Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-13 09:36:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
3x-ui/frontend
History
MHSanaei 3ecdae7c92
fix(csrf): expose token endpoint for SPA pages and fetch it from axios 
The legacy panel pages got their CSRF token from a <meta name="csrf-token">
tag rendered by Go. SPA pages built by Vite don't have that, so every
unsafe (POST/PUT/DELETE) request from them was hitting CSRFMiddleware
with no token and getting 403 — visible as the settings page being
stuck on "Loading…" because POST /panel/setting/all failed.

- web/controller/xui.go: GET /panel/csrf-token returns the session
  token. Lives under the xui group so checkLogin still gates it; the
  CSRFMiddleware on the same group is a no-op for GET.
- frontend/src/api/axios-init.js: cache the token at module scope and
  lazy-fetch it when a non-safe request needs one. Seed from the meta
  tag first when present (legacy compat). On a 403 response, drop the
  cache and retry once — handles the case where a server restart
  rotated the token after the SPA loaded.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-08 13:20:26 +02:00
..
src fix(csrf): expose token endpoint for SPA pages and fetch it from axios 2026-05-08 13:20:26 +02:00
.gitignore build(frontend): Phase 2 — scaffold Vite + Vue 3 + AD-Vue 4 2026-05-08 10:36:03 +02:00
index.html feat(frontend): Phase 5c-i — index.html dashboard shell 2026-05-08 12:26:51 +02:00
login.html feat(frontend): Phase 5a — theme system + Vite 8 + vue-i18n 11 2026-05-08 11:11:06 +02:00
package-lock.json feat(frontend): Phase 5d-iii — settings Security tab + 2FA modal 2026-05-08 13:08:39 +02:00
package.json feat(frontend): Phase 5d-iii — settings Security tab + 2FA modal 2026-05-08 13:08:39 +02:00
README.md build(frontend): Phase 2 — scaffold Vite + Vue 3 + AD-Vue 4 2026-05-08 10:36:03 +02:00
settings.html feat(frontend): Phase 5d-i — settings page shell + dirty tracking 2026-05-08 13:04:06 +02:00
vite.config.js fix(frontend): route /panel/<route> to migrated pages in dev 2026-05-08 13:16:16 +02:00

README.md

3x-ui frontend

Vue 3 + Ant Design Vue 4 + Vite. Builds into ../web/dist/, which the Go binary will embed via embed.FS once the migration reaches the page handlers (Phase 4+).

This directory exists alongside the legacy web/html/ Vue 2 templates during the migration. Pages will move over one at a time on the vue3-migration branch.

Dev

cd frontend
npm install
npm run dev

The dev server runs on http://localhost:5173/ and proxies API calls to the Go panel at http://localhost:2053/ — start the Go panel first (go run main.go), then start Vite.

Production build

npm run build

Outputs to ../web/dist/. The Go binary picks it up at compile time via embed.FS.

Where things live

  • src/main.js — app entrypoint (createApp, install Antd, mount)
  • src/App.vue — root component (currently a smoke-test placeholder)
  • vite.config.js — build + dev-server config
  • index.html — Vite HTML template

Adding new pages

For each legacy page being migrated, add an entry to vite.config.js rollupOptions.input. Each entry produces its own HTML file in web/dist/, which the Go panel route handler will serve.