farhadh 56ce6073ce feat(auth): block panel with default admin/admin credentials and guide credential change ... checkLogin middleware now detects default admin/admin credentials and redirects every panel route to /panel/settings until they are changed. The settings page auto-opens the Authentication tab, shows a non-dismissible error banner, and lists 'Default credentials' first in the security checklist. Login response includes mustChangeCredentials so the login page can redirect directly. Logout is now POST-only. Password must be at least 10 characters and cannot be admin/admin.		2026-05-11 21:16:22 +02:00
..
api.go	v3	2026-05-10 02:13:42 +02:00
base.go	feat(auth): block panel with default admin/admin credentials and guide credential change	2026-05-11 21:16:22 +02:00
custom_geo.go	v3	2026-05-10 02:13:42 +02:00
dist.go	feat(auth): block panel with default admin/admin credentials and guide credential change	2026-05-11 21:16:22 +02:00
inbound.go	feat(inbounds): add sub/client link endpoints; hide panel version on login	2026-05-11 15:03:47 +02:00
index.go	feat(auth): block panel with default admin/admin credentials and guide credential change	2026-05-11 21:16:22 +02:00
login_limiter.go	Implement CSRF protection and security hardening across the application (#4179)	2026-05-07 23:36:11 +02:00
login_limiter_test.go	refactor(websocket): split controller into service + thin controller	2026-05-08 00:00:44 +02:00
node.go	feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes	2026-05-10 16:25:23 +02:00
server.go	fix: backup path with webbasepath (#4223)	2026-05-10 22:48:35 +02:00
setting.go	feat(auth): block panel with default admin/admin credentials and guide credential change	2026-05-11 21:16:22 +02:00
util.go	v3	2026-05-10 02:13:42 +02:00
websocket.go	v3	2026-05-10 02:13:42 +02:00
xray_setting.go	feat(xray/outbounds): TCP probe mode + Test All + timing breakdown	2026-05-11 04:17:23 +02:00
xui.go	feat(panel): in-panel API documentation page	2026-05-11 13:57:42 +02:00