Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-31 18:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/frontend/public/openapi.json

5473 lines
157 KiB
JSON
Raw Normal View History

feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
{
"openapi": "3.0.3",
"info": {
"title": "3X-UI Panel API",
"version": "3.x",
"description": "Programmatic interface to a 3X-UI panel. Authenticate either by logging in (cookie) or with an API token from Settings → Security → API Token (Bearer). All endpoints under /panel/api/* honour both modes."
},
"servers": [
{
"url": "/",
"description": "Current panel (basePath aware)"
}
],
"components": {
"securitySchemes": {
"bearerAuth": {
"type": "http",
"scheme": "bearer",
"description": "API token from Settings → Security → API Token. Send as `Authorization: Bearer <token>`."
},
"cookieAuth": {
"type": "apiKey",
"in": "cookie",
"name": "3x-ui",
"description": "Session cookie set by POST /login. Browser-only."
}
}
},
"security": [
{
"bearerAuth": []
},
{
"cookieAuth": []
}
],
"tags": [
{
"name": "Authentication",
"description": "Two authentication modes are supported. UI sessions use a cookie set by the login endpoint. Programmatic clients (bots, scripts, remote panels) authenticate with a Bearer token taken from Settings → Security → API Token. Both work for every endpoint under /panel/api/*."
},
{
"name": "Inbounds",
"description": "Manage inbound configurations and their clients. All endpoints live under /panel/api/inbounds and require a logged-in session or Bearer token. Link-generating endpoints honour forwarded headers only when the request comes from a configured trusted proxy."
},
{
"name": "Server",
"description": "System status, log retrieval, certificate generators, Xray binary management, and backup/restore. All under /panel/api/server."
},
{
"name": "Clients",
"description": "Manage clients as first-class entities that can be attached to one or more inbounds. A single client row drives the settings.clients entry in every inbound it belongs to. Endpoints live under /panel/api/clients."
},
{
"name": "Nodes",
"description": "Manage remote 3x-ui panels acting as nodes for a central panel. All endpoints under /panel/api/nodes."
},
{
"name": "Custom Geo",
"description": "Manage user-supplied GeoIP / GeoSite source files. All endpoints under /panel/api/custom-geo."
},
{
"name": "Backup",
"description": "Operations that interact with the configured Telegram bot."
},
{
"name": "Settings",
"description": "Panel configuration and user credentials. All endpoints live under /panel/setting and require a logged-in session or Bearer token."
},
{
"name": "API Tokens",
"description": "Manage Bearer tokens used for programmatic auth (bots, central panels acting on this node, CI). Each token has a unique name and an enabled flag — disable to revoke without deleting, delete to revoke permanently. Tokens are stored plaintext so the SPA can show them on demand. Send one as <code>Authorization: Bearer &lt;token&gt;</code> on any /panel/api/* request."
},
{
"name": "Xray Settings",
"description": "Xray configuration template, outbound management, Warp/Nord integration, and config testing. All endpoints under /panel/xray."
},
{
"name": "Subscription Server",
"description": "A separate HTTP/HTTPS server that serves proxy subscription links (standard, JSON, and Clash) to clients. The server listens on its own port (default 10882) and is configured in Settings → Subscription. Paths are configurable; defaults are shown below. All subscription endpoints set response headers for client apps to read traffic/expiry info."
},
{
"name": "WebSocket",
"description": "Real-time status updates via WebSocket. Connect once at <code>ws://<panel>/ws</code> to receive a stream of JSON messages without polling. Requires an authenticated session cookie (Bearer token auth is not supported). Each message has a <code>type</code> field that identifies the payload shape."
}
],
"paths": {
"/login": {
"post": {
"tags": [
"Authentication"
],
"summary": "Authenticate with username + password and receive a session cookie. Required before any cookie-based API call.",
"operationId": "post_login",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "Panel admin username."
},
"password": {
"type": "string",
"description": "Panel admin password."
},
"twoFactorCode": {
"type": "string",
"description": "OTP code when 2FA is enabled. Omit otherwise."
}
},
"required": [
"username",
"password",
"twoFactorCode"
]
},
"example": {
"username": "admin",
"password": "admin",
"twoFactorCode": "123456"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Logged in successfully"
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Wrong username or password"
}
}
}
}
}
}
},
"/logout": {
"post": {
"tags": [
"Authentication"
],
"summary": "Clear the session cookie. Requires the CSRF header for browser sessions.",
"operationId": "post_logout",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/csrf-token": {
"get": {
"tags": [
"Authentication"
],
"summary": "Mint a CSRF token for the current session. The SPA replays it in the X-CSRF-Token header on unsafe requests. Bearer-token callers can skip this — the middleware short-circuits CSRF for authenticated API requests.",
"operationId": "get_csrf_token",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "csrf-token-string"
}
}
}
}
}
}
},
"/getTwoFactorEnable": {
"post": {
"tags": [
"Authentication"
],
"summary": "Returns whether 2FA is enabled on the panel — used by the login page to decide whether to show the OTP field.",
"operationId": "post_getTwoFactorEnable",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": false
}
}
}
}
}
}
},
"/panel/api/inbounds/list": {
"get": {
"tags": [
"Inbounds"
],
"summary": "List every inbound owned by the authenticated user, including each inbounds clientStats traffic counters. settings, streamSettings, and sniffing are returned as nested JSON objects (no escaped strings); legacy callers that send them back as JSON-encoded strings are still accepted on write.",
"operationId": "get_panel_api_inbounds_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"userId": 1,
"up": 0,
"down": 0,
"total": 0,
"remark": "VLESS-443",
"enable": true,
"expiryTime": 0,
"listen": "",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "..."
}
},
"tag": "inbound-443",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"clientStats": []
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/list/slim": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Same shape as /list but with settings.clients[] stripped down to {email, enable, comment} and ClientStats not enriched with UUID/SubId. Use this for list pages; fetch /get/:id when you need the full per-client payload (uuid, password, flow, ...).",
"operationId": "get_panel_api_inbounds_list_slim",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"userId": 1,
"remark": "VLESS-443",
"settings": {
"clients": [
{
"email": "alice",
"enable": true
}
],
"decryption": "none"
},
"clientStats": []
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/options": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Lightweight picker projection of the authenticated users inbounds. Returns only id, remark, protocol, port, and a server-computed tlsFlowCapable flag (true for VLESS / port-fallback on TCP with tls or reality). Use this for dropdowns and attach pickers — it skips settings, streamSettings, and clientStats so the payload stays small even on panels with thousands of clients.",
"operationId": "get_panel_api_inbounds_options",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"remark": "VLESS-443",
"protocol": "vless",
"port": 443,
"tlsFlowCapable": true
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/get/{id}": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Fetch a single inbound by numeric ID.",
"operationId": "get_panel_api_inbounds_get_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/add": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Create a new inbound. Send the full inbound payload (protocol, port, settings, streamSettings, sniffing, remark, expiryTime, total, enable). settings, streamSettings, and sniffing may be sent as nested JSON objects (preferred) or as JSON-encoded strings (legacy).",
"operationId": "post_panel_api_inbounds_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": true,
"remark": "VLESS-443",
"listen": "",
"port": 443,
"protocol": "vless",
"expiryTime": 0,
"total": 0,
"settings": {
"clients": [
{
"id": "...",
"email": "user1"
}
],
"decryption": "none",
"fallbacks": []
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "..."
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Port 443 is already in use"
}
}
}
}
}
}
},
"/panel/api/inbounds/del/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Delete an inbound by ID. Also removes its associated client stats rows.",
"operationId": "post_panel_api_inbounds_del_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/update/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Replace an inbounds configuration. Body shape mirrors /add. Heavy on inbounds with thousands of clients — prefer /setEnable for enable-only flips.",
"operationId": "post_panel_api_inbounds_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/setEnable/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Toggle only the enable flag without serialising the whole settings JSON. Recommended for UI switches on large inbounds.",
"operationId": "post_panel_api_inbounds_setEnable_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/{id}/resetTraffic": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Zero out upload + download counters for a single inbound. Does not touch per-client counters.",
"operationId": "post_panel_api_inbounds_id_resetTraffic",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
docs(api): document POST /panel/api/inbounds/:id/delAllClients Adds the OpenAPI entry for the new "delete all clients of an inbound" endpoint and regenerates openapi.json (116 paths, 117 operations).
2026-05-27 16:20:02 +00:00
"/panel/api/inbounds/{id}/delAllClients": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Remove every client attached to a single inbound while keeping the inbound itself. Collects emails from settings.clients[] and feeds them into the optimized bulk-delete path (runtime user removal + traffic-row cleanup + SyncInbound). Destructive and cannot be undone.",
"operationId": "post_panel_api_inbounds_id_delAllClients",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"deleted": 12
}
}
}
}
}
}
}
},
feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
"/panel/api/inbounds/resetAllTraffics": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Reset upload + download counters on every inbound. Destructive — accounting history is lost.",
"operationId": "post_panel_api_inbounds_resetAllTraffics",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/import": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Bulk-import an inbound from a JSON blob (e.g. one exported via the UI). The body uses form encoding with a single \"data\" field.",
"operationId": "post_panel_api_inbounds_import",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/{id}/fallbacks": {
"get": {
"tags": [
"Inbounds"
],
"summary": "List the fallback rules attached to a master VLESS/Trojan TCP-TLS inbound. Each rule links one child inbound (the dest) to optional SNI/ALPN/path/xver match criteria.",
"operationId": "get_panel_api_inbounds_id_fallbacks",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Master inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"masterId": 10,
"childId": 11,
"name": "",
"alpn": "",
"path": "/vlws",
"xver": 2,
"sortOrder": 0
}
]
}
}
}
}
}
},
"post": {
"tags": [
"Inbounds"
],
"summary": "Replace the entire fallback list for a master inbound. Body is JSON. Triggers an Xray restart.",
"operationId": "post_panel_api_inbounds_id_fallbacks",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Master inbound ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"fallbacks": [
{
"childId": 11,
"path": "/vlws",
"xver": 2
},
{
"childId": 12,
"alpn": "h2"
}
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Inbound updated"
}
}
}
}
}
}
},
"/panel/api/server/status": {
"get": {
"tags": [
"Server"
],
"summary": "Real-time machine snapshot: CPU, memory, swap, disk, network IO, load averages, open connections, Xray state. Cached and refreshed every 2 seconds in the background.",
"operationId": "get_panel_api_server_status",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"cpu": 12.5,
"mem": {
"current": 2147483648,
"total": 8589934592
},
"swap": {
"current": 0,
"total": 4294967296
},
"disk": {
"current": 53687091200,
"total": 268435456000
},
"netIO": {
"up": 1073741824,
"down": 2147483648
},
"xray": {
"state": "running",
"version": "v25.10.31"
},
"tcpCount": 42,
"load": {
"load1": 0.5,
"load5": 0.3,
"load15": 0.2
}
}
}
}
}
}
}
}
},
"/panel/api/server/cpuHistory/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Legacy: aggregated CPU history. Use /history/cpu/:bucket instead — same data with a uniform {t, v} shape.",
"operationId": "get_panel_api_server_cpuHistory_bucket",
"parameters": [
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/history/{metric}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Aggregated time-series for one metric. Returns an array of {t, v} samples covering the last ~6 hours.",
"operationId": "get_panel_api_server_history_metric_bucket",
"parameters": [
{
"name": "metric",
"in": "path",
"required": true,
"description": "cpu | mem | netUp | netDown | online | load1 | load5 | load15.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"t": 1700000000,
"v": 12.5
},
{
"t": 1700000002,
"v": 13.1
}
]
}
}
}
}
}
}
},
"/panel/api/server/xrayMetricsState": {
"get": {
"tags": [
"Server"
],
"summary": "Xray runtime metrics state — whether the xray config has a `metrics` block, which expvar keys are flowing, and the current snapshot values for each. Returns an empty state when metrics are not configured.",
"operationId": "get_panel_api_server_xrayMetricsState",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayMetricsHistory/{metric}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Time-series history for one Xray runtime metric over the last ~6 hours. Same {t, v} shape as /history/:metric/:bucket.",
"operationId": "get_panel_api_server_xrayMetricsHistory_metric_bucket",
"parameters": [
{
"name": "metric",
"in": "path",
"required": true,
"description": "xrAlloc | xrSys | xrHeapObjects | xrNumGC | xrPauseNs.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayObservatory": {
"get": {
"tags": [
"Server"
],
"summary": "Latest snapshot from the Xray observatory — per-outbound latency, health status, and last-probe time. Only populated when the Xray config has an observatory configured.",
"operationId": "get_panel_api_server_xrayObservatory",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayObservatoryHistory/{tag}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Time-series of observatory probe results for one outbound tag. Same {t, v} shape as the other history endpoints.",
"operationId": "get_panel_api_server_xrayObservatoryHistory_tag_bucket",
"parameters": [
{
"name": "tag",
"in": "path",
"required": true,
"description": "Outbound tag from the observatory config.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getXrayVersion": {
"get": {
"tags": [
"Server"
],
"summary": "List Xray binary versions available for install on this host.",
"operationId": "get_panel_api_server_getXrayVersion",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"v25.10.31",
"v25.9.15",
"v25.8.1"
]
}
}
}
}
}
}
},
"/panel/api/server/getPanelUpdateInfo": {
"get": {
"tags": [
"Server"
],
"summary": "Check whether a newer 3x-ui release is available on GitHub.",
"operationId": "get_panel_api_server_getPanelUpdateInfo",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getConfigJson": {
"get": {
"tags": [
"Server"
],
"summary": "Return the assembled Xray config thats currently running on this host.",
"operationId": "get_panel_api_server_getConfigJson",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getDb": {
"get": {
"tags": [
"Server"
],
"summary": "Stream the SQLite database file as an attachment. Use as a manual backup.",
"operationId": "get_panel_api_server_getDb",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getNewUUID": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a fresh UUID v4. Convenience helper for client IDs.",
"operationId": "get_panel_api_server_getNewUUID",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "550e8400-e29b-41d4-a716-446655440000"
}
}
}
}
}
}
},
"/panel/api/server/getNewX25519Cert": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new X25519 keypair for Reality.",
"operationId": "get_panel_api_server_getNewX25519Cert",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"privateKey": "uN9qLfV3zH8w...",
"publicKey": "5v8xPqR2sM7k..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewmldsa65": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new ML-DSA-65 keypair (post-quantum signature). Returns {privateKey, publicKey, seed}.",
"operationId": "get_panel_api_server_getNewmldsa65",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"privateKey": "mdsa65priv...",
"publicKey": "mdsa65pub...",
"seed": "random-seed..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewmlkem768": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new ML-KEM-768 keypair (post-quantum KEM). Returns {clientKey, serverKey}.",
"operationId": "get_panel_api_server_getNewmlkem768",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"clientKey": "mlkem768-client...",
"serverKey": "mlkem768-server..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewVlessEnc": {
"get": {
"tags": [
"Server"
],
"summary": "Generate VLESS encryption auth options. Returns an auths array each with id, label, encryption, and decryption fields.",
"operationId": "get_panel_api_server_getNewVlessEnc",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"auths": [
{
"id": 0,
"label": "Auth #0",
"encryption": "aes-256-gcm",
"decryption": ""
}
]
}
}
}
}
}
}
}
},
"/panel/api/server/stopXrayService": {
"post": {
"tags": [
"Server"
],
"summary": "Stop the Xray binary. All proxies go offline immediately.",
"operationId": "post_panel_api_server_stopXrayService",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Xray is not running"
}
}
}
}
}
}
},
"/panel/api/server/restartXrayService": {
"post": {
"tags": [
"Server"
],
"summary": "Reload Xray with the current config. Typically required after structural inbound or routing changes.",
"operationId": "post_panel_api_server_restartXrayService",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Xray config is invalid: ..."
}
}
}
}
}
}
},
"/panel/api/server/installXray/{version}": {
"post": {
"tags": [
"Server"
],
"summary": "Download and install the specified Xray version. Pass \"latest\" for the newest release.",
"operationId": "post_panel_api_server_installXray_version",
"parameters": [
{
"name": "version",
"in": "path",
"required": true,
"description": "Xray tag (e.g. v25.10.31) or \"latest\".",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updatePanel": {
"post": {
"tags": [
"Server"
],
"summary": "Self-update the panel to the latest version. The server restarts on success.",
"operationId": "post_panel_api_server_updatePanel",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updateGeofile": {
"post": {
"tags": [
"Server"
],
"summary": "Refresh the default GeoIP / GeoSite data files. Body can include a fileName, or use the /:fileName variant.",
"operationId": "post_panel_api_server_updateGeofile",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updateGeofile/{fileName}": {
"post": {
"tags": [
"Server"
],
"summary": "Refresh a single Geo file by filename (e.g. geoip.dat, geosite.dat).",
"operationId": "post_panel_api_server_updateGeofile_fileName",
"parameters": [
{
"name": "fileName",
"in": "path",
"required": true,
"description": "Filename of the data file to refresh.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/logs/{count}": {
"post": {
"tags": [
"Server"
],
"summary": "Return the last N lines of the panels own log.",
"operationId": "post_panel_api_server_logs_count",
"parameters": [
{
"name": "count",
"in": "path",
"required": true,
"description": "Number of trailing log lines.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"level": "info",
"syslog": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "2025/01/01 12:00:00 [INFO] Server started\n2025/01/01 12:00:01 [INFO] Xray is running"
}
}
}
}
}
}
},
"/panel/api/server/xraylogs/{count}": {
"post": {
"tags": [
"Server"
],
"summary": "Return the last N lines of the Xray process log.",
"operationId": "post_panel_api_server_xraylogs_count",
"parameters": [
{
"name": "count",
"in": "path",
"required": true,
"description": "Number of trailing log lines.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "2025/01/01 12:00:00 rejected vless proxy example.com reason: no valid user\n2025/01/01 12:00:01 direct freedom ok"
}
}
}
}
}
}
},
"/panel/api/server/importDB": {
"post": {
"tags": [
"Server"
],
"summary": "Restore the panel DB from an uploaded SQLite file (multipart form, field name \"db\"). The panel restarts after restore. Destructive.",
"operationId": "post_panel_api_server_importDB",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getNewEchCert": {
"post": {
"tags": [
"Server"
],
"summary": "Generate a new ECH (Encrypted Client Hello) keypair and config list for the given SNI.",
"operationId": "post_panel_api_server_getNewEchCert",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/list": {
"get": {
"tags": [
"Clients"
],
"summary": "List every client with its attached inbound IDs and traffic record. The reverse field, if set, is returned as a nested JSON object (legacy JSON-encoded-string form is still accepted on write).",
"operationId": "get_panel_api_clients_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"email": "alice@example.com",
"subId": "abcd1234",
"uuid": "...",
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"enable": true,
"reverse": null,
"inboundIds": [
3,
5
],
"traffic": {
"up": 1024,
"down": 4096,
"enable": true
}
}
]
}
}
}
}
}
}
},
"/panel/api/clients/list/paged": {
"get": {
"tags": [
"Clients"
],
"summary": "Filter, sort, and paginate clients on the server. Each item is a slim row (no uuid/password/auth/flow/security/reverse/tgId) so the clients page can ship 25-ish rows in a few KB instead of the full table. The response also includes a summary computed across the full DB row set so dashboard counters stay stable as the user paginates or filters. Page size capped at 200; fetch /get/:email to obtain the full per-client payload for an edit/info modal.",
"operationId": "get_panel_api_clients_list_paged",
"parameters": [
{
"name": "page",
"in": "query",
"required": true,
"description": "1-indexed page number. Defaults to 1.",
"schema": {
"type": "integer"
}
},
{
"name": "pageSize",
"in": "query",
"required": true,
"description": "Rows per page. Defaults to 25, capped at 200.",
"schema": {
"type": "integer"
}
},
{
"name": "search",
"in": "query",
"required": true,
"description": "Case-insensitive substring match on email / subId / comment.",
"schema": {
"type": "string"
}
},
{
"name": "filter",
"in": "query",
"required": true,
"description": "Status bucket: online | active | deactive | depleted | expiring.",
"schema": {
"type": "string"
}
},
{
"name": "protocol",
"in": "query",
"required": true,
"description": "Match clients attached to at least one inbound of this protocol (vless, vmess, trojan, shadowsocks, ...).",
"schema": {
"type": "string"
}
},
{
"name": "sort",
"in": "query",
"required": true,
"description": "Sort key: enable | email | inboundIds | traffic | remaining | expiryTime.",
"schema": {
"type": "string"
}
},
{
"name": "order",
"in": "query",
"required": true,
"description": "ascend or descend.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"items": [
{
"email": "alice@example.com",
"subId": "abcd1234",
"enable": true,
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"limitIp": 0,
"reset": 0,
"inboundIds": [
3,
5
],
"traffic": {
"up": 1024,
"down": 4096,
"enable": true
},
"createdAt": 1735000000000,
"updatedAt": 1735100000000
}
],
"total": 2000,
"filtered": 47,
"page": 1,
"pageSize": 25,
"summary": {
"total": 2000,
"active": 1850,
"online": [
"alice@example.com"
],
"depleted": [],
"expiring": [],
"deactive": []
}
}
}
}
}
}
}
}
},
"/panel/api/clients/get/{email}": {
"get": {
"tags": [
"Clients"
],
"summary": "Fetch one client by email, including the inbound IDs it is attached to.",
"operationId": "get_panel_api_clients_get_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/add": {
"post": {
"tags": [
"Clients"
],
"summary": "Create a new client and attach it to one or more inbounds in a single call. Body is JSON. Per-protocol secrets (UUID for VLESS/VMess, password for Trojan/Shadowsocks, auth for Hysteria) are generated server-side when omitted, so callers can send only the universal fields.",
"operationId": "post_panel_api_clients_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"client": {
"email": "alice@example.com",
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"tgId": 0,
"limitIp": 0,
"enable": true
},
"inboundIds": [
3,
5
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client added"
}
}
}
}
}
}
},
"/panel/api/clients/update/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Update an existing client by email. Changes propagate to every attached inbound. Body is the JSON client payload — supply the full set of fields you want to keep (the server replaces the row, it does not patch).",
"operationId": "post_panel_api_clients_update_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Current client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"email": "alice@example.com",
"totalGB": 107374182400,
"expiryTime": 1767225600000,
"tgId": 123456789,
"enable": true
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client updated"
}
}
}
}
}
}
},
"/panel/api/clients/del/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete a client by email. Removes it from every attached inbound and drops its traffic record unless keepTraffic=1 is passed.",
"operationId": "post_panel_api_clients_del_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
},
{
"name": "keepTraffic",
"in": "query",
"required": true,
"description": "Pass 1 to retain the xray_client_traffic row after deletion.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client deleted"
}
}
}
}
}
}
},
"/panel/api/clients/{email}/attach": {
"post": {
"tags": [
"Clients"
],
"summary": "Attach an existing client to one or more additional inbounds. Body is JSON.",
"operationId": "post_panel_api_clients_email_attach",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"inboundIds": [
7,
9
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/{email}/detach": {
"post": {
"tags": [
"Clients"
],
"summary": "Detach a client from one or more inbounds without deleting the client.",
"operationId": "post_panel_api_clients_email_detach",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"inboundIds": [
5
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/resetAllTraffics": {
"post": {
"tags": [
"Clients"
],
"summary": "Reset the up/down counters for every client globally. Quotas and expiry are not affected. Triggers an Xray restart if any counter actually moved.",
"operationId": "post_panel_api_clients_resetAllTraffics",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/delDepleted": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete every client whose traffic quota is exhausted (used >= total, when reset is disabled) or whose expiry has passed. Returns the deleted count and triggers an Xray restart when any client was on a running inbound.",
"operationId": "post_panel_api_clients_delDepleted",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"deleted": 0
}
}
}
}
}
}
}
},
"/panel/api/clients/bulkAdjust": {
"post": {
"tags": [
"Clients"
],
"summary": "Shift expiry and/or traffic quota for many clients in one call. addDays/addBytes may be negative. Clients with unlimited expiry (expiryTime=0) or unlimited traffic (totalGB=0) are skipped for the corresponding field — bulk extend never converts unlimited to limited. Returns the adjusted count and per-email skip reasons.",
"operationId": "post_panel_api_clients_bulkAdjust",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
],
"addDays": 30,
"addBytes": 53687091200
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"adjusted": 2,
"skipped": [
{
"email": "carol",
"reason": "unlimited expiry"
}
]
}
}
}
}
}
}
}
},
feat: complete Zod migration of frontend + bulk client batching (#4599) * feat(frontend): add Zod runtime validation at API boundary Introduces Zod 4 schemas for response validation on the three highest-traffic endpoints (server/status, nodes/list, setting/all) and a Zod->AntD form rule adapter, replacing the duplicated per-file ApiMsg<T> interfaces. Validation runs safeParse with console.warn + raw-payload fallback so backend drift never breaks the UI for users. Login form switches to schema-driven rules as the proof-of-life for the adapter. Class-based models stay untouched; remaining query/mutation hooks and form modals will migrate in follow-ups. * feat(frontend): extend Zod validation to remaining query/mutation hooks Adds Zod schemas for client/inbound/xray/node-probe endpoints and wires useNodeMutations, useClients, useInbounds, useXraySetting, useDatepicker through parseMsg. Drops the duplicated per-file ApiMsg<T> interfaces and the local ClientRecord / OutboundTrafficRow / XraySettingsValue / DefaultsPayload declarations in favour of schema-inferred types re-exported from the new src/schemas/ modules. API boundary now validates: clients list/paged, clients onlines, clients lastOnline, clients get/hydrate, inbounds slim, inbounds get, inbounds options, defaultSettings, xray config, xray outbounds traffic, xray testOutbound, xray getXrayResult, getDefaultJsonConfig, nodes probe, nodes test. Mutation responses that consume obj (bulkAdjust, delDepleted, nodes probe / test) get response validation; pass-through mutations stay agnostic. NodeFormModal type-aligned to Msg<ProbeResult>. * fix(frontend): allow null slices in client/summary schemas Go's encoding/json emits nil []T as null, not []. The initial ClientPageResponseSchema and ClientHydrateSchema rejected null inboundIds / summary.online / summary.depleted / etc., causing [zod] warnings on every empty list. Add nullableStringArray / nullableNumberArray helpers that accept null and transform to [] so consuming code keeps seeing arrays. Mark ClientRecord.traffic and .reverse nullable too (reverse is explicitly null in MarshalJSON when storage is empty). * fix(vite): treat /panel/xray as SPA page, not API root The dev-server bypass classified /panel/xray as an API path because the PANEL_API_PREFIXES matcher did `stripped === prefix.replace(/\/$/, '')`, which made the bare path collide with the SPA route of the same name (see web/controller/xui.go: g.GET("/xray", a.panelSPA)). On reload, /panel/xray got proxied to the Go backend instead of being served by Vite. The backend returned the embedded built index.html with hashed asset names that the dev server doesn't have, so every asset 404'd. Prefix-only match for trailing-slash entries fixes it: panel/xray/... still routes to the API, but panel/xray itself reaches the SPA branch. * feat(frontend): drive form validation from Zod schemas NodeFormModal — full conversion to AntD Form.useForm with antdRule on every required field. Inline field errors replace the single 'fillRequired' toast. testConnection now runs validateFields(['address','port']) before sending. ClientFormModal and ClientBulkAddModal — minimal conversion: keep the existing useState-driven controlled-component pattern, but replace the hand-rolled `if (!form.x)` checks with schema.safeParse(form). The schema is the single source of truth for required-ness and types; ClientCreateFormSchema layers on the create-only `inboundIds.min(1)` rule. New schemas (in src/schemas/): NodeFormSchema (node.ts) ClientFormSchema / ClientCreateFormSchema (client.ts) ClientBulkAddFormSchema (client.ts) Other 16+ form modals stay on the current pattern — the antdRule adapter ships from the first Zod pass for opportunistic migration as forms are touched. * chore(frontend): silence swagger-ui-react peer-dep warnings on React 19 swagger-ui-react@5.32.6 bundles three deps whose declared peer ranges predate React 19: react-copy-to-clipboard@5.1.0 (peer 15-18) react-debounce-input@3.3.0 (peer 15-18, unmaintained) react-inspector@6.0.2 (peer 16-18) For the first two, the actual code is React-19 compatible - only the metadata is stale. Resolve via npm overrides: - react-copy-to-clipboard bumped to ^5.1.1 (peer is open-ended >=15.3.0 in that release). - react-inspector bumped to ^9.0.0 (^8 was a broken publish per its own deprecation notice). - react-debounce-input is wedged on 3.3.0 with no maintained successor on npm. Use the nested-override syntax to satisfy its react peer: "react-debounce-input": { "react": "^19.0.0" } That tells npm to use our React 19 for the package's peer dependency, which silences the warning without changing the package version. * fix(vite): bypass es-toolkit CJS shim for recharts deep imports The Nodes page (and any other recharts-using route) crashed in dev and prod with TypeError: require_isUnsafeProperty is not a function. Root cause: es-toolkit's package.json exports './compat/*' only via a default condition pointing at the CJS shims under compat/<name>.js. Those shims use a require_X.Y access pattern that Vite's optimizer (Rolldown in Vite 8) and the production Rolldown build both mishandle, losing the named-export accessor and calling the namespace object as a function. recharts imports a dozen of these subpaths with default- import syntax, so every chart path tripped the bug. The matching ESM build at dist/compat/<category>/<name>.mjs is fine, but it only carries a named export. Recharts uses default imports. Plug a small Rollup-compatible plugin (enforce: 'pre') in front of the resolver: any 'es-toolkit/compat/<name>' request becomes a virtual module that imports the named symbol from the right .mjs file and re-exports it as both default and named. The plugin is registered as a top-level plugin (for the prod build) and via the new Vite 8 optimizeDeps.rolldownOptions.plugins (for the dev pre-bundler), so both pipelines pick it up consistently. * feat(frontend): migrate five secondary form modals to Zod schemas Apply the schema + safeParse-on-submit pattern (introduced for ClientFormModal / ClientBulkAddModal) to five more forms: - ClientBulkAdjustModal: ClientBulkAdjustFormSchema enforces 'at least one of addDays / addGB is non-zero' via .refine(), replacing the ad-hoc days+gb check. - BalancerFormModal: BalancerFormSchema covers tag and selector required-ness; the duplicate-tag check stays inline since it needs the otherTags prop. Per-field validateStatus now reads from the parsed issues map. - RuleFormModal: RuleFormSchema captures the form shape (no required fields - every property is optional by design). safeParse short- circuits if anything is structurally wrong. - CustomGeoFormModal: CustomGeoFormSchema folds the regex alias rule and the http(s) URL validation (including URL parse) into the schema, replacing a 20-line validate() function. - TwoFactorModal: TotpCodeSchema (z.string().regex(/^\d{6}$/)) drives both the disabled-state of the OK button and the safeParse gate before the TOTP comparison. Schemas live alongside the matching API schemas: - ClientBulkAdjustFormSchema in schemas/client.ts - BalancerFormSchema / RuleFormSchema / CustomGeoFormSchema in schemas/xray.ts - TotpCodeSchema in schemas/login.ts (next to LoginFormSchema) No UX change for valid inputs. * feat(frontend): block invalid settings saves with Zod pre-save check Tighten AllSettingSchema with the actual valid ranges and patterns: - webPort / subPort / ldapPort: integer 1-65535 - pageSize: integer 1-1000 - sessionMaxAge: integer >= 1 - tgCpu: integer 0-100 (percentage) - subUpdates: integer 1-168 (hours) - expireDiff / trafficDiff / ldapDefault*: non-negative integers - webBasePath / subPath / subJsonPath / subClashPath: must start with / The existing useAllSettings save path runs AllSettingSchema.partial() through safeParse and logs drift without blocking. SettingsPage now adds a stronger gate before the mutation: run the full schema against the draft and, on failure, surface the first issue (field path + message) via the existing messageApi.error so the user actually sees what's wrong instead of silently sending bad data to the backend. Use cases caught: port out of range, negative quota, sub path missing leading slash, page size set to 0, tgCpu > 100. * feat(frontend): schema-guard Inbound and Outbound form submits The two largest forms in the panel send to the backend without ever checking their own port range or required-ness. Schema-gate the top-level fields so obviously bad payloads stop at the client. InboundFormModal: InboundFormSchema (port 1-65535 int, non-empty protocol, the rest of the keys present) runs as a safeParse just before the HttpUtil.post in submit(). The 2000+ lines of protocol- specific subform code stay untouched - that's a separate effort and the existing per-protocol logic (e.g. canEnableStream, isFallbackHost) already gates most of the structural correctness. OutboundFormModal: OutboundTagSchema (trim + min 1) replaces the hand-rolled `if (!ob.tag?.trim()) messageApi.error('Tag is required')` check. The duplicateTag check stays inline because it needs the existingTags prop. Both schemas emit i18n keys for messages with a defaultValue fallback, matching the pattern in BalancerFormModal and SettingsPage. * feat(backend): gate request bodies with go-playground/validator Add a generic BindAndValidate helper in web/middleware that wraps gin's content-aware binder with an explicit validator.Struct call and emits a structured `entity.Msg{Obj: ValidationPayload{Issues...