admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
652 Commits 3 Branches 0 Tags
97cf16709092e5fb09cec407042288e703f49751
Commit Graph

370 Commits

Author SHA1 Message Date
yinjianm 994819e8a0 fix(clashmeta): handle associative arrays in block yaml export 2026-04-18 01:50:45 +08:00
yinjianm 4a5091825c t2 2026-04-18 01:30:24 +08:00
yinjianm 1282e802b5 t 2026-04-18 01:23:46 +08:00
yinjianm 9ca92430ee fix(clashmeta): render block-style yaml for subscription export 2026-04-18 01:11:11 +08:00
yinjianm cd5e00bbfb Merge remote-tracking branch 'upstream/master' 
# Conflicts:
#	public/assets/admin
 2026-04-18 00:35:04 +08:00
yinjianm ecf0a268d3 fix(clashmeta): keep nested proxy objects in block style 2026-04-18 00:31:25 +08:00
xboard d9833fab47 fix(plugin): improve plugin install and uninstall migration handling 2026-04-17 23:11:03 +08:00
xboard f84afc7903 fix: support both GET and POST for handshake endpoint (backward compatibility) 2026-04-17 20:59:48 +08:00
Xboard fea7d97aa3 Update installer URL to use 'dev' branch 2026-04-17 12:54:22 +08:00
xboard a74cc2f19d feat: show install command on machine creation 2026-04-17 06:47:05 +08:00
xboard e297b5fe9f feat: machine mode, ECH subscriptions, batch ops & security hardening 2026-04-17 03:02:53 +08:00
yootus edbd8de356 QuantumultX下发Anytls节点 (#880) 
QuantumultX最新版本支持Anytls了,做适配
 2026-04-16 19:31:24 +08:00
yinjianm abd64ed20c Merge remote-tracking branch 'upstream/master' 
# Conflicts:
#	app/Services/UserOnlineService.php
#	public/assets/admin
 2026-04-16 16:59:21 +08:00
xboard 13756956a6 fix: reset traffic stats when copying server nodes 2026-04-11 20:24:43 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 58ef46f754 fix: stop sending VLESS decryption when encryption is disabled 2026-04-08 11:05:55 +08:00
yootus ec49ba3fd1 Loon和Surfboard适配anytls (#854) 
* Loon适配anytls

* Surfboard适配anytls

Surfboard适配anytls
 2026-04-02 15:47:41 +08:00
NFamou b7c8b31a91 Merge pull request #856 from NFamou/master 
支持Surfboard下发SS2022
 2026-04-02 15:46:55 +08:00
Xboard c5a8c836c0 Revert "feat: Track user traffic per node (server_id)" 2026-03-30 18:17:27 +08:00
xboard 5f1afe4bdc feat: add Vless Encryption support 2026-03-30 17:03:37 +08:00
Xboard 0cd20d12dd Merge pull request #755 from socksprox/feat/server-id-stat-user 
feat: Track user traffic per node (server_id)
 2026-03-30 13:55:11 +08:00
Xboard b4a94d1605 Merge pull request #689 from socksprox/fix-user-generation-multiple-prefix 
Fix user generation with email_prefix to support multiple users
 2026-03-30 13:32:46 +08:00
Xboard 7879a9ef85 Merge pull request #786 from lithromantic/master 
Add sha256salt hashing option in password verification
 2026-03-30 13:05:39 +08:00
xboard a58d66d72e feat: node traffic limit & batch operations 
- Traffic monitoring with transfer_enable limit
- Batch delete nodes
- Reset traffic (single/batch)
 2026-03-30 02:50:56 +08:00
xboard daf3055b42 fix: escape Telegram Markdown special characters 2026-03-30 01:46:56 +08:00
xboard 3744ebcd5a Revert "fix: escape Telegram Markdown special characters (fix #450)" 
This reverts commit 23294c1f93.
 2026-03-29 17:48:49 +08:00
lithromantic 6cac241144 Merge branch 'cedar2025:master' into master 2026-03-29 00:00:34 +01:00
Xboard 76a800ddbb Merge pull request #832 from Dlphine/fix/raw-array-access-data-get 
fix: replace raw array access with data_get() to prevent Undefined array key
 2026-03-28 17:38:44 +08:00
xboard 23294c1f93 fix: escape Telegram Markdown special characters (fix #450) 2026-03-28 09:10:54 +08:00
xboard 130f7c82a8 feat: revoke other sessions when changing password (fix #414) 2026-03-28 08:31:24 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
Dlphine 5dd4cd4bc9 fix: replace raw array access with data_get() to prevent Undefined array key 
- Migrate $protocol_settings['key'] to data_get($protocol_settings, 'key') across General, SingBox, Shadowrocket, Surfboard, QuantumultX
- Prevents PHP 8 Undefined array key fatal errors when optional protocol_settings fields are missing
- Same class of bug that caused #735
 2026-03-27 13:51:28 +08:00
xboard 3c3639613e fix: use ServerService::getServer() for node lookup in WebSocket 2026-03-26 03:51:58 +08:00
xboard 74b5ef0b27 fix: resolve device sync issues and refactor WebSocket server 2026-03-26 03:33:01 +08:00
xboard 420521d90a refactor: restructure device limit system 2026-03-25 17:50:16 +08:00
xboard 73a37a07dd feat: ws notify nodes when user traffic is exhausted 2026-03-25 01:44:55 +08:00
xboard 7dacb69275 feat: Trojan Reality support and protocol distribution optimizations 2026-03-23 14:56:41 +08:00
xboard 08d68cbcae fix: intval u/d to avoid bigint overflow (#821) 2026-03-22 19:13:07 +08:00
Xboard b779bd4fd5 Merge pull request #789 from socksprox/feat/or-filter-logic 
feat: Add OR logic support to user fetch API filters
 2026-03-21 07:49:03 +08:00
yinjianm 1b3d022969 feat(payment): add TokenPay payment plugin 
Register a new TokenPay payment plugin with configurable API
credentials, payment URL generation, and signed callback
verification.

