admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
652 Commits 3 Branches 0 Tags
97cf16709092e5fb09cec407042288e703f49751
Commit Graph

111 Commits

Author SHA1 Message Date
yinjianm cd5e00bbfb Merge remote-tracking branch 'upstream/master' 
# Conflicts:
#	public/assets/admin
 2026-04-18 00:35:04 +08:00
xboard d9833fab47 fix(plugin): improve plugin install and uninstall migration handling 2026-04-17 23:11:03 +08:00
xboard e297b5fe9f feat: machine mode, ECH subscriptions, batch ops & security hardening 2026-04-17 03:02:53 +08:00
yinjianm abd64ed20c Merge remote-tracking branch 'upstream/master' 
# Conflicts:
#	app/Services/UserOnlineService.php
#	public/assets/admin
 2026-04-16 16:59:21 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 58ef46f754 fix: stop sending VLESS decryption when encryption is disabled 2026-04-08 11:05:55 +08:00
xboard 5f1afe4bdc feat: add Vless Encryption support 2026-03-30 17:03:37 +08:00
xboard a58d66d72e feat: node traffic limit & batch operations 
- Traffic monitoring with transfer_enable limit
- Batch delete nodes
- Reset traffic (single/batch)
 2026-03-30 02:50:56 +08:00
xboard 3744ebcd5a Revert "fix: escape Telegram Markdown special characters (fix #450)" 
This reverts commit 23294c1f93.
 2026-03-29 17:48:49 +08:00
xboard 23294c1f93 fix: escape Telegram Markdown special characters (fix #450) 2026-03-28 09:10:54 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
xboard 3c3639613e fix: use ServerService::getServer() for node lookup in WebSocket 2026-03-26 03:51:58 +08:00
xboard 74b5ef0b27 fix: resolve device sync issues and refactor WebSocket server 2026-03-26 03:33:01 +08:00
xboard 420521d90a refactor: restructure device limit system 2026-03-25 17:50:16 +08:00
xboard 73a37a07dd feat: ws notify nodes when user traffic is exhausted 2026-03-25 01:44:55 +08:00
xboard 7dacb69275 feat: Trojan Reality support and protocol distribution optimizations 2026-03-23 14:56:41 +08:00
yinjianm ae8a913f9b merge: sync upstream/master from cedar2025/Xboard 
合并上游 cedar2025/Xboard 的 master,并按交互决策保留本地改动。
 2026-03-19 21:04:27 +08:00
yinjianm 421844895e fix(payment): validate and filter unavailable methods 
Filter user-visible payment methods to only include supported
providers and fail fast when a payment record or plugin cannot be
resolved.

This prevents invalid payment options from being returned by the
API and avoids constructing an undefined fallback payment class.
 2026-03-19 20:29:26 +08:00
xboard 64e6d8148e feat: Add admin bulk-mail placeholder variables and template rendering 2026-03-19 05:02:16 +08:00
xboard 47983dec40 fix(runtime): force app_url/force_https per-request via middlewar 2026-03-19 04:22:17 +08:00
xboard b55091a066 feat: Refactor uTLS & Multiplex Support, Node Status Push Optimization 
- Server/ServerSave/Server.php: Unified utls and multiplex schema, validation, and defaults for vmess/vless/trojan/mieru protocols, enabling more flexible protocol configuration.
- Protocols (SingBox/ClashMeta/Shadowrocket/Stash/General): All protocol generators now support utls (client-fingerprint/fp) and multiplex options. Removed getRandFingerprint, replaced with getTlsFingerprint supporting random/custom fingerprints.
- Helper.php: Refactored TLS fingerprint utility to support object/string/random input.
- ServerService: Abstracted updateMetrics method to unify HTTP/WS node status caching logic.
- NodeWebSocketServer: Improved node connection, status push, and full sync logic; adjusted log levels; clarified push logic.
- ServerController: Reused ServerService for node metrics handling, reducing code duplication.
- Docs: Improved aapanel installation docs, added fix for empty admin dashboard.
 2026-03-16 23:09:56 +08:00
xboard 010275b09e feat: introduce WebSocket sync for XBoard nodes 
- Implement Workerman-based `xboard:ws-server` for real-time node synchronization.
- Support custom routes, outbounds, and certificate configurations via JSON.
- Optimize scheduled tasks with `lazyById` to minimize memory footprint.
- Enhance reactivity using Observers for `Plan`, `Server`, and `ServerRoute`.
- Expand protocol support for `httpupgrade`, `h2`, and `mieru`.
 2026-03-15 09:49:11 +08:00
xboard 562064712d fix(register): handle invalid invite code as API error (#792) 2026-03-11 02:09:25 +08:00
xboard 01bcf43ae8 fix: apply device_limit from plan when assigning via gift card (#630) 2026-03-09 06:51:10 +08:00
xboard 2e0b10e643 fix: return dynamic rate instead of base rate in user server list (#709) 2026-03-09 06:47:30 +08:00
Xboard cf552f6e5d Merge pull request #734 from kelly5454/master 
fix: Type error when redeeming gift card
 2026-03-09 04:56:14 +08:00
yinjianm 4f84034814 • 你这个现象我已经定位并修了,核心原因是节点匹配和设备映射都有歧义。 
已修改:

