Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-01-13 01:02:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: Alex-Devera:3f15d21f1321932324dffc8c1cacee7dce5b9dc4
Branches Tags
Alex-Devera:main
Alex-Devera:MySQL-databases
Alex-Devera:Group_Management
Alex-Devera:v2.8.7
Alex-Devera:v2.8.6
Alex-Devera:v2.8.5
Alex-Devera:v2.7.0
Alex-Devera:v2.6.8
Alex-Devera:v2.8.4
Alex-Devera:v2.8.3
Alex-Devera:v2.8.2
Alex-Devera:v2.8.1
Alex-Devera:v2.8.0
Alex-Devera:v2.6.7
Alex-Devera:v2.6.6
Alex-Devera:v2.6.5
Alex-Devera:v2.6.3
Alex-Devera:v2.6.2
Alex-Devera:v2.6.1
Alex-Devera:v2.6.0
Alex-Devera:v2.5.8
Alex-Devera:v2.5.7
Alex-Devera:v2.5.6
Alex-Devera:v2.5.5
Alex-Devera:v2.5.4
Alex-Devera:v2.5.3
Alex-Devera:v2.5.2
Alex-Devera:v2.5.1
Alex-Devera:v2.5.0
Alex-Devera:v2.4.11
Alex-Devera:v2.4.10
Alex-Devera:v2.4.9
Alex-Devera:v2.4.8
Alex-Devera:v2.4.7
Alex-Devera:v2.4.6
Alex-Devera:v2.4.5
Alex-Devera:v2.4.4
Alex-Devera:v2.4.3
Alex-Devera:v2.4.2
Alex-Devera:v2.4.1
Alex-Devera:v2.4.0
Alex-Devera:v2.3.15
Alex-Devera:v2.3.14
Alex-Devera:v2.3.13
Alex-Devera:v2.3.12
Alex-Devera:v2.3.11
Alex-Devera:v2.3.10
Alex-Devera:v2.3.9
Alex-Devera:v2.3.8
Alex-Devera:v2.3.7
Alex-Devera:v2.3.6
Alex-Devera:v2.3.5
Alex-Devera:v2.3.4
Alex-Devera:v2.3.3
Alex-Devera:v2.3.1
Alex-Devera:v2.3.0
Alex-Devera:v2.2.8
Alex-Devera:v2.2.7
Alex-Devera:v2.2.6
Alex-Devera:v2.2.5
Alex-Devera:v2.2.1
Alex-Devera:v2.2.0
Alex-Devera:v2.1.3
Alex-Devera:v2.1.2
Alex-Devera:v2.1.1
Alex-Devera:v2.1.0
Alex-Devera:v2.0.2
Alex-Devera:v2.0.1
Alex-Devera:v2.0.0
Alex-Devera:v1.7.9
Alex-Devera:v1.7.8
Alex-Devera:v1.7.7
Alex-Devera:v1.7.6
Alex-Devera:v1.7.5
Alex-Devera:v1.7.1
Alex-Devera:v1.7.0
Alex-Devera:v1.6.1
Alex-Devera:v1.6.0
Alex-Devera:v1.5.0
Alex-Devera:v1.4.6
Alex-Devera:v1.4.5
Alex-Devera:v1.4.1
Alex-Devera:v1.4.0
Alex-Devera:v1.3.4
Alex-Devera:v1.3.3
Alex-Devera:v1.3.2
Alex-Devera:v1.3.0
Alex-Devera:v1.2.8
Alex-Devera:v1.2.7
Alex-Devera:v1.2.6
Alex-Devera:v1.2.4
Alex-Devera:v1.2.3
Alex-Devera:v1.2.2
Alex-Devera:v1.2.0
Alex-Devera:v1.1.6
Alex-Devera:v1.1.5
Alex-Devera:v1.1.4
Alex-Devera:v1.1.3
Alex-Devera:v1.1.2
Alex-Devera:v1.0.9
Alex-Devera:v1.1.1
Alex-Devera:v1.1.0
Alex-Devera:v1.0.8
...
compare: Alex-Devera:6041d10e3d5d8b0021dd596bdee8f0064a495f80
Branches Tags
Alex-Devera:main
Alex-Devera:MySQL-databases
Alex-Devera:Group_Management
Alex-Devera:v2.8.7
Alex-Devera:v2.8.6
Alex-Devera:v2.8.5
Alex-Devera:v2.7.0
Alex-Devera:v2.6.8
Alex-Devera:v2.8.4
Alex-Devera:v2.8.3
Alex-Devera:v2.8.2
Alex-Devera:v2.8.1
Alex-Devera:v2.8.0
Alex-Devera:v2.6.7
Alex-Devera:v2.6.6
Alex-Devera:v2.6.5
Alex-Devera:v2.6.3
Alex-Devera:v2.6.2
Alex-Devera:v2.6.1
Alex-Devera:v2.6.0
Alex-Devera:v2.5.8
Alex-Devera:v2.5.7
Alex-Devera:v2.5.6
Alex-Devera:v2.5.5
Alex-Devera:v2.5.4
Alex-Devera:v2.5.3
Alex-Devera:v2.5.2
Alex-Devera:v2.5.1
Alex-Devera:v2.5.0
Alex-Devera:v2.4.11
Alex-Devera:v2.4.10
Alex-Devera:v2.4.9
Alex-Devera:v2.4.8
Alex-Devera:v2.4.7
Alex-Devera:v2.4.6
Alex-Devera:v2.4.5
Alex-Devera:v2.4.4
Alex-Devera:v2.4.3
Alex-Devera:v2.4.2
Alex-Devera:v2.4.1
Alex-Devera:v2.4.0
Alex-Devera:v2.3.15
Alex-Devera:v2.3.14
Alex-Devera:v2.3.13
Alex-Devera:v2.3.12
Alex-Devera:v2.3.11
Alex-Devera:v2.3.10
Alex-Devera:v2.3.9
Alex-Devera:v2.3.8
Alex-Devera:v2.3.7
Alex-Devera:v2.3.6
Alex-Devera:v2.3.5
Alex-Devera:v2.3.4
Alex-Devera:v2.3.3
Alex-Devera:v2.3.1
Alex-Devera:v2.3.0
Alex-Devera:v2.2.8
Alex-Devera:v2.2.7
Alex-Devera:v2.2.6
Alex-Devera:v2.2.5
Alex-Devera:v2.2.1
Alex-Devera:v2.2.0
Alex-Devera:v2.1.3
Alex-Devera:v2.1.2
Alex-Devera:v2.1.1
Alex-Devera:v2.1.0
Alex-Devera:v2.0.2
Alex-Devera:v2.0.1
Alex-Devera:v2.0.0
Alex-Devera:v1.7.9
Alex-Devera:v1.7.8
Alex-Devera:v1.7.7
Alex-Devera:v1.7.6
Alex-Devera:v1.7.5
Alex-Devera:v1.7.1
Alex-Devera:v1.7.0
Alex-Devera:v1.6.1
Alex-Devera:v1.6.0
Alex-Devera:v1.5.0
Alex-Devera:v1.4.6
Alex-Devera:v1.4.5
Alex-Devera:v1.4.1
Alex-Devera:v1.4.0
Alex-Devera:v1.3.4
Alex-Devera:v1.3.3
Alex-Devera:v1.3.2
Alex-Devera:v1.3.0
Alex-Devera:v1.2.8
Alex-Devera:v1.2.7
Alex-Devera:v1.2.6
Alex-Devera:v1.2.4
Alex-Devera:v1.2.3
Alex-Devera:v1.2.2
Alex-Devera:v1.2.0
Alex-Devera:v1.1.6
Alex-Devera:v1.1.5
Alex-Devera:v1.1.4
Alex-Devera:v1.1.3
Alex-Devera:v1.1.2
Alex-Devera:v1.0.9
Alex-Devera:v1.1.1
Alex-Devera:v1.1.0
Alex-Devera:v1.0.8

3 commits
3f15d21f13 ... 6041d10e3d

Author SHA1 Message Date
Ilya Kryuchkov
6041d10e3d
Refactor code and fix linter warnings (#3627)
Some checks are pending
Release 3X-UI / build (386) (push) Waiting to run
Details
Release 3X-UI / build (amd64) (push) Waiting to run
Details
Release 3X-UI / build (arm64) (push) Waiting to run
Details
Release 3X-UI / build (armv5) (push) Waiting to run
Details
Release 3X-UI / build (armv6) (push) Waiting to run
Details
Release 3X-UI / build (armv7) (push) Waiting to run
Details
Release 3X-UI / build (s390x) (push) Waiting to run
Details
Release 3X-UI / Build for Windows (push) Waiting to run
Details 
* refactor: use any instead of empty interface

* refactor: code cleanup
 2026-01-05 05:54:56 +01:00
lolka1333
4800f8fb70
feat: Real-time Outbound Traffic, UI Improvements & Fix (#3629) 
* Refactor HTML and JavaScript for improved UI and functionality

- Cleaned up JavaScript methods in subscription.js for better readability.
- Updated inbounds.html to clarify traffic update handling and removed unnecessary comments.
- Enhanced xray.html by correcting casing in routingDomainStrategies.
- Added mobile touch scrolling styles in page.html for better tab navigation on small screens.
- Streamlined vless.html by removing redundant line breaks and improving form layout.
- Refined subscription subpage.html for better structure and user experience.
- Adjusted outbounds.html to improve button visibility and functionality.
- Updated xray_traffic_job.go to ensure accurate traffic updates and real-time UI refresh.

* Refactor client traffic handling in InboundService

- Updated addClientTraffic method to initialize onlineClients as an empty slice instead of nil.
- Improved clarity and consistency in handling empty onlineUsers scenario.

* Add WebSocket support for outbounds traffic updates

- Implemented WebSocket connection in xray.html to handle real-time updates for outbounds traffic.
- Enhanced xray_traffic_job.go to retrieve and broadcast outbounds traffic updates.
- Introduced MessageTypeOutbounds in hub.go for managing outbounds messages.
- Added BroadcastOutbounds function in notifier.go to facilitate broadcasting outbounds updates to connected clients.

