admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
684 Commits 3 Branches 0 Tags
b3a8d504d1c7dc0768da52f76ecfbaa73695d709
Commit Graph

684 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
xboard 13756956a6 fix: reset traffic stats when copying server nodes 2026-04-11 20:24:43 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873) 
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
 2026-04-10 02:44:20 +08:00
xboard 1fe6531924 fix(update): avoid duplicate safe.directory entries for repo and admin submodule 2026-04-09 20:31:19 +08:00
xboard 38ea7d0067 docs: add donation section 2026-04-09 00:21:28 +08:00
xboard 58ef46f754 fix: stop sending VLESS decryption when encryption is disabled 2026-04-08 11:05:55 +08:00
yootus ec49ba3fd1 Loon和Surfboard适配anytls (#854) 
* Loon适配anytls

* Surfboard适配anytls

Surfboard适配anytls
 2026-04-02 15:47:41 +08:00
NFamou b7c8b31a91 Merge pull request #856 from NFamou/master 
支持Surfboard下发SS2022
 2026-04-02 15:46:55 +08:00
xboard f3fd40008b updata admin asset 2026-04-02 05:51:16 +08:00
Xboard 94fc5f6942 Merge pull request #841 from cedar2025/revert-755-feat/server-id-stat-user 
Revert "feat: Track user traffic per node (server_id)"
 2026-03-30 18:18:35 +08:00
Xboard c5a8c836c0 Revert "feat: Track user traffic per node (server_id)" 2026-03-30 18:17:27 +08:00
xboard 048530a893 Remove duplicate doc files 2026-03-30 18:04:41 +08:00
xboard 7ed5fc8fd3 fix: remove 2026_03_28_050000_lowercase_existing_emails.php 2026-03-30 17:59:39 +08:00
xboard 5f1afe4bdc feat: add Vless Encryption support 2026-03-30 17:03:37 +08:00
Xboard 0cd20d12dd Merge pull request #755 from socksprox/feat/server-id-stat-user 
feat: Track user traffic per node (server_id)
 2026-03-30 13:55:11 +08:00
Xboard b4a94d1605 Merge pull request #689 from socksprox/fix-user-generation-multiple-prefix 
Fix user generation with email_prefix to support multiple users
 2026-03-30 13:32:46 +08:00
Xboard 7879a9ef85 Merge pull request #786 from lithromantic/master 
Add sha256salt hashing option in password verification
 2026-03-30 13:05:39 +08:00
xboard d6a3614d98 update 2026_03_28_161536_add_traffic_fields_to_servers.php 2026-03-30 02:58:09 +08:00
xboard a58d66d72e feat: node traffic limit & batch operations 
- Traffic monitoring with transfer_enable limit
- Batch delete nodes
- Reset traffic (single/batch)
 2026-03-30 02:50:56 +08:00
xboard daf3055b42 fix: escape Telegram Markdown special characters 2026-03-30 01:46:56 +08:00
xboard 3744ebcd5a Revert "fix: escape Telegram Markdown special characters (fix #450)" 
This reverts commit 23294c1f93.
 2026-03-29 17:48:49 +08:00
lithromantic 6cac241144 Merge branch 'cedar2025:master' into master 2026-03-29 00:00:34 +01:00
Xboard 76a800ddbb Merge pull request #832 from Dlphine/fix/raw-array-access-data-get 
fix: replace raw array access with data_get() to prevent Undefined array key
 2026-03-28 17:38:44 +08:00
xboard bbc96a18bc fix: use getHost() for proper host comparison in safe mode 2026-03-28 15:52:25 +08:00
xboard 23294c1f93 fix: escape Telegram Markdown special characters (fix #450) 2026-03-28 09:10:54 +08:00
xboard 130f7c82a8 feat: revoke other sessions when changing password (fix #414) 2026-03-28 08:31:24 +08:00
xboard 0ab67c7a9b fix: add ru-RU.json 2026-03-28 07:44:43 +08:00
xboard 5512841ba2 fix: iOS Safari autofill not filling email field (Fixes #330) 2026-03-28 07:41:57 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
Dlphine 5dd4cd4bc9 fix: replace raw array access with data_get() to prevent Undefined array key 
- Migrate $protocol_settings['key'] to data_get($protocol_settings, 'key') across General, SingBox, Shadowrocket, Surfboard, QuantumultX
- Prevents PHP 8 Undefined array key fatal errors when optional protocol_settings fields are missing
- Same class of bug that caused #735
 2026-03-27 13:51:28 +08:00
xboard a6c37bb112 feat: add Russian language support and remove v2board theme 2026-03-26 23:35:30 +08:00
xboard 3c3639613e fix: use ServerService::getServer() for node lookup in WebSocket 2026-03-26 03:51:58 +08:00
xboard 74b5ef0b27 fix: resolve device sync issues and refactor WebSocket server 2026-03-26 03:33:01 +08:00
xboard 420521d90a refactor: restructure device limit system 2026-03-25 17:50:16 +08:00
xboard 73a37a07dd feat: ws notify nodes when user traffic is exhausted 2026-03-25 01:44:55 +08:00
xboard 7dacb69275 feat: Trojan Reality support and protocol distribution optimizations 2026-03-23 14:56:41 +08:00
xboard a712be7cd4 update admin assets submodule 2026-03-23 11:00:31 +08:00
xboard 08d68cbcae fix: intval u/d to avoid bigint overflow (#821) 2026-03-22 19:13:07 +08:00
Xboard b779bd4fd5 Merge pull request #789 from socksprox/feat/or-filter-logic 
feat: Add OR logic support to user fetch API filters
 2026-03-21 07:49:03 +08:00
yinjianm c3b2b4d4d0 restore admin traffic record details 2026-03-21 01:01:49 +08:00
yinjianm 1b3d022969 feat(payment): add TokenPay payment plugin 
Register a new TokenPay payment plugin with configurable API
credentials, payment URL generation, and signed callback
verification.

Also improve admin config fetching to support single-group
lookups and add backwards-compatible subscribe template loading
from legacy settings and bundled files when the database table
is unavailable.
 2026-03-19 22:32:28 +08:00
yinjianm ae8a913f9b merge: sync upstream/master from cedar2025/Xboard 
合并上游 cedar2025/Xboard 的 master,并按交互决策保留本地改动。
 2026-03-19 21:04:27 +08:00
yinjianm 421844895e fix(payment): validate and filter unavailable methods 
Filter user-visible payment methods to only include supported
providers and fail fast when a payment record or plugin cannot be
resolved.

This prevents invalid payment options from being returned by the
API and avoids constructing an undefined fallback payment class.
 2026-03-19 20:29:26 +08:00
xboard 64e6d8148e feat: Add admin bulk-mail placeholder variables and template rendering 2026-03-19 05:02:16 +08:00
xboard 47983dec40 fix(runtime): force app_url/force_https per-request via middlewar 2026-03-19 04:22:17 +08:00
xboard 139b34ca19 fix(compose): use named volume for redis socket 2026-03-17 22:50:29 +08:00
xboard 9ef61e317c fix(admin): fix giftcard form validation and template creation issues 2026-03-17 18:35:21 +08:00
xboard fe0f1760bd fix(admin): fix node manage tooltip error 2026-03-17 14:13:48 +08:00
Xboard 4a2fbd4d3d Add port mapping for 1panel service 2026-03-17 13:16:43 +08:00
xboard ee55d7fa72 fix: fix brutal-opts configure for clashMeta 2026-03-17 12:26:10 +08:00
xboard e06cd279cf fix(admin): resolve translation key issues 2026-03-17 11:44:17 +08:00