GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-02 18:39:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a0865a67fdcd2eee04c98add31f8f2b6f3b73e12
3x-ui/frontend/src/schemas/client.ts
MHSanaei a0865a67fd fix(clients): reject spaces, '/', '\' and control chars in client email 
Client emails containing a slash broke the path-param routes
(edit/delete/view returned 404 / "client not found"), leaving stale
records that could only be cleared with manual SQLite edits. Validate
the email on both the backend (Create + Update, which also covers the
bulk paths) and the frontend (Zod) so these characters are rejected at
save time with a clear, localized message across all 13 locales.

Closes #4695
2026-05-30 22:40:48 +02:00

202 lines
6.5 KiB
TypeScript
Raw Blame History

import { z } from 'zod';
const nullableStringArray = z.array(z.string()).nullable().transform((v) => v ?? []);
const nullableNumberArray = z.array(z.number()).nullable().transform((v) => v ?? []);
export const ClientTrafficSchema = z.object({
up: z.number().optional(),
down: z.number().optional(),
total: z.number().optional(),
expiryTime: z.number().optional(),
enable: z.boolean().optional(),
lastOnline: z.number().optional(),
});
export const ClientRecordSchema = z.object({
id: z.number().optional(),
email: z.string(),
subId: z.string().optional(),
uuid: z.string().optional(),
password: z.string().optional(),
auth: z.string().optional(),
flow: z.string().optional(),
security: z.string().optional(),
totalGB: z.number().optional(),
expiryTime: z.number().optional(),
limitIp: z.number().optional(),
tgId: z.union([z.number(), z.string()]).optional(),
group: z.string().optional(),
comment: z.string().optional(),
enable: z.boolean().optional(),
reset: z.number().optional(),
inboundIds: nullableNumberArray.optional(),
traffic: ClientTrafficSchema.nullable().optional(),
reverse: z.object({ tag: z.string().optional() }).loose().nullable().optional(),
createdAt: z.number().optional(),
updatedAt: z.number().optional(),
}).loose();
export const InboundOptionSchema = z.object({
id: z.number(),
remark: z.string().optional(),
tag: z.string().optional(),
protocol: z.string().optional(),
port: z.number().optional(),
tlsFlowCapable: z.boolean().optional(),
}).loose();
export const InboundOptionsSchema = z.array(InboundOptionSchema);
export const ClientsSummarySchema = z.object({
total: z.number(),
active: z.number(),
online: nullableStringArray,
depleted: nullableStringArray,
expiring: nullableStringArray,
deactive: nullableStringArray,
});
const nullableClientArray = z.array(ClientRecordSchema).nullable().transform((v) => v ?? []);
export const ClientPageResponseSchema = z.object({
items: nullableClientArray,
total: z.number(),
filtered: z.number(),
page: z.number(),
pageSize: z.number(),
summary: ClientsSummarySchema.nullable().optional(),
groups: nullableStringArray.optional(),
});
export const ClientHydrateSchema = z.object({
client: ClientRecordSchema,
inboundIds: nullableNumberArray,
});
export const BulkAdjustResultSchema = z.object({
adjusted: z.number(),
skipped: z
.array(z.object({ email: z.string(), reason: z.string() }))
.optional(),
});
export const BulkDeleteResultSchema = z.object({
deleted: z.number(),
skipped: z
.array(z.object({ email: z.string(), reason: z.string() }))
.optional(),
});
export const BulkCreateResultSchema = z.object({
created: z.number(),
skipped: z
.array(z.object({ email: z.string(), reason: z.string() }))
.optional(),
});
export const DelDepletedResultSchema = z.object({
deleted: z.number().optional(),
});
export const BulkAttachResultSchema = z.object({