---------

Co-authored-by: lolka1333 <test123@gmail.com>
 2026-01-05 05:50:40 +01:00
Sanaei
a9770e1da2
ip cert (#3631) 2026-01-05 05:47:15 +01:00
28 changed files with 711 additions and 556 deletions
Show stats Expand all files Collapse all files

229
install.sh
View file

@ -59,29 +59,29 @@ is_domain() {
install_base() {
case "${release}" in
ubuntu | debian | armbian)
apt-get update && apt-get install -y -q curl tar tzdata openssl socat
apt-get update && apt-get install -y -q curl tar tzdata socat
;;
fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
dnf -y update && dnf install -y -q curl tar tzdata openssl socat
dnf -y update && dnf install -y -q curl tar tzdata socat
;;
centos)
if [[ "${VERSION_ID}" =~ ^7 ]]; then
yum -y update && yum install -y curl tar tzdata openssl socat
yum -y update && yum install -y curl tar tzdata socat
else
dnf -y update && dnf install -y -q curl tar tzdata openssl socat
dnf -y update && dnf install -y -q curl tar tzdata socat
fi
;;
arch | manjaro | parch)
pacman -Syu && pacman -Syu --noconfirm curl tar tzdata openssl socat
pacman -Syu && pacman -Syu --noconfirm curl tar tzdata socat
;;
opensuse-tumbleweed | opensuse-leap)
zypper refresh && zypper -q install -y curl tar timezone openssl socat
zypper refresh && zypper -q install -y curl tar timezone socat
;;
alpine)
apk update && apk add curl tar tzdata openssl socat
apk update && apk add curl tar tzdata socat
;;
*)
apt-get update && apt-get install -y -q curl tar tzdata openssl socat
apt-get update && apt-get install -y -q curl tar tzdata socat
;;
esac
}
@ -154,7 +154,9 @@ setup_ssl_certificate() {
# Enable auto-renew
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
chmod 755 $certPath/* 2>/dev/null
# Secure permissions: private key readable only by owner
chmod 600 $certPath/privkey.pem 2>/dev/null
chmod 644 $certPath/fullchain.pem 2>/dev/null
# Set certificate for panel
local webCertFile="/root/cert/${domain}/fullchain.pem"
@ -170,56 +172,118 @@ setup_ssl_certificate() {
fi
}
# Fallback: generate a self-signed certificate (not publicly trusted)
setup_self_signed_certificate() {
local name="$1" # domain or IP to place in SAN
local certDir="/root/cert/selfsigned"
# Issue Let's Encrypt IP certificate with shortlived profile (~6 days validity)
# Requires acme.sh and port 80 open for HTTP-01 challenge
setup_ip_certificate() {
local ipv4="$1"
local ipv6="$2" # optional
echo -e "${yellow}Generating a self-signed certificate (not publicly trusted)...${plain}"
echo -e "${green}Setting up Let's Encrypt IP certificate (shortlived profile)...${plain}"
echo -e "${yellow}Note: IP certificates are valid for ~6 days and will auto-renew.${plain}"
echo -e "${yellow}Port 80 must be open and accessible from the internet.${plain}"
mkdir -p "$certDir"
local sanExt=""
if is_ip "$name"; then
sanExt="IP:${name}"
else
sanExt="DNS:${name}"
# Check for acme.sh
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
install_acme
if [ $? -ne 0 ]; then
echo -e "${red}Failed to install acme.sh${plain}"
return 1
fi
fi
# Use -addext if supported; fallback to config file if needed
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-addext "subjectAltName=${sanExt}" >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
# Fallback via temporary config file (for older OpenSSL versions)
local tmpCfg="${certDir}/openssl.cnf"
cat > "$tmpCfg" <<EOF
[req]
distinguished_name=req_distinguished_name
req_extensions=v3_req
[req_distinguished_name]
[v3_req]
subjectAltName=${sanExt}
EOF
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-config "$tmpCfg" -extensions v3_req >/dev/null 2>&1
rm -f "$tmpCfg"
fi
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
echo -e "${red}Failed to generate self-signed certificate${plain}"
# Validate IP address
if [[ -z "$ipv4" ]]; then
echo -e "${red}IPv4 address is required${plain}"
return 1
fi
chmod 755 ${certDir}/* 2>/dev/null
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem" >/dev/null 2>&1
echo -e "${yellow}Self-signed certificate configured. Browsers will show a warning.${plain}"
if ! is_ipv4 "$ipv4"; then
echo -e "${red}Invalid IPv4 address: $ipv4${plain}"
return 1
fi
# Create certificate directory
local certDir="/root/cert/ip"
mkdir -p "$certDir"
# Build domain arguments
local domain_args="-d ${ipv4}"
if [[ -n "$ipv6" ]] && is_ipv6 "$ipv6"; then
domain_args="${domain_args} -d ${ipv6}"
echo -e "${green}Including IPv6 address: ${ipv6}${plain}"
fi
# Set reload command for auto-renewal (add || true so it doesn't fail during first install)
local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null || true"
# Issue certificate with shortlived profile
echo -e "${green}Issuing IP certificate for ${ipv4}...${plain}"
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
~/.acme.sh/acme.sh --issue \
${domain_args} \
--standalone \
--server letsencrypt \
--certificate-profile shortlived \
--days 6 \
--httpport 80 \
--force
if [ $? -ne 0 ]; then
echo -e "${red}Failed to issue IP certificate${plain}"
echo -e "${yellow}Please ensure port 80 is open and accessible from the internet${plain}"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
rm -rf ${certDir} 2>/dev/null
return 1
fi
echo -e "${green}Certificate issued successfully, installing...${plain}"
# Install certificate
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
# but the cert files are still installed. We check for files instead of exit code.
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
--key-file "${certDir}/privkey.pem" \
--fullchain-file "${certDir}/fullchain.pem" \
--reloadcmd "${reloadCmd}" 2>&1 || true
# Verify certificate files exist (don't rely on exit code - reloadcmd failure causes non-zero)
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
echo -e "${red}Certificate files not found after installation${plain}"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
rm -rf ${certDir} 2>/dev/null
return 1
fi
echo -e "${green}Certificate files installed successfully${plain}"
# Enable auto-upgrade for acme.sh (ensures cron job runs)
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
# Secure permissions: private key readable only by owner
chmod 600 ${certDir}/privkey.pem 2>/dev/null
chmod 644 ${certDir}/fullchain.pem 2>/dev/null
# Configure panel to use the certificate
echo -e "${green}Setting certificate paths for the panel...${plain}"
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem"
if [ $? -ne 0 ]; then
echo -e "${yellow}Warning: Could not set certificate paths automatically${plain}"
echo -e "${yellow}Certificate files are at:${plain}"
echo -e " Cert: ${certDir}/fullchain.pem"
echo -e " Key: ${certDir}/privkey.pem"
else
echo -e "${green}Certificate paths configured successfully${plain}"
fi
echo -e "${green}IP certificate installed and configured successfully!${plain}"
echo -e "${green}Certificate valid for ~6 days, auto-renews via acme.sh cron job.${plain}"
echo -e "${yellow}acme.sh will automatically renew and reload x-ui before expiry.${plain}"
return 0
}
@ -352,14 +416,18 @@ ssl_cert_issue() {
if [ $? -ne 0 ]; then
echo -e "${yellow}Auto renew setup had issues, certificate details:${plain}"
ls -lah /root/cert/${domain}/
chmod 755 $certPath/*
# Secure permissions: private key readable only by owner
chmod 600 $certPath/privkey.pem 2>/dev/null
chmod 644 $certPath/fullchain.pem 2>/dev/null
else
echo -e "${green}Auto renew succeeded, certificate details:${plain}"
ls -lah /root/cert/${domain}/
chmod 755 $certPath/*
# Secure permissions: private key readable only by owner
chmod 600 $certPath/privkey.pem 2>/dev/null
chmod 644 $certPath/fullchain.pem 2>/dev/null
fi
# Restart panel
# start panel
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
# Prompt user to set panel paths after successful certificate installation
@ -387,7 +455,7 @@ ssl_cert_issue() {
return 0
}
# Reusable interactive SSL setup (domain or self-signed)
# Reusable interactive SSL setup (domain or IP)
# Sets global `SSL_HOST` to the chosen domain/IP for Access URL usage
prompt_and_setup_ssl() {
local panel_port="$1"
@ -397,12 +465,13 @@ prompt_and_setup_ssl() {
local ssl_choice=""
echo -e "${yellow}Choose SSL certificate setup method:${plain}"
echo -e "${green}1.${plain} Let's Encrypt (domain required, recommended)"
echo -e "${green}2.${plain} Self-signed certificate (not publicly trusted)"
read -rp "Choose an option (default 2): " ssl_choice
echo -e "${green}1.${plain} Let's Encrypt for Domain (90-day validity, auto-renews)"
echo -e "${green}2.${plain} Let's Encrypt for IP Address (6-day validity, auto-renews)"
echo -e "${blue}Note:${plain} Both options require port 80 open. IP certs use shortlived profile."
read -rp "Choose an option (default 2 for IP): " ssl_choice
ssl_choice="${ssl_choice// /}" # Trim whitespace
# Default to 2 (self-signed) if not 1
# Default to 2 (IP cert) if not 1
if [[ "$ssl_choice" != "1" ]]; then
ssl_choice="2"
fi
@ -410,7 +479,7 @@ prompt_and_setup_ssl() {
case "$ssl_choice" in
1)
# User chose Let's Encrypt domain option
echo -e "${green}Using ssl_cert_issue() for comprehensive domain setup...${plain}"
echo -e "${green}Using Let's Encrypt for domain certificate...${plain}"
ssl_cert_issue
# Extract the domain that was used from the certificate
local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
@ -423,28 +492,30 @@ prompt_and_setup_ssl() {
fi
;;
2)
# User chose self-signed option
# Stop panel if running
# User chose Let's Encrypt IP certificate option
echo -e "${green}Using Let's Encrypt for IP certificate (shortlived profile)...${plain}"
# Ask for optional IPv6
local ipv6_addr=""
read -rp "Do you have an IPv6 address to include? (leave empty to skip): " ipv6_addr
ipv6_addr="${ipv6_addr// /}" # Trim whitespace
# Stop panel if running (port 80 needed)
if [[ $release == "alpine" ]]; then
rc-service x-ui stop >/dev/null 2>&1
else
systemctl stop x-ui >/dev/null 2>&1
fi
echo -e "${yellow}Using server IP for self-signed certificate: ${server_ip}${plain}"
setup_self_signed_certificate "${server_ip}"
setup_ip_certificate "${server_ip}" "${ipv6_addr}"
if [ $? -eq 0 ]; then
SSL_HOST="${server_ip}"
echo -e "${green}Self-signed SSL configured successfully${plain}"
echo -e "${green}Let's Encrypt IP certificate configured successfully${plain}"
else
echo -e "${red}Self-signed SSL setup failed${plain}"
echo -e "${red}IP certificate setup failed. Please check port 80 is open.${plain}"
SSL_HOST="${server_ip}"
fi
# Start panel after SSL is configured
if [[ $release == "alpine" ]]; then
rc-service x-ui start >/dev/null 2>&1
else
systemctl start x-ui >/dev/null 2>&1
fi
;;
*)
echo -e "${red}Invalid option. Skipping SSL setup.${plain}"
@ -497,7 +568,7 @@ config_after_install() {
echo -e "${green} SSL Certificate Setup (MANDATORY) ${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${yellow}For security, SSL certificate is required for all panels.${plain}"
echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
echo ""
prompt_and_setup_ssl "${config_port}" "${config_webBasePath}" "${server_ip}"
@ -527,7 +598,7 @@ config_after_install() {
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${green} SSL Certificate Setup (RECOMMENDED) ${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
echo ""
prompt_and_setup_ssl "${existing_port}" "${config_webBasePath}" "${server_ip}"
echo -e "${green}Access URL: https://${SSL_HOST}:${existing_port}/${config_webBasePath}${plain}"
@ -552,7 +623,7 @@ config_after_install() {
echo -e "${green}Username, Password, and WebBasePath are properly set.${plain}"
fi
# Existing install: if no cert configured, prompt user to set domain or self-signed
# Existing install: if no cert configured, prompt user for SSL setup
# Properly detect empty cert by checking if cert: line exists and has content after it
existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
if [[ -z "$existing_cert" ]]; then
@ -560,7 +631,7 @@ config_after_install() {
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${green} SSL Certificate Setup (RECOMMENDED) ${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${yellow}Let's Encrypt requires a domain name (IP certificates are not issued).${plain}"
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
echo ""
prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
echo -e "${green}Access URL: https://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
@ -587,7 +658,7 @@ install_x-ui() {
fi
fi
echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${red}Downloading x-ui failed, please be sure that your server can access GitHub ${plain}"
exit 1
@ -604,7 +675,7 @@ install_x-ui() {
url="https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz"
echo -e "Beginning to install x-ui $1"
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz ${url}
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz ${url}
if [[ $? -ne 0 ]]; then
echo -e "${red}Download x-ui $1 failed, please check if the version exists ${plain}"
exit 1

