fields. Read them in applySecurityParams to match the inbound link generator and the hysteria2 parser.
  • f470bc7cf8 docs(contributing): refresh frontend guide and add Postgres launch profile The frontend section still described the old multi-page app. Rewrite it for the current React Router SPA (single index.html bundle), TanStack Query server state, the Zod source-of-truth model plus generated types, and link logic under src/lib/xray. Update the "adding a page" flow to the route-based approach and drop the stale MIGRATED_ROUTES / "no React Router" notes. Correct the Vite pin (was 8.0.13 "never bump", now exact 8.0.16) and add "npm run test" to the PR checklist. Document the new "Run 3x-ui (Postgres)" launch profile and fix the gitignore claim: .vscode/launch.json is checked in, not gitignored.
  • Поређење ових 10 комита »

пре 2 дана

txlyre синхронизована нова референца mtproto y txlyre/3x-ui из огледала

пре 2 дана

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • c6f15cd53f refactor(api)!: move /panel/setting and /panel/xray under /panel/api Settings and Xray config endpoints now live at /panel/api/setting/* and /panel/api/xray/*, registered under the existing /panel/api group so they inherit the same Bearer-or-session auth (checkAPIAuth) as the rest of the API. An API token is a full-admin credential, so this just makes the surface consistent. The SPA page routes /panel/settings and /panel/xray are unchanged. BREAKING CHANGE: the old /panel/setting/* and /panel/xray/* paths are removed. External callers must switch to the /panel/api/ prefix. Frontend call sites, API docs, the dev proxy, and the route-documentation test are updated to match.
  • a014c01725 feat(api-docs): generate OpenAPI components/schemas from Go structs A new emit_jsonschema.go walks the same allow-listed structs as the zod/types/examples emitters and writes generated/schemas.ts (SCHEMAS). build-openapi mounts it under components.schemas and points each typed response obj at a $ref instead of an untyped {} blob, so Swagger renders real models and openapi-generator can emit clients. Also add a vitest guard that safeParses every EXAMPLES entry against its generated zod schema, reviving the previously unused generated/zod.ts and catching drift between the example and schema emitters.
  • e56f6c63f6 fix(api-docs): target the panel base path in OpenAPI servers ServeOpenAPISpec shipped servers:[{url:"/"}], so Swagger UI "Try it out" and external generators hit the origin root and ignored a non-root webBasePath. Inject the runtime base path into the single servers entry at serve time, touching only that field via json.RawMessage so the rest of the spec is preserved verbatim.
  • 83799d71b0 feat(api-docs): generate response examples from Go structs; fix SS2022 PSK regen (#4996) Stop hand-writing OpenAPI response examples, which kept drifting from the real payloads (clients/traffic missing fields, inbounds/list exposing userId which is json:"-", the fictional inbound-443 tag instead of the real in-<port>-<transport> form). tools/openapigen now emits frontend/src/generated/examples.ts: a per-struct example instance built from type defaults, validate oneof/min bounds, and example: struct tags, with nested-ref expansion and a cycle guard. build-openapi.mjs composes the {success,obj} envelope from it for any endpoint annotated with responseSchema (+ responseSchemaArray for lists); the hand-written response is dropped for those. Service DTOs InboundOption/ApiTokenView/ProbeResultUI are added to the walker. #4996: client password regeneration now produces a valid Shadowsocks 2022 PSK (correct base64 length per cipher) when an SS2022 inbound is attached, in both the single and bulk client forms; backend surfaces ssMethod on /inbounds/options so the UI can pick the right length. Also: Swagger UI persists the Authorization token across reloads (persistAuthorization).
  • Поређење ових 4 комита »

