Commit graph

60 commits

Author SHA1 Message Date
pwnnex
17f67ef3a5 sub: dont panic on bad externalProxy entry in genHysteriaLink
The externalProxy fanout from #4073 did `int(ep["port"].(float64))`
with no ok-check. If any entry is missing port or has the wrong
type it panics, and since this runs in the /sub/<id> handler the
whole subscription returns 500. Skip malformed entries instead.
2026-04-22 18:55:27 +03:00
pwnnex
eb4791a1cd hysteria: also accept "hysteria2" protocol string
UI stores v1 and v2 both as "hysteria" with settings.version, but
inbounds that came in from imports / manual SQL can carry the
literal "hysteria2" string and get silently dropped everywhere we
switch on protocol.

Add Hysteria2 constant + IsHysteria helper, use it in the places
that gate on protocol (sub SQL, getLink, genHysteriaLink, clash
buildProxy, json gen, inbound.go validation, xray AddUser).

Existing "hysteria" inbounds are untouched.

closes #4081
2026-04-22 18:55:09 +03:00
pwnnex
9611c9def6
Fix Hysteria External Proxy + include Hysteria in Clash subscription (#4053) (#4073)
* Fix Hysteria External Proxy + include Hysteria in Clash subscription (#4053)

Two related gaps on the Hysteria side of the subscription layer:

1) `genHysteriaLink` ignored `externalProxy` entirely, so an admin who
   pointed a Hysteria inbound at an alternate endpoint (e.g. a CDN
   hostname forwarding UDP back to the node) still got a link with the
   original server address. Mirror what `genVlessLink` / `genTrojanLink`
   already do: fan out one link per entry, substituting `dest` / `port`
   and picking up the entry's remark suffix. As a bonus, the salamander
   obfs password is now copied into the URL too — the panel-side link
   generator already did this, so the subscription output was lagging
   behind it.

2) `buildProxy` in `subClashService.go` had a protocol switch with cases
   for VMESS / VLESS / Trojan / Shadowsocks and a `default: return nil`.
   Hysteria inbounds fell into the default branch and silently vanished
   from the Clash YAML. Route Hysteria to a dedicated
   `buildHysteriaProxy` helper before the transport/security helpers run
   (applyTransport / applySecurity model xray streams, which Hysteria
   doesn't use).

   `buildHysteriaProxy` reads `inbound.StreamSettings` directly instead
   of going through `streamData` / `tlsData`, because those prune
   fields (`allowInsecure`, the salamander `finalmask.udp` block) that
   the mihomo Hysteria proxy wants preserved. Output shape matches
   mihomo's expectations:

     type: hysteria2                  # or "hysteria" for v1
     password / auth-str: <client auth>
     sni, alpn, skip-cert-verify, client-fingerprint
     obfs: salamander
     obfs-password: <finalmask.udp[salamander].settings.password>

The existing `getProxies` fanout over `externalProxy` already plugs in
for Clash, so with Hysteria now recognised, External Proxy entries
also flow through to the Clash output for Hysteria inbounds.

Closes #4053

* gofmt: align map keys in buildHysteriaProxy

---------

Co-authored-by: pwnnex <eternxles@gmail.com>
2026-04-22 10:01:21 +02:00
pwnnex
2983ac3f8e
Fix xhttp xPadding settings missing from generated links (panel + subs) (#4065)
* Fix: propagate xhttp xPadding settings into generated subscription links

The four `genXLink` helpers in `sub/subService.go` only copied `path`,
`host` and `mode` out of `xhttpSettings` when building vmess:// /
vless:// / trojan:// / ss:// URLs. Everything else — `xPaddingBytes`,
`xPaddingObfsMode`, `xPaddingKey`, `xPaddingHeader`,
`xPaddingPlacement`, `xPaddingMethod` — was silently dropped.

That meant an admin who set, say, `xPaddingBytes: "80-600"` plus obfs
mode with a custom `xPaddingKey` on the inbound had a server config
that no client could match from the copy-pasted link: the client kept
the xray/sing-box internal defaults (`100-1000`, `x_padding`,
`Referer`), hit the server, and was rejected by

    invalid padding (queryInHeader=Referer, key=x_padding) length: 0

The user-visible symptom on OpenWRT / Podkop / sing-box was
"xhttp inbound just won't connect" — no obvious pointer to what was
actually wrong because the link itself *looks* complete.