6
main.go
View file

@ -80,8 +80,8 @@ func runWebServer() {
// --- FIX FOR TELEGRAM BOT CONFLICT (409): Stop bot before restart ---
service.StopBot()
// --
// --
err := server.Stop()
if err != nil {
logger.Debug("Error stopping web server:", err)
@ -113,7 +113,7 @@ func runWebServer() {
// --- FIX FOR TELEGRAM BOT CONFLICT (409) on full shutdown ---
service.StopBot()
// ------------------------------------------------------------
server.Stop()
subServer.Stop()
log.Println("Shutting down servers.")

6
sub/subJsonService.go
View file

@ -4,6 +4,7 @@ import (
_ "embed"
"encoding/json"
"fmt"
"maps"
"strings"
"github.com/mhsanaei/3x-ui/v2/database/model"
@ -197,9 +198,8 @@ func (s *SubJsonService) getConfig(inbound *model.Inbound, client model.Client,
newOutbounds = append(newOutbounds, s.defaultOutbounds...)
newConfigJson := make(map[string]any)
for key, value := range s.configJson {
newConfigJson[key] = value
}
maps.Copy(newConfigJson, s.configJson)
newConfigJson["outbounds"] = newOutbounds
newConfigJson["remarks"] = s.SubService.genRemark(inbound, client.Email, extPrxy["remark"].(string))

11
sub/subService.go
View file

@ -484,8 +484,8 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
externalProxies, _ := stream["externalProxy"].([]any)
if len(externalProxies) > 0 {
links := ""
for index, externalProxy := range externalProxies {
links := make([]string, 0, len(externalProxies))
for _, externalProxy := range externalProxies {
ep, _ := externalProxy.(map[string]any)
newSecurity, _ := ep["forceTls"].(string)
dest, _ := ep["dest"].(string)
@ -511,12 +511,9 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string {
url.Fragment = s.genRemark(inbound, email, ep["remark"].(string))
if index > 0 {
links += "\n"
}
links += url.String()
links = append(links, url.String())
}
return links
return strings.Join(links, "\n")
}
link := fmt.Sprintf("vless://%s@%s:%d", uuid, address, port)

222
update.sh
View file

@ -91,29 +91,29 @@ install_base() {
echo -e "${green}Updating and install dependency packages...${plain}"
case "${release}" in
ubuntu | debian | armbian)
apt-get update >/dev/null 2>&1 && apt-get install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
apt-get update >/dev/null 2>&1 && apt-get install -y -q curl tar tzdata socat >/dev/null 2>&1
;;
fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata socat >/dev/null 2>&1
;;
centos)
if [[ "${VERSION_ID}" =~ ^7 ]]; then
yum -y update >/dev/null 2>&1 && yum install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
yum -y update >/dev/null 2>&1 && yum install -y -q curl tar tzdata socat >/dev/null 2>&1
else
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata socat >/dev/null 2>&1
fi
;;
arch | manjaro | parch)
pacman -Syu >/dev/null 2>&1 && pacman -Syu --noconfirm curl tar tzdata openssl socat >/dev/null 2>&1
pacman -Syu >/dev/null 2>&1 && pacman -Syu --noconfirm curl tar tzdata socat >/dev/null 2>&1
;;
opensuse-tumbleweed | opensuse-leap)
zypper refresh >/dev/null 2>&1 && zypper -q install -y curl tar timezone openssl socat >/dev/null 2>&1
zypper refresh >/dev/null 2>&1 && zypper -q install -y curl tar timezone socat >/dev/null 2>&1
;;
alpine)
apk update >/dev/null 2>&1 && apk add curl tar tzdata openssl socat >/dev/null 2>&1
apk update >/dev/null 2>&1 && apk add curl tar tzdata socat >/dev/null 2>&1
;;
*)
apt-get update >/dev/null 2>&1 && apt install -y -q curl tar tzdata openssl socat >/dev/null 2>&1
apt-get update >/dev/null 2>&1 && apt install -y -q curl tar tzdata socat >/dev/null 2>&1
;;
esac
}
@ -180,7 +180,8 @@ setup_ssl_certificate() {
# Enable auto-renew
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
chmod 755 $certPath/* 2>/dev/null
chmod 600 $certPath/privkey.pem 2>/dev/null
chmod 644 $certPath/fullchain.pem 2>/dev/null
# Set certificate for panel
local webCertFile="/root/cert/${domain}/fullchain.pem"
@ -196,57 +197,119 @@ setup_ssl_certificate() {
fi
}
# Fallback: generate a self-signed certificate (not publicly trusted)
setup_self_signed_certificate() {
local name="$1" # domain or IP to place in SAN
local certDir="/root/cert/selfsigned"
# Issue Let's Encrypt IP certificate with shortlived profile (~6 days validity)
# Requires acme.sh and port 80 open for HTTP-01 challenge
setup_ip_certificate() {
local ipv4="$1"
local ipv6="$2" # optional
echo -e "${yellow}Generating a self-signed certificate (not publicly trusted)...${plain}"
echo -e "${green}Setting up Let's Encrypt IP certificate (shortlived profile)...${plain}"
echo -e "${yellow}Note: IP certificates are valid for ~6 days and will auto-renew.${plain}"
echo -e "${yellow}Port 80 must be open and accessible from the internet.${plain}"
mkdir -p "$certDir"
local sanExt=""
if is_ip "$name"; then
sanExt="IP:${name}"
else
sanExt="DNS:${name}"
# Check for acme.sh
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
install_acme
if [ $? -ne 0 ]; then
echo -e "${red}Failed to install acme.sh${plain}"
return 1
fi
fi
# Try -addext; fallback to config if not supported
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-addext "subjectAltName=${sanExt}" >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
local tmpCfg="${certDir}/openssl.cnf"
cat > "$tmpCfg" <<EOF
[req]
distinguished_name=req_distinguished_name
req_extensions=v3_req
[req_distinguished_name]
[v3_req]
subjectAltName=${sanExt}
EOF
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-config "$tmpCfg" -extensions v3_req >/dev/null 2>&1
rm -f "$tmpCfg"
fi
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
echo -e "${red}Failed to generate self-signed certificate${plain}"
# Validate IP address
if [[ -z "$ipv4" ]]; then
echo -e "${red}IPv4 address is required${plain}"
return 1
fi
chmod 755 ${certDir}/* 2>/dev/null
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem" >/dev/null 2>&1
echo -e "${yellow}Self-signed certificate configured. Browsers will show a warning.${plain}"
if ! is_ipv4 "$ipv4"; then
echo -e "${red}Invalid IPv4 address: $ipv4${plain}"
return 1
fi
# Create certificate directory
local certDir="/root/cert/ip"
mkdir -p "$certDir"
# Build domain arguments
local domain_args="-d ${ipv4}"
if [[ -n "$ipv6" ]] && is_ipv6 "$ipv6"; then
domain_args="${domain_args} -d ${ipv6}"
echo -e "${green}Including IPv6 address: ${ipv6}${plain}"
fi
# Set reload command for auto-renewal (add || true so it doesn't fail if service stopped)
local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null || true"
# Issue certificate with shortlived profile
echo -e "${green}Issuing IP certificate for ${ipv4}...${plain}"
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
~/.acme.sh/acme.sh --issue \
${domain_args} \
--standalone \
--server letsencrypt \
--certificate-profile shortlived \
--days 6 \
--httpport 80 \
--force
if [ $? -ne 0 ]; then
echo -e "${red}Failed to issue IP certificate${plain}"
echo -e "${yellow}Please ensure port 80 is open and accessible from the internet${plain}"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
rm -rf ${certDir} 2>/dev/null
return 1
fi
echo -e "${green}Certificate issued successfully, installing...${plain}"
# Install certificate
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
# but the cert files are still installed. We check for files instead of exit code.
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
--key-file "${certDir}/privkey.pem" \
--fullchain-file "${certDir}/fullchain.pem" \
--reloadcmd "${reloadCmd}" 2>&1 || true
# Verify certificate files exist (don't rely on exit code - reloadcmd failure causes non-zero)
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
echo -e "${red}Certificate files not found after installation${plain}"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
rm -rf ${certDir} 2>/dev/null
return 1
fi
echo -e "${green}Certificate files installed successfully${plain}"
# Enable auto-upgrade for acme.sh (ensures cron job runs)
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
chmod 600 ${certDir}/privkey.pem 2>/dev/null
chmod 644 ${certDir}/fullchain.pem 2>/dev/null
# Configure panel to use the certificate
echo -e "${green}Setting certificate paths for the panel...${plain}"
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem"
if [ $? -ne 0 ]; then
echo -e "${yellow}Warning: Could not set certificate paths automatically.${plain}"
echo -e "${yellow}You may need to set them manually in the panel settings.${plain}"
echo -e "${yellow}Cert path: ${certDir}/fullchain.pem${plain}"
echo -e "${yellow}Key path: ${certDir}/privkey.pem${plain}"
else
echo -e "${green}Certificate paths set successfully!${plain}"
fi
echo -e "${green}IP certificate installed and configured successfully!${plain}"
echo -e "${green}Certificate valid for ~6 days, auto-renews via acme.sh cron job.${plain}"
echo -e "${yellow}Panel will automatically restart after each renewal.${plain}"
return 0
}
# Comprehensive manual SSL certificate issuance via acme.sh
ssl_cert_issue() {
local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep 'webBasePath:' | awk -F': ' '{print $2}' | tr -d '[:space:]' | sed 's#^/##')
@ -376,11 +439,13 @@ ssl_cert_issue() {
if [ $? -ne 0 ]; then
echo -e "${yellow}Auto renew setup had issues, certificate details:${plain}"
ls -lah /root/cert/${domain}/
chmod 755 $certPath/*
chmod 600 $certPath/privkey.pem
chmod 644 $certPath/fullchain.pem
else
echo -e "${green}Auto renew succeeded, certificate details:${plain}"
ls -lah /root/cert/${domain}/
chmod 755 $certPath/*
chmod 600 $certPath/privkey.pem
chmod 644 $certPath/fullchain.pem
fi
# Restart panel
@ -410,7 +475,7 @@ ssl_cert_issue() {
return 0
}
# Unified interactive SSL setup (domain or self-signed)
# Unified interactive SSL setup (domain or IP)
# Sets global `SSL_HOST` to the chosen domain/IP
prompt_and_setup_ssl() {
local panel_port="$1"
@ -420,12 +485,13 @@ prompt_and_setup_ssl() {
local ssl_choice=""
echo -e "${yellow}Choose SSL certificate setup method:${plain}"
echo -e "${green}1.${plain} Let's Encrypt (domain required, recommended)"
echo -e "${green}2.${plain} Self-signed certificate (for testing/local use)"
read -rp "Choose an option (default 2): " ssl_choice
echo -e "${green}1.${plain} Let's Encrypt for Domain (90-day validity, auto-renews)"
echo -e "${green}2.${plain} Let's Encrypt for IP Address (6-day validity, auto-renews)"
echo -e "${blue}Note:${plain} Both options require port 80 open. IP certs use shortlived profile."
read -rp "Choose an option (default 2 for IP): " ssl_choice
ssl_choice="${ssl_choice// /}" # Trim whitespace
# Default to 2 (self-signed) if not 1
# Default to 2 (IP cert) if not 1
if [[ "$ssl_choice" != "1" ]]; then
ssl_choice="2"
fi
@ -433,7 +499,7 @@ prompt_and_setup_ssl() {
case "$ssl_choice" in
1)
# User chose Let's Encrypt domain option
echo -e "${green}Using ssl_cert_issue() for comprehensive domain setup...${plain}"
echo -e "${green}Using Let's Encrypt for domain certificate...${plain}"
ssl_cert_issue
# Extract the domain that was used from the certificate
local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
@ -446,33 +512,37 @@ prompt_and_setup_ssl() {
fi
;;
2)
# User chose self-signed option
# Stop panel if running
# User chose Let's Encrypt IP certificate option
echo -e "${green}Using Let's Encrypt for IP certificate (shortlived profile)...${plain}"
# Ask for optional IPv6
local ipv6_addr=""
read -rp "Do you have an IPv6 address to include? (leave empty to skip): " ipv6_addr
ipv6_addr="${ipv6_addr// /}" # Trim whitespace
# Stop panel if running (port 80 needed)
if [[ $release == "alpine" ]]; then
rc-service x-ui stop >/dev/null 2>&1
else
systemctl stop x-ui >/dev/null 2>&1
fi
echo -e "${yellow}Using server IP for self-signed certificate: ${server_ip}${plain}"
setup_self_signed_certificate "${server_ip}"
setup_ip_certificate "${server_ip}" "${ipv6_addr}"
if [ $? -eq 0 ]; then
SSL_HOST="${server_ip}"
echo -e "${green}Self-signed SSL configured successfully${plain}"
echo -e "${green}Let's Encrypt IP certificate configured successfully${plain}"
else
echo -e "${red}Self-signed SSL setup failed${plain}"
echo -e "${red}IP certificate setup failed. Please check port 80 is open.${plain}"
SSL_HOST="${server_ip}"
fi
# Start panel after SSL is configured
# Restart panel after SSL is configured (restart applies new cert settings)
if [[ $release == "alpine" ]]; then
rc-service x-ui start >/dev/null 2>&1
rc-service x-ui restart >/dev/null 2>&1
else
systemctl start x-ui >/dev/null 2>&1
systemctl restart x-ui >/dev/null 2>&1
fi
;;
0)
echo -e "${yellow}Skipping SSL setup${plain}"
SSL_HOST="${server_ip}"
;;
*)
echo -e "${red}Invalid option. Skipping SSL setup.${plain}"
SSL_HOST="${server_ip}"
@ -523,7 +593,7 @@ config_after_update() {
echo -e "${red} ⚠ NO SSL CERTIFICATE DETECTED ⚠ ${plain}"
echo -e "${red}═══════════════════════════════════════════${plain}"
echo -e "${yellow}For security, SSL certificate is MANDATORY for all panels.${plain}"
echo -e "${yellow}Let's Encrypt requires a domain name; IP certs are not issued. Use self-signed for IP.${plain}"
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
echo ""
if [[ -z "${server_ip}" ]]; then
@ -532,7 +602,7 @@ config_after_update() {
return
fi
# Prompt and setup SSL (domain or self-signed)
# Prompt and setup SSL (domain or IP)
prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
echo ""
@ -576,10 +646,10 @@ update_x-ui() {
fi
fi
echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
${curl_bin} -fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
${curl_bin} -fLRo ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
if [[ $? -ne 0 ]]; then
echo -e "${yellow}Trying to fetch version with IPv4...${plain}"
${curl_bin} -4fLRo ${xui_folder}-linux-$(arch).tar.gz -z ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
${curl_bin} -4fLRo ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz 2>/dev/null
if [[ $? -ne 0 ]]; then
_fail "ERROR: Failed to download x-ui, please be sure that your server can access GitHub"
fi