пре 2 дана

txlyre синхронизује се v1.8.10 у txlyre/dtlspipe из огледала

пре 3 дана

txlyre синхронизована нова референца v1.8.10 y txlyre/dtlspipe из огледала

пре 3 дана

txlyre синхронизује се master у txlyre/dtlspipe из огледала

пре 3 дана

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • 483952cfa0 fix(finalmask): validate fragment mask length so empty/zero-min can't crash xray A fragment TCP finalmask with an empty length (the form's default for a newly added mask) serializes to a 0-0 range, and xray-core rejects LengthMin == 0 with a fatal config error that aborts the whole process, taking every inbound offline. Default a new fragment mask to length 100-200 and add a form validator rejecting an empty value or a zero minimum range before save. Verified against xray 26.6.1 (#4998).
  • 668c0922ca fix(sub): restore standard base64 for Shadowrocket sub link (#5001) URL-safe base64 (-/_ with stripped padding) broke Shadowrocket import: it decodes the add/sub path segment as standard base64 and rejects -/_, so the subscription was silently not added. Revert to plain btoa() output as originally shipped in #3489.
  • 1b2a17f7e3 i18n: translate #4988 sockopt/REALITY-target/Freedom strings for all locales Commit 6ed6f57b (#4988) added tcpWindowClampHint, the four realityTarget* keys, and the three FreedomHappyEyeballs* keys to en-US only. Fill in the other 12 locales so the new sockopt hint, REALITY target validation messages, and Freedom Happy Eyeballs options are localized. Technical tokens (REALITY, Xray-core, IPv4/IPv6, Happy Eyeballs, port examples, ms) are kept literal.
  • e6c1ce9aa9 feat(nodes): multi-hop node attribution for chained sub-nodes (#4983) (#5005) * feat(nodes): add stable panel GUID identity (multi-hop phase 0) Per-panel autoincrement node ids are meaningless one hop away, so in a chained topology (Node1 -> Node2 -> Node3) the master cannot attribute online clients or inbounds to the physical node that hosts them (#4983). Introduce a stable self-identifier: each panel generates and persists a panelGuid (settings table, mirroring GetSecret), returns it in panel/api/server/status, and the master learns it per node via the heartbeat into a new Node.Guid column. Guarded so an old-build node or a failed probe never clears a known GUID. No behavior change yet - this is the identity foundation Phases 1-2 key on. Refs #4983 * feat(nodes): attribute inbounds to their origin node by GUID (multi-hop phase 1) Add Inbound.OriginNodeGuid: the GUID of the panel that physically hosts an inbound. Empty means this panel's own xray; set means it was synced from a node. SetRemoteTraffic now fills it per synced inbound - keeping a non-empty value the node forwarded from its own sub-node (so a transitive inbound stays attributed to the deepest node across hops), and otherwise attributing the node's own local inbounds to that node's GUID. Empty (old-build node without a GUID) leaves the existing node_id-based attribution untouched. The field rides the existing inbound JSON, so /list propagates it up the chain with no serve-side change. Phase 2 will key per-node online off this instead of the panel-local node_id. Refs #4983 * feat(nodes): key online status by node GUID end-to-end (multi-hop phase 2) Replace the panel-local node-id keying of per-node online status with the stable panelGuid, so a client several hops down a node chain is attributed to the node that physically hosts it instead of the intermediate node it syncs through (#4983). xray/process.go stores each direct node's reported GUID-keyed subtree and merges them (correct at any depth); the service assembles GetOnlineClientsByGuid (own clients under this panel's GUID + every node under its GUID). FetchTrafficSnapshot fetches the new /clients/onlinesByGuid, falling back to the flat /onlines for old-build nodes (keyed under the node's GUID or a master-local synthetic id). The node rollup, the WS onlineByGuid/activeInbounds fields, and the inbounds-page rollup all scope by GUID; local inbounds get their OriginNodeGuid filled with the panel's GUID at serve time so the frontend keys uniformly. Old-build nodes degrade to the prior flat behaviour via the synthetic node:<id> key. Refs #4983 Refs #4983 * feat(nodes): surface transitive sub-nodes on the master (multi-hop phase 3a) Each panel publishes read-only summaries of the nodes it manages via GET /panel/api/server/descendants (node API token). The heartbeat job caches each direct node's summaries; GetNodeTree merges them as transitive model.Node projections (Id 0, Transitive=true, ParentGuid = their parent node's GUID) and recomputes InboundCount/OnlineCount/DepletedCount per origin GUID so a direct node shows only its own inbounds and each sub-node shows its own (#4983). The Nodes-page list endpoint and the heartbeat broadcast now return the tree; GetAll stays direct-only for probing/syncing. One transitive level is surfaced (covers Node1->Node2->Node3); deeper recursion is a follow-up. Backend only - the Nodes-page nested UI lands next. Refs #4983 * feat(nodes): render transitive sub-nodes nested + read-only on the Nodes page (multi-hop phase 3b) The Nodes page now shows a node's downstream sub-nodes (learned via the descendants tree) as indented, read-only rows ordered right under their parent: no enable toggle, probe, edit, delete, update, selection, or history expander - just a 'Sub-node' tag whose tooltip names the parent it is reached through. Desktop table and mobile cards both handle it. Transitive rows are keyed by GUID (their Id is 0) so they don't collide with real nodes (#4983). Rows nest by parentGuid rather than AntD tree-children to avoid clashing with the existing per-row history expander. New labels added to en-US (other locales fall back until translated). Refs #4983 Refs #4983 * i18n(nodes): translate subNode/subNodeTip across all locales Phase 3b added these two Nodes-page keys (read-only sub-node tag + tooltip) only to en-US; fill in the other 12 locales so the multi-hop sub-node UI is fully localized. The {parent} placeholder is preserved in every translation. Refs #4983
  • Поређење ових 4 комита »

