2425 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
vados-dev	75a820ce3a	Add .env file	2026-05-16 07:30:40 +03:00
vados-dev	f09e3960c4	Add devcontainer configuration for Node.js environment	2026-05-16 06:26:44 +03:00
vados-dev	7a7f8327a4	Update release.yml	2026-05-16 05:49:07 +03:00
vados-dev	70a6638063	Update docker.yml	2026-05-16 02:31:16 +03:00
vados-dev	1b022869f8	Fix semver pattern in Docker workflow	2026-05-16 02:14:16 +03:00
vados-dev	0932c60aa0	Correct CI_REGISTRY variable and enhance login script ... Fix typo in CI_REGISTRY variable and update login command.	2026-05-16 02:07:36 +03:00
vados-dev	1c08b76d14	Update docker.yml	2026-05-16 01:46:38 +03:00
vados-dev	72b5cb2090	Refactor Docker workflow for improved registry login	2026-05-16 00:55:19 +03:00
vados-dev	27cb5b910b	Update docker.yml	2026-05-16 00:34:35 +03:00
vados-dev	6661532573	Update Docker registry username variable	2026-05-16 00:01:49 +03:00
vados-dev	46e3546c55	Update docker.yml	2026-05-15 23:59:17 +03:00
vados-dev	3911d7d94f	Update Docker image name and registry login details	2026-05-15 23:46:31 +03:00
vados-dev	436e0f0a2f	Fix Docker registry authentication in workflow	2026-05-15 23:03:16 +03:00
vados-dev	dcd00c368b	Add login to reg.vados.ru in Docker workflow ... Added login step for reg.vados.ru registry.	2026-05-15 22:59:19 +03:00
vados-dev	5199b7d069	Fix registry authentication format in docker.yml	2026-05-15 22:52:59 +03:00
vados-dev	3e5c712ea2	Refactor Docker Hub and registry login steps ... Consolidate Docker registry login steps into a single action.	2026-05-15 22:39:52 +03:00
vados-dev	bfe22c099b	Update docker.yml	2026-05-15 21:39:19 +03:00
vados-dev	50a46a3a9d	Modify Docker workflow for new registry and image name ... Updated Docker workflow to use new image registry and environment variables.	2026-05-15 21:32:55 +03:00
vados-dev	7326f05685	Update docker.yml	2026-05-15 20:02:06 +03:00
MHSanaei	2928b52b04	feat(tgbot): add Flow picker when creating a VLESS client ... The bot's add-client flow already serialised client_Flow into the VLESS JSON template but never exposed a way to set it from Telegram, so every client ended up with an empty flow regardless of the inbound's transport. Added an inline "Flow" row to the VLESS protocol keyboard with three choices — None, xtls-rprx-vision, and xtls-rprx-vision-udp443 — and a matching i18n key in all 13 locale files. The row is only shown when the inbound can actually use Vision flow (mirrors the frontend's canEnableTlsFlow check: VLESS over TCP with TLS or Reality); on other transports it's hidden and any stale client_Flow value is reset, so the generated JSON stays consistent with the inbound's stream settings.	2026-05-15 13:12:54 +02:00
MHSanaei	07cdb82027	fix(inbounds): don't delete remote inbound when toggling enable ... SetInboundEnable called rt.DelInbound for every runtime, but Remote.DelInbound hits panel/api/inbounds/del/:id on the node — a real row delete, not just a "stop serving" hint like Local.DelInbound. Flipping the enable switch on a remote inbound therefore wiped the row on the node entirely. Route remote inbounds through UpdateInbound instead so the row stays and only the enable flag is patched. Local path keeps the Del+Add flow since that's how Xray's gRPC API expects to be driven. Fixes #4402	2026-05-15 12:43:16 +02:00
MHSanaei	f00f82b392	fix(outbound): probe UDP-based outbounds over UDP instead of TCP ... The fast-probe mode hard-coded net.DialTimeout("tcp", ...), so testing a WARP/WireGuard or Hysteria outbound always failed with an i/o timeout — those transports only listen on UDP, never on TCP. Probe is now transport-aware: extractOutboundEndpoints tags each endpoint with the network the proxy actually listens on (UDP for wireguard, hysteria, and any outbound whose streamSettings.network is hysteria, kcp, or quic; TCP otherwise). probeUDPEndpoint dials UDP, writes a single sentinel byte so the kernel can surface ICMP errors, and treats a read timeout as success (WireGuard ignores invalid packets, so silence is the expected reply from a reachable server). The result's mode field now reflects what was probed, so the UI badge shows UDP for these outbounds instead of mislabelling them as TCP.	2026-05-15 12:29:53 +02:00
