Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-05 12:44:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
3x-ui/frontend/public/openapi.json

5081 lines
146 KiB
JSON
Raw Normal View History

feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
{
"openapi": "3.0.3",
"info": {
"title": "3X-UI Panel API",
"version": "3.x",
"description": "Programmatic interface to a 3X-UI panel. Authenticate either by logging in (cookie) or with an API token from Settings → Security → API Token (Bearer). All endpoints under /panel/api/* honour both modes."
},
"servers": [
{
"url": "/",
"description": "Current panel (basePath aware)"
}
],
"components": {
"securitySchemes": {
"bearerAuth": {
"type": "http",
"scheme": "bearer",
"description": "API token from Settings → Security → API Token. Send as `Authorization: Bearer <token>`."
},
"cookieAuth": {
"type": "apiKey",
"in": "cookie",
"name": "3x-ui",
"description": "Session cookie set by POST /login. Browser-only."
}
}
},
"security": [
{
"bearerAuth": []
},
{
"cookieAuth": []
}
],
"tags": [
{
"name": "Authentication",
"description": "Two authentication modes are supported. UI sessions use a cookie set by the login endpoint. Programmatic clients (bots, scripts, remote panels) authenticate with a Bearer token taken from Settings → Security → API Token. Both work for every endpoint under /panel/api/*."
},
{
"name": "Inbounds",
"description": "Manage inbound configurations and their clients. All endpoints live under /panel/api/inbounds and require a logged-in session or Bearer token. Link-generating endpoints honour forwarded headers only when the request comes from a configured trusted proxy."
},
{
"name": "Server",
"description": "System status, log retrieval, certificate generators, Xray binary management, and backup/restore. All under /panel/api/server."
},
{
"name": "Clients",
"description": "Manage clients as first-class entities that can be attached to one or more inbounds. A single client row drives the settings.clients entry in every inbound it belongs to. Endpoints live under /panel/api/clients."
},
{
"name": "Nodes",
"description": "Manage remote 3x-ui panels acting as nodes for a central panel. All endpoints under /panel/api/nodes."
},
{
"name": "Custom Geo",
"description": "Manage user-supplied GeoIP / GeoSite source files. All endpoints under /panel/api/custom-geo."
},
{
"name": "Backup",
"description": "Operations that interact with the configured Telegram bot."
},
{
"name": "Settings",
"description": "Panel configuration and user credentials. All endpoints live under /panel/setting and require a logged-in session or Bearer token."
},
{
"name": "API Tokens",
"description": "Manage Bearer tokens used for programmatic auth (bots, central panels acting on this node, CI). Each token has a unique name and an enabled flag — disable to revoke without deleting, delete to revoke permanently. Tokens are stored plaintext so the SPA can show them on demand. Send one as <code>Authorization: Bearer &lt;token&gt;</code> on any /panel/api/* request."
},
{
"name": "Xray Settings",
"description": "Xray configuration template, outbound management, Warp/Nord integration, and config testing. All endpoints under /panel/xray."
},
{
"name": "Subscription Server",
"description": "A separate HTTP/HTTPS server that serves proxy subscription links (standard, JSON, and Clash) to clients. The server listens on its own port (default 10882) and is configured in Settings → Subscription. Paths are configurable; defaults are shown below. All subscription endpoints set response headers for client apps to read traffic/expiry info."
},
{
"name": "WebSocket",
"description": "Real-time status updates via WebSocket. Connect once at <code>ws://<panel>/ws</code> to receive a stream of JSON messages without polling. Requires an authenticated session cookie (Bearer token auth is not supported). Each message has a <code>type</code> field that identifies the payload shape."
}
],
"paths": {
"/login": {
"post": {
"tags": [
"Authentication"
],
"summary": "Authenticate with username + password and receive a session cookie. Required before any cookie-based API call.",
"operationId": "post_login",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "Panel admin username."
},
"password": {
"type": "string",
"description": "Panel admin password."
},
"twoFactorCode": {
"type": "string",
"description": "OTP code when 2FA is enabled. Omit otherwise."
}
},
"required": [
"username",
"password",
"twoFactorCode"
]
},
"example": {
"username": "admin",
"password": "admin",
"twoFactorCode": "123456"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Logged in successfully"
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Wrong username or password"
}
}
}
}
}
}
},
"/logout": {
"post": {
"tags": [
"Authentication"
],
"summary": "Clear the session cookie. Requires the CSRF header for browser sessions.",
"operationId": "post_logout",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/csrf-token": {
"get": {
"tags": [
"Authentication"
],
"summary": "Mint a CSRF token for the current session. The SPA replays it in the X-CSRF-Token header on unsafe requests. Bearer-token callers can skip this — the middleware short-circuits CSRF for authenticated API requests.",
"operationId": "get_csrf_token",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "csrf-token-string"
}
}
}
}
}
}
},
"/getTwoFactorEnable": {
"post": {
"tags": [
"Authentication"
],
"summary": "Returns whether 2FA is enabled on the panel — used by the login page to decide whether to show the OTP field.",
"operationId": "post_getTwoFactorEnable",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": false
}
}
}
}
}
}
},
"/panel/api/inbounds/list": {
"get": {
"tags": [
"Inbounds"
],
"summary": "List every inbound owned by the authenticated user, including each inbounds clientStats traffic counters. settings, streamSettings, and sniffing are returned as nested JSON objects (no escaped strings); legacy callers that send them back as JSON-encoded strings are still accepted on write.",
"operationId": "get_panel_api_inbounds_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"userId": 1,
"up": 0,
"down": 0,
"total": 0,
"remark": "VLESS-443",
"enable": true,
"expiryTime": 0,
"listen": "",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "..."
}
},
"tag": "inbound-443",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"clientStats": []
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/list/slim": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Same shape as /list but with settings.clients[] stripped down to {email, enable, comment} and ClientStats not enriched with UUID/SubId. Use this for list pages; fetch /get/:id when you need the full per-client payload (uuid, password, flow, ...).",
"operationId": "get_panel_api_inbounds_list_slim",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"userId": 1,
"remark": "VLESS-443",
"settings": {
"clients": [
{
"email": "alice",
"enable": true
}
],
"decryption": "none"
},
"clientStats": []
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/options": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Lightweight picker projection of the authenticated users inbounds. Returns only id, remark, protocol, port, and a server-computed tlsFlowCapable flag (true for VLESS / port-fallback on TCP with tls or reality). Use this for dropdowns and attach pickers — it skips settings, streamSettings, and clientStats so the payload stays small even on panels with thousands of clients.",
"operationId": "get_panel_api_inbounds_options",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"remark": "VLESS-443",
"protocol": "vless",
"port": 443,
"tlsFlowCapable": true
}
]
}
}
}
}
}
}
},
"/panel/api/inbounds/get/{id}": {
"get": {
"tags": [
"Inbounds"
],
"summary": "Fetch a single inbound by numeric ID.",
"operationId": "get_panel_api_inbounds_get_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/add": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Create a new inbound. Send the full inbound payload (protocol, port, settings, streamSettings, sniffing, remark, expiryTime, total, enable). settings, streamSettings, and sniffing may be sent as nested JSON objects (preferred) or as JSON-encoded strings (legacy).",
"operationId": "post_panel_api_inbounds_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": true,
"remark": "VLESS-443",
"listen": "",
"port": 443,
"protocol": "vless",
"expiryTime": 0,
"total": 0,
"settings": {
"clients": [
{
"id": "...",
"email": "user1"
}
],
"decryption": "none",
"fallbacks": []
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "..."
