152 commits

Author	SHA1	Message	Date
Sanaei	9c60ed7ea8	Bulk extend client expiry / traffic + clients page polish (#4499) ... * chore(sub): drop unused getFallbackMaster projectThroughFallbackMaster fully supersedes it for both panel-tracked and legacy unix-socket fallbacks. * feat(clients): bulk extend expiry / traffic for selected clients Adds POST /panel/api/clients/bulkAdjust which shifts ExpiryTime by addDays and TotalGB by addBytes for every email in one request. The endpoint is wired into the clients page through a new ClientBulkAdjustModal that opens from the existing multi-select toolbar. Clients with unlimited expiry (expiryTime=0) or unlimited traffic (totalGB=0) are skipped for the corresponding field so bulk extend never accidentally converts an unlimited client to a limited one. Negative values are allowed for refunds / corrections. Translations added for all 13 locales. * fix(db): silence GORM record-not-found spam in debug mode getSetting handles ErrRecordNotFound via database.IsNotFound and falls back to defaults, but GORM's Default logger still logs each miss as an error. With periodic jobs reading unset keys (xrayTemplateConfig, externalTrafficInformEnable) the panel log flooded thousands of times. Switch to a logger.New with IgnoreRecordNotFoundError=true so legitimate slow-query and SQL traces still surface in debug mode. * fix(clients): include inboundsById in columns memo deps Without it, the table's first paint captured an empty inboundsById and rendered each attached inbound as #<id>. Once a sort/filter forced the memo to rebuild it self-corrected, hence the visible flicker on reload. * fix(clients): handle delayed-start expiry in bulk adjust Negative ExpiryTime encodes a delay duration (magnitude = ms until the trial begins on first use). Adding positive addDays was simply arithmetically added, so e.g. a -7d delay + 30d turned into +23d since epoch (1970), making the client instantly expired. Branch on sign now: positive ExpiryTime extends additively, negative extends by subtracting so the value stays negative (more delay). Cross-sign reductions are skipped with an explicit reason instead of silently corrupting the field. * fix(clients): step traffic input by 1 GB instead of 0.1 The +/- buttons on the Total Sent/Received field nudged in 0.1 GB increments which is too granular for typical use. Set step=1 so each press moves a whole GB; users can still type decimal values directly. * fix(inbounds): step Total Flow input by 1 GB instead of 0.1 Matches the same nudge fix applied to the client form's Total Sent/Received field.	2026-05-23 16:27:20 +02:00
Sanaei	edf0f36940	Frontend rewrite: React + TypeScript with AntD v6 (#4498) ... * chore(frontend): add react+typescript toolchain alongside vue Step 0 of the planned vue->react migration. React 19, antd 5, i18next + react-i18next, typescript 5, and @vitejs/plugin-react 6 are added as dev/runtime deps alongside the existing vue stack. Both frameworks coexist in the build until the last entry flips. * vite.config.js: react() plugin runs next to vue(); new manualChunks for vendor-react / vendor-antd-react / vendor-icons-react / vendor-i18next. Existing vue chunks unchanged. * eslint.config.js: typescript-eslint + eslint-plugin-react-hooks rules scoped to *.{ts,tsx}; vue config untouched for *.{js,vue}. * tsconfig.json: strict, jsx: react-jsx, moduleResolution: bundler, allowJs: true (lets .tsx files import the remaining .js modules during incremental migration), @/* path alias. * env.d.ts: Vite client types + window.X_UI_BASE_PATH typing + SubPageData shape consumed by the subscription page. Vite stays pinned at 8.0.13 per the existing project policy. No existing .vue/.js source files touched in this step. eslint-plugin-react (not -hooks) is not included because its latest release does not yet support ESLint 10. react-hooks/purity covers the safety-critical case; revisit when the plugin updates. * refactor(frontend): port subpage to react+ts Step 1 of the planned vue->react migration. The standalone subscription page (sub/sub.go renders the HTML host; React mounts into #app) is the first entry off vue. Introduces two shared pieces both entries (and future ones) will use: * src/hooks/useTheme.tsx — React Context + useTheme hook + the same buildAntdThemeConfig (dark/ultra-dark token overrides) and pauseAnimationsUntilLeave helper the vue version exposes. Same localStorage keys (dark-mode, isUltraDarkThemeEnabled) and DOM side effects (body.className, html[data-theme]) so the two stay in sync across the coexistence period. * src/i18n/react.ts — i18next + react-i18next loader that reads the same web/translation/*.json files via import.meta.glob. The vue-i18n setup in src/i18n/index.js is untouched and still serves the remaining vue entries. SubPage.tsx mirrors the vue version's behavior: reads window.__SUB_PAGE_DATA__ injected by the Go sub server, renders QR codes / descriptions / Android+iOS deep-link dropdowns, supports theme cycle and language switch. Uses AntD v5 idioms: Descriptions items prop, Dropdown menu prop, Layout.Content. * refactor(frontend): port login to react+ts Step 2 of the planned vue->react migration. The login entry is the first to exercise AntD React's Form API (Form + Form.Item with name/rules + onFinish) and the existing axios/CSRF interceptors under React. * LoginPage.tsx: same form fields, conditional 2FA input, rotating headline ("Hello" / "Welcome to..."), drifting blob background, theme cycle + language popover. Headline transition switches from vue's <Transition mode=out-in> to a CSS keyframe animation keyed off the visible word. * entries/login.tsx: setupAxios() + applyDocumentTitle() unchanged from the vue entry — both are framework-agnostic in src/utils and src/api/axios-init.js. useTheme hook, ThemeProvider, and i18n/react.ts loader introduced in step 1 are now shared across two entries; Vite extracts them as a small chunk in the build output. * refactor(frontend): port api-docs to react+ts Step 3 of the planned vue->react migration. The five api-docs files (ApiDocsPage, CodeBlock, EndpointRow, EndpointSection, plus the data-only endpoints.js) all move to react+ts. Also introduces components/AppSidebar.tsx — api-docs is the first authenticated page to need it. AppSidebar.vue stays in place for the six remaining vue entries (settings, inbounds, clients, xray, nodes, index); each gets switched to AppSidebar.tsx as its entry migrates. After the last entry flips, AppSidebar.vue is deleted. Notable transformations: * The scroll observer that highlights the active TOC link is a useEffect keyed on sections — re-registers whenever the visible set changes (search filter narrows it). Same behaviour as the vue watchEffect. * v-html="safeInlineHtml(...)" becomes dangerouslySetInnerHTML={{ __html: safeInlineHtml(...) }}. The helper still escapes everything except <code> tags. * JSON syntax highlighter in CodeBlock is unchanged — pure regex on the escaped string, then rendered via dangerouslySetInnerHTML. * endpoints.js stays as JS (allowJs in tsconfig); only the consumer signatures (Endpoint, Section) are typed at the React boundary. * AppSidebar reuses pauseAnimationsUntilLeave + useTheme from step 1. Drawer + Sider keyed off the same localStorage flag (isSidebarCollapsed) and DOM theme attributes the vue version uses, so the two stay in sync during coexistence. * refactor(frontend): port nodes to react+ts Step 4 of the planned vue->react migration. The nodes entry brings in the largest shared-infrastructure batch so far — every authenticated react page from here on can lean on these. New shared pieces (live alongside their .vue counterparts during coexistence): * hooks/useMediaQuery.ts — useState + resize listener * hooks/useWebSocket.ts — wraps WebSocketClient, subscribes on mount and unsubscribes on unmount. The underlying client is a single module-level instance so multiple components on the same page share one socket. * hooks/useNodes.ts — node list state + CRUD + probe/test, including the totals memo (online/offline/avgLatency) used by the summary card. applyNodesEvent is the entry point for the heartbeat-pushed list. * components/CustomStatistic.tsx — thin Statistic wrapper, prefix + suffix slots become props. * components/Sparkline.tsx — the SVG line chart with measured-width axis scaling, gradient fill, tooltip overlay, and per-instance gradient id from React.useId. ResizeObserver lifecycle is in useEffect; the math is unchanged. Pages: * NodesPage — wires hooks + WebSocket together, renders summary card + NodeList, hosts the form modal. Uses Modal.useModal() for the delete confirm so the dialog inherits ConfigProvider theming. * NodeList — desktop renders a Table with expandable history rows; mobile flips to a vertical card list whose actions live in a bottom-right Dropdown. The IP-blur eye toggle persists across both. * NodeFormModal — controlled form (useState object, single setForm per change). The reset-on-open effect computes the next state once and applies it with eslint-disable to satisfy the new react-hooks/set-state-in-effect rule on a legitimate pattern. * NodeHistoryPanel — polls /panel/api/nodes/history/{id}/{metric}/ {bucket} every 15s, renders cpu+mem sparklines side-by-side. * refactor(frontend): port settings to react+ts Step 5 of the planned vue->react migration. Settings is the first entry whose state model didn't translate to the Vue-style "parent passes a reactive object, children mutate it in place" pattern, so the React port flips it to lifted state + a typed updateSetting patch function. * models/setting.ts — typed AllSetting class with the same field defaults and equals() behavior the vue version had. The .js twin is deleted; nothing else imported it. * hooks/useAllSetting.ts — owns allSetting + oldAllSetting state, exposes updateSetting(patch), saveDisabled is derived via useMemo off equals() (no more 1Hz dirty-check timer). * components/SettingListItem.tsx — children-based wrapper instead of named slots. The vue twin stays alive because xray (BasicsTab, DnsTab) still imports it; deleted when xray migrates. The five tab components and the TwoFactorModal each accept { allSetting, updateSetting } and render with AntD v5's Collapse items[] API. Every v-model:value="x" became value={...} onChange={(e) => updateSetting({ key: e.target.value })} or onChange={(v) => updateSetting({ key: v })} for non-input controls. SubscriptionFormatsTab is the trickiest — fragment / noises[] / mux / direct routing rules are stored as JSON-encoded strings on the wire. Parsing them once via useMemo per field, mutating the parsed object on edit, and stringifying back into the patch keeps the round-trip identical to the vue version. SettingsPage hosts the tab navigation (with hash sync), the save / restart action bar, the security-warnings alert banner, and the restart flow that rebuilds the panel URL after the new host/port/cert settings take effect. * refactor(frontend): port clients to react+ts Step 6 of the planned vue->react migration. Clients is the biggest data-CRUD page in the panel (1.1k-line ClientsPage, 4 modals, full table + mobile card list, WebSocket-driven realtime traffic + online updates). New shared infra (lives alongside vue twins until inbounds migrates): * hooks/useClients.ts — clients + inbounds list, CRUD + bulk delete + attach/detach + traffic reset, with WebSocket event handlers (traffic, client_stats, invalidate) and a small debounced refresh on the invalidate event. State managed via setState; the live client_stats event merges traffic snapshots row-by-row through a ref to avoid stale closure issues. * hooks/useDatepicker.ts — singleton "gregorian"/"jalalian" cache with subscribe/notify so multiple components can read the panel's Calendar Type without re-fetching. Mirrors useDatepicker.js. * components/DateTimePicker.tsx — AntD DatePicker wrapper. vue3-persian-datetime-picker has no React port; the Jalali UI calendar is deferred (read-only Jalali display via IntlUtil formatDate still works). The vue twin stays for inbounds. * pages/inbounds/QrPanel.tsx — copy/download/copy-as-png QR helper shared between clients (qr modal) and inbounds (still on vue). Vue twin stays alive at QrPanel.vue. * models/inbound.ts — slim port: only the TLS_FLOW_CONTROL constant the clients form needs. The full inbound model stays as inbound.js for now; inbounds will pull it in as inbound.ts. The clients page itself uses Modal.useModal() for all confirm dialogs (delete, bulk-delete, reset-traffic, delDepleted, reset-all) so the dialogs render themed. Filter state persists to localStorage under clientsFilterState. Sort + pagination state is local; pageSize seeds from /panel/setting/defaultSettings. The four modals share a controlled "open/onOpenChange" pattern that replaces vue's v-model:open. ClientFormModal computes attach/detach diffs from the inbound multi-select on submit; the parent's onSave callback routes them through useClients's attach()/ detach() after the main update succeeds. ESLint config: turned off four react-hooks v7 rules (react-compiler, preserve-manual-memoization, set-state-in-effect, purity). They're all React-Compiler-driven informational rules; we don't run the compiler and the patterns they flag (initial-fetch useEffect, derived computations using Date.now, inline arrow event handlers) are all idiomatic React. Disabling globally instead of per-line keeps the diff readable. * refactor(frontend): port index dashboard to react+ts Step 7 of the Vue→React migration. Ports the overview/index entry: dashboard page, status + xray cards, panel-update / log / backup / system-history / xray-metrics / xray-log / version modals, and the custom-geo subsection. Adds the shared JsonEditor (CodeMirror 6) and useStatus hook used by the config modal. Removes the unused react-hooks/set-state-in-effect disables now that the rule is off globally. * refactor(frontend): port xray to react+ts Step 8 of the Vue→React migration. Ports the xray config entry: page shell, basics/routing/outbounds/balancers/dns tabs, the rule + balancer + dns server + dns presets + warp + nord modals, the protocol-aware outbound form, and the shared FinalMaskForm (TCP/UDP masks + QUIC params). Adds useXraySetting that mirrors the legacy two-way sync between the JSON template string and the parsed templateSettings tree. The outbound model itself stays in JS so the class-driven form keeps its existing mutation API; instance access is typed loosely inside the form to match. The shared FinalMaskForm.vue and JsonEditor.vue stay alongside the new .tsx versions until step 9 — InboundFormModal.vue still imports them. Adds react-hooks/immutability and react-hooks/refs to the already-disabled react-compiler rule set; both flag the outbound form's instance-mutation pattern that doesn't run through useState. * Upgrade frontend deps (antd v6, i18n, TS) Bump frontend dependencies in package.json and regenerate package-lock.json. Notable updates: upgrade antd to v6, update i18next/react-i18next, axios, qs, vue-i18n, TypeScript and ESLint, plus related @rc-component packages and replacements (e.g. classnames/rc-util -> clsx/@rc-component/util). Lockfile changes reflect the new dependency tree required for Ant Design v6 and other package upgrades. * refactor(frontend): port inbounds to react+ts and drop vue toolchain Step 9 — the last entry. Ports the inbounds entry: page shell, list with desktop table + mobile cards, info modal, qr-code modal, share-link helpers, and the protocol-aware form modal (basics / protocol / stream / security / sniffing / advanced JSON). useInbounds replaces the Vue composable with WebSocket-driven traffic + client-stats merge. Inbound and DBInbound models stay in JS so the class-driven form keeps its mutation API; instance access is typed loosely inside the form to match. FinalMaskForm/JsonEditor/TextModal/PromptModal/InfinityIcon are the last shared bits to flip; their .vue counterparts go too. Toolchain cleanup now that no entry needs Vue: drop plugin-vue from vite.config, remove the .vue lint block + parser, prune vue / vue-i18n / ant-design-vue / @ant-design/icons-vue / vue3-persian-datetime-picker / moment-jalaali