MHSanaei 2928b52b04 feat(tgbot): add Flow picker when creating a VLESS client ... The bot's add-client flow already serialised client_Flow into the VLESS JSON template but never exposed a way to set it from Telegram, so every client ended up with an empty flow regardless of the inbound's transport. Added an inline "Flow" row to the VLESS protocol keyboard with three choices — None, xtls-rprx-vision, and xtls-rprx-vision-udp443 — and a matching i18n key in all 13 locale files. The row is only shown when the inbound can actually use Vision flow (mirrors the frontend's canEnableTlsFlow check: VLESS over TCP with TLS or Reality); on other transports it's hidden and any stale client_Flow value is reset, so the generated JSON stays consistent with the inbound's stream settings.		2026-05-15 13:12:54 +02:00
..
api_token.go	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs	2026-05-13 16:34:31 +02:00
config.json	feat(inbounds): align tunnel, tun, and hysteria UI with Xray docs	2026-05-13 22:44:08 +02:00
custom_geo.go	fix(security): SSRF-guard node and remote HTTP clients	2026-05-13 13:33:53 +02:00
custom_geo_test.go	v3	2026-05-10 02:13:42 +02:00
inbound.go	fix(inbounds): don't delete remote inbound when toggling enable	2026-05-15 12:43:16 +02:00
metric_history.go	feat(panel): xray metrics dashboard with observatory probe history	2026-05-12 02:17:45 +02:00
node.go	fix(security): SSRF-guard node and remote HTTP clients	2026-05-13 13:33:53 +02:00
nord.go	feat(xray/nord): searchable server list + colored load tag, surface API errors	2026-05-11 10:06:01 +02:00
outbound.go	fix(outbound): probe UDP-based outbounds over UDP instead of TCP	2026-05-15 12:29:53 +02:00
panel.go	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
panel_other.go	feat: add panel update functionality via web GUI (#4117)	2026-04-28 18:46:55 +02:00
panel_test.go	feat: add panel update functionality via web GUI (#4117)	2026-04-28 18:46:55 +02:00
panel_unix.go	feat: add panel update functionality via web GUI (#4117)	2026-04-28 18:46:55 +02:00
port_conflict.go	fix(inbounds): scope port check to node and preserve caller tag	2026-05-11 12:51:45 +02:00
port_conflict_test.go	fix(inbounds): scope port check to node and preserve caller tag	2026-05-11 12:51:45 +02:00
server.go	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
server_vlessenc_test.go	Feat: clarify VLESS encryption auth selection (#4271)	2026-05-12 11:39:28 +02:00
setting.go	Add possibility to remove client email from sub (#4297)	2026-05-13 19:04:17 +02:00
setting_security_test.go	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs	2026-05-13 16:34:31 +02:00
tgbot.go	feat(tgbot): add Flow picker when creating a VLESS client	2026-05-15 13:12:54 +02:00
tgbot_test.go	Implement CSRF protection and security hardening across the application (#4179)	2026-05-07 23:36:11 +02:00
traffic_writer.go	Fix: traffic writer restart freeze (#4265)	2026-05-12 11:36:05 +02:00
traffic_writer_test.go	Fix: traffic writer restart freeze (#4265)	2026-05-12 11:36:05 +02:00
url_safety.go	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
user.go	fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop	2026-05-13 14:08:16 +02:00
warp.go	fix(warp): set license against Cloudflare API and surface errors inline	2026-05-13 21:13:16 +02:00
websocket.go	v3	2026-05-10 02:13:42 +02:00
xray.go	fix(nodes): bind form-encoded posts and skip node inbounds in central xray	2026-05-10 11:32:06 +02:00
xray_metrics.go	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
xray_setting.go	v3	2026-05-10 02:13:42 +02:00
xray_setting_test.go	xray-setting: pin api routing rule to index 0 on save (#4124)	2026-04-28 17:49:39 +02:00