}}` on failure so the frontend can map each issue to an i18n key. Tag the user-facing fields on model.Inbound, model.Node, and entity.AllSetting with the range/enum constraints they were previously relying on hand-rolled CheckValid logic (or nothing) to enforce, and wire the helper into the inbound/node/settings controllers that bind those structs directly. Promotes validator/v10 from indirect to direct require, plus six unit tests covering valid payloads, range violations, enum violations, malformed JSON, in-place binding, and JSON-only strict mode. This is PR1 of a planned end-to-end Zod rollout — controllers using local form structs (custom_geo, setEnable, fallbacks, client) keep their existing handling and will be migrated as their schemas firm up. * feat(codegen): Go-first tool emitting Zod schemas and TS types Add tools/openapigen — a single-binary Go program that walks the exported structs in database/model, web/entity, and xray via go/parser and emits two committed artifacts under frontend/src/generated: - zod.ts shared Zod schemas keyed off `validate:` tags (ports get .min(1).max(65535), Inbound.protocol becomes a z.enum, Node.scheme too, etc.) - types.ts plain TS interfaces inferred from the same walk, so consumers can import Inbound without dragging Zod along The walker flattens embedded structs (AllSettingView.AllSetting), honors json:"-" and omitempty, and accepts per-struct overrides so the JSON-string-inside-JSON columns (Inbound.Settings/StreamSettings/ Sniffing, ClientRecord.Reverse, InboundClientIps.Ips) render as z.unknown() instead of leaking the DB-storage type into the API contract. Type aliases like model.Protocol are emitted as TS aliases and Zod schemas in their own right. Wires `npm run gen:zod` in frontend/package.json so the generator can be re-run without leaving the frontend tree. The existing openapi.json build (gen:api) is left alone for now; migrating the OpenAPI surface to this generator is a follow-up. PR2 of the planned Zod end-to-end rollout. * refactor(frontend): tighten HttpUtil generics from any to unknown Switch the class-level default on Msg<T> and the per-method defaults on HttpUtil.get/post/postWithModal from `any` to `unknown`, so callers that don't pass an explicit T get a narrowed response that must be schema- checked or type-cast before its shape is trusted. Drops the four file-level eslint-disable comments these defaults required. Fixes the nine direct `.obj.field` consumers that surfaced (IndexPage, XrayMetricsModal, NordModal, WarpModal, LogModal, VersionModal, XrayLogModal, CustomGeoSection) by giving each call site the explicit T it should have had from the start — typically a small ad-hoc shape, sometimes a string for the JSON-text-in-Msg.obj pattern used by NordModal/WarpModal/Xray nord/warp endpoints. PR3 of the planned Zod end-to-end rollout — schemas/inbound.ts and schemas/client.ts loose() removal stays parked until the protocol schemas land in Phase 3 to avoid silently dropping fields. * feat(frontend): protocol-leaf Zod schemas with discriminated unions Stand up schemas/primitives (Port, Flow, Protocol, Sniffing) and per-protocol leaf schemas for all 10 inbound and 13 outbound xray protocols. The leaves omit any inner `protocol` literal — the discriminator lives at the parent level so consumers narrow on `.protocol` without redundant projection. Wire shape is preserved per protocol: vmess outbound stays in `vnext[]`, trojan and shadowsocks outbound in `servers[]`, vless outbound flat, http/socks outbound in `servers[].users[]`. Cross-protocol atoms (port, flow, sniffing dest, protocol enum) live in primitives. Protocol-specific enums (vmess security, ss method/network, hysteria version, freedom domain strategy, dns rule action) stay with their leaves. Tagged-wrapper `z.discriminatedUnion('protocol', [...])` composes both InboundSettingsSchema and OutboundSettingsSchema; existing class-based models in src/models/ are untouched and will be retired in Step 3 once the golden-file safety net is in place. * feat(frontend): stream and security Zod families with discriminated unions Stand up the remaining Step 2 families. NetworkSettingsSchema is a 6-branch DU on `network` covering tcp/kcp/ws/grpc/httpupgrade/xhttp, with asymmetric per-network wire keys (tcpSettings, wsSettings, ...) preserved exactly so fixtures round-trip byte-identical. SecuritySettingsSchema is a 3-branch DU on `security` covering none/tls/reality. TLS certs use a file-vs-inline union; uTLS fingerprints are shared between TLS and Reality via a single primitive enum. Hysteria-as-network, finalmask, and sockopt are not in the plan's Step 2 inventory and are deferred to Step 6 (Tighten) - they're orthogonal extras on the stream root, not network-discriminated branches. Resolves a Security identifier collision in protocols/index.ts by re-exporting the type alias as SecurityKind (the `Security` name is taken by the namespace re-export). * test(frontend): vitest harness with golden-file fixtures for inbound protocols Stand up Phase 3 safety net before the models/ rewrite. The harness loads JSON fixtures via Vite's import.meta.glob, parses each through InboundSettingsSchema (the tagged-wrapper DU), and snapshots the canonical parsed shape. Snapshots stay byte-stable across the upcoming class-to- pure-function extraction, catching any normalization drift. Six representative inbound fixtures cover the high-traffic protocols: vless, vmess, trojan, shadowsocks (2022-blake3 multi-user), wireguard, hysteria2. Stream and security branches plus the remaining protocols (http, mixed, tunnel, hysteria) follow in subsequent turns. Uses /// <reference types="vite/client" /> instead of @types/node so we avoid pulling in another type package; import.meta.glob is enough to walk the fixtures directory at compile time. Adds vitest 4.1.7 as the only new dev dependency. test/test:watch scripts land in package.json; a standalone vitest.config.ts keeps the production vite.config.js (which reads from sqlite via DatabaseSync) out of the test runner. * test(frontend): broaden golden coverage to remaining inbounds + stream + security DUs Round out Step 3b. Four more inbound fixtures complete the protocol set (http with two accounts, mixed with socks-style auth, tunnel with a port map, hysteria v1). Two parallel test files cover the other DUs: stream.test.ts walks tcp/ws/grpc fixtures through NetworkSettingsSchema, and security.test.ts walks none/tls/reality through SecuritySettingsSchema. Snapshot count is now 16 across three test files. The reality fixture locks in the array form of serverNames/shortIds (the panel class stores them comma-joined internally but they ship as arrays on the wire). The TLS fixture pins the file-vs-inline cert DU on the file branch. Stream coverage for httpupgrade/xhttp/kcp and security mixed-with-stream combos follow in the next turn, alongside the shadow harness. * test(frontend): shadow-parse harness asserting legacy class and Zod converge Add Step 3c's safety net: for every inbound golden fixture, run the raw payload through both pipelines — legacy: Inbound.Settings.fromJson(protocol, raw.settings).toJson() zod: InboundSettingsSchema.parse(raw).settings — canonicalize each (recursively sort keys, drop empty arrays / null / undefined), and assert byte-equality. This locks the wire shape across the upcoming class-to-pure-function extraction in Step 3d. Any normalization drift introduced by the rewrite trips an assertion here before it can reach users. Two ergonomic wrinkles handled inline: - The legacy class lumps hysteria + hysteria2 onto a single HysteriaSettings (no hysteria2 case in the dispatch table); the test routes hysteria2 fixtures through the HYSTERIA branch. - Empty arrays in Zod's output (e.g. fallbacks: [] from a .default([])) are treated as equivalent to the legacy class's omit-when-empty behavior. Same wire state, different syntactic surface. All 26 tests across 4 test files pass on first run. * refactor(frontend): extract toHeaders + toV2Headers to lib/xray/headers.ts First Step 3d extraction. The XrayCommonClass static helpers toHeaders/toV2Headers are pure data shape conversions with no class hierarchy needs, so they move to a standalone module that callers can import without dragging in models/inbound.ts. The new module exports HeaderEntry + V2HeaderMap as named types so consumers stop reaching into the legacy class for type shapes. A new test file (headers.test.ts) asserts byte-equality with the legacy XrayCommonClass.toHeaders / .toV2Headers across 18 cases — null / undefined / primitive inputs, single-string headers, array-valued headers, duplicate names, empty-name and empty-value filtering, both arr=true (TCP request/response shape) and arr=false (WS / xHTTP / sockopt shape). Drift between the legacy and new impls fails these tests, so the follow-up call-site swap stays safe. Callers (TcpStreamSettings, WsStreamSettings, HTTPUpgradeStreamSettings, TunnelSettings, etc.) still go through XrayCommonClass for now — those swaps land alongside class-method extractions in subsequent turns. Suite is now 44 tests across 5 files; typecheck + lint clean. * refactor(frontend): extract createDefault*Client factories to lib/xray Next Step 3d slice. Five plain-object factories — Vless, Vmess, Trojan, Shadowsocks, Hysteria — replace the legacy `new Inbound.<Protocol>Settings.<Protocol>(...)` constructor chain and the ClientBase XrayCommonClass machinery. Each factory takes an optional seed; missing random fields (id, password, auth, email, subId) fall through to RandomUtil at call time. Forms can hand-pick a UUID; tests pass deterministic seeds so the suite never touches window.crypto. Tests double-verify each factory: a snapshot locks the exact shape, and the matching Zod ClientSchema.parse(out) must equal `out` — no missing defaults, no stray fields, type-narrowed end-to-end. Discovered: VmessClientSchema and VlessClientSchema enforce z.uuid() format, so the test seeds use real-shape UUIDs. Suite: 49 tests across 6 files; typecheck + lint clean. Outbound and inbound-settings factories follow in subsequent turns alongside the toShareLink extraction. * refactor(frontend): add createDefault*InboundSettings factories for all 10 protocols Round out Step 3d's settings factory set. Ten plain-object factories (vless / vmess / trojan / shadowsocks / hysteria / hysteria2 / http / mixed / tunnel / wireguard) replace the legacy `new Inbound.<X>Settings(protocol)` constructors. Each returns a Zod- parsable wire shape with schema defaults applied — no class instance. Forms (Step 4) and InboundsPage clone (Step 5) call these factories directly once the swap lands. Three factories take a seed for random fields: - shadowsocks: method-dependent password length via RandomUtil.randomShadowsocksPassword(method) - hysteria: explicit `version` override (defaults to 2, matching the legacy panel constructor — v1 is opt-in) - wireguard: secretKey from Wireguard.generateKeypair().privateKey Tests double-verify each factory the same way as the client factories: snapshot the shape, then Zod parse round-trip to confirm no missing defaults or stray fields. Suite: 59 tests across 6 files; typecheck + lint clean. Outbound factories and the toShareLink extraction follow next. * refactor(frontend): add getHeaderValue wire-shape lookup to lib/xray/headers Tiny piece of the toShareLink scaffold. The legacy Inbound.getHeader(obj, name) iterated the panel's internal HeaderEntry[] form; the new getHeaderValue reads the Record<string, string|string[]> map our Zod schemas store on the wire. Case-insensitive, returns '' on miss to match the legacy fallback so link-generator call sites stay simple. For repeated-name maps (TCP/WS-style string[] values) the first value wins — matches the legacy iteration order so the share URL's Host hint stays deterministic. Five unit tests cover undefined/null/empty inputs, case folding, string-valued and array-valued matches, empty-array edge case, and missing-key fallback. Suite: 64 tests across 6 files; typecheck + lint clean. This unblocks the next slice: per-protocol link generators (genVmessLink etc.) take a typed inbound + client and call getHeaderValue against the ws/httpupgrade/xhttp/tcp.request header maps. * feat(frontend): stream extras + full InboundSchema with DU intersection Step 3d's last scaffolding piece before link generators. Three new stream-extras schemas land alongside the network/security DUs: - finalmask: TcpMask[] + UdpMask[] + QuicParams. Mask `settings` stays record<string, unknown> for now — there are 13 UDP mask types and 3 TCP mask types with distinct per-type setting shapes, and modeling them all as DUs would dwarf the rest of stream/ without buying anything the shadow harness doesn't already catch. Tightened in Step 6. - sockopt: 17 socket-tuning knobs (TCP keepalive, TFO, mark, tproxy, mptcp, dialer proxy, IPv6-only, congestion). `interfaceName` field matches the panel class naming; serializers rename to `interface` on the wire. - external-proxy: rows ship per inbound describing edge fronts (CDN mirrors). Used by link generators to fan out share URLs. schemas/api/inbound.ts composes the top-level wire shape with intersection-of-DUs: StreamSettingsSchema = NetworkSettingsSchema .and(SecuritySettingsSchema) .and(StreamExtrasSchema) InboundSchema = InboundCoreSchema.and(InboundSettingsSchema) A fixture (vless-ws-tls.json) exercises the full shape — protocol DU, network DU, security DU, and TLS cert file branch in one round trip. The snapshot pins the canonical parsed form so the upcoming link extractor consumes typed input with no class hierarchy underneath. Suite: 65 tests across 7 files; typecheck + lint clean. Zod 4 intersection-of-DUs works. * refactor(frontend): extract genVmessLink to lib/xray/inbound-link.ts First link generator to leave the class hierarchy. genVmessLink takes a typed Inbound + client args and returns the base64-encoded vmess:// URL. Internal helpers (buildXhttpExtra, applyXhttpExtraToObj, applyFinalMaskToObj, applyExternalProxyTLSObj, serializeFinalMask, hasShareableFinalMaskValue, externalProxyAlpn) port across from XrayCommonClass — same logic, rewritten to read the Zod schemas' Record<string, string> headers instead of the legacy HeaderEntry[]. Parity test (inbound-link.test.ts) loads each vmess fixture in golden/fixtures/inbound-full, parses it with InboundSchema for the new pure fn AND constructs LegacyInbound.fromJson(raw) for the class method, then asserts the URLs match byte-for-byte. Drift between the two impls fails here before the call sites in pages/inbounds/* get swapped. Adds a small test setup file that aliases globalThis.window to globalThis so Base64.encode's window.btoa works under Node — keeps the test env at 'node' and avoids pulling jsdom as a new dep. A first vmess-tcp-tls full-inbound fixture pins the round-trip path. Suite: 67 tests across 8 files; typecheck + lint clean. Five more link generators (vless/trojan/ss/hysteria/wireguard) plus the orchestrator (toShareLink, genAllLinks) follow in subsequent turns. * test(frontend): refresh inbound-full snapshot with vmess-tcp-tls fixture * refactor(frontend): extract genVlessLink to lib/xray/inbound-link Second link generator. genVlessLink builds the vless://<uuid>@<host>:<port>?<query>#<remark> share URL from a typed Inbound + client args, dispatching on streamSettings.network for the network-specific knobs and on streamSettings.security for the TLS/Reality knobs. Three param-style helpers move alongside the obj- style ones already in this file: - applyXhttpExtraToParams — writes path/host/mode/x_padding_bytes and the JSON extra blob into URLSearchParams - applyFinalMaskToParams — writes the fm payload when shareable - applyExternalProxyTLSParams — overrides sni/fp/alpn when an external proxy entry is supplied and security is tls A vless-tcp-reality fixture lands alongside the existing vless-ws-tls one, so the parity test now exercises both security branches. Discovered a latent legacy bug while writing parity: the old class stored realitySettings.serverNames as a comma-joined string and gated SNI on `!ObjectUtil.isArrEmpty(serverNames)`, which always returns true for strings — so SNI was never written into Reality share URLs. Existing clients rely on the omission (they pull SNI from realitySettings.target instead). We preserve the omission here to keep this extraction byte-stable; an inline comment marks the spot for a separate intentional fix. Suite: 70 tests across 8 files; typecheck + lint clean. * refactor(frontend): extract genTrojanLink + genShadowsocksLink to lib/xray Third and fourth link generators. genTrojanLink mirrors genVlessLink's shape (URLSearchParams + network/security branches + remark hash) minus the encryption/flow VLESS-isms. genShadowsocksLink shares the same query construction but base64-encodes the userinfo portion as method:password or method:settingsPw:clientPw depending on whether SS-2022 is in single-user or multi-user mode. Three reusable helpers move out of the per-protocol functions: - writeNetworkParams: the per-network switch that all param-style links share (tcp http header / kcp mtu+tti / ws path+host / grpc serviceName+authority / httpupgrade / xhttp extras) - writeTlsParams: fingerprint/alpn/ech/sni - writeRealityParams: pbk/sid/spx/pqv (preserves the SNI-omission legacy parity quirk noted in the genVlessLink commit) genVmessLink stays with its inline switch — it builds a JSON obj instead of URLSearchParams and has per-network quirks (kcp emits mtu+tti at the obj root, grpc maps multiMode to obj.type='multi') that don't factor cleanly through the shared writer. Two new full-inbound fixtures (trojan-ws-tls, shadowsocks-tcp-2022) plus matching parity tests bring the suite to 74 tests across 8 files; typecheck + lint clean. * refactor(frontend): extract genHysteriaLink + Wireguard link/config to lib/xray Fifth and sixth link generators. genHysteriaLink builds the v1/v2 share URL (scheme picked from settings.version), copying TLS knobs into the query, surfacing the salamander obfs password from finalmask.udp[type=salamander] when present, and writing the broader finalmask payload under `fm` like the other links. Legacy parity note: the old genHysteriaLink read stream.tls.settings.allowInsecure, which isn't a field on TlsStreamSettings.Settings — the guard always evaluated false and the `insecure` param never made it into the URL. We omit it here to stay byte-stable. genWireguardLink and genWireguardConfig take a typed WireguardInboundSettings + peer index and: - link: wireguard://<peerPriv>@host:port?publickey=&address=&mtu=#remark - config: the .conf text WireGuard clients consume directly Both derive the server pubKey from settings.secretKey via Wireguard.generateKeypair at call time — Zod stores only secretKey on the wire (pubKey is computed). The Wireguard utility is pure JS (X25519 over Float64Array), so it runs fine under node + the window polyfill we added with the vmess extraction. Two new full-inbound fixtures (hysteria-v1-tls, wireguard-server) plus matching parity tests bring the suite to 78 tests across 8 files; typecheck + lint clean. Hysteria2 (protocol literal) parity stays deferred — the legacy class has no HYSTERIA2 dispatch case, so it can't round-trip a hysteria2 fixture without a protocol remap. Same trick the shadow harness uses; revisit in the orchestrator commit. * refactor(frontend): extract share-link orchestrator to lib/xray/inbound-link Last slice of Step 3d. Five orchestrator exports compose the per- protocol generators into the public surface the panel consumes: - resolveAddr(inbound, hostOverride, fallbackHostname): picks the address that goes into share/sub URLs. Browser `location.hostname` is no longer a hidden dependency — callers pass it in (or any other fallback they want). - getInboundClients(inbound): protocol-aware clients accessor. Mirrors the legacy `Inbound.clients` getter, including the SS quirk where 2022-blake3-chacha20 single-user inbounds report null (no client loop) and everything else returns the clients array. - genLink: per-protocol dispatcher matching legacy Inbound.genLink. - genAllLinks: per-client fanout. Builds the remarkModel-formatted remark (separator + 'i'/'e'/'o' field picker) and iterates streamSettings.externalProxy when present. - genInboundLinks: top-level \r\n-joined link block. Loops per client for clientful protocols, single-shots SS for non-multi-user, and delegates to genWireguardConfigs for wireguard. Returns '' for http/mixed/tunnel (no share URL at all). Plus genWireguardLinks / genWireguardConfigs fanouts which iterate peers and append index-suffixed remarks. Parity test exercises every full-inbound fixture against legacy Inbound.genInboundLinks. Skips hysteria2 (no legacy dispatch case; that bridge belongs in a separate intentional commit alongside the form modal swap). Suite: 89 tests across 8 files; typecheck + lint clean. Next: Step 4 form modal migrations. Forms can now drop `new Inbound.Settings.getSettings(protocol)` in favor of the createDefault*InboundSettings factories, and InboundsPage clone can swap to genInboundLinks. Models/ deletion follows in Step 5 once all call sites are off the class. * refactor(frontend): swap InboundsPage clone fallback off Inbound.Settings.getSettings First Step 4 call-site swap. createDefaultInboundSettings(protocol) lands in lib/xray/inbound-defaults — a protocol-aware dispatch over the 10 per-protocol settings factories already in this module. Returns a Zod- parsable plain object instead of a class instance, so callers that just need the wire-shape JSON can drop the class hierarchy without touching the broader form modals. InboundsPage's clone path used Inbound.Settings.getSettings(p).toString() as the fallback when settings JSON parsing failed. That's now createDefaultInboundSettings + JSON.stringify, with a final '{}' guard for unknown protocols (legacy returned null and .toString() crashed — we just emit empty settings instead). The Inbound import on this file is now unused and removed. The 2 remaining getSettings call sites in InboundFormModal aren't safe to swap in isolation — the form mutates the returned class instance through methods like .addClient() and .toJson() across ~2000 lines of JSX. Those land with the full Pattern A rewrite of InboundFormModal, which the plan budgets at multiple days on its own. Suite: 89 tests across 8 files; typecheck + lint clean. * refactor(frontend): lift Protocols + TLS_FLOW_CONTROL consts to schemas/primitives Step 4b. The Protocols and TLS_FLOW_CONTROL enums on models/inbound.ts were dragging five page files into that 3,300-line module just to read literal string constants. Lifting them to schemas/primitives lets those pages drop the @/models/inbound import entirely. - schemas/primitives/protocol.ts now exports a Protocols const map alongside the existing ProtocolSchema. TUN stays in the const for parity (legacy panel deployments may have saved TUN inbounds) even though the Go validator no longer accepts it as a new write. - schemas/primitives/flow.ts now exports TLS_FLOW_CONTROL. The empty-string default isn't keyed because the legacy never had a NONE entry — call sites compare against the two real flow values. Updated five consumers: - useInbounds.ts: TRACKED_PROTOCOLS now annotated readonly string[] so .includes(string) keeps narrowing through the array literal - QrCodeModal.tsx, InboundInfoModal.tsx: Protocols - ClientFormModal.tsx, ClientBulkAddModal.tsx: TLS_FLOW_CONTROL Suite: 89 tests across 8 files; typecheck + lint clean. models/inbound.ts is now imported by: - InboundFormModal.tsx (heavy use of Inbound class + getSettings) - test/inbound-link.test.ts + test/shadow.test.ts + test/headers.test.ts (intentional — these are parity tests against the legacy class) OutboundFormModal still imports from models/outbound. Both form modals are the multi-day Pattern A rewrites the plan scopes separately. * refactor(frontend): lift OutboundProtocols + OutboundDomainStrategies to schemas/primitives Moves the two outbound-side consts out of models/outbound.ts and into schemas/primitives/outbound-protocol.ts. Renames the export to OutboundProtocols to disambiguate from the inbound Protocols const (different key casing — PascalCase vs ALL CAPS — and partly different member set, so they cannot share a single const). OutboundsTab.tsx keeps its 15+ Protocols.X call sites by aliasing the import. FinalMaskForm.tsx and BasicsTab.tsx swap directly. Drops a stale `as string[]` cast in BasicsTab that no longer fits the new readonly-tuple typing. After this commit only the two big form modals (InboundFormModal/OutboundFormModal) plus three intentional parity tests still import from @/models/. * refactor(frontend): lift outbound option dictionaries to schemas/primitives Adds schemas/primitives/options.ts with UTLS_FINGERPRINT, ALPN_OPTION, SNIFFING_OPTION, USERS_SECURITY, MODE_OPTION (all identical between models/inbound.ts and models/outbound.ts) plus the outbound-only WireguardDomainStrategy, Address_Port_Strategy, and DNSRuleActions. OutboundFormModal now pulls 9 consts from primitives. Only `Outbound` (the class) and `SSMethods` (whose inbound/outbound versions diverge by 2 legacy aliases — keep the picker open for the Pattern A rewrite) still come from @/models/outbound. Drops three stale `as string[]` casts on what are now readonly tuples. * refactor(frontend): swap InboundFormModal option dicts to schemas/primitives Extends primitives/options.ts with the five inbound-only option dicts (TLS_VERSION_OPTION, TLS_CIPHER_OPTION, USAGE_OPTION, DOMAIN_STRATEGY_OPTION, TCP_CONGESTION_OPTION) and lifts InboundFormModal off @/models/inbound for 10 of its 12 imports. Only the Inbound class and SSMethods (inbound vs outbound versions diverge by 2 entries) still come from @/models/. Widens NODE_ELIGIBLE_PROTOCOLS Set element type to string since the new primitives const exposes a narrow literal union that `.has(arbitraryString)` would otherwise reject. * feat(frontend): InboundFormValues schema for Pattern A rewrite Foundation for the InboundFormModal rewrite. Mirrors the wire Inbound shape (intersection of core fields + protocol settings DU + stream/security DUs) plus the DB-side fields (up/down/total/trafficReset/nodeId/...) that flow through DBInbound rather than the xray config slice. InboundStreamFormSchema is exported separately so individual sub-form sections can rule against just the stream portion when needed. FallbackRowSchema is co-located here even though fallbacks save via a distinct endpoint after the main POST — they belong to the same form state from the user's perspective. No modal changes in this commit. Foundation only; subsequent turns swap the modal's `inboundRef`/`dbFormRef` mutable-class state for Form.useForm<InboundFormValues>(). * feat(frontend): adapter between raw inbound rows and InboundFormValues Adds lib/xray/inbound-form-adapter.ts with rawInboundToFormValues and formValuesToWirePayload. The pair is the data boundary the upcoming Pattern A modal will use: it consumes the DB row shape (settings et al. as string OR object — coerced internally), hands the modal typed InboundFormValues, and on submit reverses the trip to a wire payload with the three JSON-stringified slices the Go endpoints expect. No dependency on the legacy Inbound/DBInbound classes — the coerce step is inlined so the adapter survives the eventual models/ deletion. Adds 10 Vitest cases covering string vs object inputs, the optional streamSettings/nodeId fields, trafficReset coercion, and a raw-to-payload -to-raw round-trip equality. * feat(frontend): protocol capability predicates as pure functions Adds lib/xray/protocol-capabilities.ts with the seven predicates the modals call: canEnableTls, canEnableReality, canEnableTlsFlow, canEnableStream, canEnableVisionSeed, isSS2022, isSSMultiUser. Each takes a minimal slice of an InboundFormValues, no class instance. The legacy isSSMultiUser returns true on non-shadowsocks protocols too (method getter resolves to "" which != blake3-chacha20-poly1305). The new function preserves this quirk and documents it inline; callers all narrow on protocol === shadowsocks before checking, so the surprising return value never surfaces. Parity harness in test/protocol-capabilities.test.ts crosses each of the 10 golden fixtures with 14 stream configurations (network × security) and asserts each predicate matches the legacy class method — 140 cases, all green. * feat(frontend): outbound settings factories + dispatcher Adds lib/xray/outbound-defaults.ts parallel to inbound-defaults.ts: 13 createDefault*OutboundSettings factories (one per outbound protocol) plus the createDefaultOutboundSettings(protocol) dispatcher mirroring Outbound.Settings.getSettings's contract — non-null on each known protocol, null otherwise. The factory output matches the legacy `new Outbound.<X>Settings()` start state: required-by-schema fields the user fills in via the form (address, port, password, id, peer publicKey/endpoint) come back as empty stubs. Wireguard alone seeds secretKey via the X25519 generator; the rest expose blank fields. This is the same behavior the OutboundFormModal relies on for protocol-change resets. Shadowsocks defaults to 2022-blake3-aes-128-gcm rather than the legacy undefined — the Select snaps to the first option anyway, so the coherent default keeps the modal from rendering an empty picker. Tests cover three layers: - exact-shape snapshots per factory (13 cases) - Zod schema acceptance after sensible stub fill-in (13 cases) - dispatcher non-null per known protocol + null for the unknown (14 cases) * feat(frontend): InboundFormModal.new.tsx skeleton (Pattern A) First commit of the sibling-file modal rewrite. The new modal mounts Form.useForm<InboundFormValues>, hydrates via rawInboundToFormValues on open (edit) or buildAddModeValues (add), runs validateFields + safeParse on submit, and posts the formValuesToWirePayload result. No tabs yet — the modal body shows a WIP placeholder. The file is not imported anywhere; the existing InboundFormModal.tsx remains the one InboundsPage renders. Build, lint, and 280 tests stay green. Subsequent commits add the basic / sniffing / protocol / stream / security / advanced / fallbacks sections; the atomic import swap in InboundsPage.tsx lands last. * feat(frontend): basic tab on InboundFormModal.new.tsx (Pattern A) First real section of the sibling-file rewrite. Wires AntD Form.Items to InboundFormValues paths for the basic tab — enable, remark, deployTo (when protocol is node-eligible), protocol, listen, port, totalGB, trafficReset, expireDate. The port input gets a per-field antdRule against InboundFormBaseSchema.shape.port — the spec's Pattern A reference. The intersection-typed InboundFormSchema has no .shape accessor, so per-field rules pull from the underlying ZodObject components. totalGB and expireDate are bytes/timestamp on the wire but a GB number / dayjs picker in the UI. Both use shouldUpdate-closure children that read form state and call setFieldValue on user input — no transient form-only fields, no DU-shape surprises at submit time. Protocol-change cascade lives in Form's onValuesChange: pick a new protocol and the settings DU branch is reset to createDefaultInboundSettings(next); a non-node-eligible protocol also clears nodeId. Modal still renders a single-tab Tabs container. Sniffing tab is next. * feat(frontend): sniffing tab on InboundFormModal.new.tsx (Pattern A) Second section of the sibling-file rewrite. Wires the six sniffing sub-fields to nested form paths ['sniffing', 'enabled'], ['sniffing', 'destOverride'], etc. Uses Form.useWatch on the enabled flag to drive conditional rendering of the dependent fields — the same gate the legacy modal expressed via `ib.sniffing.enabled &&`. Checkbox.Group renders one Checkbox per SNIFFING_OPTION entry. The two exclusion lists use Select mode="tags" so the user can paste comma- separated IP/CIDR or domain rules. No transient form state, no class methods — every field maps directly to a wire-shape path in InboundFormValues. Protocol tab is next. * feat(frontend): protocol tab VLESS auth on InboundFormModal.new.tsx Adds the protocol tab to the sibling-file rewrite — currently only the VLESS section, which lays out decryption/encryption inputs and the three buttons that drive them: Get New x25519, Get New mlkem768, Clear. getNewVlessEnc + clearVlessEnc are ported from the legacy modal as pure setFieldValue paths into ['settings', 'decryption'] / ['settings', 'encryption'] — no class methods, no inboundRef. The matchesVlessAuth helper mirrors the legacy fuzzy label-matching so the backend response shape stays the only source of truth. selectedVlessAuth derives the displayed auth label from the encryption string via Form.useWatch — same heuristic as the legacy modal (.length > 300 → mlkem768, otherwise x25519). Tab spread is conditional: the protocol tab only appears when protocol === 'vless' right now. As more protocol sections land (shadowsocks, http/mixed, tunnel, tun, wireguard) the condition will widen to cover each one. * feat(frontend): protocol tab Shadowsocks section (Pattern A) Adds the Shadowsocks sub-form: method picker (from SSMethodSchema's seven schema-aligned options), conditional password input gated on isSS2022, network picker (tcp/udp/tcp,udp), ivCheck toggle. Method change cascades through the Select's onChange — regenerating the inbound-level password via RandomUtil.randomShadowsocksPassword. The shadowsockses[] multi-user list reset is deferred until the clients-management section lands. Uses isSS2022 from lib/xray/protocol-capabilities to gate the password field exactly the way the legacy modal did — keeps the form behavior identical without referencing the legacy class. SSMethodSchema.options drives the Select rather than the legacy SSMethods const (which the inbound modal pulled from models/inbound.ts). This commits to the schema-aligned 7-entry list for inbound; the outbound divergence (9 entries with legacy aliases) is still pending in OutboundFormModal — defer the UX decision to that rewrite. * feat(frontend): protocol tab HTTP and Mixed sections (Pattern A) Adds the HTTP and Mixed sub-forms. Both share an accounts list — first Form.List usage in the rewrite. Each row binds via [field.name, 'user'] / [field.name, 'pass'] under the parent ['settings', 'accounts'] path, so the wire shape stays exactly what HttpInboundSettingsSchema and MixedInboundSettingsSchema validate. HTTP-only: allowTransparent Switch. Mixed-only: auth Select (noauth/password), udp Switch, conditional ip Input gated on the udp value via Form.useWatch. Tab visibility widens to include http + mixed alongside vless + shadowsocks. The string cast on the includes-check keeps the frozen Protocols const's narrow union from rejecting the broader protocol string at the call site. * feat(frontend): protocol tab Tunnel section (Pattern A) Adds the Tunnel sub-form: rewriteAddress + rewritePort, allowedNetwork picker (tcp/udp/tcp,udp), Form.List-driven portMap with name/value pairs, and the followRedirect Switch. portMap is the second Form.List in the rewrite — same shape as the HTTP/Mixed accounts list but with name/value rather than user/pass. The wire shape stays `settings.portMap: { name, value }[]` exactly. Tab visibility widens to Tunnel. * feat(frontend): protocol tab TUN section (Pattern A) Adds the TUN sub-form: interface name, MTU, four primitive-array Form.Lists (gateway, dns, autoSystemRoutingTable), userLevel, autoOutboundsInterface. Primitive Form.Lists bind each row's Input directly to `field.name` (no inner key) — distinct from the object-row Form.Lists that bind to `[field.name, 'fieldKey']`. The Form.useWatch('protocol') return type comes from the schema's protocol enum which excludes 'tun' (TUN is in the legacy Protocols const for data parity but never accepted by the wire validator). Cast to string at the source so per-section comparisons against Protocols.TUN typecheck. Why: legacy DB rows with protocol === 'tun' still need to render; widening here keeps reads from rejecting them. Tab visibility widens to TUN. * feat(frontend): protocol tab Wireguard section (Pattern A) Adds the Wireguard sub-form: server secretKey input with regen icon, derived disabled public-key display, mtu, noKernelTun toggle, and a Form.List of peers — each peer having its own privateKey (regen icon), publicKey, preSharedKey, allowedIPs (nested Form.List for the string array), keepAlive. pubKey is purely derived (computed via Wireguard.generateKeypair from the watched secretKey) and is NOT stored in the form value — the schema omits it from the wire shape on purpose. The disabled display shows the live derivation without polluting form state. regenInboundWg generates a fresh keypair and writes only the secretKey path; pubKey re-derives automatically. regenWgPeerKeypair writes both privateKey and publicKey at the peer's path index. The preSharedKey wire-shape name is used instead of the legacy class's internal psk — matches WireguardInboundPeerSchema. Tab visibility widens to Wireguard. * feat(frontend): stream tab skeleton with TCP + KCP (Pattern A) Opens the stream tab on the sibling-file rewrite. Tab visibility is driven by canEnableStream from lib/xray/protocol-capabilities — same gate the legacy modal used, now schema-aware. Transmission picker (network select) is hidden for HYSTERIA since that protocol's network is implicit. onNetworkChange clears any stale per-network settings keys (tcpSettings/kcpSettings/...) and seeds an empty object for the new branch so AntD Form.Items don't read from undefined nested paths. TCP section: acceptProxyProtocol Switch (literal-true-optional on the wire — the form stores true/false but Zod's strip behavior keeps false-as-omission round-trips clean) plus an HTTP-camouflage toggle that flips header.type between 'none' and 'http'. The full HTTP camouflage request/response sub-form lands in a follow-up commit. KCP section: six numeric knobs (mtu, tti, upCap, downCap, cwndMultiplier, maxSendingWindow). WS / gRPC / HTTPUpgrade / XHTTP / external-proxy / sockopt / hysteria stream / FinalMaskForm hookup all still pending. * feat(frontend): stream tab WS + gRPC + HTTPUpgrade sections (Pattern A) Adds the three medium-complexity network branches to the stream tab. Plain Form.Item paths into the corresponding *Settings keys — no Form.List wrappers since these schemas don't have arrays at the top level. WS: acceptProxyProtocol, host, path, heartbeatPeriod gRPC: serviceName, authority, multiMode HTTPUpgrade: acceptProxyProtocol, host, path Header editing is deferred to a later commit — WsHeaderMap is a Record<string,string> on the wire, V2HeaderMap a Record<string,string[]>, and the form needs an array-of-{name,value} UI that converts on edit. Worth building once and reusing across WS, HTTPUpgrade, XHTTP, TCP request/response, and Hysteria masquerade headers. XHTTP + external-proxy + sockopt + hysteria stream + finalmask hookup still pending. * feat(frontend): stream tab XHTTP section (Pattern A) XHTTP is the heaviest network branch — 19 fields rendered conditionally on mode, xPaddingObfsMode, and the three *Placement selectors. Each gates its dependent field set via Form.useWatch. Field structure mirrors the legacy XHTTPStreamSettings form 1:1: - mode picker (auto / packet-up / stream-up / stream-one) - packet-up adds scMaxBufferedPosts + scMaxEachPostBytes; stream-up adds scStreamUpServerSecs - serverMaxHeaderBytes, xPaddingBytes, uplinkHTTPMethod (with the packet-up gate on the GET option) - xPaddingObfsMode unlocks xPadding{Key,Header,Placement,Method} - sessionPlacement / seqPlacement each unlock their respective Key field when set to anything other than 'path' - packet-up mode additionally unlocks uplinkDataPlacement, and that in turn unlocks uplinkDataKey when the placement is not 'body' - noSSEHeader Switch at the tail XHTTP headers editor still pending (same WsHeaderMap as WS — will be unified in the header-editor extraction commit). * feat(frontend): stream tab external-proxy + sockopt sections (Pattern A) External Proxy: Switch driven by externalProxy array length. Toggling on seeds one row with the window hostname + the inbound's current port; toggling off clears the array. Each row is a Form.List item with forceTls/dest/port/remark inline, and a nested SNI/Fingerprint/ALPN row that conditionally renders on forceTls === 'tls' via a shouldUpdate-closure that watches the per-row forceTls path. Sockopt: Switch driven by whether the sockopt object exists in form state. Toggling on calls SockoptStreamSettingsSchema.parse({}) so every default the schema declares (mark=0, tproxy='off', domainStrategy='UseIP', tcpcongestion='bbr', etc.) flows into the form; toggling off sets to undefined. Renders the seventeen sockopt fields directly bound to ['streamSettings', 'sockopt', X] paths. Option lists pull from the primitives const dictionaries (UTLS_FINGERPRINT, ALPN_OPTION, DOMAIN_STRATEGY_OPTION, TCP_CONGESTION_OPTION) rather than the schema's .options to keep one source of truth for UI label strings. * feat(frontend): security tab base + TLS section (Pattern A) Adds the security tab to the sibling-file rewrite. Visibility is paired with the stream tab — both gated on canEnableStream. The security selector is itself disabled when canEnableTls is false, and the reality option only appears when canEnableReality is true, mirroring the legacy modal's Radio.Group guards. onSecurityChange clears the previous branch's *Settings key and seeds the new branch from the schema's parsed defaults (the same trick the sockopt toggle uses). The security selector itself is rendered via a shouldUpdate closure so the on-change handler can write the cleaned streamSettings shape atomically without racing AntD's per-field sync. TLS section: serverName (the wire field — the legacy class calls it sni internally), cipherSuites (with the 13 named suites from TLS_CIPHER_OPTION), min/max version pair, uTLS fingerprint, ALPN multi-select, plus the three policy Switches. TLS certificates list, ECH controls, the full Reality sub-form, and the four API-call buttons (genRealityKeypair / genMldsa65 / getNewEchCert / randomizers) land in a follow-up commit. * feat(frontend): security tab Reality + ECH + mldsa65 controls (Pattern A) Adds the Reality sub-form and the four API-call buttons that drive the server-generated material: - genRealityKeypair calls /panel/api/server/getNewX25519Cert and writes the result into ['streamSettings', 'realitySettings', 'privateKey'] and the nested settings.publicKey path. - genMldsa65 calls /panel/api/server/getNewmldsa65 for the post-quantum seed/verify pair. - getNewEchCert calls /panel/api/server/getNewEchCert with the current serverName and writes echServerKeys + settings.echConfigList. - randomizeRealityTarget seeds target + serverNames from the random reality-targets pool. - randomizeShortIds calls RandomUtil.randomShortIds (comma-joined string) and splits into the schema's string[] form. Reality fields are bound directly to schema paths — show/xver/target, maxTimediff, min/max ClientVer, the settings.