override from package.json, and switch utils/index.js to import { message } from 'antd' instead of ant-design-vue. * chore(frontend): adopt antd v6 api updates Sweep deprecated props across the React tree: - Modal: destroyOnClose -> destroyOnHidden, maskClosable -> mask.closable - Space: direction -> orientation (or removed when redundant) - Input.Group compact -> Space.Compact block - Drawer: width -> size - Spin: tip -> description - Progress: trailColor -> railColor - Alert: message -> title - Popover: overlayClassName -> rootClassName - BackTop -> FloatButton.BackTop Also refresh dashboard theming for v6: rename dark/ultra Layout and Menu tokens (siderBg, darkItemBg, darkSubMenuItemBg, darkPopupBg), tweak gauge size/stroke, add font-size overrides for Statistic and Progress so the overview numbers stay legible under v6 defaults. * chore(frontend): antd v6 polish, theme + modal fixes - adopt message.useMessage hook + messageBus bridge so HttpUtil messages inherit ConfigProvider theme tokens - replace deprecated antd APIs (List, Input addonBefore/After, Empty imageStyle); introduce InputAddon helper + SettingListItem custom rows - fix dark/ultra selectors in portaled modals (body.dark, html[data-theme='ultra-dark']) instead of nonexistent .is-dark/.is-ultra - add horizontal scroll to clients table; reorder node columns so actions+enable sit at the left - swap raw button for antd Button in NodeFormModal test connection - fix FinalMaskForm nested-form by hoisting it outside OutboundFormModal's parent Form - fix advanced "all" JSON tab in InboundFormModal — useMemo on a mutated ref was stale; compute on every render - fix chart-on-open for SystemHistory + XrayMetrics modals by adding open to effect deps (useRef.current doesn't trigger re-runs) - switch i18next interpolation to single-brace {var} to match locale files - drop residual Vue mentions in CI workflows and Go comments * fix(frontend): qr code collapse — open only first panel, allow toggle ClientQrModal and QrCodeModal both used activeKey without onChange, forcing every panel open and blocking user toggle. Switch to controlled state initialized to the first item's key on open, with onChange so clicks update state. Also remove unused AppBridge.tsx (superseded by per-page message.useMessage hook). * fix(frontend): hover cards, balancer load, routing dnd, modal a11y, outbound crash - ClientsPage/SettingsPage/XrayPage: add hoverable to bottom card/tabs so hover affordance matches the top card - BalancerFormModal: lazy-init useState from props + destroyOnHidden so the form mounts with saved values instead of relying on a useEffect sync that could miss the first open - RoutingTab: rewrite pointer drag — handlers are now defined inside the pointerdown closure so addEventListener/removeEventListener match; drag state lives on a ref (from/to/moved) so onUp reads the real indices, not stale closure values. Adds setPointerCapture so Windows and touch keep delivering events when the cursor leaves the handle. - OutboundFormModal/InboundFormModal: blur the focused input before switching tabs to silence the aria-hidden-on-focused-element warning - utils.isArrEmpty: return true for undefined/null arrays — the old form treated undefined as "not empty" which crashed VLESSSettings.fromJson when json.vnext was missing * fix(frontend): clipboard reliability + restyle login page - ClipboardManager.copyText: prefer navigator.clipboard on secure contexts, fall back to a focused on-screen textarea + execCommand. Old path used left:-9999px which failed selection in some browsers and swallowed execCommand's return value, so the "copied" toast appeared even when nothing made it to the clipboard. - LoginPage: richer gradient backdrop — five animated colour blobs, glassmorphic card (backdrop-filter blur + saturate), gradient brand text/accent, masked grid texture for depth, and a thin gradient border on the card. Light/dark/ultra each get their own palette. * Memoize compactAdvancedJson and update deps Wrap compactAdvancedJson in useCallback (dependent on messageApi) and add it to the dependency array of applyAdvancedJsonToBasic. This ensures a stable function reference for correct dependency tracking and avoids stale closures/unnecessary re-renders in InboundFormModal.tsx. * style(frontend): prettier charts, drop redundant frame, format net rates - Sparkline: multi-stop gradient fill, soft drop-shadow under the line, dashed grid, glowing pulse on the latest-point marker, pill-shaped tooltip with dashed crosshair - XrayMetricsModal: glow + pulse on the observatory alive dot, monospace stamps/listen text - SystemHistoryModal: keep just the modal's frame around the chart (the inner wrapper I'd added stacked a second border on top); strip the decimal from Net Up/Down (25.63 KB/s → 25 KB/s) only on this chart's formatter * style(frontend): refined dark/ultra palette + shared pro card frame - Dark tokens shifted to a cooler, Linear-style palette: page #1a1b1f, sidebar/header #15161a (recessed nav, darker than cards), card #23252b, elevated #2d2f37 - Ultra dark: page pure #000 for OLED, sidebar #050507 disappears into the frame, card #101013 with a clear step, elevated #1a1a1e - New styles/page-cards.css holds the card border/shadow/hover rules so all seven content pages (index, clients, inbounds, xray, settings, nodes, api-docs) share one definition instead of duplicating in each page CSS - Dashboard typography: uppercase card titles with letter-spacing, larger 17px stat values, subtle gradient divider between stat columns, ellipsis on action labels so "Backup & Restore" doesn't break the card height at mid widths - Light --bg-page stays at #e6e8ec for the contrast against white cards * fix(frontend): wireguard info alignment, blue login dark, embed gitkeep - align WireGuard info-modal fields with Protocol/Address/Port by wrapping values in Tag (matches the rest of the dl.info-list rows) - swap login dark palette from purple to pure blue blobs/accent/brand - pin web/dist/.gitkeep through gitignore so //go:embed all:dist never fails on a fresh clone with an empty dist directory * docs: refresh frontend docs for the React + TS + AntD 6 stack Update CONTRIBUTING.md and frontend/README.md to describe the migrated frontend accurately: - replace Vue 3 / Ant Design Vue 4 references with React 19 / AntD 6 / TS - swap composables -> hooks, vue-i18n -> react-i18next, createApp -> createRoot - mention the typecheck step (tsc --noEmit) in the PR checklist - document the Vite 8.0.13 pin and TypeScript strict mode in conventions - list the nodes and api-docs entries that were missing from the layout * style(frontend): improve readability and mobile polish - bump statistic title/value contrast in dark and ultra-dark so totals on the inbounds summary card stay legible - give index card actions explicit colors per theme so links like Stop, Logs, System History no longer fade into the card background - show the panel version as a tag next to "3X-UI" on mobile, mirroring the Xray version tag pattern, and turn it orange when an update is available - make the login settings button a proper circle by adding size="large" + an explicit border-radius fallback on .toolbar-btn * feat: jalali calendar support and date formatting fixes - Wire useDatepicker into IntlUtil and switch jalalian display locale to fa-IR for clean "1405/07/03 12:00:00" output (drops the awkward "AP" era suffix that "<lang>-u-ca-persian" produced) - Drop in persian-calendar-suite for the jalali date picker, with a light/dark/ultra theme map and CSS overrides so the inline-styled input stays readable and bg matches the surrounding container - Force LTR on the picker input so "1405/03/07 00:00" reads naturally - Pass calendar setting through ClientInfoModal, ClientsPage Duration tooltip, and ClientFormModal's expiry picker - Heuristic toMs() in ClientInfoModal so GORM's autoUpdateTime seconds render as a real date instead of "1348/11/01" - Persist UpdatedAt on the ClientRecord row in client_service.Update; previously only the inbound settings JSON was bumped, so the panel never saw a fresh updated_at after editing a client * feat(frontend): donate link, panel version label, login lang menu - Sidebar: add heart donate link to https://donate.sanaei.dev and small panel version under 3X-UI brand - Login: swap settings-cog for translation icon, drop title, render languages as a direct list - Vite dev: inject window.X_UI_CUR_VER from config/version so dev mode matches prod - Translations: add menu.donate across all locales * fix(xray-update): respect XUI_BIN_FOLDER on Windows The Windows update path hardcoded "bin/xray-windows-amd64.exe", ignoring the configured XUI_BIN_FOLDER. In dev mode (folder set to x-ui) this created a stray bin/ folder while the running binary stayed un-updated. * Bump Xray to v26.5.9 and minor cleanup Update Xray release URLs to v26.5.9 in the GitHub Actions workflow and DockerInit.sh. Remove the hardcoded skip for tagVersion "26.5.3" so it will be considered when collecting Xray versions. Apply small formatting fixes: remove an extra blank line in database/db.go, normalize spacing/alignment of Protocol constants in database/model/model.go, and trim a trailing blank line in web/controller/inbound.go. * fix(frontend): route remaining copy buttons through ClipboardManager Direct navigator.clipboard calls fail in non-secure contexts (HTTP on a LAN IP), making the API-docs code copy and security-tab token copy silently broken. Both now go through ClipboardManager which falls back to document.execCommand('copy') when navigator.clipboard is unavailable. * fix(db): store CreatedAt/UpdatedAt in milliseconds GORM's autoCreateTime/autoUpdateTime tags default to Unix seconds on int64 fields and overwrite the service-supplied UnixMilli value on save. The frontend interprets these timestamps as JS Date inputs (milliseconds), so created/updated columns rendered ~1970 dates. Adding the :milli qualifier makes GORM match what the service code and UI expect. * Improve legacy clipboard copy handling Refactor ClipboardManager._legacyCopy to better handle focus and selection when copying. The textarea is now appended to the active element's parent (or body) and placed off-screen with aria-hidden and readonly attributes. The code preserves and restores the previous document selection and active element, uses focus({preventScroll: true}) to avoid scrolling, and returns the execCommand('copy') result. This makes legacy copy behavior more robust and less disruptive to the page state. * fix(lint): drop redundant ok=false in clipboard fallback catch * chore(deps): bump golang.org/x/net to v0.55.0 for GO-2026-5026	2026-05-23 15:21:45 +02:00
MHSanaei	237b7c898d	Bump frontend deps: vue and vite ... Update frontend dependencies to pull in recent patch fixes and compatibility updates. package.json bumps vue from ^3.5.13 to ^3.5.34 and vite from ^8.0.11 to 8.0.13. package-lock.json updated accordingly (including postcss 8.5.14 → 8.5.15 and nanoid ^3.3.11 → ^3.3.12).	2026-05-21 20:39:07 +02:00
MHSanaei	f2f5d584b3	fix(frontend): stack form fields on mobile in client/inbound/node modals ... Replace fixed :span values with responsive :xs="24" :md="N" so form rows collapse to a single column on narrow viewports instead of squeezing.	2026-05-21 18:54:42 +02:00
MHSanaei	3d1d75d65a	Revert "build(deps-dev): bump vite from 8.0.13 to 8.0.14 in /frontend (#4487)" ... this version of vite have issue	2026-05-21 16:35:33 +02:00
Cheng Ho Ming, Eric	6e2816d035	fix(frontend): override browser default background color on autofilled login inputs (#4478)	2026-05-21 16:24:54 +02:00
dependabot[bot]	7fc7c14ac1	build(deps-dev): bump vite from 8.0.13 to 8.0.14 in /frontend (#4487) ... Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.13 to 8.0.14. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.14 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-21 15:59:40 +02:00
githacs2022	5f318f3b16	Add SockOpt.Mark and SockOpt.Interface parameters for Outbound stream (#4480)	2026-05-20 22:02:46 +02:00
MHSanaei	9f80cfedab	fix(sub): use standard sub://BASE64#REMARK scheme for Shadowrocket	2026-05-19 18:09:51 +02:00
MHSanaei	1b436bb3e0	fix(clients): honor global pageSize and widen size-changer dropdown ... Read pageSize from defaultSettings and apply it to the clients table so the panel-wide pagination preference is respected. Widen the AntD size-changer trigger and its teleported popup so '100 / page' no longer truncates.	2026-05-19 17:02:34 +02:00
MHSanaei	d7f47d8b6a	fix(xray): allow private-IP destinations via freedom finalRules ... Xray-core v26.4.17 added a default policy that blocks private IPs in the freedom outbound for vless/vmess/trojan/hysteria/wireguard inbounds, even when the panel's routing rules send traffic to direct (#4420). The legacy ipsBlocked override was deprecated in the same release. Default template now seeds the direct outbound with a finalRules entry that explicitly allows geoip:private, so users who intentionally remove the geoip:private->blocked routing rule actually regain LAN access. Defense in depth is preserved: the routing rule still blocks private IPs by default, so unmodified configs keep the same behavior. OutboundFormModal exposes a Final Rules editor under the Freedom section: per-rule action (allow/block), network, port, IP/CIDR/geoip tags, and an optional blockDelay for block actions.	2026-05-19 15:42:16 +02:00
Abdalrahman	fd3770c8c9	fix: parse XHTTP extra fields from V2Ray links and v2rayN JSON imports (#4426) ... - fromVmessLink: parse all XHTTP bidirectional fields (xPaddingBytes, xPaddingObfsMode, session/seq/uplink placements & keys, scMaxEachPostBytes, headers) from VMess share link JSON - fromParamLink: parse same missing fields from the extra JSON param in VLESS/Trojan/SS share links and from URL params - VLESSSettings.fromJson: handle v2rayN-style nested vnext array for address/port/id/flow/encryption; previously only flat format was accepted - StreamSettings.fromJson: accept splithttpSettings as backward-compat alias for xhttpSettings, normalize splithttp network to xhttp Closes #4406 Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-05-19 15:00:15 +02:00
Black	121b6e0bd0	feat(panel): copy connection strings for mixed inbound (#4450) ... * feat(panel): copy connection strings for `mixed` inbound * feat(panel): inline share buttons on desktop, dropdown on mobile Replace the credentials-copy dropdown with three labeled share buttons (SOCKS5 / HTTP / Telegram), each with a tooltip preview of the full URL. Reverse the URI auth position so the format becomes `scheme://host:port@user:pass` (matches Hiddify-style sharing). Add a Telegram t.me/socks link with URL-encoded user/pass. On viewports <=600px the inline row collapses into a single Copy dropdown to keep the per-account row from wrapping into clutter. RTL panels are unaffected — the share divider uses inline-* logical props. --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-05-19 14:15:10 +02:00