3
util/crypto/crypto.go
View file

@ -13,6 +13,5 @@ func HashPasswordAsBcrypt(password string) (string, error) {
// CheckPasswordHash verifies if the given password matches the bcrypt hash.
func CheckPasswordHash(hash, password string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
return err == nil
return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
}

38
util/ldap/ldap.go
View file

@ -24,13 +24,22 @@ type Config struct {
// FetchVlessFlags returns map[email]enabled
func FetchVlessFlags(cfg Config) (map[string]bool, error) {
addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
var conn *ldap.Conn
var err error
scheme := "ldap"
if cfg.UseTLS {
conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
} else {
conn, err = ldap.Dial("tcp", addr)
scheme = "ldaps"
}
ldapURL := fmt.Sprintf("%s://%s", scheme, addr)
var opts []ldap.DialOpt
if cfg.UseTLS {
opts = append(opts, ldap.DialWithTLSConfig(&tls.Config{
InsecureSkipVerify: false,
}))
}
conn, err := ldap.DialURL(ldapURL, opts...)
if err != nil {
return nil, err
}
@ -91,13 +100,22 @@ func FetchVlessFlags(cfg Config) (map[string]bool, error) {
// AuthenticateUser searches user by cfg.UserAttr and attempts to bind with provided password.
func AuthenticateUser(cfg Config, username, password string) (bool, error) {
addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
var conn *ldap.Conn
var err error
scheme := "ldap"
if cfg.UseTLS {
conn, err = ldap.DialTLS("tcp", addr, &tls.Config{InsecureSkipVerify: false})
} else {
conn, err = ldap.Dial("tcp", addr)
scheme = "ldaps"
}
ldapURL := fmt.Sprintf("%s://%s", scheme, addr)
var opts []ldap.DialOpt
if cfg.UseTLS {
opts = append(opts, ldap.DialWithTLSConfig(&tls.Config{
InsecureSkipVerify: false,
}))
}
conn, err := ldap.DialURL(ldapURL, opts...)
if err != nil {
return false, err
}

6
util/random/random.go
View file

@ -18,10 +18,10 @@ var (
// init initializes the character sequences used for random string generation.
// It sets up arrays for numbers, lowercase letters, uppercase letters, and combinations.
func init() {
for i := 0; i < 10; i++ {
for i := range 10 {
numSeq[i] = rune('0' + i)
}
for i := 0; i < 26; i++ {
for i := range 26 {
lowerSeq[i] = rune('a' + i)
upperSeq[i] = rune('A' + i)
}
@ -40,7 +40,7 @@ func init() {
// Seq generates a random string of length n containing alphanumeric characters (numbers, lowercase and uppercase letters).
func Seq(n int) string {
runes := make([]rune, n)
for i := 0; i < n; i++ {
for i := range n {
idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(allSeq))))
if err != nil {
panic("crypto/rand failed: " + err.Error())

4
util/reflect_util/reflect.go
View file

@ -7,7 +7,7 @@ import "reflect"
func GetFields(t reflect.Type) []reflect.StructField {
num := t.NumField()
fields := make([]reflect.StructField, 0, num)
for i := 0; i < num; i++ {
for i := range num {
fields = append(fields, t.Field(i))
}
return fields
@ -17,7 +17,7 @@ func GetFields(t reflect.Type) []reflect.StructField {
func GetFieldValues(v reflect.Value) []reflect.Value {
num := v.NumField()
fields := make([]reflect.Value, 0, num)
for i := 0; i < num; i++ {
for i := range num {
fields = append(fields, v.Field(i))
}
return fields

4
util/sys/sys_darwin.go
View file

@ -47,11 +47,11 @@ func CPUPercentRaw() (float64, error) {
var out [5]uint64
switch len(raw) {
case 5 * 8:
for i := 0; i < 5; i++ {
for i := range 5 {
out[i] = binary.LittleEndian.Uint64(raw[i*8 : (i+1)*8])
}
case 5 * 4:
for i := 0; i < 5; i++ {
for i := range 5 {
out[i] = uint64(binary.LittleEndian.Uint32(raw[i*4 : (i+1)*4]))
}
default:

10
web/assets/js/subscription.js
View file

@ -138,14 +138,14 @@
return `streisand://import/${encodeURIComponent(this.app.subUrl)}`;
},
v2raytunUrl() {
return this.app.subUrl;
return this.app.subUrl;
},
npvtunUrl() {
return this.app.subUrl;
return this.app.subUrl;
},
happUrl() {
return `happ://add/${encodeURIComponent(this.app.subUrl)}`;
}
happUrl() {
return `happ://add/${encodeURIComponent(this.app.subUrl)}`;
}
},
methods: {
renderLink,

6
web/controller/server.go
View file

@ -210,10 +210,10 @@ func (a *ServerController) getXrayLogs(c *gin.Context) {
//getting tags for freedom and blackhole outbounds
config, err := a.settingService.GetDefaultXrayConfig()
if err == nil && config != nil {
if cfgMap, ok := config.(map[string]interface{}); ok {
if outbounds, ok := cfgMap["outbounds"].([]interface{}); ok {
if cfgMap, ok := config.(map[string]any); ok {
if outbounds, ok := cfgMap["outbounds"].([]any); ok {
for _, outbound := range outbounds {
if obMap, ok := outbound.(map[string]interface{}); ok {
if obMap, ok := outbound.(map[string]any); ok {
switch obMap["protocol"] {
case "freedom":
if tag, ok := obMap["tag"].(string); ok {

2
web/global/global.go
View file

@ -17,7 +17,7 @@ var (
type WebServer interface {
GetCron() *cron.Cron // Get the cron scheduler
GetCtx() context.Context // Get the server context
GetWSHub() interface{} // Get the WebSocket hub (using interface{} to avoid circular dependency)
GetWSHub() any // Get the WebSocket hub (using any to avoid circular dependency)
}
// SubServer interface defines methods for accessing the subscription server instance.

