mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-06-05 20:54:14 +00:00
56ec359041
Adds a per-node TLS verification mode to the Add/Edit Node dialog so the panel can reach nodes that serve HTTPS with a self-signed certificate: - verify (default): normal CA validation. - skip: InsecureSkipVerify, with a clear UI warning that it drops MITM protection. - pin: validates the leaf certificate's SHA-256 (base64 or hex) via VerifyConnection while bypassing the default chain/name check — keeps MITM protection for self-signed certs, the secure alternative to skip. New Node model fields tlsVerifyMode + pinnedCertSha256 (gorm auto-migrated). Probe() selects the HTTP client per node via nodeHTTPClientFor, keeping the SSRF-guarded dialer. A new POST /panel/api/nodes/certFingerprint endpoint (FetchCertFingerprint) lets the UI fetch and pin the node's current certificate in one click. Endpoint documented in api-docs/openapi; i18n added across all locales. Verified end-to-end in Docker (verify rejects, skip bypasses, fetch matches, pin accepts correct / rejects wrong). |
||
|---|---|---|
| .. | ||
| api.go | ||
| api_docs_test.go | ||
| base.go | ||
| client.go | ||
| custom_geo.go | ||
| dist.go | ||
| group.go | ||
| inbound.go | ||
| index.go | ||
| login_limiter.go | ||
| login_limiter_test.go | ||
| node.go | ||
| server.go | ||
| setting.go | ||
| util.go | ||
| util_test.go | ||
| websocket.go | ||
| xray_setting.go | ||
| xui.go | ||