Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/web
History
Sora39831 90665c92f4 fix: harden registration with rate limiting, input validation, and security fixes 
- Add per-IP rate limiter middleware (5 req/min) on /register endpoint
- Validate username (3-64 chars) and password (8-128 chars) with trim
- Use sentinel error ErrUsernameAlreadyExists instead of string matching
- Prevent TurnstileSecretKey exposure via admin settings API (json:"-")
- Skip json:"-" fields in UpdateAllSetting to avoid overwriting secrets
- Add SetTurnstileSecretKey setter for programmatic configuration
- Reuse package-level http.Client in Turnstile verification for connection pooling
- Add io.LimitReader to cap Turnstile response body size
- Log all Turnstile verification error paths for debugging
- Add invalidUsername/invalidPassword i18n keys to all 13 locales
2026-04-03 02:02:25 +08:00
..
assets fix: make Turnstile widget responsive on narrow screens 2026-04-03 00:30:55 +08:00
controller fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
entity fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
global Refactor code and fix linter warnings (#3627) 2026-01-05 05:54:56 +01:00
html fix: make Turnstile widget responsive on narrow screens 2026-04-03 00:30:55 +08:00
job fix: Ban new IPs with fail2ban instead of disconnected the client. (#3919) 2026-03-17 21:18:10 +01:00
locale update dependencies 2026-03-04 13:05:29 +01:00
middleware fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
network docs: add comments for all functions 2025-09-20 09:35:50 +02:00
service fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
session docs: add comments for all functions 2025-09-20 09:35:50 +02:00
translation fix: harden registration with rate limiting, input validation, and security fixes 2026-04-03 02:02:25 +08:00
websocket Add url speed test for outbound (#3767) 2026-02-09 21:43:17 +01:00
web.go fix: remove excluded paths from gzip middleware in router initialization (#3860) 2026-03-01 15:18:16 +01:00