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Port 443 is already in use"
}
}
}
}
}
}
},
"/panel/api/inbounds/del/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Delete an inbound by ID. Also removes its associated client stats rows.",
"operationId": "post_panel_api_inbounds_del_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/update/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Replace an inbounds configuration. Body shape mirrors /add. Heavy on inbounds with thousands of clients — prefer /setEnable for enable-only flips.",
"operationId": "post_panel_api_inbounds_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/setEnable/{id}": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Toggle only the enable flag without serialising the whole settings JSON. Recommended for UI switches on large inbounds.",
"operationId": "post_panel_api_inbounds_setEnable_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/{id}/resetTraffic": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Zero out upload + download counters for a single inbound. Does not touch per-client counters.",
"operationId": "post_panel_api_inbounds_id_resetTraffic",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/resetAllTraffics": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Reset upload + download counters on every inbound. Destructive — accounting history is lost.",
"operationId": "post_panel_api_inbounds_resetAllTraffics",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/import": {
"post": {
"tags": [
"Inbounds"
],
"summary": "Bulk-import an inbound from a JSON blob (e.g. one exported via the UI). The body uses form encoding with a single \"data\" field.",
"operationId": "post_panel_api_inbounds_import",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/inbounds/{id}/fallbacks": {
"get": {
"tags": [
"Inbounds"
],
"summary": "List the fallback rules attached to a master VLESS/Trojan TCP-TLS inbound. Each rule links one child inbound (the dest) to optional SNI/ALPN/path/xver match criteria.",
"operationId": "get_panel_api_inbounds_id_fallbacks",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Master inbound ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"masterId": 10,
"childId": 11,
"name": "",
"alpn": "",
"path": "/vlws",
"xver": 2,
"sortOrder": 0
}
]
}
}
}
}
}
},
"post": {
"tags": [
"Inbounds"
],
"summary": "Replace the entire fallback list for a master inbound. Body is JSON. Triggers an Xray restart.",
"operationId": "post_panel_api_inbounds_id_fallbacks",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Master inbound ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"fallbacks": [
{
"childId": 11,
"path": "/vlws",
"xver": 2
},
{
"childId": 12,
"alpn": "h2"
}
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Inbound updated"
}
}
}
}
}
}
},
"/panel/api/server/status": {
"get": {
"tags": [
"Server"
],
"summary": "Real-time machine snapshot: CPU, memory, swap, disk, network IO, load averages, open connections, Xray state. Cached and refreshed every 2 seconds in the background.",
"operationId": "get_panel_api_server_status",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"cpu": 12.5,
"mem": {
"current": 2147483648,
"total": 8589934592
},
"swap": {
"current": 0,
"total": 4294967296
},
"disk": {
"current": 53687091200,
"total": 268435456000
},
"netIO": {
"up": 1073741824,
"down": 2147483648
},
"xray": {
"state": "running",
"version": "v25.10.31"
},
"tcpCount": 42,
"load": {
"load1": 0.5,
"load5": 0.3,
"load15": 0.2
}
}
}
}
}
}
}
}
},
"/panel/api/server/cpuHistory/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Legacy: aggregated CPU history. Use /history/cpu/:bucket instead — same data with a uniform {t, v} shape.",
"operationId": "get_panel_api_server_cpuHistory_bucket",
"parameters": [
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/history/{metric}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Aggregated time-series for one metric. Returns an array of {t, v} samples covering the last ~6 hours.",
"operationId": "get_panel_api_server_history_metric_bucket",
"parameters": [
{
"name": "metric",
"in": "path",
"required": true,
"description": "cpu | mem | netUp | netDown | online | load1 | load5 | load15.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"t": 1700000000,
"v": 12.5
},
{
"t": 1700000002,
"v": 13.1
}
]
}
}
}
}
}
}
},
"/panel/api/server/xrayMetricsState": {
"get": {
"tags": [
"Server"
],
"summary": "Xray runtime metrics state — whether the xray config has a `metrics` block, which expvar keys are flowing, and the current snapshot values for each. Returns an empty state when metrics are not configured.",
"operationId": "get_panel_api_server_xrayMetricsState",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayMetricsHistory/{metric}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Time-series history for one Xray runtime metric over the last ~6 hours. Same {t, v} shape as /history/:metric/:bucket.",
"operationId": "get_panel_api_server_xrayMetricsHistory_metric_bucket",
"parameters": [
{
"name": "metric",
"in": "path",
"required": true,
"description": "xrAlloc | xrSys | xrHeapObjects | xrNumGC | xrPauseNs.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayObservatory": {
"get": {
"tags": [
"Server"
],
"summary": "Latest snapshot from the Xray observatory — per-outbound latency, health status, and last-probe time. Only populated when the Xray config has an observatory configured.",
"operationId": "get_panel_api_server_xrayObservatory",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/xrayObservatoryHistory/{tag}/{bucket}": {
"get": {
"tags": [
"Server"
],
"summary": "Time-series of observatory probe results for one outbound tag. Same {t, v} shape as the other history endpoints.",
"operationId": "get_panel_api_server_xrayObservatoryHistory_tag_bucket",
"parameters": [
{
"name": "tag",
"in": "path",
"required": true,
"description": "Outbound tag from the observatory config.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getXrayVersion": {
"get": {
"tags": [
"Server"
],
"summary": "List Xray binary versions available for install on this host.",
"operationId": "get_panel_api_server_getXrayVersion",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"v25.10.31",
"v25.9.15",
"v25.8.1"
]
}
}
}
}
}
}
},
"/panel/api/server/getPanelUpdateInfo": {
"get": {
"tags": [
"Server"
],
"summary": "Check whether a newer 3x-ui release is available on GitHub.",
"operationId": "get_panel_api_server_getPanelUpdateInfo",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getConfigJson": {
"get": {
"tags": [
"Server"
],
"summary": "Return the assembled Xray config thats currently running on this host.",
"operationId": "get_panel_api_server_getConfigJson",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getDb": {
"get": {
"tags": [
"Server"
],
"summary": "Stream the SQLite database file as an attachment. Use as a manual backup.",
"operationId": "get_panel_api_server_getDb",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getNewUUID": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a fresh UUID v4. Convenience helper for client IDs.",
"operationId": "get_panel_api_server_getNewUUID",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "550e8400-e29b-41d4-a716-446655440000"
}
}
}
}
}
}
},
"/panel/api/server/getNewX25519Cert": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new X25519 keypair for Reality.",
"operationId": "get_panel_api_server_getNewX25519Cert",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"privateKey": "uN9qLfV3zH8w...",
"publicKey": "5v8xPqR2sM7k..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewmldsa65": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new ML-DSA-65 keypair (post-quantum signature). Returns {privateKey, publicKey, seed}.",
"operationId": "get_panel_api_server_getNewmldsa65",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"privateKey": "mdsa65priv...",
"publicKey": "mdsa65pub...",
"seed": "random-seed..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewmlkem768": {
"get": {
"tags": [
"Server"
],
"summary": "Generate a new ML-KEM-768 keypair (post-quantum KEM). Returns {clientKey, serverKey}.",
"operationId": "get_panel_api_server_getNewmlkem768",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"clientKey": "mlkem768-client...",
"serverKey": "mlkem768-server..."
