GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-08 21:34:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
327228d8f3fec008c3d02310acbda2884a54c5b0
3x-ui/web/service
History
MHSanaei d2dc589f14 fix(node): capture node cert via VerifyConnection for fingerprint fetch 
FetchCertFingerprint read the leaf certificate from a bare insecure TLS
handshake, which CodeQL flagged as go/disabled-certificate-check. The
function intentionally accepts any cert (trust-on-first-use, so the admin
can pin a not-yet-trusted node), so verification cannot be enabled.

Capture the leaf cert inside a VerifyConnection callback instead, matching
the existing pattern in nodeHTTPClientFor that already clears the same
query. Behavior is unchanged.
2026-06-02 03:09:33 +02:00
..
api_token.go
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs
2026-05-13 16:34:31 +02:00
client_email_validation_test.go
fix(clients): reject spaces, '/', '\' and control chars in subscription ID
2026-05-30 23:28:58 +02:00
client_flow_isolation_test.go
test: name temp sqlite db x-ui.db to match the real db filename
2026-05-31 15:25:05 +02:00
client_group_node_sync_test.go
fix(clients): persist group for node-inbound clients
2026-05-31 15:25:21 +02:00
client_sync_multiprotocol_test.go
test: name temp sqlite db x-ui.db to match the real db filename
2026-05-31 15:25:05 +02:00
client_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
client.go
feat(inbounds): support Unix domain socket path in Listen field (#4429)
2026-06-02 00:37:20 +02:00
config.json
fix(xray): allow private-IP destinations via freedom finalRules
2026-05-19 15:42:16 +02:00
custom_geo_test.go
v3
2026-05-10 02:13:42 +02:00
custom_geo.go
fix(security): SSRF-guard node and remote HTTP clients
2026-05-13 13:33:53 +02:00
fallback.go
fix(fallbacks): allow free-form dest entries for external servers (#4748)
2026-06-02 00:17:21 +02:00
inbound_client_traffic_test.go
fix(postgres): record client traffic when inbound_id is stale
2026-06-01 01:39:21 +02:00
inbound_migration_test.go
fix(postgres): commit client traffic backfill in migration
2026-06-01 00:43:42 +02:00
inbound_update_tag_test.go
fix(inbound): re-derive auto tags on edit and keep node tags consistent
2026-06-01 05:08:29 +02:00
inbound.go
fix(nodes): sum client traffic across nodes instead of overwriting
2026-06-01 22:54:56 +02:00
metric_history.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
node_client_traffic_sum_test.go
fix(nodes): sum client traffic across nodes instead of overwriting
2026-06-01 22:54:56 +02:00
node_tag_sync_test.go
fix(inbound): re-derive auto tags on edit and keep node tags consistent
2026-06-01 05:08:29 +02:00
node_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
node.go
fix(node): capture node cert via VerifyConnection for fingerprint fetch
2026-06-02 03:09:33 +02:00
nord.go
feat(xray/nord): searchable server list + colored load tag, surface API errors
2026-05-11 10:06:01 +02:00
outbound.go
fix(xray): test UDP outbounds via xray probe (#4657) + Vision testseed & Flow form fixes
2026-05-29 21:07:01 +02:00
panel_other.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel_test.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel_unix.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel.go
feat(settings): panel network proxy for the panel's own outbound requests
2026-05-28 00:45:32 +02:00
port_conflict_test.go
fix(inbounds): drop listen address from auto-generated inbound tag
2026-06-01 09:33:49 +02:00
port_conflict.go
fix(inbounds): drop listen address from auto-generated inbound tag
2026-06-01 09:33:49 +02:00
server_vlessenc_test.go
Feat: clarify VLESS encryption auth selection (#4271)
2026-05-12 11:39:28 +02:00
server.go
feat(postgres): in-panel backup/restore and consistent CLI backend
2026-05-31 17:53:34 +02:00
setting_security_test.go
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs
2026-05-13 16:34:31 +02:00
setting.go
fix(sub): keep listen/bind IP out of subscription page URLs
2026-06-01 05:47:18 +02:00
sub_uri_base_test.go
fix(sub): keep listen/bind IP out of subscription page URLs
2026-06-01 05:47:18 +02:00
tgbot_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
tgbot.go
fix(tgbot): send login notification asynchronously
2026-06-01 02:38:06 +02:00
traffic_writer_test.go
Fix: traffic writer restart freeze (#4265)
2026-05-12 11:36:05 +02:00
traffic_writer.go
Fix: traffic writer restart freeze (#4265)
2026-05-12 11:36:05 +02:00
url_safety.go
Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)
2026-05-13 12:52:52 +02:00
user.go
fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop
2026-05-13 14:08:16 +02:00
warp.go
fix(warp): persist client_id so WARP outbound gets reserved bytes (#4781)
2026-06-01 23:14:40 +02:00
websocket.go
v3
2026-05-10 02:13:42 +02:00
xray_metrics.go
Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)
2026-05-13 12:52:52 +02:00
xray_setting_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
xray_setting.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
xray.go
feat(fallbacks): add per-rule dest override
2026-05-28 21:17:49 +02:00