Xboard

Author	SHA1	Message	Date
yinjianm	9ce345eb76	merge: sync upstream/master preserving local changes	2026-04-23 22:27:18 +08:00
xboard	2efef9e8ee	fix(security): prevent payment gateway credentials leakage via OrderResource	2026-04-23 10:26:35 +08:00
xboard	c0b6ee1763	refactor: core plugins to plugins-core	2026-04-18 23:31:59 +08:00
xboard	fe62542b7c	fix: unify Trojan server_name/allow_insecure to tls_settings across all protocols	2026-04-18 21:00:21 +08:00
xboard	360684245e	fix: ticket reply_status semantics, N+1 query, and admin reply auto-reopen	2026-04-18 16:40:21 +08:00
xboard	9ba946621e	feat: email template management with DB override, modern mail redesign	2026-04-18 15:41:23 +08:00
xboard	521d4e3ac5	fix: dedup device IPs, reset stale online_count on disconnect and scheduled cleanup (#886 )	2026-04-18 02:57:55 +08:00
yinjianm	cd5e00bbfb	Merge remote-tracking branch 'upstream/master' # Conflicts: # public/assets/admin	2026-04-18 00:35:04 +08:00
xboard	d9833fab47	fix(plugin): improve plugin install and uninstall migration handling	2026-04-17 23:11:03 +08:00
xboard	e297b5fe9f	feat: machine mode, ECH subscriptions, batch ops & security hardening	2026-04-17 03:02:53 +08:00
yinjianm	abd64ed20c	Merge remote-tracking branch 'upstream/master' # Conflicts: # app/Services/UserOnlineService.php # public/assets/admin	2026-04-16 16:59:21 +08:00
Valentin Lobstein	121511523f	Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873 ) The loginWithMailLink endpoint returns the magic login link in the HTTP response body, allowing unauthenticated account takeover. The fix returns true instead of the link. The email delivery is the authentication factor. Bug inherited from V2Board commit bdb10bed (2022-06-27).	2026-04-10 02:44:20 +08:00
xboard	58ef46f754	fix: stop sending VLESS decryption when encryption is disabled	2026-04-08 11:05:55 +08:00
xboard	5f1afe4bdc	feat: add Vless Encryption support	2026-03-30 17:03:37 +08:00
xboard	a58d66d72e	feat: node traffic limit & batch operations - Traffic monitoring with transfer_enable limit - Batch delete nodes - Reset traffic (single/batch)	2026-03-30 02:50:56 +08:00
xboard	3744ebcd5a	Revert "fix: escape Telegram Markdown special characters (fix #450 )" This reverts commit `23294c1f93`.	2026-03-29 17:48:49 +08:00
xboard	23294c1f93	fix: escape Telegram Markdown special characters (fix #450 )	2026-03-28 09:10:54 +08:00
xboard	7fbd1bb92d	feat: implement email case-insensitive queries (fix #318 )	2026-03-28 07:09:21 +08:00
xboard	3c3639613e	fix: use ServerService::getServer() for node lookup in WebSocket	2026-03-26 03:51:58 +08:00
xboard	74b5ef0b27	fix: resolve device sync issues and refactor WebSocket server	2026-03-26 03:33:01 +08:00
xboard	420521d90a	refactor: restructure device limit system	2026-03-25 17:50:16 +08:00
xboard	73a37a07dd	feat: ws notify nodes when user traffic is exhausted	2026-03-25 01:44:55 +08:00
xboard	7dacb69275	feat: Trojan Reality support and protocol distribution optimizations	2026-03-23 14:56:41 +08:00
yinjianm	ae8a913f9b	merge: sync upstream/master from cedar2025/Xboard 合并上游 cedar2025/Xboard 的 master，并按交互决策保留本地改动。	2026-03-19 21:04:27 +08:00
yinjianm	421844895e	fix(payment): validate and filter unavailable methods Filter user-visible payment methods to only include supported providers and fail fast when a payment record or plugin cannot be resolved. This prevents invalid payment options from being returned by the API and avoids constructing an undefined fallback payment class.	2026-03-19 20:29:26 +08:00
xboard	64e6d8148e	feat: Add admin bulk-mail placeholder variables and template rendering	2026-03-19 05:02:16 +08:00
xboard	47983dec40	fix(runtime): force app_url/force_https per-request via middlewar	2026-03-19 04:22:17 +08:00