Fix:

  * New helper `applyXhttpPaddingParams(xhttp, params)` writes
    `x_padding_bytes=<range>` (flat, sing-box family reads this) and
    an `extra=<url-encoded-json>` blob carrying the full set of xhttp
    settings (xray-core family reads this). Both encodings are emitted
    side-by-side so every mainstream client can pick at least one up.
  * All four link generators (`genVmessLink` via the obj map,
    `genVlessLink`, `genTrojanLink`, `genShadowsocksLink`) now invoke
    the copy.
  * Obfs-only fields (`xPaddingKey`, `xPaddingHeader`,
    `xPaddingPlacement`, `xPaddingMethod`) are only included when
    `xPaddingObfsMode` is actually true and the admin filled them in.
    An inbound with no custom padding produces exactly the same URL
    as before — existing subscriptions are unaffected.

* Also propagate xhttp xPadding settings into the panel's own Info/QR links

The previous commit covered the subscription service
(sub/subService.go). The admin-panel side — the "Copy URL" / QR /
Info buttons inside inbound details — has four more
xhttp-emitting link generators in `web/assets/js/model/inbound.js`
(`genVmessLink`, `genVLESSLink`, `genTrojanLink`, `genSSLink`) that
had the exact same gap: only `path`, `host` and `mode` were copied.

Mirror the server-side fix on the client:

* Add two static helpers on `Inbound`:
  - `Inbound.applyXhttpPaddingToParams(xhttp, params)` for
    `vless://` / `trojan://` / `ss://` style URLs — writes
    `x_padding_bytes=<range>` (sing-box family) and
    `extra=<url-encoded-json>` (xray-core family).
  - `Inbound.applyXhttpPaddingToObj(xhttp, obj)` for the VMess base64
    JSON body — sets the same fields directly on the object.
* Call them from all four link generators so an admin who enables
  obfs mode + a custom `xPaddingKey` / `xPaddingHeader` actually
  gets a working URL from the panel.
* Only non-empty fields are emitted, so default inbounds produce
  exactly the same URL as before.

Also fixes a latent positional-args bug in
`web/assets/js/model/outbound.js`: both VMess-JSON (L933) and
`fromParamLink` (L975) were calling
`new xHTTPStreamSettings(path, host, mode)` — but the 3rd positional
arg of the constructor is `headers`, not `mode`, so `mode` was
landing in the `headers` slot and the actual `mode` field stayed at
its default. Construct explicitly and set `mode` by name; while
here, also pick up `x_padding_bytes` and the `extra` JSON blob from
the imported URL so the symmetric case of importing a padded link
works too.

---------

Co-authored-by: pwnnex <eternxles@gmail.com>
2026-04-21 19:15:51 +02:00
MHSanaei
ae5ad505d0
add hysteria inbound
Some checks are pending
CodeQL Advanced / Analyze (go) (push) Waiting to run
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Release 3X-UI / Analyze Go code (push) Waiting to run
Release 3X-UI / build (386) (push) Blocked by required conditions
Release 3X-UI / build (amd64) (push) Blocked by required conditions
Release 3X-UI / build (arm64) (push) Blocked by required conditions
Release 3X-UI / build (armv5) (push) Blocked by required conditions
Release 3X-UI / build (armv6) (push) Blocked by required conditions
Release 3X-UI / build (armv7) (push) Blocked by required conditions
Release 3X-UI / build (s390x) (push) Blocked by required conditions
Release 3X-UI / Build for Windows (push) Blocked by required conditions
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2026-04-20 16:05:27 +02:00
zhuzn
d580086361
feat add clash yaml convert (#3916)
* docs(agents): add AI agent guidance documentation

* feat(sub): add Clash/Mihomo YAML subscription service

Add SubClashService to convert subscription links to Clash/Mihomo
YAML format for direct client compatibility.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(sub): integrate Clash YAML endpoint into subscription system

- Add Clash route handler in SUBController
- Update BuildURLs to include Clash URL
- Pass Clash settings through subscription pipeline

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(web): add Clash settings to entity and service

- Add SubClashEnable, SubClashPath, SubClashURI fields
- Add getter methods for Clash configuration
- Set default Clash path to /clash/ and enable by default

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(ui): add Clash settings to subscription panels

- Add Clash enable switch in general subscription settings
- Add Clash path/URI configuration in formats panel
- Display Clash QR code on subscription page
- Rename JSON tab to "Formats" for clarity

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(js): add Clash support to frontend models

- Add subClashEnable, subClashPath, subClashURI to AllSetting
- Generate and display Clash QR code on subscription page
- Handle Clash URL in subscription data binding

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>
2026-04-19 22:26:13 +02:00
Nikita Nemirovsky
96b568b838
fix(sub): use safe type assertion for xhttp mode field (#3990)
Unsafe type assertion `xhttp["mode"].(string)` panics when mode is
nil (e.g., when xhttpSettings only contains path without mode). The
panic is caught by Gin's recovery middleware and returned as HTTP 500.