{publicKey, fingerprint, spiderX, mldsa65Verify} nested subtree, plus the array fields (serverNames, shortIds) rendered as Select mode="tags" since both ship as string[] on the wire. TLS certificates list (Form.List with the useFile DU) still pending — that's a chunky sub-form on its own. * feat(frontend): security tab TLS certificates list (Pattern A) Closes out the security tab: a Form.List of certificates that toggles between TlsCertFileSchema (certificateFile + keyFile string paths) and TlsCertInlineSchema (certificate + key as string arrays per the wire shape) via a per-row useFile boolean. useFile is a transient form-only field — not part of TlsCertSchema. Zod's default-strip behavior drops it during InboundFormSchema parse on submit, leaving only the matching wire branch's keys populated. Whichever side the user wasn't on stays empty, so Zod's union picks the populated branch. For inline certs the TextAreas use normalize + getValueProps to convert between the wire-side string[] and the multi-line text the user types. Each line becomes one array element, matching the legacy class's `cert.split('\n')` toJson convention. Per-row buildChain is conditionally rendered when usage === 'issue' — a shouldUpdate-closure watches the specific path so the toggle re-renders inline without listening to unrelated form changes. Security tab is now functionally complete. Advanced JSON tab, Fallbacks card, and the atomic swap in InboundsPage are next. * feat(frontend): advanced JSON tab on InboundFormModal.new.tsx (Pattern A) Adds the advanced JSON tab. Each sub-tab (settings / streamSettings / sniffing) renders an AdvancedSliceEditor — a small CodeMirror-backed JsonEditor that holds a local text buffer and forwards parsed JSON to form state on every valid edit. Invalid JSON sits silently in the local buffer; once the user finishes balancing braces / quoting, the next valid parse pushes through to the form. No stamping ref, no apply-on-tab-switch ceremony — the form is the single source of truth. The buffer seeds once from form state on mount. The Modal's destroyOnHidden means each open is a fresh editor instance, so external form mutations during a single open session can't desync the editor either. The streamSettings sub-tab is omitted when streamEnabled is false (matching the legacy modal's behavior for protocols like Http / Mixed that have no stream layer). * feat(frontend): fallbacks card on InboundFormModal.new.tsx (Pattern A) Adds the fallbacks card rendered inside the protocol tab whenever the current values describe a fallback host — VLESS or Trojan on tcp with tls or reality security. The protocol tab visibility widens to include Trojan in that exact case (it has no other protocol sub-form). Fallbacks live in a useState alongside the form rather than inside form values, mirroring the legacy modal: fallbacks save via a distinct endpoint (/panel/api/inbounds/{id}/fallbacks) after the main inbound POST, not as part of the inbound payload. loadFallbacks runs on open for edit-mode VLESS/Trojan; saveFallbacks runs after a successful POST inside the submit handler. Each row: child picker (filtered down to other inbounds), then four inline edits for SNI / ALPN / path / xver. Add adds an empty row; delete pulls the row from state. Quick-Add-All, the rederive-from-child helper, and the per-row up/down movers are deferred — the basic add/edit/remove cycle is what the modal actually needs to function. * feat(frontend): atomic swap InboundFormModal to Pattern A Deletes the 2261-line class-mutation modal and renames the 1900-line sibling rewrite into its place. InboundsPage.tsx already imports the file by path so no consumer change is needed — the swap is one file delete plus one file rename. Build, lint, and 280 tests stay green. What the new modal covers end-to-end: - Basic (enable / remark / nodeId / protocol / listen / port / totalGB / trafficReset / expireDate) - Sniffing (enabled / destOverride / metadataOnly / routeOnly / ipsExcluded / domainsExcluded) - Protocol per DU branch: VLESS (decryption/encryption + buttons), Shadowsocks (method/password/network/ivCheck), HTTP + Mixed (accounts list + per-protocol toggles), Tunnel (rewrite + portMap + followRedirect), TUN (interface/mtu + four primitive lists + userLevel/autoInterface), Wireguard (secretKey + derived pubKey + peers list with nested allowedIPs) - Stream per network: TCP base, KCP, WS, gRPC, HTTPUpgrade, XHTTP (the 22-field one), plus external-proxy and sockopt extras - Security: TLS (SNI/cipher/version/uTLS/ALPN/policy switches + certificates list with file/inline toggle + ECH controls), Reality (every field + the four API-call buttons), none - Advanced JSON (settings / streamSettings / sniffing live editors that round-trip into form state on every valid parse) - Fallbacks (load on open for VLESS/Trojan TLS-or-Reality TCP hosts; save through the secondary endpoint after the main POST succeeds) Known regressions vs the legacy modal, all reachable via Advanced JSON until backfilled in follow-up commits: - Hysteria stream sub-form (masquerade / udpIdleTimeout / version) — schema gap; the existing inbound DU has no hysteria stream branch - FinalMaskForm hookup — the component is still class-shape coupled - HeaderMapEditor — TCP request/response headers, WS / HTTPUpgrade / XHTTP headers, Hysteria masquerade headers all need a shared editor - TCP HTTP camouflage request/response body (version, method, path list, headers, status, reason) — only the on/off toggle is wired - Fallbacks polish — up/down move, quick-add-all, rederive-from-child, the per-row advanced-toggle / proxy-tag chips No reference to @/models/inbound's Inbound class anywhere in the new modal — only @/models/dbinbound (out of scope) and @/models/reality-targets (out of scope). The protocol-capabilities predicates and the rawInboundToFormValues + formValuesToWirePayload adapters carry every behavior the class used to provide. * fix(frontend): finish InboundFormModal rename after atomic swap The atomic-swap commit landed the new file but the exported function was still named InboundFormModalNew. Rename to match the file. * feat(frontend): outbound form schema + wire adapter foundation Lay the groundwork for OutboundFormModal's Pattern A rewrite: - schemas/forms/outbound-form.ts: discriminated-union form values across all 12 outbound protocols, with flat per-protocol settings shapes that match the legacy class fields (vmess vnext / trojan-ss-socks-http servers / wireguard csv address-reserved all flattened). - lib/xray/outbound-form-adapter.ts: rawOutboundToFormValues converts wire-shape outbound JSON to typed form values; formValuesToWirePayload re-nests on submit. Replaces the Outbound.fromJson/toJson dependency the modal currently has on the legacy class hierarchy. - test/outbound-form-adapter.test.ts: 15 round-trip cases covering each protocol's wire quirks (vmess vnext flatten, vless reverse-wrap, wireguard csv↔array, blackhole response wrap, DNS rule normalization, mux gating). * feat(frontend): OutboundFormModal.new.tsx skeleton (Pattern A) Sibling .new.tsx file with the Modal shell, Tabs (Basic/JSON), Form.useForm hydration via rawOutboundToFormValues, and the submit pipeline that calls formValuesToWirePayload before onConfirm. Tag uniqueness check is wired in. Protocol-specific sub-forms, stream, security, sockopt, and mux sections are deferred to subsequent commits — accessible via the JSON tab in the meantime. The InboundsPage continues to render the legacy modal until the atomic swap at the end. Also: rawOutboundToFormValues now returns streamSettings as undefined when the wire payload omits it, so Form.useForm doesn't receive a value that does not match the NetworkSettings discriminated union. * feat(frontend): OutboundFormModal.new.tsx vmess/vless/trojan/ss sections - Shared connect-target sub-block (address + port) for the six protocols whose form schema carries them flat at settings root. - VMess: id + security Select (USERS_SECURITY). - VLESS: id + encryption + flow + reverseTag (reverse-sniffing slice and Vision testpre/testseed come in a later commit). - Trojan: password. - Shadowsocks: password + method Select (SSMethodSchema) + UoT switch + UoT version. onValuesChange cascade: when the user picks a different protocol, the adapter re-seeds the settings sub-object to the new protocol's defaults so leftover fields from the previous protocol do not bleed through. * feat(frontend): OutboundFormModal.new.tsx socks/http/hysteria/loopback/blackhole/wireguard sections - SOCKS / HTTP: user + pass at settings root. - Hysteria: read-only version=2 (the actual transport knobs live on stream.hysteria, added with the stream tab). - Loopback: inboundTag. - Blackhole: response type Select with empty/none/http options. - Wireguard: address (csv) + secretKey (with regenerate icon) + derived pubKey + domain strategy + MTU + workers + no-kernel-tun + reserved (csv) + peers Form.List with nested allowedIPs sub-list. Wireguard regenerate icon uses Wireguard.generateKeypair() and writes both keys to the form via setFieldValue — preserves the legacy UX of the SyncOutlined inline-icon next to the privateKey label. * feat(frontend): OutboundFormModal.new.tsx DNS + Freedom + VLESS reverse-sniffing - DNS: rewriteNetwork (udp/tcp Select) + rewriteAddress + rewritePort + userLevel + rules Form.List (action/qtype/domain). - Freedom: domainStrategy + redirect + Fragment Switch with conditional 4-field sub-block (legacy 'enable Fragment' UX preserved — Switch sets all four fields to populated defaults, off-state empties them all out so the adapter strips them on submit) + Noises Form.List (rand/base64/ str/hex types, packet/delay/applyTo per row) + Final Rules Form.List with conditional block-delay sub-field. - VLESS reverse-sniffing slice: rendered only when reverseTag is set (matches the legacy modal's nested conditional). All six fields wired to the form state with appropriate widgets (Switch / Select multi / Select tags). * feat(frontend): OutboundFormModal.new.tsx stream tab (TCP/KCP/WS/gRPC/HTTPUpgrade) Wire the stream sub-form into the Pattern A modal: - newStreamSlice(network) helper bootstraps the per-network DU branch with Xray defaults (mtu=1350, tti=20, uplinkCapacity=5, etc.). - streamSettings is seeded once when the protocol supports streams but the form has no slice yet (new outbound + protocol switch). - onNetworkChange swaps the sub-key and preserves security when the new network still supports it, else snaps back to 'none'. - Per-network sub-forms wired: TCP: HTTP camouflage Switch (sets header.type = 'http' / 'none') KCP: 6 numeric tuning fields WS: host + path + heartbeat gRPC: service name + authority + multi-mode switch HTTPUpgrade: host + path XHTTP: host + path + mode + padding bytes (advanced fields via JSON) Security radio, TLS/Reality sub-forms, sockopt, and mux still pending. * feat(frontend): OutboundFormModal.new.tsx security tab (TLS + Reality + Flow) - onSecurityChange cascade: swaps tlsSettings/realitySettings sub-key matching the DU branch, seeding the new sub-form with empty/default fields so the UI does not reference undefined values. - Flow Select rendered when canEnableTlsFlow is true (VLESS + TCP + TLS/Reality). Moved from the basic VLESS section so it only appears in the relevant security context — matches the legacy modal UX. - Security Radio (none / TLS / Reality) gated by canEnableTls and canEnableReality pure-function predicates from lib/xray/protocol-capabilities. - TLS sub-form: 6 outbound-specific fields (SNI/uTLS/ALPN/ECH/ verifyPeerCertByName/pinnedPeerCertSha256) matching the legacy TlsStreamSettings flat shape (no certificates list — outbound is client-side). - Reality sub-form: 6 fields (SNI/uTLS/shortId/spiderX/publicKey/ mldsa65Verify). publicKey + mldsa65Verify get TextAreas to handle the long base64 strings. * feat(frontend): OutboundFormModal.new.tsx sockopt + mux sections - Sockopts: Switch toggles streamSettings.sockopt between undefined and a populated default object (17 fields with sane bbr/UseIP defaults). Only the 8 most-used fields are rendered (dialer proxy, domain strategy, keep alive interval, TFO, MPTCP, penetrate, mark, interface). The remaining sockopt knobs (acceptProxyProtocol, tcpUserTimeout, tcpcongestion, tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, V6Only, trustedXForwardedFor, tproxy) are still in the wire payload — edit them via the JSON tab. - Mux: gated by isMuxAllowed(protocol, flow, network) — VMess/VLESS/ Trojan/SS/HTTP/SOCKS, no flow set, no xhttp transport. Sub-fields (concurrency / xudpConcurrency / xudpProxyUDP443) only render when enabled is true. - Sockopt section visible only when streamAllowed AND network is set — non-stream protocols (freedom/blackhole/dns/loopback) still edit sockopt via the JSON tab. * feat(frontend): atomic swap OutboundFormModal to Pattern A Delete the legacy 1473-line class-based OutboundFormModal.tsx and replace it with the new Pattern A modal (Form.useForm + antdRule + per-protocol discriminated-union form values + wire adapter). Net diff: legacy file gone, function renamed from OutboundFormModalNew to OutboundFormModal so the existing OutboundsTab import resolves unchanged. What is migrated: - All 12 protocols (vmess/vless/trojan/ss/socks/http/wireguard/ hysteria/freedom/blackhole/dns/loopback) - Stream tab with TCP/KCP/WS/gRPC/HTTPUpgrade + partial XHTTP - Security tab with TLS + Reality + Flow gating - Sockopt + Mux sections (gated by isMuxAllowed) - JSON tab with bidirectional bridge to form state - Tag uniqueness check - VLESS reverse-sniffing slice - Freedom fragment/noises/finalRules - DNS rewrite + rules list - Wireguard peers + nested allowedIPs sub-list - Wireguard secret/public key regeneration Deferred to follow-up commits (still accessible via the JSON tab): - XHTTP advanced fields (xmux, sequence/session placement, padding obfs) - Hysteria stream transport sub-form - TCP HTTP camouflage host/path body - WS/HTTPUpgrade/XHTTP headers map editor - Remaining sockopt knobs (tcpUserTimeout, tcpcongestion, tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, V6Only, trustedXForwardedFor, tproxy, acceptProxyProtocol) - VLESS Vision testpre/testseed - Reality API helpers (random target, x25519/mldsa65 generate-import) - Link import (vmess:// vless:// etc → outbound) - FinalMaskForm hookup (deferred from inbound rewrite too) * test(frontend): convert legacy-class parity tests to snapshot baselines With the inbound/outbound modal rewrites complete, the cross-check against the legacy Inbound class has served its purpose. The new pure-function / Zod-schema paths are the source of truth for production code; the parity assertions were the migration safety net. Convert the three parity test files to snapshot-based regression tests: - headers.test.ts: toHeaders + toV2Headers run against snapshots captured at the close of the migration (when both new and legacy were verified byte-equal). - protocol-capabilities.test.ts: 140 cases (10 fixtures × 14 stream shapes) snapshot the predicate-result tuple. Was: parity vs legacy Inbound.canEnableX() class methods. - inbound-link.test.ts: per-protocol genXxxLink + genInboundLinks orchestrator output is snapshotted. Was: byte-equality vs legacy Inbound.genXxxLink() methods. Also delete shadow.test.ts — its purpose was a dual-parse drift detector (Inbound.Settings.fromJson vs InboundSettingsSchema.parse). inbound-full.test.ts already snapshots the Zod parse output, which covers the same ground without the legacy dependency. models/inbound.ts and models/outbound.ts stay in the tree for now — DBInbound still consumes Inbound via its toInbound() method, and DBInbound migration is out of scope per the migration spec ('Do NOT migrate Status, DBInbound, or AllSetting...'). No production page imports from @/models/inbound or @/models/outbound directly anymore. * chore(frontend): enforce no-explicit-any: error + add typecheck/test to CI Step 7 of the Zod migration: lock the migration's gains in place via lint + CI enforcement. - eslint.config.js: `@typescript-eslint/no-explicit-any` set to error. Verified locally — zero violations in src/, with the only file-level disables being src/models/inbound.ts and src/models/outbound.ts (kept for DBInbound's toInbound() consumer; their migration is out of spec scope). - .github/workflows/ci.yml: add Typecheck and Test steps to the frontend job, between Lint and Build. PRs now have to pass tsc --noEmit and the full vitest suite (285 tests + 172 snapshots) before build runs. Migration scoreboard (vs the spec): Step 1 primitives + barrels done Step 2 protocol leaf + DUs done Step 3 pure-fn extraction done Step 4 form modals -> Pattern A done (Inbound + Outbound) Step 5 delete models/ files DEFERRED (DBInbound still uses Inbound; spec marks DBInbound migration out of scope) Step 6 tighten .loose() / unknown DEFERRED (invasive, separate PR) Step 7 lint + CI enforcement done (this commit) Production code paths now have no direct dependency on the legacy Inbound or Outbound classes. * feat(frontend): OutboundFormModal deferred features (Vision seed / TCP host+path / WG pubKey derive) Three small wins from the post-atomic-swap deferred list: - VLESS Vision testpre + testseed: shown only when flow === 'xtls-rprx-vision' (mirrors the legacy canEnableVisionSeed gate). testseed binds to a Select mode='tags' with a normalize() that coerces strings to positive integers and drops invalid entries. - TCP HTTP camouflage host + path: when the TCP HTTP camouflage Switch is on, surface two inputs that read/write directly into streamSettings.tcpSettings.header.request.headers.Host and .path. Both fields are string[] on the wire; normalize + getValueProps translate to/from comma-joined strings in the UI (one entry per host or path the user wants camouflaged). - Wireguard pubKey auto-derive: Form.useWatch on settings.secretKey + useEffect that runs Wireguard.generateKeypair(secret).publicKey on every change and writes the result into the disabled pubKey display field. Matches the legacy modal's per-keystroke derive. * feat(frontend): symmetric TCP HTTP host/path + extra sockopt knobs OutboundFormModal: - Sockopt section gains 5 common-but-rarely-tweaked knobs: acceptProxyProtocol, tproxy (off/redirect/tproxy), tcpcongestion (bbr/cubic/reno), V6Only, tcpUserTimeout. The remaining sockopt fields (tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, trustedXForwardedFor) are still edit-via-JSON; they are deeply tunable and not commonly touched. InboundFormModal: - TCP HTTP camouflage gains host + path inputs symmetric to the outbound side. Switch ON seeds request with sensible defaults (version 1.1, method GET, path ['/'], empty headers). The two inputs use the same normalize/getValueProps comma-string ↔ string[] dance the outbound side uses, so the wire shape stays identical to what xray-core expects. * feat(frontend): HeaderMapEditor reusable component + wire WS/HTTPUpgrade headers Add a single reusable header-map editor that handles the two wire shapes Xray uses: - v1: { name: 'value' } — used by WS / HTTPUpgrade / Hysteria masquerade. One value per name. - v2: { name: ['value1', 'value2'] } — used by TCP HTTP camouflage. Each header can repeat (RFC 7230 §3.2.2). Internal state is always a flat list of {name, value} rows regardless of mode; conversion to/from the wire shape happens at the value / onChange boundary so consumers bind straight to a Form.Item with no extra transforms. Wired into: - InboundFormModal: WS Headers, HTTPUpgrade Headers - OutboundFormModal: WS Headers, HTTPUpgrade Headers XHTTP headers are already in a list-of-rows wire shape (different from these two), so they keep their bespoke editor. Hysteria masquerade is still deferred until the Hysteria stream sub-form lands. * feat(frontend): Hysteria stream sub-form (schema branch + outbound UI) Add the 7th branch to NetworkSettingsSchema for Hysteria transport. schemas/protocols/stream/hysteria.ts: - HysteriaStreamSettingsSchema covers the full wire shape: version=2, auth, congestion (''|'brutal'), up/down bandwidth strings, optional udphop sub-object for port-hopping, receive-window tuning fields, maxIdleTimeout, keepAlivePeriod, disablePathMTUDiscovery. schemas/protocols/stream/index.ts: - NetworkSchema gains 'hysteria'. - NetworkSettingsSchema gains the 7th branch { network: 'hysteria', hysteriaSettings: HysteriaStreamSettingsSchema }. OutboundFormModal.tsx: - NETWORK_OPTIONS keeps the 6 standard transports for non-hysteria protocols; when protocol === 'hysteria', a 7th option is appended (matches the legacy [...NETWORKS, 'hysteria'] gate). - newStreamSlice handles the 'hysteria' case with sensible defaults matching the legacy HysteriaStreamSettings constructor. - New sub-form when network === 'hysteria': 8 common fields (auth, congestion, up, down, udphop Switch + 3 nested fields when on, maxIdleTimeout, keepAlivePeriod, disablePathMTUDiscovery). - Receive-window tuning fields are still edit-via-JSON (rarely touched + would clutter the form). * feat(frontend): fallbacks polish — move up/down + Add all button Two small UX wins on the InboundFormModal Fallbacks card: - Per-row Move up / Move down buttons (ArrowUp/Down icons) that swap adjacent indices. Order survives reloads via sortOrder (rebuilt from index on save). First row's Up button + last row's Down button are disabled. - 'Add all' button next to 'Add fallback' that one-shot inserts a fresh row for every eligible inbound (every option in fallbackChildOptions) not already wired up. Disabled when every eligible inbound is already covered. Convenient for operators running catch-all routing across every host on the panel. * feat(frontend): XHTTP advanced fields on outbound modal Replace the 'edit via JSON' deferred-features hint with the full XHTTP sub-form matching the legacy modal's XhttpFields helper. schemas/protocols/stream/xhttp.ts: - New XHttpXmuxSchema: 6 connection-multiplexing knobs (maxConcurrency, maxConnections, cMaxReuseTimes, hMaxRequestTimes, hMaxReusableSecs, hKeepAlivePeriod). - XHttpStreamSettingsSchema gains 5 outbound-only fields and one UI-only toggle: scMinPostsIntervalMs, uplinkChunkSize, noGRPCHeader, xmux, enableXmux. outbound-form-adapter.ts: - New stripUiOnlyStreamFields() drops xhttpSettings.enableXmux on the way to wire so the panel never embeds the UI toggle into the saved config. xray-core ignores unknown fields anyway, but the panel reads back its own emitted JSON, so a clean wire shape matters. OutboundFormModal.tsx: - Headers editor (HeaderMapEditor v1) for xhttpSettings.headers. - Padding obfs Switch + 4 conditional fields (key/header/placement/ method) when on. - Uplink HTTP method Select with GET disabled outside packet-up. - Session placement + session key (key shown when placement != path). - Sequence placement + sequence key (same pattern). - packet-up mode: scMinPostsIntervalMs, scMaxEachPostBytes, uplink data placement + key + chunk size (key/chunk-size shown when placement != body). - stream-up / stream-one mode: noGRPCHeader Switch. - XMUX Switch + 6 nested fields when on. * feat(frontend): inbound TCP HTTP camouflage response fields + request headers Complete the TCP HTTP camouflage UI on the inbound side. Already there from the previous symmetric host/path commit: - Request host (string[] via comma-string) - Request path (string[] via comma-string) This commit adds: - Request headers (V2 map: name -> string[]) via HeaderMapEditor. - Response version (defaults to '1.1' when camouflage toggles on). - Response status (defaults to '200'). - Response reason (defaults to 'OK'). - Response headers (V2 map) via HeaderMapEditor. The HTTP camouflage Switch seeds both request and response sub-objects on toggle-on so xray-core sees a valid TcpHeader.http shape from the first save. Without the response seed, partial fills would emit a schema-incomplete response block that xray-core might reject. * feat(frontend): link import on outbound modal (vmess/vless/trojan/ss/hy2) The legacy outbound modal could import a vmess://, vless://, trojan://, ss://, or hysteria2:// share link via a Convert button on the JSON tab. Restore that UX with a focused pure-function parser. lib/xray/outbound-link-parser.ts: - parseVmessLink: base64 JSON, maps net/tls + per-network params onto the discriminated stream branch. - parseVlessLink: standard URL with type/security/sni/pbk/sid/fp/flow query params, dispatches transport via buildStream + applies security params via applySecurityParams. - parseTrojanLink: same URL pattern, defaults security to tls. - parseShadowsocksLink: both modern (base64 userinfo@host:port) and legacy (base64 of whole thing) ss:// formats. - parseHysteria2Link: accepts both hysteria2:// and hy2:// schemes, uses the hysteria stream branch with version=2 + TLS h3. - parseOutboundLink dispatcher returns the first non-null parser result, or null when no scheme matches. test/outbound-link-parser.test.ts: - 13 cases covering happy paths for each protocol family plus malformed input, ss:// dual-format handling, hy2:// alias. OutboundFormModal.tsx: - Import button on the JSON tab Input.Search; on success, parsed payload flows through rawOutboundToFormValues, the form is reset, and we switch back to the Basic tab. - Tag is preserved when the parsed link does not carry one. Out of scope: advanced fields the legacy parser handled (xmux, padding obfs, reality short IDs, finalmask from fm= param). Power users can finish the import in the form after the basics land. * feat(frontend): inbound Hysteria stream sub-form (auth + udpIdleTimeout + masquerade) Restore the inbound side of Hysteria stream configuration that was previously hidden — the legacy modal exposed these knobs but the Pattern A rewrite gated them out. schemas/protocols/stream/hysteria.ts: - HysteriaMasqueradeSchema covers the inbound-only masquerade wire shape: type ('proxy'|'file'|'string'), dir, url, rewriteHost, insecure, content, headers, statusCode. The three masquerade types cover the spectrum: reverse-proxy upstream, serve static files, or return a fixed string body. - HysteriaStreamSettingsSchema gains 3 inbound-side optional fields: protocol, udpIdleTimeout, masquerade. Outbound side is untouched (the legacy class accepted both wire shapes via the same struct). InboundFormModal.tsx: - New hysteria stream sub-form section in streamTab, gated by protocol === HYSTERIA. Fields: version (disabled, locked to 2), auth, udpIdleTimeout, masquerade Switch + nested type-Select with three conditional sub-blocks (proxy URL+rewriteHost+insecure, file dir, string statusCode+body+headers). - onValuesChange cascade: switching TO hysteria seeds streamSettings with the hysteria branch (forcing network='hysteria' + TLS); switching AWAY from hysteria snaps back to TCP so the standard network selector has a valid starting point. masquerade headers use the HeaderMapEditor v1 component. * feat(frontend): complete outbound sockopt section with remaining knobs Add the four remaining SockoptStreamSettings fields that were edit-via-JSON-only after the initial outbound modal rewrite: - TCP keep-alive idle (s) — tcpKeepAliveIdle, time before sending the first probe on an idle TCP connection. - TCP max segment — tcpMaxSeg, override the default MSS. - TCP window clamp — tcpWindowClamp, cap the TCP receive window. - Trusted X-Forwarded-For — trustedXForwardedFor, list of trusted proxy hostnames/CIDRs whose XFF headers Xray will honor. The outbound sockopt section now exposes all 17 SockoptStreamSettings fields from the schema. The InboundFormModal's sockopt section has its own field list (closer to the legacy class) and is unchanged. * feat(frontend): outbound TCP HTTP camouflage parity with inbound Add method/version inputs, request header map, and full response sub-section (version/status/reason/headers) to OutboundFormModal so the outbound side can configure the same HTTP-1.1 obfuscation knobs the inbound side already exposed. * feat(frontend): round-trip XHTTP advanced fields in outbound link parser Pick up xPaddingBytes, scMaxEachPostBytes, scMinPostsIntervalMs, uplinkChunkSize, and noGRPCHeader from both vmess:// JSON and the URL query-param parsers (vless/trojan). The advanced xmux/padding-obfs/ reality-shortId knobs still wait on a follow-up; this slice unblocks the common case where a phone-issued xhttp link carries non-default padding or post sizes. * feat(frontend): round-trip XHTTP padding-obfs + remaining advanced knobs Extract the XHTTP key-mapping into typed string/number/bool key arrays applied by both the URL query-param branch and the vmess JSON branch. The parser now covers xPaddingObfsMode + xPaddingKey/Header/Placement/ Method, sessionKey/seqKey/uplinkData{Placement,Key}, noSSEHeader, scMaxBufferedPosts, scStreamUpServerSecs, serverMaxHeaderBytes, and uplinkHTTPMethod alongside the previous five XHTTP fields. Two new round-trip tests cover the padding-obfs surface on both link forms. * feat(frontend): FinalMaskForm rewrite to Pattern A + wire into both modals Rewrite FinalMaskForm.tsx from a class-coupled component (mutated stream.finalmask.tcp[] via .addTcpMask/.delTcpMask methods, notified parent via onChange callback) into a Pattern A sub-form: takes a NamePath base, a FormInstance, and the surrounding network/protocol, then composes Form.List + Form.Item at absolute paths under that base. All array structures use nested Form.List — tcp/udp mask arrays, the clients/servers groups in header-custom (Form.List of Form.List of ItemEditor), and the noise list. Type Selects use onChange to reset the settings sub-object via form.setFieldValue, mirroring the legacy changeMaskType behavior. The kcp.mtu side effect on xdns type change is preserved. Wired into both InboundFormModal and OutboundFormModal stream tabs, placed after the sockopt section. The component is the first Pattern A consumer of nested Form.List inside another Form.List, so it stands as the reference for future nested-array sub-forms. * docs(frontend): record FinalMaskForm rewrite + hookup in status doc Mainline migration goal — replace class-based xray models with Zod schemas as the single source of truth + drive all forms through AntD `Form.useForm` + `antdRule(schema.shape.X)` — is complete. Remaining items are incremental polish. * fix(frontend): Phase 2 Inbound form reactivity bugs (B1-B9, consolidated) A run of resets dropped the per-bug commits 1401d833 / 5b1ae450 / 5bce0dc5 / 4007eec7. Re-landing all fixes against the same files in one commit to avoid another rebase-style drop. B1 — Transmission Select / External Proxy + Sockopt switches didn't react after click. AntD 6.4.3 Form.useWatch on nested paths doesn't re-fire reliably after `setFieldValue('streamSettings', cleaned)` on the parent. Bound Transmission via `name={['streamSettings', 'network']}` and wrapped the two switches in `<Form.Item shouldUpdate>` blocks that read state via getFieldValue. B2 — Security regressed from `Radio.Group buttonStyle="solid"` to a Select dropdown, and disable state didn't refresh because tlsAllowed/ realityAllowed were derived at the top of the component. Restored Radio.Button group and moved canEnableTls/canEnableReality evaluation inside the shouldUpdate render prop. B3 — Advanced tab "All" sub-tab was missing. Added it as the first item with a new AdvancedAllEditor that round-trips top-level fields + the three nested slices on edit. B4 — Advanced tab title/subtitle and per-section help text were gone. Wrapped the Tabs in the existing `.advanced-shell` / `.advanced-panel` structure and restored the `.advanced-editor-meta` help under each sub-tab using existing i18n keys. B5 — TLS / Reality sub-forms didn't render when selecting tls or reality on the Security tab. The `{security === 'tls' && ...}` and `{security === 'reality' && ...}` conditionals used a stale top-level useWatch value. Wrapped both in <Form.Item shouldUpdate> blocks that read `security` via getFieldValue. B6 — Advanced JSON editors stale after Stream/Sniffing changes. The editors seeded text via lazy useState and AntD Tabs renders all panes upfront, so the Advanced tab was already mounted with stale data. Both AdvancedSliceEditor and AdvancedAllEditor now subscribe via Form.useWatch and re-sync the text buffer when the watched JSON differs from a lastEmitRef (the serialization at the moment of our own last accepted write). User typing doesn't trigger re-sync because setFieldValue updates lastEmitRef too. (A prior attempt added `destroyOnHidden` to the outer Tabs but broke conditional tab items when the unmounted Form.Item for `protocol` lost its value — abandoned in favor of useWatch reactivity.) B7 — HeaderMapEditor + button did nothing. addRow() appended a blank {name:'', value:''} row, but commit() filtered it via rowsToMap before reaching the form, so AntD saw no change and didn't re-render. The editor now keeps a local rows state so blank rows survive during editing; only filled rows are emitted to onChange. B9 — Sniffing destOverride defaults (HTTP/TLS/QUIC/FAKEDNS) were not pre-checked on a fresh Add Inbound. buildAddModeValues() seeded sniffing: {} which left destOverride undefined. Now seeds with SniffingSchema.parse({}) so the Zod defaults populate. * fix(frontend): FinalMaskForm TCP Mask sub-forms + Advanced JSON wrap (B10/B11) B10 — FinalMaskForm TCP Mask: after adding a mask and picking a Type (Fragment/Header Custom/Sudoku), the type-specific sub-forms didn't render. TcpMaskItem read `type` via Form.useWatch on a path inside Form.List, which doesn't re-fire reliably in AntD 6.4.3 — same root cause as the earlier B1/B2/B5 reactivity issues. Replaced with a <Form.Item shouldUpdate> wrapper that reads `type` via getFieldValue inside the render prop. B11 — Advanced sub-tabs (settings / streamSettings / sniffing) showed just the inner value (e.g. `{clients:[],decryption:"none",...}`), but the legacy modal wrapped each slice with its key envelope (e.g. `{settings:{...