admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
641 Commits 3 Branches 0 Tags
9e2a66f1d54549dcba470d348b2a1b7d41e862e0
Commit Graph

109 Commits

Author SHA1 Message Date
xboard c0b6ee1763 refactor: core plugins to plugins-core 2026-04-18 23:31:59 +08:00
xboard fe62542b7c fix: unify Trojan server_name/allow_insecure to tls_settings across all protocols 2026-04-18 21:00:21 +08:00
xboard 360684245e fix: ticket reply_status semantics, N+1 query, and admin reply auto-reopen 2026-04-18 16:40:21 +08:00
xboard 9ba946621e feat: email template management with DB override, modern mail redesign 2026-04-18 15:41:23 +08:00
xboard 521d4e3ac5 fix: dedup device IPs, reset stale online_count on disconnect and scheduled cleanup (#886) 2026-04-18 02:57:55 +08:00
xboard d9833fab47 fix(plugin): improve plugin install and uninstall migration handling 2026-04-17 23:11:03 +08:00
xboard e297b5fe9f feat: machine mode, ECH subscriptions, batch ops & security hardening 2026-04-17 03:02:53 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 58ef46f754 fix: stop sending VLESS decryption when encryption is disabled 2026-04-08 11:05:55 +08:00
xboard 5f1afe4bdc feat: add Vless Encryption support 2026-03-30 17:03:37 +08:00
xboard a58d66d72e feat: node traffic limit & batch operations 
- Traffic monitoring with transfer_enable limit
- Batch delete nodes
- Reset traffic (single/batch)
 2026-03-30 02:50:56 +08:00
xboard 3744ebcd5a Revert "fix: escape Telegram Markdown special characters (fix #450)" 
This reverts commit 23294c1f93.
 2026-03-29 17:48:49 +08:00
xboard 23294c1f93 fix: escape Telegram Markdown special characters (fix #450) 2026-03-28 09:10:54 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
xboard 3c3639613e fix: use ServerService::getServer() for node lookup in WebSocket 2026-03-26 03:51:58 +08:00
xboard 74b5ef0b27 fix: resolve device sync issues and refactor WebSocket server 2026-03-26 03:33:01 +08:00
xboard 420521d90a refactor: restructure device limit system 2026-03-25 17:50:16 +08:00
xboard 73a37a07dd feat: ws notify nodes when user traffic is exhausted 2026-03-25 01:44:55 +08:00
xboard 7dacb69275 feat: Trojan Reality support and protocol distribution optimizations 2026-03-23 14:56:41 +08:00
xboard 64e6d8148e feat: Add admin bulk-mail placeholder variables and template rendering 2026-03-19 05:02:16 +08:00
xboard 47983dec40 fix(runtime): force app_url/force_https per-request via middlewar 2026-03-19 04:22:17 +08:00
xboard b55091a066 feat: Refactor uTLS & Multiplex Support, Node Status Push Optimization 
- Server/ServerSave/Server.php: Unified utls and multiplex schema, validation, and defaults for vmess/vless/trojan/mieru protocols, enabling more flexible protocol configuration.
- Protocols (SingBox/ClashMeta/Shadowrocket/Stash/General): All protocol generators now support utls (client-fingerprint/fp) and multiplex options. Removed getRandFingerprint, replaced with getTlsFingerprint supporting random/custom fingerprints.
- Helper.php: Refactored TLS fingerprint utility to support object/string/random input.
- ServerService: Abstracted updateMetrics method to unify HTTP/WS node status caching logic.
- NodeWebSocketServer: Improved node connection, status push, and full sync logic; adjusted log levels; clarified push logic.
- ServerController: Reused ServerService for node metrics handling, reducing code duplication.
- Docs: Improved aapanel installation docs, added fix for empty admin dashboard.
 2026-03-16 23:09:56 +08:00
xboard 010275b09e feat: introduce WebSocket sync for XBoard nodes 
- Implement Workerman-based `xboard:ws-server` for real-time node synchronization.
- Support custom routes, outbounds, and certificate configurations via JSON.
- Optimize scheduled tasks with `lazyById` to minimize memory footprint.
- Enhance reactivity using Observers for `Plan`, `Server`, and `ServerRoute`.
