- Add Role field to User model (admin/user) with uniqueIndex on Username
- Add POST /register endpoint with optional Cloudflare Turnstile verification
- Add RegisterUser service with bcrypt password hashing and duplicate detection
- Set default admin user role to "admin", new registrations get "user"
- Add turnstileSecretKey setting and GetTurnstileSecretKey getter
- Add i18n keys (userExists, errorRegister) to all 13 translation files
New fields added after initial install are now automatically merged
into the existing x-ui.json file, so upgrades pick up defaults for
newly added settings without requiring manual intervention.
Check x-ui.json or x-ui.db at DB folder path (/etc/x-ui) instead of
only checking x-ui.db at x-ui folder. Existing installs now skip all
username/password/path/port/SSL prompts and preserve saved settings.
The GitHub API returns "prerelease": false (with space after colon), but
the grep pattern used "prerelease":false (no space). Also, tag_name and
prerelease are on different lines after tr '{' '\\n', so the piped grep
chain couldn't find both fields. Fixed with grep -B5 to look backwards
from prerelease line to find tag_name.
Replace the single latest-release fetch in update_x-ui() with
get_releases() and select_version() functions that offer users a
choice between the latest stable and latest pre-release version,
matching the pattern already added to install.sh.
Add a register tab on the login page with username, password, confirm
password fields and Cloudflare Turnstile widget. The site key is
configurable via x-ui.json and exposed through a public endpoint.
The ssl_cert_issue function called systemctl start x-ui after certificate
installation, causing the panel to start before the install flow completed.
Changed install_x-ui final start to restart to guarantee the latest config is used.
Remove the duplicate release trigger. Now pushing a tag like v*.*.*
automatically creates a prerelease (if not exists) and uploads the
build artifacts via gh CLI, eliminating the duplicate build issue.
The build-windows job had an empty matrix platform list (amd64 was
commented out), causing GitHub Actions validation to fail with
"Unexpected value ''" on line 205. Comment out the entire job.
- config: add GetSettingPath for JSON-based settings storage
- setting.go: load/save settings from JSON file instead of DB;
keep xrayTemplateConfig in DB; fix ResetSettings to not clear users
- xray_setting.go: save xray template config to DB directly
- install.sh: add Cloudflare SSL option (wildcard via DNS), allow
user to input custom credentials on fresh install, fix existing
install logic to preserve user config
- uninstall: add certificate revocation prompt before removing
- reset_config: fix misleading confirmation text, also reset cert
config; remove user table deletion from Go ResetSettings
- Remove docker.yml (no Docker image publishing needed)
- Release workflow now triggers on tag push and release creation
- Only linux-amd64 builds active, other architectures commented out
- Windows build commented out
Replace all MHSanaei/3x-ui references in shell scripts, README files,
HTML, and CI config with Sora39831/3x-ui. Go import paths unchanged
to maintain upstream compatibility.
Update go toolchain to 1.26.1 and upgrade multiple direct and indirect modules (examples: github.com/gin-contrib/gzip v1.2.6, github.com/gin-contrib/sessions v1.1.0, github.com/go-ldap/ldap/v3 v3.4.13, github.com/goccy/go-json v0.10.6, github.com/pelletier/go-toml/v2 v2.3.0, github.com/shirou/gopsutil/v4 v4.26.3, github.com/xtls/xray-core v1.260327.0, golang.org/x/crypto v0.49.0, google.golang.org/grpc v1.80.0). go.sum updated accordingly to lock the new versions. Routine dependency refresh to pull in fixes and improvements.
When a client hit traffic/expiry limit, disableInvalidClients sets
client_traffics.enable=false and removes the user from Xray. GetClientTrafficByEmail
was overwriting that with settings.clients[].enable (admin config), so
ResetClientTraffic never saw the client as disabled and did not re-add
the user. Clients could not connect until manually disabled/re-enabled.
Now the DB runtime enable flag is preserved; reset correctly re-adds
the user to Xray.
it should be 'default' runlevel when add x-ui service to openrc, default is 'sysinit' runlevel. 'sysinit' runlevel is unnecessary,maybe.
if not, there is an error when call to function 'check_enabled()' as command 'grep default -c' can`t print 'default' runlevel.
check_enabled() {
if [[ $release == "alpine" ]]; then
if [[ $(rc-update show | grep -F 'x-ui' | grep default -c) == 1 ]]; then
return 0
else
return 1
fi
Add a createRobustFastHTTPClient helper to configure fasthttp.Client with better timeouts, connection limits, retries and optional SOCKS5 proxy dialing. Validate and sanitize proxy and API server URLs instead of returning early on invalid values, and build telego.Bot options dynamically. Reduce long-polling timeout to detect connection issues faster and adjust update retrieval comments. Implement exponential-backoff retry logic for SendMessage calls to handle transient connection/timeouts and improve delivery reliability; also reduce inter-message delay for better throughput.
Add rate-limit friendly delays and context timeouts when sending backups via Telegram. Iterate admin IDs with index to sleep 1s between sends; add 30s context.WithTimeout for each SendDocument call and defer file.Close() for opened files; insert a 500ms pause between sending DB and config files. These changes improve resource cleanup and reduce chance of Telegram rate-limit/timeout failures.
Replace simple curl+trim checks with a response+http_code parse to ensure the remote URL returns HTTP 200 and a non-empty body before assigning server_ip. Changes applied to install.sh, update.sh and x-ui.sh: use curl -w to append the status code, extract http_code and ip_result, and only set server_ip when http_code == 200 and ip_result is non-empty. This makes the IP discovery more robust against error pages or partial responses while keeping the existing timeout behavior.