Sanaei	85e2ded0e1	Feat/multi inbound clients (#4469) ... * feat(clients): add shadow tables for first-class client promotion Introduces three new GORM-backed tables (clients, client_inbounds, inbound_fallback_children) and a populate-only seeder that backfills them from each inbound's existing settings.clients JSON. Duplicate emails across inbounds auto-merge under one client row, with each field conflict logged. Existing services are unchanged and continue reading from settings.clients — this commit is groundwork only. * feat(clients): make clients+client_inbounds the runtime source of truth Adds ClientService.SyncInbound that reconciles the new tables from each inbound's clients list whenever existing service paths mutate settings.clients. Wires it into AddInbound, UpdateInbound, AddInboundClient, UpdateInboundClient, DelInboundClient, DelInboundClientByEmail, DelDepletedClients, autoRenewClients, and the timestamp-backfill path in adjustTraffics, plus DetachInbound on DelInbound. GetXrayConfig now builds settings.clients from the new tables before writing config.json, and getInboundsBySubId joins through them instead of JSON_EACH on settings JSON. Live Xray config and subscription endpoints are now driven by the relational view; settings.clients JSON stays in step as a side effect of every write. * feat(clients): add top-level Clients tab and CRUD API Adds /panel/api/clients endpoints (list, get, add, update, del, attach, detach) backed by ClientService methods that orchestrate the per-inbound Add/Update/Del flows so a single client row is created once and attached to many inbounds in one operation. The frontend gains a dedicated Clients page (frontend/clients.html + src/pages/clients/) with an AntD table, multi-inbound attach modal, and full CRUD. Axios interceptor learns to honour Content-Type: application/json so the JSON endpoints work alongside the legacy form-encoded ones. The legacy per-inbound client modal stays untouched in this PR — both flows now write to the same source of truth. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(inbounds): add Port-with-Fallback inbound type Adds a new "portfallback" protocol that emits as a VLESS-TLS inbound under the hood but is paired with a sidecar table of child inbounds. Panel auto-builds settings.fallbacks at Xray-config-gen time from the sidecar — each child's listen+port becomes the fallback dest, with SNI/ALPN/path/xver match criteria pulled from the row. No more typing loopback ports by hand or keeping settings.fallbacks in sync. Backend: new FallbackService (Get/SetChildren, BuildFallbacksJSON); two new routes (GET/POST /panel/api/inbounds/:id/fallbackChildren); xray.GetXrayConfig injects fallbacks for PortFallback inbounds; the inbound model emits protocol="vless" so Xray accepts the config. Frontend: PORTFALLBACK joins the protocol dropdown; selecting it shows the standard VLESS controls plus a Fallback Children table (inbound picker + per-row SNI/ALPN/path/xver). Children are loaded on edit and replaced atomically on save. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): add Reset Traffic, QR Code, Info actions + Online/Remaining columns The Clients page table gains: - Online column — green/grey tag driven by /panel/api/inbounds/onlines, polled every 10s. - Remaining column — bytes-remaining tag, coloured green/orange/red against quota, purple infinity when unlimited. - Action icons per row: QR, Info, Reset traffic, Edit, Delete. ClientInfoModal shows the full client detail (uuid/password/auth, traffic ↑/↓ + remaining + all-time, expiry absolute + relative, attached inbounds chip list, online + last-online). ClientQrModal fetches links for the client's subId via /panel/api/inbounds/getSubLinks/:subId and renders each one through the existing QrPanel component. Reset Traffic confirms then calls the existing per-inbound endpoint on the client's first attached inbound (the traffic row is keyed on email globally, so any attached inbound resets the shared counter). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): expose Attached inbounds in edit mode The multi-select was gated on add-only, so editing a client had no way to change which inbounds it belonged to. The picker now shows in both modes, and on submit the modal diffs the picked set against the original attachedIds — additions go through the /attach endpoint, removals through /detach, both after the field update lands so the new attachments get the latest values. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): unbreak template parsing + stale i18n keys - InboundFormModal: split the multi-line help string in the PortFallback section onto one line — Vue's template parser was bailing on Unterminated string constant because a single-quoted literal spanned two lines inside a {{ }} interpolation. - ClientInfoModal: t('disable') was missing at the root level, so vue-i18n returned the key path literally. Use t('disabled') which exists. - Linter cleanup elsewhere: pages.client.* references renamed to pages.clients.* to match the merged i18n block; whitespace normalisation in a few unrelated Vue templates. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * 1 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(traffic): drop all-time traffic tracking Removes the AllTime field from Inbound and ClientTraffic and migrates existing DBs by dropping the all_time columns on startup. The counter duplicated up+down without adding signal, and the per-event accumulator ran on every traffic write. Frontend: drop the All-time column from the inbound list and the client-row table, the All-time row from the client info modal, and the All-Time Total Usage tile from the inbounds summary card. The allTimeTraffic/allTimeTrafficUsage i18n keys are removed across every locale. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): mobile cards, multi-select, bulk add Adds the same row-card layout the inbounds page uses on mobile: the table is suppressed under the mobile breakpoint and each client renders as a compact card with a status dot, email, Info button, Enable switch, and overflow menu. All the per-client detail (traffic, remaining, expiry, attached inbounds, flow, created/updated, URL, subscription) opens through the existing info modal. Multi-select with bulk delete wires AntD row-selection on desktop and a per-card checkbox on mobile; a Delete (N) button appears in the toolbar when anything is selected. Bulk add reuses the five email-generation modes from the inbound bulk modal but takes a multi-inbound picker so one bulk run can attach to several inbounds at once. Submits client-by-client through the existing /panel/api/clients/add endpoint. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(inbounds): remove legacy per-inbound client UI Now that clients live as first-class rows attached to one or many inbounds, the per-inbound client UI on the inbounds page is dead weight — every client action either has a global equivalent on the Clients page or makes no sense in a many-to-many world. Deletes ClientFormModal, ClientBulkModal, CopyClientsModal, and ClientRowTable from inbounds/. Strips the matching emits, refs, handlers, and dropdown menu items from InboundList and InboundsPage, and removes the dead mobile expand-chevron state and the desktop expanded-row plumbing that drove the inline client table. The InboundFormModal Clients tab still works in add-mode (one inline client at inbound creation) — that flow goes through ClientService. SyncInbound on save and remains useful. Fixes a stray "</a-dropdown>" left over by an earlier toolbar edit in ClientsPage that broke the template parser. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): add Delete depleted action Mirrors the legacy delDepletedClients action that lived under the inbounds page, but as a first-class /panel/api/clients/delDepleted endpoint backed by ClientService. The new path goes through ClientService.Delete for each depleted email, so the new clients + client_inbounds + xray_client_traffic tables stay consistent. Adds a danger-styled toolbar button on the Clients page (next to Reset all client traffic) with a confirm dialog and a toast reporting the deleted count. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(api): move every client-shaped endpoint off /inbounds onto /clients After the multi-inbound client migration, client state belongs to the client API surface, not the inbound one. Twelve routes that were crammed under /panel/api/inbounds/* now live where they belong, under /panel/api/clients/*. Moved (route, handler, doc): POST /clientIps/:email POST /clearClientIps/:email POST /onlines POST /lastOnline POST /updateClientTraffic/:email POST /resetAllClientTraffics/:id POST /delDepletedClients/:id POST /:id/resetClientTraffic/:email GET /getClientTraffics/:email GET /getClientTrafficsById/:id GET /getSubLinks/:subId GET /getClientLinks/:id/:email Their /clients/* counterparts are: POST /clients/clientIps/:email POST /clients/clearClientIps/:email POST /clients/onlines POST /clients/lastOnline POST /clients/updateTraffic/:email POST /clients/resetTraffic/:email (email-only, fans out) GET /clients/traffic/:email GET /clients/traffic/byId/:id GET /clients/subLinks/:subId GET /clients/links/:id/:email per-inbound resetAllClientTraffics and delDepletedClients are dropped entirely — the Clients page already exposes global Reset All Traffic and Delete depleted actions, and per-inbound resets are meaningless once a client can be attached to many inbounds. ClientService.ResetTrafficByEmail is the new email-only reset path: it looks up every inbound the client is attached to and pushes the counter reset + Xray re-add through inboundService.ResetClientTraffic for each one, so depleted users come back online instantly. Frontend callers (ClientsPage, useClients, ClientQrModal, ClientInfoModal, InboundInfoModal, InboundsPage, useInbounds) all switched to the new paths. The Inbounds page drops its per-inbound "Reset client traffic" and "Delete depleted clients" dropdown items — users do those at the client level now. api-docs is rebuilt to match. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(service): switch tgbot + ldap callers to ClientService Adds two thin helpers to ClientService (CreateOne, DetachByEmail) and rewrites tgbot.SubmitAddClient and ldap_sync_job to call ClientService directly. Removes the JSON-blob payloads (BuildJSONForProtocol output for add, clientsToJSON/clientToJSON helpers) that callers previously fed to InboundService.AddInboundClient/DelInboundClient. ldap_sync_job.batchSetEnable now loops InboundService.SetClientEnableByEmail per email instead of trying to coerce AddInboundClient into doing the update — the old path would have failed duplicate-email validation for existing clients anyway. The legacy InboundService.AddInboundClient/UpdateInboundClient/ DelInboundClient methods stay in place; they are now only used internally by ClientService Create/Update/Delete/Attach. Inlining + deleting them follows in a separate commit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(service): move all client mutation methods to ClientService Moves the client mutation surface out of InboundService and into ClientService. These methods all operate on a single client (identity fields, traffic limits, expiry, ip limit, enable state, telegram tg id) and didn't belong on the inbound aggregate. Moved (12 methods): AddInboundClient, UpdateInboundClient, DelInboundClient, DelInboundClientByEmail, checkEmailsExistForClients, SetClientTelegramUserID, checkIsEnabledByEmail, ToggleClientEnableByEmail, SetClientEnableByEmail, ResetClientIpLimitByEmail, ResetClientExpiryTimeByEmail, ResetClientTrafficLimitByEmail. Each method now takes an explicit *InboundService for the helpers that legitimately stay on InboundService (GetInbound, GetClients, runtimeFor, AddClientStat / UpdateClientStat / DelClientStat, DelClientIPs / UpdateClientIPs, emailUsedByOtherInbounds, getAllEmailSubIDs, GetClientInboundByEmail / GetClientInboundByTrafficID, GetClientTrafficByEmail). Stays on InboundService: ResetClientTrafficByEmail and ResetClientTraffic(id, email) — these mutate xray_client_traffic rows, not client identity, so they're inbound-side bookkeeping. Callers updated: tgbot (6 calls), ldap_sync_job (1 call), InboundService internal (writeBackClientSubID, CopyInboundClients, AddInbound's email-uniqueness check), ClientService Create/Update/ Delete/Attach/Detach. Also removes a dead resetAllClientTraffics controller handler whose route was already gone after the previous /clients API migration. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(clients): finish migrating to ClientService + tidy IP routes Two related cleanups in the new /clients surface: 1. Move ResetAllClientTraffics (bulk-reset of xray_client_traffic + last_traffic_reset_time, with node-runtime propagation) from InboundService to ClientService. PeriodicTrafficResetJob now holds a clientService and calls j.clientService.ResetAllClientTraffics(&j.inboundService, id). The last client-mutation method on InboundService is gone. 2. Shorten redundantly-named routes/handlers under /panel/api/clients: - /clientIps/:email -> /ips/:email (handler getIps) - /clearClientIps/:email -> /clearIps/:email (handler clearIps) The "client" prefix was redundant inside the clients namespace. Frontend (InboundInfoModal) and api-docs updated to match. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(inbounds,clients): clean up inbound modal + enrich client modal Inbound modal rework (InboundFormModal.vue + inbound.js): - Drop the embedded Client subform in the Protocol tab. Multi-inbound clients are managed exclusively from the Clients page now; a fresh inbound is created with zero clients (settings constructors default to []) and the user attaches clients afterwards. - Hide the Protocol tab entirely when it has nothing to render (VMESS, Trojan without fallbacks, Hysteria). Auto-switches active tab to Basic when the tab disappears while focused. - Move the Security section (Security selector + TLS block with certs and ECH + Reality block) out of the Stream tab into its own Security tab, sharing the canEnableStream gate. Client modal additions (ClientFormModal.vue + ClientBulkAddModal.vue): - Flow select (xtls-rprx-vision / -udp443) appears only when the panel actually has a Vision-capable inbound (VLESS or PortFallback on TCP with TLS or Reality). Hidden otherwise, and cleared when it disappears. - IP Limit input is disabled when the panel-level ipLimitEnable setting is off, fetched into useClients alongside subSettings and threaded through ClientsPage to both modals. - Edit modal now shows an "IP Log" section listing IPs that have connected with the client's credentials, with refresh and clear buttons (calls the renamed /panel/api/clients/ips and /clearIps endpoints). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(inbounds): drop manual Fallbacks UI from inbound modal The PortFallback protocol type now covers the common VLESS-master-plus-children case with auto-wired dests, so the manual Fallbacks editor (showFallbacks block in the Protocol tab) is mostly redundant. Removed: - the v-if="showFallbacks" template block (SNI/ALPN/Path/dest/PROXY rows) - the showFallbacks computed - the addFallback / delFallback helpers - the .fallbacks-header / .fallbacks-title styles - the showFallbacks gate from hasProtocolTabContent (so Trojan-over-TCP no longer shows an empty Protocol tab) Power users who need a non-inbound fallback dest (nginx, static site) can still author settings.fallbacks via the Advanced JSON tab. * feat(clients,inbounds): move search/filter to Clients page + small fixes Search/filter relocation: - Remove the search/filter toolbar (search switch + filter radio + protocol/node selects + the visibleInbounds projection + inboundsFilterState localStorage + filter CSS + the SearchOutlined/ FilterOutlined/ObjectUtil/Inbound imports it required) from InboundList. The filters were all client-oriented buckets bolted onto the inbound row. - Add a search/filter toolbar to ClientsPage with the same shape: switch between deep-text search and bucket filter (active / deactive / depleted / expiring / online) + protocol filter that matches clients attached to at least one inbound with the chosen protocol. State persists in clientsFilterState localStorage. filteredClients drives both the desktop table and the mobile card list, and select-all / allSelected / someSelected only span the visible subset. - useClients now also fetches expireDiff and trafficDiff from /panel/setting/defaultSettings (used to detect the expiring bucket); ClientsPage threads them into the client-bucket helper. Loose fixes folded in: - Add Client: email field is auto-filled with a random handle on open, matching uuid/subId/password/auth. - Inbound clone: parse and reuse the source settings JSON (with clients reset to []) instead of building a fresh defaulted Settings, so VLESS Encryption/Decryption and other non-client fields survive the clone. - en-US.json: add the ipLog string used by the edit-client modal. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): add Reverse tag field for VLESS-attached clients Mirrors the Flow field's pattern: a Reverse tag input appears in the Add/Edit Client modal whenever at least one selected inbound is VLESS or PortFallback. The value rides over the wire as client.reverse = { tag: '...' } so it lands directly in model.Client's *ClientReverse field; an empty value omits the reverse key entirely. On edit the field is hydrated from props.client.reverse?.tag, and the showReverseTag watcher clears the field if the user drops the last VLESS-like inbound from the selection. * fix(xray): emit only protocol-relevant fields per client entry The Xray config synthesizer was writing every identifier field (id, password, flow, auth, security/method, reverse) on every client entry regardless of the inbound's protocol. Xray ignores unknown fields, so the config worked, but it diverged from the spec and leaked secrets across protocols when one client was attached to multiple inbounds — a VLESS inbound's generated config carried the same client's Trojan password and Hysteria auth alongside its uuid. Switch on inbound.Protocol when building each entry: - VLESS / PortFallback: id, flow, reverse - VMess: id, security - Trojan: password, flow - Shadowsocks: password, method - Hysteria / Hysteria2: auth email is emitted for every protocol. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): restore auto-disable kick under new schema disableInvalidClients still resolved (inbound_tag, email) pairs via JSON_EACH(inbounds.settings.clients), which is empty after migrating to the clients + client_inbounds tables. Result: xrayApi.RemoveUser never ran for depleted clients, clients.enable stayed true so the UI showed them as active, and only xray_client_traffic.enable got flipped - making "Restart Xray After Auto Disable" only half-work. Resolve the targets via a JOIN through the new schema, flip clients.enable so the Clients page reflects the state, and drop the legacy JSON write-back plus the subId cascade workaround (email is unique now). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): live WebSocket updates + Ended status surfacing ClientsPage now subscribes to traffic / client_stats / invalidate WebSocket events instead of polling /onlines every 10s. Per-row traffic counters refresh in place, online state stays current, and list-level mutations elsewhere trigger a refresh. The client roll-up summary moves from InboundsPage to ClientsPage where it belongs, restructured into six labeled stat tiles (Total / Online / Ended / Expiring / Disabled / Active) with email popovers on the ones with issues. Auto-disabled clients (traffic exhausted or expiry passed) now classify as 'depleted' even though clients.enable=false, so they show up under the Ended filter and render a red Ended tag instead of looking indistinguishable from an operator-disabled row. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(nodes): per-node client roll-up and panel version Added transient inboundCount / clientCount / onlineCount / depletedCount fields to model.Node, populated by NodeService.GetAll via aggregated queries (one join across inbounds + client_inbounds, one over client_traffics intersected with the in-memory online emails). The Nodes list renders these as colored chips on a new "Clients" column so an operator can see at a glance how many users each node carries and how many are currently online or depleted. Also exposes the remote panel's version. The central panel adds panelVersion to its /api/server/status payload (sourced from config.GetVersion). Probe reads that field and persists it on the node row, mirroring how xrayVersion already flows. NodesPage gets a new column next to Xray Version, in both desktop and mobile views, with English and Persian strings. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): stop node sync from resurrecting deleted clients Several related issues around node-managed clients: - Remote runtime: drop the per-inbound resetAllClientTraffics path and point traffic/onlines/lastOnline fetches at the new /panel/api/clients/* routes. - Delete from master: always push the updated inbound to the node even when the client was already disabled or depleted, so the node actually loses the user instead of silently keeping it. - setRemoteTraffic: mirror remote clients into the central tables only on first discovery of a node inbound. Matched inbounds let the master own the join table, so a stale snap can no longer re-create a ClientRecord (and join row) for a client that was just deleted on the master. - ClientService.Delete: route through submitTrafficWrite so deletes serialize with node traffic merges, and switch the final ClientRecord delete to an explicit Where("id = ?") clause. - setRemoteTraffic UNIQUE-constraint fix: use clause.OnConflict on inserts and email-keyed UPDATEs for client_traffics, so mirroring a snap doesn't trip the unique email index. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(clients): switch client API endpoints from id to email All client-scoped routes now use the unique email as the path key (get, update, del, attach, detach, links). Email is the stable, protocol-independent identifier — UUIDs don't exist for trojan or shadowsocks, and internal numeric ids leaked panel implementation detail into the public API. Removed the redundant /traffic/byId/:id endpoint (covered by /traffic/:email) and collapsed /links/:id/:email into /links/:email, which now returns links across every attached inbound for the client. Frontend selection, bulk delete, and toggle state are now keyed by email as well, dropping the id→email lookup workaround. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(server): move cached state and helpers into ServerService ServerController had grown to hold its own status cache, version-list TTL cache, history-bucket whitelist, and the loop that drove all three — concerns that belong in the service layer. Pull them out: - lastStatus + the @2s refresh become ServerService.RefreshStatus and ServerService.LastStatus; the controller's cron now just orchestrates the cross-service side effects (xrayMetrics sample, websocket broadcast). - The 15-minute Xray-versions cache (with stale-on-error fallback) moves into ServerService.GetXrayVersionsCached, collapsing the controller handler to a single call. - The freedom/blackhole outbound-tag walk used by /xraylogs becomes ServerService.GetDefaultLogOutboundTags. - The allowed-history-bucket whitelist moves to package-level service.IsAllowedHistoryBucket, so both NodeController and ServerController validate against the same list. Net result: web/controller/server.go drops from 458 to 365 lines and contains only HTTP wiring + presentation-y side effects. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * refactor(api): emit JSON-text columns as nested objects Inbound, ClientRecord, and InboundClientIps store settings / streamSettings / sniffing / reverse / ips as JSON-text in the DB. The API was passing that text through verbatim, so every consumer had to JSON.parse a string inside a string. Add MarshalJSON / UnmarshalJSON so the wire format is a real nested object, while still accepting the legacy escaped-string shape on write. Frontend dbinbound.js gets a matching coerceInboundJsonField helper for the same dual-shape read path, and inbound.js toJson stops emitting empty/placeholder fields (externalProxy [], sniffing destOverride when disabled, etc.) so the new normalised JSON stays terse. api-docs and the inbound-clone path are updated to the new shape. Controller route lists are regrouped so all GETs sit above POSTs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): include inboundIds and traffic in /clients/list ClientRecord got its own MarshalJSON in the previous commit, and ClientWithAttachments embeds it to add inboundIds and traffic. Go promotes the embedded MarshalJSON to the outer struct, so the encoder was calling ClientRecord.MarshalJSON for the whole value and silently dropping the extras. The frontend reads row.inboundIds / row.traffic from /clients/list, so attached inbounds didn't render and newly added clients looked like they hadn't saved. Add an explicit MarshalJSON on ClientWithAttachments that splices the extras in. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): gate IP Log on ipLimitEnable + clean access-log dropdown Legacy panel hid the IP Log section when access logging was off; the Vue 3 migration left it gated on isEdit only, so the section showed even when xray's access log was 'none' and nothing was being recorded. Restore the ipLimitEnable gate on the edit modal's IP Log form-item. While here, clean up the Xray Settings access-log dropdown: previously two 'none' entries appeared (an empty value labelled with t('none') and the literal 'none' from the options array). Drop the empty option for access log (the literal 'none' covers it) and relabel the empty option for error log / mask address to t('empty') so they're distinguishable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(nodes): route per-client ops through node clients API + orphan sweep Adds Runtime methods AddClient, UpdateUser, and DeleteUser so master mutates clients on a node via /panel/api/clients/{add,update,del} rather than pushing the whole inbound. The previous rt.UpdateInbound path made the node DelInbound+AddInbound on every single-client change, briefly cycling every other user on the same inbound. DelInbound no longer filters by enable=true, so a disabled node inbound actually gets removed from the node instead of being resurrected by the next snap. setRemoteTrafficLocked now sweeps any ClientRecord with zero ClientInbound rows after SyncInbound rebuilds the attachments, which is how a node-side delete propagates back to master instead of leaving a detached ghost. ClientService.Delete tombstones the email first so a snap arriving mid-delete can't re-create the record. WebSocket broadcasts an "invalidate(clients)" message on every client mutation so the Clients page refreshes without manual reload. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(balancers): allow fallback on all strategies + feed burstObservatory from random/roundRobin Drops the random/roundRobin gate on the Fallback field in BalancerFormModal so every strategy can pick a fallback outbound. syncObservatories now feeds burstObservatory from leastLoad + random + roundRobin balancers (was leastLoad only), matching how leastPing feeds observatory. Fix the JsonEditor "Unexpected end of JSON input" that appeared when switching a balancer between leastPing and another strategy: the obsView watcher was gated on showObsEditor (a boolean OR of the two flags) and missed the case where one observatory swapped for the other in the same tick. Watch the individual flags instead so obsView flips to the surviving editor and the getter stops pointing at a deleted key. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(inbounds): use sortedInbounds for mobile empty-state check InboundList referenced an undefined visibleInbounds in the mobile card list's empty-state guard, throwing "Cannot read properties of undefined (reading 'length')" and breaking the entire mobile render. * feat(clients): sortable table columns Adds the same sortState / sortableCol / sortFns pattern InboundList uses, wrapping filteredClients in sortedClients so sort composes with the existing search/filter pipeline. Sortable: enable, email, inboundIds (attachment count), traffic, remaining, expiryTime; actions and online stay unsorted. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(shadowsocks): generate valid ss2022 keys and per-client method for legacy ciphers The Add Client flow on shadowsocks inbounds was producing xray configs that failed to start: - 2022-blake3-* ciphers need a base64-encoded key of an exact byte length per cipher. fillProtocolDefaults was assigning a uuid-style string, which xray rejects as "bad key". Now the password is generated (or replaced if invalid) via random.Base64Bytes(n) sized to the chosen cipher. - Legacy ciphers (aes-256-gcm, chacha20-*, xchacha20-*) require a per-client method field in multi-user mode; model.Client has no Method, so settings.clients was stored without one and xray failed with "unsupported cipher method:". applyShadowsocksClientMethod now injects the top-level method into each client on add/update, and healShadowsocksClientMethods backfills it at xray-config-build time so existing inbounds heal on the next start. - xray/api.go ssCipherType switch was missing aes-256-gcm, which fell through to ss2022 path. - SSMethods dropdown now offers aes-256-gcm. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): preserve ClientRecord on inbound delete + filter Attached inbounds to multi-client protocols Replace the global orphan sweep in setRemoteTrafficLocked with a per-inbound diff cleanup: only delete a ClientRecord whose email disappeared from a snap-tracked inbound (i.e. a node-side delete). Inbounds that vanished entirely from the snap (e.g. admin deleted the inbound on master) aren't iterated, so a client whose last attachment came from that inbound is now left alone instead of being deleted alongside the inbound. ClientFormModal and ClientBulkAddModal now filter the Attached inbounds dropdown to protocols that actually support multiple clients: shadowsocks, vless, vmess, trojan, hysteria, hysteria2, and portfallback (which routes through VLESS settings). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): make empty-state text readable on dark/ultra themes The "No clients yet" empty state had a hardcoded black color (rgba(0,0,0,0.45)) that vanished against the dark backgrounds. Drop the inline color, let it inherit from the AntD theme, and fade with opacity like the mobile card empty state already does. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(clients): client-first tgbot add flow, tgId field, lightweight inbound options - tgbot: drop legacy per-protocol Add Client UI in favour of a client-first multi-inbound flow. New BuildClientDraftMessage / getInboundsAttachPicker let an admin pick one or more inbounds and submit a single client; per- protocol secrets are now generated server-side via fillProtocolDefaults. Drops awaiting_id/awaiting_password_tr/awaiting_password_sh state cases and add_client_ch_default_id/pass_tr/pass_sh/flow callbacks. Adds a setTGUser button + awaiting_tg_id state so the bot can set Client.TgID during Add. - clients UI: add Telegram user ID input to ClientFormModal (0 = none). Hide IP Limit field entirely when ipLimitEnable is off — disabled fields still take layout space, this collapses Auth(Hysteria) to full width. - inbounds API: new GET /panel/api/inbounds/options that returns just {id, remark, protocol, port, tlsFlowCapable}. Used by the clients page pickers so the dropdown payload stays small on panels with thousands of clients (drops settings JSON, clientStats, streamSettings). Server-side TlsFlowCapable mirrors Inbound.canEnableTlsFlow so the modal no longer needs to parse streamSettings client-side. - clientInfoMsg now shows attached inbound remarks, and getInboundUsages reports the attached client count per inbound. - api-docs: document the new /options endpoint and add tgId / flow to the clients add/update bodies. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(inbounds): keep Node column visible for node-attached inbounds The Node column was bound to hasActiveNode, so disabling every node hid the column even when inbounds were still attached to those nodes — the admin lost the visual cue that those inbounds belonged to a node and would come back when it was re-enabled. Combine hasActiveNode with a new hasNodeAttachedInbound check (any dbInbound with nodeId != null) so the column survives node-disable. * fix(api-docs): accept functional-component icons in EndpointSection AntD-Vue icons (SafetyCertificateOutlined, etc.) are functional components, so the icon prop's type: Object validator was rejecting them with a "Expected Object, got Function" warning at runtime. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * test: cover crypto, random, netsafe, sub helpers, xray equals, websocket hub, node service Adds ~110 unit tests across previously untested packages. Focus on pure-logic and concurrency surfaces where regressions would silently affect users: - util/crypto, util/random: password hashing round-trip, ss2022 key generation, alphabet/length invariants. - util/netsafe: IsBlockedIP edge cases, NormalizeHost validation, SSRF guard with AllowPrivate context bypass. - util/common, util/json_util: traffic formatter, Combine nil-skip, RawMessage empty-as-null and copy-on-unmarshal. - sub: splitLinkLines, searchKey/searchHost, kcp share fields, finalmask normalization, buildVmessLink round-trip. - xray: Config.Equals and InboundConfig.Equals field-by-field, getRequiredUserString/getOptionalUserString type checks. - web/websocket: hub registration, throttling, slow-client eviction, nil-receiver safety, concurrent register/unregister. - web/service: NodeService.normalize validation, normalizeBasePath, HeartbeatPatch.ToUI mapping. - web/job: atomicBool concurrent set/takeAndReset semantics. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * i18n(clients): replace English fallbacks with proper translation keys Pulls every hard-coded English label/title in the Clients page and its four modals through the i18n layer so localized panels stop leaking English. New keys live under pages.clients (auth, hysteriaAuth, uuid, flow, flowNone, reverseTag, reverseTagPlaceholder, telegramId, telegramIdPlaceholder, created, updated, ipLimit) plus refresh at the root and toasts.bulkDeletedMixed / bulkCreatedMixed for partial-failure toasts. Also switches the add-client modal's primary button from "Add" to "Create" for consistency with other create flows. The bulk-add Random/Random+Prefix/... email-method options stay hard-coded by request - they're identifier-shaped strings. * i18n: backfill 99 missing keys across all 12 non-English locales Brings every translation file up to parity with en-US.json so the Clients page, the fallback-children inbound section, the new refresh verb, the Nodes panel-version label and a handful of older holes stop falling through to the English fallback. New strings span: - pages.clients.* (labels, confirmations, toasts, emailMethods) - pages.inbounds.portFallback.* (Reality fallback inbound section) - pages.nodes.panelVersion, menu.clients, refresh Technical identifiers (Auth, UUID, Flow, Reverse tag) are intentionally left untranslated since they correspond to xray-core field names. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * i18n: drop stale pages.client block duplicated in every non-English locale Every non-English locale carried a pages.client (singular) section with 30 entries that duplicated pages.clients (plural). The plural namespace is what the Vue code actually consumes; the singular one was dead weight from an older rename that never got cleaned up in the non-English files. Removing it brings every locale to exactly 984 keys, matching en-US.json. * chore: apply modernize analyzer fixes across codebase Mechanical replacements suggested by golang.org/x/tools/.../modernize: strings.Cut/CutPrefix/SplitSeq, slices.Contains, maps.Copy, min(), range-over-int, new(expr), strings.Builder for hot += loops, reflect.TypeFor[T](), sync.WaitGroup.Go(), drop legacy //+build lines. * feat(database): add PostgreSQL as an optional backend alongside SQLite Lets operators with large client counts or multi-node setups pick PostgreSQL at install time without breaking the existing SQLite default. Backend is selected at runtime via XUI_DB_TYPE/XUI_DB_DSN, a small dialect layer keeps the five JSON_EXTRACT/JSON_EACH queries portable, and a new `x-ui migrate-db` subcommand copies SQLite data into PostgreSQL in FK-aware order. * fix(inbounds): gate node selector to multi-node-capable protocols Hide the Deploy-To selector and clear nodeId when switching to a protocol that can't run on a remote node. Also: - subs: return 404 (not 400) when subId matches no inbounds, so VPN clients distinguish "deleted/unknown" from a server error - hysteria link gen: use the inbound's resolved address so node-managed inbounds advertise the node host instead of the central panel - shadowsocks: default network to 'tcp' (udp was causing issues for some clients on first-create) - vite dev proxy: rewrite migrated-route bypass against the live base path instead of a hardcoded single-segment regex Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(clients): bulk add/delete correctness + perf, working pagination, delayed-start in form Bulk add/delete were serial on the frontend (one toast per call, N round-trips) and the backend race exposed by parallelizing them lost client attachments and hit UNIQUE constraint failed on client_inbounds. The single add/edit modal also had no Start-After-First-Use option, and the table never showed the delayed duration. Backend (web/service/client.go): - Per-inbound mutex on Add/Update/Del InboundClient so concurrent writers on the same inbound don't lose the read-modify-write of settings JSON. - SyncInbound skips create+join when the email is tombstoned so a concurrent maintenance pass (adjustTraffics, autoRenewClients, markClientsDisabledIn- Settings) that did a stale RMW can't resurrect a just-deleted client with a fresh id. - compactOrphans sweeps settings.clients entries whose ClientRecord no longer exists, applied in Add/DelInboundClient + DelInboundClientByEmail so each user-initiated mutation self-heals the inbound's settings. - DelInboundClient uses Pluck instead of First for the stats lookup so a missing row doesn't abort the delete with a noisy ErrRecordNotFound log. Frontend: - HttpUtil.{get,post} accept a silent option that suppresses the auto-toast. - ClientBulkAddModal fires creates in parallel + silent + one summary toast. - useClients.removeMany runs deletes in parallel + silent and refreshes once; ClientsPage bulk delete uses it and shows one aggregate toast. - useClients.applyInvalidate debounces 200 ms so the burst of N WebSocket invalidate events from the backend collapses into a single refresh. - ClientsPage pagination is reactive (paginationState ref + tablePagination computed); onTableChange persists page-size and page changes. - ClientFormModal gains a Start-After-First-Use switch + Duration days input alongside the existing Expiry Date picker; on edit-mode open a negative expiryTime is decoded back to delayed mode + days; on submit the payload sends -86400000 * days or the absolute timestamp. - ClientsPage table shows the delayed-start duration (blue tag Nd, tooltip Start After First Use: Nd) instead of infinity. - Telegram ID field in the form is hidden when /panel/setting/defaultSettings reports tgBotEnable=false; Comment then fills the row. - Form row 3 collapses UUID (span 12) + Total GB (span 8) + Limit IP (span 4) when ipLimitEnable is on, else UUID + Total GB at 12/12. - useInbounds.rollupClients counts only clients with a matching clientStats row, so orphans in settings.clients no longer inflate the inbound's count. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(windows): clean shutdown, working panel restart, harden kernel32 load Three Windows-specific issues addressed: 1. Orphaned xray-windows-amd64 after VS Code debugger stop. Delve's "Stop" sends TerminateProcess to the Go binary, which is uncatchable — our signal handlers never run, so xrayService.StopXray() is skipped and xray is left dangling. Spawn xray as a child of a Job Object with JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE so the OS kills xray when our handle to the job is closed (which happens even on TerminateProcess). Also trap os.Interrupt in main so Ctrl+C in the terminal runs the graceful path. 2. /panel/setting/restartPanel logged "failed to send SIGHUP signal: not supported by windows" because Windows can't deliver arbitrary signals. Add a restart hook in web/global; main registers it to push SIGHUP into its own signal channel, and RestartPanel calls the hook before falling back to the (Unix-only) signal path. Same restart-loop code runs in both cases. 3. util/sys/sys_windows.go now uses windows.NewLazySystemDLL so the kernel32.dll resolve is pinned to %SystemRoot%\System32 (prevents DLL hijacking by a planted DLL next to the binary). Local filetime type replaced with windows.Filetime, and the unreliable syscall.GetLastError() fallback replaced with a type assertion on the errno captured at call time. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(sys): correct CPU/connection accounting on linux + darwin util/sys/sys_linux.go: - GetTCPCount/GetUDPCount were counting the column header row in /proc/net/{tcp,udp}[6] as a connection, inflating the reported total by 1 per non-empty file (so the panel status line always showed 2 more connections than actually existed). Replace getLinesNum + safeGetLinesNum with a single bufio.Scanner-based countConnections that skips the header. - CPUPercentRaw now opens HostProc("stat") instead of a hardcoded /proc/stat so HOST_PROC overrides apply, matching the connection counters in the same file. - Simplify CPU field unpacking: pad nums to 8 once instead of guarding every assignment with a len check. util/sys/sys_darwin.go: - Fix swapped idle/intr indices on kern.cp_time. BSD CPUSTATES order is user, nice, sys, intr, idle (CP_INTR=3, CP_IDLE=4) — gopsutil's cpu_darwin_nocgo.go reads the same layout. The previous code used out[3] as idle and out[4] as intr, so busy = total - dIdle was actually subtracting interrupt time, making the panel report CPU usage close to 100% on macOS regardless of actual load. - Collapse the per-field delta math into a single loop. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(xray): rotate crash reports into log folder, prevent overwrites writeCrashReport had two flaws: it wrote to the bin folder (alongside the xray binary) which conflates artifacts, and the second-precision timestamp meant a tight restart-loop crash burst overwrote prior reports. Write to the log folder with nanosecond precision and keep the last 10 reports. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * revert(inbounds): drop unreleased portfallback protocol The Port-with-Fallback inbound (commit 62fd9f9d) was confusing as a standalone protocol — fallbacks belong on a regular VLESS/Trojan TCP-TLS inbound, the way Xray models them natively. Rip out the entire feature cleanly (no migration needed since it was never released): protocol constant, fallback children DB table, FallbackService, 2 API endpoints, all UI rows, related translations and api-docs. A native fallback flow attached to VLESS/Trojan TCP-TLS/Reality will land in a follow-up commit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(inbounds): native fallbacks on VLESS/Trojan TCP-TLS, with working child links A VLESS or Trojan inbound on TCP with TLS or Reality can now act as a fallback master: pick existing inbounds as children and the panel auto- fills the SNI / ALPN / path / xver routing fields from each child's transport, auto-builds settings.fallbacks at config-gen time, and rewrites the child's client-share link so it advertises the master's reachable endpoint and TLS state instead of the child's loopback listen. Layout matches the Xray All-in-One Nginx example: master at :443 with clients + TLS, each child on 127.0.0.1 with its own transport+clients. Order matters (Xray walks fallbacks top-to-bottom) — reorder via the per-row up/down arrows. Path / SNI / ALPN are exposed under a per-row Edit toggle for the rare cases where the auto-derivation needs overriding; otherwise just pick a child and you're done. Backend: new InboundFallback table + FallbackService (GetByMaster / SetByMaster / GetParentForChild / BuildFallbacksJSON); two routes (GET / POST /panel/api/inbounds/:id/fallbacks); xray.GetXrayConfig injects settings.fallbacks for any VLESS/Trojan TCP-TLS/Reality inbound; GetInbounds annotates each child with FallbackParent so the frontend can rewrite links without an extra round-trip. Link projection covers every emission path — clients-page QR/links, per-inbound Get URL, raw subscription, sub-JSON, sub-Clash, and the inbounds-page link/info/QR — via a shared projectThroughFallbackMaster on the backend and a shared projectChildThroughMaster on the frontend that both handle the panel-tracked relationship and the legacy unix-socket (@vless-ws) convention. Strings translated into all 12 non-English locales. * docs: rewrite CONTRIBUTING with full local-dev setup The prior three-line CONTRIBUTING left newcomers guessing at every non-trivial step: which Go / Node versions, where xray comes from, why the panel goes blank when XUI_DEBUG=true is flipped on, how the Vue multi-page setup is wired, what to do on Windows when go build trips on the CGo SQLite driver. Now covers prerequisites, MinGW-w64 install on Windows (niXman builds or MSYS2), one-shot first-time setup, two frontend dev workflows with the XUI_DEBUG asset-cache gotcha called out, the architecture and conventions of the Vue side, a project-layout map, useful env vars, and the PR checklist. ---------	2026-05-19 12:20:24 +02:00
MHSanaei	5a1019534f	refactor(inbounds): tighten advanced JSON helpers and fix dark-mode subtitles ... Collapsed repeated stream/sniffing/settings handling in InboundFormModal into shared helpers (stampAdvancedTextFor, parseAdvancedSliceWithLabel, compactAdvancedJson, withSaving) plus a wrapped-config factory for the single-key editors. Cuts ~120 lines from the script section with no behavior change. The advanced-panel subtitle and editor-meta text used a fixed dark color that was unreadable on the dark and ultra-dark modal backgrounds. Switched both to opacity-on-inherit so they pick up AntD's theme-aware foreground color, the same pattern .section-heading already uses.	2026-05-15 12:12:47 +02:00
MHSanaei	5cf8a08540	fix: disable balancer fallbackTag for random / roundRobin strategies ... Xray-core's RandomStrategy and RoundRobinStrategy register a pending dependency on the Observatory feature whenever fallbackTag is non-empty. Since the panel only provisions observatory for leastPing / leastLoad balancers, picking roundRobin with a fallbackTag caused xray to fail boot with "not all dependencies are resolved". Disable the fallback field for the two strategies that cannot resolve it, and strip fallbackTag from the wire balancer as a defensive backstop for users who edit the JSON template directly.	2026-05-15 11:24:50 +02:00
MHSanaei	79a9be7b22	fix: split locale chunks by removing eager i18n glob ... The eager `import.meta.glob` was statically pulling all 13 locale JSON files into the main bundle, defeating the sibling lazy glob and emitting INEFFECTIVE_DYNAMIC_IMPORT warnings. Statically import only the en-US fallback, lazy-load the rest, and await `readyI18n()` in each entry before mount so the first paint still uses the active locale.	2026-05-15 10:50:40 +02:00
Abdalrahman	19d50bd16c	fix: add i18n translations for Allow private address node option across all locales (#4386) ... * fix: add Chinese locale translations for Allow private address node option * fix: add Allow private address translations to all remaining locale files	2026-05-15 09:51:14 +02:00
MHSanaei	3af45c1462	fix: Add base-path meta tag for Cloudflare Rocket Loader compatibility ... When Cloudflare Rocket Loader is enabled, it interferes with inline scripts that set window.X_UI_BASE_PATH, causing the frontend to fail to configure the correct base URL for API calls. This results in 404 errors on the login page when calling /getTwoFactorEnable. Solution: Add meta name='base-path' tag to HTML (similar to csrf-token), update axios initialization to read from meta tag as fallback. Meta tags are not affected by CSP or Rocket Loader delays. Fixes #4393	2026-05-14 23:37:25 +02:00
MHSanaei	6badd829df	Remove streamSettings for protocols that don't support it ... - Frontend: Only include streamSettings in toJson() for vmess, vless, trojan, shadowsocks, and hysteria protocols - Frontend: Hide Stream tab in Advanced section for unsupported protocols - Frontend: Clear streamSettings in Advanced tab when switching to unsupported protocols - Frontend: Add CodeMirror JSON editor to config view in index page with mobile responsive design - Backend: Add normalizeStreamSettings() to clear streamSettings for tunnel, mixed, http, tun, and wireguard protocols - Backend: Apply normalization in AddInbound() and UpdateInbound() - Backend: Add omitempty JSON tag to StreamSettings field to exclude null values from Xray config	2026-05-14 23:18:23 +02:00