}}`) so the JSON matches the wire shape's slice and round-trips cleanly from copy-pasted inbound configs. Added a `wrapKey` prop to AdvancedSliceEditor that wraps/unwraps the value on render/write; the three sub-tabs now pass settings / streamSettings / sniffing as their wrapKey. * fix(frontend): import InboundFormModal.css so layout classes apply (B12) The file InboundFormModal.css existed but was never imported, so every class in it had no effect — including: - .vless-auth-state — the "Selected: <auth>" caption next to the X25519/ ML-KEM/Clear button row stayed inline next to Clear instead of display:block beneath the row - .advanced-shell / .advanced-panel — the Advanced tab's header / panel framing was missing - .advanced-editor-meta — the per-section help text under each Advanced sub-tab had no spacing - .wg-peer — wireguard peer rows had no top margin Add a side-effect import of the CSS file at the top of the modal. No other change needed; the legacy modal must have either imported it or had a global import that the new modal didn't inherit. * fix(frontend): FinalMaskForm relative paths + network-switch defaults (B13/B14) B13 — FinalMaskForm used absolute paths like ['streamSettings', 'finalmask', 'tcp', 0, 'type'] for Form.Item names inside Form.List render props. AntD's Form.List prefixes Form.Item names with the list's own name, so the actual storage path became ['streamSettings', 'finalmask', 'tcp', 'streamSettings', 'finalmask', 'tcp', 0, 'type'] — total nonsense. Symptoms: Type Select didn't show the 'fragment' default after add(), and the sub-form for the picked type never rendered (Fragment/Sudoku/HeaderCustom). Rewrote FinalMaskForm to use RELATIVE names inside every Form.List context (TCP/UDP outer list + nested clients/servers/noise inner lists). Added a `listPath` prop on the items so the shouldUpdate guard and the side-effect setFieldValue calls (resetting `settings` when type changes) can still address the absolute path; the displayed Form.Items use the relative form (`[fieldName, 'type']`). Replaced top-level Form.useWatch on nested paths with <Form.Item shouldUpdate> blocks reading via getFieldValue, same pattern as the earlier B5 fix — Form.useWatch on paths inside Form.List doesn't re-fire reliably in AntD 6.4.3. B14 — Switching network (KCP, WS, gRPC, XHTTP, ...) seeded the new XSettings blob as `{}` so every field showed as empty. The legacy `newStreamSlice` populated mtu=1350, tti=20, etc. Restored those defaults in onNetworkChange and seeded the initial tcpSettings.header in buildAddModeValues so even the default TCP state shows the HTTP-camouflage Switch in the correct off state instead of an undefined header object. * fix(frontend): inbound TCP HTTP camouflage drops request fields + KCP UI field rename (B15/B16) B15 — Inbound TCP HTTP camouflage exposed Host / Path / Method / Version / request-headers inputs. Per Xray docs (https://xtls.github.io/config/transports/raw.html#httpheaderobject), the `request` object is honored only by outbound proxies; the inbound listener reads `response`. Those inputs were writing dead data the server ignored. Removed them from the inbound modal; only Response {version, status, reason, headers} remain. The toggle still seeds an empty request object so the wire shape stays valid against the schema. B16 — KCP Uplink / Downlink inputs bound to non-existent form fields `upCap` / `downCap`, while the schema (and wire) use `uplinkCapacity` / `downlinkCapacity`. Renamed the Form.Items to the schema names so defaults populate and saves persist. Also corrected newStreamSlice('kcp') to seed the four KCP defaults (uplinkCapacity / downlinkCapacity / cwndMultiplier / maxSendingWindow) — the missing two were why "CWND Multiplier" and "Max Sending Window" still showed empty after switching to KCP. * fix(frontend): seed full Zod-schema defaults for stream slices + QUIC params (B17) XHTTP showed blank Selects for Session Placement / Sequence Placement / Padding Method / Uplink HTTP Method (and several other knobs). Those fields have a literal "" (empty string) value in the schema, which the Select renders as "Default (path)" / "Default (repeat-x)" / etc. The form field was `undefined`, not `""`, so the Select showed blank instead of the labelled default option. newStreamSlice in InboundFormModal hand-rolled per-network seed objects with only a handful of fields. Replaced with {Tcp,Kcp,Ws,Grpc,HttpUpgrade,XHttp}StreamSettingsSchema.parse({}) so every default declared in the schema populates the form on network switch. Same change in buildAddModeValues for the initial TCP state. QUIC Params (FinalMaskForm) had the same shape on a smaller scale — defaultQuicParams() only seeded congestion + debug + udpHop. The schema's other fields are .optional() (no Zod default) so a schema parse won't help. Hard-coded the xray-core / hysteria recommended values (maxIdleTimeout 30, keepAlivePeriod 10, brutalUp/Down 0, maxIncomingStreams 1024, four window sizes) so the InputNumber controls render with usable starting values instead of blank. * fix(frontend): forceRender all tabs so fields register at modal open (B18) AntD Tabs with the `items` API lazy-mounts inactive tab panes by default. The Form.Items inside an unvisited tab never register, so: - Form.useWatch on a parent path (e.g. 'sniffing') returns a partial view containing only registered children. Until the user clicked the Sniffing tab, Advanced > Sniffing JSON showed `{sniffing: {}}` instead of the full default object set by setFieldsValue. - After visiting the Sniffing tab once, the `sniffing.enabled` Form.Item registered, so useWatch suddenly returned `{enabled: false}` — still partial, because the rest of the sniffing children only register when their Form.Items mount in conditional sub-sections. Setting `forceRender: true` on every tab item forces all tab panes to mount at modal open. Every Form.Item registers immediately; the watch result reflects the full form value seeded by buildAddModeValues. This also likely resolves the earlier "Invalid discriminator value" error on submit, which surfaced when streamSettings had an unregistered security field whose Form.Item hadn't mounted yet. * refactor(frontend): align hysteria with new docs + drop hysteria2 protocol Phase 2 smoke fixes on the Inbound add flow surfaced that hysteria2 was modeled as a separate top-level protocol when it's really just hysteria v2. The xray transports/hysteria.html docs also pin the hysteria stream to a minimal shape (version/auth/udpIdleTimeout/masquerade) — the previous schema carried legacy congestion/up/down/udphop/window knobs that aren't part of the wire contract. Hysteria2 removal: - Drop 'hysteria2' from ProtocolSchema enum and Protocols const - Drop hysteria2 branches from inbound/outbound discriminated unions - Drop createDefaultHysteria2InboundSettings / OutboundSettings - Delete schemas/protocols/inbound/hysteria2.ts and outbound/hysteria2.ts - Drop hysteria2 case in getInboundClients / genLink (fell through to the hysteria handler anyway) - Update client form modals' MULTI_CLIENT_PROTOCOLS sets - Remove hysteria2-basic fixture + snapshot entries (14 capability cases, 1 protocols fixture, 1 inbound-defaults factory) - Keep parseHysteria2Link() outbound parser since hysteria2:// is the share-link URI prefix for hysteria v2 Hysteria stream alignment with xtls docs: - HysteriaStreamSettingsSchema reduced to version/auth/udpIdleTimeout/ masquerade per transports/hysteria.html - Masquerade type adds '' (default 404 page) and defaults to it - Outbound form drops Congestion/Upload/Download/UDP hop/Max idle/ Keep alive/Disable Path MTU controls and the receive-window note - newStreamSlice('hysteria') in OutboundFormModal mirrors the trimmed shape; outbound-link-parser emits the trimmed shape too - InboundFormModal Masquerade Select gains the default option New TUN inbound schema: - Add schemas/protocols/inbound/tun.ts with name/mtu/gateway/dns/ userLevel/autoSystemRoutingTable/autoOutboundsInterface - Wire into ProtocolSchema enum, InboundSettingsSchema discriminated union, createDefaultInboundSettings dispatcher Other Phase 2 smoke fixes folded in: - Tunnel portMap UI swaps Form.List for HeaderMapEditor v1 — wire shape is Record<string,string> and the List was producing arrays - Hysteria onValuesChange seeds full TLS schema defaults + one empty certificate row (Cipher Suites/Min/Max Version/uTLS/ALPN were undefined before) - HTTP/Mixed accounts Add button auto-fills user/pass with RandomUtil.randomLowerAndNum - Hysteria security tab gates the 'none' radio out — TLS only - Hysteria stream tab drops the inbound Auth password field (xray inbound auth is per-user via 'users', not stream-level) - Reality onSecurityChange auto-randomizes target/serverNames/ shortIds and fetches an X25519 keypair - Tag and DB-side fields (up/down/total/expiryTime/ lastTrafficResetTime/clientStats/security) gain hidden Form.Items so validateFields keeps them in the wire payload (rc-component form strips unregistered fields) - WireGuard inbound auto-seeds one peer with generated keypair, allowedIPs ['10.0.0.2/32'], keepAlive 0 — matches legacy - WireGuard peer rows separated by Divider with the Peer N title and a small inline remove button (titlePlacement="center") * refactor(frontend): retire class-based xray models (Step 5) Delete models/inbound.ts (3,359 lines) and outbound.ts (2,405). The Inbound/Outbound classes and ~50 sub-classes are replaced by Zod-typed data + pure functions in lib/xray/*. Consumer migration off dbInbound.toInbound(): - useInbounds: isSSMultiUser({protocol, settings}) directly - QrCodeModal: genWireguardConfigs/Links/AllLinks from lib/xray - InboundList: derives tags from streamSettings raw fields - InboundsPage: clone via raw JSON, fallback projection via schema-shape stream object, exports via genInboundLinks - InboundInfoModal: builds an InboundInfo facade locally from raw streamSettings (host/path/serverName/serviceName per network), canEnableTlsFlow + isSS2022 from lib/xray New helper: lib/xray/inbound-from-db.ts exposes inboundFromDb(raw) converting a raw DBInbound row into a schema-typed Inbound for the link-generation orchestrators. DBInbound trimmed: drops toInbound, isMultiUser, hasLink, genInboundLinks, _cachedInbound. Imports Protocols from @/schemas/primitives now that ./inbound is gone. Bundled Phase 2 fixes: - Outbound modal: Form.useWatch with preserve: true so the stream block doesn't gate itself out when network is unmounted - Inbound form adapter: pruneEmpty preserves empty objects; per-protocol client field projection via Zod safeParse; sniffing collapse to {enabled:false} - useClients invalidateAll also invalidates inbounds.root() - IndexPage Config modal top/maxHeight polish Tests: 283/283 pass. typecheck/lint clean. * fix(frontend): inboundFromDb fills Zod defaults for stream + settings Smoke-testing the new inboundFromDb helper surfaced two regressions that the strict lib/xray link generators expose when fed raw DB streamSettings without per-network sub-keys. 1. genVlessLink / genTrojanLink crash on `stream.tcpSettings.header` when streamSettings lacks `tcpSettings` (true for slim list rows and for handcrafted minimal-JSON inbounds). The legacy Inbound.fromJson chain populated TcpStreamSettings via its own constructor; the new helper now does the same by parsing the raw <network>Settings sub-object through the matching Zod schema and merging schema defaults onto whatever the DB stored. 2. genVlessLink writes `encryption=undefined` into the share URL when settings lacks the `encryption: 'none'` literal that vless wire JSON normally carries. Fixed by running raw settings through InboundSettingsSchema.safeParse() to populate per-protocol defaults (encryption, decryption, fallbacks, etc.) the same way the legacy class fromJson chain did. Same pattern applied to security branch (tls/realitySettings). Tests: src/test/inbound-from-db.test.ts covers - JSON-string / object / empty settings coercion - genInboundLinks vless (TCP/none, with encryption=none) - genWireguardConfigs + genWireguardLinks peer fanout - genAllLinks trojan with TLS sub-defaults applied - protocol-capability helpers with raw shapes - getInboundClients across vless/SS-single/non-client protocols 296/296 pass. * fix(frontend): QUIC udpHop.interval is a range string, not a number (B19) User report: "streamSettings.finalmask.quicParams.udpHop.interval: Invalid input: expected string, received number". Three-part fix: - FinalMaskForm: Hop Interval input changed from InputNumber to Input with "e.g. 5-10" placeholder. xray-core spec says interval is a range string like '5-10' (seconds between min-max hops), not a single number. - FinalMaskForm: defaultQuicParams() seeds interval: '5-10' instead of the broken `interval: 5`. - QuicUdpHopSchema: preprocess coerces number → string for legacy DB rows that were written by the now-fixed buggy UI. Stops the load-time validation crash on existing inbounds. Tests still 296/296. * fix(frontend): outbound link parser handles extra/fm/x_padding_bytes (B20) User-reported vless share link with full xhttp + reality + finalmask config failed to round-trip on outbound import. The inbound link generator emits three payloads the outbound parser was ignoring: 1. `extra=<json>` — bundles advanced xhttp knobs (xPaddingBytes, scMaxEachPostBytes, scMinPostsIntervalMs, padding-obfs keys, etc.). applyXhttpStringFromParams now JSON.parses this and merges the fields into xhttpSettings via the same JSON-branch logic used by vmess. 2. `x_padding_bytes=<range>` — snake_case alias the inbound emits alongside the camelCase form. Now applied before camelCase so explicit `xPaddingBytes` URL params still win. 3. `fm=<json>` — full finalmask object including quicParams.udpHop and tcp/udp mask arrays. New applyFinalMaskParam attaches the decoded object to streamSettings.finalmask. Wired into both parseVlessLink and parseTrojanLink. Tests: - Real B20 link parses with xhttp + reality + finalmask all populated - Precedence: camelCase URL > extra JSON > snake_case alias > default - Malformed extra JSON falls through without crashing the parser 300/300 pass. * fix(frontend): Outbound submit crash on non-mux protocols + tab a11y (B21) Two issues surfaced on Outbound save: 1. Crash: `Cannot read properties of undefined (reading 'enabled')` at formValuesToWirePayload. The modal hides the Mux switch entirely for non-stream protocols (dns/freedom/blackhole/loopback) and for stream protocols when isMuxAllowed gates it out (xhttp, vless+flow). With the field never registered, validateFields() returns no `mux` key — `values.mux.enabled` then dereferences undefined. Fix: optional chain `values.mux?.enabled` so missing mux skips the mux clause silently. Documented why mux can be absent. 2. Chrome a11y warning: "Blocked aria-hidden on an element because its descendant retained focus" — when the user has an input focused inside one Tab panel and switches to another tab, AntD marks the outgoing panel aria-hidden while focus is still inside. The browser warns, but the focused control is now invisible to AT users. Fix: blur the active element before setActiveKey in onTabChange. * fix(frontend): blur active element on every tab switch path (B21 follow-up) The previous B21 patch only blurred on user-initiated tab clicks via onTabChange. Two other paths still set activeKey while a JSON-tab input retained focus: - importLink: after a successful share-link parse, setActiveKey('1') switched to the form tab while the user's focus was still on the Input.Search they just pressed Enter in. Chrome logged the same "Blocked aria-hidden" warning because the panel they were leaving became aria-hidden synchronously, with their input still focused. - onTabChange entering the JSON tab: also did a bare setActiveKey with no blur, so going from a focused form input INTO the JSON tab could trip the warning in reverse. Fix: centralized switchTab(key) that blurs document.activeElement sync before calling setActiveKey. Every internal tab transition (importLink, onTabChange both directions) now routes through it. The single setActiveKey('1') in the open-modal useEffect is left as a plain setter because there's no focused input at modal-open time. * refactor(frontend): extract fillStreamDefaults to shared helper Move the network/security schema-default filler out of inbound-from-db.ts into stream-defaults.ts so other consumers can reuse it without dragging in the DBInbound-specific code path. * fix(frontend): derive QUIC/UDP-hop switch state from data presence (B22) The QUIC Params and UDP Hop toggles previously persisted as separate boolean flags (enableQuicParams / hasUdpHop) which weren't part of the xray wire format and weren't restored when a config was pasted into the modal. Use data presence as the single source of truth: the switch is on iff the corresponding sub-object exists. Switching off clears it back to undefined. * fix(frontend): xhttp form binding + drop empty strings from JSON (B23) uplinkHTTPMethod was wrapped Form.Item -> Form.Item(shouldUpdate) -> Select, which broke AntD's value/onChange injection (AntD only clones the immediate child). Restructured so shouldUpdate is the outer wrapper and Form.Item(name) directly wraps the Select. Also drop empty-string fields from xhttpSettings in the wire payload — fields like uplinkHTTPMethod, sessionPlacement, seqPlacement, xPaddingKey default to '' meaning "use server default", so they shouldn't appear in JSON as "field": "". Adds placeholder text to the 3 xhttp Selects so the form reflects the current value after JSON paste. * feat(frontend): align finalmask + sockopt with xray docs, add golden fixtures Schema fixes per https://xtls.github.io/config/transports/finalmask.html and https://xtls.github.io/config/transports/sockopt.html: finalmask: - QuicCongestionSchema: remove non-doc 'cubic', keep reno/bbr/brutal/force-brutal - Add BbrProfileSchema (conservative/standard/aggressive) and bbrProfile field - brutalUp/brutalDown: number -> string per docs (units like '60 mbps') - Tighten ranges: maxIdleTimeout 4-120, keepAlivePeriod 2-60, maxIncomingStreams min 8 - UdpMaskTypeSchema: add missing 'sudoku' - udpHop.interval stays as preprocessed string-range per intentional B19 divergence sockopt: - tcpFastOpen: boolean -> union(boolean, number) per docs (number tunes queue size) - mark: drop min(0) (can be any int) - domainStrategy default: 'UseIP' -> 'AsIs' per docs - tcpKeepAlive Interval/Idle defaults: 0/300 -> 45/45 per docs (outbound) - Add AddressPortStrategySchema enum (7 values) + addressPortStrategy field - Add HappyEyeballsSchema (tryDelayMs/prioritizeIPv6/interleave/maxConcurrentTry) - Add CustomSockoptSchema (system/type/level/opt/value) + customSockopt array Bug fixes: - options.ts: Address_Port_Strategy values were lowercase ('srvportonly'); xray-core requires camelCase ('SrvPortOnly'). Fixed all 6 entries. - OutboundFormModal: domainStrategy Select was mistakenly populated from ADDRESS_PORT_STRATEGY_OPTIONS; now uses DOMAIN_STRATEGY_OPTION. - OutboundFormModal: inline sockopt defaults (hardcoded {acceptProxyProtocol: false, domainStrategy: 'UseIP', ...}) replaced with SockoptStreamSettingsSchema.parse({}) so schema is the single source. Form additions (both InboundFormModal + OutboundFormModal): - Address+port strategy Select - Happy Eyeballs Switch + sub-form (tryDelayMs/prioritizeIPv6/interleave/maxConcurrentTry) - Custom sockopt Form.List (system/type/level/opt/value) - FinalMaskForm: BBR Profile Select (visible when congestion='bbr'), Brutal Up/Down placeholders updated to string format Golden fixtures (8 new + 4 xhttp extras): - finalmask/{tcp-mask, udp-mask, quic-params, combined}.json — cover all TCP mask types, 7 UDP mask types including new sudoku, full QUIC params shape - sockopt/{defaults, tcp-tuning, tproxy, full}.json — full sockopt knobs - stream/xhttp-{basic, extra-padding, extra-placement, extra-tuning}.json — cover the extra-blob fields bundled into share-link extra=<json> Tests now at 312 (up from 300); typecheck/lint clean. * feat(frontend): migrate DNS + Routing to Zod, align with xray docs Adds first-class Zod schemas for the xray-core DNS block and routing sub-objects (Balancer, Rule) matching the documented shape at https://xtls.github.io/config/dns.html and https://xtls.github.io/config/routing.html, then wires the DnsServerModal and BalancerFormModal up to those schemas. schemas/dns.ts (new): - DnsQueryStrategySchema enum (UseIP/UseIPv4/UseIPv6/UseSystem) - DnsHostsSchema record(string -> string | string[]) - DnsServerObjectInnerSchema + DnsServerObjectSchema (with preprocess to migrate legacy `expectIPs` -> `expectedIPs` alias) - DnsServerEntrySchema = string | DnsServerObject (xray accepts both) - DnsObjectSchema with all documented fields and defaults schemas/routing.ts (new): - RuleProtocolSchema enum (http/tls/quic/bittorrent) - RuleWebhookSchema (url/deduplication/headers) - RuleObjectSchema covering every documented field (domain/ip/port/ sourcePort/localPort/network/sourceIP/localIP/user/vlessRoute/ inboundTag/protocol/attrs/process/outboundTag/balancerTag/ruleTag/ webhook) with type=literal('field').default('field') - BalancerStrategyTypeSchema enum (random/roundRobin/leastPing/leastLoad) - BalancerCostObjectSchema {regexp,match,value} - BalancerStrategySettingsSchema (expected/maxRTT/tolerance/baselines/costs) - BalancerStrategySchema + BalancerObjectSchema schemas/xray.ts: - routing.rules: was loose 3-field object, now z.array(RuleObjectSchema) - routing.balancers: was z.array(z.unknown()), now z.array(BalancerObjectSchema) - dns: was 2-field loose, now full DnsObjectSchema - BalancerFormSchema: strategy now BalancerStrategyTypeSchema (enum) instead of z.string(); fallbackTag defaults to ''; settings? added for leastLoad DnsServerModal (full Pattern A rewrite): - useState/DnsForm interface -> Form.useForm<DnsServerForm>() - manual domain/expectedIP/unexpectedIP list -> Form.List - antdRule on address/port/timeoutMs for inline validation - preserves legacy collapse-to-bare-string behavior on submit BalancerFormModal: - Adds conditional leastLoad sub-form (Expected/MaxRTT/Tolerance/ Baselines/Costs) wired to BalancerStrategySettingsSchema - Strategy options derived from schema enum - Cost rows with regexp/literal switch + match + value - required prop on Tag and Selector for red asterisk visual BalancersTab: - BalancerRecord interface -> type alias to BalancerObject - onConfirm now propagates strategy.settings to wire when leastLoad - Removes useMemo wrapping `columns` array. The memo had deps [t, isMobile] (with an eslint-disable) so the column render functions kept their original closure over `openEdit`. Once a balancer was created and the user clicked the edit button, the stale openEdit fired with empty `rows`, so rows[idx] was undefined and the modal opened blank. Columns are cheap to rebuild each render, so dropping the memo is the right fix. DnsTab + RoutingTab: switch ad-hoc interfaces to schema-derived types. translations (en-US, fa-IR): add the previously-missing pages.xray.balancerTagRequired and pages.xray.balancerSelectorRequired keys so antdRule surfaces a real message instead of the raw i18n key. * test(frontend): golden fixtures for DNS, Balancer, Rule schemas Adds JSON fixtures under golden/fixtures/{dns,dns-server,balancer,rule} plus three vitest files that parse them through the new schemas and snapshot the result. dns/: minimal (servers as strings) + full (every top-level field plus hosts with geosite/domain/full prefixes and 5 mixed string/object servers covering fakedns, localhost, https://, tcp://, quic+local://). dns-server/: full (every DnsServerObject field) + legacy-expectips (asserts the z.preprocess that migrates the legacy `expectIPs` key into the canonical `expectedIPs`). balancer/: random-minimal (default strategy by omission), roundrobin, leastping, leastload-full (covers all StrategySettings fields and both regexp=true|false costs). rule/: minimal, full (exercises every RuleObject field including localPort, localIP, process aliases like `self/`, all four protocol enum values, ip negation `!geoip:`, attrs with regexp value, and the WebhookObject with deduplication+headers), balancer-routed (uses balancerTag instead of outboundTag), port-number (port as a number to prove the union(number,string) accepts both). * fix(frontend): serialize bulk client delete + drop deprecated Alert.message useClients.removeMany was firing all DELETEs in parallel via Promise.all. The 3x-ui backend mutates a single config JSON per request (read / modify / write), so 20 concurrent deletes raced on the same file: every request reported success, but only the last writer's copy stuck — about half the selected clients reappeared after the toast. Replace the parallel fan-out with a sequential for-of loop so each delete sees the committed state of the previous one. The trade-off is total latency (20 * ~250ms = ~5s) which is the correct behavior until the backend grows a proper /bulkDel endpoint. Also rename the Alert `message` prop to `title` in ClientBulkAdjustModal to clear the AntD v6 deprecation warning. * feat(clients): server-side bulk create/delete with per-inbound batching Replace the panel-side fan-out (Promise.all of single /add and /del calls) that raced on the shared inbound config and capped throughput at roughly one round-trip per client. New endpoints batch the work on the server: - POST /panel/api/clients/bulkDel { emails, keepTraffic } - POST /panel/api/clients/bulkCreate [ {client, inboundIds}, ... ] BulkDelete groups emails by inbound and performs a single read-modify-write per inbound (one JSON parse, one marshal, one Save) instead of N. Per-row DB cleanups (ClientInbound, ClientTraffic, InboundClientIps, ClientRecord) are batched with WHERE...IN queries. Per-email failures are reported via Skipped[] and processing continues. BulkCreate iterates payloads sequentially through the same Create path single-add uses, so heterogeneous batches (different inboundIds, plans) remain valid in one round-trip. Frontend bulkDelete/bulkCreate hooks parse the new response shape ({ deleted|created, skipped[] }) and the bulk-add modal now posts a single request instead of fanning out emails. * perf(clients): batch BulkAdjust per inbound, skip no-op xray calls on local Same per-inbound batching strategy as BulkDelete. The previous code called Update once per email, which itself looped through each inbound the client belonged to — reparsing the same settings JSON, calling RemoveUser+AddUser on xray, and running SyncInbound for every single email. For 200 emails in one inbound that's 200 JSON read/write cycles and 400 xray runtime calls. The new BulkAdjust groups emails by inbound and per inbound: - locks once, reads settings JSON once - mutates expiryTime/totalGB in place for every target client - writes the inbound and runs SyncInbound once ClientTraffic rows are updated with a single per-email query at the end (values differ per client so they can't be folded into one statement). For local-node inbounds the xray runtime calls are skipped entirely. The AddUser payload only contains email/id/security/flow/auth/password/ cipher — none of which change in an adjust — so RemoveUser+AddUser was a no-op that briefly flapped active users. Limit enforcement is driven by the panel's traffic loop reading ClientTraffic, not by xray-core. For remote-node inbounds rt.UpdateUser is preserved so the remote panel receives the new totals/expiry. Skip+report semantics match BulkDelete: any per-email error leaves that email's record/traffic untouched and is returned in Skipped[]. * refactor(backend): retire hysteria2 as a top-level protocol Hysteria v2 is not a separate xray protocol — it is plain "hysteria" with streamSettings.version = 2. The frontend already dropped hysteria2 from the protocol enum in 5a90f7e3; the backend was still carrying the literal as a compat alias. Removed: - model.Hysteria2 constant - model.IsHysteria helper (only callers were buildProxy + genHysteriaLink) - TestIsHysteria - "hysteria2" from the Inbound.Protocol validate oneof enum - All `case model.Hysteria, model.Hysteria2:` and `case "hysteria", "hysteria2":` branches across client.go, inbound.go, outbound.go, xray.go, port_conflict.go, xray/api.go, subService.go, subJsonService.go, subClashService.go - Stale #4081 comments Kept (correctly — these are client-side URI/config schemes that are independent of the xray protocol type): - hysteria2:// share-link URI in subService.genHysteriaLink - "hysteria2" Clash proxy type in subClashService.buildHysteriaProxy - Comments referring to Hysteria v2 as a transport version Note: this change does not include a DB migration. Existing rows with protocol = 'hysteria2' will fall through to the default switch arms after upgrade. A separate `UPDATE inbounds SET protocol = 'hysteria' WHERE protocol = 'hysteria2'` is required for installs that still hold legacy data. * refactor(frontend): retire all AntD + Zod deprecations Swept the codebase for @deprecated APIs using a one-off type-aware ESLint config (eslint.deprecated.config.js) and fixed every hit: - 78 instances of `<Select.Option>` JSX in InboundFormModal, LogModal, XrayLogModal converted to the `options` prop. - Zod's `z.ZodTypeAny` (deprecated for `z.ZodType` in zod v4) replaced in _envelope.ts, zodForm.ts, zodValidate.ts, and inbound-form-adapter.ts. - Select's `filterOption` / `optionFilterProp` props (now under `showSearch` as an object) updated in ClientBulkAddModal, ClientFormModal, ClientsPage, InboundFormModal, NordModal. - `Input.Group compact` swapped for `Space.Compact` in FinalMaskForm. - Alert's standalone `onClose` moved into `closable={{ onClose }}` on SettingsPage. - `document.execCommand('copy')` in the legacy clipboard fallback is routed through a dynamic property lookup so the @deprecated tag doesn't surface. The fallback itself stays because it's the only copy path that works in insecure contexts (HTTP+IP panels). The dropped ClientFormModal.css was already unimported. eslint.deprecated.config.js loads the type-aware ruleset and turns everything off except `@typescript-eslint/no-deprecated`, so future scans are a single command: npx eslint --config eslint.deprecated.config.js src Not wired into `npm run lint` because typed linting roughly triples the run time. Verified clean: typecheck, lint, and the deprecated scan all 0 warnings. * feat(clients): show comment under email in the Client column The clients table's Client cell already stacks email + subId; add the admin comment as a third muted line so notes like "VIP" or "friend of X" are visible in the list view without opening the info modal. Renders only when set, so rows without a comment look unchanged. * docs(frontend): refresh README + simplify deprecated-scan config README rewrite reflects the post-Zod-migration state: - 3 Vite entries (index/login/subpage), not "one per panel route" - New folders: schemas/, lib/xray/, generated/, test/, layouts/ - Scripts table covers test/gen:api/gen:zod alongside the existing dev/build/lint/typecheck - New sections on the Zod schema tree, the three validation layers, the unified Form.useForm + antdRule pattern, and the golden fixture testing setup - "Adding a new page" updated to reflect that most additions are just react-router entries in routes.tsx, not new Vite bundles - Explicit note that `@deprecated` in the prose is a JSDoc tag, not a shell command — comes with the exact one-line npx invocation eslint.deprecated.config.js trimmed: dropping the recommendedTypeChecked spread + the ~28 rule overrides that came with it. The config now wires the @typescript-eslint and react-hooks plugins manually and enables exactly one rule (`@typescript-eslint/no-deprecated`). 45 lines → 30, same output: zero false-positives, zero noise, zero deprecations on the current tree. * chore(frontend): bump deps + refresh lockfile `npm update` within the existing semver ranges, plus a Vite bump the user explicitly accepted: - vite 8.0.13 → 8.0.14 (exact pin kept) - dayjs 1.11.20 → 1.11.21 - i18next 26.2.0 → 26.3.0 - typescript-eslint 8.59.4 → 8.60.0 - @rc-component/table + a handful of other transitive antd deps resolved to newer patch versions in the lockfile The earlier 8.0.13 pin was carried over from an esbuild dep-optimizer regression that broke vue-i18n in Vite 8.0.14 dev mode. This codebase uses react-i18next, doesn't hit the same chunking edge case, and `npm run dev` was smoked clean on 8.0.14 before accepting the bump. * feat(clients): compact link + inbound rows in the info modal and table ClientInfoModal — Copy URL section reskinned: - Each link is a single row: [PROTOCOL] [remark] [copy] [QR] instead of a card with the raw 200-char URL printed inline - Remark is parsed per-protocol — VMess pulls it from the base64-JSON `ps` field, the rest from the `#fragment` - The row title strips the client email suffix so the same string isn't repeated three times in the modal; the QR popover still uses the full remark (it's the QR's own name for the download file) - QR button opens an inline Popover with the existing QrPanel, size 220, destroyed on close - Subscription section uses the same row layout (SUB / JSON tags, clickable subId, copy + QR actions) - New per-protocol Tag colors so the protocol is identifiable at a glance ClientInfoModal — Attached inbounds + ClientsPage table column: - Chip format changed from `${remark} (${proto}:${port})` to just `${proto}:${port}` — when an admin attaches 5 inbounds to one client the remark was repeated 5 times and wrapped onto two lines - Only the first inbound chip is shown; the rest collapse into a `+N` chip that opens a Popover with the full list (remark included). INBOUND_CHIP_LIMIT = 1 - Per-protocol Tag colors - Tooltip on each chip shows the full `${remark} (${proto}:${port})` - Table column pinned to width: 170 so the row doesn't reserve the old 300px of whitespace next to the compact chip Comment row in the info table is always shown now (renders `-` when unset) so the layout doesn't jump per-client. VmessSecuritySchema gets a preprocess pass that maps legacy `security: ""` (persisted on pre-enum-lock VMess inbounds) back to `'auto'`. z.enum's `.default()` only fires on a missing field, not on an empty string — without this, old rows fail validation with "expected one of aes-128-gcm|chacha20-poly1305| auto|none|zero". `z.infer` is taken from the raw enum so the inferred type stays the union, not `unknown`. i18n adds a `more` key (en-US + fa-IR) used by the overflow chip label. * fix(xray): heal shadowsocks per-client method across all start paths xray-core's multi-user shadowsocks insists the per-client `method` matches the inbound's top-level cipher exactly for legacy ciphers, and is empty for 2022-blake3-*. The previous code (xray.go) copied `Client.Security` into the per-client `method` blindly, so a multi-protocol client created with the VMess default `"auto"` poisoned the SS config with `method: "auto"` → "unsupported cipher method: auto". Fix in two parts: - GetXrayConfig no longer projects `Client.Security` into the SS entry; the inbound's top-level method is now the single source of truth. - HealShadowsocksClientMethods moves to `database/model` and is invoked from `Inbound.GenXrayInboundConfig`, so the runtime add/update path (runtime.AddInbound) is normalised in addition to the full-restart path. For legacy ciphers heal now overwrites mismatched per-client methods rather than preserving them, so stale DB rows are also healed. * feat(sub): compact subscription rows with per-link email + PQ QR hide Mirror the ClientInfoModal redesign on the public SubPage so the subscription viewer reads as a tight `[PROTO] [remark] [copy] [QR]` row per link instead of raw URL cards. - subService.GetSubs now returns the per-link email list alongside the links, threaded through subController and BuildPageData into the `emails` field on subData (env.d.ts updated). Public links.go is updated to ignore the new return. - SubPage strips the client email from each row title using the matched per-link email (same trimEmail behaviour as the modal), and hides the QR button for post-quantum links (`pqv=`, `mlkem768`, `mldsa65`) since the encoded URL won't fit in a single QR. * feat(clients): hide QR for post-quantum links in client info modal Post-quantum keys (mldsa65 / ML-KEM-768) blow the encoded URL past what a single QR can hold. Detect them by the markers VLESS share links actually carry — `pqv=<base64>` for mldsa65Verify and `encryption=mlkem768x25519plus.*` for ML-KEM-768 — and drop the QR button for those rows. Copy still works. * fix(schemas): widen VLESS decryption/encryption to accept PQ values The post-quantum auth blocks (ML-KEM-768, X25519) populate `settings.decryption` / `settings.encryption` with values like `mlkem768x25519plus.<base64>` and `xchacha20-poly1305.aead.x25519`, but the schema pinned both fields to z.literal('none') so saving an inbound after picking "ML-KEM-768 auth" failed with `Invalid input: expected "none"`. Relax both fields (inbound + outbound + outbound form) to z.string().min(1) keeping the 'none' default. xray-core does its own validation server-side so a string check at the form boundary is enough. * feat(sub): clash row + reorganise SubPage around Subscription info ClientInfoModal: - Add a Clash / Mihomo row to the subscription section, gated on subClashEnable + subClashURI from /panel/setting/defaultSettings. Defaults payload schema is widened to carry subClashURI/subClashEnable. SubPage: - Drop the rectangular QR-codes header that used to sit at the very top of the card. The subscription info table now leads, followed by Divider("Copy URL") + per-protocol link rows (already converted to the compact ClientInfoModal pattern), then a new Divider("Subscription") + compact rows for the SUB / JSON / CLASH URLs with copy + QR-popover actions. The apps dropdown row remains the footer. CSS clean-up: removed the now-unused .qr-row/.qr-col/.qr-box/.qr-code rules; kept .qr-tag and trimmed the info-table top gap. Added a .sub-link-anchor underline-on-hover style for the new URL rows. * fix(sub): multi-inbound traffic + trojan/hysteria userinfo + utf-8 vmess remark Three bugs surfaced by the new SubPage and the recent client-record refactor: - xray.ClientTraffic.Email is globally unique, so a multi-inbound client has exactly one traffic row attached to whichever inbound claimed it. Iterating inbound.ClientStats per inbound dedup-locked the first lookup to zero for clients that lived under any other inbound, so the SubPage info table read 0 B for all the multi- inbound subs. Replaced appendUniqueTraffic with a single AggregateTrafficByEmails(emails) helper that runs one WHERE email IN (?) over xray.ClientTraffic and folds the rows. GetSubs / SubClashService.GetClash / SubJsonService.GetJson all share it. - Trojan and Hysteria share-links embedded the raw password/auth into the userinfo (scheme://<value>@host) without percent-encoding, so passwords containing `/` or `=` (e.g., base64-with-padding) broke popular trojan clients with parse errors. Added encodeUserinfo() that wraps url.QueryEscape and rewrites the `+` (space) back to `%20` for parity with encodeURIComponent on the frontend; applied to trojan.password and hysteria.auth. Same fix on the frontend's genTrojanLink. - VMess link remarks ride inside a base64-encoded JSON payload, but the SubPage / ClientInfoModal parser used JSON.parse(atob(body)), which treats the binary string as Latin-1 and shreds any multi-byte UTF-8 sequence. Most visible on the emoji decorations (genRemark appends 📊/⏳), so a remark like `test-1.00GB📊` rendered as `test-1.00GBð…`. Routed through Uint8Array + TextDecoder('utf-8') so multi-byte codepoints survive. * feat(settings): drop email leg from default remark model Change the default remarkModel from "-ieo" to "-io" so a freshly installed panel composes share-link remarks from the inbound name + optional extra only, leaving out the client email. Existing panels keep whatever value they have saved — only fresh installs and fallback paths (parse failure, missing setting) pick up the new default. Touched everywhere the literal "-ieo" lived: the canonical default map, the two sub-package fallback constants, the four frontend defaults (model class, link generator, two inbound modals, useInbounds hook). Two snapshot tests regenerated and one obsolete "contains email" assertion in inbound-from-db.test.ts removed. To migrate an existing panel that wants the new behaviour, edit Settings → Remark Model and remove the email leg. * feat(sub): usage summary card + remark-email on QR popover labels SubPage now opens with a clear quota panel directly under the info table: large `used / total` numbers, gradient progress bar (green ≤ 75%, orange to 90%, red above), `remained` and `%` on the foot, plus a Tag chip for unlimited subscriptions and a coloured chip for days left until expiry (blue >3d, orange ≤3d, red on expiry). Driven entirely off existing subData fields — no backend changes. While the row title in the link list stays email-stripped (default remark model omits email now), the QR popover label folds it back in so the rendered QR card identifies the client unambiguously. Tag content becomes `<rowTitle>-<email>` in both SubPage and ClientInfoModal — the encoded link itself is unchanged. SubPage section order is now: info table → usage summary → SUB / JSON / CLASH endpoints → per-protocol Copy URL rows → apps row, so the most-glanceable status sits above the fold.