34
web/html/common/page.html
View file

@ -24,6 +24,40 @@
body {
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Vazirmatn', 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
}
/* mobile touch scrolling for tabs */
@media (max-width: 576px) {
.ant-tabs-nav-container {
overflow-x: auto !important;
-webkit-overflow-scrolling: touch;
scroll-behavior: smooth;
overscroll-behavior-x: contain;
white-space: nowrap;
max-width: 100%;
padding: 0 !important; /* Remove padding for arrows */
}
.ant-tabs-nav-wrap {
overflow: visible !important;
padding: 0 !important;
}
.ant-tabs-nav-scroll {
overflow: visible !important;
box-shadow: none !important;
}
.ant-tabs-nav {
display: flex !important;
transform: none !important; /* Disable JS transform */
width: auto !important;
margin: 0 !important;
}
.ant-tabs-tab-prev,
.ant-tabs-tab-next {
display: none !important; /* Hide arrows */
}
.ant-tabs-nav-container::-webkit-scrollbar {
display: none;
}
}
</style>
<title>{{ .host }} {{ i18n .title}}</title>
{{ end }}

211
web/html/form/protocol/vless.html
View file

@ -1,6 +1,5 @@
{{define "form/vless"}}
<a-collapse activeKey="0"
v-for="(client, index) in inbound.settings.vlesses.slice(0,1)" v-if="!isEdit">
<a-collapse activeKey="0" v-for="(client, index) in inbound.settings.vlesses.slice(0,1)" v-if="!isEdit">
<a-collapse-panel header='{{ i18n "pages.inbounds.client" }}'>
{{template "form/client"}}
</a-collapse-panel>
@ -22,115 +21,103 @@
</a-collapse-panel>
</a-collapse>
<template v-if=" !inbound.stream.isTLS || !inbound.stream.isReality">
<a-form :colon="false" :label-col="{ md: {span:8} }"
:wrapper-col="{ md: {span:14} }">
<a-form-item label="Authentication">
<a-select v-model="inbound.settings.selectedAuth" @change="getNewVlessEnc"
:dropdown-class-name="themeSwitcher.currentTheme">
<a-select-option value="X25519, not Post-Quantum">X25519 (not
Post-Quantum)</a-select-option>
<a-select-option value="ML-KEM-768, Post-Quantum">ML-KEM-768
(Post-Quantum)</a-select-option>
</a-select>
</a-form-item>
<a-form-item label="decryption">
<a-input v-model.trim="inbound.settings.decryption"></a-input>
</a-form-item>
<a-form-item label="encryption">
<a-input v-model="inbound.settings.encryption"></a-input>
</a-form-item>
<a-form-item label=" ">
<a-space>
<a-button type="primary" icon="import" @click="getNewVlessEnc">Get New
keys</a-button>
<a-button danger @click="clearVlessEnc">Clear</a-button>
</a-space>
</a-form-item>
</a-form>
<a-divider v-if="inbound.settings.selectedAuth"
:style="{ margin: '5px 0' }"></a-divider>
</template>
<template v-if="inbound.isTcp && !inbound.settings.selectedAuth">
<a-form :colon="false" :label-col="{ md: {span:8} }"
:wrapper-col="{ md: {span:14} }">
<a-form-item label="Fallbacks">
<a-button icon="plus" type="primary" size="small"
@click="inbound.settings.addFallback()"></a-button>
</a-form-item>
</a-form>
<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
<a-form-item label="Authentication">
<a-select v-model="inbound.settings.selectedAuth" @change="getNewVlessEnc"
:dropdown-class-name="themeSwitcher.currentTheme">
<a-select-option value="X25519, not Post-Quantum">X25519 (not
Post-Quantum)</a-select-option>
<a-select-option value="ML-KEM-768, Post-Quantum">ML-KEM-768
(Post-Quantum)</a-select-option>
</a-select>
</a-form-item>
<a-form-item label="decryption">
<a-input v-model.trim="inbound.settings.decryption"></a-input>
</a-form-item>
<a-form-item label="encryption">
<a-input v-model="inbound.settings.encryption"></a-input>
</a-form-item>
<a-form-item label=" ">
<a-space>
<a-button type="primary" icon="import" @click="getNewVlessEnc">Get New
keys</a-button>
<a-button danger @click="clearVlessEnc">Clear</a-button>
</a-space>
</a-form-item>
</a-form>
<a-divider :style="{ margin: '5px 0' }"></a-divider>
</template>
<template v-if="inbound.isTcp && !inbound.settings.selectedAuth">
<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
<a-form-item label="Fallbacks">
<a-button icon="plus" type="primary" size="small" @click="inbound.settings.addFallback()"></a-button>
</a-form-item>
</a-form>
<!-- vless fallbacks -->
<a-form v-for="(fallback, index) in inbound.settings.fallbacks" :colon="false"
:label-col="{ md: {span:8} }"
:wrapper-col="{ md: {span:14} }">
<a-divider :style="{ margin: '0' }"> Fallback [[ index + 1 ]] <a-icon
type="delete"
@click="() => inbound.settings.delFallback(index)"
:style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
</a-divider>
<a-form-item label='SNI'>
<a-input v-model="fallback.name"></a-input>
</a-form-item>
<a-form-item label='ALPN'>
<a-input v-model="fallback.alpn"></a-input>
</a-form-item>
<a-form-item label='Path'>
<a-input v-model="fallback.path"></a-input>
</a-form-item>
<a-form-item label='Dest'>
<a-input v-model="fallback.dest"></a-input>
</a-form-item>
<a-form-item label='xVer'>
<a-input-number v-model.number="fallback.xver" :min="0"
:max="2"></a-input-number>
</a-form-item>
</a-form>
<a-divider :style="{ margin: '5px 0' }"></a-divider>
</template>
<template v-if="inbound.canEnableVisionSeed()">
<a-form :colon="false" :label-col="{ md: {span:8} }"
:wrapper-col="{ md: {span:14} }">
<a-form-item label="Vision Seed">
<a-row :gutter="8">
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[0] !== undefined) ? inbound.settings.testseed[0] : 900"
@change="(val) => updateTestseed(0, val)" :min="0" :max="9999"
:style="{ width: '100%' }"
placeholder="900" addon-before="[0]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[1] !== undefined) ? inbound.settings.testseed[1] : 500"
@change="(val) => updateTestseed(1, val)" :min="0" :max="9999"
:style="{ width: '100%' }"
placeholder="500" addon-before="[1]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[2] !== undefined) ? inbound.settings.testseed[2] : 900"
@change="(val) => updateTestseed(2, val)" :min="0" :max="9999"
:style="{ width: '100%' }"
placeholder="900" addon-before="[2]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[3] !== undefined) ? inbound.settings.testseed[3] : 256"
@change="(val) => updateTestseed(3, val)" :min="0" :max="9999"
:style="{ width: '100%' }"
placeholder="256" addon-before="[3]"></a-input-number>
</a-col>
</a-row>
<a-space :size="8" :style="{ marginTop: '8px' }">
<a-button type="primary" @click="setRandomTestseed">
Rand
</a-button>
<a-button @click="resetTestseed">
Reset
</a-button>
</a-space>
</a-form-item>
</a-form>
<a-divider :style="{ margin: '5px 0' }"></a-divider>
</template>
<!-- vless fallbacks -->
<a-form v-for="(fallback, index) in inbound.settings.fallbacks" :colon="false" :label-col="{ md: {span:8} }"
:wrapper-col="{ md: {span:14} }">
<a-divider :style="{ margin: '0' }"> Fallback [[ index + 1 ]] <a-icon type="delete"
@click="() => inbound.settings.delFallback(index)"
:style="{ color: 'rgb(255, 77, 79)', cursor: 'pointer' }"></a-icon>
</a-divider>
<a-form-item label='SNI'>
<a-input v-model="fallback.name"></a-input>
</a-form-item>
<a-form-item label='ALPN'>
<a-input v-model="fallback.alpn"></a-input>
</a-form-item>
<a-form-item label='Path'>
<a-input v-model="fallback.path"></a-input>
</a-form-item>
<a-form-item label='Dest'>
<a-input v-model="fallback.dest"></a-input>
</a-form-item>
<a-form-item label='xVer'>
<a-input-number v-model.number="fallback.xver" :min="0" :max="2"></a-input-number>
</a-form-item>
</a-form>
<a-divider :style="{ margin: '5px 0' }"></a-divider>
</template>
<template v-if="inbound.canEnableVisionSeed()">
<a-form :colon="false" :label-col="{ md: {span:8} }" :wrapper-col="{ md: {span:14} }">
<a-form-item label="Vision Seed">
<a-row :gutter="8">
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[0] !== undefined) ? inbound.settings.testseed[0] : 900"
@change="(val) => updateTestseed(0, val)" :min="0" :max="9999" :style="{ width: '100%' }"
placeholder="900" addon-before="[0]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[1] !== undefined) ? inbound.settings.testseed[1] : 500"
@change="(val) => updateTestseed(1, val)" :min="0" :max="9999" :style="{ width: '100%' }"
placeholder="500" addon-before="[1]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[2] !== undefined) ? inbound.settings.testseed[2] : 900"
@change="(val) => updateTestseed(2, val)" :min="0" :max="9999" :style="{ width: '100%' }"
placeholder="900" addon-before="[2]"></a-input-number>
</a-col>
<a-col :span="6">
<a-input-number
:value="(inbound.settings.testseed && inbound.settings.testseed[3] !== undefined) ? inbound.settings.testseed[3] : 256"
@change="(val) => updateTestseed(3, val)" :min="0" :max="9999" :style="{ width: '100%' }"
placeholder="256" addon-before="[3]"></a-input-number>
</a-col>
</a-row>
<a-space :size="8" :style="{ marginTop: '8px' }">
<a-button type="primary" @click="setRandomTestseed">
Rand
</a-button>
<a-button @click="resetTestseed">
Reset
</a-button>
</a-space>
</a-form-item>
</a-form>
<a-divider :style="{ margin: '5px 0' }"></a-divider>
</template>
{{end}}