пре 3 дана

txlyre извршује push на master у txlyre/ugushian

пре 3 дана

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • 6ed6f57b5c fix(panel): normalize XHTTP/sockopt/Reality wire output and validate REALITY target (#4988) * fix(panel): normalize XHTTP/sockopt/Reality wire output and validate REALITY target Strip mode-specific XHTTP fields for stream-one, reset harmful sockopt defaults to 0, split server/client Reality fields on save, validate target host:port in the inbound form, and expose Happy Eyeballs for the direct freedom outbound. Co-authored-by: Cursor <[email protected]> * fix(panel): keep REALITY public key on the wire, guard freedom noises The REALITY server/client wire split deleted realitySettings.settings on save, but the panel stores the REALITY public key there and every share-link / subscription generator reads it back from that path (frontend inbound-link.ts, Go subService/subJsonService/subClashService). Stripping it produced empty pbk= links, breaking client connectivity after save+reload. Revert the reality normalization (drop normalizeRealityForWire and the key sets), restore the inbound REALITY form fields (uTLS, spiderX, publicKey, mldsa65Verify) while keeping the new validated target field, and restore the mldsa65Verify clear handler. Also guard freedomToWire against undefined noises/finalRules (same defensive treatment as the existing fragment guard, issue #4686) which the new freedom-outbound test surfaced as a crash. Tests now assert the public key is preserved. --------- Co-authored-by: Cursor <[email protected]> Co-authored-by: MHSanaei <[email protected]>
  • e409bc305d fix(iplimit): skip stale access-log emails after client rename/delete The IP-limit job scrapes the Xray access log, which keeps lines tagged with a client's old email for up to a log-rotation cycle after a rename or delete. For each such email getInboundByEmail (settings LIKE %email%) found nothing, so the job logged 'failed to fetch inbound settings: record not found' every run and recreated an inbound_client_ips row for the dead email (rows reappeared even after manual deletion). processLogFile now resolves the inbound once per email: if it maps to no inbound (gorm.ErrRecordNotFound) it logs at Debug, drops any orphan tracking row, and skips - so stale entries self-heal instead of spamming ERROR. The resolved inbound is passed into updateInboundClientIps, removing its internal lookup. updateClientTraffics also calls DelClientIPs alongside DelClientStat so a full inbound edit that drops an email doesn't leave a ghost row. Closes #4963
  • 2b4e199a97 fix(sub): don't project public inbounds through a fallback master A standalone inbound bound to a public/wildcard listen that still carried a stale inbound_fallbacks row had its share/subscription link rewritten with the master's port + Reality/TLS settings (keeping only its own transport), producing an unusable link that silently fails - the client connects but no traffic flows. The leak hit every backend link surface: subscription URL, JSON sub, Clash sub, and the panel Client Information link. Gate projectThroughFallbackMaster on reachability: only project a child that is not directly reachable on its own listen (loopback or a unix-domain socket). A public or wildcard inbound advertises its own port + security regardless of any fallback row. Legit loopback/socket fallback children still project as before. Closes #4987
  • 75bc6e8076 fix(inbound-form): wrap long labels and shorten RU pinned-cert label Long TLS-tab labels overflowed their field in locales with wider strings (e.g. Russian 'Pinned Peer Cert SHA-256'). Add AntD labelWrap to the inbound and outbound form modals so any over-long label wraps onto a second line instead of overflowing, and shorten the Russian pinnedPeerCertSha256 label to fit. Closes #4986
  • eeb19b7240 fix(node-sync): merge client enable with boolean AND for PostgreSQL The per-client traffic merge built enable = CASE WHEN ? = 0 THEN 0 ELSE enable END, mixing an integer literal with the boolean enable column. PostgreSQL rejects this with SQLSTATE 42804, aborting every node traffic merge transaction every 5s and freezing all up/down/last_online accounting on Postgres main panels. Replace with enable AND ?, which is type-safe on Postgres (boolean AND boolean) and identical in semantics on SQLite: the node may only disable a client, never re-enable one the panel already disabled. Closes #4964
  • Поређење ових 6 комита »

