* feat: add support for trusted X-Forwarded-For and testseed parameters in VLESS settings
* chore: update Xray Core version to 25.12.8 in release workflow
* chore: update Xray Core version to 25.12.8 in Docker initialization script
* chore: bump version to 2.8.6 and add watcher for security changes in inbound modal
* refactor: remove default and random seed buttons from outbound form
* refactor: update VLESS form to rename 'Test Seed' to 'Vision Seed' and change button functionality for seed generation
* refactor: enhance TLS settings form layout with improved button styling and spacing
* feat: integrate WebSocket support for real-time updates on inbounds and Xray service status
* chore: downgrade version to 2.8.5
* refactor: translate comments to English
* fix: ensure testseed is initialized correctly for VLESS protocol and improve client handling in inbound modal
* refactor: simplify VLESS divider condition by removing unnecessary flow checks
* fix: add fallback date formatting for cases when IntlUtil is not available
* refactor: simplify WebSocket message handling by removing batching and ensuring individual message delivery
* refactor: disable WebSocket notifications in inbound and index HTML files
* refactor: enhance VLESS testseed initialization and button functionality in inbound modal
* fix:
* refactor: ensure proper WebSocket URL construction by normalizing basePath
* fix:
* fix:
* fix:
* refactor: update testseed methods for improved reactivity and binding in VLESS form
* logger info to debug
---------
Co-authored-by: lolka1333 <test123@gmail.com>
* feat: persist client last online and expose API
* feat(ui): show client last online in table and info modal
* i18n: add “Last Online” across locales
* chore: format timestamps as HH:mm:ss
* chore: implement 2fa auth
from #2786
* chore: format code
* chore: replace two factor token input with qr-code
* chore: requesting confirmation of setting/removing two-factor authentication
otpauth library was taken from cdnjs
* chore: revert changes in `ClipboardManager`
don't need it.
* chore: removing twoFactor prop in settings page
* chore: remove `twoFactorQr` object in `mounted` function
* Revert "json post base path bug fixed (#2647)"
This reverts commit 04cf250a54.
* Revert "Group Management of Subscription Clients"
* Revert "fix getSubGroupClients for enable/disable and edit clients."
* Revert "Enhance database initialization in db.go (#2645)"
This reverts commit 66fe84181b.
* Revert "Add checkpoint handling in CloseDB function (#2646)"
This reverts commit 4dd40f6f19.
* Revert "Improved database model migration and added indexing (#2655)"
This reverts commit b922d986d6.
* add group user with the same subscription id to all inbounds
* code format compare
* add await for reset client traffic
* en language changed
* added client traffic syncer job
* handle exist email duplicate in sub group
* multi reset and delete request for clients group
* add client traffic syncer setting option
* vi translate file updated
* auto open qr-modal bug fixed
- Refactor SUBController subs and subJsons methods to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host if unavailable.
- Update html function to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host if unavailable.
- Update DomainValidatorMiddleware to first attempt to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host.
Fixes: #2284
Signed-off-by: Ahmad Thoriq Najahi <najahi@zephyrus.id>
* [refactor] api controller
* [fix] access log path
better to not hardcode the access log path, maybe some ppl dont want to use the default ./access.log
* [fix] set select options from logs paths in xray settings
* [update] .gitignore
* [lint] all .go files
* [update] use status code for jsonMsg and 401 to unauthorize
* [update] handle response status code via axios
* [fix] set correct value if log paths is set to 'none'
we also use the default value for the paths if its set to none
* [fix] iplimit - only warning access log if f2b is installed
