- Add splitTemplate() to split at proxies:/proxy-groups: markers (like mihomo-gen)
- Store clash_template.yaml and servers.yaml as files alongside x-ui.json
- Add Clash/Servers editors in Xray advanced config page
- Support multi-server proxy generation (each server × each client)
- Remove inline template editor from Clash settings panel
- Bump version to v1.7.2.1
The middleware was changed to trust CF-Connecting-IP instead of
X-Real-IP/X-Forwarded-For, but the tests still used the old headers.
TestRateLimitMiddleware_DifferentIPsIndependent was failing because
all requests fell back to the same httptest RemoteAddr.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When behind Cloudflare CDN, RemoteAddr shows CF's IP, breaking rate
limiting and logging. Trust CF-Connecting-IP (set by CF, cannot be
spoofed by clients) and fall back to RemoteAddr for direct connections.
- Add RateLimitMiddleware(10/min) to POST /login (previously unprotected)
- Use RemoteAddr instead of X-Real-IP/X-Forwarded-For in getRemoteIp() and rate limiter
- Prevents brute-force login and rate-limit bypass via spoofed headers
Replace worker's plain HTML table with the same a-table used by master,
fixing inconsistencies: missing role column, no error ellipsis, dead-code
empty state ternary, and duplicate a-empty elements.
Self-closing custom elements (<a-empty />) are invalid in HTML5
in-DOM templates. The browser treats them as opening tags, causing
subsequent sibling elements to become children. This made the
worker's node info table a child of the hidden <a-empty>, so it
never rendered when nodes.length > 0.
- ShouldBindJSON → ShouldBind with form tags (axios sends url-encoded)
- dbType dropdown value "mysql" → "mariadb" to match backend
- Replace inline styles with theme-aware CSS classes for dark mode
v-else on <table> element was not recognized by Vue template compiler,
causing the worker node info table to never render. Use v-if="nodes.length > 0"
instead to ensure the table renders when data is available.
- Replace a-descriptions/a-descriptions-item with plain HTML table in
nodes.html — the components were missing from the antd.min.js bundle
due to tree-shaking, causing the worker node view to render empty
- Fix ensureDefaultNodeSettings to write defaults to both "node" and
"other" groups for backward compatibility (tests were failing)
Silent error swallowing made it impossible to diagnose why worker
couldn't see master's heartbeat. Now logs errors from:
- updateNodeState upsert failures
- writeStateToSharedMariaDB connection/write failures
- getNodeStatesShared query failures
- list endpoint shows state count in logs
Also improved First() call to not overwrite state on error.
Bump version to v1.6.5.
When master uses SQLite locally, updateNodeState only wrote to local DB.
Workers querying shared MariaDB never saw the master's heartbeat.
Now master also writes its heartbeat to the shared MariaDB via a
temporary connection when MariaDB connection settings are configured.
Bump version to v1.6.4.
Node settings (nodeRole, nodeId, syncInterval, trafficFlushInterval)
now have defaults in the settings system. On fresh install, they are
automatically created in x-ui.json under the 'node' group. The
settingGroupAliases now look in 'node' first, then 'other' for
backward compatibility.
In shared mode, the master may use SQLite locally while workers
write heartbeats to the shared MariaDB. The /list endpoint now
opens a temporary MariaDB connection to query node_states when
the local DB is not MariaDB.
- Add nodeController field and route group in api.go
- Add /panel/nodes page route in xui.go
- Verified node.go does not add duplicate checkAdmin middleware
Expose node management API endpoints for the cluster feature:
- GET /node/list — returns connected nodes with online status
- GET /node/config — returns current node + DB configuration
- POST /node/config — validates and persists node settings to x-ui.json
- Replace plain textarea with CodeMirror editor (YAML syntax highlighting, line numbers, auto-indent) for Clash subscription template
- Fix confAlerts crash when subClashURI/subURI/subJsonURI is null/undefined (prevented save button from enabling)
- Add yaml.js CodeMirror mode asset
- Include docs and .gitignore cleanup
Add /clash/:subid endpoint that returns complete Clash YAML config.
User provides full template (DNS, routing, proxy-groups, rules) in
settings, panel generates proxies from inbound/client data and injects
via proxies: [] placeholder replacement.
- New SubClashService reads template, generates vmess/vless/trojan/ss
proxy entries with transport (ws/grpc/h2/tcp/httpupgrade), TLS, and
Reality support
- Settings: subClashEnable, subClashPath, subClashURI, subClashTemplate
- UI: Clash settings tab, QR code on subpage, Desktop dropdown with
clash-verge:// deep link preferring Clash URL
- Version bump to v1.5.2-beta
Replace SQLite-only JSON_EACH with DB-type branching (JSON_TABLE for
MariaDB) in subscription, client traffic, and migration queries.
Bump version to v1.5.1.
The traffic-pending.json file could contain a stale client traffic delta
with inboundId=0 (created before the InboundId resolution fix). When
flushToDatabase tried to INSERT this into client_traffics, it violated
the foreign key constraint fk_inbounds_client_stats, causing the entire
transaction to roll back and blocking ALL traffic from being written to
MariaDB.
- Skip deltas with InboundID==0 in flushToDatabase with a warning log
- Share a single TrafficPendingStore between XrayTrafficJob and the
flush loop to eliminate a race condition from dual file instances
- Add test for zero InboundID skip behavior
In shared mode the Xray API returns InboundId=0 for client traffic.
Collect() now looks up the real InboundId from the client_traffics table
by email, and skips unknown emails with a warning. Also computes and
sets online clients in XrayTrafficJob since addClientTraffic is bypassed.