  - 节点识别优先用 id,只有找不到才回退 code,避免子节点被匹配成父节点
    ServerService.php (/E:/code/php/Xboard-new/app/Services/ServerService.php#L101)
  - 在线设备解析补全 node_key/node_id,并按真实节点键归类
    UserOnlineService.php (/E:/code/php/Xboard-new/app/Services/UserOnlineService.php#L43)
  - 用户端流量日志设备映射改为按 node_key 精确匹配
    StatController.php (/E:/code/php/Xboard-new/app/Http/Controllers/V1/User/StatController.php#L43)
  - 管理端同样改为按 node_key 映射
    StatController.php (/E:/code/php/Xboard-new/app/Http/Controllers/V2/Admin/StatController.php#L270)

  说明:

  - 这次不涉及数据库结构变更,不需要 migrate。
  - 对管理后台现有统计接口兼容,不会破坏原有 u/d/record_at/server_rate 显示。
  - 旧的历史日志如果之前已经按父节点入库,不会自动改名;新流量会按修复后的逻辑记录。
 2026-02-26 05:13:19 +08:00
yinjianm 809860b8db 修改仓库地址 2026-02-22 03:57:06 +08:00
yinjianm 17a7c63aec 修改邮件部分 2026-02-22 03:22:14 +08:00
xboard 95e8e7bca7 feat: add v2node support 2025-11-22 20:33:38 +08:00
xboard 8d0e33ba23 fix: preserve theme config when upgrading theme 2025-11-07 19:25:40 +08:00
kelly5454 3754f7da0d fix: exchange gift card type error 2025-10-30 21:08:39 +08:00
xboard e3c746d314 feat(plugin): auto-decode JSON config values by type in PluginManager 2025-10-20 18:56:44 +08:00
xboard f83bdfc9ad fix: avoid getCurrentCommit on cache hit 2025-09-26 19:04:17 +08:00
xboard bf1234a9c2 fix(plugin): remove stale plugin records when files missing; adjust logging 2025-09-23 14:59:22 +08:00
xboard 58a374bde9 fix 2025-09-16 18:44:44 +08:00
xboard abf541df72 fix: improve date calculation for month-end reset schedules 2025-08-31 20:30:02 +08:00
Miku a8e2452dcc fix(order): correct renewal handling for onetime plan 
fixes onetime plan renewal logic
 2025-08-29 23:24:48 +08:00
xboard 8e0384c833 feat: optimize server.user.get hook definition 2025-08-29 19:21:49 +08:00
xboard 724dd54822 fix: support resources/views directory for plugin views 2025-08-23 15:26:09 +08:00
xboard a666557781 fix(auth): handle null redirect in quick login url 2025-08-21 18:57:19 +08:00
xboard 930e2052a4 fix: fix user expiration date display and update issues 
- Fix 1970 year display for unlimited validity users
- Resolve SQL error in user update endpoint
- Closes #625
 2025-08-08 03:04:44 +08:00
xboard 1405cb0b99 fix: change user default_at to 0 2025-07-27 08:11:42 +08:00
xboard 78e7be8766 feat: add plugin migrations and fix plan management bugs 
- Plugin database migration support
- Fix empty prices error in plan management
- Plugin update functionality
- Custom shadowsocks encryption algorithms
 2025-07-27 00:19:14 +08:00
xboard 58868268dd feat: enhance plugin management 
- Add command support for plugin management
- Optimize plugin management page layout
- Add email copy functionality for users
- Convert payment methods and Telegram Bot to plugin system
 2025-07-26 18:49:58 +08:00
xboard 06cbe0e478 fix: correct return_url generation for payment in frontend-backend separated deployment 2025-07-21 23:54:00 +08:00
xboard c9bab8fb02 feat: add multiple hooks, pligun schedule support ,add hook:list artisan command 2025-07-21 13:29:17 +08:00
xboard 90360cfeb5 fix: resolve theme refresh issue after updates 2025-07-21 08:27:41 +08:00
xboard 063a10f6bb refactor: rename hook form traffic.before_process to traffic.process.before 2025-07-18 23:39:19 +08:00
xboard 508caebdcd refactor: refactor subscription delivery logic, change payment return_url to origin_url concatenation 
- Unify protocol filter configuration to client.type.field (dot-path, three-segment) format, support strict whitelist mode
- Refactor AbstractProtocol and all protocol classes for more flexible and maintainable subscription delivery
- Change payment callback logic: use origin_url concatenation instead of return_url for more accurate redirects
 2025-07-18 15:42:58 +08:00