}
}
}
}
}
}
}
},
"/panel/api/server/getNewVlessEnc": {
"get": {
"tags": [
"Server"
],
"summary": "Generate VLESS encryption auth options. Returns an auths array each with id, label, encryption, and decryption fields.",
"operationId": "get_panel_api_server_getNewVlessEnc",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"auths": [
{
"id": 0,
"label": "Auth #0",
"encryption": "aes-256-gcm",
"decryption": ""
}
]
}
}
}
}
}
}
}
},
"/panel/api/server/stopXrayService": {
"post": {
"tags": [
"Server"
],
"summary": "Stop the Xray binary. All proxies go offline immediately.",
"operationId": "post_panel_api_server_stopXrayService",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Xray is not running"
}
}
}
}
}
}
},
"/panel/api/server/restartXrayService": {
"post": {
"tags": [
"Server"
],
"summary": "Reload Xray with the current config. Typically required after structural inbound or routing changes.",
"operationId": "post_panel_api_server_restartXrayService",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "Xray config is invalid: ..."
}
}
}
}
}
}
},
"/panel/api/server/installXray/{version}": {
"post": {
"tags": [
"Server"
],
"summary": "Download and install the specified Xray version. Pass \"latest\" for the newest release.",
"operationId": "post_panel_api_server_installXray_version",
"parameters": [
{
"name": "version",
"in": "path",
"required": true,
"description": "Xray tag (e.g. v25.10.31) or \"latest\".",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updatePanel": {
"post": {
"tags": [
"Server"
],
"summary": "Self-update the panel to the latest version. The server restarts on success.",
"operationId": "post_panel_api_server_updatePanel",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updateGeofile": {
"post": {
"tags": [
"Server"
],
"summary": "Refresh the default GeoIP / GeoSite data files. Body can include a fileName, or use the /:fileName variant.",
"operationId": "post_panel_api_server_updateGeofile",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/updateGeofile/{fileName}": {
"post": {
"tags": [
"Server"
],
"summary": "Refresh a single Geo file by filename (e.g. geoip.dat, geosite.dat).",
"operationId": "post_panel_api_server_updateGeofile_fileName",
"parameters": [
{
"name": "fileName",
"in": "path",
"required": true,
"description": "Filename of the data file to refresh.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/logs/{count}": {
"post": {
"tags": [
"Server"
],
"summary": "Return the last N lines of the panels own log.",
"operationId": "post_panel_api_server_logs_count",
"parameters": [
{
"name": "count",
"in": "path",
"required": true,
"description": "Number of trailing log lines.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"level": "info",
"syslog": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "2025/01/01 12:00:00 [INFO] Server started\n2025/01/01 12:00:01 [INFO] Xray is running"
}
}
}
}
}
}
},
"/panel/api/server/xraylogs/{count}": {
"post": {
"tags": [
"Server"
],
"summary": "Return the last N lines of the Xray process log.",
"operationId": "post_panel_api_server_xraylogs_count",
"parameters": [
{
"name": "count",
"in": "path",
"required": true,
"description": "Number of trailing log lines.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": "2025/01/01 12:00:00 rejected vless proxy example.com reason: no valid user\n2025/01/01 12:00:01 direct freedom ok"
}
}
}
}
}
}
},
"/panel/api/server/importDB": {
"post": {
"tags": [
"Server"
],
"summary": "Restore the panel DB from an uploaded SQLite file (multipart form, field name \"db\"). The panel restarts after restore. Destructive.",
"operationId": "post_panel_api_server_importDB",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/server/getNewEchCert": {
"post": {
"tags": [
"Server"
],
"summary": "Generate a new ECH (Encrypted Client Hello) keypair and config list for the given SNI.",
"operationId": "post_panel_api_server_getNewEchCert",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/list": {
"get": {
"tags": [
"Clients"
],
"summary": "List every client with its attached inbound IDs and traffic record. The reverse field, if set, is returned as a nested JSON object (legacy JSON-encoded-string form is still accepted on write).",
"operationId": "get_panel_api_clients_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"email": "alice@example.com",
"subId": "abcd1234",
"uuid": "...",
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"enable": true,
"reverse": null,
"inboundIds": [
3,
5
],
"traffic": {
"up": 1024,
"down": 4096,
"enable": true
}
}
]
}
}
}
}
}
}
},
"/panel/api/clients/list/paged": {
"get": {
"tags": [
"Clients"
],
"summary": "Filter, sort, and paginate clients on the server. Each item is a slim row (no uuid/password/auth/flow/security/reverse/tgId) so the clients page can ship 25-ish rows in a few KB instead of the full table. The response also includes a summary computed across the full DB row set so dashboard counters stay stable as the user paginates or filters. Page size capped at 200; fetch /get/:email to obtain the full per-client payload for an edit/info modal.",
"operationId": "get_panel_api_clients_list_paged",
"parameters": [
{
"name": "page",
"in": "query",
"required": true,
"description": "1-indexed page number. Defaults to 1.",
"schema": {
"type": "integer"
}
},
{
"name": "pageSize",
"in": "query",
"required": true,
"description": "Rows per page. Defaults to 25, capped at 200.",
"schema": {
"type": "integer"
}
},
{
"name": "search",
"in": "query",
"required": true,
"description": "Case-insensitive substring match on email / subId / comment.",
"schema": {
"type": "string"
}
},
{
"name": "filter",
"in": "query",
"required": true,
"description": "Status bucket: online | active | deactive | depleted | expiring.",
"schema": {
"type": "string"
}
},
{
"name": "protocol",
"in": "query",
"required": true,
"description": "Match clients attached to at least one inbound of this protocol (vless, vmess, trojan, shadowsocks, ...).",
"schema": {
"type": "string"
}
},
{
"name": "sort",
"in": "query",
"required": true,
"description": "Sort key: enable | email | inboundIds | traffic | remaining | expiryTime.",
"schema": {
"type": "string"
}
},
{
"name": "order",
"in": "query",
"required": true,
"description": "ascend or descend.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"items": [
{
"email": "alice@example.com",
"subId": "abcd1234",
"enable": true,
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"limitIp": 0,
"reset": 0,
"inboundIds": [
3,
5
],
"traffic": {
"up": 1024,
"down": 4096,
"enable": true
},
"createdAt": 1735000000000,
"updatedAt": 1735100000000
}
],
"total": 2000,
"filtered": 47,
"page": 1,
"pageSize": 25,
"summary": {
"total": 2000,
"active": 1850,
"online": [
"alice@example.com"
],
"depleted": [],
"expiring": [],
"deactive": []
}
}
}
}
}
}
}
}
},
"/panel/api/clients/get/{email}": {
"get": {
"tags": [
"Clients"
],
"summary": "Fetch one client by email, including the inbound IDs it is attached to.",
"operationId": "get_panel_api_clients_get_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/add": {
"post": {
"tags": [
"Clients"
],
"summary": "Create a new client and attach it to one or more inbounds in a single call. Body is JSON. Per-protocol secrets (UUID for VLESS/VMess, password for Trojan/Shadowsocks, auth for Hysteria) are generated server-side when omitted, so callers can send only the universal fields.",
"operationId": "post_panel_api_clients_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"client": {
"email": "alice@example.com",
"totalGB": 53687091200,
"expiryTime": 1735689600000,
"tgId": 0,
"limitIp": 0,
"enable": true
},
"inboundIds": [
3,
5
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client added"
}
}
}
}
}
}
},
"/panel/api/clients/update/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Update an existing client by email. Changes propagate to every attached inbound. Body is the JSON client payload — supply the full set of fields you want to keep (the server replaces the row, it does not patch).",
"operationId": "post_panel_api_clients_update_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Current client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"email": "alice@example.com",
"totalGB": 107374182400,
"expiryTime": 1767225600000,
"tgId": 123456789,
"enable": true
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client updated"
}
}
}
}
}
}
},