MHSanaei	b79abc8bc9	refactor: remove legacy advancedJson state	2026-05-14 20:32:38 +02:00
MHSanaei	05b68c3b13	fix: remove Auth password ... #4388	2026-05-14 19:28:09 +02:00
Abdalrahman	f3c7660f84	fix: correct Hysteria2 Obfs password label to Auth password (#4388) ... The Obfs password field in the Hysteria2 stream settings tab was incorrectly labeled. It binds to hysteriaSettings.auth (the server-wide authentication password), not to the salamander obfuscation password. Per Xray-core docs, Hysteria2 salamander obfuscation belongs in finalmask.udp[].salamander.password, which is correctly handled by the FinalMaskForm (UDP Masks section). Fixed the label to Auth password with an accurate tooltip explaining that salamander obfuscation is configured via the UDP Masks section below.	2026-05-14 18:53:04 +02:00
MHSanaei	9b0fd047cb	fix: guard certificate and key against undefined before join	2026-05-14 17:46:24 +02:00
MHSanaei	e4218a1029	feat: click QR to copy/save image instead of link text	2026-05-14 17:40:40 +02:00
MHSanaei	1284756f8a	fix(outbound): restore TLS, QUIC params and TCP masks when importing share links ... - fromHysteriaLink: parse security= URL param and populate stream.tls (SNI, fingerprint, ALPN, ECH) when security=tls; previously always forced security to 'none' - fromHysteriaLink: parse fm JSON param and populate both stream.finalmask.quicParams (drives the QUIC Params toggle in FinalMaskForm) and the mirrored stream.hysteria fields - fromParamLink (VLESS/Trojan/SS): parse fm JSON param and restore stream.finalmask (TCP masks, UDP masks, QUIC params) - fromVmessLink (VMess): same fm handling for the base64-JSON path Closes #4376	2026-05-14 13:27:55 +02:00
MHSanaei	ae6f13b533	fix: also hide QR code for ML-KEM-768 links (too long for QR generation)	2026-05-14 12:34:23 +02:00
MHSanaei	1cf2582e6d	fix: hide QR code for mldsa65 links (too long for QR generation)	2026-05-14 12:30:48 +02:00
Abdalrahman	eacb9f63b0	fix: protocol filter placeholder not showing on initial load (#4372)	2026-05-14 12:12:44 +02:00
MHSanaei	e7035b56fe	fix: sync advancedJson before tab switch in convertLink	2026-05-14 11:46:07 +02:00
MHSanaei	5dc02a9af3	v3.0.2	2026-05-14 10:27:33 +02:00
MHSanaei	2204c8231d	Adjust QR panel sizing and collapse JSON subscription by default	2026-05-14 10:23:27 +02:00
Abdalrahman	01a7dc807b	fix(sub): include xhttp mode in extra JSON for karing compatibility (#4365) ... - Add mode to buildXhttpExtra() so clients reading xtra param (karing, etc.) receive the xhttp mode alongside other bidirectional SplitHTTP fields. Previously mode was only a flat URL param and was silently dropped when xtra was present. - Add xhttp case to streamData() to strip acceptProxyProtocol and server-only fields (noSSEHeader, scMaxBufferedPosts, scStreamUpServerSecs, serverMaxHeaderBytes) from JSON sub configs. - Sync frontend buildXhttpExtra() with the same mode addition. Closes #4364	2026-05-14 10:02:45 +02:00
MHSanaei	21058eb63c	fix(routing): make rule drag-and-drop work on mobile cards ... The pointermove handler looked up the drop target via el.closest('tr[data-row-key]'). That selector only matches the desktop a-table rows; the mobile branch renders each rule as a <div class="rule-card" data-row-key>, so on phones the lookup always returned null, dropTargetIndex stayed pinned to the start index, and the eventual drop was a no-op. Loosened the selector to [data-row-key] so both DOM shapes resolve.	2026-05-14 02:04:05 +02:00
Black	194de8869e	feat(panel): add 'Edit' button to tables and enhance layout (#4355) ... - Move 'Edit' button from dropdown to the table since it's the most used action. Only for desktop. - Increase column widths for action keys in Inbounds, Balancers, Outbounds and Routing tables. - Slightly enhance layout for consistency.	2026-05-14 01:55:00 +02:00
MHSanaei	26accfd8f7	fix(qr): lock QR code modules to black-on-white across all themes ... AntD's <a-qrcode> defaults the module color to the active theme's text token. Under the dark and ultra-dark themes that text is a light gray, so the QR rendered low-contrast on the white canvas background and phones could not lock onto it. Pinned color="#000000" and bg-color="#ffffff" on every <a-qrcode> usage (share links in QrPanel, 2FA enrollment in TwoFactorModal, sub/json/clash codes on SubPage) so the contrast stays high regardless of panel theme.	2026-05-14 01:45:00 +02:00
MHSanaei	2551a673c3	fix(inbounds): refresh client rows live over websocket ... Two bugs combined to leave per-client traffic / remained / all-time columns stuck at stale numbers while only the inbound-level row and the online badge refreshed: 1. Backend (xray + node sync traffic jobs) only included the per-client array in the client_stats broadcast when activeEmails / touched was non-empty. Cycles with no client deltas — or any node sync that failed to fetch a snapshot — shipped only the inbound summary, so the frontend had nothing to merge for clients. Replaced both code paths with a single GetAllClientTraffics() snapshot per cycle; the broadcast now always carries the full client list. 2. Frontend mutated dbInbound.clientStats[i] in place. DBInbound is a plain class instance (not wrapped in reactive()), so Vue could not see the field-level changes and ClientRowTable's statsMap computed stayed cached forever. Added a statsVersion tick bumped on every merge and read inside statsMap so the computed re-evaluates and the template pulls fresh up/down/allTime/expiryTime each push. Removed the now-dead emailSet helper from node_traffic_sync_job and the activeEmails filter from xray_traffic_job.	2026-05-14 01:31:49 +02:00
MHSanaei	ce4c42e09c	feat(json): swap raw textareas for a CodeMirror 6 JsonEditor ... A new JsonEditor.vue component wraps CodeMirror 6 + lang-json with line numbers, JSON syntax highlighting, bracket matching, code folding, search (Ctrl+F), undo/redo, lint (red squiggle and gutter icon on invalid JSON), tab indent, and line wrapping. It is wired into the four raw-JSON spots that previously used <a-textarea class="json-editor">: the Xray Advanced Template tab, the Outbound JSON tab, the Balancer Observatory pane, and the Inbound Advanced tab (settings / streamSettings / sniffing). Chrome colors are driven by EditorView.theme so they win the specificity fight cleanly against CodeMirror's own injected styles. A single buildDarkTheme() factory yields a Dark+ palette (#1e1e1e background, #252526 active line, #2d2d30 panels) for the regular dark mode and a near-black variant (#0a0a0a / #141414 / #1f1f1f border) for ultra-dark — both pair with oneDarkHighlightStyle for the syntax colors. Light mode stays on basicSetup's default. CodeMirror lazy-loads as a ~17 kB gzipped chunk that only appears on the Xray/Inbounds bundles.	2026-05-14 00:02:59 +02:00
MHSanaei	18614bd6ea	feat(tabs): collapse settings and xray tab bars to evenly-spread icons ... On phones the five Settings tabs and six Xray tabs overflowed the viewport. Now the tab labels are stripped (v-if="!isMobile"), the nav-list stretches to full width via display:flex + width:100%, and each tab claims an equal share with flex:1 1 0 so the icons spread across the row instead of bunching. Icons bumped to 18px with a tooltip carrying the original label for discoverability.	2026-05-13 23:33:50 +02:00
MHSanaei	e564c9283d	feat(nodes): mobile card list, info modal, and tighter summary layout ... NodeList now branches on isMobile: a vertical card list mirrors the inbound mobile redesign — status dot + name + an Info icon that opens an a-modal with the full per-node stats (address, status, CPU/mem, xray version, uptime, latency, last heartbeat). The card head expands to surface NodeHistoryPanel inline (parity with the desktop expandable row), and the more-dropdown carries probe/edit/delete. NodesPage also gets two layout fixes: an 8px vertical gutter between the summary card and the node list on mobile (was 0), and a 2x2 grid for the four summary statistics on phones via :xs="12" plus a 16px inner vertical gutter, so Total/Online/Offline/Avg Latency no longer crowd each other.	2026-05-13 23:14:56 +02:00
MHSanaei	933567d423	feat(inbounds): collapse mobile cards to id/email + info button ... Mobile inbound cards now show only #id and remark; mobile client cards show only the status badge and email. The full stat grid (protocol, port, node, traffic, all-time, clients, expiry — and per-client remained/online/expiry) moves behind a new info icon that opens an a-modal, so the list stays scannable on small screens.	2026-05-13 23:03:19 +02:00
MHSanaei	771bc7c8ef	feat(inbounds): align tunnel, tun, and hysteria UI with Xray docs ... * tunnel: rename settings to Xray's current schema (address → rewriteAddress, port → rewritePort, network → allowedNetwork) in the model, form modal, info modal, and the bundled API inbound template; expose portMap so per-port forwarding can be configured from the panel. * tun: add the full TUN protocol form and read-only info blocks (name, mtu, gateway, dns, userLevel, autoSystemRoutingTable, autoOutboundsInterface) — previously the protocol was selectable but the form rendered blank. * hysteria: surface the stream-level version, obfs password, and udpIdleTimeout fields that the model already supported. Refs https://xtls.github.io/config/inbounds/tunnel.html Refs https://xtls.github.io/config/inbounds/tun.html Refs https://xtls.github.io/config/transports/hysteria.html	2026-05-13 22:44:08 +02:00
MHSanaei	adc262a238	fix(warp): set license against Cloudflare API and surface errors inline ... The license update was always failing because the Cloudflare response has no `success` field — the check rejected every successful PUT. On real errors (e.g. "Too many connected devices."), the toast leaked the raw URL + JSON body. Now the WARP API's error envelope is parsed into a clean message and shown inline next to the Update button.	2026-05-13 21:13:16 +02:00
Vladislav Kasperov	67b098dfd3	Add possibility to remove client email from sub (#4297)	2026-05-13 19:04:17 +02:00
MHSanaei	5543466fcc	fix(forms): validate JSON tabs before applying or saving ... InboundFormModal: switching out of the Advanced tab now parses the three JSON textareas and rebuilds the structured Inbound via Inbound.fromJson, so the Basic tab reflects what was pasted. Invalid JSON keeps the user on Advanced with a specific parse error. XrayPage: Save now parses xraySetting upfront and snaps the user back to the Advanced tab on invalid JSON instead of letting the backend reject a generic blob.	2026-05-13 19:01:12 +02:00
MHSanaei	b10a9f1de7	fix(inbounds): hide node UI when no enabled node exists ... The Deploy-to selector, node column, node stat row, and node filter all appeared whenever a node row existed in the DB. Local-only deployments with no nodes (or only disabled nodes) saw a dropdown that only had "Local Panel" and a filter that did nothing. useNodeList now exposes hasActive (any node with enable === true). Inbounds form and list gate node UI on hasActive instead of map size.	2026-05-13 17:42:40 +02:00
MHSanaei	6c6b40e063	fix(outbound): accept JSON-only configs and sync JSON to basic form on tab switch ... Pasting a JSON config and clicking OK failed with "Something went wrong" because validation read the empty form-side tag input instead of the JSON's tag. Switching from the JSON tab to Basic also discarded any JSON the user had pasted. - onOk now validates and submits from the JSON tab using the parsed JSON - Tab switch JSON→Basic deserializes the JSON back into the structured form - Invalid JSON keeps the user on the JSON tab with a clear parse error - Empty form-tag / duplicate-tag errors are now specific, not generic	2026-05-13 16:48:16 +02:00
MHSanaei	b97ff40ad6	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs ... Replace the single regenerable API token with a named-token list: - New ApiToken model + service with constant-time auth matching - Seeder migrates the legacy `apiToken` setting into a "default" row - Security tab gets create/enable/delete UI; api-docs page links to it - Dedicated "API Tokens" section in the in-panel docs URL anchors now reflect the active tab/section on Settings, Xray, and API Docs pages, so deep links like `/panel/settings#security` work. Translations for the 8 new SecurityTab strings added across all locales.	2026-05-13 16:34:31 +02:00
MHSanaei	46b6f8c66c	feat(routing): drag-reorder rules, split balancer column, mobile card layout ... - Grip-handle drag-and-drop on the # cell to reorder rules, built on Pointer Events so the same code works for mouse, touch, and pen (HTML5 drag doesn't fire from touch on iOS Safari). 5px threshold keeps quick taps from triggering a reorder; up/down arrow menu items stay as a keyboard/a11y fallback. Drop indicator is a 2px blue line on the target edge; dragged row fades to 40%. - Split the old combined target column into Outbounds and Balancer columns. Each row now has exactly one populated cell — green outbound tag or purple balancer tag. - Mobile drops the a-table (520px+ of column widths overflowed every phone) for a stacked card layout: # + grip + actions on top, an "Inbound → Outbound/Balancer" flow row in the middle, and criteria chips (domain, IP, port, src IP/port, L4, protocol, user, VLESS) below for whichever fields are actually set. Multi-value chips collapse to "first +N" with full value on hover.	2026-05-13 15:30:25 +02:00
Abdalrahman	102df7a290	style(api-docs): redesign TOC, section icons, endpoint rows, and code blocks with ultra-dark support (#4332) ... * style(api-docs): redesign TOC, section icons, endpoint rows, and code blocks with ultra-dark support * style(api-docs): rename visibleSections to visibleEndpoints, drop dead toc-stuck CSS - visibleSections counted endpoints, not sections — rename matches the displayed "X / Y endpoints" label. - .toc-nav.toc-stuck was never toggled by any code path. * docs(api): add missing POST /panel/api/inbounds/:id/resetTraffic entry This route was added in #4334/#4338 but endpoints.js wasn't updated, breaking TestAPIRoutesDocumented (91 routes in source, 90 documented). --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-05-13 15:05:23 +02:00
Abdalrahman	f29c8a5e29	fix: single inbound traffic reset resets all inbounds (#4334) (#4338)	2026-05-13 14:49:54 +02:00
Abdalrahman	b47f794ed0	fix: reality random target/sni buttons not working (#4337) (#4340)	2026-05-13 14:42:20 +02:00
MHSanaei	4e1b597914	feat(ui): use the host as the browser tab title prefix	2026-05-13 14:23:57 +02:00
MHSanaei	bbefe91011	fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop ... Add UserService.BumpLoginEpoch and call it from updateSetting when TwoFactorEnable flips false → true. Existing cookies (issued under the looser no-2FA policy) get a 401 on their next request and are forced through the login flow. Disabling 2FA is a relaxation and does not bump the epoch — sessions stay valid. Also fix the dev-mode 401 redirect: targeting `${basePath}login.html` breaks when basePath isn't "/" (Vite has no file at e.g. "/test/login.html"; the SPA fallback loops the 401). Navigate to basePath instead — Vite's bypassMigratedRoute and Go's index handler both serve login.html for that path. Strip stale doc-comment from netsafe and IndexController.logout in line with the project's no-inline-comments convention.	2026-05-13 14:08:16 +02:00
