Merge a6ca391ba1 into 06c49b92f8

2026-02-28 21:23:01 +00:00 · 2026-02-01 04:11:24 +01:00
5 changed files with 111 additions and 21 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -151,6 +151,96 @@ jobs:
          overwrite: true
          prerelease: true

+  # =================================
+  #  macOS Build (darwin)
+  # =================================
+  build-macos:
+    name: Build for macOS
+    permissions:
+      contents: write
+    strategy:
+      matrix:
+        include:
+          - arch: amd64
+            runner: macos-13
+          - arch: arm64
+            runner: macos-14
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Build 3X-UI for macOS (CGO)
+        shell: bash
+        run: |
+          set -euo pipefail
+          export CGO_ENABLED=1
+          export GOOS=darwin
+          export GOARCH=${{ matrix.arch }}
+
+          go version
+          go env GOOS GOARCH CGO_ENABLED
+
+          go build -ldflags "-w -s" -o xui-release -v main.go
+          file xui-release
+
+          mkdir -p x-ui/bin
+          cp xui-release x-ui/x-ui
+          cp x-ui.sh x-ui/
+
+          # Download dependencies
+          cd x-ui/bin
+          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v26.1.18/"
+          if [ "${{ matrix.arch }}" = "amd64" ]; then
+            curl -fsSL -o Xray-macos-64.zip "${Xray_URL}Xray-macos-64.zip"
+            unzip -q Xray-macos-64.zip
+            rm -f Xray-macos-64.zip
+          elif [ "${{ matrix.arch }}" = "arm64" ]; then
+            curl -fsSL -o Xray-macos-arm64-v8a.zip "${Xray_URL}Xray-macos-arm64-v8a.zip"
+            unzip -q Xray-macos-arm64-v8a.zip
+            rm -f Xray-macos-arm64-v8a.zip
+          fi
+
+          rm -f geoip.dat geosite.dat
+          curl -fsSL -o geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+          curl -fsSL -o geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
+          curl -fsSL -o geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
+          curl -fsSL -o geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
+          curl -fsSL -o geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
+          curl -fsSL -o geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
+
+          mv xray xray-macos-${{ matrix.arch }}
+          cd ../..
+
+      - name: Package
+        shell: bash
+        run: tar -zcvf x-ui-darwin-${{ matrix.arch }}.tar.gz x-ui
+
+      - name: Upload files to Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: x-ui-darwin-${{ matrix.arch }}
+          path: ./x-ui-darwin-${{ matrix.arch }}.tar.gz
+
+      - name: Upload files to GH release
+        uses: svenstaro/upload-release-action@v2
+        if: |
+          (github.event_name == 'release' && github.event.action == 'published') ||
+          (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/'))
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          file: x-ui-darwin-${{ matrix.arch }}.tar.gz
+          asset_name: x-ui-darwin-${{ matrix.arch }}.tar.gz
+          overwrite: true
+          prerelease: true
+
  # =================================
  #  Windows Build
  # =================================
@ -199,11 +289,11 @@ jobs:

          go build -ldflags "-w -s" -o xui-release.exe -v main.go

-      - name: Copy and download resources
+      - name: Build 3X-UI for Windows
        shell: pwsh
-        run: |
+        run: |          
          mkdir x-ui
-          Copy-Item xui-release.exe x-ui\x-ui.exe
+          Copy-Item xui-release.exe x-ui\
          mkdir x-ui\bin
          cd x-ui\bin
          