2026-05-27 02:26:50 +00:00
"/panel/api/clients/bulkDel": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete many clients in one call. The server processes the list sequentially so each delete sees the committed state of the previous one — avoids the race the per-email fan-out had on the panel side. Pass keepTraffic=true to retain the xray_client_traffic rows after deletion.",
"operationId": "post_panel_api_clients_bulkDel",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
],
"keepTraffic": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"deleted": 2,
"skipped": [
{
"email": "carol",
"reason": "client not found"
}
]
}
}
}
}
}
}
}
},
"/panel/api/clients/bulkCreate": {
"post": {
"tags": [
"Clients"
],
"summary": "Create many clients in one call. Body is a JSON array of {client, inboundIds} payloads — the same shape /add accepts. Items are processed sequentially; per-email skip reasons are returned for items that fail (e.g., duplicate email). Triggers a single Xray restart at the end if any inbound was running.",
"operationId": "post_panel_api_clients_bulkCreate",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": [
{
"client": {
"email": "alice@example.com",
"totalGB": 53687091200,
"expiryTime": 0,
"enable": true
},
"inboundIds": [
7
]
},
{
"client": {
"email": "bob@example.com",
"totalGB": 53687091200,
"expiryTime": 0,
"enable": true
},
"inboundIds": [
7,
9
]
}
]
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"created": 2,
"skipped": [
{
"email": "alice@example.com",
"reason": "email already in use"
}
]
}
}
}
}
}
}
}
},
feat(clients,groups): client groups + sub-links export + dedicated groups page Persistent client groups - New ClientGroup model + client_groups table that holds empty (placeholder) groups so a user can define a label before any client references it. ListGroups merges these with the distinct group_name values already stored on clients and reports {name, clientCount}. - ClientRecord gains group_name column; the model.Client wire shape gains a matching `group` JSON field that survives the inbound.settings → SyncInbound round-trip. - Rename/Delete on a group mutates client_groups (rename row / delete row) AND propagates to all matching clients in ClientRecord and in every owning inbound's settings JSON, all in one transaction. Bulk operations - AssignGroup(emails, group) updates clients.group_name + patches each affected inbound's settings JSON in one read-modify-write per inbound. Empty group clears the label. Auto-creates the client_groups row when the user assigns to a brand-new name. - BulkResetTraffic(emails) loops the existing single-reset path so the caller can zero traffic across a whole selection or a whole group. - EmailsByGroup(name) returns just the email list (used by the groups page to fan a single bulk action over every member). Endpoints (all under /panel/api/clients) - GET /groups — summaries with counts - GET /groups/:name/emails — emails in a group - POST /groups/create — empty placeholder group - POST /groups/rename — rename (table + clients + JSON) - POST /groups/delete — drop label everywhere (clients survive) - POST /bulkAssignGroup — assign N selected clients - POST /bulkResetTraffic — reset traffic on a list Clients page UX - New Group column (Actions → Client → Group → Inbounds → …) with a click-to-filter chip. - FilterDrawer gains a multi-select Group filter whose options come from the new ClientPageResponse.groups field (sourced from ListGroups so empty/placeholder groups are pickable too). - Single-client and bulk-add forms gain a Group AutoComplete pre-loaded with all known group names. - New toolbar buttons when selection > 0: "Group ({n})" opens BulkAssignGroupModal, "Sub links ({n})" opens SubLinksModal. Sub-links export modal (new SubLinksModal.tsx) - Table of selected clients with their subscription URL (and JSON URL when subJsonEnable is on), per-row copy, Copy all, and Download as sub-links-<timestamp>.txt. Warns when subscription is disabled or none of the selected clients have a subId. Dedicated Groups page (new pages/groups/GroupsPage.tsx) - /groups route + sidebar entry (TagsOutlined icon) + page title key. - Card-based layout matching Clients/Inbounds/Nodes — summary card with Total/Grouped/Empty stats, main card with Add Group button + table. - Per-row More dropdown (icon-first column on the left): Sub links, Adjust (days+traffic), Reset traffic, Rename, Delete clients in group, Delete group (keep clients). Empty groups disable the client-targeted actions. - Reuses SubLinksModal and ClientBulkAdjustModal — emails for the group are fetched on demand from GET /groups/:name/emails. Other polish - /groups + groups-page selectors added to page-shell.css and page-cards.css so the new page inherits the same background, padding, card borders, hover shadow, and summary-card padding. - .card-toolbar gains a small vertical padding so the larger toolbar buttons (now default size, matching Inbounds) don't crowd the top of the card-head on Clients and Groups pages.
2026-05-27 15:30:55 +00:00
"/panel/api/clients/bulkAssignGroup": {
"post": {
"tags": [
"Clients"
],
"summary": "Assign the given group label to many clients in one call. Updates clients.group_name and patches the matching client entry inside every owning inbound's settings JSON in a single transaction. Pass an empty group to clear the label. If the group name does not yet exist (in client_groups or as a derived label), it is auto-created as a persistent group.",
"operationId": "post_panel_api_clients_bulkAssignGroup",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
],
"group": "customer-a"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"affected": 2
}
}
}
}
}
}
}
},
"/panel/api/clients/bulkResetTraffic": {
"post": {
"tags": [
"Clients"
],
"summary": "Zero up/down counters for many clients in one call. Loops the single-reset path so each client is re-enabled across its attached inbounds and pushed to Xray/remote nodes. Returns the count of successfully reset clients.",
"operationId": "post_panel_api_clients_bulkResetTraffic",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"affected": 2
}
}
}
}
}
}
}
},
"/panel/api/clients/groups": {
"get": {
"tags": [
"Clients"
],
"summary": "List all client groups with their member counts. Merges persisted groups (rows in client_groups, including empty placeholders) with the distinct group_name values currently set on clients. Sorted alphabetically (case-insensitive).",
"operationId": "get_panel_api_clients_groups",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"name": "customer-a",
"clientCount": 5
},
{
"name": "internal",
"clientCount": 0
}
]
}
}
}
}
}
}
},
"/panel/api/clients/groups/{name}/emails": {
"get": {
"tags": [
"Clients"
],
"summary": "Return just the email list of clients that currently belong to the given group. Useful for fanning a single bulk action over an entire group without round-tripping the full client list.",
"operationId": "get_panel_api_clients_groups_name_emails",
"parameters": [
{
"name": "name",
"in": "path",
"required": true,
"description": "Group name (URL-encoded).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"alice",
"bob",
"carol"
]
}
}
}
}
}
}
},
"/panel/api/clients/groups/create": {
"post": {
"tags": [
"Clients"
],
"summary": "Create a new empty (placeholder) group. The group becomes selectable in client forms and the filter drawer even before any client is assigned to it. Errors if a group with the same name already exists.",
"operationId": "post_panel_api_clients_groups_create",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "customer-a"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"name": "customer-a"
}
}
}
}
}
}
}
},
"/panel/api/clients/groups/rename": {
"post": {
"tags": [
"Clients"
],
"summary": "Rename a group. The new name is applied to the client_groups row AND propagated to every matching client (both clients.group_name and the client entry inside every owning inbound's settings JSON) in a single transaction. Returns the number of clients whose label was updated.",
"operationId": "post_panel_api_clients_groups_rename",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"oldName": "customer-a",
"newName": "tier-1"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"affected": 5
}
}
}
}
}
}
}
},
"/panel/api/clients/groups/delete": {
"post": {
"tags": [
"Clients"
],
"summary": "Remove a group. Deletes the client_groups row and clears the group label from every matching client (both clients.group_name and the inbound settings JSON). The clients themselves are NOT deleted — use /bulkDel after filtering by group for that. Returns the count of clients whose label was cleared.",
"operationId": "post_panel_api_clients_groups_delete",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "customer-a"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"affected": 5
}
}
}
}
}
}
}
},
feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
"/panel/api/clients/resetTraffic/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Zero out a single clients up/down counters. Re-enables the client across every attached inbound and pushes the change to Xray (or the remote node) so depleted users can connect again immediately.",
"operationId": "post_panel_api_clients_resetTraffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/updateTraffic/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Manually adjust a clients upload + download counters. Useful for migrations from external accounting systems.",
"operationId": "post_panel_api_clients_updateTraffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"upload": 1073741824,
"download": 5368709120
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/ips/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "List source IPs that have connected with the given clients credentials. Returns an array of \"ip (timestamp)\" strings.",
"operationId": "post_panel_api_clients_ips_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/clearIps/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Reset the recorded IP list for a client.",
"operationId": "post_panel_api_clients_clearIps_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/onlines": {
"post": {
"tags": [
"Clients"
],
"summary": "List the emails of currently connected clients (last seen within the heartbeat window).",
"operationId": "post_panel_api_clients_onlines",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"user1",
"user2"
]
}
}
}
}
}
}
},
"/panel/api/clients/lastOnline": {
"post": {
"tags": [
"Clients"
],
"summary": "Map of client email → last-seen unix timestamp.",
"operationId": "post_panel_api_clients_lastOnline",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"user1": 1700000000,
"user2": 1699999000
}
}
}
}
}
}
}
},
"/panel/api/clients/traffic/{email}": {
"get": {
"tags": [
"Clients"
],
"summary": "Traffic counters for a client identified by email.",
"operationId": "get_panel_api_clients_traffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique across the panel).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"email": "user1",
"up": 1048576,
"down": 2097152,
"total": 10737418240,
"expiryTime": 1735689600000
}
}
}
}
}
}
}
},
"/panel/api/clients/subLinks/{subId}": {
"get": {
"tags": [
"Clients"
],
"summary": "Return every protocol URL (vless://, vmess://, trojan://, ss://, hysteria://, hy2://) for clients matching the subscription ID. Same result set as /sub/<subId>, but as a JSON array — no base64. When an inbound has streamSettings.externalProxy set, one URL is emitted per external proxy. Empty array when the subId has no enabled clients.",
"operationId": "get_panel_api_clients_subLinks_subId",
"parameters": [
{
"name": "subId",
"in": "path",
"required": true,
"description": "Subscription ID, taken from the client's subId field.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"vless://uuid@host:443?security=reality&...#user1",
"vmess://eyJ2IjoyLC..."
]
}
}
}
}
}
}
},
"/panel/api/clients/links/{email}": {
"get": {
"tags": [
"Clients"
],
feat: complete Zod migration of frontend + bulk client batching (#4599) * feat(frontend): add Zod runtime validation at API boundary Introduces Zod 4 schemas for response validation on the three highest-traffic endpoints (server/status, nodes/list, setting/all) and a Zod->AntD form rule adapter, replacing the duplicated per-file ApiMsg<T> interfaces. Validation runs safeParse with console.warn + raw-payload fallback so backend drift never breaks the UI for users. Login form switches to schema-driven rules as the proof-of-life for the adapter. Class-based models stay untouched; remaining query/mutation hooks and form modals will migrate in follow-ups. * feat(frontend): extend Zod validation to remaining query/mutation hooks Adds Zod schemas for client/inbound/xray/node-probe endpoints and wires useNodeMutations, useClients, useInbounds, useXraySetting, useDatepicker through parseMsg. Drops the duplicated per-file ApiMsg<T> interfaces and the local ClientRecord / OutboundTrafficRow / XraySettingsValue / DefaultsPayload declarations in favour of schema-inferred types re-exported from the new src/schemas/ modules. API boundary now validates: clients list/paged, clients onlines, clients lastOnline, clients get/hydrate, inbounds slim, inbounds get, inbounds options, defaultSettings, xray config, xray outbounds traffic, xray testOutbound, xray getXrayResult, getDefaultJsonConfig, nodes probe, nodes test. Mutation responses that consume obj (bulkAdjust, delDepleted, nodes probe / test) get response validation; pass-through mutations stay agnostic. NodeFormModal type-aligned to Msg<ProbeResult>. * fix(frontend): allow null slices in client/summary schemas Go's encoding/json emits nil []T as null, not []. The initial ClientPageResponseSchema and ClientHydrateSchema rejected null inboundIds / summary.online / summary.depleted / etc., causing [zod] warnings on every empty list. Add nullableStringArray / nullableNumberArray helpers that accept null and transform to [] so consuming code keeps seeing arrays. Mark ClientRecord.traffic and .reverse nullable too (reverse is explicitly null in MarshalJSON when storage is empty). * fix(vite): treat /panel/xray as SPA page, not API root The dev-server bypass classified /panel/xray as an API path because the PANEL_API_PREFIXES matcher did `stripped === prefix.replace(/\/$/, '')`, which made the bare path collide with the SPA route of the same name (see web/controller/xui.go: g.GET("/xray", a.panelSPA)). On reload, /panel/xray got proxied to the Go backend instead of being served by Vite. The backend returned the embedded built index.html with hashed asset names that the dev server doesn't have, so every asset 404'd. Prefix-only match for trailing-slash entries fixes it: panel/xray/... still routes to the API, but panel/xray itself reaches the SPA branch. * feat(frontend): drive form validation from Zod schemas NodeFormModal — full conversion to AntD Form.useForm with antdRule on every required field. Inline field errors replace the single 'fillRequired' toast. testConnection now runs validateFields(['address','port']) before sending. ClientFormModal and ClientBulkAddModal — minimal conversion: keep the existing useState-driven controlled-component pattern, but replace the hand-rolled `if (!form.x)` checks with schema.safeParse(form). The schema is the single source of truth for required-ness and types; ClientCreateFormSchema layers on the create-only `inboundIds.min(1)` rule. New schemas (in src/schemas/): NodeFormSchema (node.ts) ClientFormSchema / ClientCreateFormSchema (client.ts) ClientBulkAddFormSchema (client.ts) Other 16+ form modals stay on the current pattern — the antdRule adapter ships from the first Zod pass for opportunistic migration as forms are touched. * chore(frontend): silence swagger-ui-react peer-dep warnings on React 19 swagger-ui-react@5.32.6 bundles three deps whose declared peer ranges predate React 19: react-copy-to-clipboard@5.1.0 (peer 15-18) react-debounce-input@3.3.0 (peer 15-18, unmaintained) react-inspector@6.0.2 (peer 16-18) For the first two, the actual code is React-19 compatible - only the metadata is stale. Resolve via npm overrides: - react-copy-to-clipboard bumped to ^5.1.1 (peer is open-ended >=15.3.0 in that release). - react-inspector bumped to ^9.0.0 (^8 was a broken publish per its own deprecation notice). - react-debounce-input is wedged on 3.3.0 with no maintained successor on npm. Use the nested-override syntax to satisfy its react peer: "react-debounce-input": { "react": "^19.0.0" } That tells npm to use our React 19 for the package's peer dependency, which silences the warning without changing the package version. * fix(vite): bypass es-toolkit CJS shim for recharts deep imports The Nodes page (and any other recharts-using route) crashed in dev and prod with TypeError: require_isUnsafeProperty is not a function. Root cause: es-toolkit's package.json exports './compat/*' only via a default condition pointing at the CJS shims under compat/<name>.js. Those shims use a require_X.Y access pattern that Vite's optimizer (Rolldown in Vite 8) and the production Rolldown build both mishandle, losing the named-export accessor and calling the namespace object as a function. recharts imports a dozen of these subpaths with default- import syntax, so every chart path tripped the bug. The matching ESM build at dist/compat/<category>/<name>.mjs is fine, but it only carries a named export. Recharts uses default imports. Plug a small Rollup-compatible plugin (enforce: 'pre') in front of the resolver: any 'es-toolkit/compat/<name>' request becomes a virtual module that imports the named symbol from the right .mjs file and re-exports it as both default and named. The plugin is registered as a top-level plugin (for the prod build) and via the new Vite 8 optimizeDeps.rolldownOptions.plugins (for the dev pre-bundler), so both pipelines pick it up consistently. * feat(frontend): migrate five secondary form modals to Zod schemas Apply the schema + safeParse-on-submit pattern (introduced for ClientFormModal / ClientBulkAddModal) to five more forms: - ClientBulkAdjustModal: ClientBulkAdjustFormSchema enforces 'at least one of addDays / addGB is non-zero' via .refine(), replacing the ad-hoc days+gb check. - BalancerFormModal: BalancerFormSchema covers tag and selector required-ness; the duplicate-tag check stays inline since it needs the otherTags prop. Per-field validateStatus now reads from the parsed issues map. - RuleFormModal: RuleFormSchema captures the form shape (no required fields - every property is optional by design). safeParse short- circuits if anything is structurally wrong. - CustomGeoFormModal: CustomGeoFormSchema folds the regex alias rule and the http(s) URL validation (including URL parse) into the schema, replacing a 20-line validate() function. - TwoFactorModal: TotpCodeSchema (z.string().regex(/^\d{6}$/)) drives both the disabled-state of the OK button and the safeParse gate before the TOTP comparison. Schemas live alongside the matching API schemas: - ClientBulkAdjustFormSchema in schemas/client.ts - BalancerFormSchema / RuleFormSchema / CustomGeoFormSchema in schemas/xray.ts - TotpCodeSchema in schemas/login.ts (next to LoginFormSchema) No UX change for valid inputs. * feat(frontend): block invalid settings saves with Zod pre-save check Tighten AllSettingSchema with the actual valid ranges and patterns: - webPort / subPort / ldapPort: integer 1-65535 - pageSize: integer 1-1000 - sessionMaxAge: integer >= 1 - tgCpu: integer 0-100 (percentage) - subUpdates: integer 1-168 (hours) - expireDiff / trafficDiff / ldapDefault*: non-negative integers - webBasePath / subPath / subJsonPath / subClashPath: must start with / The existing useAllSettings save path runs AllSettingSchema.partial() through safeParse and logs drift without blocking. SettingsPage now adds a stronger gate before the mutation: run the full schema against the draft and, on failure, surface the first issue (field path + message) via the existing messageApi.error so the user actually sees what's wrong instead of silently sending bad data to the backend. Use cases caught: port out of range, negative quota, sub path missing leading slash, page size set to 0, tgCpu > 100. * feat(frontend): schema-guard Inbound and Outbound form submits The two largest forms in the panel send to the backend without ever checking their own port range or required-ness. Schema-gate the top-level fields so obviously bad payloads stop at the client. InboundFormModal: InboundFormSchema (port 1-65535 int, non-empty protocol, the rest of the keys present) runs as a safeParse just before the HttpUtil.post in submit(). The 2000+ lines of protocol- specific subform code stay untouched - that's a separate effort and the existing per-protocol logic (e.g. canEnableStream, isFallbackHost) already gates most of the structural correctness. OutboundFormModal: OutboundTagSchema (trim + min 1) replaces the hand-rolled `if (!ob.tag?.trim()) messageApi.error('Tag is required')` check. The duplicateTag check stays inline because it needs the existingTags prop. Both schemas emit i18n keys for messages with a defaultValue fallback, matching the pattern in BalancerFormModal and SettingsPage. * feat(backend): gate request bodies with go-playground/validator Add a generic BindAndValidate helper in web/middleware that wraps gin's content-aware binder with an explicit validator.Struct call and emits a structured `entity.Msg{Obj: ValidationPayload{Issues...}}` on failure so the frontend can map each issue to an i18n key. Tag the user-facing fields on model.Inbound, model.Node, and entity.AllSetting with the range/enum constraints they were previously relying on hand-rolled CheckValid logic (or nothing) to enforce, and wire the helper into the inbound/node/settings controllers that bind those structs directly. Promotes validator/v10 from indirect to direct require, plus six unit tests covering valid payloads, range violations, enum violations, malformed JSON, in-place binding, and JSON-only strict mode. This is PR1 of a planned end-to-end Zod rollout — controllers using local form structs (custom_geo, setEnable, fallbacks, client) keep their existing handling and will be migrated as their schemas firm up. * feat(codegen): Go-first tool emitting Zod schemas and TS types Add tools/openapigen — a single-binary Go program that walks the exported structs in database/model, web/entity, and xray via go/parser and emits two committed artifacts under frontend/src/generated: - zod.ts shared Zod schemas keyed off `validate:` tags (ports get .min(1).max(65535), Inbound.protocol becomes a z.enum, Node.scheme too, etc.) - types.ts plain TS interfaces inferred from the same walk, so consumers can import Inbound without dragging Zod along The walker flattens embedded structs (AllSettingView.AllSetting), honors json:"-" and omitempty, and accepts per-struct overrides so the JSON-string-inside-JSON columns (Inbound.Settings/StreamSettings/ Sniffing, ClientRecord.Reverse, InboundClientIps.Ips) render as z.unknown() instead of leaking the DB-storage type into the API contract. Type aliases like model.Protocol are emitted as TS aliases and Zod schemas in their own right. Wires `npm run gen:zod` in frontend/package.json so the generator can be re-run without leaving the frontend tree. The existing openapi.json build (gen:api) is left alone for now; migrating the OpenAPI surface to this generator is a follow-up. PR2 of the planned Zod end-to-end rollout. * refactor(frontend): tighten HttpUtil generics from any to unknown Switch the class-level default on Msg<T> and the per-method defaults on HttpUtil.get/post/postWithModal from `any` to `unknown`, so callers that don't pass an explicit T get a narrowed response that must be schema- checked or type-cast before its shape is trusted. Drops the four file-level eslint-disable comments these defaults required. Fixes the nine direct `.obj.field` consumers that surfaced (IndexPage, XrayMetricsModal, NordModal, WarpModal, LogModal, VersionModal, XrayLogModal, CustomGeoSection) by giving each call site the explicit T it should have had from the start — typically a small ad-hoc shape, sometimes a string for the JSON-text-in-Msg.obj pattern used by NordModal/WarpModal/Xray nord/warp endpoints. PR3 of the planned Zod end-to-end rollout — schemas/inbound.ts and schemas/client.ts loose() removal stays parked until the protocol schemas land in Phase 3 to avoid silently dropping fields. * feat(frontend): protocol-leaf Zod schemas with discriminated unions Stand up schemas/primitives (Port, Flow, Protocol, Sniffing) and per-protocol leaf schemas for all 10 inbound and 13 outbound xray protocols. The leaves omit any inner `protocol` literal — the discriminator lives at the parent level so consumers narrow on `.protocol` without redundant projection. Wire shape is preserved per protocol: vmess outbound stays in `vnext[]`, trojan and shadowsocks outbound in `servers[]`, vless outbound flat, http/socks outbound in `servers[].users[]`. Cross-protocol atoms (port, flow, sniffing dest, protocol enum) live in primitives. Protocol-specific enums (vmess security, ss method/network, hysteria version, freedom domain strategy, dns rule action) stay with their leaves. Tagged-wrapper `z.discriminatedUnion('protocol', [...])` composes both InboundSettingsSchema and OutboundSettingsSchema; existing class-based models in src/models/ are untouched and will be retired in Step 3 once the golden-file safety net is in place. * feat(frontend): stream and security Zod families with discriminated unions Stand up the remaining Step 2 families. NetworkSettingsSchema is a 6-branch DU on `network` covering tcp/kcp/ws/grpc/httpupgrade/xhttp, with asymmetric per-network wire keys (tcpSettings, wsSettings, ...) preserved exactly so fixtures round-trip byte-identical. SecuritySettingsSchema is a 3-branch DU on `security` covering none/tls/reality. TLS certs use a file-vs-inline union; uTLS fingerprints are shared between TLS and Reality via a single primitive enum. Hysteria-as-network, finalmask, and sockopt are not in the plan's Step 2 inventory and are deferred to Step 6 (Tighten) - they're orthogonal extras on the stream root, not network-discriminated branches. Resolves a Security identifier collision in protocols/index.ts by re-exporting the type alias as SecurityKind (the `Security` name is taken by the namespace re-export). * test(frontend): vitest harness with golden-file fixtures for inbound protocols Stand up Phase 3 safety net before the models/ rewrite. The harness loads JSON fixtures via Vite's import.meta.glob, parses each through InboundSettingsSchema (the tagged-wrapper DU), and snapshots the canonical parsed shape. Snapshots stay byte-stable across the upcoming class-to- pure-function extraction, catching any normalization drift. Six representative inbound fixtures cover the high-traffic protocols: vless, vmess, trojan, shadowsocks (2022-blake3 multi-user), wireguard, hysteria2. Stream and security branches plus the remaining protocols (http, mixed, tunnel, hysteria) follow in subsequent turns. Uses /// <reference types="vite/client" /> instead of @types/node so we avoid pulling in another type package; import.meta.glob is enough to walk the fixtures directory at compile time. Adds vitest 4.1.7 as the only new dev dependency. test/test:watch scripts land in package.json; a standalone vitest.config.ts keeps the production vite.config.js (which reads from sqlite via DatabaseSync) out of the test runner. * test(frontend): broaden golden coverage to remaining inbounds + stream + security DUs Round out Step 3b. Four more inbound fixtures complete the protocol set (http with two accounts, mixed with socks-style auth, tunnel with a port map, hysteria v1). Two parallel test files cover the other DUs: stream.test.ts walks tcp/ws/grpc fixtures through NetworkSettingsSchema, and security.test.ts walks none/tls/reality through SecuritySettingsSchema. Snapshot count is now 16 across three test files. The reality fixture locks in the array form of serverNames/shortIds (the panel class stores them comma-joined internally but they ship as arrays on the wire). The TLS fixture pins the file-vs-inline cert DU on the file branch. Stream coverage for httpupgrade/xhttp/kcp and security mixed-with-stream combos follow in the next turn, alongside the shadow harness. * test(frontend): shadow-parse harness asserting legacy class and Zod converge Add Step 3c's safety net: for every inbound golden fixture, run the raw payload through both pipelines — legacy: Inbound.Settings.fromJson(protocol, raw.settings).toJson() zod: InboundSettingsSchema.parse(raw).settings — canonicalize each (recursively sort keys, drop empty arrays / null / undefined), and assert byte-equality. This locks the wire shape across the upcoming class-to-pure-function extraction in Step 3d. Any normalization drift introduced by the rewrite trips an assertion here before it can reach users. Two ergonomic wrinkles handled inline: - The legacy class lumps hysteria + hysteria2 onto a single HysteriaSettings (no hysteria2 case in the dispatch table); the test routes hysteria2 fixtures through the HYSTERIA branch. - Empty arrays in Zod's output (e.g. fallbacks: [] from a .default([])) are treated as equivalent to the legacy class's omit-when-empty behavior. Same wire state, different syntactic surface. All 26 tests across 4 test files pass on first run. * refactor(frontend): extract toHeaders + toV2Headers to lib/xray/headers.ts First Step 3d extraction. The XrayCommonClass static helpers toHeaders/toV2Headers are pure data shape conversions with no class hierarchy needs, so they move to a standalone module that callers can import without dragging in models/inbound.ts. The new module exports HeaderEntry + V2HeaderMap as named types so consumers stop reaching into the legacy class for type shapes. A new test file (headers.test.ts) asserts byte-equality with the legacy XrayCommonClass.toHeaders / .toV2Headers across 18 cases — null / undefined / primitive inputs, single-string headers, array-valued headers, duplicate names, empty-name and empty-value filtering, both arr=true (TCP request/response shape) and arr=false (WS / xHTTP / sockopt shape). Drift between the legacy and new impls fails these tests, so the follow-up call-site swap stays safe. Callers (TcpStreamSettings, WsStreamSettings, HTTPUpgradeStreamSettings, TunnelSettings, etc.) still go through XrayCommonClass for now — those swaps land alongside class-method extractions in subsequent turns. Suite is now 44 tests across 5 files; typecheck + lint clean. * refactor(frontend): extract createDefault*Client factories to lib/xray Next Step 3d slice. Five plain-object factories — Vless, Vmess, Trojan, Shadowsocks, Hysteria — replace the legacy `new Inbound.<Protocol>Settings.<Protocol>(...)` constructor chain and the ClientBase XrayCommonClass machinery. Each factory takes an optional seed; missing random fields (id, password, auth, email, subId) fall through to RandomUtil at call time. Forms can hand-pick a UUID; tests pass deterministic seeds so the suite never touches window.crypto. Tests double-verify each factory: a snapshot locks the exact shape, and the matching Zod ClientSchema.parse(out) must equal `out` — no missing defaults, no stray fields, type-narrowed end-to-end. Discovered: VmessClientSchema and VlessClientSchema enforce z.uuid() format, so the test seeds use real-shape UUIDs. Suite: 49 tests across 6 files; typecheck + lint clean. Outbound and inbound-settings factories follow in subsequent turns alongside the toShareLink extraction. * refactor(frontend): add createDefault*InboundSettings factories for all 10 protocols Round out Step 3d's settings factory set. Ten plain-object factories (vless / vmess / trojan / shadowsocks / hysteria / hysteria2 / http / mixed / tunnel / wireguard) replace the legacy `new Inbound.<X>Settings(protocol)` constructors. Each returns a Zod- parsable wire shape with schema defaults applied — no class instance. Forms (Step 4) and InboundsPage clone (Step 5) call these factories directly once the swap lands. Three factories take a seed for random fields: - shadowsocks: method-dependent password length via RandomUtil.randomShadowsocksPassword(method) - hysteria: explicit `version` override (defaults to 2, matching the legacy panel constructor — v1 is opt-in) - wireguard: secretKey from Wireguard.generateKeypair().privateKey Tests double-verify each factory the same way as the client factories: snapshot the shape, then Zod parse round-trip to confirm no missing defaults or stray fields. Suite: 59 tests across 6 files; typecheck + lint clean. Outbound factories and the toShareLink extraction follow next. * refactor(frontend): add getHeaderValue wire-shape lookup to lib/xray/headers Tiny piece of the toShareLink scaffold. The legacy Inbound.getHeader(obj, name) iterated the panel's internal HeaderEntry[] form; the new getHeaderValue reads the Record<string, string|string[]> map our Zod schemas store on the wire. Case-insensitive, returns '' on miss to match the legacy fallback so link-generator call sites stay simple. For repeated-name maps (TCP/WS-style string[] values) the first value wins — matches the legacy iteration order so the share URL's Host hint stays deterministic. Five unit tests cover undefined/null/empty inputs, case folding, string-valued and array-valued matches, empty-array edge case, and missing-key fallback. Suite: 64 tests across 6 files; typecheck + lint clean. This unblocks the next slice: per-protocol link generators (genVmessLink etc.) take a typed inbound + client and call getHeaderValue against the ws/httpupgrade/xhttp/tcp.request header maps. * feat(frontend): stream extras + full InboundSchema with DU intersection Step 3d's last scaffolding piece before link generators. Three new stream-extras schemas land alongside the network/security DUs: - finalmask: TcpMask[] + UdpMask[] + QuicParams. Mask `settings` stays record<string, unknown> for now — there are 13 UDP mask types and 3 TCP mask types with distinct per-type setting shapes, and modeling them all as DUs would dwarf the rest of stream/ without buying anything the shadow harness doesn't already catch. Tightened in Step 6. - sockopt: 17 socket-tuning knobs (TCP keepalive, TFO, mark, tproxy, mptcp, dialer proxy, IPv6-only, congestion). `interfaceName` field matches the panel class naming; serializers rename to `interface` on the wire. - external-proxy: rows ship per inbound describing edge fronts (CDN mirrors). Used by link generators to fan out share URLs. schemas/api/inbound.ts composes the top-level wire shape with intersection-of-DUs: StreamSettingsSchema = NetworkSettingsSchema .and(SecuritySettingsSchema) .and(StreamExtrasSchema) InboundSchema = InboundCoreSchema.and(InboundSettingsSchema) A fixture (vless-ws-tls.json) exercises the full shape — protocol DU, network DU, security DU, and TLS cert file branch in one round trip. The snapshot pins the canonical parsed form so the upcoming link extractor consumes typed input with no class hierarchy underneath. Suite: 65 tests across 7 files; typecheck + lint clean. Zod 4 intersection-of-DUs works. * refactor(frontend): extract genVmessLink to lib/xray/inbound-link.ts First link generator to leave the class hierarchy. genVmessLink takes a typed Inbound + client args and returns the base64-encoded vmess:// URL. Internal helpers (buildXhttpExtra, applyXhttpExtraToObj, applyFinalMaskToObj, applyExternalProxyTLSObj, serializeFinalMask, hasShareableFinalMaskValue, externalProxyAlpn) port across from XrayCommonClass — same logic, rewritten to read the Zod schemas' Record<string, string> headers instead of the legacy HeaderEntry[]. Parity test (inbound-link.test.ts) loads each vmess fixture in golden/fixtures/inbound-full, parses it with InboundSchema for the new pure fn AND constructs LegacyInbound.fromJson(raw) for the class method, then asserts the URLs match byte-for-byte. Drift between the two impls fails here before the call sites in pages/inbounds/* get swapped. Adds a small test setup file that aliases globalThis.window to globalThis so Base64.encode's window.btoa works under Node — keeps the test env at 'node' and avoids pulling jsdom as a new dep. A first vmess-tcp-tls full-inbound fixture pins the round-trip path. Suite: 67 tests across 8 files; typecheck + lint clean. Five more link generators (vless/trojan/ss/hysteria/wireguard) plus the orchestrator (toShareLink, genAllLinks) follow in subsequent turns. * test(frontend): refresh inbound-full snapshot with vmess-tcp-tls fixture * refactor(frontend): extract genVlessLink to lib/xray/inbound-link Second link generator. genVlessLink builds the vless://<uuid>@<host>:<port>?