MHSanaei	5a1019534f	refactor(inbounds): tighten advanced JSON helpers and fix dark-mode subtitles ... Collapsed repeated stream/sniffing/settings handling in InboundFormModal into shared helpers (stampAdvancedTextFor, parseAdvancedSliceWithLabel, compactAdvancedJson, withSaving) plus a wrapped-config factory for the single-key editors. Cuts ~120 lines from the script section with no behavior change. The advanced-panel subtitle and editor-meta text used a fixed dark color that was unreadable on the dark and ultra-dark modal backgrounds. Switched both to opacity-on-inherit so they pick up AntD's theme-aware foreground color, the same pattern .section-heading already uses.	2026-05-15 12:12:47 +02:00
Abdalrahman	78f1719c6d	fix: prevent online clients from randomly disappearing from panel UI (#4387) ... * fix: prevent online clients from randomly disappearing from panel UI Online status was determined solely by whether a client transferred bytes in the current 5-second polling window. The online list was completely replaced each cycle, so idle-but-connected clients with no traffic delta in that window were dropped from the UI. Now online status is computed from lastOnline DB timestamps with a 5-second grace period via RefreshOnlineClientsFromMap(), so clients remain visible across idle polling windows. Closes #4384 * fix: extend online client grace period to survive idle poll cycles The 5s grace period equalled the traffic-poll interval, so a client whose Xray stats reported a zero delta for one cycle was still dropped on the very next tick. Bump to 20s (~4 polls) so idle-but-connected sessions stay visible across momentary counter gaps without lingering long after a real disconnect. Refs #4384 --------- Co-authored-by: MHSanaei <ho3ein.sanaei@gmail.com>	2026-05-15 11:41:29 +02:00
MHSanaei	5cf8a08540	fix: disable balancer fallbackTag for random / roundRobin strategies ... Xray-core's RandomStrategy and RoundRobinStrategy register a pending dependency on the Observatory feature whenever fallbackTag is non-empty. Since the panel only provisions observatory for leastPing / leastLoad balancers, picking roundRobin with a fallbackTag caused xray to fail boot with "not all dependencies are resolved". Disable the fallback field for the two strategies that cannot resolve it, and strip fallbackTag from the wire balancer as a defensive backstop for users who edit the JSON template directly.	2026-05-15 11:24:50 +02:00
MHSanaei	79a9be7b22	fix: split locale chunks by removing eager i18n glob ... The eager `import.meta.glob` was statically pulling all 13 locale JSON files into the main bundle, defeating the sibling lazy glob and emitting INEFFECTIVE_DYNAMIC_IMPORT warnings. Statically import only the en-US fallback, lazy-load the rest, and await `readyI18n()` in each entry before mount so the first paint still uses the active locale.	2026-05-15 10:50:40 +02:00
Abdalrahman	19d50bd16c	fix: add i18n translations for Allow private address node option across all locales (#4386) ... * fix: add Chinese locale translations for Allow private address node option * fix: add Allow private address translations to all remaining locale files	2026-05-15 09:51:14 +02:00
MHSanaei	3af45c1462	fix: Add base-path meta tag for Cloudflare Rocket Loader compatibility ... When Cloudflare Rocket Loader is enabled, it interferes with inline scripts that set window.X_UI_BASE_PATH, causing the frontend to fail to configure the correct base URL for API calls. This results in 404 errors on the login page when calling /getTwoFactorEnable. Solution: Add meta name='base-path' tag to HTML (similar to csrf-token), update axios initialization to read from meta tag as fallback. Meta tags are not affected by CSP or Rocket Loader delays. Fixes #4393	2026-05-14 23:37:25 +02:00