Also improve admin config fetching to support single-group
lookups and add backwards-compatible subscribe template loading
from legacy settings and bundled files when the database table
is unavailable.
 2026-03-19 22:32:28 +08:00
yinjianm ae8a913f9b merge: sync upstream/master from cedar2025/Xboard 
合并上游 cedar2025/Xboard 的 master,并按交互决策保留本地改动。
 2026-03-19 21:04:27 +08:00
yinjianm 421844895e fix(payment): validate and filter unavailable methods 
Filter user-visible payment methods to only include supported
providers and fail fast when a payment record or plugin cannot be
resolved.

This prevents invalid payment options from being returned by the
API and avoids constructing an undefined fallback payment class.
 2026-03-19 20:29:26 +08:00
xboard 64e6d8148e feat: Add admin bulk-mail placeholder variables and template rendering 2026-03-19 05:02:16 +08:00
xboard 47983dec40 fix(runtime): force app_url/force_https per-request via middlewar 2026-03-19 04:22:17 +08:00
xboard ee55d7fa72 fix: fix brutal-opts configure for clashMeta 2026-03-17 12:26:10 +08:00
xboard b55091a066 feat: Refactor uTLS & Multiplex Support, Node Status Push Optimization 
- Server/ServerSave/Server.php: Unified utls and multiplex schema, validation, and defaults for vmess/vless/trojan/mieru protocols, enabling more flexible protocol configuration.
- Protocols (SingBox/ClashMeta/Shadowrocket/Stash/General): All protocol generators now support utls (client-fingerprint/fp) and multiplex options. Removed getRandFingerprint, replaced with getTlsFingerprint supporting random/custom fingerprints.
- Helper.php: Refactored TLS fingerprint utility to support object/string/random input.
- ServerService: Abstracted updateMetrics method to unify HTTP/WS node status caching logic.
- NodeWebSocketServer: Improved node connection, status push, and full sync logic; adjusted log levels; clarified push logic.
- ServerController: Reused ServerService for node metrics handling, reducing code duplication.
- Docs: Improved aapanel installation docs, added fix for empty admin dashboard.
 2026-03-16 23:09:56 +08:00
xboard c24e09f0c7 fix: correct node_sync queue assignment in horizon 2026-03-16 02:28:28 +08:00
xboard 3d082853d7 feat(ClashMeta): enhance Shadowsocks plugin support 2026-03-15 11:36:43 +08:00
xboard 199c146672 refactor: rename ws-server command and update configuration 2026-03-15 10:57:21 +08:00
xboard 98a4964c7c fix(ws): enabel unix socket support for redis connection 2026-03-15 10:47:31 +08:00