<query>#<remark> share URL from a typed Inbound + client args, dispatching on streamSettings.network for the network-specific knobs and on streamSettings.security for the TLS/Reality knobs. Three param-style helpers move alongside the obj- style ones already in this file: - applyXhttpExtraToParams — writes path/host/mode/x_padding_bytes and the JSON extra blob into URLSearchParams - applyFinalMaskToParams — writes the fm payload when shareable - applyExternalProxyTLSParams — overrides sni/fp/alpn when an external proxy entry is supplied and security is tls A vless-tcp-reality fixture lands alongside the existing vless-ws-tls one, so the parity test now exercises both security branches. Discovered a latent legacy bug while writing parity: the old class stored realitySettings.serverNames as a comma-joined string and gated SNI on `!ObjectUtil.isArrEmpty(serverNames)`, which always returns true for strings — so SNI was never written into Reality share URLs. Existing clients rely on the omission (they pull SNI from realitySettings.target instead). We preserve the omission here to keep this extraction byte-stable; an inline comment marks the spot for a separate intentional fix. Suite: 70 tests across 8 files; typecheck + lint clean. * refactor(frontend): extract genTrojanLink + genShadowsocksLink to lib/xray Third and fourth link generators. genTrojanLink mirrors genVlessLink's shape (URLSearchParams + network/security branches + remark hash) minus the encryption/flow VLESS-isms. genShadowsocksLink shares the same query construction but base64-encodes the userinfo portion as method:password or method:settingsPw:clientPw depending on whether SS-2022 is in single-user or multi-user mode. Three reusable helpers move out of the per-protocol functions: - writeNetworkParams: the per-network switch that all param-style links share (tcp http header / kcp mtu+tti / ws path+host / grpc serviceName+authority / httpupgrade / xhttp extras) - writeTlsParams: fingerprint/alpn/ech/sni - writeRealityParams: pbk/sid/spx/pqv (preserves the SNI-omission legacy parity quirk noted in the genVlessLink commit) genVmessLink stays with its inline switch — it builds a JSON obj instead of URLSearchParams and has per-network quirks (kcp emits mtu+tti at the obj root, grpc maps multiMode to obj.type='multi') that don't factor cleanly through the shared writer. Two new full-inbound fixtures (trojan-ws-tls, shadowsocks-tcp-2022) plus matching parity tests bring the suite to 74 tests across 8 files; typecheck + lint clean. * refactor(frontend): extract genHysteriaLink + Wireguard link/config to lib/xray Fifth and sixth link generators. genHysteriaLink builds the v1/v2 share URL (scheme picked from settings.version), copying TLS knobs into the query, surfacing the salamander obfs password from finalmask.udp[type=salamander] when present, and writing the broader finalmask payload under `fm` like the other links. Legacy parity note: the old genHysteriaLink read stream.tls.settings.allowInsecure, which isn't a field on TlsStreamSettings.Settings — the guard always evaluated false and the `insecure` param never made it into the URL. We omit it here to stay byte-stable. genWireguardLink and genWireguardConfig take a typed WireguardInboundSettings + peer index and: - link: wireguard://<peerPriv>@host:port?publickey=&address=&mtu=#remark - config: the .conf text WireGuard clients consume directly Both derive the server pubKey from settings.secretKey via Wireguard.generateKeypair at call time — Zod stores only secretKey on the wire (pubKey is computed). The Wireguard utility is pure JS (X25519 over Float64Array), so it runs fine under node + the window polyfill we added with the vmess extraction. Two new full-inbound fixtures (hysteria-v1-tls, wireguard-server) plus matching parity tests bring the suite to 78 tests across 8 files; typecheck + lint clean. Hysteria2 (protocol literal) parity stays deferred — the legacy class has no HYSTERIA2 dispatch case, so it can't round-trip a hysteria2 fixture without a protocol remap. Same trick the shadow harness uses; revisit in the orchestrator commit. * refactor(frontend): extract share-link orchestrator to lib/xray/inbound-link Last slice of Step 3d. Five orchestrator exports compose the per- protocol generators into the public surface the panel consumes: - resolveAddr(inbound, hostOverride, fallbackHostname): picks the address that goes into share/sub URLs. Browser `location.hostname` is no longer a hidden dependency — callers pass it in (or any other fallback they want). - getInboundClients(inbound): protocol-aware clients accessor. Mirrors the legacy `Inbound.clients` getter, including the SS quirk where 2022-blake3-chacha20 single-user inbounds report null (no client loop) and everything else returns the clients array. - genLink: per-protocol dispatcher matching legacy Inbound.genLink. - genAllLinks: per-client fanout. Builds the remarkModel-formatted remark (separator + 'i'/'e'/'o' field picker) and iterates streamSettings.externalProxy when present. - genInboundLinks: top-level \r\n-joined link block. Loops per client for clientful protocols, single-shots SS for non-multi-user, and delegates to genWireguardConfigs for wireguard. Returns '' for http/mixed/tunnel (no share URL at all). Plus genWireguardLinks / genWireguardConfigs fanouts which iterate peers and append index-suffixed remarks. Parity test exercises every full-inbound fixture against legacy Inbound.genInboundLinks. Skips hysteria2 (no legacy dispatch case; that bridge belongs in a separate intentional commit alongside the form modal swap). Suite: 89 tests across 8 files; typecheck + lint clean. Next: Step 4 form modal migrations. Forms can now drop `new Inbound.Settings.getSettings(protocol)` in favor of the createDefault*InboundSettings factories, and InboundsPage clone can swap to genInboundLinks. Models/ deletion follows in Step 5 once all call sites are off the class. * refactor(frontend): swap InboundsPage clone fallback off Inbound.Settings.getSettings First Step 4 call-site swap. createDefaultInboundSettings(protocol) lands in lib/xray/inbound-defaults — a protocol-aware dispatch over the 10 per-protocol settings factories already in this module. Returns a Zod- parsable plain object instead of a class instance, so callers that just need the wire-shape JSON can drop the class hierarchy without touching the broader form modals. InboundsPage's clone path used Inbound.Settings.getSettings(p).toString() as the fallback when settings JSON parsing failed. That's now createDefaultInboundSettings + JSON.stringify, with a final '{}' guard for unknown protocols (legacy returned null and .toString() crashed — we just emit empty settings instead). The Inbound import on this file is now unused and removed. The 2 remaining getSettings call sites in InboundFormModal aren't safe to swap in isolation — the form mutates the returned class instance through methods like .addClient() and .toJson() across ~2000 lines of JSX. Those land with the full Pattern A rewrite of InboundFormModal, which the plan budgets at multiple days on its own. Suite: 89 tests across 8 files; typecheck + lint clean. * refactor(frontend): lift Protocols + TLS_FLOW_CONTROL consts to schemas/primitives Step 4b. The Protocols and TLS_FLOW_CONTROL enums on models/inbound.ts were dragging five page files into that 3,300-line module just to read literal string constants. Lifting them to schemas/primitives lets those pages drop the @/models/inbound import entirely. - schemas/primitives/protocol.ts now exports a Protocols const map alongside the existing ProtocolSchema. TUN stays in the const for parity (legacy panel deployments may have saved TUN inbounds) even though the Go validator no longer accepts it as a new write. - schemas/primitives/flow.ts now exports TLS_FLOW_CONTROL. The empty-string default isn't keyed because the legacy never had a NONE entry — call sites compare against the two real flow values. Updated five consumers: - useInbounds.ts: TRACKED_PROTOCOLS now annotated readonly string[] so .includes(string) keeps narrowing through the array literal - QrCodeModal.tsx, InboundInfoModal.tsx: Protocols - ClientFormModal.tsx, ClientBulkAddModal.tsx: TLS_FLOW_CONTROL Suite: 89 tests across 8 files; typecheck + lint clean. models/inbound.ts is now imported by: - InboundFormModal.tsx (heavy use of Inbound class + getSettings) - test/inbound-link.test.ts + test/shadow.test.ts + test/headers.test.ts (intentional — these are parity tests against the legacy class) OutboundFormModal still imports from models/outbound. Both form modals are the multi-day Pattern A rewrites the plan scopes separately. * refactor(frontend): lift OutboundProtocols + OutboundDomainStrategies to schemas/primitives Moves the two outbound-side consts out of models/outbound.ts and into schemas/primitives/outbound-protocol.ts. Renames the export to OutboundProtocols to disambiguate from the inbound Protocols const (different key casing — PascalCase vs ALL CAPS — and partly different member set, so they cannot share a single const). OutboundsTab.tsx keeps its 15+ Protocols.X call sites by aliasing the import. FinalMaskForm.tsx and BasicsTab.tsx swap directly. Drops a stale `as string[]` cast in BasicsTab that no longer fits the new readonly-tuple typing. After this commit only the two big form modals (InboundFormModal/OutboundFormModal) plus three intentional parity tests still import from @/models/. * refactor(frontend): lift outbound option dictionaries to schemas/primitives Adds schemas/primitives/options.ts with UTLS_FINGERPRINT, ALPN_OPTION, SNIFFING_OPTION, USERS_SECURITY, MODE_OPTION (all identical between models/inbound.ts and models/outbound.ts) plus the outbound-only WireguardDomainStrategy, Address_Port_Strategy, and DNSRuleActions. OutboundFormModal now pulls 9 consts from primitives. Only `Outbound` (the class) and `SSMethods` (whose inbound/outbound versions diverge by 2 legacy aliases — keep the picker open for the Pattern A rewrite) still come from @/models/outbound. Drops three stale `as string[]` casts on what are now readonly tuples. * refactor(frontend): swap InboundFormModal option dicts to schemas/primitives Extends primitives/options.ts with the five inbound-only option dicts (TLS_VERSION_OPTION, TLS_CIPHER_OPTION, USAGE_OPTION, DOMAIN_STRATEGY_OPTION, TCP_CONGESTION_OPTION) and lifts InboundFormModal off @/models/inbound for 10 of its 12 imports. Only the Inbound class and SSMethods (inbound vs outbound versions diverge by 2 entries) still come from @/models/. Widens NODE_ELIGIBLE_PROTOCOLS Set element type to string since the new primitives const exposes a narrow literal union that `.has(arbitraryString)` would otherwise reject. * feat(frontend): InboundFormValues schema for Pattern A rewrite Foundation for the InboundFormModal rewrite. Mirrors the wire Inbound shape (intersection of core fields + protocol settings DU + stream/security DUs) plus the DB-side fields (up/down/total/trafficReset/nodeId/...) that flow through DBInbound rather than the xray config slice. InboundStreamFormSchema is exported separately so individual sub-form sections can rule against just the stream portion when needed. FallbackRowSchema is co-located here even though fallbacks save via a distinct endpoint after the main POST — they belong to the same form state from the user's perspective. No modal changes in this commit. Foundation only; subsequent turns swap the modal's `inboundRef`/`dbFormRef` mutable-class state for Form.useForm<InboundFormValues>(). * feat(frontend): adapter between raw inbound rows and InboundFormValues Adds lib/xray/inbound-form-adapter.ts with rawInboundToFormValues and formValuesToWirePayload. The pair is the data boundary the upcoming Pattern A modal will use: it consumes the DB row shape (settings et al. as string OR object — coerced internally), hands the modal typed InboundFormValues, and on submit reverses the trip to a wire payload with the three JSON-stringified slices the Go endpoints expect. No dependency on the legacy Inbound/DBInbound classes — the coerce step is inlined so the adapter survives the eventual models/ deletion. Adds 10 Vitest cases covering string vs object inputs, the optional streamSettings/nodeId fields, trafficReset coercion, and a raw-to-payload -to-raw round-trip equality. * feat(frontend): protocol capability predicates as pure functions Adds lib/xray/protocol-capabilities.ts with the seven predicates the modals call: canEnableTls, canEnableReality, canEnableTlsFlow, canEnableStream, canEnableVisionSeed, isSS2022, isSSMultiUser. Each takes a minimal slice of an InboundFormValues, no class instance. The legacy isSSMultiUser returns true on non-shadowsocks protocols too (method getter resolves to "" which != blake3-chacha20-poly1305). The new function preserves this quirk and documents it inline; callers all narrow on protocol === shadowsocks before checking, so the surprising return value never surfaces. Parity harness in test/protocol-capabilities.test.ts crosses each of the 10 golden fixtures with 14 stream configurations (network × security) and asserts each predicate matches the legacy class method — 140 cases, all green. * feat(frontend): outbound settings factories + dispatcher Adds lib/xray/outbound-defaults.ts parallel to inbound-defaults.ts: 13 createDefault*OutboundSettings factories (one per outbound protocol) plus the createDefaultOutboundSettings(protocol) dispatcher mirroring Outbound.Settings.getSettings's contract — non-null on each known protocol, null otherwise. The factory output matches the legacy `new Outbound.<X>Settings()` start state: required-by-schema fields the user fills in via the form (address, port, password, id, peer publicKey/endpoint) come back as empty stubs. Wireguard alone seeds secretKey via the X25519 generator; the rest expose blank fields. This is the same behavior the OutboundFormModal relies on for protocol-change resets. Shadowsocks defaults to 2022-blake3-aes-128-gcm rather than the legacy undefined — the Select snaps to the first option anyway, so the coherent default keeps the modal from rendering an empty picker. Tests cover three layers: - exact-shape snapshots per factory (13 cases) - Zod schema acceptance after sensible stub fill-in (13 cases) - dispatcher non-null per known protocol + null for the unknown (14 cases) * feat(frontend): InboundFormModal.new.tsx skeleton (Pattern A) First commit of the sibling-file modal rewrite. The new modal mounts Form.useForm<InboundFormValues>, hydrates via rawInboundToFormValues on open (edit) or buildAddModeValues (add), runs validateFields + safeParse on submit, and posts the formValuesToWirePayload result. No tabs yet — the modal body shows a WIP placeholder. The file is not imported anywhere; the existing InboundFormModal.tsx remains the one InboundsPage renders. Build, lint, and 280 tests stay green. Subsequent commits add the basic / sniffing / protocol / stream / security / advanced / fallbacks sections; the atomic import swap in InboundsPage.tsx lands last. * feat(frontend): basic tab on InboundFormModal.new.tsx (Pattern A) First real section of the sibling-file rewrite. Wires AntD Form.Items to InboundFormValues paths for the basic tab — enable, remark, deployTo (when protocol is node-eligible), protocol, listen, port, totalGB, trafficReset, expireDate. The port input gets a per-field antdRule against InboundFormBaseSchema.shape.port — the spec's Pattern A reference. The intersection-typed InboundFormSchema has no .shape accessor, so per-field rules pull from the underlying ZodObject components. totalGB and expireDate are bytes/timestamp on the wire but a GB number / dayjs picker in the UI. Both use shouldUpdate-closure children that read form state and call setFieldValue on user input — no transient form-only fields, no DU-shape surprises at submit time. Protocol-change cascade lives in Form's onValuesChange: pick a new protocol and the settings DU branch is reset to createDefaultInboundSettings(next); a non-node-eligible protocol also clears nodeId. Modal still renders a single-tab Tabs container. Sniffing tab is next. * feat(frontend): sniffing tab on InboundFormModal.new.tsx (Pattern A) Second section of the sibling-file rewrite. Wires the six sniffing sub-fields to nested form paths ['sniffing', 'enabled'], ['sniffing', 'destOverride'], etc. Uses Form.useWatch on the enabled flag to drive conditional rendering of the dependent fields — the same gate the legacy modal expressed via `ib.sniffing.enabled &&`. Checkbox.Group renders one Checkbox per SNIFFING_OPTION entry. The two exclusion lists use Select mode="tags" so the user can paste comma- separated IP/CIDR or domain rules. No transient form state, no class methods — every field maps directly to a wire-shape path in InboundFormValues. Protocol tab is next. * feat(frontend): protocol tab VLESS auth on InboundFormModal.new.tsx Adds the protocol tab to the sibling-file rewrite — currently only the VLESS section, which lays out decryption/encryption inputs and the three buttons that drive them: Get New x25519, Get New mlkem768, Clear. getNewVlessEnc + clearVlessEnc are ported from the legacy modal as pure setFieldValue paths into ['settings', 'decryption'] / ['settings', 'encryption'] — no class methods, no inboundRef. The matchesVlessAuth helper mirrors the legacy fuzzy label-matching so the backend response shape stays the only source of truth. selectedVlessAuth derives the displayed auth label from the encryption string via Form.useWatch — same heuristic as the legacy modal (.length > 300 → mlkem768, otherwise x25519). Tab spread is conditional: the protocol tab only appears when protocol === 'vless' right now. As more protocol sections land (shadowsocks, http/mixed, tunnel, tun, wireguard) the condition will widen to cover each one. * feat(frontend): protocol tab Shadowsocks section (Pattern A) Adds the Shadowsocks sub-form: method picker (from SSMethodSchema's seven schema-aligned options), conditional password input gated on isSS2022, network picker (tcp/udp/tcp,udp), ivCheck toggle. Method change cascades through the Select's onChange — regenerating the inbound-level password via RandomUtil.randomShadowsocksPassword. The shadowsockses[] multi-user list reset is deferred until the clients-management section lands. Uses isSS2022 from lib/xray/protocol-capabilities to gate the password field exactly the way the legacy modal did — keeps the form behavior identical without referencing the legacy class. SSMethodSchema.options drives the Select rather than the legacy SSMethods const (which the inbound modal pulled from models/inbound.ts). This commits to the schema-aligned 7-entry list for inbound; the outbound divergence (9 entries with legacy aliases) is still pending in OutboundFormModal — defer the UX decision to that rewrite. * feat(frontend): protocol tab HTTP and Mixed sections (Pattern A) Adds the HTTP and Mixed sub-forms. Both share an accounts list — first Form.List usage in the rewrite. Each row binds via [field.name, 'user'] / [field.name, 'pass'] under the parent ['settings', 'accounts'] path, so the wire shape stays exactly what HttpInboundSettingsSchema and MixedInboundSettingsSchema validate. HTTP-only: allowTransparent Switch. Mixed-only: auth Select (noauth/password), udp Switch, conditional ip Input gated on the udp value via Form.useWatch. Tab visibility widens to include http + mixed alongside vless + shadowsocks. The string cast on the includes-check keeps the frozen Protocols const's narrow union from rejecting the broader protocol string at the call site. * feat(frontend): protocol tab Tunnel section (Pattern A) Adds the Tunnel sub-form: rewriteAddress + rewritePort, allowedNetwork picker (tcp/udp/tcp,udp), Form.List-driven portMap with name/value pairs, and the followRedirect Switch. portMap is the second Form.List in the rewrite — same shape as the HTTP/Mixed accounts list but with name/value rather than user/pass. The wire shape stays `settings.portMap: { name, value }[]` exactly. Tab visibility widens to Tunnel. * feat(frontend): protocol tab TUN section (Pattern A) Adds the TUN sub-form: interface name, MTU, four primitive-array Form.Lists (gateway, dns, autoSystemRoutingTable), userLevel, autoOutboundsInterface. Primitive Form.Lists bind each row's Input directly to `field.name` (no inner key) — distinct from the object-row Form.Lists that bind to `[field.name, 'fieldKey']`. The Form.useWatch('protocol') return type comes from the schema's protocol enum which excludes 'tun' (TUN is in the legacy Protocols const for data parity but never accepted by the wire validator). Cast to string at the source so per-section comparisons against Protocols.TUN typecheck. Why: legacy DB rows with protocol === 'tun' still need to render; widening here keeps reads from rejecting them. Tab visibility widens to TUN. * feat(frontend): protocol tab Wireguard section (Pattern A) Adds the Wireguard sub-form: server secretKey input with regen icon, derived disabled public-key display, mtu, noKernelTun toggle, and a Form.List of peers — each peer having its own privateKey (regen icon), publicKey, preSharedKey, allowedIPs (nested Form.List for the string array), keepAlive. pubKey is purely derived (computed via Wireguard.generateKeypair from the watched secretKey) and is NOT stored in the form value — the schema omits it from the wire shape on purpose. The disabled display shows the live derivation without polluting form state. regenInboundWg generates a fresh keypair and writes only the secretKey path; pubKey re-derives automatically. regenWgPeerKeypair writes both privateKey and publicKey at the peer's path index. The preSharedKey wire-shape name is used instead of the legacy class's internal psk — matches WireguardInboundPeerSchema. Tab visibility widens to Wireguard. * feat(frontend): stream tab skeleton with TCP + KCP (Pattern A) Opens the stream tab on the sibling-file rewrite. Tab visibility is driven by canEnableStream from lib/xray/protocol-capabilities — same gate the legacy modal used, now schema-aware. Transmission picker (network select) is hidden for HYSTERIA since that protocol's network is implicit. onNetworkChange clears any stale per-network settings keys (tcpSettings/kcpSettings/...) and seeds an empty object for the new branch so AntD Form.Items don't read from undefined nested paths. TCP section: acceptProxyProtocol Switch (literal-true-optional on the wire — the form stores true/false but Zod's strip behavior keeps false-as-omission round-trips clean) plus an HTTP-camouflage toggle that flips header.type between 'none' and 'http'. The full HTTP camouflage request/response sub-form lands in a follow-up commit. KCP section: six numeric knobs (mtu, tti, upCap, downCap, cwndMultiplier, maxSendingWindow). WS / gRPC / HTTPUpgrade / XHTTP / external-proxy / sockopt / hysteria stream / FinalMaskForm hookup all still pending. * feat(frontend): stream tab WS + gRPC + HTTPUpgrade sections (Pattern A) Adds the three medium-complexity network branches to the stream tab. Plain Form.Item paths into the corresponding *Settings keys — no Form.List wrappers since these schemas don't have arrays at the top level. WS: acceptProxyProtocol, host, path, heartbeatPeriod gRPC: serviceName, authority, multiMode HTTPUpgrade: acceptProxyProtocol, host, path Header editing is deferred to a later commit — WsHeaderMap is a Record<string,string> on the wire, V2HeaderMap a Record<string,string[]>, and the form needs an array-of-{name,value} UI that converts on edit. Worth building once and reusing across WS, HTTPUpgrade, XHTTP, TCP request/response, and Hysteria masquerade headers. XHTTP + external-proxy + sockopt + hysteria stream + finalmask hookup still pending. * feat(frontend): stream tab XHTTP section (Pattern A) XHTTP is the heaviest network branch — 19 fields rendered conditionally on mode, xPaddingObfsMode, and the three *Placement selectors. Each gates its dependent field set via Form.useWatch. Field structure mirrors the legacy XHTTPStreamSettings form 1:1: - mode picker (auto / packet-up / stream-up / stream-one) - packet-up adds scMaxBufferedPosts + scMaxEachPostBytes; stream-up adds scStreamUpServerSecs - serverMaxHeaderBytes, xPaddingBytes, uplinkHTTPMethod (with the packet-up gate on the GET option) - xPaddingObfsMode unlocks xPadding{Key,Header,Placement,Method} - sessionPlacement / seqPlacement each unlock their respective Key field when set to anything other than 'path' - packet-up mode additionally unlocks uplinkDataPlacement, and that in turn unlocks uplinkDataKey when the placement is not 'body' - noSSEHeader Switch at the tail XHTTP headers editor still pending (same WsHeaderMap as WS — will be unified in the header-editor extraction commit). * feat(frontend): stream tab external-proxy + sockopt sections (Pattern A) External Proxy: Switch driven by externalProxy array length. Toggling on seeds one row with the window hostname + the inbound's current port; toggling off clears the array. Each row is a Form.List item with forceTls/dest/port/remark inline, and a nested SNI/Fingerprint/ALPN row that conditionally renders on forceTls === 'tls' via a shouldUpdate-closure that watches the per-row forceTls path. Sockopt: Switch driven by whether the sockopt object exists in form state. Toggling on calls SockoptStreamSettingsSchema.parse({}) so every default the schema declares (mark=0, tproxy='off', domainStrategy='UseIP', tcpcongestion='bbr', etc.) flows into the form; toggling off sets to undefined. Renders the seventeen sockopt fields directly bound to ['streamSettings', 'sockopt', X] paths. Option lists pull from the primitives const dictionaries (UTLS_FINGERPRINT, ALPN_OPTION, DOMAIN_STRATEGY_OPTION, TCP_CONGESTION_OPTION) rather than the schema's .options to keep one source of truth for UI label strings. * feat(frontend): security tab base + TLS section (Pattern A) Adds the security tab to the sibling-file rewrite. Visibility is paired with the stream tab — both gated on canEnableStream. The security selector is itself disabled when canEnableTls is false, and the reality option only appears when canEnableReality is true, mirroring the legacy modal's Radio.Group guards. onSecurityChange clears the previous branch's *Settings key and seeds the new branch from the schema's parsed defaults (the same trick the sockopt toggle uses). The security selector itself is rendered via a shouldUpdate closure so the on-change handler can write the cleaned streamSettings shape atomically without racing AntD's per-field sync. TLS section: serverName (the wire field — the legacy class calls it sni internally), cipherSuites (with the 13 named suites from TLS_CIPHER_OPTION), min/max version pair, uTLS fingerprint, ALPN multi-select, plus the three policy Switches. TLS certificates list, ECH controls, the full Reality sub-form, and the four API-call buttons (genRealityKeypair / genMldsa65 / getNewEchCert / randomizers) land in a follow-up commit. * feat(frontend): security tab Reality + ECH + mldsa65 controls (Pattern A) Adds the Reality sub-form and the four API-call buttons that drive the server-generated material: - genRealityKeypair calls /panel/api/server/getNewX25519Cert and writes the result into ['streamSettings', 'realitySettings', 'privateKey'] and the nested settings.publicKey path. - genMldsa65 calls /panel/api/server/getNewmldsa65 for the post-quantum seed/verify pair. - getNewEchCert calls /panel/api/server/getNewEchCert with the current serverName and writes echServerKeys + settings.echConfigList. - randomizeRealityTarget seeds target + serverNames from the random reality-targets pool. - randomizeShortIds calls RandomUtil.randomShortIds (comma-joined string) and splits into the schema's string[] form. Reality fields are bound directly to schema paths — show/xver/target, maxTimediff, min/max ClientVer, the settings.{publicKey, fingerprint, spiderX, mldsa65Verify} nested subtree, plus the array fields (serverNames, shortIds) rendered as Select mode="tags" since both ship as string[] on the wire. TLS certificates list (Form.List with the useFile DU) still pending — that's a chunky sub-form on its own. * feat(frontend): security tab TLS certificates list (Pattern A) Closes out the security tab: a Form.List of certificates that toggles between TlsCertFileSchema (certificateFile + keyFile string paths) and TlsCertInlineSchema (certificate + key as string arrays per the wire shape) via a per-row useFile boolean. useFile is a transient form-only field — not part of TlsCertSchema. Zod's default-strip behavior drops it during InboundFormSchema parse on submit, leaving only the matching wire branch's keys populated. Whichever side the user wasn't on stays empty, so Zod's union picks the populated branch. For inline certs the TextAreas use normalize + getValueProps to convert between the wire-side string[] and the multi-line text the user types. Each line becomes one array element, matching the legacy class's `cert.split('\n')` toJson convention. Per-row buildChain is conditionally rendered when usage === 'issue' — a shouldUpdate-closure watches the specific path so the toggle re-renders inline without listening to unrelated form changes. Security tab is now functionally complete. Advanced JSON tab, Fallbacks card, and the atomic swap in InboundsPage are next. * feat(frontend): advanced JSON tab on InboundFormModal.new.tsx (Pattern A) Adds the advanced JSON tab. Each sub-tab (settings / streamSettings / sniffing) renders an AdvancedSliceEditor — a small CodeMirror-backed JsonEditor that holds a local text buffer and forwards parsed JSON to form state on every valid edit. Invalid JSON sits silently in the local buffer; once the user finishes balancing braces / quoting, the next valid parse pushes through to the form. No stamping ref, no apply-on-tab-switch ceremony — the form is the single source of truth. The buffer seeds once from form state on mount. The Modal's destroyOnHidden means each open is a fresh editor instance, so external form mutations during a single open session can't desync the editor either. The streamSettings sub-tab is omitted when streamEnabled is false (matching the legacy modal's behavior for protocols like Http / Mixed that have no stream layer). * feat(frontend): fallbacks card on InboundFormModal.new.tsx (Pattern A) Adds the fallbacks card rendered inside the protocol tab whenever the current values describe a fallback host — VLESS or Trojan on tcp with tls or reality security. The protocol tab visibility widens to include Trojan in that exact case (it has no other protocol sub-form). Fallbacks live in a useState alongside the form rather than inside form values, mirroring the legacy modal: fallbacks save via a distinct endpoint (/panel/api/inbounds/{id}/fallbacks) after the main inbound POST, not as part of the inbound payload. loadFallbacks runs on open for edit-mode VLESS/Trojan; saveFallbacks runs after a successful POST inside the submit handler. Each row: child picker (filtered down to other inbounds), then four inline edits for SNI / ALPN / path / xver. Add adds an empty row; delete pulls the row from state. Quick-Add-All, the rederive-from-child helper, and the per-row up/down movers are deferred — the basic add/edit/remove cycle is what the modal actually needs to function. * feat(frontend): atomic swap InboundFormModal to Pattern A Deletes the 2261-line class-mutation modal and renames the 1900-line sibling rewrite into its place. InboundsPage.tsx already imports the file by path so no consumer change is needed — the swap is one file delete plus one file rename. Build, lint, and 280 tests stay green. What the new modal covers end-to-end: - Basic (enable / remark / nodeId / protocol / listen / port / totalGB / trafficReset / expireDate) - Sniffing (enabled / destOverride / metadataOnly / routeOnly / ipsExcluded / domainsExcluded) - Protocol per DU branch: VLESS (decryption/encryption + buttons), Shadowsocks (method/password/network/ivCheck), HTTP + Mixed (accounts list + per-protocol toggles), Tunnel (rewrite + portMap + followRedirect), TUN (interface/mtu + four primitive lists + userLevel/autoInterface), Wireguard (secretKey + derived pubKey + peers list with nested allowedIPs) - Stream per network: TCP base, KCP, WS, gRPC, HTTPUpgrade, XHTTP (the 22-field one), plus external-proxy and sockopt extras - Security: TLS (SNI/cipher/version/uTLS/ALPN/policy switches + certificates list with file/inline toggle + ECH controls), Reality (every field + the four API-call buttons), none - Advanced JSON (settings / streamSettings / sniffing live editors that round-trip into form state on every valid parse) - Fallbacks (load on open for VLESS/Trojan TLS-or-Reality TCP hosts; save through the secondary endpoint after the main POST succeeds) Known regressions vs the legacy modal, all reachable via Advanced JSON until backfilled in follow-up commits: - Hysteria stream sub-form (masquerade / udpIdleTimeout / version) — schema gap; the existing inbound DU has no hysteria stream branch - FinalMaskForm hookup — the component is still class-shape coupled - HeaderMapEditor — TCP request/response headers, WS / HTTPUpgrade / XHTTP headers, Hysteria masquerade headers all need a shared editor - TCP HTTP camouflage request/response body (version, method, path list, headers, status, reason) — only the on/off toggle is wired - Fallbacks polish — up/down move, quick-add-all, rederive-from-child, the per-row advanced-toggle / proxy-tag chips No reference to @/models/inbound's Inbound class anywhere in the new modal — only @/models/dbinbound (out of scope) and @/models/reality-targets (out of scope). The protocol-capabilities predicates and the rawInboundToFormValues + formValuesToWirePayload adapters carry every behavior the class used to provide. * fix(frontend): finish InboundFormModal rename after atomic swap The atomic-swap commit landed the new file but the exported function was still named InboundFormModalNew. Rename to match the file. * feat(frontend): outbound form schema + wire adapter foundation Lay the groundwork for OutboundFormModal's Pattern A rewrite: - schemas/forms/outbound-form.ts: discriminated-union form values across all 12 outbound protocols, with flat per-protocol settings shapes that match the legacy class fields (vmess vnext / trojan-ss-socks-http servers / wireguard csv address-reserved all flattened). - lib/xray/outbound-form-adapter.ts: rawOutboundToFormValues converts wire-shape outbound JSON to typed form values; formValuesToWirePayload re-nests on submit. Replaces the Outbound.fromJson/toJson dependency the modal currently has on the legacy class hierarchy. - test/outbound-form-adapter.test.ts: 15 round-trip cases covering each protocol's wire quirks (vmess vnext flatten, vless reverse-wrap, wireguard csv↔array, blackhole response wrap, DNS rule normalization, mux gating). * feat(frontend): OutboundFormModal.new.tsx skeleton (Pattern A) Sibling .new.tsx file with the Modal shell, Tabs (Basic/JSON), Form.useForm hydration via rawOutboundToFormValues, and the submit pipeline that calls formValuesToWirePayload before onConfirm. Tag uniqueness check is wired in. Protocol-specific sub-forms, stream, security, sockopt, and mux sections are deferred to subsequent commits — accessible via the JSON tab in the meantime. The InboundsPage continues to render the legacy modal until the atomic swap at the end. Also: rawOutboundToFormValues now returns streamSettings as undefined when the wire payload omits it, so Form.useForm doesn't receive a value that does not match the NetworkSettings discriminated union. * feat(frontend): OutboundFormModal.new.tsx vmess/vless/trojan/ss sections - Shared connect-target sub-block (address + port) for the six protocols whose form schema carries them flat at settings root. - VMess: id + security Select (USERS_SECURITY). - VLESS: id + encryption + flow + reverseTag (reverse-sniffing slice and Vision testpre/testseed come in a later commit). - Trojan: password. - Shadowsocks: password + method Select (SSMethodSchema) + UoT switch + UoT version. onValuesChange cascade: when the user picks a different protocol, the adapter re-seeds the settings sub-object to the new protocol's defaults so leftover fields from the previous protocol do not bleed through. * feat(frontend): OutboundFormModal.new.tsx socks/http/hysteria/loopback/blackhole/wireguard sections - SOCKS / HTTP: user + pass at settings root. - Hysteria: read-only version=2 (the actual transport knobs live on stream.hysteria, added with the stream tab). - Loopback: inboundTag. - Blackhole: response type Select with empty/none/http options. - Wireguard: address (csv) + secretKey (with regenerate icon) + derived pubKey + domain strategy + MTU + workers + no-kernel-tun + reserved (csv) + peers Form.List with nested allowedIPs sub-list. Wireguard regenerate icon uses Wireguard.generateKeypair() and writes both keys to the form via setFieldValue — preserves the legacy UX of the SyncOutlined inline-icon next to the privateKey label. * feat(frontend): OutboundFormModal.new.tsx DNS + Freedom + VLESS reverse-sniffing - DNS: rewriteNetwork (udp/tcp Select) + rewriteAddress + rewritePort + userLevel + rules Form.List (action/qtype/domain). - Freedom: domainStrategy + redirect + Fragment Switch with conditional 4-field sub-block (legacy 'enable Fragment' UX preserved — Switch sets all four fields to populated defaults, off-state empties them all out so the adapter strips them on submit) + Noises Form.List (rand/base64/ str/hex types, packet/delay/applyTo per row) + Final Rules Form.List with conditional block-delay sub-field. - VLESS reverse-sniffing slice: rendered only when reverseTag is set (matches the legacy modal's nested conditional). All six fields wired to the form state with appropriate widgets (Switch / Select multi / Select tags). * feat(frontend): OutboundFormModal.new.tsx stream tab (TCP/KCP/WS/gRPC/HTTPUpgrade) Wire the stream sub-form into the Pattern A modal: - newStreamSlice(network) helper bootstraps the per-network DU branch with Xray defaults (mtu=1350, tti=20, uplinkCapacity=5, etc.). - streamSettings is seeded once when the protocol supports streams but the form has no slice yet (new outbound + protocol switch). - onNetworkChange swaps the sub-key and preserves security when the new network still supports it, else snaps back to 'none'. - Per-network sub-forms wired: TCP: HTTP camouflage Switch (sets header.type = 'http' / 'none') KCP: 6 numeric tuning fields WS: host + path + heartbeat gRPC: service name + authority + multi-mode switch HTTPUpgrade: host + path XHTTP: host + path + mode + padding bytes (advanced fields via JSON) Security radio, TLS/Reality sub-forms, sockopt, and mux still pending. * feat(frontend): OutboundFormModal.new.tsx security tab (TLS + Reality + Flow) - onSecurityChange cascade: swaps tlsSettings/realitySettings sub-key matching the DU branch, seeding the new sub-form with empty/default fields so the UI does not reference undefined values. - Flow Select rendered when canEnableTlsFlow is true (VLESS + TCP + TLS/Reality). Moved from the basic VLESS section so it only appears in the relevant security context — matches the legacy modal UX. - Security Radio (none / TLS / Reality) gated by canEnableTls and canEnableReality pure-function predicates from lib/xray/protocol-capabilities. - TLS sub-form: 6 outbound-specific fields (SNI/uTLS/ALPN/ECH/ verifyPeerCertByName/pinnedPeerCertSha256) matching the legacy TlsStreamSettings flat shape (no certificates list — outbound is client-side). - Reality sub-form: 6 fields (SNI/uTLS/shortId/spiderX/publicKey/ mldsa65Verify). publicKey + mldsa65Verify get TextAreas to handle the long base64 strings. * feat(frontend): OutboundFormModal.new.tsx sockopt + mux sections - Sockopts: Switch toggles streamSettings.sockopt between undefined and a populated default object (17 fields with sane bbr/UseIP defaults). Only the 8 most-used fields are rendered (dialer proxy, domain strategy, keep alive interval, TFO, MPTCP, penetrate, mark, interface). The remaining sockopt knobs (acceptProxyProtocol, tcpUserTimeout, tcpcongestion, tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, V6Only, trustedXForwardedFor, tproxy) are still in the wire payload — edit them via the JSON tab. - Mux: gated by isMuxAllowed(protocol, flow, network) — VMess/VLESS/ Trojan/SS/HTTP/SOCKS, no flow set, no xhttp transport. Sub-fields (concurrency / xudpConcurrency / xudpProxyUDP443) only render when enabled is true. - Sockopt section visible only when streamAllowed AND network is set — non-stream protocols (freedom/blackhole/dns/loopback) still edit sockopt via the JSON tab. * feat(frontend): atomic swap OutboundFormModal to Pattern A Delete the legacy 1473-line class-based OutboundFormModal.tsx and replace it with the new Pattern A modal (Form.useForm + antdRule + per-protocol discriminated-union form values + wire adapter). Net diff: legacy file gone, function renamed from OutboundFormModalNew to OutboundFormModal so the existing OutboundsTab import resolves unchanged. What is migrated: - All 12 protocols (vmess/vless/trojan/ss/socks/http/wireguard/ hysteria/freedom/blackhole/dns/loopback) - Stream tab with TCP/KCP/WS/gRPC/HTTPUpgrade + partial XHTTP - Security tab with TLS + Reality + Flow gating - Sockopt + Mux sections (gated by isMuxAllowed) - JSON tab with bidirectional bridge to form state - Tag uniqueness check - VLESS reverse-sniffing slice - Freedom fragment/noises/finalRules - DNS rewrite + rules list - Wireguard peers + nested allowedIPs sub-list - Wireguard secret/public key regeneration Deferred to follow-up commits (still accessible via the JSON tab): - XHTTP advanced fields (xmux, sequence/session placement, padding obfs) - Hysteria stream transport sub-form - TCP HTTP camouflage host/path body - WS/HTTPUpgrade/XHTTP headers map editor - Remaining sockopt knobs (tcpUserTimeout, tcpcongestion, tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, V6Only, trustedXForwardedFor, tproxy, acceptProxyProtocol) - VLESS Vision testpre/testseed - Reality API helpers (random target, x25519/mldsa65 generate-import) - Link import (vmess:// vless:// etc → outbound) - FinalMaskForm hookup (deferred from inbound rewrite too) * test(frontend): convert legacy-class parity tests to snapshot baselines With the inbound/outbound modal rewrites complete, the cross-check against the legacy Inbound class has served its purpose. The new pure-function / Zod-schema paths are the source of truth for production code; the parity assertions were the migration safety net. Convert the three parity test files to snapshot-based regression tests: - headers.test.ts: toHeaders + toV2Headers run against snapshots captured at the close of the migration (when both new and legacy were verified byte-equal). - protocol-capabilities.test.ts: 140 cases (10 fixtures × 14 stream shapes) snapshot the predicate-result tuple. Was: parity vs legacy Inbound.canEnableX() class methods. - inbound-link.test.ts: per-protocol genXxxLink + genInboundLinks orchestrator output is snapshotted. Was: byte-equality vs legacy Inbound.genXxxLink() methods. Also delete shadow.test.ts — its purpose was a dual-parse drift detector (Inbound.Settings.fromJson vs InboundSettingsSchema.parse). inbound-full.test.ts already snapshots the Zod parse output, which covers the same ground without the legacy dependency. models/inbound.ts and models/outbound.ts stay in the tree for now — DBInbound still consumes Inbound via its toInbound() method, and DBInbound migration is out of scope per the migration spec ('Do NOT migrate Status, DBInbound, or AllSetting...'). No production page imports from @/models/inbound or @/models/outbound directly anymore. * chore(frontend): enforce no-explicit-any: error + add typecheck/test to CI Step 7 of the Zod migration: lock the migration's gains in place via lint + CI enforcement. - eslint.config.js: `@typescript-eslint/no-explicit-any` set to error. Verified locally — zero violations in src/, with the only file-level disables being src/models/inbound.ts and src/models/outbound.ts (kept for DBInbound's toInbound() consumer; their migration is out of spec scope). - .github/workflows/ci.yml: add Typecheck and Test steps to the frontend job, between Lint and Build. PRs now have to pass tsc --noEmit and the full vitest suite (285 tests + 172 snapshots) before build runs. Migration scoreboard (vs the spec): Step 1 primitives + barrels done Step 2 protocol leaf + DUs done Step 3 pure-fn extraction done Step 4 form modals -> Pattern A done (Inbound + Outbound) Step 5 delete models/ files DEFERRED (DBInbound still uses Inbound; spec marks DBInbound migration out of scope) Step 6 tighten .loose() / unknown DEFERRED (invasive, separate PR) Step 7 lint + CI enforcement done (this commit) Production code paths now have no direct dependency on the legacy Inbound or Outbound classes. * feat(frontend): OutboundFormModal deferred features (Vision seed / TCP host+path / WG pubKey derive) Three small wins from the post-atomic-swap deferred list: - VLESS Vision testpre + testseed: shown only when flow === 'xtls-rprx-vision' (mirrors the legacy canEnableVisionSeed gate). testseed binds to a Select mode='tags' with a normalize() that coerces strings to positive integers and drops invalid entries. - TCP HTTP camouflage host + path: when the TCP HTTP camouflage Switch is on, surface two inputs that read/write directly into streamSettings.tcpSettings.header.request.headers.Host and .path. Both fields are string[] on the wire; normalize + getValueProps translate to/from comma-joined strings in the UI (one entry per host or path the user wants camouflaged). - Wireguard pubKey auto-derive: Form.useWatch on settings.secretKey + useEffect that runs Wireguard.generateKeypair(secret).publicKey on every change and writes the result into the disabled pubKey display field. Matches the legacy modal's per-keystroke derive. * feat(frontend): symmetric TCP HTTP host/path + extra sockopt knobs OutboundFormModal: - Sockopt section gains 5 common-but-rarely-tweaked knobs: acceptProxyProtocol, tproxy (off/redirect/tproxy), tcpcongestion (bbr/cubic/reno), V6Only, tcpUserTimeout. The remaining sockopt fields (tcpKeepAliveIdle, tcpMaxSeg, tcpWindowClamp, trustedXForwardedFor) are still edit-via-JSON; they are deeply tunable and not commonly touched. InboundFormModal: - TCP HTTP camouflage gains host + path inputs symmetric to the outbound side. Switch ON seeds request with sensible defaults (version 1.1, method GET, path ['/'], empty headers). The two inputs use the same normalize/getValueProps comma-string ↔ string[] dance the outbound side uses, so the wire shape stays identical to what xray-core expects. * feat(frontend): HeaderMapEditor reusable component + wire WS/HTTPUpgrade headers Add a single reusable header-map editor that handles the two wire shapes Xray uses: - v1: { name: 'value' } — used by WS / HTTPUpgrade / Hysteria masquerade. One value per name. - v2: { name: ['value1', 'value2'] } — used by TCP HTTP camouflage. Each header can repeat (RFC 7230 §3.2.2). Internal state is always a flat list of {name, value} rows regardless of mode; conversion to/from the wire shape happens at the value / onChange boundary so consumers bind straight to a Form.Item with no extra transforms. Wired into: - InboundFormModal: WS Headers, HTTPUpgrade Headers - OutboundFormModal: WS Headers, HTTPUpgrade Headers XHTTP headers are already in a list-of-rows wire shape (different from these two), so they keep their bespoke editor. Hysteria masquerade is still deferred until the Hysteria stream sub-form lands. * feat(frontend): Hysteria stream sub-form (schema branch + outbound UI) Add the 7th branch to NetworkSettingsSchema for Hysteria transport. schemas/protocols/stream/hysteria.ts: - HysteriaStreamSettingsSchema covers the full wire shape: version=2, auth, congestion (''|'brutal'), up/down bandwidth strings, optional udphop sub-object for port-hopping, receive-window tuning fields, maxIdleTimeout, keepAlivePeriod, disablePathMTUDiscovery. schemas/protocols/stream/index.ts: - NetworkSchema gains 'hysteria'. - NetworkSettingsSchema gains the 7th branch { network: 'hysteria', hysteriaSettings: HysteriaStreamSettingsSchema }. OutboundFormModal.tsx: - NETWORK_OPTIONS keeps the 6 standard transports for non-hysteria protocols; when protocol === 'hysteria', a 7th option is appended (matches the legacy [...NETWORKS, 'hysteria'] gate). - newStreamSlice handles the 'hysteria' case with sensible defaults matching the legacy HysteriaStreamSettings constructor. - New sub-form when network === 'hysteria': 8 common fields (auth, congestion, up, down, udphop Switch + 3 nested fields when on, maxIdleTimeout, keepAlivePeriod, disablePathMTUDiscovery). - Receive-window tuning fields are still edit-via-JSON (rarely touched + would clutter the form). * feat(frontend): fallbacks polish — move up/down + Add all button Two small UX wins on the InboundFormModal Fallbacks card: - Per-row Move up / Move down buttons (ArrowUp/Down icons) that swap adjacent indices. Order survives reloads via sortOrder (rebuilt from index on save). First row's Up button + last row's Down button are disabled. - 'Add all' button next to 'Add fallback' that one-shot inserts a fresh row for every eligible inbound (every option in fallbackChildOptions) not already wired up. Disabled when every eligible inbound is already covered. Convenient for operators running catch-all routing across every host on the panel. * feat(frontend): XHTTP advanced fields on outbound modal Replace the 'edit via JSON' deferred-features hint with the full XHTTP sub-form matching the legacy modal's XhttpFields helper. schemas/protocols/stream/xhttp.ts: - New XHttpXmuxSchema: 6 connection-multiplexing knobs (maxConcurrency, maxConnections, cMaxReuseTimes, hMaxRequestTimes, hMaxReusableSecs, hKeepAlivePeriod). - XHttpStreamSettingsSchema gains 5 outbound-only fields and one UI-only toggle: scMinPostsIntervalMs, uplinkChunkSize, noGRPCHeader, xmux, enableXmux. outbound-form-adapter.ts: - New stripUiOnlyStreamFields() drops xhttpSettings.enableXmux on the way to wire so the panel never embeds the UI toggle into the saved config. xray-core ignores unknown fields anyway, but the panel reads back its own emitted JSON, so a clean wire shape matters. OutboundFormModal.tsx: - Headers editor (HeaderMapEditor v1) for xhttpSettings.headers. - Padding obfs Switch + 4 conditional fields (key/header/placement/ method) when on. - Uplink HTTP method Select with GET disabled outside packet-up. - Session placement + session key (key shown when placement != path). - Sequence placement + sequence key (same pattern). - packet-up mode: scMinPostsIntervalMs, scMaxEachPostBytes, uplink data placement + key + chunk size (key/chunk-size shown when placement != body). - stream-up / stream-one mode: noGRPCHeader Switch. - XMUX Switch + 6 nested fields when on. * feat(frontend): inbound TCP HTTP camouflage response fields + request headers Complete the TCP HTTP camouflage UI on the inbound side. Already there from the previous symmetric host/path commit: - Request host (string[] via comma-string) - Request path (string[] via comma-string) This commit adds: - Request headers (V2 map: name -> string[]) via HeaderMapEditor. - Response version (defaults to '1.1' when camouflage toggles on). - Response status (defaults to '200'). - Response reason (defaults to 'OK'). - Response headers (V2 map) via HeaderMapEditor. The HTTP camouflage Switch seeds both request and response sub-objects on toggle-on so xray-core sees a valid TcpHeader.http shape from the first save. Without the response seed, partial fills would emit a schema-incomplete response block that xray-core might reject. * feat(frontend): link import on outbound modal (vmess/vless/trojan/ss/hy2) The legacy outbound modal could import a vmess://, vless://, trojan://, ss://, or hysteria2:// share link via a Convert button on the JSON tab. Restore that UX with a focused pure-function parser. lib/xray/outbound-link-parser.ts: - parseVmessLink: base64 JSON, maps net/tls + per-network params onto the discriminated stream branch. - parseVlessLink: standard URL with type/security/sni/pbk/sid/fp/flow query params, dispatches transport via buildStream + applies security params via applySecurityParams. - parseTrojanLink: same URL pattern, defaults security to tls. - parseShadowsocksLink: both modern (base64 userinfo@host:port) and legacy (base64 of whole thing) ss:// formats. - parseHysteria2Link: accepts both hysteria2:// and hy2:// schemes, uses the hysteria stream branch with version=2 + TLS h3. - parseOutboundLink dispatcher returns the first non-null parser result, or null when no scheme matches. test/outbound-link-parser.test.ts: - 13 cases covering happy paths for each protocol family plus malformed input, ss:// dual-format handling, hy2:// alias. OutboundFormModal.tsx: - Import button on the JSON tab Input.Search; on success, parsed payload flows through rawOutboundToFormValues, the form is reset, and we switch back to the Basic tab. - Tag is preserved when the parsed link does not carry one. Out of scope: advanced fields the legacy parser handled (xmux, padding obfs, reality short IDs, finalmask from fm= param). Power users can finish the import in the form after the basics land. * feat(frontend): inbound Hysteria stream sub-form (auth + udpIdleTimeout + masquerade) Restore the inbound side of Hysteria stream configuration that was previously hidden — the legacy modal exposed these knobs but the Pattern A rewrite gated them out. schemas/protocols/stream/hysteria.ts: - HysteriaMasqueradeSchema covers the inbound-only masquerade wire shape: type ('proxy'|'file'|'string'), dir, url, rewriteHost, insecure, content, headers, statusCode. The three masquerade types cover the spectrum: reverse-proxy upstream, serve static files, or return a fixed string body. - HysteriaStreamSettingsSchema gains 3 inbound-side optional fields: protocol, udpIdleTimeout, masquerade. Outbound side is untouched (the legacy class accepted both wire shapes via the same struct). InboundFormModal.tsx: - New hysteria stream sub-form section in streamTab, gated by protocol === HYSTERIA. Fields: version (disabled, locked to 2), auth, udpIdleTimeout, masquerade Switch + nested type-Select with three conditional sub-blocks (proxy URL+rewriteHost+insecure, file dir, string statusCode+body+headers). - onValuesChange cascade: switching TO hysteria seeds streamSettings with the hysteria branch (forcing network='hysteria' + TLS); switching AWAY from hysteria snaps back to TCP so the standard network selector has a valid starting point. masquerade headers use the HeaderMapEditor v1 component. * feat(frontend): complete outbound sockopt section with remaining knobs Add the four remaining SockoptStreamSettings fields that were edit-via-JSON-only after the initial outbound modal rewrite: - TCP keep-alive idle (s) — tcpKeepAliveIdle, time before sending the first probe on an idle TCP connection. - TCP max segment — tcpMaxSeg, override the default MSS. - TCP window clamp — tcpWindowClamp, cap the TCP receive window. - Trusted X-Forwarded-For — trustedXForwardedFor, list of trusted proxy hostnames/CIDRs whose XFF headers Xray will honor. The outbound sockopt section now exposes all 17 SockoptStreamSettings fields from the schema. The InboundFormModal's sockopt section has its own field list (closer to the legacy class) and is unchanged. * feat(frontend): outbound TCP HTTP camouflage parity with inbound Add method/version inputs, request header map, and full response sub-section (version/status/reason/headers) to OutboundFormModal so the outbound side can configure the same HTTP-1.1 obfuscation knobs the inbound side already exposed. * feat(frontend): round-trip XHTTP advanced fields in outbound link parser Pick up xPaddingBytes, scMaxEachPostBytes, scMinPostsIntervalMs, uplinkChunkSize, and noGRPCHeader from both vmess:// JSON and the URL query-param parsers (vless/trojan). The advanced xmux/padding-obfs/ reality-shortId knobs still wait on a follow-up; this slice unblocks the common case where a phone-issued xhttp link carries non-default padding or post sizes. * feat(frontend): round-trip XHTTP padding-obfs + remaining advanced knobs Extract the XHTTP key-mapping into typed string/number/bool key arrays applied by both the URL query-param branch and the vmess JSON branch. The parser now covers xPaddingObfsMode + xPaddingKey/Header/Placement/ Method, sessionKey/seqKey/uplinkData{Placement,Key}, noSSEHeader, scMaxBufferedPosts, scStreamUpServerSecs, serverMaxHeaderBytes, and uplinkHTTPMethod alongside the previous five XHTTP fields. Two new round-trip tests cover the padding-obfs surface on both link forms. * feat(frontend): FinalMaskForm rewrite to Pattern A + wire into both modals Rewrite FinalMaskForm.tsx from a class-coupled component (mutated stream.finalmask.tcp[] via .addTcpMask/.delTcpMask methods, notified parent via onChange callback) into a Pattern A sub-form: takes a NamePath base, a FormInstance, and the surrounding network/protocol, then composes Form.List + Form.Item at absolute paths under that base. All array structures use nested Form.List — tcp/udp mask arrays, the clients/servers groups in header-custom (Form.List of Form.List of ItemEditor), and the noise list. Type Selects use onChange to reset the settings sub-object via form.setFieldValue, mirroring the legacy changeMaskType behavior. The kcp.mtu side effect on xdns type change is preserved. Wired into both InboundFormModal and OutboundFormModal stream tabs, placed after the sockopt section. The component is the first Pattern A consumer of nested Form.List inside another Form.List, so it stands as the reference for future nested-array sub-forms. * docs(frontend): record FinalMaskForm rewrite + hookup in status doc Mainline migration goal — replace class-based xray models with Zod schemas as the single source of truth + drive all forms through AntD `Form.useForm` + `antdRule(schema.shape.X)` — is complete. Remaining items are incremental polish. * fix(frontend): Phase 2 Inbound form reactivity bugs (B1-B9, consolidated) A run of resets dropped the per-bug commits 1401d833 / 5b1ae450 / 5bce0dc5 / 4007eec7. Re-landing all fixes against the same files in one commit to avoid another rebase-style drop. B1 — Transmission Select / External Proxy + Sockopt switches didn't react after click. AntD 6.4.3 Form.useWatch on nested paths doesn't re-fire reliably after `setFieldValue('streamSettings', cleaned)` on the parent. Bound Transmission via `name={['streamSettings', 'network']}` and wrapped the two switches in `<Form.Item shouldUpdate>` blocks that read state via getFieldValue. B2 — Security regressed from `Radio.Group buttonStyle="solid"` to a Select dropdown, and disable state didn't refresh because tlsAllowed/ realityAllowed were derived at the top of the component. Restored Radio.Button group and moved canEnableTls/canEnableReality evaluation inside the shouldUpdate render prop. B3 — Advanced tab "All" sub-tab was missing. Added it as the first item with a new AdvancedAllEditor that round-trips top-level fields + the three nested slices on edit. B4 — Advanced tab title/subtitle and per-section help text were gone. Wrapped the Tabs in the existing `.advanced-shell` / `.advanced-panel` structure and restored the `.advanced-editor-meta` help under each sub-tab using existing i18n keys. B5 — TLS / Reality sub-forms didn't render when selecting tls or reality on the Security tab. The `{security === 'tls' && ...}` and `{security === 'reality' && ...}` conditionals used a stale top-level useWatch value. Wrapped both in <Form.Item shouldUpdate> blocks that read `security` via getFieldValue. B6 — Advanced JSON editors stale after Stream/Sniffing changes. The editors seeded text via lazy useState and AntD Tabs renders all panes upfront, so the Advanced tab was already mounted with stale data. Both AdvancedSliceEditor and AdvancedAllEditor now subscribe via Form.useWatch and re-sync the text buffer when the watched JSON differs from a lastEmitRef (the serialization at the moment of our own last accepted write). User typing doesn't trigger re-sync because setFieldValue updates lastEmitRef too. (A prior attempt added `destroyOnHidden` to the outer Tabs but broke conditional tab items when the unmounted Form.Item for `protocol` lost its value — abandoned in favor of useWatch reactivity.) B7 — HeaderMapEditor + button did nothing. addRow() appended a blank {name:'', value:''} row, but commit() filtered it via rowsToMap before reaching the form, so AntD saw no change and didn't re-render. The editor now keeps a local rows state so blank rows survive during editing; only filled rows are emitted to onChange. B9 — Sniffing destOverride defaults (HTTP/TLS/QUIC/FAKEDNS) were not pre-checked on a fresh Add Inbound. buildAddModeValues() seeded sniffing: {} which left destOverride undefined. Now seeds with SniffingSchema.parse({}) so the Zod defaults populate. * fix(frontend): FinalMaskForm TCP Mask sub-forms + Advanced JSON wrap (B10/B11) B10 — FinalMaskForm TCP Mask: after adding a mask and picking a Type (Fragment/Header Custom/Sudoku), the type-specific sub-forms didn't render. TcpMaskItem read `type` via Form.useWatch on a path inside Form.List, which doesn't re-fire reliably in AntD 6.4.3 — same root cause as the earlier B1/B2/B5 reactivity issues. Replaced with a <Form.Item shouldUpdate> wrapper that reads `type` via getFieldValue inside the render prop. B11 — Advanced sub-tabs (settings / streamSettings / sniffing) showed just the inner value (e.g. `{clients:[],decryption:"none",...}`), but the legacy modal wrapped each slice with its key envelope (e.g. `{settings:{...}}`) so the JSON matches the wire shape's slice and round-trips cleanly from copy-pasted inbound configs. Added a `wrapKey` prop to AdvancedSliceEditor that wraps/unwraps the value on render/write; the three sub-tabs now pass settings / streamSettings / sniffing as their wrapKey. * fix(frontend): import InboundFormModal.css so layout classes apply (B12) The file InboundFormModal.css existed but was never imported, so every class in it had no effect — including: - .vless-auth-state — the "Selected: <auth>" caption next to the X25519/ ML-KEM/Clear button row stayed inline next to Clear instead of display:block beneath the row - .advanced-shell / .advanced-panel — the Advanced tab's header / panel framing was missing - .advanced-editor-meta — the per-section help text under each Advanced sub-tab had no spacing - .wg-peer — wireguard peer rows had no top margin Add a side-effect import of the CSS file at the top of the modal. No other change needed; the legacy modal must have either imported it or had a global import that the new modal didn't inherit. * fix(frontend): FinalMaskForm relative paths + network-switch defaults (B13/B14) B13 — FinalMaskForm used absolute paths like ['streamSettings', 'finalmask', 'tcp', 0, 'type'] for Form.Item names inside Form.List render props. AntD's Form.List prefixes Form.Item names with the list's own name, so the actual storage path became ['streamSettings', 'finalmask', 'tcp', 'streamSettings', 'finalmask', 'tcp', 0, 'type'] — total nonsense. Symptoms: Type Select didn't show the 'fragment' default after add(), and the sub-form for the picked type never rendered (Fragment/Sudoku/HeaderCustom). Rewrote FinalMaskForm to use RELATIVE names inside every Form.List context (TCP/UDP outer list + nested clients/servers/noise inner lists). Added a `listPath` prop on the items so the shouldUpdate guard and the side-effect setFieldValue calls (resetting `settings` when type changes) can still address the absolute path; the displayed Form.Items use the relative form (`[fieldName, 'type']`). Replaced top-level Form.useWatch on nested paths with <Form.Item shouldUpdate> blocks reading via getFieldValue, same pattern as the earlier B5 fix — Form.useWatch on paths inside Form.List doesn't re-fire reliably in AntD 6.4.3. B14 — Switching network (KCP, WS, gRPC, XHTTP, ...) seeded the new XSettings blob as `{}` so every field showed as empty. The legacy `newStreamSlice` populated mtu=1350, tti=20, etc. Restored those defaults in onNetworkChange and seeded the initial tcpSettings.header in buildAddModeValues so even the default TCP state shows the HTTP-camouflage Switch in the correct off state instead of an undefined header object. * fix(frontend): inbound TCP HTTP camouflage drops request fields + KCP UI field rename (B15/B16) B15 — Inbound TCP HTTP camouflage exposed Host / Path / Method / Version / request-headers inputs. Per Xray docs (https://xtls.github.io/config/transports/raw.html#httpheaderobject), the `request` object is honored only by outbound proxies; the inbound listener reads `response`. Those inputs were writing dead data the server ignored. Removed them from the inbound modal; only Response {version, status, reason, headers} remain. The toggle still seeds an empty request object so the wire shape stays valid against the schema. B16 — KCP Uplink / Downlink inputs bound to non-existent form fields `upCap` / `downCap`, while the schema (and wire) use `uplinkCapacity` / `downlinkCapacity`. Renamed the Form.Items to the schema names so defaults populate and saves persist. Also corrected newStreamSlice('kcp') to seed the four KCP defaults (uplinkCapacity / downlinkCapacity / cwndMultiplier / maxSendingWindow) — the missing two were why "CWND Multiplier" and "Max Sending Window" still showed empty after switching to KCP. * fix(frontend): seed full Zod-schema defaults for stream slices + QUIC params (B17) XHTTP showed blank Selects for Session Placement / Sequence Placement / Padding Method / Uplink HTTP Method (and several other knobs). Those fields have a literal "" (empty string) value in the schema, which the Select renders as "Default (path)" / "Default (repeat-x)" / etc. The form field was `undefined`, not `""`, so the Select showed blank instead of the labelled default option. newStreamSlice in InboundFormModal hand-rolled per-network seed objects with only a handful of fields. Replaced with {Tcp,Kcp,Ws,Grpc,HttpUpgrade,XHttp}StreamSettingsSchema.parse({}) so every default declared in the schema populates the form on network switch. Same change in buildAddModeValues for the initial TCP state. QUIC Params (FinalMaskForm) had the same shape on a smaller scale — defaultQuicParams() only seeded congestion + debug + udpHop. The schema's other fields are .optional() (no Zod default) so a schema parse won't help. Hard-coded the xray-core / hysteria recommended values (maxIdleTimeout 30, keepAlivePeriod 10, brutalUp/Down 0, maxIncomingStreams 1024, four window sizes) so the InputNumber controls render with usable starting values instead of blank. * fix(frontend): forceRender all tabs so fields register at modal open (B18) AntD Tabs with the `items` API lazy-mounts inactive tab panes by default. The Form.Items inside an unvisited tab never register, so: - Form.useWatch on a parent path (e.g. 'sniffing') returns a partial view containing only registered children. Until the user clicked the Sniffing tab, Advanced > Sniffing JSON showed `{sniffing: {}}` instead of the full default object set by setFieldsValue. - After visiting the Sniffing tab once, the `sniffing.enabled` Form.Item registered, so useWatch suddenly returned `{enabled: false}` — still partial, because the rest of the sniffing children only register when their Form.Items mount in conditional sub-sections. Setting `forceRender: true` on every tab item forces all tab panes to mount at modal open. Every Form.Item registers immediately; the watch result reflects the full form value seeded by buildAddModeValues. This also likely resolves the earlier "Invalid discriminator value" error on submit, which surfaced when streamSettings had an unregistered security field whose Form.Item hadn't mounted yet. * refactor(frontend): align hysteria with new docs + drop hysteria2 protocol Phase 2 smoke fixes on the Inbound add flow surfaced that hysteria2 was modeled as a separate top-level protocol when it's really just hysteria v2. The xray transports/hysteria.html docs also pin the hysteria stream to a minimal shape (version/auth/udpIdleTimeout/masquerade) — the previous schema carried legacy congestion/up/down/udphop/window knobs that aren't part of the wire contract. Hysteria2 removal: - Drop 'hysteria2' from ProtocolSchema enum and Protocols const - Drop hysteria2 branches from inbound/outbound discriminated unions - Drop createDefaultHysteria2InboundSettings / OutboundSettings - Delete schemas/protocols/inbound/hysteria2.ts and outbound/hysteria2.ts - Drop hysteria2 case in getInboundClients / genLink (fell through to the hysteria handler anyway) - Update client form modals' MULTI_CLIENT_PROTOCOLS sets - Remove hysteria2-basic fixture + snapshot entries (14 capability cases, 1 protocols fixture, 1 inbound-defaults factory) - Keep parseHysteria2Link() outbound parser since hysteria2:// is the share-link URI prefix for hysteria v2 Hysteria stream alignment with xtls docs: - HysteriaStreamSettingsSchema reduced to version/auth/udpIdleTimeout/ masquerade per transports/hysteria.html - Masquerade type adds '' (default 404 page) and defaults to it - Outbound form drops Congestion/Upload/Download/UDP hop/Max idle/ Keep alive/Disable Path MTU controls and the receive-window note - newStreamSlice('hysteria') in OutboundFormModal mirrors the trimmed shape; outbound-link-parser emits the trimmed shape too - InboundFormModal Masquerade Select gains the default option New TUN inbound schema: - Add schemas/protocols/inbound/tun.ts with name/mtu/gateway/dns/ userLevel/autoSystemRoutingTable/autoOutboundsInterface - Wire into ProtocolSchema enum, InboundSettingsSchema discriminated union, createDefaultInboundSettings dispatcher Other Phase 2 smoke fixes folded in: - Tunnel portMap UI swaps Form.List for HeaderMapEditor v1 — wire shape is Record<string,string> and the List was producing arrays - Hysteria onValuesChange seeds full TLS schema defaults + one empty certificate row (Cipher Suites/Min/Max Version/uTLS/ALPN were undefined before) - HTTP/Mixed accounts Add button auto-fills user/pass with RandomUtil.randomLowerAndNum - Hysteria security tab gates the 'none' radio out — TLS only - Hysteria stream tab drops the inbound Auth password field (xray inbound auth is per-user via 'users', not stream-level) - Reality onSecurityChange auto-randomizes target/serverNames/ shortIds and fetches an X25519 keypair - Tag and DB-side fields (up/down/total/expiryTime/ lastTrafficResetTime/clientStats/security) gain hidden Form.Items so validateFields keeps them in the wire payload (rc-component form strips unregistered fields) - WireGuard inbound auto-seeds one peer with generated keypair, allowedIPs ['10.0.0.2/32'], keepAlive 0 — matches legacy - WireGuard peer rows separated by Divider with the Peer N title and a small inline remove button (titlePlacement="center") * refactor(frontend): retire class-based xray models (Step 5) Delete models/inbound.ts (3,359 lines) and outbound.ts (2,405). The Inbound/Outbound classes and ~50 sub-classes are replaced by Zod-typed data + pure functions in lib/xray/*. Consumer migration off dbInbound.toInbound(): - useInbounds: isSSMultiUser({protocol, settings}) directly - QrCodeModal: genWireguardConfigs/Links/AllLinks from lib/xray - InboundList: derives tags from streamSettings raw fields - InboundsPage: clone via raw JSON, fallback projection via schema-shape stream object, exports via genInboundLinks - InboundInfoModal: builds an InboundInfo facade locally from raw streamSettings (host/path/serverName/serviceName per network), canEnableTlsFlow + isSS2022 from lib/xray New helper: lib/xray/inbound-from-db.ts exposes inboundFromDb(raw) converting a raw DBInbound row into a schema-typed Inbound for the link-generation orchestrators. DBInbound trimmed: drops toInbound, isMultiUser, hasLink, genInboundLinks, _cachedInbound. Imports Protocols from @/schemas/primitives now that ./inbound is gone. Bundled Phase 2 fixes: - Outbound modal: Form.useWatch with preserve: true so the stream block doesn't gate itself out when network is unmounted - Inbound form adapter: pruneEmpty preserves empty objects; per-protocol client field projection via Zod safeParse; sniffing collapse to {enabled:false} - useClients invalidateAll also invalidates inbounds.root() - IndexPage Config modal top/maxHeight polish Tests: 283/283 pass. typecheck/lint clean. * fix(frontend): inboundFromDb fills Zod defaults for stream + settings Smoke-testing the new inboundFromDb helper surfaced two regressions that the strict lib/xray link generators expose when fed raw DB streamSettings without per-network sub-keys. 1. genVlessLink / genTrojanLink crash on `stream.tcpSettings.header` when streamSettings lacks `tcpSettings` (true for slim list rows and for handcrafted minimal-JSON inbounds). The legacy Inbound.fromJson chain populated TcpStreamSettings via its own constructor; the new helper now does the same by parsing the raw <network>Settings sub-object through the matching Zod schema and merging schema defaults onto whatever the DB stored. 2. genVlessLink writes `encryption=undefined` into the share URL when settings lacks the `encryption: 'none'` literal that vless wire JSON normally carries. Fixed by running raw settings through InboundSettingsSchema.safeParse() to populate per-protocol defaults (encryption, decryption, fallbacks, etc.) the same way the legacy class fromJson chain did. Same pattern applied to security branch (tls/realitySettings). Tests: src/test/inbound-from-db.test.ts covers - JSON-string / object / empty settings coercion - genInboundLinks vless (TCP/none, with encryption=none) - genWireguardConfigs + genWireguardLinks peer fanout - genAllLinks trojan with TLS sub-defaults applied - protocol-capability helpers with raw shapes - getInboundClients across vless/SS-single/non-client protocols 296/296 pass. * fix(frontend): QUIC udpHop.interval is a range string, not a number (B19) User report: "streamSettings.finalmask.quicParams.udpHop.interval: Invalid input: expected string, received number". Three-part fix: - FinalMaskForm: Hop Interval input changed from InputNumber to Input with "e.g. 5-10" placeholder. xray-core spec says interval is a range string like '5-10' (seconds between min-max hops), not a single number. - FinalMaskForm: defaultQuicParams() seeds interval: '5-10' instead of the broken `interval: 5`. - QuicUdpHopSchema: preprocess coerces number → string for legacy DB rows that were written by the now-fixed buggy UI. Stops the load-time validation crash on existing inbounds. Tests still 296/296. * fix(frontend): outbound link parser handles extra/fm/x_padding_bytes (B20) User-reported vless share link with full xhttp + reality + finalmask config failed to round-trip on outbound import. The inbound link generator emits three payloads the outbound parser was ignoring: 1. `extra=<json>` — bundles advanced xhttp knobs (xPaddingBytes, scMaxEachPostBytes, scMinPostsIntervalMs, padding-obfs keys, etc.). applyXhttpStringFromParams now JSON.parses this and merges the fields into xhttpSettings via the same JSON-branch logic used by vmess. 2. `x_padding_bytes=<range>` — snake_case alias the inbound emits alongside the camelCase form. Now applied before camelCase so explicit `xPaddingBytes` URL params still win. 3. `fm=<json>` — full finalmask object including quicParams.udpHop and tcp/udp mask arrays. New applyFinalMaskParam attaches the decoded object to streamSettings.finalmask. Wired into both parseVlessLink and parseTrojanLink. Tests: - Real B20 link parses with xhttp + reality + finalmask all populated - Precedence: camelCase URL > extra JSON > snake_case alias > default - Malformed extra JSON falls through without crashing the parser 300/300 pass. * fix(frontend): Outbound submit crash on non-mux protocols + tab a11y (B21) Two issues surfaced on Outbound save: 1. Crash: `Cannot read properties of undefined (reading 'enabled')` at formValuesToWirePayload. The modal hides the Mux switch entirely for non-stream protocols (dns/freedom/blackhole/loopback) and for stream protocols when isMuxAllowed gates it out (xhttp, vless+flow). With the field never registered, validateFields() returns no `mux` key — `values.mux.enabled` then dereferences undefined. Fix: optional chain `values.mux?.enabled` so missing mux skips the mux clause silently. Documented why mux can be absent. 2. Chrome a11y warning: "Blocked aria-hidden on an element because its descendant retained focus" — when the user has an input focused inside one Tab panel and switches to another tab, AntD marks the outgoing panel aria-hidden while focus is still inside. The browser warns, but the focused control is now invisible to AT users. Fix: blur the active element before setActiveKey in onTabChange. * fix(frontend): blur active element on every tab switch path (B21 follow-up) The previous B21 patch only blurred on user-initiated tab clicks via onTabChange. Two other paths still set activeKey while a JSON-tab input retained focus: - importLink: after a successful share-link parse, setActiveKey('1') switched to the form tab while the user's focus was still on the Input.Search they just pressed Enter in. Chrome logged the same "Blocked aria-hidden" warning because the panel they were leaving became aria-hidden synchronously, with their input still focused. - onTabChange entering the JSON tab: also did a bare setActiveKey with no blur, so going from a focused form input INTO the JSON tab could trip the warning in reverse. Fix: centralized switchTab(key) that blurs document.activeElement sync before calling setActiveKey. Every internal tab transition (importLink, onTabChange both directions) now routes through it. The single setActiveKey('1') in the open-modal useEffect is left as a plain setter because there's no focused input at modal-open time. * refactor(frontend): extract fillStreamDefaults to shared helper Move the network/security schema-default filler out of inbound-from-db.ts into stream-defaults.ts so other consumers can reuse it without dragging in the DBInbound-specific code path. * fix(frontend): derive QUIC/UDP-hop switch state from data presence (B22) The QUIC Params and UDP Hop toggles previously persisted as separate boolean flags (enableQuicParams / hasUdpHop) which weren't part of the xray wire format and weren't restored when a config was pasted into the modal. Use data presence as the single source of truth: the switch is on iff the corresponding sub-object exists. Switching off clears it back to undefined. * fix(frontend): xhttp form binding + drop empty strings from JSON (B23) uplinkHTTPMethod was wrapped Form.Item -> Form.Item(shouldUpdate) -> Select, which broke AntD's value/onChange injection (AntD only clones the immediate child). Restructured so shouldUpdate is the outer wrapper and Form.Item(name) directly wraps the Select. Also drop empty-string fields from xhttpSettings in the wire payload — fields like uplinkHTTPMethod, sessionPlacement, seqPlacement, xPaddingKey default to '' meaning "use server default", so they shouldn't appear in JSON as "field": "". Adds placeholder text to the 3 xhttp Selects so the form reflects the current value after JSON paste. * feat(frontend): align finalmask + sockopt with xray docs, add golden fixtures Schema fixes per https://xtls.github.io/config/transports/finalmask.html and https://xtls.github.io/config/transports/sockopt.html: finalmask: - QuicCongestionSchema: remove non-doc 'cubic', keep reno/bbr/brutal/force-brutal - Add BbrProfileSchema (conservative/standard/aggressive) and bbrProfile field - brutalUp/brutalDown: number -> string per docs (units like '60 mbps') - Tighten ranges: maxIdleTimeout 4-120, keepAlivePeriod 2-60, maxIncomingStreams min 8 - UdpMaskTypeSchema: add missing 'sudoku' - udpHop.interval stays as preprocessed string-range per intentional B19 divergence sockopt: - tcpFastOpen: boolean -> union(boolean, number) per docs (number tunes queue size) - mark: drop min(0) (can be any int) - domainStrategy default: 'UseIP' -> 'AsIs' per docs - tcpKeepAlive Interval/Idle defaults: 0/300 -> 45/45 per docs (outbound) - Add AddressPortStrategySchema enum (7 values) + addressPortStrategy field - Add HappyEyeballsSchema (tryDelayMs/prioritizeIPv6/interleave/maxConcurrentTry) - Add CustomSockoptSchema (system/type/level/opt/value) + customSockopt array Bug fixes: - options.ts: Address_Port_Strategy values were lowercase ('srvportonly'); xray-core requires camelCase ('SrvPortOnly'). Fixed all 6 entries. - OutboundFormModal: domainStrategy Select was mistakenly populated from ADDRESS_PORT_STRATEGY_OPTIONS; now uses DOMAIN_STRATEGY_OPTION. - OutboundFormModal: inline sockopt defaults (hardcoded {acceptProxyProtocol: false, domainStrategy: 'UseIP', ...