Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/web/controller
History
Sora39831 90665c92f4 fix: harden registration with rate limiting, input validation, and security fixes 
- Add per-IP rate limiter middleware (5 req/min) on /register endpoint
- Validate username (3-64 chars) and password (8-128 chars) with trim
- Use sentinel error ErrUsernameAlreadyExists instead of string matching
- Prevent TurnstileSecretKey exposure via admin settings API (json:"-")
- Skip json:"-" fields in UpdateAllSetting to avoid overwriting secrets
- Add SetTurnstileSecretKey setter for programmatic configuration
- Reuse package-level http.Client in Turnstile verification for connection pooling
- Add io.LimitReader to cap Turnstile response body size
- Log all Turnstile verification error paths for debugging
- Add invalidUsername/invalidPassword i18n keys to all 13 locales
2026-04-03 02:02:25 +08:00
..
api.go API improve security: returns 404 for unauthenticated API requests 2025-09-24 11:29:55 +02:00
base.go docs: add comments for all functions 2025-09-20 09:35:50 +02:00
inbound.go bug fix #3785 2026-02-11 22:21:09 +01:00
index.go fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
server.go Refactor code and fix linter warnings (#3627) 2026-01-05 05:54:56 +01:00
setting.go docs: add comments for all functions 2025-09-20 09:35:50 +02:00
util.go docs: add comments for all functions 2025-09-20 09:35:50 +02:00
websocket.go feat: Add WebSocket support for real-time updates and enhance VLESS settings (#3605) 2026-01-03 05:26:00 +01:00
xray_setting.go fix security issue 2026-02-09 23:36:10 +01:00
xui.go API improve security: returns 404 for unauthenticated API requests 2025-09-24 11:29:55 +02:00