- Remove paths filter so tag pushes always trigger builds
- Remove branch push triggers (only tags trigger builds now)
- Add optional tag input to workflow_dispatch for manual releases
- Update upload steps to work with workflow_dispatch + tag input
- This fixes the issue where release only contained source code
https://claude.ai/code/session_01RQBndg4ZPmYAToK4KKcBzp
- install.sh now downloads pre-built binaries from yelloduxx/3x-ui
GitHub Releases, exactly like the original MHSanaei script
- All GitHub URLs (releases, raw content) point to yelloduxx/3x-ui
- release.yml workflow triggers on our branch so GitHub Actions
will build and publish release artifacts automatically
- Removed build-from-source approach (Go/gcc install no longer needed)
https://claude.ai/code/session_01RQBndg4ZPmYAToK4KKcBzp
The install script previously downloaded pre-built binaries from
MHSanaei/3x-ui releases, which didn't include TrustTunnel support.
Now it clones the fork, installs Go, and builds from source so all
custom protocol changes are included in the installed binary.
https://claude.ai/code/session_01RQBndg4ZPmYAToK4KKcBzp
TrustTunnel (by AdGuard) is an independent VPN protocol binary that
runs alongside Xray. This integrates it into the 3x-ui panel so users
can create TrustTunnel inbounds through the same UI.
Architecture:
- TrustTunnel runs as a separate process (not an xray inbound)
- Each TrustTunnel inbound gets its own TOML config and process
- TrustTunnel inbounds are skipped during xray config generation
- Periodic health checks restart crashed TrustTunnel processes
New files (isolated, minimal merge conflict risk):
- trusttunnel/process.go: process lifecycle and TOML config generation
- web/service/trusttunnel.go: service layer with start/stop/restart
- web/html/form/protocol/trusttunnel.html: UI form template
Modified files (minimal, targeted changes):
- database/model/model.go: add TrustTunnel protocol constant
- web/service/xray.go: skip trusttunnel inbounds in xray config
- web/service/inbound.go: validation + TrustTunnel process triggers
- web/web.go: startup/shutdown integration
- web/assets/js/model/inbound.js: protocol enum + settings class
- web/assets/js/model/dbinbound.js: isTrustTunnel helper
- web/html/form/inbound.html: form conditional
- web/html/form/client.html: password field for TrustTunnel clients
https://claude.ai/code/session_01RQBndg4ZPmYAToK4KKcBzp
Add a createRobustFastHTTPClient helper to configure fasthttp.Client with better timeouts, connection limits, retries and optional SOCKS5 proxy dialing. Validate and sanitize proxy and API server URLs instead of returning early on invalid values, and build telego.Bot options dynamically. Reduce long-polling timeout to detect connection issues faster and adjust update retrieval comments. Implement exponential-backoff retry logic for SendMessage calls to handle transient connection/timeouts and improve delivery reliability; also reduce inter-message delay for better throughput.
Add rate-limit friendly delays and context timeouts when sending backups via Telegram. Iterate admin IDs with index to sleep 1s between sends; add 30s context.WithTimeout for each SendDocument call and defer file.Close() for opened files; insert a 500ms pause between sending DB and config files. These changes improve resource cleanup and reduce chance of Telegram rate-limit/timeout failures.
Replace simple curl+trim checks with a response+http_code parse to ensure the remote URL returns HTTP 200 and a non-empty body before assigning server_ip. Changes applied to install.sh, update.sh and x-ui.sh: use curl -w to append the status code, extract http_code and ip_result, and only set server_ip when http_code == 200 and ip_result is non-empty. This makes the IP discovery more robust against error pages or partial responses while keeping the existing timeout behavior.
Update Xray download URLs to v26.2.6 in the GitHub Actions release workflow and DockerInit script. Bump Go toolchain to 1.25.7 and refresh several module versions (telego, xtls/xray-core, klauspost/compress, pires/go-proxyproto, golang.org/x/arch, golang.org/x/sys, google.golang.org/genproto, etc.). Update go.sum to match the new dependency versions.
- Add timestamp tracking for each client IP address
- Sort IPs by connection time (newest first) instead of alphabetically
- Automatically disconnect old connections when IP limit exceeded
- Keep only the most recent N IPs based on LimitIP setting
- Force disconnection via Xray API (RemoveUser + AddUser)
- Prevents account sharing while allowing legitimate network switching
- Log format: [LIMIT_IP] Email = user@example.com || Disconnecting OLD IP = 1.2.3.4 || Timestamp = 1738521234
This ensures users can seamlessly switch between networks (mobile/WiFi)
and the system maintains connections from their most recent IPs only.
Fixes account sharing prevention for VPN providers selling per-IP licenses.
Co-authored-by: Aung Ye Zaw <zaw.a.y@phluid.world>
Adds a scheduled GitHub Actions workflow (.github/workflows/cleanup_caches.yml) that runs weekly (and via workflow_dispatch) to delete Actions caches not accessed in the last 3 days. The job uses the gh CLI with the repository token and actions: write permission to list caches, filter by last_accessed_at against a 3-day cutoff, and delete matching cache IDs.
* Use MSYS2 to fix the runtime CGO problem
* macOS build workflow
* Remove macOS build steps and update Windows packaging
Removed macOS build steps from the release workflow and updated Windows packaging step.
* Rename step to copy and download resources
Removed verifyPeerCertByNames and pinnedPeerCertSha256 from inbound TLS settings and UI. Added verifyPeerCertByName and pinnedPeerCertSha256 to outbound TLS settings and updated the outbound form to support these fields. This change streamlines and clarifies certificate verification configuration between inbound and outbound settings.
Bump Xray-core version to v26.1.31 in build scripts and server logic. Update Go dependencies including gopsutil, bytedance/sonic, circl, miekg/dns, go-proxyproto, sagernet/sing, and others to their latest versions. Adjust version check in GetXrayVersions to require at least v26.1.31.
Replaces single UDP hop interval with separate min and max values in Hysteria stream settings. Updates model, JSON serialization, URL param parsing, and form fields for backward compatibility and enhanced configuration flexibility.
Introduces the pinnedPeerCertSha256 field to TlsStreamSettings in the JS model and adds a corresponding input in the TLS settings form. This allows users to specify SHA256 fingerprints for peer certificate pinning, enhancing security configuration options.
Introduces a 'congestion' option to Hysteria stream settings and updates the form to allow selection between BBR (Auto) and Brutal. Adds support for UDP masks, including model, serialization, and UI for adding/removing masks with type and password fields.
Introduces support for the Hysteria2 protocol in outbound settings, including model, parsing, and form UI integration. Adds Hysteria2-specific stream and protocol settings, updates protocol selection, and enables configuration of Hysteria2 parameters in the outbound form.