xboard	b55091a066	feat: Refactor uTLS & Multiplex Support, Node Status Push Optimization - Server/ServerSave/Server.php: Unified utls and multiplex schema, validation, and defaults for vmess/vless/trojan/mieru protocols, enabling more flexible protocol configuration. - Protocols (SingBox/ClashMeta/Shadowrocket/Stash/General): All protocol generators now support utls (client-fingerprint/fp) and multiplex options. Removed getRandFingerprint, replaced with getTlsFingerprint supporting random/custom fingerprints. - Helper.php: Refactored TLS fingerprint utility to support object/string/random input. - ServerService: Abstracted updateMetrics method to unify HTTP/WS node status caching logic. - NodeWebSocketServer: Improved node connection, status push, and full sync logic; adjusted log levels; clarified push logic. - ServerController: Reused ServerService for node metrics handling, reducing code duplication. - Docs: Improved aapanel installation docs, added fix for empty admin dashboard.	2026-03-16 23:09:56 +08:00
xboard	010275b09e	feat: introduce WebSocket sync for XBoard nodes - Implement Workerman-based `xboard:ws-server` for real-time node synchronization. - Support custom routes, outbounds, and certificate configurations via JSON. - Optimize scheduled tasks with `lazyById` to minimize memory footprint. - Enhance reactivity using Observers for `Plan`, `Server`, and `ServerRoute`. - Expand protocol support for `httpupgrade`, `h2`, and `mieru`.	2026-03-15 09:49:11 +08:00
xboard	562064712d	fix(register): handle invalid invite code as API error (#792 )	2026-03-11 02:09:25 +08:00
xboard	01bcf43ae8	fix: apply device_limit from plan when assigning via gift card (#630 )	2026-03-09 06:51:10 +08:00
xboard	2e0b10e643	fix: return dynamic rate instead of base rate in user server list (#709 )	2026-03-09 06:47:30 +08:00
Xboard	cf552f6e5d	Merge pull request #734 from kelly5454/master fix: Type error when redeeming gift card	2026-03-09 04:56:14 +08:00
yinjianm	4f84034814	• 你这个现象我已经定位并修了，核心原因是节点匹配和设备映射都有歧义。已修改： - 节点识别优先用 id，只有找不到才回退 code，避免子节点被匹配成父节点 ServerService.php (/E:/code/php/Xboard-new/app/Services/ServerService.php#L101) - 在线设备解析补全 node_key/node_id，并按真实节点键归类 UserOnlineService.php (/E:/code/php/Xboard-new/app/Services/UserOnlineService.php#L43) - 用户端流量日志设备映射改为按 node_key 精确匹配 StatController.php (/E:/code/php/Xboard-new/app/Http/Controllers/V1/User/StatController.php#L43) - 管理端同样改为按 node_key 映射 StatController.php (/E:/code/php/Xboard-new/app/Http/Controllers/V2/Admin/StatController.php#L270) 说明： - 这次不涉及数据库结构变更，不需要 migrate。 - 对管理后台现有统计接口兼容，不会破坏原有 u/d/record_at/server_rate 显示。 - 旧的历史日志如果之前已经按父节点入库，不会自动改名；新流量会按修复后的逻辑记录。	2026-02-26 05:13:19 +08:00
yinjianm	809860b8db	修改仓库地址	2026-02-22 03:57:06 +08:00
yinjianm	17a7c63aec	修改邮件部分	2026-02-22 03:22:14 +08:00
xboard	95e8e7bca7	feat: add v2node support	2025-11-22 20:33:38 +08:00
xboard	8d0e33ba23	fix: preserve theme config when upgrading theme	2025-11-07 19:25:40 +08:00
kelly5454	3754f7da0d	fix: exchange gift card type error	2025-10-30 21:08:39 +08:00
xboard	e3c746d314	feat(plugin): auto-decode JSON config values by type in PluginManager	2025-10-20 18:56:44 +08:00
xboard	f83bdfc9ad	fix: avoid getCurrentCommit on cache hit	2025-09-26 19:04:17 +08:00
xboard	bf1234a9c2	fix(plugin): remove stale plugin records when files missing; adjust logging	2025-09-23 14:59:22 +08:00
xboard	58a374bde9	fix	2025-09-16 18:44:44 +08:00
xboard	abf541df72	fix: improve date calculation for month-end reset schedules	2025-08-31 20:30:02 +08:00
Miku	a8e2452dcc	fix(order): correct renewal handling for onetime plan fixes onetime plan renewal logic	2025-08-29 23:24:48 +08:00
xboard	8e0384c833	feat: optimize server.user.get hook definition	2025-08-29 19:21:49 +08:00
xboard	724dd54822	fix: support resources/views directory for plugin views	2025-08-23 15:26:09 +08:00
xboard	a666557781	fix(auth): handle null redirect in quick login url	2025-08-21 18:57:19 +08:00
xboard	930e2052a4	fix: fix user expiration date display and update issues - Fix 1970 year display for unlimited validity users - Resolve SQL error in user update endpoint - Closes #625	2025-08-08 03:04:44 +08:00
xboard	1405cb0b99	fix: change user default_at to 0	2025-07-27 08:11:42 +08:00

1 2 3

118 Commits