23
web/html/inbounds.html
View file

@ -1608,24 +1608,9 @@
// Listen for traffic updates
window.wsClient.on('traffic', (payload) => {
if (payload && payload.clientTraffics && Array.isArray(payload.clientTraffics)) {
// Update client traffic statistics
payload.clientTraffics.forEach(clientTraffic => {
const dbInbound = this.dbInbounds.find(ib => {
if (!ib) return false;
const clients = this.getInboundClients(ib);
return clients && Array.isArray(clients) && clients.some(c => c && c.email === clientTraffic.email);
});
if (dbInbound && dbInbound.clientStats && Array.isArray(dbInbound.clientStats)) {
const stats = dbInbound.clientStats.find(s => s && s.email === clientTraffic.email);
if (stats) {
stats.up = clientTraffic.up || stats.up;
stats.down = clientTraffic.down || stats.down;
stats.total = clientTraffic.total || stats.total;
}
}
});
}
// Note: Do NOT update total consumed traffic (stats.up, stats.down) from this event
// because clientTraffics contains delta/incremental values, not total accumulated values.
// Total traffic is updated via the 'inbounds' event which contains accumulated values from database.
// Update online clients list in real-time
if (payload && Array.isArray(payload.onlineClients)) {
@ -1645,8 +1630,6 @@
}
});
// Notifications disabled - white notifications are not needed
// Fallback to polling if WebSocket fails
window.wsClient.on('error', () => {
console.warn('WebSocket connection failed, falling back to polling');

167
web/html/settings/panel/subscription/subpage.html
View file

@ -20,28 +20,20 @@
</a-space>
</template>
<template #extra>
<a-popover
:overlay-class-name="themeSwitcher.currentTheme"
title='{{ i18n "menu.settings" }}'
<a-popover :overlay-class-name="themeSwitcher.currentTheme" title='{{ i18n "menu.settings" }}'
placement="bottomRight" trigger="click">
<template #content>
<a-space direction="vertical" :size="10">
<a-theme-switch-login></a-theme-switch-login>
<span>{{ i18n "pages.settings.language"
}}</span>
<a-select ref="selectLang" class="w-100"
v-model="lang"
<a-select ref="selectLang" class="w-100" v-model="lang"
@change="LanguageManager.setLanguage(lang)"
:dropdown-class-name="themeSwitcher.currentTheme">
<a-select-option :value="l.value"
label="English"
v-for="l in LanguageManager.supportedLanguages"
:key="l.value">
<span role="img"
:aria-label="l.name"
v-text="l.icon"></span>
&nbsp;&nbsp;<span
v-text="l.name"></span>
<a-select-option :value="l.value" label="English"
v-for="l in LanguageManager.supportedLanguages" :key="l.value">
<span role="img" :aria-label="l.name" v-text="l.icon"></span>
&nbsp;&nbsp;<span v-text="l.name"></span>
</a-select-option>
</a-select>
</a-space>
@ -53,42 +45,31 @@
<a-form layout="vertical">
<a-form-item>
<a-space direction="vertical" align="center">
<a-row type="flex" :gutter="[8,8]"
justify="center" style="width:100%">
<a-col :xs="24" :sm="app.subJsonUrl ? 12 : 24"
style="text-align:center;">
<a-row type="flex" :gutter="[8,8]" justify="center" style="width:100%">
<a-col :xs="24" :sm="app.subJsonUrl ? 12 : 24" style="text-align:center;">
<tr-qr-box class="qr-box">
<a-tag color="purple"
class="qr-tag">
<a-tag color="purple" class="qr-tag">
<span>{{ i18n
"pages.settings.subSettings"}}</span>
</a-tag>
<tr-qr-bg class="qr-bg-sub">
<tr-qr-bg-inner
class="qr-bg-sub-inner">
<canvas id="qrcode"
class="qr-cv"
title='{{ i18n "copy" }}'
<tr-qr-bg-inner class="qr-bg-sub-inner">
<canvas id="qrcode" class="qr-cv" title='{{ i18n "copy" }}'
@click="copy(app.subUrl)"></canvas>
</tr-qr-bg-inner>
</tr-qr-bg>
</tr-qr-box>
</a-col>
<a-col v-if="app.subJsonUrl" :xs="24" :sm="12"
style="text-align:center;">
<a-col v-if="app.subJsonUrl" :xs="24" :sm="12" style="text-align:center;">
<tr-qr-box class="qr-box">
<a-tag color="purple"
class="qr-tag">
<a-tag color="purple" class="qr-tag">
<span>{{ i18n
"pages.settings.subSettings"}}
Json</span>
</a-tag>
<tr-qr-bg class="qr-bg-sub">
<tr-qr-bg-inner
class="qr-bg-sub-inner">
<canvas id="qrcode-subjson"
class="qr-cv"
title='{{ i18n "copy" }}'
<tr-qr-bg-inner class="qr-bg-sub-inner">
<canvas id="qrcode-subjson" class="qr-cv" title='{{ i18n "copy" }}'
@click="copy(app.subJsonUrl)"></canvas>
</tr-qr-bg-inner>
</tr-qr-bg>
@ -100,45 +81,36 @@
<a-form-item>
<a-descriptions bordered :column="1" size="small">
<a-descriptions-item
label='{{ i18n "subscription.subId" }}'>[[
<a-descriptions-item label='{{ i18n "subscription.subId" }}'>[[
app.sId
]]</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "subscription.status" }}'>
<a-descriptions-item label='{{ i18n "subscription.status" }}'>
<template v-if="isUnlimited">
<a-tag color="purple">{{ i18n
"subscription.unlimited" }}</a-tag>
</template>
<template v-else>
<a-tag
:color="isActive ? 'green' : 'red'">[[
<a-tag :color="isActive ? 'green' : 'red'">[[
isActive ? '{{ i18n
"subscription.active" }}' : '{{ i18n
"subscription.inactive" }}'
]]</a-tag>
</template>
</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "subscription.downloaded" }}'>[[
<a-descriptions-item label='{{ i18n "subscription.downloaded" }}'>[[
app.download
]]</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "subscription.uploaded" }}'>[[
<a-descriptions-item label='{{ i18n "subscription.uploaded" }}'>[[
app.upload
]]</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "usage" }}'>[[ app.used
<a-descriptions-item label='{{ i18n "usage" }}'>[[ app.used
]]</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "subscription.totalQuota" }}'>[[
<a-descriptions-item label='{{ i18n "subscription.totalQuota" }}'>[[
app.total
]]</a-descriptions-item>
<a-descriptions-item v-if="app.totalByte > 0"
label='{{ i18n "remained" }}'>[[
<a-descriptions-item v-if="app.totalByte > 0" label='{{ i18n "remained" }}'>[[
app.remained ]]</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "lastOnline" }}'>
<a-descriptions-item label='{{ i18n "lastOnline" }}'>
<template v-if="app.lastOnlineMs > 0">
[[ IntlUtil.formatDate(app.lastOnlineMs) ]]
</template>
@ -146,8 +118,7 @@
<span>-</span>
</template>
</a-descriptions-item>
<a-descriptions-item
label='{{ i18n "subscription.expiry" }}'>
<a-descriptions-item label='{{ i18n "subscription.expiry" }}'>
<template v-if="app.expireMs === 0">
{{ i18n "subscription.noExpiry" }}
</template>
@ -160,32 +131,48 @@
</a-form>
<br />
<a-list bordered>
<a-list-item v-for="(link, idx) in links" :key="link">
<div style="width:100%; text-align:center;">
<a-button type="primary" :block="isMobile"
@click="copy(link)">[[ linkName(link, idx)
]]</a-button>
<div v-for="(link, idx) in links" :key="link"
style="position: relative; margin-bottom: 20px; text-align: center;">
<div class="qr-box" style="display: inline-block; width: 100%; max-width: 100%;">
<a-tag color="purple"
style="margin-bottom: -10px; position: relative; z-index: 2; box-shadow: 0 2px 4px rgba(0,0,0,0.2);">
<span>[[ linkName(link, idx) ]]</span>
</a-tag>
<div @click="copy(link)" style="
cursor: pointer;
background: rgba(0, 0, 0, 0.2);
border: 1px solid rgba(255, 255, 255, 0.1);
border-radius: 12px;
padding: 25px 20px 15px 20px;
margin-top: -12px;
word-break: break-all;
color: #fff;
font-size: 13px;
line-height: 1.5;
text-align: left;
font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, monospace;
transition: all 0.3s;
box-shadow: 0 4px 6px rgba(0,0,0,0.1);
" onmouseover="this.style.background='rgba(0, 0, 0, 0.3)'; this.style.borderColor='rgba(255, 255, 255, 0.2)'"
onmouseout="this.style.background='rgba(0, 0, 0, 0.2)'; this.style.borderColor='rgba(255, 255, 255, 0.1)'">
[[ link ]]
</div>
</a-list-item>
</a-list>
</div>
</div>
</div>
<br />
<a-form layout="vertical">
<a-form-item>
<a-row type="flex" justify="center" :gutter="[8,8]"
style="width:100%">
<a-col :xs="24" :sm="12"
style="text-align:center;">
<a-row type="flex" justify="center" :gutter="[8,8]" style="width:100%">
<a-col :xs="24" :sm="12" style="text-align:center;">
<!-- Android dropdown -->
<a-dropdown :trigger="['click']">
<a-button icon="android" :block="isMobile"
:style="{ marginTop: isMobile ? '6px' : 0 }"
size="large" type="primary">
:style="{ marginTop: isMobile ? '6px' : 0 }" size="large" type="primary">
Android <a-icon type="down" />
</a-button>
<a-menu slot="overlay"
:class="themeSwitcher.currentTheme">
<a-menu slot="overlay" :class="themeSwitcher.currentTheme">
<a-menu-item key="android-v2box"
@click="open('v2box://install-sub?url=' + encodeURIComponent(app.subUrl) + '&name=' + encodeURIComponent(app.sId))">V2Box</a-menu-item>
<a-menu-item key="android-v2rayng"
@ -194,39 +181,32 @@
@click="copy(app.subUrl)">Sing-box</a-menu-item>
<a-menu-item key="android-v2raytun"
@click="copy(app.subUrl)">V2RayTun</a-menu-item>
<a-menu-item key="android-npvtunnel"
@click="copy(app.subUrl)">NPV
<a-menu-item key="android-npvtunnel" @click="copy(app.subUrl)">NPV
Tunnel</a-menu-item>
<a-menu-item key="android-happ"
@click="open('happ://add/' + encodeURIComponent(app.subUrl))">Happ</a-menu-item>
<a-menu-item key="android-happ"
@click="open('happ://add/' + encodeURIComponent(app.subUrl))">Happ</a-menu-item>
</a-menu>
</a-dropdown>
</a-col>
<a-col :xs="24" :sm="12"
style="text-align:center;">
<a-col :xs="24" :sm="12" style="text-align:center;">
<!-- iOS dropdown -->
<a-dropdown :trigger="['click']">
<a-button icon="apple" :block="isMobile"
:style="{ marginTop: isMobile ? '6px' : 0 }"
size="large" type="primary">
:style="{ marginTop: isMobile ? '6px' : 0 }" size="large" type="primary">
iOS <a-icon type="down" />
</a-button>
<a-menu slot="overlay"
:class="themeSwitcher.currentTheme">
<a-menu slot="overlay" :class="themeSwitcher.currentTheme">
<a-menu-item key="ios-shadowrocket"
@click="open(shadowrocketUrl)">Shadowrocket</a-menu-item>
<a-menu-item key="ios-v2box"
@click="open(v2boxUrl)">V2Box</a-menu-item>
<a-menu-item key="ios-v2box" @click="open(v2boxUrl)">V2Box</a-menu-item>
<a-menu-item key="ios-streisand"
@click="open(streisandUrl)">Streisand</a-menu-item>
<a-menu-item key="ios-v2raytun"
@click="copy(v2raytunUrl)">V2RayTun</a-menu-item>
<a-menu-item key="ios-npvtunnel"
@click="copy(npvtunUrl)">NPV
<a-menu-item key="ios-npvtunnel" @click="copy(npvtunUrl)">NPV
Tunnel
</a-menu-item>
<a-menu-item key="ios-happ"
@click="open(happUrl)">Happ</a-menu-item>
<a-menu-item key="ios-happ" @click="open(happUrl)">Happ</a-menu-item>
</a-menu>
</a-dropdown>
</a-col>
@ -240,17 +220,12 @@
</a-layout>
<!-- Bootstrap data for external JS -->
<template id="subscription-data" data-sid="{{ .sId }}"
data-sub-url="{{ .subUrl }}" data-subjson-url="{{ .subJsonUrl }}"
data-download="{{ .download }}"
data-upload="{{ .upload }}" data-used="{{ .used }}"
data-total="{{ .total }}" data-remained="{{ .remained }}"
data-expire="{{ .expire }}" data-lastonline="{{ .lastOnline }}"
data-downloadbyte="{{ .downloadByte }}"
data-uploadbyte="{{ .uploadByte }}" data-totalbyte="{{ .totalByte }}"
<template id="subscription-data" data-sid="{{ .sId }}" data-sub-url="{{ .subUrl }}" data-subjson-url="{{ .subJsonUrl }}"
data-download="{{ .download }}" data-upload="{{ .upload }}" data-used="{{ .used }}" data-total="{{ .total }}"
data-remained="{{ .remained }}" data-expire="{{ .expire }}" data-lastonline="{{ .lastOnline }}"
data-downloadbyte="{{ .downloadByte }}" data-uploadbyte="{{ .uploadByte }}" data-totalbyte="{{ .totalByte }}"
data-datepicker="{{ .datepicker }}"></template>
<textarea id="subscription-links"
style="display:none">{{ range .result }}{{ . }}
<textarea id="subscription-links" style="display:none">{{ range .result }}{{ . }}
{{ end }}</textarea>
{{template "component/aThemeSwitch" .}}