MHSanaei	6badd829df	Remove streamSettings for protocols that don't support it ... - Frontend: Only include streamSettings in toJson() for vmess, vless, trojan, shadowsocks, and hysteria protocols - Frontend: Hide Stream tab in Advanced section for unsupported protocols - Frontend: Clear streamSettings in Advanced tab when switching to unsupported protocols - Frontend: Add CodeMirror JSON editor to config view in index page with mobile responsive design - Backend: Add normalizeStreamSettings() to clear streamSettings for tunnel, mixed, http, tun, and wireguard protocols - Backend: Apply normalization in AddInbound() and UpdateInbound() - Backend: Add omitempty JSON tag to StreamSettings field to exclude null values from Xray config	2026-05-14 23:18:23 +02:00
MHSanaei	b79abc8bc9	refactor: remove legacy advancedJson state	2026-05-14 20:32:38 +02:00
MHSanaei	05b68c3b13	fix: remove Auth password ... #4388	2026-05-14 19:28:09 +02:00
Abdalrahman	f3c7660f84	fix: correct Hysteria2 Obfs password label to Auth password (#4388) ... The Obfs password field in the Hysteria2 stream settings tab was incorrectly labeled. It binds to hysteriaSettings.auth (the server-wide authentication password), not to the salamander obfuscation password. Per Xray-core docs, Hysteria2 salamander obfuscation belongs in finalmask.udp[].salamander.password, which is correctly handled by the FinalMaskForm (UDP Masks section). Fixed the label to Auth password with an accurate tooltip explaining that salamander obfuscation is configured via the UDP Masks section below.	2026-05-14 18:53:04 +02:00
MHSanaei	9b0fd047cb	fix: guard certificate and key against undefined before join	2026-05-14 17:46:24 +02:00
MHSanaei	e4218a1029	feat: click QR to copy/save image instead of link text	2026-05-14 17:40:40 +02:00
Fedor Batonogov	7065d41be6	docs(readme): add Community Tools section (#4114) ... 3x-ui has a growing ecosystem of community tools (Terraform, scripts, exporters, etc.). This adds a Community Tools section between Acknowledgment and Support project in all 6 localized READMEs so users can discover them from the main project page. The format mirrors the existing Acknowledgment section so future maintainers of 3x-ui-related tools can extend it with one-line PRs.	2026-05-14 15:54:52 +02:00
MHSanaei	1284756f8a	fix(outbound): restore TLS, QUIC params and TCP masks when importing share links ... - fromHysteriaLink: parse security= URL param and populate stream.tls (SNI, fingerprint, ALPN, ECH) when security=tls; previously always forced security to 'none' - fromHysteriaLink: parse fm JSON param and populate both stream.finalmask.quicParams (drives the QUIC Params toggle in FinalMaskForm) and the mirrored stream.hysteria fields - fromParamLink (VLESS/Trojan/SS): parse fm JSON param and restore stream.finalmask (TCP masks, UDP masks, QUIC params) - fromVmessLink (VMess): same fm handling for the base64-JSON path Closes #4376	2026-05-14 13:27:55 +02:00
MHSanaei	1f052c0e8f	fix: preserve TLS cert file paths when deploying inbound to remote node ... When creating a Hysteria (or any TLS-required) inbound from the central panel and deploying it to a remote node, sanitizeStreamSettingsForRemote was unconditionally stripping certificateFile / keyFile from the TLS settings. This left Xray on the remote node with a TLS block containing no certificate, causing Xray to crash and the inbounds page to hang. The fix: only strip cert file paths when inline certificate content (certificate / key arrays) is also present in the same entry — those file paths are then truly redundant. When only file paths are present the user explicitly entered paths that live on the remote node's filesystem; they are now passed through untouched. Fixes #4370	2026-05-14 12:41:08 +02:00