"/panel/api/clients/del/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete a client by email. Removes it from every attached inbound and drops its traffic record unless keepTraffic=1 is passed.",
"operationId": "post_panel_api_clients_del_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
},
{
"name": "keepTraffic",
"in": "query",
"required": true,
"description": "Pass 1 to retain the xray_client_traffic row after deletion.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"msg": "Client deleted"
}
}
}
}
}
}
},
"/panel/api/clients/{email}/attach": {
"post": {
"tags": [
"Clients"
],
"summary": "Attach an existing client to one or more additional inbounds. Body is JSON.",
"operationId": "post_panel_api_clients_email_attach",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"inboundIds": [
7,
9
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/{email}/detach": {
"post": {
"tags": [
"Clients"
],
"summary": "Detach a client from one or more inbounds without deleting the client.",
"operationId": "post_panel_api_clients_email_detach",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"inboundIds": [
5
]
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/resetAllTraffics": {
"post": {
"tags": [
"Clients"
],
"summary": "Reset the up/down counters for every client globally. Quotas and expiry are not affected. Triggers an Xray restart if any counter actually moved.",
"operationId": "post_panel_api_clients_resetAllTraffics",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/api/clients/delDepleted": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete every client whose traffic quota is exhausted (used >= total, when reset is disabled) or whose expiry has passed. Returns the deleted count and triggers an Xray restart when any client was on a running inbound.",
"operationId": "post_panel_api_clients_delDepleted",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"deleted": 0
}
}
}
}
}
}
}
},
"/panel/api/clients/bulkAdjust": {
"post": {
"tags": [
"Clients"
],
"summary": "Shift expiry and/or traffic quota for many clients in one call. addDays/addBytes may be negative. Clients with unlimited expiry (expiryTime=0) or unlimited traffic (totalGB=0) are skipped for the corresponding field — bulk extend never converts unlimited to limited. Returns the adjusted count and per-email skip reasons.",
"operationId": "post_panel_api_clients_bulkAdjust",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
],
"addDays": 30,
"addBytes": 53687091200
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"adjusted": 2,
"skipped": [
{
"email": "carol",
"reason": "unlimited expiry"
}
]
}
}
}
}
}
}
}
},
feat(clients): server-side bulk create/delete with per-inbound batching Replace the panel-side fan-out (Promise.all of single /add and /del calls) that raced on the shared inbound config and capped throughput at roughly one round-trip per client. New endpoints batch the work on the server: - POST /panel/api/clients/bulkDel { emails, keepTraffic } - POST /panel/api/clients/bulkCreate [ {client, inboundIds}, ... ] BulkDelete groups emails by inbound and performs a single read-modify-write per inbound (one JSON parse, one marshal, one Save) instead of N. Per-row DB cleanups (ClientInbound, ClientTraffic, InboundClientIps, ClientRecord) are batched with WHERE...IN queries. Per-email failures are reported via Skipped[] and processing continues. BulkCreate iterates payloads sequentially through the same Create path single-add uses, so heterogeneous batches (different inboundIds, plans) remain valid in one round-trip. Frontend bulkDelete/bulkCreate hooks parse the new response shape ({ deleted|created, skipped[] }) and the bulk-add modal now posts a single request instead of fanning out emails.
2026-05-26 22:20:52 +00:00
"/panel/api/clients/bulkDel": {
"post": {
"tags": [
"Clients"
],
"summary": "Delete many clients in one call. The server processes the list sequentially so each delete sees the committed state of the previous one — avoids the race the per-email fan-out had on the panel side. Pass keepTraffic=true to retain the xray_client_traffic rows after deletion.",
"operationId": "post_panel_api_clients_bulkDel",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"emails": [
"alice",
"bob"
],
"keepTraffic": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"deleted": 2,
"skipped": [
{
"email": "carol",
"reason": "client not found"
}
]
}
}
}
}
}
}
}
},
"/panel/api/clients/bulkCreate": {
"post": {
"tags": [
"Clients"
],
"summary": "Create many clients in one call. Body is a JSON array of {client, inboundIds} payloads — the same shape /add accepts. Items are processed sequentially; per-email skip reasons are returned for items that fail (e.g., duplicate email). Triggers a single Xray restart at the end if any inbound was running.",
"operationId": "post_panel_api_clients_bulkCreate",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": [
{
"client": {
"email": "alice@example.com",
"totalGB": 53687091200,
"expiryTime": 0,
"enable": true
},
"inboundIds": [
7
]
},
{
"client": {
"email": "bob@example.com",
"totalGB": 53687091200,
"expiryTime": 0,
"enable": true
},
"inboundIds": [
7,
9
]
}
]
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"created": 2,
"skipped": [
{
"email": "alice@example.com",
"reason": "email already in use"
}
]
}
}
}
}
}
}
}
},
feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
"/panel/api/clients/resetTraffic/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Zero out a single clients up/down counters. Re-enables the client across every attached inbound and pushes the change to Xray (or the remote node) so depleted users can connect again immediately.",
"operationId": "post_panel_api_clients_resetTraffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/updateTraffic/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Manually adjust a clients upload + download counters. Useful for migrations from external accounting systems.",
"operationId": "post_panel_api_clients_updateTraffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"upload": 1073741824,
"download": 5368709120
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/ips/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "List source IPs that have connected with the given clients credentials. Returns an array of \"ip (timestamp)\" strings.",
"operationId": "post_panel_api_clients_ips_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/clearIps/{email}": {
"post": {
"tags": [
"Clients"
],
"summary": "Reset the recorded IP list for a client.",
"operationId": "post_panel_api_clients_clearIps_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/clients/onlines": {
"post": {
"tags": [
"Clients"
],
"summary": "List the emails of currently connected clients (last seen within the heartbeat window).",
"operationId": "post_panel_api_clients_onlines",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"user1",
"user2"
]
}
}
}
}
}
}
},
"/panel/api/clients/lastOnline": {
"post": {
"tags": [
"Clients"
],
"summary": "Map of client email → last-seen unix timestamp.",
"operationId": "post_panel_api_clients_lastOnline",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"user1": 1700000000,
"user2": 1699999000
}
}
}
}
}
}
}
},
"/panel/api/clients/traffic/{email}": {
"get": {
"tags": [
"Clients"
],
"summary": "Traffic counters for a client identified by email.",
"operationId": "get_panel_api_clients_traffic_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique across the panel).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"email": "user1",
"up": 1048576,
"down": 2097152,
"total": 10737418240,
"expiryTime": 1735689600000
}
}
}
}
}
}
}
},
"/panel/api/clients/subLinks/{subId}": {
"get": {
"tags": [
"Clients"
],
"summary": "Return every protocol URL (vless://, vmess://, trojan://, ss://, hysteria://, hy2://) for clients matching the subscription ID. Same result set as /sub/<subId>, but as a JSON array — no base64. When an inbound has streamSettings.externalProxy set, one URL is emitted per external proxy. Empty array when the subId has no enabled clients.",
"operationId": "get_panel_api_clients_subLinks_subId",
"parameters": [
{
"name": "subId",
"in": "path",
"required": true,
"description": "Subscription ID, taken from the client's subId field.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"vless://uuid@host:443?security=reality&...#user1",
"vmess://eyJ2IjoyLC..."
