Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-18 12:05:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3x-ui/web/service
History
MHSanaei e40554a7d5
fix(inbound): require email when adding or updating a client 
AddInboundClient and UpdateInboundClient previously accepted an
empty Email field for every protocol except shadowsocks (where
email doubles as the client ID). Empty emails break downstream
features that key off email — IP-limit logging, traffic stats,
client-online tracking, subscription remarks.

Reject empty/whitespace-only emails at the service layer so the
API surface (POST /panel/api/inbounds/addClient and
/updateClient/:id) returns a clear error instead of persisting
an unidentifiable client.

Also drop the stale `len(Email) > 0` guard in UpdateInboundClient
that became dead code once empty emails are rejected.
2026-05-13 13:45:31 +02:00
..
config.json dokodemo-door, socks renamed to mixed, tunnel 2025-09-09 13:57:40 +02:00
custom_geo.go fix(security): SSRF-guard node and remote HTTP clients 2026-05-13 13:33:53 +02:00
custom_geo_test.go v3 2026-05-10 02:13:42 +02:00
inbound.go fix(inbound): require email when adding or updating a client 2026-05-13 13:45:31 +02:00
metric_history.go feat(panel): xray metrics dashboard with observatory probe history 2026-05-12 02:17:45 +02:00
node.go fix(security): SSRF-guard node and remote HTTP clients 2026-05-13 13:33:53 +02:00
nord.go feat(xray/nord): searchable server list + colored load tag, surface API errors 2026-05-11 10:06:01 +02:00
outbound.go feat(xray/outbounds): TCP probe mode + Test All + timing breakdown 2026-05-11 04:17:23 +02:00
panel.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
panel_other.go feat: add panel update functionality via web GUI (#4117) 2026-04-28 18:46:55 +02:00
panel_test.go feat: add panel update functionality via web GUI (#4117) 2026-04-28 18:46:55 +02:00
panel_unix.go feat: add panel update functionality via web GUI (#4117) 2026-04-28 18:46:55 +02:00
port_conflict.go fix(inbounds): scope port check to node and preserve caller tag 2026-05-11 12:51:45 +02:00
port_conflict_test.go fix(inbounds): scope port check to node and preserve caller tag 2026-05-11 12:51:45 +02:00
server.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
server_vlessenc_test.go Feat: clarify VLESS encryption auth selection (#4271) 2026-05-12 11:39:28 +02:00
setting.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
setting_security_test.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
tgbot.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
tgbot_test.go Implement CSRF protection and security hardening across the application (#4179) 2026-05-07 23:36:11 +02:00
traffic_writer.go Fix: traffic writer restart freeze (#4265) 2026-05-12 11:36:05 +02:00
traffic_writer_test.go Fix: traffic writer restart freeze (#4265) 2026-05-12 11:36:05 +02:00
url_safety.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
user.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
warp.go v3 2026-05-10 02:13:42 +02:00
websocket.go v3 2026-05-10 02:13:42 +02:00
xray.go fix(nodes): bind form-encoded posts and skip node inbounds in central xray 2026-05-10 11:32:06 +02:00
xray_metrics.go Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
xray_setting.go v3 2026-05-10 02:13:42 +02:00
xray_setting_test.go xray-setting: pin api routing rule to index 0 on save (#4124) 2026-04-28 17:49:39 +02:00