MHSanaei	ae6f13b533	fix: also hide QR code for ML-KEM-768 links (too long for QR generation)	2026-05-14 12:34:23 +02:00
MHSanaei	1cf2582e6d	fix: hide QR code for mldsa65 links (too long for QR generation)	2026-05-14 12:30:48 +02:00
Abdalrahman	eacb9f63b0	fix: protocol filter placeholder not showing on initial load (#4372)	2026-05-14 12:12:44 +02:00
MHSanaei	e7035b56fe	fix: sync advancedJson before tab switch in convertLink	2026-05-14 11:46:07 +02:00
dependabot[bot]	5f526e5201	build(deps): bump actions/setup-node from 5 to 6 (#4368) ... Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 11:11:12 +02:00
MHSanaei	bd8d33980f	fix: ignore duplicate column errors during AutoMigrate on upgraded DBs ... SQLite raises 'duplicate column name: <col>' when GORM tries to ADD a column that already exists in an older schema (seen: allow_private_address, node_id on the nodes table). This caused database initialisation to fail on every restart after an upgrade. The new isIgnorableDuplicateColumnErr helper skips the error only when: 1. The error message matches 'duplicate column name: <col>' 2. Migrator().HasColumn confirms the column is already present in the DB Fresh databases and all other error types are unaffected.	2026-05-14 11:10:38 +02:00
MHSanaei	5dc02a9af3	v3.0.2	2026-05-14 10:27:33 +02:00
Abdalrahman	033c5993e0	feat: add API token to install output (#4322) ... * feat: add API token to install output Add -getApiToken flag to the setting subcommand so shell scripts can retrieve the panel API token. Include the token in the install.sh completion banner for automation/deployment use. * fix(install): adapt -getApiToken CLI to multi-token service settingService.GetApiToken was removed when API tokens moved to a multi-row ApiTokenService. Switch the install-time CLI to list tokens and create one named "install" if none exist, preserving the `apiToken: <value>` output the install.sh grep depends on. --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-05-14 10:24:23 +02:00
MHSanaei	2204c8231d	Adjust QR panel sizing and collapse JSON subscription by default	2026-05-14 10:23:27 +02:00
Abdalrahman	01a7dc807b	fix(sub): include xhttp mode in extra JSON for karing compatibility (#4365) ... - Add mode to buildXhttpExtra() so clients reading xtra param (karing, etc.) receive the xhttp mode alongside other bidirectional SplitHTTP fields. Previously mode was only a flat URL param and was silently dropped when xtra was present. - Add xhttp case to streamData() to strip acceptProxyProtocol and server-only fields (noSSEHeader, scMaxBufferedPosts, scStreamUpServerSecs, serverMaxHeaderBytes) from JSON sub configs. - Sync frontend buildXhttpExtra() with the same mode addition. Closes #4364	2026-05-14 10:02:45 +02:00
Farhad H. P. Shirvan	6bf4a2c4f0	fix(docker): update port mapping for 3xui service in docker-compose (#4362)	2026-05-14 10:00:09 +02:00
MHSanaei	21058eb63c	fix(routing): make rule drag-and-drop work on mobile cards ... The pointermove handler looked up the drop target via el.closest('tr[data-row-key]'). That selector only matches the desktop a-table rows; the mobile branch renders each rule as a <div class="rule-card" data-row-key>, so on phones the lookup always returned null, dropTargetIndex stayed pinned to the start index, and the eventual drop was a no-op. Loosened the selector to [data-row-key] so both DOM shapes resolve.	2026-05-14 02:04:05 +02:00
Black	194de8869e	feat(panel): add 'Edit' button to tables and enhance layout (#4355) ... - Move 'Edit' button from dropdown to the table since it's the most used action. Only for desktop. - Increase column widths for action keys in Inbounds, Balancers, Outbounds and Routing tables. - Slightly enhance layout for consistency.	2026-05-14 01:55:00 +02:00