]
}
}
}
}
}
}
},
"/panel/api/clients/links/{email}": {
"get": {
"tags": [
"Clients"
],
refactor(frontend): align hysteria with new docs + drop hysteria2 protocol Phase 2 smoke fixes on the Inbound add flow surfaced that hysteria2 was modeled as a separate top-level protocol when it's really just hysteria v2. The xray transports/hysteria.html docs also pin the hysteria stream to a minimal shape (version/auth/udpIdleTimeout/masquerade) — the previous schema carried legacy congestion/up/down/udphop/window knobs that aren't part of the wire contract. Hysteria2 removal: - Drop 'hysteria2' from ProtocolSchema enum and Protocols const - Drop hysteria2 branches from inbound/outbound discriminated unions - Drop createDefaultHysteria2InboundSettings / OutboundSettings - Delete schemas/protocols/inbound/hysteria2.ts and outbound/hysteria2.ts - Drop hysteria2 case in getInboundClients / genLink (fell through to the hysteria handler anyway) - Update client form modals' MULTI_CLIENT_PROTOCOLS sets - Remove hysteria2-basic fixture + snapshot entries (14 capability cases, 1 protocols fixture, 1 inbound-defaults factory) - Keep parseHysteria2Link() outbound parser since hysteria2:// is the share-link URI prefix for hysteria v2 Hysteria stream alignment with xtls docs: - HysteriaStreamSettingsSchema reduced to version/auth/udpIdleTimeout/ masquerade per transports/hysteria.html - Masquerade type adds '' (default 404 page) and defaults to it - Outbound form drops Congestion/Upload/Download/UDP hop/Max idle/ Keep alive/Disable Path MTU controls and the receive-window note - newStreamSlice('hysteria') in OutboundFormModal mirrors the trimmed shape; outbound-link-parser emits the trimmed shape too - InboundFormModal Masquerade Select gains the default option New TUN inbound schema: - Add schemas/protocols/inbound/tun.ts with name/mtu/gateway/dns/ userLevel/autoSystemRoutingTable/autoOutboundsInterface - Wire into ProtocolSchema enum, InboundSettingsSchema discriminated union, createDefaultInboundSettings dispatcher Other Phase 2 smoke fixes folded in: - Tunnel portMap UI swaps Form.List for HeaderMapEditor v1 — wire shape is Record<string,string> and the List was producing arrays - Hysteria onValuesChange seeds full TLS schema defaults + one empty certificate row (Cipher Suites/Min/Max Version/uTLS/ALPN were undefined before) - HTTP/Mixed accounts Add button auto-fills user/pass with RandomUtil.randomLowerAndNum - Hysteria security tab gates the 'none' radio out — TLS only - Hysteria stream tab drops the inbound Auth password field (xray inbound auth is per-user via 'users', not stream-level) - Reality onSecurityChange auto-randomizes target/serverNames/ shortIds and fetches an X25519 keypair - Tag and DB-side fields (up/down/total/expiryTime/ lastTrafficResetTime/clientStats/security) gain hidden Form.Items so validateFields keeps them in the wire payload (rc-component form strips unregistered fields) - WireGuard inbound auto-seeds one peer with generated keypair, allowedIPs ['10.0.0.2/32'], keepAlive 0 — matches legacy - WireGuard peer rows separated by Divider with the Peer N title and a small inline remove button (titlePlacement="center")
2026-05-26 15:49:37 +00:00
"summary": "Return every URL for one client across all attached inbounds — the same strings the Copy URL button copies in the panel UI. Supported protocols: vmess, vless, trojan, shadowsocks, hysteria. If streamSettings.externalProxy is set, returns one URL per external proxy. Protocols without a URL form (socks, http, mixed, wireguard, dokodemo, tunnel) contribute nothing.",
feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541) * feat(frontend): introduce TanStack Query with status polling Wires @tanstack/react-query into every entry and migrates useStatus to useStatusQuery as the foundation for the multi-page MPA → SPA migration. - QueryProvider wraps each entry inside ThemeProvider, with devtools gated on import.meta.env.DEV - Shared queryClient: 30s staleTime, refetchOnWindowFocus, 1 retry - useStatusQuery preserves the { status, fetched, refresh } shape so IndexPage swaps in without further changes - refetchIntervalInBackground:false stops the 2s status poll when the panel tab is hidden, cutting idle traffic against the server * feat(frontend): collapse panel pages into a single React Router SPA Replaces the 7-entry MPA shell (index/clients/inbounds/nodes/settings/ xray/api-docs HTML files) with one main.tsx + createBrowserRouter. The Go backend now serves the same index.html for every authenticated panel route; React Router reads the URL and mounts the page from cache on subsequent navigation — no more full reloads between tabs. Frontend - main.tsx: single bootstrap (setupAxios, i18n, ThemeProvider, QueryProvider, RouterProvider) replacing 7 near-duplicate entries - routes.tsx: declarative router with lazy()-loaded pages, basename derived from window.X_UI_BASE_PATH so panels at /secret/panel work - layouts/PanelLayout.tsx: shell mount-point for the WS → queryClient bridge so connection survives navigation - api/websocketBridge.ts: subscribes the singleton WebSocketClient to queryClient and dispatches invalidate/outbounds events to cached queries (page-level useWebSocket handlers stay until Phase 3 hooks migrate) - AppSidebar: navigates via useNavigate + useLocation instead of window.location.href; drops basePath/requestUri props - Pages: drop the unused basePath/requestUri locals exposed only for the old sidebar Build - vite.config: 9 rollup inputs → 3 (index, login, subpage). Dev proxy bypass collapses /panel/* to index.html and skips API prefixes - vendor-tanstack + vendor-router chunks added to manualChunks Backend - xui.go: 7 per-page HTML handlers → one panelSPA handler serving index.html for /, /inbounds, /clients, /nodes, /settings, /xray, /api-docs. The /panel/api, /panel/setting, /panel/xray sub-routers are untouched * feat(frontend): migrate useNodes to TanStack Query Splits the hand-rolled useNodes hook into useNodesQuery (server data + NodeRecord type + derived totals) and useNodeMutations (add/update/del/ setEnable/probe/test). Mutations invalidate ['nodes'] on success, so the list refreshes without each call awaiting a manual refresh(). NodesPage drops useWebSocket({ nodes: applyNodesEvent }) — the WebSocket → query bridge now forwards the 'nodes' push to setQueryData(['nodes', 'list']) once at the SPA root. InboundsPage