mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-05-18 12:05:53 +00:00
bbefe91011
Add UserService.BumpLoginEpoch and call it from updateSetting when
TwoFactorEnable flips false → true. Existing cookies (issued under
the looser no-2FA policy) get a 401 on their next request and are
forced through the login flow. Disabling 2FA is a relaxation and
does not bump the epoch — sessions stay valid.
Also fix the dev-mode 401 redirect: targeting `${basePath}login.html`
breaks when basePath isn't "/" (Vite has no file at e.g.
"/test/login.html"; the SPA fallback loops the 401). Navigate to
basePath instead — Vite's bypassMigratedRoute and Go's index
handler both serve login.html for that path.
Strip stale doc-comment from netsafe and IndexController.logout
in line with the project's no-inline-comments convention.
|
||
|---|---|---|
| .. | ||
| config.json | ||
| custom_geo.go | ||
| custom_geo_test.go | ||
| inbound.go | ||
| metric_history.go | ||
| node.go | ||
| nord.go | ||
| outbound.go | ||
| panel.go | ||
| panel_other.go | ||
| panel_test.go | ||
| panel_unix.go | ||
| port_conflict.go | ||
| port_conflict_test.go | ||
| server.go | ||
| server_vlessenc_test.go | ||
| setting.go | ||
| setting_security_test.go | ||
| tgbot.go | ||
| tgbot_test.go | ||
| traffic_writer.go | ||
| traffic_writer_test.go | ||
| url_safety.go | ||
| user.go | ||
| warp.go | ||
| websocket.go | ||
| xray.go | ||
| xray_metrics.go | ||
| xray_setting.go | ||
| xray_setting_test.go | ||