mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-10 22:56:06 +00:00
feat(tls,reality): port xray TLS/REALITY fields, cert-hash helpers, fallback UX
TLS: add verifyPeerCertByName (vcn) to inbound settings + emit in both share-link generators (frontend + Go sub) and outbound parser; the allowInsecure replacement xray removed after 2026-06-01. Add server-side curvePreferences, masterKeyLog, echSockopt (passthrough + form) at tlsSettings top-level so they survive the panel-only settings strip. REALITY: add limitFallbackUpload/Download (afterBytes/bytesPerSec/burstBytesPerSec) with per-field tooltips, plus masterKeyLog. Verified field names/semantics against pinned xray v1.260327.1 (bytesPerSec=0 disables). Hosts: fix verify_peer_cert_by_name column bool->string (xray expects comma-separated names) with an idempotent, history-gate-free migration (SQLite typeof blank; Postgres ALTER once); emit vcn for hosts/external proxies. Server: add getCertHash (local cert DER SHA-256) and getRemoteCertHash (xray tls ping) endpoints + api-docs; wire pinned-cert field buttons. Drop the meaningless random-hash button. Xray UI: metrics endpoint (listen/tag) config in Basics; import/export for routing rules and outbounds. Fallbacks card: compact empty state, header-aligned actions, responsive labeled grid rows. i18n: add all new keys to every locale; drop unused generateRandomPin.
This commit is contained in:
@@ -16,6 +16,7 @@ exports[`inbound security forms > RealityForm field structure is stable 1`] = `
|
||||
"Private Key",
|
||||
"mldsa65 Seed",
|
||||
"mldsa65 Verify",
|
||||
"Master Key Log",
|
||||
]
|
||||
`;
|
||||
|
||||
@@ -26,13 +27,17 @@ exports[`inbound security forms > TlsForm field structure is stable 1`] = `
|
||||
"Min/Max Version",
|
||||
"uTLS",
|
||||
"ALPN",
|
||||
"Curve Preferences",
|
||||
"Reject Unknown SNI",
|
||||
"Disable System Root",
|
||||
"Session Resumption",
|
||||
"Digital Certificate",
|
||||
"Master Key Log",
|
||||
"ECH Sockopt",
|
||||
"ECH key",
|
||||
"ECH config",
|
||||
"Pinned Peer Cert SHA-256",
|
||||
"Verify Peer Cert By Name",
|
||||
]
|
||||
`;
|
||||
|
||||
|
||||
@@ -74,6 +74,7 @@ exports[`InboundSchema (full) fixtures > parses hysteria-v1-tls byte-stably 1`]
|
||||
"echConfigList": "",
|
||||
"fingerprint": "chrome",
|
||||
"pinnedPeerCertSha256": [],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -217,6 +218,7 @@ exports[`InboundSchema (full) fixtures > parses trojan-ws-tls byte-stably 1`] =
|
||||
"echConfigList": "",
|
||||
"fingerprint": "chrome",
|
||||
"pinnedPeerCertSha256": [],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
"wsSettings": {
|
||||
@@ -394,6 +396,7 @@ exports[`InboundSchema (full) fixtures > parses vless-ws-tls byte-stably 1`] = `
|
||||
"echConfigList": "",
|
||||
"fingerprint": "chrome",
|
||||
"pinnedPeerCertSha256": [],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
"wsSettings": {
|
||||
@@ -488,6 +491,7 @@ exports[`InboundSchema (full) fixtures > parses vless-ws-tls-pinned byte-stably
|
||||
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
|
||||
"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=",
|
||||
],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
"wsSettings": {
|
||||
@@ -583,6 +587,7 @@ exports[`InboundSchema (full) fixtures > parses vmess-tcp-tls byte-stably 1`] =
|
||||
"echConfigList": "",
|
||||
"fingerprint": "chrome",
|
||||
"pinnedPeerCertSha256": [],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -68,6 +68,7 @@ exports[`SecuritySettingsSchema fixtures > parses tls-cert-file byte-stably 1`]
|
||||
"echConfigList": "",
|
||||
"fingerprint": "chrome",
|
||||
"pinnedPeerCertSha256": [],
|
||||
"verifyPeerCertByName": "",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ describe('hostToExternalProxyEntry', () => {
|
||||
alpn: ['h2'] as ('h2' | 'h3' | 'http/1.1')[],
|
||||
fingerprint: 'chrome' as const,
|
||||
pinnedPeerCertSha256: ['AAAA'],
|
||||
verifyPeerCertByName: 'verify.example.com',
|
||||
echConfigList: 'ECH',
|
||||
overrideSniFromAddress: false,
|
||||
keepSniBlank: false,
|
||||
@@ -28,6 +29,7 @@ describe('hostToExternalProxyEntry', () => {
|
||||
expect(ep.alpn).toEqual(['h2']);
|
||||
expect(ep.fingerprint).toBe('chrome');
|
||||
expect(ep.pinnedPeerCertSha256).toEqual(['AAAA']);
|
||||
expect(ep.verifyPeerCertByName).toBe('verify.example.com');
|
||||
expect(ep.echConfigList).toBe('ECH');
|
||||
});
|
||||
|
||||
|
||||
@@ -85,7 +85,8 @@ describe('inbound security forms', () => {
|
||||
saving={false}
|
||||
setCertFromPanel={noop}
|
||||
clearCertFiles={noop}
|
||||
generateRandomPinHash={noop}
|
||||
pinFromCert={noop}
|
||||
pinFromRemote={noop}
|
||||
getNewEchCert={noop}
|
||||
clearEchCert={noop}
|
||||
/>
|
||||
|
||||
Reference in New Issue
Block a user