--- a/web/assets/js/model/inbound.js
+++ b/web/assets/js/model/inbound.js
@ -596,6 +596,8 @@ class TlsStreamSettings extends XrayCommonClass {
        maxVersion = TLS_VERSION_OPTION.TLS13,
        cipherSuites = '',
        rejectUnknownSni = false,
+        verifyPeerCertByNames = ['dns.google', 'cloudflare-dns.com'],
+        pinnedPeerCertSha256 = [],
        disableSystemRoot = false,
        enableSessionResumption = false,
        certificates = [new TlsStreamSettings.Cert()],
@ -610,6 +612,8 @@ class TlsStreamSettings extends XrayCommonClass {
        this.maxVersion = maxVersion;
        this.cipherSuites = cipherSuites;
        this.rejectUnknownSni = rejectUnknownSni;
+        this.verifyPeerCertByNames = Array.isArray(verifyPeerCertByNames) ? verifyPeerCertByNames.join(",") : verifyPeerCertByNames;
+        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
        this.disableSystemRoot = disableSystemRoot;
        this.enableSessionResumption = enableSessionResumption;
        this.certs = certificates;
@ -643,6 +647,8 @@ class TlsStreamSettings extends XrayCommonClass {
            json.maxVersion,
            json.cipherSuites,
            json.rejectUnknownSni,
+            json.verifyPeerCertByNames,
+            json.pinnedPeerCertSha256 || [],
            json.disableSystemRoot,
            json.enableSessionResumption,
            certs,
@ -660,6 +666,8 @@ class TlsStreamSettings extends XrayCommonClass {
            maxVersion: this.maxVersion,
            cipherSuites: this.cipherSuites,
            rejectUnknownSni: this.rejectUnknownSni,
+            verifyPeerCertByNames: this.verifyPeerCertByNames.split(","),
+            pinnedPeerCertSha256: this.pinnedPeerCertSha256.length > 0 ? this.pinnedPeerCertSha256 : undefined,
            disableSystemRoot: this.disableSystemRoot,
            enableSessionResumption: this.enableSessionResumption,
            certificates: TlsStreamSettings.toJsonArray(this.certs),
--- a/web/assets/js/model/outbound.js
+++ b/web/assets/js/model/outbound.js
@ -347,8 +347,6 @@ class TlsStreamSettings extends CommonClass {
        fingerprint = '',
        allowInsecure = false,
        echConfigList = '',
-        verifyPeerCertByName = 'cloudflare-dns.com',
-        pinnedPeerCertSha256 = '',
    ) {
        super();
        this.serverName = serverName;
@ -356,8 +354,6 @@ class TlsStreamSettings extends CommonClass {
        this.fingerprint = fingerprint;
        this.allowInsecure = allowInsecure;
        this.echConfigList = echConfigList;
-        this.verifyPeerCertByName = verifyPeerCertByName;
-        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
    }

    static fromJson(json = {}) {
@ -367,8 +363,6 @@ class TlsStreamSettings extends CommonClass {
            json.fingerprint,
            json.allowInsecure,
            json.echConfigList,
-            json.verifyPeerCertByName,
-            json.pinnedPeerCertSha256,
        );
    }

@ -378,9 +372,7 @@ class TlsStreamSettings extends CommonClass {
            alpn: this.alpn,
            fingerprint: this.fingerprint,
            allowInsecure: this.allowInsecure,
-            echConfigList: this.echConfigList,
-            verifyPeerCertByName: this.verifyPeerCertByName,
-            pinnedPeerCertSha256: this.pinnedPeerCertSha256
+            echConfigList: this.echConfigList
        };
    }
 }
--- a/web/html/form/outbound.html
+++ b/web/html/form/outbound.html
@ -703,15 +703,6 @@
          <a-form-item label="Allow Insecure">
            <a-switch v-model="outbound.stream.tls.allowInsecure"></a-switch>
          </a-form-item>
-          <a-form-item label="verify Peer Cert By Name">
-            <a-input
-              v-model.trim="outbound.stream.tls.verifyPeerCertByName"></a-input>
-          </a-form-item>
-          <a-form-item label="pinned Peer Cert Sha256">
-            <a-input v-model.trim="outbound.stream.tls.pinnedPeerCertSha256"
-              placeholder="Enter SHA256 fingerprints (base64)">
-            </a-input>
-          </a-form-item>
        </template>

        <!-- reality settings -->
--- a/web/html/form/tls_settings.html
+++ b/web/html/form/tls_settings.html
@ -70,6 +70,15 @@
    <a-form-item label="Session Resumption">
      <a-switch v-model="inbound.stream.tls.enableSessionResumption"></a-switch>
    </a-form-item>
+    <a-form-item label="verifyPeerCertByNames">
+      <a-input v-model.trim="inbound.stream.tls.verifyPeerCertByNames"></a-input>
+    </a-form-item>
+    <a-form-item label="pinned Peer Cert Sha256">
+      <a-select mode="tags" v-model="inbound.stream.tls.pinnedPeerCertSha256"
+        :dropdown-class-name="themeSwitcher.currentTheme"
+        placeholder="Enter SHA256 fingerprints (base64)">
+      </a-select>
+    </a-form-item>
    <a-divider :style="{ margin: '3px 0' }"></a-divider>
    <template v-for="cert,index in inbound.stream.tls.certs">
      <a-form-item label='{{ i18n "certificate" }}'>