and the inbound form/list components import NodeRecord from its new home next to the query hook. * feat(frontend): migrate useAllSetting to TanStack Query Replaces the hand-rolled fetch + dirty-tracking hook with useAllSettings backed by useQuery + useMutation. The draft (current edits) is kept in local state and reset whenever query.data lands. saveAll posts the draft via a mutation; on success, invalidating ['settings'] refetches and the useEffect resets the draft so saveDisabled flips back to true. staleTime: Infinity prevents refetchOnWindowFocus from clobbering in-flight edits — settings only change in response to this user's own save. setSpinning stays as a pass-through to a local flag so the existing restartPanel flow in SettingsPage keeps showing its spinner. * feat(frontend): route useInbounds fetches through TanStack Query Rewrites useInbounds so its four server fetches (slim list, default settings, online clients, last-online map) live in useQuery with staleTime: Infinity. The in-place WS merge logic for traffic and client_stats is preserved — applyTrafficEvent / applyClientStatsEvent still mutate the locally-mirrored dbInbounds so the panel doesn't refetch every 1-2 seconds when stats stream in. refresh() becomes a thin invalidateQueries on the three list keys, which mutations in the page already call after add/edit/del. The bridge now forwards the WebSocket 'inbounds' push to setQueryData(['inbounds', 'slim']), and InboundsPage drops its useEffect(fetchDefaultSettings → refresh) plus the invalidate / inbounds wiring on useWebSocket — both are owned by the bridge now. * feat(frontend): migrate useClients to TanStack Query Replaces 12 hand-rolled mutation callbacks and a tangle of useState + useRef + useEffect with one useQuery (paged list) + nine useMutation wrappers. The list query uses keepPreviousData so paging/filter changes don't blank the table mid-fetch. The setQuery shallow-compare logic is preserved for backward compatibility with ClientsPage's effect that rebuilds the params on every render. Internally setQuery only updates state when the params actually differ — Query's queryKey equality handles the rest. WS-driven applyTrafficEvent / applyClientStatsEvent now mutate the query cache via setQueryData(['clients', 'list', currentParams]) so per-second stats updates skip a full refetch. applyInvalidate is gone from the hook — the bridge owns coarse 'clients' invalidation. ClientsPage drops the invalidate handler from its useWebSocket subscription; auxiliary queries (inboundOptions, defaults, onlines) load via TanStack Query and are shared with useInbounds via the same query keys. * feat(frontend): route useXraySetting fetches through TanStack Query Keeps the bidirectional xraySetting ↔ templateSettings editor sync and the 1s dirty-tracking interval intact (those are local editor state, not server data). All seven server calls move: - config + traffic → useQuery on ['xray', 'config'] and ['xray', 'outboundsTraffic'] - saveAll → useMutation that invalidates the config query - resetOutboundsTraffic → useMutation that invalidates the traffic query - restartXray → useMutation (fires the restart, then reads the result string) - resetToDefault → useMutation (fetch default config, push it into the editor via setTemplateSettings) The WebSocket 'outbounds' event already lands in keys.xray.outboundsTraffic() via the bridge, so XrayPage drops its useWebSocket({ outbounds: applyOutboundsEvent }) wiring entirely and the hook no longer exposes applyOutboundsEvent. A useEffect seeds xraySetting / templateSettings / tags / test URL from query data on first fetch and on every refetch, mirroring what the original fetchAll() did. * fix(frontend): restore per-route document titles in the SPA When the multi-entry MPA collapsed into a single index.html, every route inherited the static <title>3X-UI</title> from the shared shell, so every panel page showed "hostname - 3X-UI" instead of the original "hostname - Overview / Clients / Inbounds / ...". usePageTitle reads the current pathname and rewrites document.title on every navigation, matching the titles the deleted *.html files used to carry. Mounted in PanelLayout so it covers all panel routes without each page having to opt in. The startup applyDocumentTitle() call in main.tsx is gone — the hook sets the full "hostname - PageTitle" string itself. * feat(api-docs): expose OpenAPI spec + render Swagger UI in panel Replaces the hand-rolled API docs UI with industry-standard tooling so external integrations (Postman, Insomnia, openapi-generator) can consume the panel API without parsing endpoints.js by hand. Generator - frontend/scripts/build-openapi.mjs: walks the existing endpoints.js (still the single source of truth) and emits an OpenAPI 3.0.3 spec at frontend/public/openapi.json. Handles Gin :param → {param} path translation, body / query / path parameter splits, 200 + error response examples, and Bearer + cookie security schemes - npm run build now runs gen:api before vite build, so the spec is always in sync with what's documented Backend - web/controller/dist.go exposes ServeOpenAPISpec which streams the embedded dist/openapi.json with a short Cache-Control. Public endpoint (no auth) so Postman can fetch it without first logging in - web/web.go wires GET /panel/api/openapi.json before the auth-gated /panel/api router Panel - ApiDocsPage now renders swagger-ui-react fed by the basePath-aware openapi.json URL. Dark mode is overridden via CSS targeting the Swagger UI internals - CodeBlock / EndpointRow / EndpointSection are gone; the swagger-ui vendor chunk (134 KB gzipped) only loads on this lazy route, not on every panel page - vite.config: vendor-swagger manualChunk keeps the new dep out of the main vendor bundle For Postman: import http://<panel>/panel/api/openapi.json. Everything from /login + /panel/api/* shows up with auth, params, and examples. * style(api-docs): dark/ultra theme for Swagger UI Override every visual surface Swagger does not theme on its own: opblocks, tables, model boxes, form inputs, code blocks, modals, Servers dropdown, per-endpoint padlocks and expand chevrons. Replaces Swagger's default light-arrow chevron on selects with a light-fill SVG positioned at the corner so the dark background-color is visible. Also disables deepLinking to silence the noisy v4 underscore warning; not used in our panel.