Use comma-ok pattern matching the fix already applied to gRPC's
authority field in 21d98813.

Fixes #3987
2026-04-19 21:12:11 +02:00
MHSanaei
511adffc5b
Remove allowInsecure
Remove the deprecated `allowInsecure`
2026-02-11 18:21:23 +01:00
Ilya Kryuchkov
6041d10e3d
Refactor code and fix linter warnings (#3627)
Some checks are pending
Release 3X-UI / build (386) (push) Waiting to run
Release 3X-UI / build (amd64) (push) Waiting to run
Release 3X-UI / build (arm64) (push) Waiting to run
Release 3X-UI / build (armv5) (push) Waiting to run
Release 3X-UI / build (armv6) (push) Waiting to run
Release 3X-UI / build (armv7) (push) Waiting to run
Release 3X-UI / build (s390x) (push) Waiting to run
Release 3X-UI / Build for Windows (push) Waiting to run
* refactor: use any instead of empty interface

* refactor: code cleanup
2026-01-05 05:54:56 +01:00
Igor Kamyshnikov
b747730211
vless: use Inbound Listen address in Subscription service (#3610)
Some checks are pending
Release 3X-UI / build (386) (push) Waiting to run
Release 3X-UI / build (amd64) (push) Waiting to run
Release 3X-UI / build (arm64) (push) Waiting to run
Release 3X-UI / build (armv5) (push) Waiting to run
Release 3X-UI / build (armv6) (push) Waiting to run
Release 3X-UI / build (armv7) (push) Waiting to run
Release 3X-UI / build (s390x) (push) Waiting to run
Release 3X-UI / Build for Windows (push) Waiting to run
* vless: use Inbound Listen address in Subscription service

vless manual connection link and subscription produced connection link are aligned.
subscription service now returns an IP address configured on Inbound, instead of subscription service IP,
which is consistent when the address, returned by QR code for manual vless link distribution.
2026-01-03 04:39:30 +01:00
mhsanaei
5822758b7c
tiny changes 2025-09-24 19:51:01 +02:00
mhsanaei
5620d739c6
improved sub: BuildURLs 2025-09-21 21:20:37 +02:00
mhsanaei
37c17357fc
undo vnext for vmess
Some checks are pending
Release 3X-UI / build (386) (push) Waiting to run
Release 3X-UI / build (amd64) (push) Waiting to run
Release 3X-UI / build (arm64) (push) Waiting to run
Release 3X-UI / build (armv5) (push) Waiting to run
Release 3X-UI / build (armv6) (push) Waiting to run
Release 3X-UI / build (armv7) (push) Waiting to run
Release 3X-UI / build (s390x) (push) Waiting to run
Release 3X-UI / Build for Windows (push) Waiting to run
2025-09-20 13:10:57 +02:00
mhsanaei
6ced549dea
docs: add comments for all functions 2025-09-20 09:35:50 +02:00
mhsanaei
7447cec17e
go package correction v2
Some checks are pending
Release 3X-UI / build (386) (push) Waiting to run
Release 3X-UI / build (amd64) (push) Waiting to run
Release 3X-UI / build (arm64) (push) Waiting to run
Release 3X-UI / build (armv5) (push) Waiting to run
Release 3X-UI / build (armv6) (push) Waiting to run
Release 3X-UI / build (armv7) (push) Waiting to run
Release 3X-UI / build (s390x) (push) Waiting to run
Release 3X-UI / Build for Windows (push) Waiting to run
2025-09-19 10:05:43 +02:00
mhsanaei
054cb1dea0
go package correction 2025-09-18 23:12:14 +02:00
mhsanaei
8c8d280f14
minor change 2025-09-18 12:20:21 +02:00
mhsanaei
c4871ef8fe
sub page: improved 2025-09-16 14:38:18 +02:00
mhsanaei
1de7accd7c
vnext removed 2025-09-16 13:41:05 +02:00
Alireza Ahmadi
bc0518391e sub template enhancements
Some checks failed
Release 3X-UI / build (386) (push) Has been cancelled
Release 3X-UI / build (amd64) (push) Has been cancelled
Release 3X-UI / build (arm64) (push) Has been cancelled
Release 3X-UI / build (armv5) (push) Has been cancelled
Release 3X-UI / build (armv6) (push) Has been cancelled
Release 3X-UI / build (armv7) (push) Has been cancelled
Release 3X-UI / build (s390x) (push) Has been cancelled
Release 3X-UI / Build for Windows (push) Has been cancelled
2025-09-14 23:08:09 +02:00
Alireza Ahmadi
3ac1d7f546 enhancements 2025-09-14 19:44:26 +02:00
mhsanaei
10025ffa66
Subscription 2025-09-14 18:56:31 +02:00
Sanaei
b008ff4ad2
Vlessenc (#3426)
* mlkem768