attached: z.array(z.string()).nullable().transform((v) => v ?? []),
skipped: z.array(z.string()).nullable().transform((v) => v ?? []),
errors: z.array(z.string()).nullable().transform((v) => v ?? []),
});
export const BulkDetachResultSchema = z.object({
detached: z.array(z.string()).nullable().transform((v) => v ?? []),
skipped: z.array(z.string()).nullable().transform((v) => v ?? []),
errors: z.array(z.string()).nullable().transform((v) => v ?? []),
});
export const OnlinesSchema = nullableStringArray;
export const GroupSummarySchema = z.object({
name: z.string(),
clientCount: z.number(),
});
export const GroupSummaryListSchema = z.array(GroupSummarySchema).nullable().transform((v) => v ?? []);
export function emailHasForbiddenChars(value: string): boolean {
if (value.includes('/') || value.includes('\\') || value.includes(' ')) return true;
for (let i = 0; i < value.length; i++) {
const code = value.charCodeAt(i);
if (code < 0x20 || code === 0x7f) return true;
}
return false;
}
export const ClientFormSchema = z.object({
email: z
.string()
.trim()
.min(1, 'pages.clients.email')
.refine((v) => !emailHasForbiddenChars(v), 'pages.clients.emailInvalidChars'),
subId: z.string(),
uuid: z.string(),
password: z.string(),
auth: z.string(),
flow: z.string(),
security: z.string(),
reverseTag: z.string(),
totalGB: z.number().min(0),
delayedStart: z.boolean(),
delayedDays: z.number().int().min(0),
reset: z.number().int().min(0),
limitIp: z.number().int().min(0),
tgId: z.number().int().min(0),
group: z.string(),
comment: z.string(),
enable: z.boolean(),
inboundIds: z.array(z.number()),
});
export const ClientCreateFormSchema = ClientFormSchema.extend({
inboundIds: z.array(z.number()).min(1, 'pages.clients.selectInbound'),
});
export const ClientBulkAdjustFormSchema = z
.object({
addDays: z.number().int(),
addGB: z.number(),
})
.refine((v) => v.addDays !== 0 || v.addGB !== 0, {
message: 'pages.clients.bulkAdjustNothing',
});
export const ClientBulkAddFormSchema = z.object({
emailMethod: z.number().int().min(0).max(4),
firstNum: z.number().int().min(1),
lastNum: z.number().int().min(1),
emailPrefix: z.string(),
emailPostfix: z.string(),
quantity: z.number().int().min(1).max(100),
subId: z.string(),
group: z.string(),
comment: z.string(),
flow: z.string(),
limitIp: z.number().int().min(0),
totalGB: z.number().min(0),
expiryTime: z.number(),
reset: z.number().int().min(0),
inboundIds: z.array(z.number()).min(1, 'pages.clients.selectInbound'),
});
export type ClientRecord = z.infer<typeof ClientRecordSchema>;
export type ClientTraffic = z.infer<typeof ClientTrafficSchema>;
export type InboundOption = z.infer<typeof InboundOptionSchema>;
export type ClientsSummary = z.infer<typeof ClientsSummarySchema>;
export type ClientPageResponse = z.infer<typeof ClientPageResponseSchema>;
export type ClientHydrate = z.infer<typeof ClientHydrateSchema>;
export type BulkAdjustResult = z.infer<typeof BulkAdjustResultSchema>;
export type BulkDeleteResult = z.infer<typeof BulkDeleteResultSchema>;
export type BulkCreateResult = z.infer<typeof BulkCreateResultSchema>;
export type BulkAttachResult = z.infer<typeof BulkAttachResultSchema>;
export type BulkDetachResult = z.infer<typeof BulkDetachResultSchema>;
export type ClientBulkAddFormValues = z.infer<typeof ClientBulkAddFormSchema>;
export type ClientBulkAdjustFormValues = z.infer<typeof ClientBulkAdjustFormSchema>;
export type ClientFormValues = z.infer<typeof ClientFormSchema>;
export type GroupSummary = z.infer<typeof GroupSummarySchema>;
Reference in New Issue View Git Blame Copy Permalink