2026-05-24 19:34:52 +00:00
"operationId": "get_panel_api_clients_links_email",
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"description": "Client email (unique identifier).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
"vless://uuid@host:443?...#user1"
]
}
}
}
}
}
}
},
"/panel/api/nodes/list": {
"get": {
"tags": [
"Nodes"
],
"summary": "List every configured node with its connection details, health, and last heartbeat patch.",
"operationId": "get_panel_api_nodes_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false,
"status": "online",
"lastHeartbeat": 1700000000,
"latencyMs": 42,
"xrayVersion": "25.x.x",
"panelVersion": "v3.x.x",
"cpuPct": 23.5,
"memPct": 45.1,
"uptimeSecs": 86400,
"lastError": "",
"inboundCount": 5,
"clientCount": 27,
"onlineCount": 3,
"depletedCount": 1,
"createdAt": 1700000000,
"updatedAt": 1700000000
}
]
}
}
}
}
}
}
},
"/panel/api/nodes/get/{id}": {
"get": {
"tags": [
"Nodes"
],
"summary": "Fetch a single node by ID.",
"operationId": "get_panel_api_nodes_get_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/add": {
"post": {
"tags": [
"Nodes"
],
"summary": "Register a new remote node. Provide its URL, apiToken, and optional remark / allowPrivateAddress flag.",
"operationId": "post_panel_api_nodes_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/update/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Replace a nodes connection details. Same body shape as /add.",
"operationId": "post_panel_api_nodes_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"name": "de-fra-1",
"remark": "",
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef...",
"enable": true,
"allowPrivateAddress": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/del/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Delete a node. Inbounds bound to it are not auto-migrated.",
"operationId": "post_panel_api_nodes_del_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/setEnable/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Pause or resume traffic sync with this node.",
"operationId": "post_panel_api_nodes_setEnable_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"enable": true
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/test": {
"post": {
"tags": [
"Nodes"
],
"summary": "Probe a node without saving it. Uses the body as connection details and returns the same heartbeat snapshot a registered node would have.",
"operationId": "post_panel_api_nodes_test",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"scheme": "https",
"address": "node1.example.com",
"port": 2053,
"basePath": "/",
"apiToken": "abcdef..."
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"status": "online",
"latencyMs": 42,
"xrayVersion": "25.x.x",
"panelVersion": "v3.x.x",
"cpuPct": 12.5,
"memPct": 45.2,
"uptimeSecs": 86400,
"error": ""
}
}
}
}
}
}
}
},
"/panel/api/nodes/probe/{id}": {
"post": {
"tags": [
"Nodes"
],
"summary": "Probe an existing node, updating its cached health state.",
"operationId": "post_panel_api_nodes_probe_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/nodes/history/{id}/{metric}/{bucket}": {
"get": {
"tags": [
"Nodes"
],
"summary": "Aggregated metric history for a node — same shape as /server/history, scoped to one node.",
"operationId": "get_panel_api_nodes_history_id_metric_bucket",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Node ID.",
"schema": {
"type": "integer"
}
},
{
"name": "metric",
"in": "path",
"required": true,
"description": "cpu | mem.",
"schema": {
"type": "string"
}
},
{
"name": "bucket",
"in": "path",
"required": true,
"description": "Bucket size in seconds. Allowed: 2, 30, 60, 120, 180, 300.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/list": {
"get": {
"tags": [
"Custom Geo"
],
"summary": "List configured custom geo sources with their type, alias, URL, status, and last-download timestamp.",
"operationId": "get_panel_api_custom_geo_list",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/aliases": {
"get": {
"tags": [
"Custom Geo"
],
"summary": "List geo aliases currently usable in routing rules — both built-in defaults and the user-configured ones.",
"operationId": "get_panel_api_custom_geo_aliases",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/add": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Register a custom geo source. Alias is auto-normalised; URL must point to a .dat / .json blob.",
"operationId": "post_panel_api_custom_geo_add",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
},
"example": {
"type": "geoip",
"alias": "myips",
"url": "https://example.com/geo/my.dat"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/update/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Replace a custom geo source. Same body shape as /add.",
"operationId": "post_panel_api_custom_geo_update_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/delete/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Remove a custom geo source and its cached file.",
"operationId": "post_panel_api_custom_geo_delete_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/download/{id}": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Re-download one custom geo source on demand.",
"operationId": "post_panel_api_custom_geo_download_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Custom geo source ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/custom-geo/update-all": {
"post": {
"tags": [
"Custom Geo"
],
"summary": "Re-download every configured custom geo source. Errors are reported per-source in the response.",
"operationId": "post_panel_api_custom_geo_update_all",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/api/backuptotgbot": {
"post": {
"tags": [
"Backup"
],
"summary": "Send a fresh DB backup to every Telegram chat configured as an admin recipient. No body, no params.",
"operationId": "post_panel_api_backuptotgbot",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/all": {
"post": {
"tags": [
"Settings"
],
"summary": "Return every panel setting: web server, Telegram bot, subscription, security, LDAP. The full JSON blob that the Settings page edits.",
"operationId": "post_panel_setting_all",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/defaultSettings": {
"post": {
"tags": [
"Settings"
],
"summary": "Return the computed default settings based on the request host. Useful to preview what a fresh install would use.",
"operationId": "post_panel_setting_defaultSettings",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/update": {
"post": {
"tags": [
"Settings"
],
"summary": "Persist every setting at once. The body mirrors the shape returned by /all. Invalid values (bad ports, missing cert pairs, etc.) are rejected before write.",
"operationId": "post_panel_setting_update",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/updateUser": {
"post": {
"tags": [
"Settings"
],
"summary": "Change the panel admin username and password. Requires the current credentials for verification. The session is refreshed with the new values on success.",
"operationId": "post_panel_setting_updateUser",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"oldUsername": {
"type": "string",
"description": "Current admin username."
},
"oldPassword": {
"type": "string",
"description": "Current admin password."
},
"newUsername": {
"type": "string",
"description": "Desired new username."
},
"newPassword": {
"type": "string",
"description": "Desired new password."