- Expand protocol support for `httpupgrade`, `h2`, and `mieru`.
 2026-03-15 09:49:11 +08:00
xboard 562064712d fix(register): handle invalid invite code as API error (#792) 2026-03-11 02:09:25 +08:00
xboard 01bcf43ae8 fix: apply device_limit from plan when assigning via gift card (#630) 2026-03-09 06:51:10 +08:00
xboard 2e0b10e643 fix: return dynamic rate instead of base rate in user server list (#709) 2026-03-09 06:47:30 +08:00
Xboard cf552f6e5d Merge pull request #734 from kelly5454/master 
fix: Type error when redeeming gift card
 2026-03-09 04:56:14 +08:00
xboard 95e8e7bca7 feat: add v2node support 2025-11-22 20:33:38 +08:00
xboard 8d0e33ba23 fix: preserve theme config when upgrading theme 2025-11-07 19:25:40 +08:00
kelly5454 3754f7da0d fix: exchange gift card type error 2025-10-30 21:08:39 +08:00
xboard e3c746d314 feat(plugin): auto-decode JSON config values by type in PluginManager 2025-10-20 18:56:44 +08:00
xboard f83bdfc9ad fix: avoid getCurrentCommit on cache hit 2025-09-26 19:04:17 +08:00
xboard bf1234a9c2 fix(plugin): remove stale plugin records when files missing; adjust logging 2025-09-23 14:59:22 +08:00
xboard 58a374bde9 fix 2025-09-16 18:44:44 +08:00
xboard abf541df72 fix: improve date calculation for month-end reset schedules 2025-08-31 20:30:02 +08:00
Miku a8e2452dcc fix(order): correct renewal handling for onetime plan 
fixes onetime plan renewal logic
 2025-08-29 23:24:48 +08:00
xboard 8e0384c833 feat: optimize server.user.get hook definition 2025-08-29 19:21:49 +08:00
xboard 724dd54822 fix: support resources/views directory for plugin views 2025-08-23 15:26:09 +08:00
xboard a666557781 fix(auth): handle null redirect in quick login url 2025-08-21 18:57:19 +08:00
xboard 930e2052a4 fix: fix user expiration date display and update issues 
- Fix 1970 year display for unlimited validity users
- Resolve SQL error in user update endpoint
- Closes #625
 2025-08-08 03:04:44 +08:00
xboard 1405cb0b99 fix: change user default_at to 0 2025-07-27 08:11:42 +08:00
xboard 78e7be8766 feat: add plugin migrations and fix plan management bugs 
- Plugin database migration support
- Fix empty prices error in plan management
- Plugin update functionality
- Custom shadowsocks encryption algorithms
 2025-07-27 00:19:14 +08:00
xboard 58868268dd feat: enhance plugin management 
- Add command support for plugin management
- Optimize plugin management page layout
- Add email copy functionality for users
- Convert payment methods and Telegram Bot to plugin system
 2025-07-26 18:49:58 +08:00
xboard 06cbe0e478 fix: correct return_url generation for payment in frontend-backend separated deployment 2025-07-21 23:54:00 +08:00
xboard c9bab8fb02 feat: add multiple hooks, pligun schedule support ,add hook:list artisan command 2025-07-21 13:29:17 +08:00
xboard 90360cfeb5 fix: resolve theme refresh issue after updates 2025-07-21 08:27:41 +08:00
xboard 063a10f6bb refactor: rename hook form traffic.before_process to traffic.process.before 2025-07-18 23:39:19 +08:00
xboard 508caebdcd refactor: refactor subscription delivery logic, change payment return_url to origin_url concatenation 
- Unify protocol filter configuration to client.type.field (dot-path, three-segment) format, support strict whitelist mode
- Refactor AbstractProtocol and all protocol classes for more flexible and maintainable subscription delivery
- Change payment callback logic: use origin_url concatenation instead of return_url for more accurate redirects
 2025-07-18 15:42:58 +08:00
xboard e2d7b6a5e0 feat(hook): add order.create.after, order.open.before, order.open.after, and protocol.servers.filtered hooks 2025-07-17 12:34:31 +08:00
xboard 10ff5d7b27 feat: consider remaining traffic in surplus calculation when resetting traffic on plan change 2025-07-17 12:13:03 +08:00