* VlessEnc
2025-09-07 22:35:38 +02:00
mhsanaei
de5314c01f
fix: pqv for sub #3306 2025-08-04 10:24:21 +02:00
mhsanaei
0bde51b91e
Refactor: Use any instead of interface{} 2025-03-12 20:43:43 +01:00
mhsanaei
4efcdb3e01
Transport: Remove HTTP
Migrated to XHTTP "stream-one" mode.
2024-12-04 13:49:43 +01:00
mhsanaei
b859327b8a
splithttp to xhttp 2024-12-03 22:24:34 +01:00
mhsanaei
ccda652e69
SplitHTTP - Mode 2024-11-14 13:09:51 +03:30
mhsanaei
e359b5c75e
removed - XTLS Security
because its too old and no one use it anymore
2024-10-29 12:50:25 +01:00
mhsanaei
58c721e7d2 quic removed 2024-09-09 09:46:39 +02:00
mhsanaei
93d52bc86c new - vmess security (inbound client side - outbound) 2024-08-11 00:47:44 +02:00
mhsanaei
7417c52c8f fixed - sub show time when "Start After First Use" 2024-07-17 16:39:53 +02:00
mhsanaei
39aae6fd16 sub - add hour for time left
1D,10H
22M
2024-07-01 19:11:40 +02:00
mhsanaei
7f2c11220f new - splithttp transport
splithttp inbound
splithttp outbound
change priority host for ws - httpupgrade (host>>headers)
2024-06-18 12:49:20 +02:00
mhsanaei
c147636133 add header for httpupgrade 2024-04-02 23:41:06 +03:30
mhsanaei
4e20bb5f02 Add host for WS 2024-04-01 17:02:02 +04:30
mhsanaei
21d988133e [sub] fix grpc authority failure
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2024-04-01 12:09:45 +04:30
somebodywashere
43ec88bb24
Small fixes (#2106) 2024-03-21 10:21:12 +03:30
MHSanaei
3af55cc5b4 [sub] random reality params
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2024-03-11 13:52:06 +03:30
MHSanaei
01cd7539f9 New - gRPC Authority 2024-03-11 13:00:00 +03:30
MHSanaei
d18eb7e4e4 New - HttpUpgrade Transport 2024-03-11 11:27:43 +03:30
Hamidreza
64a5a9f1bc
Some fixes and improvements (#1997)
* [refactor] api controller

* [fix] access log path

better to not hardcode the access log path, maybe some ppl dont want to use the default ./access.log

* [fix] set select options from logs paths in xray settings

* [update] .gitignore

* [lint] all .go files

* [update] use status code for jsonMsg and 401 to unauthorize

* [update] handle response status code via axios

* [fix] set correct value if log paths is set to 'none'

we also use the default value for the paths if its set to none

* [fix] iplimit - only warning access log if f2b is installed
2024-03-11 01:01:24 +03:30
MHSanaei
03b7a34793 [sub] json + fragment
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2024-02-21 14:17:52 +03:30
Ali Rahimi
c76199514a
added Jalalian datepicker (shamsi) (#1460)
* added datepicker option in setting page
jalalian datepicker component was added
translate files for datepicker updated

* dark mode bug fixed
2024-01-02 12:02:21 +03:30
MHSanaei
af54b34f3a v2.0.0 2023-12-11 15:15:06 +01:00
Alireza Ahmadi
c980a06969 customizable remark #1300 2023-12-08 20:31:17 +01:00
Alireza Ahmadi
5fbf8f0d53 Expand multiDomain to externalProxy #1300 2023-12-08 18:45:21 +01:00
Alireza Ahmadi
4ee986aa71 [sub] fix typo #1286 2023-12-05 23:09:08 +01:00
MHSanaei
149bd0ec51 v1.7.7 2023-08-26 22:24:56 +03:30
MHSanaei
38e1d0f94e [sub] improve usage info in Remark
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
2023-08-26 15:11:12 +03:30