пре 3 дана

txlyre синхронизује се v3.2.8 у txlyre/3x-ui из огледала

пре 4 дана

txlyre синхронизована нова референца v3.2.8 y txlyre/3x-ui из огледала

пре 4 дана

txlyre синхронизује се main у txlyre/3x-ui из огледала

  • 0706b0b3a8 feat(x-ui.sh): add migrateDB command for SQLite .db <-> .dump (#4910) * feat(x-ui.sh): add migrateDB command and menu for SQLite .db <-> .dump Adds an "x-ui migrateDB <file>" subcommand and a PostgreSQL-menu option (9) that convert between a SQLite .db and a portable .dump file. Direction is auto-detected from the extension and delegated to the bundled binary (x-ui migrate-db --dump/--restore), so no external sqlite3 client is needed. Depends on the matching binary support, so it is only usable from the next panel release. * fix(x-ui.sh): address review feedback on migrateDB Per Copilot review on PR #4910: - Probe the bundled binary for migrate-db --dump support and fail with a clear upgrade message instead of a raw "flag not defined" error on old builds. - Prompt before overwriting an existing .dump in dump mode (parity with restore). - Refuse to restore into the live database path while x-ui is running, to avoid corrupting the running panel. - Fix the usage/synopsis strings to show input is optional ([file] not <file>).
  • db118cbcc9 v3.2.8
  • e7ffae5329 fix(outbound): import ech and pcs from TLS share links The vless/trojan link parser's TLS branch read only sni/fp/alpn, so the ech (echConfigList) and pcs (pinnedPeerCertSha256) query params were dropped on import even though buildStream allocates both fields. Read them in applySecurityParams to match the inbound link generator and the hysteria2 parser.
  • f470bc7cf8 docs(contributing): refresh frontend guide and add Postgres launch profile The frontend section still described the old multi-page app. Rewrite it for the current React Router SPA (single index.html bundle), TanStack Query server state, the Zod source-of-truth model plus generated types, and link logic under src/lib/xray. Update the "adding a page" flow to the route-based approach and drop the stale MIGRATED_ROUTES / "no React Router" notes. Correct the Vite pin (was 8.0.13 "never bump", now exact 8.0.16) and add "npm run test" to the PR checklist. Document the new "Run 3x-ui (Postgres)" launch profile and fix the gitignore claim: .vscode/launch.json is checked in, not gitignored.
  • a8d5d0dfab fix(external-proxy): relabel "Host" as "Address", add per-entry ECH (#4935) The external proxy "Host" field was bound to dest (the connection address that becomes the link host) but labeled "Host", misleading users into thinking it set a transport host header. Relabel it to "Address" to match what it actually controls. Add per-entry ECH (echConfigList) to the external proxy schema, form (shown under Force TLS = TLS), the TS link generator, and the Go sub services: ech is emitted on share links and vmess objects, and written into the stream so the JSON subscription picks it up via the existing tlsData reader.
  • Поређење ових 5 комита »

пре 4 дана

txlyre синхронизоване и избрисане референце feat/x-ui-sh-migratedb y txlyre/3x-ui из огледала

пре 4 дана