}) replaced with SockoptStreamSettingsSchema.parse({}) so schema is the single source. Form additions (both InboundFormModal + OutboundFormModal): - Address+port strategy Select - Happy Eyeballs Switch + sub-form (tryDelayMs/prioritizeIPv6/interleave/maxConcurrentTry) - Custom sockopt Form.List (system/type/level/opt/value) - FinalMaskForm: BBR Profile Select (visible when congestion='bbr'), Brutal Up/Down placeholders updated to string format Golden fixtures (8 new + 4 xhttp extras): - finalmask/{tcp-mask, udp-mask, quic-params, combined}.json — cover all TCP mask types, 7 UDP mask types including new sudoku, full QUIC params shape - sockopt/{defaults, tcp-tuning, tproxy, full}.json — full sockopt knobs - stream/xhttp-{basic, extra-padding, extra-placement, extra-tuning}.json — cover the extra-blob fields bundled into share-link extra=<json> Tests now at 312 (up from 300); typecheck/lint clean. * feat(frontend): migrate DNS + Routing to Zod, align with xray docs Adds first-class Zod schemas for the xray-core DNS block and routing sub-objects (Balancer, Rule) matching the documented shape at https://xtls.github.io/config/dns.html and https://xtls.github.io/config/routing.html, then wires the DnsServerModal and BalancerFormModal up to those schemas. schemas/dns.ts (new): - DnsQueryStrategySchema enum (UseIP/UseIPv4/UseIPv6/UseSystem) - DnsHostsSchema record(string -> string | string[]) - DnsServerObjectInnerSchema + DnsServerObjectSchema (with preprocess to migrate legacy `expectIPs` -> `expectedIPs` alias) - DnsServerEntrySchema = string | DnsServerObject (xray accepts both) - DnsObjectSchema with all documented fields and defaults schemas/routing.ts (new): - RuleProtocolSchema enum (http/tls/quic/bittorrent) - RuleWebhookSchema (url/deduplication/headers) - RuleObjectSchema covering every documented field (domain/ip/port/ sourcePort/localPort/network/sourceIP/localIP/user/vlessRoute/ inboundTag/protocol/attrs/process/outboundTag/balancerTag/ruleTag/ webhook) with type=literal('field').default('field') - BalancerStrategyTypeSchema enum (random/roundRobin/leastPing/leastLoad) - BalancerCostObjectSchema {regexp,match,value} - BalancerStrategySettingsSchema (expected/maxRTT/tolerance/baselines/costs) - BalancerStrategySchema + BalancerObjectSchema schemas/xray.ts: - routing.rules: was loose 3-field object, now z.array(RuleObjectSchema) - routing.balancers: was z.array(z.unknown()), now z.array(BalancerObjectSchema) - dns: was 2-field loose, now full DnsObjectSchema - BalancerFormSchema: strategy now BalancerStrategyTypeSchema (enum) instead of z.string(); fallbackTag defaults to ''; settings? added for leastLoad DnsServerModal (full Pattern A rewrite): - useState/DnsForm interface -> Form.useForm<DnsServerForm>() - manual domain/expectedIP/unexpectedIP list -> Form.List - antdRule on address/port/timeoutMs for inline validation - preserves legacy collapse-to-bare-string behavior on submit BalancerFormModal: - Adds conditional leastLoad sub-form (Expected/MaxRTT/Tolerance/ Baselines/Costs) wired to BalancerStrategySettingsSchema - Strategy options derived from schema enum - Cost rows with regexp/literal switch + match + value - required prop on Tag and Selector for red asterisk visual BalancersTab: - BalancerRecord interface -> type alias to BalancerObject - onConfirm now propagates strategy.settings to wire when leastLoad - Removes useMemo wrapping `columns` array. The memo had deps [t, isMobile] (with an eslint-disable) so the column render functions kept their original closure over `openEdit`. Once a balancer was created and the user clicked the edit button, the stale openEdit fired with empty `rows`, so rows[idx] was undefined and the modal opened blank. Columns are cheap to rebuild each render, so dropping the memo is the right fix. DnsTab + RoutingTab: switch ad-hoc interfaces to schema-derived types. translations (en-US, fa-IR): add the previously-missing pages.xray.balancerTagRequired and pages.xray.balancerSelectorRequired keys so antdRule surfaces a real message instead of the raw i18n key. * test(frontend): golden fixtures for DNS, Balancer, Rule schemas Adds JSON fixtures under golden/fixtures/{dns,dns-server,balancer,rule} plus three vitest files that parse them through the new schemas and snapshot the result. dns/: minimal (servers as strings) + full (every top-level field plus hosts with geosite/domain/full prefixes and 5 mixed string/object servers covering fakedns, localhost, https://, tcp://, quic+local://). dns-server/: full (every DnsServerObject field) + legacy-expectips (asserts the z.preprocess that migrates the legacy `expectIPs` key into the canonical `expectedIPs`). balancer/: random-minimal (default strategy by omission), roundrobin, leastping, leastload-full (covers all StrategySettings fields and both regexp=true|false costs). rule/: minimal, full (exercises every RuleObject field including localPort, localIP, process aliases like `self/`, all four protocol enum values, ip negation `!geoip:`, attrs with regexp value, and the WebhookObject with deduplication+headers), balancer-routed (uses balancerTag instead of outboundTag), port-number (port as a number to prove the union(number,string) accepts both). * fix(frontend): serialize bulk client delete + drop deprecated Alert.message useClients.removeMany was firing all DELETEs in parallel via Promise.all. The 3x-ui backend mutates a single config JSON per request (read / modify / write), so 20 concurrent deletes raced on the same file: every request reported success, but only the last writer's copy stuck — about half the selected clients reappeared after the toast. Replace the parallel fan-out with a sequential for-of loop so each delete sees the committed state of the previous one. The trade-off is total latency (20 * ~250ms = ~5s) which is the correct behavior until the backend grows a proper /bulkDel endpoint. Also rename the Alert `message` prop to `title` in ClientBulkAdjustModal to clear the AntD v6 deprecation warning. * feat(clients): server-side bulk create/delete with per-inbound batching Replace the panel-side fan-out (Promise.all of single /add and /del calls) that raced on the shared inbound config and capped throughput at roughly one round-trip per client. New endpoints batch the work on the server: - POST /panel/api/clients/bulkDel { emails, keepTraffic } - POST /panel/api/clients/bulkCreate [ {client, inboundIds}, ... ] BulkDelete groups emails by inbound and performs a single read-modify-write per inbound (one JSON parse, one marshal, one Save) instead of N. Per-row DB cleanups (ClientInbound, ClientTraffic, InboundClientIps, ClientRecord) are batched with WHERE...IN queries. Per-email failures are reported via Skipped[] and processing continues. BulkCreate iterates payloads sequentially through the same Create path single-add uses, so heterogeneous batches (different inboundIds, plans) remain valid in one round-trip. Frontend bulkDelete/bulkCreate hooks parse the new response shape ({ deleted|created, skipped[] }) and the bulk-add modal now posts a single request instead of fanning out emails. * perf(clients): batch BulkAdjust per inbound, skip no-op xray calls on local Same per-inbound batching strategy as BulkDelete. The previous code called Update once per email, which itself looped through each inbound the client belonged to — reparsing the same settings JSON, calling RemoveUser+AddUser on xray, and running SyncInbound for every single email. For 200 emails in one inbound that's 200 JSON read/write cycles and 400 xray runtime calls. The new BulkAdjust groups emails by inbound and per inbound: - locks once, reads settings JSON once - mutates expiryTime/totalGB in place for every target client - writes the inbound and runs SyncInbound once ClientTraffic rows are updated with a single per-email query at the end (values differ per client so they can't be folded into one statement). For local-node inbounds the xray runtime calls are skipped entirely. The AddUser payload only contains email/id/security/flow/auth/password/ cipher — none of which change in an adjust — so RemoveUser+AddUser was a no-op that briefly flapped active users. Limit enforcement is driven by the panel's traffic loop reading ClientTraffic, not by xray-core. For remote-node inbounds rt.UpdateUser is preserved so the remote panel receives the new totals/expiry. Skip+report semantics match BulkDelete: any per-email error leaves that email's record/traffic untouched and is returned in Skipped[]. * refactor(backend): retire hysteria2 as a top-level protocol Hysteria v2 is not a separate xray protocol — it is plain "hysteria" with streamSettings.version = 2. The frontend already dropped hysteria2 from the protocol enum in 5a90f7e3; the backend was still carrying the literal as a compat alias. Removed: - model.Hysteria2 constant - model.IsHysteria helper (only callers were buildProxy + genHysteriaLink) - TestIsHysteria - "hysteria2" from the Inbound.Protocol validate oneof enum - All `case model.Hysteria, model.Hysteria2:` and `case "hysteria", "hysteria2":` branches across client.go, inbound.go, outbound.go, xray.go, port_conflict.go, xray/api.go, subService.go, subJsonService.go, subClashService.go - Stale #4081 comments Kept (correctly — these are client-side URI/config schemes that are independent of the xray protocol type): - hysteria2:// share-link URI in subService.genHysteriaLink - "hysteria2" Clash proxy type in subClashService.buildHysteriaProxy - Comments referring to Hysteria v2 as a transport version Note: this change does not include a DB migration. Existing rows with protocol = 'hysteria2' will fall through to the default switch arms after upgrade. A separate `UPDATE inbounds SET protocol = 'hysteria' WHERE protocol = 'hysteria2'` is required for installs that still hold legacy data. * refactor(frontend): retire all AntD + Zod deprecations Swept the codebase for @deprecated APIs using a one-off type-aware ESLint config (eslint.deprecated.config.js) and fixed every hit: - 78 instances of `<Select.Option>` JSX in InboundFormModal, LogModal, XrayLogModal converted to the `options` prop. - Zod's `z.ZodTypeAny` (deprecated for `z.ZodType` in zod v4) replaced in _envelope.ts, zodForm.ts, zodValidate.ts, and inbound-form-adapter.ts. - Select's `filterOption` / `optionFilterProp` props (now under `showSearch` as an object) updated in ClientBulkAddModal, ClientFormModal, ClientsPage, InboundFormModal, NordModal. - `Input.Group compact` swapped for `Space.Compact` in FinalMaskForm. - Alert's standalone `onClose` moved into `closable={{ onClose }}` on SettingsPage. - `document.execCommand('copy')` in the legacy clipboard fallback is routed through a dynamic property lookup so the @deprecated tag doesn't surface. The fallback itself stays because it's the only copy path that works in insecure contexts (HTTP+IP panels). The dropped ClientFormModal.css was already unimported. eslint.deprecated.config.js loads the type-aware ruleset and turns everything off except `@typescript-eslint/no-deprecated`, so future scans are a single command: npx eslint --config eslint.deprecated.config.js src Not wired into `npm run lint` because typed linting roughly triples the run time. Verified clean: typecheck, lint, and the deprecated scan all 0 warnings. * feat(clients): show comment under email in the Client column The clients table's Client cell already stacks email + subId; add the admin comment as a third muted line so notes like "VIP" or "friend of X" are visible in the list view without opening the info modal. Renders only when set, so rows without a comment look unchanged. * docs(frontend): refresh README + simplify deprecated-scan config README rewrite reflects the post-Zod-migration state: - 3 Vite entries (index/login/subpage), not "one per panel route" - New folders: schemas/, lib/xray/, generated/, test/, layouts/ - Scripts table covers test/gen:api/gen:zod alongside the existing dev/build/lint/typecheck - New sections on the Zod schema tree, the three validation layers, the unified Form.useForm + antdRule pattern, and the golden fixture testing setup - "Adding a new page" updated to reflect that most additions are just react-router entries in routes.tsx, not new Vite bundles - Explicit note that `@deprecated` in the prose is a JSDoc tag, not a shell command — comes with the exact one-line npx invocation eslint.deprecated.config.js trimmed: dropping the recommendedTypeChecked spread + the ~28 rule overrides that came with it. The config now wires the @typescript-eslint and react-hooks plugins manually and enables exactly one rule (`@typescript-eslint/no-deprecated`). 45 lines → 30, same output: zero false-positives, zero noise, zero deprecations on the current tree. * chore(frontend): bump deps + refresh lockfile `npm update` within the existing semver ranges, plus a Vite bump the user explicitly accepted: - vite 8.0.13 → 8.0.14 (exact pin kept) - dayjs 1.11.20 → 1.11.21 - i18next 26.2.0 → 26.3.0 - typescript-eslint 8.59.4 → 8.60.0 - @rc-component/table + a handful of other transitive antd deps resolved to newer patch versions in the lockfile The earlier 8.0.13 pin was carried over from an esbuild dep-optimizer regression that broke vue-i18n in Vite 8.0.14 dev mode. This codebase uses react-i18next, doesn't hit the same chunking edge case, and `npm run dev` was smoked clean on 8.0.14 before accepting the bump. * feat(clients): compact link + inbound rows in the info modal and table ClientInfoModal — Copy URL section reskinned: - Each link is a single row: [PROTOCOL] [remark] [copy] [QR] instead of a card with the raw 200-char URL printed inline - Remark is parsed per-protocol — VMess pulls it from the base64-JSON `ps` field, the rest from the `#fragment` - The row title strips the client email suffix so the same string isn't repeated three times in the modal; the QR popover still uses the full remark (it's the QR's own name for the download file) - QR button opens an inline Popover with the existing QrPanel, size 220, destroyed on close - Subscription section uses the same row layout (SUB / JSON tags, clickable subId, copy + QR actions) - New per-protocol Tag colors so the protocol is identifiable at a glance ClientInfoModal — Attached inbounds + ClientsPage table column: - Chip format changed from `${remark} (${proto}:${port})` to just `${proto}:${port}` — when an admin attaches 5 inbounds to one client the remark was repeated 5 times and wrapped onto two lines - Only the first inbound chip is shown; the rest collapse into a `+N` chip that opens a Popover with the full list (remark included). INBOUND_CHIP_LIMIT = 1 - Per-protocol Tag colors - Tooltip on each chip shows the full `${remark} (${proto}:${port})` - Table column pinned to width: 170 so the row doesn't reserve the old 300px of whitespace next to the compact chip Comment row in the info table is always shown now (renders `-` when unset) so the layout doesn't jump per-client. VmessSecuritySchema gets a preprocess pass that maps legacy `security: ""` (persisted on pre-enum-lock VMess inbounds) back to `'auto'`. z.enum's `.default()` only fires on a missing field, not on an empty string — without this, old rows fail validation with "expected one of aes-128-gcm|chacha20-poly1305| auto|none|zero". `z.infer` is taken from the raw enum so the inferred type stays the union, not `unknown`. i18n adds a `more` key (en-US + fa-IR) used by the overflow chip label. * fix(xray): heal shadowsocks per-client method across all start paths xray-core's multi-user shadowsocks insists the per-client `method` matches the inbound's top-level cipher exactly for legacy ciphers, and is empty for 2022-blake3-*. The previous code (xray.go) copied `Client.Security` into the per-client `method` blindly, so a multi-protocol client created with the VMess default `"auto"` poisoned the SS config with `method: "auto"` → "unsupported cipher method: auto". Fix in two parts: - GetXrayConfig no longer projects `Client.Security` into the SS entry; the inbound's top-level method is now the single source of truth. - HealShadowsocksClientMethods moves to `database/model` and is invoked from `Inbound.GenXrayInboundConfig`, so the runtime add/update path (runtime.AddInbound) is normalised in addition to the full-restart path. For legacy ciphers heal now overwrites mismatched per-client methods rather than preserving them, so stale DB rows are also healed. * feat(sub): compact subscription rows with per-link email + PQ QR hide Mirror the ClientInfoModal redesign on the public SubPage so the subscription viewer reads as a tight `[PROTO] [remark] [copy] [QR]` row per link instead of raw URL cards. - subService.GetSubs now returns the per-link email list alongside the links, threaded through subController and BuildPageData into the `emails` field on subData (env.d.ts updated). Public links.go is updated to ignore the new return. - SubPage strips the client email from each row title using the matched per-link email (same trimEmail behaviour as the modal), and hides the QR button for post-quantum links (`pqv=`, `mlkem768`, `mldsa65`) since the encoded URL won't fit in a single QR. * feat(clients): hide QR for post-quantum links in client info modal Post-quantum keys (mldsa65 / ML-KEM-768) blow the encoded URL past what a single QR can hold. Detect them by the markers VLESS share links actually carry — `pqv=<base64>` for mldsa65Verify and `encryption=mlkem768x25519plus.*` for ML-KEM-768 — and drop the QR button for those rows. Copy still works. * fix(schemas): widen VLESS decryption/encryption to accept PQ values The post-quantum auth blocks (ML-KEM-768, X25519) populate `settings.decryption` / `settings.encryption` with values like `mlkem768x25519plus.<base64>` and `xchacha20-poly1305.aead.x25519`, but the schema pinned both fields to z.literal('none') so saving an inbound after picking "ML-KEM-768 auth" failed with `Invalid input: expected "none"`. Relax both fields (inbound + outbound + outbound form) to z.string().min(1) keeping the 'none' default. xray-core does its own validation server-side so a string check at the form boundary is enough. * feat(sub): clash row + reorganise SubPage around Subscription info ClientInfoModal: - Add a Clash / Mihomo row to the subscription section, gated on subClashEnable + subClashURI from /panel/setting/defaultSettings. Defaults payload schema is widened to carry subClashURI/subClashEnable. SubPage: - Drop the rectangular QR-codes header that used to sit at the very top of the card. The subscription info table now leads, followed by Divider("Copy URL") + per-protocol link rows (already converted to the compact ClientInfoModal pattern), then a new Divider("Subscription") + compact rows for the SUB / JSON / CLASH URLs with copy + QR-popover actions. The apps dropdown row remains the footer. CSS clean-up: removed the now-unused .qr-row/.qr-col/.qr-box/.qr-code rules; kept .qr-tag and trimmed the info-table top gap. Added a .sub-link-anchor underline-on-hover style for the new URL rows. * fix(sub): multi-inbound traffic + trojan/hysteria userinfo + utf-8 vmess remark Three bugs surfaced by the new SubPage and the recent client-record refactor: - xray.ClientTraffic.Email is globally unique, so a multi-inbound client has exactly one traffic row attached to whichever inbound claimed it. Iterating inbound.ClientStats per inbound dedup-locked the first lookup to zero for clients that lived under any other inbound, so the SubPage info table read 0 B for all the multi- inbound subs. Replaced appendUniqueTraffic with a single AggregateTrafficByEmails(emails) helper that runs one WHERE email IN (?) over xray.ClientTraffic and folds the rows. GetSubs / SubClashService.GetClash / SubJsonService.GetJson all share it. - Trojan and Hysteria share-links embedded the raw password/auth into the userinfo (scheme://<value>@host) without percent-encoding, so passwords containing `/` or `=` (e.g., base64-with-padding) broke popular trojan clients with parse errors. Added encodeUserinfo() that wraps url.QueryEscape and rewrites the `+` (space) back to `%20` for parity with encodeURIComponent on the frontend; applied to trojan.password and hysteria.auth. Same fix on the frontend's genTrojanLink. - VMess link remarks ride inside a base64-encoded JSON payload, but the SubPage / ClientInfoModal parser used JSON.parse(atob(body)), which treats the binary string as Latin-1 and shreds any multi-byte UTF-8 sequence. Most visible on the emoji decorations (genRemark appends 📊/⏳), so a remark like `test-1.00GB📊` rendered as `test-1.00GBð…`. Routed through Uint8Array + TextDecoder('utf-8') so multi-byte codepoints survive. * feat(settings): drop email leg from default remark model Change the default remarkModel from "-ieo" to "-io" so a freshly installed panel composes share-link remarks from the inbound name + optional extra only, leaving out the client email. Existing panels keep whatever value they have saved — only fresh installs and fallback paths (parse failure, missing setting) pick up the new default. Touched everywhere the literal "-ieo" lived: the canonical default map, the two sub-package fallback constants, the four frontend defaults (model class, link generator, two inbound modals, useInbounds hook). Two snapshot tests regenerated and one obsolete "contains email" assertion in inbound-from-db.test.ts removed. To migrate an existing panel that wants the new behaviour, edit Settings → Remark Model and remove the email leg. * feat(sub): usage summary card + remark-email on QR popover labels SubPage now opens with a clear quota panel directly under the info table: large `used / total` numbers, gradient progress bar (green ≤ 75%, orange to 90%, red above), `remained` and `%` on the foot, plus a Tag chip for unlimited subscriptions and a coloured chip for days left until expiry (blue >3d, orange ≤3d, red on expiry). Driven entirely off existing subData fields — no backend changes. While the row title in the link list stays email-stripped (default remark model omits email now), the QR popover label folds it back in so the rendered QR card identifies the client unambiguously. Tag content becomes `<rowTitle>-<email>` in both SubPage and ClientInfoModal — the encoded link itself is unchanged. SubPage section order is now: info table → usage summary → SUB / JSON / CLASH endpoints → per-protocol Copy URL rows → apps row, so the most-glanceable status sits above the fold.
2026-05-27 02:26:50 +00:00
"summary": "Return every URL for one client across all attached inbounds — the same strings the Copy URL button copies in the panel UI. Supported protocols: vmess, vless, trojan, shadowsocks, hysteria. If streamSettings.externalProxy is set, returns one URL per external proxy. Protocols without a URL form (socks, http, mixed, wireguard, dokodemo, tunnel) contribute nothing.",
feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
"operationId": "get_panel_api_clients_links_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"vless://uuid@host:443?...#user1"
]
}
}
}
}
}
}
},
"/panel/api/nodes/list": {
"get": {
"tags": [
"Nodes"
],
"summary": "List every configured node with its connection details, health, and last heartbeat patch.",
"operationId": "get_panel_api_nodes_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false,
"status": "online",
"lastHeartbeat": 1700000000,
"latencyMs": 42,
"xrayVersion": "25.x.x",
"panelVersion": "v3.x.x",
"cpuPct": 23.5,
"memPct": 45.1,
"uptimeSecs": 86400,
"lastError": "",
"inboundCount": 5,
"clientCount": 27,
"onlineCount": 3,
"depletedCount": 1,
"createdAt": 1700000000,
"updatedAt": 1700000000
}
]
}
}
}
}
}
}
},
"/panel/api/nodes/get/{id}": {
"get": {
"tags": [
"Nodes"
],
"summary": "Fetch a single node by ID.",
"operationId": "get_panel_api_nodes_get_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/add": {
"post": {
"tags": [
"Nodes"
],
"summary": "Register a new remote node. Provide its URL, apiToken, and optional remark / allowPrivateAddress flag.",
"operationId": "post_panel_api_nodes_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/update/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Replace a nodes connection details. Same body shape as /add.",
"operationId": "post_panel_api_nodes_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/del/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Delete a node. Inbounds bound to it are not auto-migrated.",
"operationId": "post_panel_api_nodes_del_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/setEnable/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Pause or resume traffic sync with this node.",
"operationId": "post_panel_api_nodes_setEnable_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": true
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/test": {
"post": {
"tags": [
"Nodes"
],
"summary": "Probe a node without saving it. Uses the body as connection details and returns the same heartbeat snapshot a registered node would have.",
"operationId": "post_panel_api_nodes_test",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef..."
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"status": "online",
"latencyMs": 42,
"xrayVersion": "25.x.x",
"panelVersion": "v3.x.x",
"cpuPct": 12.5,
"memPct": 45.2,
"uptimeSecs": 86400,
"error": ""
}
}
}
}
}
}
}
},
"/panel/api/nodes/probe/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Probe an existing node, updating its cached health state.",
"operationId": "post_panel_api_nodes_probe_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/history/{id}/{metric}/{bucket}": {
"get": {
"tags": [
"Nodes"
],
"summary": "Aggregated metric history for a node — same shape as /server/history, scoped to one node.",
"operationId": "get_panel_api_nodes_history_id_metric_bucket",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
},
{
"name": "metric",
"in": "path",
"required": true,
"description": "cpu | mem.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/list": {
"get": {
"tags": [
"Custom Geo"
],
"summary": "List configured custom geo sources with their type, alias, URL, status, and last-download timestamp.",
"operationId": "get_panel_api_custom_geo_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/aliases": {
"get": {
"tags": [
"Custom Geo"
],
"summary": "List geo aliases currently usable in routing rules — both built-in defaults and the user-configured ones.",
"operationId": "get_panel_api_custom_geo_aliases",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/add": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Register a custom geo source. Alias is auto-normalised; URL must point to a .dat / .json blob.",
"operationId": "post_panel_api_custom_geo_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"type": "geoip",
"alias": "myips",
"url": "https://example.com/geo/my.dat"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/update/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Replace a custom geo source. Same body shape as /add.",
"operationId": "post_panel_api_custom_geo_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/delete/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Remove a custom geo source and its cached file.",
"operationId": "post_panel_api_custom_geo_delete_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/download/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Re-download one custom geo source on demand.",
"operationId": "post_panel_api_custom_geo_download_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/update-all": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Re-download every configured custom geo source. Errors are reported per-source in the response.",
"operationId": "post_panel_api_custom_geo_update_all",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/backuptotgbot": {
"post": {
"tags": [
"Backup"
],
"summary": "Send a fresh DB backup to every Telegram chat configured as an admin recipient. No body, no params.",
"operationId": "post_panel_api_backuptotgbot",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/all": {
"post": {
"tags": [
"Settings"
],
"summary": "Return every panel setting: web server, Telegram bot, subscription, security, LDAP. The full JSON blob that the Settings page edits.",
"operationId": "post_panel_setting_all",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/defaultSettings": {
"post": {
"tags": [
"Settings"
],
"summary": "Return the computed default settings based on the request host. Useful to preview what a fresh install would use.",
"operationId": "post_panel_setting_defaultSettings",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/update": {
"post": {
"tags": [
"Settings"
],
"summary": "Persist every setting at once. The body mirrors the shape returned by /all. Invalid values (bad ports, missing cert pairs, etc.) are rejected before write.",
"operationId": "post_panel_setting_update",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/updateUser": {
"post": {
"tags": [
"Settings"
],
"summary": "Change the panel admin username and password. Requires the current credentials for verification. The session is refreshed with the new values on success.",
"operationId": "post_panel_setting_updateUser",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"oldUsername": {
"type": "string",
"description": "Current admin username."
},
"oldPassword": {
"type": "string",
"description": "Current admin password."
},
"newUsername": {
"type": "string",
"description": "Desired new username."
},
"newPassword": {
"type": "string",
"description": "Desired new password."
}
},
"required": [
"oldUsername",
"oldPassword",
"newUsername",
"newPassword"
]
},
"example": {
"oldUsername": "admin",
"oldPassword": "admin",
"newUsername": "newadmin",
"newPassword": "newpass"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/restartPanel": {
"post": {
"tags": [
"Settings"
],
"summary": "Restart the entire 3x-ui process after a 3-second grace period. The connection drops immediately; the panel comes back online ~5-10 seconds later.",
"operationId": "post_panel_setting_restartPanel",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/getDefaultJsonConfig": {
"get": {
"tags": [
"Settings"
],
"summary": "Return the built-in default Xray JSON config template that ships with this panel version.",
"operationId": "get_panel_setting_getDefaultJsonConfig",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/apiTokens": {
"get": {
"tags": [
"API Tokens"
],
"summary": "List every API token, enabled or not.",
"operationId": "get_panel_setting_apiTokens",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"name": "default",
"token": "abcdef-12345-...",
"enabled": true,
"createdAt": 1736000000
}
]
}
}
}
}
}
}
},
"/panel/setting/apiTokens/create": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Mint a new API token. Name must be unique and 1-64 characters; the token string is server-generated.",
"operationId": "post_panel_setting_apiTokens_create",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Human-readable label, e.g. \"central-panel-a\"."
}
},
"required": [
"name"
]
},
"example": {
"name": "central-panel-a"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"id": 2,
"name": "central-panel-a",
"token": "new-token-string",
"enabled": true,
"createdAt": 1736000000
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "a token with that name already exists"
}
}
}
}
}
}
},
"/panel/setting/apiTokens/delete/{id}": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Permanently delete a token. Any caller using it stops authenticating immediately.",
"operationId": "post_panel_setting_apiTokens_delete_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Token row ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/setting/apiTokens/setEnabled/{id}": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Toggle a token enabled/disabled without deleting it. Disabled tokens are rejected by checkAPIAuth on the next request.",
"operationId": "post_panel_setting_apiTokens_setEnabled_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Token row ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "New enabled state."
}
},
"required": [
"enabled"
]
},
"example": {
"enabled": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/xray/": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Return the Xray config template (JSON string), available inbound tags, client reverse tags, and the configured outbound test URL in one response.",
"operationId": "post_panel_xray",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"xraySetting": "{...raw xray config...}",
"inboundTags": "[\"inbound-443\"]",
"clientReverseTags": "[]",
"outboundTestUrl": "https://www.google.com/generate_204"
}
}
}
}
}
}
}
},
"/panel/xray/getDefaultJsonConfig": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return the built-in default Xray config shipped with the panel (identical to /panel/setting/getDefaultJsonConfig).",
"operationId": "get_panel_xray_getDefaultJsonConfig",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/getOutboundsTraffic": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return traffic statistics for every outbound. Each outbound shows up/down/total counters.",
"operationId": "get_panel_xray_getOutboundsTraffic",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/getXrayResult": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return the most recent Xray process stdout/stderr output. Useful to check for startup errors or runtime warnings.",
"operationId": "get_panel_xray_getXrayResult",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/update": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Save the Xray JSON config template and optionally the outbound test URL. Both are sent as form fields.",
"operationId": "post_panel_xray_update",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/warp/{action}": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Manage Cloudflare Warp integration. The action parameter selects the operation.",
"operationId": "post_panel_xray_warp_action",
"parameters": [
{
"name": "action",
"in": "path",
"required": true,
"description": "data — return Warp stats (quota, remaining). del — delete Warp data. config — return current Warp config. reg — register a new Warp endpoint (sends privateKey, publicKey). license — set a Warp+ license key (sends license).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/nord/{action}": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Manage NordVPN integration. The action parameter selects the operation.",
"operationId": "post_panel_xray_nord_action",
"parameters": [
{
"name": "action",
"in": "path",
"required": true,
"description": "countries — list available countries. servers — list servers in a country (sends countryId). reg — get NordVPN credentials (sends token). setKey — store NordVPN API key (sends key). data — return current NordVPN connection data. del — delete NordVPN data.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/resetOutboundsTraffic": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Reset traffic counters for a specific outbound by tag.",
"operationId": "post_panel_xray_resetOutboundsTraffic",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/testOutbound": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Test an outbound configuration. Sends the outbound JSON (required), optionally all outbounds (to resolve sockopt.dialerProxy dependencies), and a mode flag.",
"operationId": "post_panel_xray_testOutbound",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{subPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return base64-encoded subscription links for all enabled clients matching the subscription ID. When the request has an Accept: text/html header or ?html=1, renders a styled info page instead. Default path: /sub/:subid.",
"operationId": "get_subPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "subPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{jsonPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return subscription as a JSON array of proxy configs (one per enabled client). Only when JSON subscription is enabled in settings. Default path: /json/:subid.",
"operationId": "get_jsonPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "jsonPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{clashPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return subscription as a Clash/Mihomo-compatible YAML config. Only when Clash subscription is enabled in settings. Default path: /clash/:subid.",
"operationId": "get_clashPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "clashPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/ws": {
"get": {
"tags": [
"WebSocket"
],
"summary": "Upgrade an HTTP connection to a WebSocket. Requires an authenticated session cookie (Bearer token auth is not supported here). Returns 101 Switching Protocols on success. The server then pushes JSON messages described below.",
"operationId": "get_ws",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"→ type: status": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Server health snapshot pushed every 2 seconds. Contains CPU, memory, swap, disk, network IO, load, and Xray state — same shape as <code>GET /panel/api/server/status</code>.",
"operationId": "ws_type_status",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "status",
"data": {
"cpu": 12.5,
"mem": {
"current": 2147483648,
"total": 8589934592
},
"xray": {
"state": "running"
}
}
}
}
}
}
}
}
},
"→ type: xrayState": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Xray process state change. Fired when Xray starts, stops, or encounters an error.",
"operationId": "ws_type_xrayState",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "xrayState",
"data": "running"
}
}
}
}
}
}
},
"→ type: notification": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "In-panel toast notification. Fired on Xray stop/restart, DB import, panel restart, etc.",
"operationId": "ws_type_notification",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "notification",
"title": "Xray service restarted",
"body": "Xray has been restarted successfully",
"severity": "success"
}
}
}
}
}
}
},
"→ type: invalidate": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Instructs the UI to re-fetch a resource. Fired when another admin session modifies data (e.g. toggling inbound enable).",
"operationId": "ws_type_invalidate",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "invalidate",
"resource": "inbounds"
}
}
}
}
}
}
}
}
}
Reference in a new issue Copy permalink