Farhad H. P. Shirvan	428f1333ac	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) ... * refactor(session): store user ID in session instead of full struct Replaces storing the full User object in the session cookie with just the user ID. GetLoginUser now re-fetches the user from the database on every request so credential/permission changes take effect immediately without requiring a re-login. Includes a backward-compatible migration path for existing sessions that still carry the old struct payload. * feat(auth): block panel with default admin/admin credentials and guide credential change checkLogin middleware now detects default admin/admin credentials and redirects every panel route to /panel/settings until they are changed. The settings page auto-opens the Authentication tab, shows a non-dismissible error banner, and lists 'Default credentials' first in the security checklist. Login response includes mustChangeCredentials so the login page can redirect directly. Logout is now POST-only. Password must be at least 10 characters and cannot be admin/admin. * feat(settings): redact secrets in AllSettingView and add TrustedProxyCIDRs Introduces AllSettingView which strips tgBotToken, twoFactorToken, ldapPassword, apiToken and warp/nord secrets before sending them to the browser, replacing them with boolean hasFoo presence flags. A new /panel/setting/secret endpoint allows updating individual secrets by key. Secrets that arrive blank on a save are preserved from the DB rather than overwritten. Adds TrustedProxyCIDRs as a configurable setting (defaults to localhost CIDRs). URL fields are validated before save. * fix(security): SSRF prevention, trusted-proxy header gating, CSP nonce, HTTP timeouts Adds SanitizeHTTPURL / SanitizePublicHTTPURL to reject private-range and loopback targets before any outbound HTTP request (node probe, xray download, outbound test, external traffic inform, tgbot API server, panel updater). Forwarded headers (X-Real-IP, X-Forwarded-For, X-Forwarded-Host) are now only trusted when the direct connection arrives from a CIDR in TrustedProxyCIDRs. CSP policy is tightened with a per-request nonce. HTTP server gains read/write/idle timeouts. Panel updater downloads the script to a temp file instead of piping curl into shell. Xray archive download adds a size cap and response-code check. backuptotgbot is changed from GET to POST. * feat(nodes): add allow-private-address toggle per node Adds AllowPrivateAddress to the Node model (DB default false). When enabled it bypasses the SSRF private-range check for that node's probe URL, allowing nodes hosted on RFC-1918 or loopback addresses (e.g. a private VPN or LAN setup). * chore: frontend UX improvements, CI pipeline, and dev tooling - AppSidebar: logout via POST /logout instead of navigating to GET - InboundList: persist filter state (search, protocol, node) to localStorage across page reloads; add protocol and node filter dropdowns - IndexPage: add health status strip (Xray, CPU, Memory, Update) with quick-action buttons - dependabot: weekly go mod and npm update schedule - ci.yml: add GitHub Actions workflow for build and vet - .nvmrc: pin Node 22 for local development - frontend: bump package.json and package-lock.json - SubPage, DnsPresetsModal, api-docs: minor fixes * fix(ci): stub web/dist before go list to satisfy go:embed at compile time * chore(ui): remove health-strip bar from dashboard top * Revert "feat(auth): block panel with default admin/admin credentials and guide credential change" This reverts commit 56ce6073ce. * fix(auth): make logout POST+CSRF and propagate session loss to other tabs - Switch /logout from GET to POST with CSRFMiddleware so it matches the SPA's existing HttpUtil.post('/logout') call (previously 404'd silently) and blocks GET-based logout via image tags or link prefetchers. Handler now returns JSON; the SPA already navigates client-side. - Return 401 (instead of 404) from /panel/api/* when the caller is a browser XHR (X-Requested-With: XMLHttpRequest) so the axios interceptor redirects to the login page on logout-in-another-tab, cookie expiry, and server restart. Anonymous callers still get 404 to keep endpoints hidden from casual scanners. - One-shot the 401 redirect in axios-init.js and hang the rejected promise so queued polls don't stack reloads or surface error toasts while the browser is navigating away. - Add the CSP nonce to the runtime-injected <script> in dist.go so the panel loads under the existing script-src 'nonce-...' policy. - Update api-docs endpoints.js: GET /logout doc entry was missing. * fix(settings): POST /logout after credential change * fix(auth): invalidate other sessions when credentials change When the admin changes username/password from one machine, sessions on every other machine kept working until they manually logged out because session storage is a signed client-side cookie — there is no server-side session list to revoke. Add a per-user LoginEpoch counter stamped into the session at login and re-verified on every authenticated request. UpdateUser and UpdateFirstUser bump the epoch (UpdateUser via gorm.Expr so a single update statement is atomic), so any cookie issued before the change no longer matches the user's current epoch and GetLoginUser returns nil — the SPA's 401 interceptor then redirects to the login page. Backward compatible: the column defaults to 0 and missing cookie values are treated as 0, so sessions issued before this change remain valid until the first credential update. --------- Co-authored-by: Sanaei <ho3ein.sanaei@gmail.com>	2026-05-13 12:52:52 +02:00
MHSanaei	406cb6dbc0	fix(api-docs): resolve no-useless-escape lint errors ... - endpoints.js: replace `\"` with `\\"` in xray response example so the rendered docs actually show escaped JSON-in-JSON (the original single-quoted `\"` collapsed to a bare `"` and produced malformed output). - CodeBlock.vue: drop the unnecessary `\[` inside the regex character class `[{}\[\]]`; `[` does not need escaping inside `[...]`.	2026-05-13 11:31:34 +02:00
Abdalrahman	4884a2972a	fix(graphs): increase y-axis paddingLeft from 32 to 56 to prevent clipped labels (#4309)	2026-05-13 01:47:54 +02:00
Abdalrahman	6e12329d9d	feat(api-docs): enhance in-panel API documentation (#4312) ... * feat(api-docs): enhance API documentation with missing endpoints, search, collapse, and route sync test - Add 29 undocumented routes across 4 new sections (Settings, Xray Settings, Subscription Server, WebSocket) plus 4 missing Server API endpoints - Fix inaccuracies: history metric keys, node metric keys, VLESS enc description - Add response schemas to 15+ key endpoints - Add search bar and expand/collapse all controls to the docs page - Add collapsible endpoint sections with endpoint count - Add Go test (TestAPIRoutesDocumented) to verify all Go routes are documented * feat(api-docs): add JSON syntax highlighting and top-right copy button to code blocks * fix(api-docs): use distinct colors for JSON syntax highlighting (green strings, amber numbers) * feat(api-docs): add request body examples, error responses, WebSocket message types, and subscription response headers * fix(api-docs): use ClipboardManager.copyText instead of copy to fix API token copy button	2026-05-13 01:47:09 +02:00
Abdalrahman	9f7e8178d4	fix: delete button missing after searching for a user (#4315) ... When searching for a user, the projected DBInbound only contains the matching clients, so isRemovable evaluated to alse (since a single match made clients.value.length === 1), hiding the Delete button. Pass the original total client count from the parent's clientCount prop and use it in the isRemovable check instead of the projected clients array length.	2026-05-13 01:27:10 +02:00
Abdalrahman	60e6b12f4c	fix(hysteria2): restore missing masquerade config in inbound form (#4316) ... * fix(hysteria2): restore missing masquerade config in inbound form Fixes #4303 The Hysteria2 Masquerade option was missing from the Stream settings tab after the v3.0.0 form rewrite. Added the UI form and ensured the masquerade block is passed through in subscription JSON generation.	2026-05-13 01:25:00 +02:00
Abdalrahman	48e90bba51	fix: show UDP tag for Hysteria and fix client count spacing (#4318)	2026-05-13 01:12:25 +02:00
Abdalrahman	6de9b24229	fix: preserve space between date and time in log modal (#4326) ... Vue 3's whitespace: condense strips bare whitespace text nodes and trailing whitespace inside elements, causing the &lt;template&gt; trick to fail. Use mustache interpolations (which compile to _createTextVNode) for all spacing between fields so they survive compilation.	2026-05-13 01:02:48 +02:00
MHSanaei	07bc74a521	feat(nodes): blur address column with eye-toggle, mirroring IndexPage IP card	2026-05-12 12:38:38 +02:00
MHSanaei	f570b991e7	fix(api-docs): copy API token button	2026-05-12 12:34:22 +02:00
MHSanaei	80031e67cc	feat(inbounds): restore copy-clients-between-inbounds modal ... The menu item, backend endpoint (POST /panel/api/inbounds/:id/copyClients), and i18n keys were already in place after the Vue3 migration, but the modal itself was never ported — clicking the menu just toasted "coming soon". Adds CopyClientsModal.vue: source inbound dropdown (multi-user inbounds except the target), per-client checkbox selection via a-table row-selection, optional Flow override when the target supports TLS flow, and result toasts for added/skipped/errors.	2026-05-12 12:30:07 +02:00
Farhad H. P. Shirvan	fdaa65ad7e	Feat: clarify VLESS encryption auth selection (#4271) ... * feat(traffic_writer): enhance traffic writer with concurrency safety and state management * Revert "feat(traffic_writer): enhance traffic writer with concurrency safety and state management" This reverts commit e6760ae396. * feat(vless): clarify VLESS encryption auth selection and enhance parsing logic	2026-05-12 11:39:28 +02:00
Abdalrahman	89a8f549f2	feat: sortable inbounds table columns (#4300)	2026-05-12 11:29:32 +02:00
MHSanaei	355bb4c9c0	feat(panel): xray metrics dashboard with observatory probe history ... Polls xray's /debug/vars on the 2s status tick, stores memstats and per-outbound observatory delay in the metric history ring buffer, and exposes them through a new XrayMetricsModal opened from the Charts card. Restructures the dashboard to consolidate uptime, usage, version, and Telegram link into stat-style or action-style cards consistent with the existing AntD aesthetic.	2026-05-12 02:17:45 +02:00
MHSanaei	6a90f98412	feat(inbounds): add sub/client link endpoints; hide panel version on login ... - New GET /panel/api/inbounds/getSubLinks/:subId and /getClientLinks/:id/:email return the same protocol URLs the panel UI's Copy button emits, honouring X-Forwarded-Host / X-Forwarded-Proto. Documented in the API docs page. - Refactor: sub package no longer imports web. The embedded dist FS is injected via sub.SetDistFS, and the link generator is registered with the service layer via service.RegisterSubLinkProvider, avoiding the circular import the new endpoints would otherwise introduce. - Security: stop emitting window.X_UI_CUR_VER on login.html and drop the visible version chip from the login page, so the panel version is no longer pre-auth info disclosure. Authenticated pages still receive it. - Bump config/version.	2026-05-11 15:03:47 +02:00
MHSanaei	e642f7324e	feat(panel): in-panel API documentation page ... New /panel/api-docs route with a one-page reference covering every /panel/api/* endpoint (Auth, Inbounds, Server, Nodes, Custom Geo, Backup) plus a Bearer-token primer that reads the current token and exposes Show/Copy/Regenerate inline. Sidebar gets an API Docs entry right after Xray; the menu label is shared via menu.apiDocs across all 13 locales.	2026-05-11 13:57:42 +02:00
MHSanaei	88061bac10	fix(theme): default to dark, polish theme cycle visibility and hover ... New installs land on plain dark instead of ultra-dark. The cycle button icon now has an explicit colour so it stays visible inside the mobile drawer (the previous color:inherit didn't cascade through the teleported node), and hover/focus matches the menu's blue across sidebar, login, and sub pages.	2026-05-11 12:51:37 +02:00
MHSanaei	b5479f3f30	feat(sidebar): pin Logout above trigger, inline 3-state theme cycle ... The desktop sider stretched to match the page height, so below lg (992px) where dashboard cards stack into one column the collapse trigger plus Logout slid off-screen. Pin the sider with `position: sticky; height: 100vh; align-self: flex-start` so the chrome stays viewport-tall. Split the menu into `.sider-nav` (flex: 1, scrollable) and `.sider-utility` so Logout sits directly above the 48px trigger reserved by padding-bottom. Replace the `<ThemeSwitch>` a-sub-menu with a single inline icon button next to the '3X-UI' brand (sun / moon / moon+star SVG). One click cycles Light -> Dark -> Ultra Dark -> Light. ThemeSwitch.vue removed since it is now inlined. Override AD-Vue dark Menu selected + hover/active state on the sider-nav, sider-utility, and drawer menus to use the same light-blue tint AD-Vue's light theme uses (rgba(64,150,255,0.2) / #4096ff). The default dark variant was too subtle against #252526, so the current page and Logout-on-hover barely distinguished themselves.	2026-05-11 12:05:45 +02:00
MHSanaei	d8aedcdde4	fix(inbounds): bulk-delete keeps last client to satisfy backend constraint ... DelClient rejects the removal that would leave an inbound with zero clients (the constraint exists because Xray protocols need at least one client to keep the inbound functional). The bulk-delete flow fired one DelClient call per picked client in a loop, so picking every client meant the final iteration always errored out with "no client remained in Inbound" and surfaced as a red toast even though N-1 deletions had already gone through. Now confirmBulkDelete detects the "all selected" case up front, drops the last client from the request, and surfaces the partial operation in the confirm dialog ("N-1 / N — last selected will remain. Delete the inbound to remove all."). The pre-existing single-row delete path and partial-selection bulk delete paths are untouched. If the only client in the inbound is selected, a Modal.warning explains the constraint instead of asking for confirm.	2026-05-11 10:22:52 +02:00
MHSanaei	5f3e9ed0ea	feat(xray/nord): searchable server list + colored load tag, surface API errors ... Frontend (NordModal.vue): - Server selector gets show-search with the option label set to `${cityName} ${name} ${hostname}` so admins can find a specific server inside a 100+ entry country list by typing. - Each option renders the load as a colored a-tag (green <30%, orange 30-70%, red >70%) instead of plain text — quicker visual scan when sorting through servers in the dropdown. Backend (nord.go): - GetCountries / GetServers now check resp.StatusCode and return "NordVPN API error: <status>" on non-200, matching the pattern GetCredentials already used. Previously a 4xx/5xx body was returned as a "success" string and the frontend silently failed to parse it, surfacing only as an empty "No servers found". - GetCredentials drops its own ad-hoc 10s http.Client and reuses the shared nordHTTPClient (15s) — one client, one timeout.	2026-05-11 10:06:01 +02:00
MHSanaei	3e8a0eb93e	fix(inbounds): paginate expanded client list, restore ID column, hide empty Remark ... - ClientRowTable now applies the General-Settings pageSize to its expanded client list. The 3.0 rewrite dropped pagination, so users with thousands of clients per inbound hit a 30-60s browser hang on expand (#4233). - ID column was marked responsive: ['xs'] so it was hidden on desktop; removed the restriction so it shows as the first column everywhere. - Remark column is now omitted entirely when no inbound has a non-empty remark, matching the existing Node-column pattern.	2026-05-11 09:05:47 +02:00
Harry NG	9f06bffbea	chore: fix remarks shadowrocket subscription (#4247)	2026-05-11 08:24:22 +02:00
Amirmohammad Sadat Shokouhi	e20d73ba7e	add loopback and dns servers tag to inbound lists in RuleFormModal (#4244) ... * add loopback and dns servers tag to inbound lists in RuleFormModal * fix: remove clientIp from dns section when its empty	2026-05-11 08:23:30 +02:00