4
web/html/settings/xray/outbounds.html
View file

@ -3,8 +3,8 @@
<a-row>
<a-col :xs="12" :sm="12" :lg="12">
<a-space direction="horizontal" size="small">
<a-button type="primary" icon="plus" @click="addOutbound()">
{{ i18n "pages.xray.outbound.addOutbound" }}
<a-button type="primary" icon="plus" @click="addOutbound">
<span v-if="!isMobile">{{ i18n "pages.xray.outbound.addOutbound" }}</span>
</a-button>
<a-button type="primary" icon="cloud" @click="showWarp()">WARP</a-button>
</a-space>

13
web/html/xray.html
View file

@ -269,7 +269,7 @@
tag: "direct",
protocol: "freedom"
},
routingDomainStrategies: ["AsIs", "IpIfNonMatch", "IpOnDemand"],
routingDomainStrategies: ["AsIs", "IPIfNonMatch", "IPOnDemand"],
log: {
loglevel: ["none", "debug", "info", "warning", "error"],
access: ["none", "./access.log"],
@ -968,6 +968,17 @@
await this.getXraySetting();
await this.getXrayResult();
await this.getOutboundsTraffic();
if (window.wsClient) {
window.wsClient.connect();
window.wsClient.on('outbounds', (payload) => {
if (payload) {
this.outboundsTraffic = payload;
this.$forceUpdate();
}
});
}
while (true) {
await PromiseUtil.sleep(800);
this.saveBtnDisable = this.oldXraySetting === this.xraySetting;

2
web/job/clear_logs_job.go
View file

@ -45,7 +45,7 @@ func (j *ClearLogsJob) Run() {
}
// Clear log files and copy to previous logs
for i := 0; i < len(logFiles); i++ {
for i := range len(logFiles) {
if i > 0 {
// Copy to previous logs
logFilePrev, err := os.OpenFile(logFilesPrev[i-1], os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)

24
web/job/xray_traffic_job.go
View file

@ -58,7 +58,19 @@ func (j *XrayTrafficJob) Run() {
lastOnlineMap = make(map[string]int64)
}
// Broadcast traffic update via WebSocket
// Fetch updated inbounds from database with accumulated traffic values
// This ensures frontend receives the actual total traffic, not just delta values
updatedInbounds, err := j.inboundService.GetAllInbounds()
if err != nil {
logger.Warning("get all inbounds for websocket failed:", err)
}
updatedOutbounds, err := j.outboundService.GetOutboundsTraffic()
if err != nil {
logger.Warning("get all outbounds for websocket failed:", err)
}
// Broadcast traffic update via WebSocket with accumulated values from database
trafficUpdate := map[string]interface{}{
"traffics": traffics,
"clientTraffics": clientTraffics,
@ -66,6 +78,16 @@ func (j *XrayTrafficJob) Run() {
"lastOnlineMap": lastOnlineMap,
}
websocket.BroadcastTraffic(trafficUpdate)
// Broadcast full inbounds update for real-time UI refresh
if updatedInbounds != nil {
websocket.BroadcastInbounds(updatedInbounds)
}
if updatedOutbounds != nil {
websocket.BroadcastOutbounds(updatedOutbounds)
}
}
func (j *XrayTrafficJob) informTrafficToExternalAPI(inboundTraffics []*xray.Traffic, clientTraffics []*xray.ClientTraffic) {

4
web/service/inbound.go
View file

@ -1010,12 +1010,12 @@ func (s *InboundService) addClientTraffic(tx *gorm.DB, traffics []*xray.ClientTr
if len(traffics) == 0 {
// Empty onlineUsers
if p != nil {
p.SetOnlineClients(nil)
p.SetOnlineClients(make([]string, 0))
}
return nil
}
var onlineClients []string
onlineClients := make([]string, 0)
emails := make([]string, 0, len(traffics))
for _, traffic := range traffics {

4
web/service/server.go
View file

@ -1205,7 +1205,7 @@ func (s *ServerService) GetNewmldsa65() (any, error) {
return keyPair, nil
}
func (s *ServerService) GetNewEchCert(sni string) (interface{}, error) {
func (s *ServerService) GetNewEchCert(sni string) (any, error) {
// Run the command
cmd := exec.Command(xray.GetBinaryPath(), "tls", "ech", "--serverName", sni)
var out bytes.Buffer
@ -1223,7 +1223,7 @@ func (s *ServerService) GetNewEchCert(sni string) (interface{}, error) {
configList := lines[1]
serverKeys := lines[3]
return map[string]interface{}{
return map[string]any{
"echServerKeys": serverKeys,
"echConfigList": configList,
}, nil

2
web/web.go
View file

@ -487,6 +487,6 @@ func (s *Server) GetCron() *cron.Cron {
}
// GetWSHub returns the WebSocket hub instance.
func (s *Server) GetWSHub() interface{} {
func (s *Server) GetWSHub() any {
return s.wsHub
}

7
web/websocket/hub.go
View file

@ -20,12 +20,13 @@ const (
MessageTypeInbounds MessageType = "inbounds" // Inbounds list update
MessageTypeNotification MessageType = "notification" // System notification
MessageTypeXrayState MessageType = "xray_state" // Xray state change
MessageTypeOutbounds MessageType = "outbounds" // Outbounds list update
)
// Message represents a WebSocket message
type Message struct {
Type MessageType `json:"type"`
Payload interface{} `json:"payload"`
Payload any `json:"payload"`
Time int64 `json:"time"`
}
@ -249,7 +250,7 @@ func (h *Hub) broadcastParallel(clients []*Client, message []byte) {
}
// Broadcast sends a message to all connected clients
func (h *Hub) Broadcast(messageType MessageType, payload interface{}) {
func (h *Hub) Broadcast(messageType MessageType, payload any) {
if h == nil {
return
}
@ -288,7 +289,7 @@ func (h *Hub) Broadcast(messageType MessageType, payload interface{}) {
}
// BroadcastToTopic sends a message only to clients subscribed to the specific topic
func (h *Hub) BroadcastToTopic(messageType MessageType, payload interface{}) {
func (h *Hub) BroadcastToTopic(messageType MessageType, payload any) {
if h == nil {
return
}

14
web/websocket/notifier.go
View file

@ -25,7 +25,7 @@ func GetHub() *Hub {
}
// BroadcastStatus broadcasts server status update to all connected clients
func BroadcastStatus(status interface{}) {
func BroadcastStatus(status any) {
hub := GetHub()
if hub != nil {
hub.Broadcast(MessageTypeStatus, status)
@ -33,7 +33,7 @@ func BroadcastStatus(status interface{}) {
}
// BroadcastTraffic broadcasts traffic statistics update to all connected clients
func BroadcastTraffic(traffic interface{}) {
func BroadcastTraffic(traffic any) {
hub := GetHub()
if hub != nil {
hub.Broadcast(MessageTypeTraffic, traffic)
@ -41,13 +41,21 @@ func BroadcastTraffic(traffic interface{}) {
}
// BroadcastInbounds broadcasts inbounds list update to all connected clients
func BroadcastInbounds(inbounds interface{}) {
func BroadcastInbounds(inbounds any) {
hub := GetHub()
if hub != nil {
hub.Broadcast(MessageTypeInbounds, inbounds)
}
}
// BroadcastOutbounds broadcasts outbounds list update to all connected clients
func BroadcastOutbounds(outbounds interface{}) {
hub := GetHub()
if hub != nil {
hub.Broadcast(MessageTypeOutbounds, outbounds)
}
}
// BroadcastNotification broadcasts a system notification to all connected clients
func BroadcastNotification(title, message, level string) {
hub := GetHub()

