Add /clash/:subid endpoint that returns complete Clash YAML config.
User provides full template (DNS, routing, proxy-groups, rules) in
settings, panel generates proxies from inbound/client data and injects
via proxies: [] placeholder replacement.
- New SubClashService reads template, generates vmess/vless/trojan/ss
proxy entries with transport (ws/grpc/h2/tcp/httpupgrade), TLS, and
Reality support
- Settings: subClashEnable, subClashPath, subClashURI, subClashTemplate
- UI: Clash settings tab, QR code on subpage, Desktop dropdown with
clash-verge:// deep link preferring Clash URL
- Version bump to v1.5.2-beta
Replace SQLite-only JSON_EACH with DB-type branching (JSON_TABLE for
MariaDB) in subscription, client traffic, and migration queries.
Bump version to v1.5.1.
The traffic-pending.json file could contain a stale client traffic delta
with inboundId=0 (created before the InboundId resolution fix). When
flushToDatabase tried to INSERT this into client_traffics, it violated
the foreign key constraint fk_inbounds_client_stats, causing the entire
transaction to roll back and blocking ALL traffic from being written to
MariaDB.
- Skip deltas with InboundID==0 in flushToDatabase with a warning log
- Share a single TrafficPendingStore between XrayTrafficJob and the
flush loop to eliminate a race condition from dual file instances
- Add test for zero InboundID skip behavior
In shared mode the Xray API returns InboundId=0 for client traffic.
Collect() now looks up the real InboundId from the client_traffics table
by email, and skips unknown emails with a warning. Also computes and
sets online clients in XrayTrafficJob since addClientTraffic is bypassed.
- inject lightweight hooks in CheckDeviceLimitJob for deterministic tests
- add tests for run re-entrancy, disabled enforcement unban, and stale ban cleanup
- add inbound deviceLimit model/frontend fields and translations
- add CheckDeviceLimitJob with observation window and xray API ban/unban
- prevent job re-entrancy and restore users when limit is disabled
- reduce lock scope via snapshots to avoid blocking log parsing
- Prevent DBPassword from leaking to frontend (json:"-")
- Make migration direction explicit via --direction flag, set dbType only after success
- Use driver-appropriate DROP INDEX IF EXISTS for SQLite vs MariaDB
- Build DSN with mysql.Config.FormatDSN() to prevent injection with special chars
- Close DB before re-initialization in InitDB
- Add migration tests (5 tests using SQLite in-memory DBs)
- Parse JSON once in GetDBConfigFromJSON instead of 7 times
- Use Go binary for dbType in shell script instead of fragile grep
- Add rollback on failure in db_switch_to_sqlite
- Validate DB settings in CheckValid
- Close migration DB connections with defer to prevent leaks
- Truncate destination tables before migration to avoid duplicates
- Wrap migration in transaction for atomicity
- Pass DB password via env var instead of CLI args to avoid process list exposure
- Improve error messages for MariaDB export/import with alternatives
- Update package doc to reflect dual DB support
- DRY migration logic with shared migrateAllTables function