}
},
"required": [
"oldUsername",
"oldPassword",
"newUsername",
"newPassword"
]
},
"example": {
"oldUsername": "admin",
"oldPassword": "admin",
"newUsername": "newadmin",
"newPassword": "newpass"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/restartPanel": {
"post": {
"tags": [
"Settings"
],
"summary": "Restart the entire 3x-ui process after a 3-second grace period. The connection drops immediately; the panel comes back online ~5-10 seconds later.",
"operationId": "post_panel_setting_restartPanel",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/getDefaultJsonConfig": {
"get": {
"tags": [
"Settings"
],
"summary": "Return the built-in default Xray JSON config template that ships with this panel version.",
"operationId": "get_panel_setting_getDefaultJsonConfig",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/setting/apiTokens": {
"get": {
"tags": [
"API Tokens"
],
"summary": "List every API token, enabled or not.",
"operationId": "get_panel_setting_apiTokens",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": [
{
"id": 1,
"name": "default",
"token": "abcdef-12345-...",
"enabled": true,
"createdAt": 1736000000
}
]
}
}
}
}
}
}
},
"/panel/setting/apiTokens/create": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Mint a new API token. Name must be unique and 1-64 characters; the token string is server-generated.",
"operationId": "post_panel_setting_apiTokens_create",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Human-readable label, e.g. \"central-panel-a\"."
}
},
"required": [
"name"
]
},
"example": {
"name": "central-panel-a"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"id": 2,
"name": "central-panel-a",
"token": "new-token-string",
"enabled": true,
"createdAt": 1736000000
}
}
}
}
},
"400": {
"description": "Error response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
}
}
},
"example": {
"success": false,
"msg": "a token with that name already exists"
}
}
}
}
}
}
},
"/panel/setting/apiTokens/delete/{id}": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Permanently delete a token. Any caller using it stops authenticating immediately.",
"operationId": "post_panel_setting_apiTokens_delete_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Token row ID.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/setting/apiTokens/setEnabled/{id}": {
"post": {
"tags": [
"API Tokens"
],
"summary": "Toggle a token enabled/disabled without deleting it. Disabled tokens are rejected by checkAPIAuth on the next request.",
"operationId": "post_panel_setting_apiTokens_setEnabled_id",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "Token row ID.",
"schema": {
"type": "integer"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "New enabled state."
}
},
"required": [
"enabled"
]
},
"example": {
"enabled": false
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true
}
}
}
}
}
}
},
"/panel/xray/": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Return the Xray config template (JSON string), available inbound tags, client reverse tags, and the configured outbound test URL in one response.",
"operationId": "post_panel_xray",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"success": true,
"obj": {
"xraySetting": "{...raw xray config...}",
"inboundTags": "[\"inbound-443\"]",
"clientReverseTags": "[]",
"outboundTestUrl": "https://www.google.com/generate_204"
}
}
}
}
}
}
}
},
"/panel/xray/getDefaultJsonConfig": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return the built-in default Xray config shipped with the panel (identical to /panel/setting/getDefaultJsonConfig).",
"operationId": "get_panel_xray_getDefaultJsonConfig",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/getOutboundsTraffic": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return traffic statistics for every outbound. Each outbound shows up/down/total counters.",
"operationId": "get_panel_xray_getOutboundsTraffic",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/getXrayResult": {
"get": {
"tags": [
"Xray Settings"
],
"summary": "Return the most recent Xray process stdout/stderr output. Useful to check for startup errors or runtime warnings.",
"operationId": "get_panel_xray_getXrayResult",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/update": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Save the Xray JSON config template and optionally the outbound test URL. Both are sent as form fields.",
"operationId": "post_panel_xray_update",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/warp/{action}": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Manage Cloudflare Warp integration. The action parameter selects the operation.",
"operationId": "post_panel_xray_warp_action",
"parameters": [
{
"name": "action",
"in": "path",
"required": true,
"description": "data — return Warp stats (quota, remaining). del — delete Warp data. config — return current Warp config. reg — register a new Warp endpoint (sends privateKey, publicKey). license — set a Warp+ license key (sends license).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/nord/{action}": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Manage NordVPN integration. The action parameter selects the operation.",
"operationId": "post_panel_xray_nord_action",
"parameters": [
{
"name": "action",
"in": "path",
"required": true,
"description": "countries — list available countries. servers — list servers in a country (sends countryId). reg — get NordVPN credentials (sends token). setKey — store NordVPN API key (sends key). data — return current NordVPN connection data. del — delete NordVPN data.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/resetOutboundsTraffic": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Reset traffic counters for a specific outbound by tag.",
"operationId": "post_panel_xray_resetOutboundsTraffic",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/panel/xray/testOutbound": {
"post": {
"tags": [
"Xray Settings"
],
"summary": "Test an outbound configuration. Sends the outbound JSON (required), optionally all outbounds (to resolve sockopt.dialerProxy dependencies), and a mode flag.",
"operationId": "post_panel_xray_testOutbound",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{subPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return base64-encoded subscription links for all enabled clients matching the subscription ID. When the request has an Accept: text/html header or ?html=1, renders a styled info page instead. Default path: /sub/:subid.",
"operationId": "get_subPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "subPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{jsonPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return subscription as a JSON array of proxy configs (one per enabled client). Only when JSON subscription is enabled in settings. Default path: /json/:subid.",
"operationId": "get_jsonPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "jsonPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/{clashPath}{subid}": {
"get": {
"tags": [
"Subscription Server"
],
"summary": "Return subscription as a Clash/Mihomo-compatible YAML config. Only when Clash subscription is enabled in settings. Default path: /clash/:subid.",
"operationId": "get_clashPath_subid",
"parameters": [
{
"name": "subid",
"in": "path",
"required": true,
"description": "Client subscription ID.",
"schema": {
"type": "string"
}
},
{
"name": "clashPath",
"in": "path",
"required": true,
"description": "",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"/ws": {
"get": {
"tags": [
"WebSocket"
],
"summary": "Upgrade an HTTP connection to a WebSocket. Requires an authenticated session cookie (Bearer token auth is not supported here). Returns 101 Switching Protocols on success. The server then pushes JSON messages described below.",
"operationId": "get_ws",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
}
}
}
}
}
}
},
"→ type: status": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Server health snapshot pushed every 2 seconds. Contains CPU, memory, swap, disk, network IO, load, and Xray state — same shape as <code>GET /panel/api/server/status</code>.",
"operationId": "ws_type_status",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "status",
"data": {
"cpu": 12.5,
"mem": {
"current": 2147483648,
"total": 8589934592
},
"xray": {
"state": "running"
}
}
}
}
}
}
}
}
},
"→ type: xrayState": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Xray process state change. Fired when Xray starts, stops, or encounters an error.",
"operationId": "ws_type_xrayState",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "xrayState",
"data": "running"
}
}
}
}
}
}
},
"→ type: notification": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "In-panel toast notification. Fired on Xray stop/restart, DB import, panel restart, etc.",
"operationId": "ws_type_notification",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "notification",
"title": "Xray service restarted",
"body": "Xray has been restarted successfully",
"severity": "success"
}
}
}
}
}
}
},
"→ type: invalidate": {
"ws": {
"tags": [
"WebSocket"
],
"summary": "Instructs the UI to re-fetch a resource. Fired when another admin session modifies data (e.g. toggling inbound enable).",
"operationId": "ws_type_invalidate",
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"msg": {
"type": "string"
},
"obj": {}
}
},
"example": {
"type": "invalidate",
"resource": "inbounds"
}
}
}
}
}
}
}
}
}
Reference in a new issue Copy permalink