209
x-ui.sh
View file

@ -230,57 +230,6 @@ gen_random_string() {
echo "$random_string"
}
# Generate and configure a self-signed SSL certificate
setup_self_signed_certificate() {
local name="$1" # domain or IP to place in SAN
local certDir="/root/cert/selfsigned"
LOGI "Generating a self-signed certificate (not publicly trusted)..."
mkdir -p "$certDir"
local sanExt=""
if [[ "$name" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ || "$name" =~ : ]]; then
sanExt="IP:${name}"
else
sanExt="DNS:${name}"
fi
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-addext "subjectAltName=${sanExt}" >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
local tmpCfg="${certDir}/openssl.cnf"
cat > "$tmpCfg" <<EOF
[req]
distinguished_name=req_distinguished_name
req_extensions=v3_req
[req_distinguished_name]
[v3_req]
subjectAltName=${sanExt}
EOF
openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
-keyout "${certDir}/privkey.pem" \
-out "${certDir}/fullchain.pem" \
-subj "/CN=${name}" \
-config "$tmpCfg" -extensions v3_req >/dev/null 2>&1
rm -f "$tmpCfg"
fi
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
LOGE "Failed to generate self-signed certificate"
return 1
fi
chmod 755 ${certDir}/* >/dev/null 2>&1
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem" >/dev/null 2>&1
LOGI "Self-signed certificate configured. Browsers will show a warning."
return 0
}
reset_webbasepath() {
echo -e "${yellow}Resetting Web Base Path${plain}"
@ -340,16 +289,19 @@ check_config() {
fi
else
echo -e "${red}⚠ WARNING: No SSL certificate configured!${plain}"
read -rp "Generate a self-signed SSL certificate now? [y/N]: " gen_self
if [[ "$gen_self" == "y" || "$gen_self" == "Y" ]]; then
echo -e "${yellow}You can get a Let's Encrypt certificate for your IP address (valid ~6 days, auto-renews).${plain}"
read -rp "Generate SSL certificate for IP now? [y/N]: " gen_ssl
if [[ "$gen_ssl" == "y" || "$gen_ssl" == "Y" ]]; then
stop >/dev/null 2>&1
setup_self_signed_certificate "${server_ip}"
ssl_cert_issue_for_ip
if [[ $? -eq 0 ]]; then
restart >/dev/null 2>&1
echo -e "${green}Access URL: https://${server_ip}:${existing_port}${existing_webBasePath}${plain}"
# ssl_cert_issue_for_ip already restarts the panel, but ensure it's running
start >/dev/null 2>&1
else
LOGE "Self-signed SSL setup failed."
LOGE "IP certificate setup failed."
echo -e "${yellow}You can try again via option 18 (SSL Certificate Management).${plain}"
start >/dev/null 2>&1
fi
else
echo -e "${yellow}Access URL: http://${server_ip}:${existing_port}${existing_webBasePath}${plain}"
@ -1036,12 +988,12 @@ install_acme() {
}
ssl_cert_issue_main() {
echo -e "${green}\t1.${plain} Get SSL"
echo -e "${green}\t1.${plain} Get SSL (Domain)"
echo -e "${green}\t2.${plain} Revoke"
echo -e "${green}\t3.${plain} Force Renew"
echo -e "${green}\t4.${plain} Show Existing Domains"
echo -e "${green}\t5.${plain} Set Cert paths for the panel"
echo -e "${green}\t6.${plain} Auto SSL for Server IP"
echo -e "${green}\t6.${plain} Get SSL for IP Address (6-day cert, auto-renews)"
echo -e "${green}\t0.${plain} Back to Main Menu"
read -rp "Choose an option: " choice
@ -1136,9 +1088,10 @@ ssl_cert_issue_main() {
ssl_cert_issue_main
;;
6)
echo -e "${yellow}Automatic SSL Certificate for Server IP${plain}"
echo -e "This will automatically obtain and configure an SSL certificate for your server's IP address."
echo -e "${yellow}Note: Let's Encrypt supports IP certificates. Make sure port 80 is open.${plain}"
echo -e "${yellow}Let's Encrypt SSL Certificate for IP Address${plain}"
echo -e "This will obtain a certificate for your server's IP using the shortlived profile."
echo -e "${yellow}Certificate valid for ~6 days, auto-renews via acme.sh cron job.${plain}"
echo -e "${yellow}Port 80 must be open and accessible from the internet.${plain}"
confirm "Do you want to proceed?" "y"
if [[ $? == 0 ]]; then
ssl_cert_issue_for_ip
@ -1155,6 +1108,7 @@ ssl_cert_issue_main() {
ssl_cert_issue_for_ip() {
LOGI "Starting automatic SSL certificate generation for server IP..."
LOGI "Using Let's Encrypt shortlived profile (~6 days validity, auto-renews)"
local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
local existing_port=$(${xui_folder}/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
@ -1172,6 +1126,11 @@ ssl_cert_issue_for_ip() {
LOGI "Server IP detected: ${server_ip}"
# Ask for optional IPv6
local ipv6_addr=""
read -rp "Do you have an IPv6 address to include? (leave empty to skip): " ipv6_addr
ipv6_addr="${ipv6_addr// /}" # Trim whitespace
# check for acme.sh first
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
LOGI "acme.sh not found, installing..."
@ -1211,66 +1170,83 @@ ssl_cert_issue_for_ip() {
;;
esac
# check if certificate already exists for this IP
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
if [ "${currentCert}" == "${server_ip}" ]; then
LOGI "Certificate already exists for IP: ${server_ip}"
certPath="/root/cert/${server_ip}"
else
# create directory for certificate
certPath="/root/cert/${server_ip}"
if [ ! -d "$certPath" ]; then
mkdir -p "$certPath"
else
rm -rf "$certPath"
mkdir -p "$certPath"
fi
# Use port 80 for certificate issuance
local WebPort=80
LOGI "Using port ${WebPort} to issue certificate for IP: ${server_ip}"
LOGI "Make sure port ${WebPort} is open and not in use..."
# issue the certificate for IP
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d ${server_ip} --listen-v6 --standalone --httpport ${WebPort} --force
if [ $? -ne 0 ]; then
LOGE "Failed to issue certificate for IP: ${server_ip}"
LOGE "Make sure port ${WebPort} is open and the server is accessible from the internet"
rm -rf ~/.acme.sh/${server_ip}
return 1
else
LOGI "Certificate issued successfully for IP: ${server_ip}"
fi
# install the certificate
~/.acme.sh/acme.sh --installcert -d ${server_ip} \
--key-file /root/cert/${server_ip}/privkey.pem \
--fullchain-file /root/cert/${server_ip}/fullchain.pem \
--reloadcmd "x-ui restart"
if [ $? -ne 0 ]; then
LOGE "Failed to install certificate"
rm -rf ~/.acme.sh/${server_ip}
return 1
else
LOGI "Certificate installed successfully"
fi
# enable auto-renew
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
chmod 755 $certPath/*
# Create certificate directory
certPath="/root/cert/ip"
mkdir -p "$certPath"
# Build domain arguments
local domain_args="-d ${server_ip}"
if [[ -n "$ipv6_addr" ]] && is_ipv6 "$ipv6_addr"; then
domain_args="${domain_args} -d ${ipv6_addr}"
LOGI "Including IPv6 address: ${ipv6_addr}"
fi
# Use port 80 for certificate issuance
local WebPort=80
LOGI "Using port ${WebPort} to issue certificate for IP: ${server_ip}"
LOGI "Make sure port ${WebPort} is open and not in use..."
# Reload command - restarts panel after renewal
local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null"
# issue the certificate for IP with shortlived profile
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue \
${domain_args} \
--standalone \
--server letsencrypt \
--certificate-profile shortlived \
--days 6 \
--httpport ${WebPort} \
--force
if [ $? -ne 0 ]; then
LOGE "Failed to issue certificate for IP: ${server_ip}"
LOGE "Make sure port ${WebPort} is open and the server is accessible from the internet"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${server_ip} 2>/dev/null
[[ -n "$ipv6_addr" ]] && rm -rf ~/.acme.sh/${ipv6_addr} 2>/dev/null
rm -rf ${certPath} 2>/dev/null
return 1
else
LOGI "Certificate issued successfully for IP: ${server_ip}"
fi
# Install the certificate
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
# but the cert files are still installed. We check for files instead of exit code.
~/.acme.sh/acme.sh --installcert -d ${server_ip} \
--key-file "${certPath}/privkey.pem" \
--fullchain-file "${certPath}/fullchain.pem" \
--reloadcmd "${reloadCmd}" 2>&1 || true
# Verify certificate files exist (don't rely on exit code - reloadcmd failure causes non-zero)
if [[ ! -f "${certPath}/fullchain.pem" || ! -f "${certPath}/privkey.pem" ]]; then
LOGE "Certificate files not found after installation"
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
rm -rf ~/.acme.sh/${server_ip} 2>/dev/null
[[ -n "$ipv6_addr" ]] && rm -rf ~/.acme.sh/${ipv6_addr} 2>/dev/null
rm -rf ${certPath} 2>/dev/null
return 1
fi
LOGI "Certificate files installed successfully"
# enable auto-renew
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
chmod 600 $certPath/privkey.pem 2>/dev/null
chmod 644 $certPath/fullchain.pem 2>/dev/null
# Set certificate paths for the panel
local webCertFile="/root/cert/${server_ip}/fullchain.pem"
local webKeyFile="/root/cert/${server_ip}/privkey.pem"
local webCertFile="${certPath}/fullchain.pem"
local webKeyFile="${certPath}/privkey.pem"
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
LOGI "Certificate configured for panel"
LOGI " - Certificate File: $webCertFile"
LOGI " - Private Key File: $webKeyFile"
LOGI " - Validity: ~6 days (auto-renews via acme.sh cron)"
echo -e "${green}Access URL: https://${server_ip}:${existing_port}${existing_webBasePath}${plain}"
LOGI "Panel will restart to apply SSL certificate..."
restart
@ -1433,12 +1409,14 @@ ssl_cert_issue() {
if [ $? -ne 0 ]; then
LOGE "Auto renew failed, certificate details:"
ls -lah cert/*
chmod 755 $certPath/*
chmod 600 $certPath/privkey.pem
chmod 644 $certPath/fullchain.pem
exit 1
else
LOGI "Auto renew succeeded, certificate details:"
ls -lah cert/*
chmod 755 $certPath/*
chmod 600 $certPath/privkey.pem
chmod 644 $certPath/fullchain.pem
fi
# Prompt user to set panel paths after successful certificate installation
@ -1578,7 +1556,8 @@ ssl_cert_issue_CF() {
else
LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
ls -lah ${certPath}/*
chmod 755 ${certPath}/*
chmod 600 ${certPath}/privkey.pem
chmod 644 ${certPath}/fullchain.pem
fi
# Prompt user to set panel paths after successful certificate installation

2
xray/api.go
View file

@ -116,7 +116,7 @@ func (x *XrayAPI) AddUser(Protocol string, inboundTag string, user map[string]an
}
// Add testseed if provided
if testseedVal, ok := user["testseed"]; ok {
if testseedArr, ok := testseedVal.([]interface{}); ok && len(testseedArr) >= 4 {
if testseedArr, ok := testseedVal.([]any); ok && len(testseedArr) >= 4 {
testseed := make([]uint32, len(testseedArr))
for i, v := range testseedArr {
if num, ok := v.(float64); ok {