MHSanaei	8834e5fbbe	feat(xray/outbounds): TCP probe mode + Test All + timing breakdown ... - service.TestOutbound now dispatches on `mode`: - "tcp": parallel net.DialTimeout to every server/peer endpoint (vmess/vless/trojan/ss/socks/http/wireguard). No xray spin-up, no semaphore — safe to run concurrently across outbounds. - "http" (default): existing temp-xray + SOCKS path, now with an httptrace.ClientTrace breakdown (DNS / Connect / TLS / TTFB) alongside the total delay and status code. - testSemaphore renamed to httpTestSemaphore — only HTTP probes serialise, TCP runs free. - TestOutboundResult carries the per-mode extras: timing fields for HTTP, per-endpoint dial list for TCP, plus a `mode` echo. - Controller reads `mode` from the form and passes it through. - useXraySetting: testOutbound accepts mode (default "tcp"); new testAllOutbounds(mode) runs a worker pool (concurrency 8 for TCP, 1 for HTTP) and skips blackhole / loopback / blocked outbounds — also skips freedom / dns under TCP since they have no endpoint. - OutboundsTab: TCP/HTTP radio toggle and a Test All button land in the toolbar; the per-row ⚡ now uses the selected mode. Results surface in a popover with the full timing breakdown plus the endpoint list for TCP probes. Latency header replaces the duplicate "check" column title. Practical effect: testing ten outbounds in TCP mode drops from ~50–100s (serial HTTP) to ~1–2s (parallel dial × 8). HTTP mode stays as the authoritative probe and now shows where the latency actually lives.	2026-05-11 04:17:23 +02:00
MHSanaei	6d732d8d32	feat(inbounds): bulk-select clients + UX polish ... - ClientBulkModal: add `comment` and VLESS `reverseTag` fields so the bulk-add modal can set them on every generated client (matching the single-client form) - ClientRowTable: add multi-select checkboxes (desktop + mobile) with a tri-state select-all and a sticky bulk-action bar; emits a new `delete-clients` event so the parent can wipe the picked clients in one go. Hidden entirely when the inbound has only one client (the last one must stay) - ClientRowTable: new "Remained" column shows live remaining quota per client (∞ for unlimited, red when depleted) - InboundInfoModal: Remained cell now shows the ∞ tag when the client has no totalGB limit, matching how Total Usage already renders it - InboundsPage: add Online tag (+ per-bucket popovers listing client emails) to the summary card so it mirrors the per-inbound row, and wire an `onDeleteClients` handler that loops the existing single- delete endpoint then refreshes once - InboundList: forward the `delete-clients` event; hide empty remarks on both the desktop table (custom #bodyCell) and the mobile card - useInbounds: aggregate an `online` email list across all inbounds so the summary popover has data to render	2026-05-11 03:50:28 +02:00
MHSanaei	04828246fc	feat(frontend): swap QRious for ant-design-vue's a-qrcode ... - Migrate SubPage, QrPanel and TwoFactorModal from a QRious canvas to <a-qrcode type="svg">, which renders the QR matrix as crispEdges SVG rectangles — pixel-perfect at any display size or DPR, no more white scan-line artifacts from non-integer canvas scaling - Drop the now-unused qrious dependency and its manualChunks entry - Default the panel to ultra-dark on first load (existing user preferences in localStorage are preserved) - Let the sub controller read subpage.html from web/dist/ first and fall back to the embedded copy, so Vite rebuilds in dev no longer require a Go recompile to refresh the asset hashes	2026-05-11 02:07:47 +02:00
MHSanaei	c1efc48694	feat(frontend): refresh dark theme + redesign login page ... - Swap navy dark palette for VS Code Dark+ neutrals (#1e1e1e/#252526/ #2d2d30) across theme tokens, page backgrounds and DateTimePicker - Add brand header to the mobile drawer and desktop sider, and recolor the drawer body so it reads as one panel with the menu - Redesign login page with a centered card, cycling Hello/Welcome headline and per-theme animated gradient-blob backgrounds	2026-05-11 01:10:05 +02:00
MHSanaei	f1760b0a28	feat(xray/balancer): restore observatory editor + auto-sync selectors ... The Vue3 migration dropped the Observatory / Burst Observatory section that used to sit under the balancer table. Without it, leastPing / leastLoad strategies had nowhere to populate Xray's required subjectSelector, so balancers that depended on probe data silently ran with an empty observer config. - Auto-seed and sync `observatory` for leastPing balancers and `burstObservatory` for leastLoad balancers (subjectSelector recomputed from every matching balancer's selector list). Drops the observatory when no matching strategy remains. - Defaults (probeURL, interval, connectivity, sampling) match the values the legacy panel shipped, themselves taken from the Xray docs at xtls.github.io/config/{observatory,burstobservatory}.html. - Surface both observatories under the table as a radio-switched JSON textarea so admins can tune probe settings inline without dropping into the full xray template tab.	2026-05-11 00:11:09 +02:00
MHSanaei	745e394c74	refactor(panel): rename injected globals + collapse QR modal entries ... Rename the SPA globals injected by Go to drop the ad-hoc dunder shape and free up the bare `webBasePath` name (still the DB setting key) from colliding with the JS global it used to share: window.__X_UI_BASE_PATH__ -> window.X_UI_BASE_PATH window.__X_UI_CUR_VER__ -> window.X_UI_CUR_VER Also rework the QR-Code modal to fold every QR (subscription + JSON sub URL, share links, WireGuard config/peer links) into a single a-collapse with one panel per QR. Subscription panels are listed first and open by default; everything else stays collapsed so a multi-link inbound no longer scrolls forever.	2026-05-10 23:40:39 +02:00
MHSanaei	737300b14b	fix(outbound): default VLESS encryption to "none" ... A blank encryption field caused Xray to reject the outbound config with 'VLESS users: please add/set "encryption":"none"'. Default the constructor parameter, coerce empty values, and final-guard toJson so every code path emits a valid encryption value.	2026-05-10 23:06:28 +02:00
GRCR13	30469fcd10	fix: backup path with webbasepath (#4223) ... * Update BackupModal.vue add base path to importDB API call * fix add base path to importDB API call	2026-05-10 22:48:35 +02:00
MHSanaei	6efc4b0665	Revert "perf(frontend): code-split heavy components to improve LCP" ... This reverts commit 444b05cac9.	2026-05-10 17:45:05 +02:00
MHSanaei	a96612f595	feat(xray/dns): align DNS settings with Xray docs + UI polish ... - DNS server modal: rename expectIPs -> expectedIPs (per docs); add per-server tag, clientIP, serveStale, serveExpiredTTL, timeoutMs; flip skipFallback default to false; hydration still accepts legacy expectIPs for back-compat. - DNS tab: add hosts editor (domain -> IP/array), serveStale + serveExpiredTTL controls, "Use Preset" button bringing back the legacy preset gallery (Google / Cloudflare / AdGuard + Family variants — fixed AdGuard Family IPs that were wrong in legacy), and a "Delete All" button to wipe the server list at once. - i18n: add 15 new dns.* keys across all 13 locales. - Frontend-wide formatter pass on Vue components (whitespace and attribute layout only, no behavior changes). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 17:03:11 +02:00
MHSanaei	8e7d215b4a	feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes ... - Traffic-writer single-consumer queue (web/service/traffic_writer.go) serialises every DB write that touches up/down/all_time/last_online (AddTraffic, SetRemoteTraffic, Reset*, UpdateClientTrafficByEmail) so overlapping goroutines can no longer clobber each other's column-scoped Updates with a stale tx.Save. - DB pool: WAL + busy_timeout=10s + synchronous=NORMAL + _txlock= immediate, MaxOpenConns=8 / MaxIdleConns=4. The immediate-tx PRAGMA fixes residual "database is locked [0ms]" cases where deferred-tx writer-upgrade conflicts bypass busy_timeout. - SetRemoteTraffic full-mirrors node-authoritative state into central: settings JSON, remark, listen, port, total, expiry, all_time, enable, plus per-client total/expiry/reset/all_time. Inbounds and client_traffics rows present on node but missing from central are created; rows missing from snap are deleted (with cascading client_traffics removal). - NodeTrafficSyncJob detects structural changes from the mirror and broadcasts invalidate(inbounds) so open central UIs re-fetch via REST on node-side add/del/edit without manual refresh. - XrayTrafficJob broadcasts invalidate(inbounds) when auto-disable flips client_traffics.enable so the per-client toggle reflects depletion without manual refresh. - Frontend: inbounds page now subscribes to the BroadcastInbounds 'inbounds' WS event (full-list pushes from add/del/update controllers were silently dropped). Fixes invalidate payload field (dataType -> type). Restart- panel modal switched from Promise-wrap to onOk-only so Cancel actually cancels. - Node files trimmed of stale prose-comments; cron cadence dropped 10s -> 5s to match the inbounds page UX. - README badges and Go module path bumped v2 -> v3 to match module rename. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 16:25:23 +02:00
Ali Fotouhi	9cbba130ab	fix(xray): clear outbound test state on delete to prevent result bleed (#4205)	2026-05-10 12:03:00 +02:00
MHSanaei	cf5767acd1	i18n: localize sidebar theme toggle, xray-status badge, and nodes menu ... The sidebar theme submenu (Theme / Dark / Ultra dark) and the dashboard's Xray status badge ("Xray is running" etc.) were hardcoded English strings. Wire them through vue-i18n: ThemeSwitch.vue uses menu.theme/dark/ultraDark, and XrayStatusCard.vue derives the badge text from the existing pages.index.xrayStatus{Running,Stop,Error,Unknown} keys (status.js no longer carries an English stateMsg field). The "Nodes" menu item was already keyed as menu.nodes but only en-US and fa-IR had a translation; add it to the other 11 languages, matching the wording each file already uses for pages.nodes.title. #4201	2026-05-10 11:56:30 +02:00
MHSanaei	444b05cac9	perf(frontend): code-split heavy components to improve LCP ... Switch the inbounds-page modals, login page's theme switch, and the Persian date picker to defineAsyncComponent. They're not needed on first paint, so deferring them shrinks the initial bundle and lets the LCP element render sooner. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 11:33:46 +02:00
MHSanaei	267fb1c866	refactor(inbounds): reorder Inbound's Data tabs (client first, sub inline) ... Show the per-client pane as the default tab and fold the subscription URLs into its bottom (under a divider) so the modal has two tabs instead of three. Inbound details move to the second tab and remain the default fallback for protocol-only entries (HTTP/Mixed/Tunnel/ WireGuard) that have no per-client view.	2026-05-10 01:59:02 +02:00
MHSanaei	5ac88271af	feat(inbounds): mobile card layout for inbounds and clients ... Replace the cramped <a-table> on <768px with a stacked card list for both inbounds and the per-client expanded rows. Each card surfaces protocol, port, node, traffic, all-time traffic, client count and expiry inline as labeled rows instead of hiding them behind popovers, fixes the 0px gutter that made cards visually merge, and softens the in-quota green from #52c41a to #389e0a (Ant green-7) so traffic tags are no longer blinding on dark themes.	2026-05-10 01:46:48 +02:00
MHSanaei	b776b33497	fix(ui): correct responsive breakpoints for add client form and bulk	2026-05-10 00:52:22 +02:00
MHSanaei	1478124712	fix(ui): correct responsive breakpoints for inbound form and settings ... InboundFormModal forms specified label/wrapper cols only at md (>=768), leaving 576-767 unset and breaking the grid in that range. Move the breakpoint down to sm so the desktop 8/14 split applies from 576 upward. SettingListItem had its breakpoints inverted: at <992 no span was set so the meta and control cols squeezed side-by-side, and at lg (992-1199) they stacked. Switch to xs/lg so input stacks below the text under 992 and sits beside it from 992 upward.	2026-05-10 00:43:25 +02:00
MHSanaei	113a29733e	feat(logs): mobile-friendly log modals with theme-aware colors ... Both index-page log modals (panel logs and xray access logs) now adapt to narrow viewports and dark / ultra-dark themes: - Render through Vue templates instead of v-html — drops the manual escapeHtml helper and the regex-based string formatting; each line is parsed once into structured fields (date, time, level, body for panel logs; from / to / inbound / outbound / email for xray logs). - Mobile: stacked cards per entry. Panel-log cards show time + a level badge above the wrapped message; xray-log cards show time and event tag above the From → To pair, with inbound / outbound / email as small meta pairs below. Long IPv6 / hostnames wrap instead of overflowing. - Modal goes full-bleed on mobile (100vw, no rounded corners, pinned to viewport height) so cards get full width. - Toolbar wraps cleanly when the row-count, level, syslog checkbox, and download button can't fit on one line. - Theme-aware colour palette via CSS variables on .log-container — brighter shades on body.dark and [data-theme="ultra-dark"] so level text and blocked / proxy rows keep AA contrast against the navy and near-black surfaces. - Cards render flush on the container surface (no separate card bg) so the colour story is identical to the desktop view.	2026-05-10 00:13:20 +02:00
MHSanaei	f68a14a3ca	fix(xray): align DNS outbound to spec and repair item-list rules UI ... DNS outbound now mirrors xray-core's documented shape: rewriteNetwork / rewriteAddress / rewritePort / userLevel replace the legacy network / address / port keys, and unset values are dropped on the wire. Old configs are still accepted on read so saved configs migrate cleanly. While there, fix two latent bugs in repeat-item editors (DNS rules, Freedom noise, WireGuard peers): - The "+" buttons pushed plain objects into arrays of class instances, so toJson() crashed on the next read and the JSON tab silently went blank. Push proper class instances instead. - Each item heading lived outside any a-form-item, so the delete icon ignored the form's column grid and slumped left. Wrap the heading in a form-item with the standard offset wrapper-col and switch the flex to space-between so the icon sits at the right of the input column, in line with the fields below it.	2026-05-09 23:17:31 +02:00
MHSanaei	60e2af088d	feat(xray): add loopback outbound protocol ... #4185 Surface xray-core's loopback outbound in the Outbounds form so users can re-route already-processed traffic back into a named inbound for secondary routing (e.g. splitting TCP/UDP from one ingress). The inboundTag field is an autocomplete over existing inbound tags, with free-text fallback for inbounds defined outside the panel. Loopback outbounds are excluded from the connectivity test since they have no network endpoint.	2026-05-09 22:49:49 +02:00
MHSanaei	917f9b307e	fix(xray): surface reverse tags in routing and balancer dropdowns ... Outbound reverse tags now appear as inbound options in routing rules (#4199), and inbound-client reverse tags appear as outbounds in the balancer selector (#4187). Both represent virtual endpoints created by xray-core that the dropdowns previously missed.	2026-05-09 22:03:01 +02:00
MHSanaei	61c84e8223	fix(panel): make webBasePath work end-to-end in dev and prod ... - Vite dev server reads webBasePath from x-ui.db via node:sqlite and injects __X_UI_BASE_PATH__ on every HTML serve, mirroring dist.go. Single broad proxy regex catches backend routes whether the URL is prefixed or not, and the bypass serves login.html for the bare basePath URL so post-logout navigation lands on Vite's own page instead of the production dist HTML's hashed asset URLs. - axios.defaults.baseURL is set from __X_UI_BASE_PATH__ at startup so HttpUtil calls reach the backend's basePath group instead of 404ing on every prefixed install. fetch() for the public CSRF endpoint prepends the prefix manually since it doesn't honor axios defaults. - Logout/redirect responses set Cache-Control: no-store and the index handler's logged-in redirect uses an absolute base_path+panel/ URL, preventing browsers from replaying a stale cached 307 that bounced the user back to /panel/ after logout. - ClearSession also issues a Path=/ deletion cookie when basePath is not "/", so a legacy cookie from an earlier basePath setting can't keep IsLogin returning true after logout. - getPanelUpdateInfo no longer returns a translated error message on GitHub fetch failures, so HttpUtil's auto-popup stays quiet on offline / blocked environments. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 21:47:37 +02:00