- Vite dev server reads webBasePath from x-ui.db via node:sqlite and
injects __X_UI_BASE_PATH__ on every HTML serve, mirroring dist.go.
Single broad proxy regex catches backend routes whether the URL is
prefixed or not, and the bypass serves login.html for the bare
basePath URL so post-logout navigation lands on Vite's own page
instead of the production dist HTML's hashed asset URLs.
- axios.defaults.baseURL is set from __X_UI_BASE_PATH__ at startup so
HttpUtil calls reach the backend's basePath group instead of 404ing
on every prefixed install. fetch() for the public CSRF endpoint
prepends the prefix manually since it doesn't honor axios defaults.
- Logout/redirect responses set Cache-Control: no-store and the index
handler's logged-in redirect uses an absolute base_path+panel/ URL,
preventing browsers from replaying a stale cached 307 that bounced
the user back to /panel/ after logout.
- ClearSession also issues a Path=/ deletion cookie when basePath is
not "/", so a legacy cookie from an earlier basePath setting can't
keep IsLogin returning true after logout.
- getPanelUpdateInfo no longer returns a translated error message on
GitHub fetch failures, so HttpUtil's auto-popup stays quiet on
offline / blocked environments.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* [refactor] api controller
* [fix] access log path
better to not hardcode the access log path, maybe some ppl dont want to use the default ./access.log
* [fix] set select options from logs paths in xray settings
* [update] .gitignore
* [lint] all .go files
* [update] use status code for jsonMsg and 401 to unauthorize
* [update] handle response status code via axios
* [fix] set correct value if log paths is set to 'none'
we also use the default value for the paths if its set to none
* [fix] iplimit - only warning access log if f2b is installed
